Amazon: Lobbying Is a Component of the Model Of Course
November 23, 2021
Small news item from the trusted source Thomson Reuters. The title of the item is “Amazon Wages Secret War on Americans’ Privacy, Documents Show.” What’s interesting is that the trusted outfit has tapped into Amazon “internal documents.” These content objects reveal to the intrepid trusted real news folks that
“Amazon.com has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.”
In my lectures about this online bookstore I described some of Amazon’s public documents about its data wrangling, data stores, and data analytics capabilities. Sure, my lectures were directed at law enforcement and intelligence professionals.
How can an old person like myself using open source intelligence capture the scope, capabilities, and functionality of Amazon’s capabilities without resorting to the use of company confidential information.
If a person were to reveal company confidential information about Thomson Reuters or any of its subsidiaries, how might the Thomson Reuters “trust” brigade react to this situation?
I am no cheerleader for Amazon. I have been critical of leakers, including the cutesy Edward Snowden person.
Lobbying is an established component of many business organizations processes. Let’s think about big pharma, shall we? No, let’s not. What about those Beltway Bandits? No, let’s not.
“Trust” is an interesting concept, and I am disappointed that sensationalism and confidential information is what helps define “trust.”
Yep, real journalism. Why not rely more on open source information and good old fashioned analysis, interviews, and research? Is “too good to pass up” a factor? Blocking and tackling, right?
Stephen E Arnold, November 23, 2021
Microsoft and Piffle
November 23, 2021
I enjoy deep thinking well expressed. I must admit I do not encounter the word “piffle” as often as I would like. Much about modern life in the high tech metaverse to be could be tattooed with the word “piffle.”
Examples include the knock on effects of the SolarWinds’ misstep, the cavalier approach to confidential and proprietary documents, and the low profile renaming of everyone’s favorite social media company. Yep, piffle.
However, the article “Microsoft Is Embarrassing Itself and Customers Can See It” provides an interesting example of editorial piffle. What’s surprising about a technology giant imposing constraints on its users? Absolutely nothing.
Here’s the piffle: The published article. I marked this passage as notable:
The latest episode began with Redmond making it harder to set anything other than Edge as your Windows 11 browser.
Okay, piffle.
Remarkable because Apple displays messages demanding that I upgrade one of my Apple computers. I ignore the messages and on one machine one of the clever teens assisting me blocked this baked in Apple annoyance. Magix Vegas begs me to upgrade. But I ignore the plea because it is a miracle that the Vegas software version I use renders without crashing. Upgrade? You have to be kidding.
There are some substantive Microsoft issues in my opinion. The “piffle”, at least for me, is the silliness ZDNet presents.
Gentle reader, that’s piffle.
Stephen E Arnold, November 23, 2021
NFT: Explain This to Your Mom at Thanksgiving
November 22, 2021
I have no dog in this crypto fight. You can view an interview with one of the founders of SecureX on November 30, 2021, in a DarkCyber interview. I am not sure about some of the innovations swirling around the crypto thing.
I do want to direct your attention to The NFT Bay. This is a pirate NFT search system. Navigate to the url (verified at 632 am US Eastern on November 22, 2021, and run your queries. Here’s the url https://thenftbay.org.
The logo looks familiar. Perhaps you have seen it before? Once again, my blog post will remain at a high level.
You can sign up for a newsletter about The NFT Bay. The publication is produced by an entity named G. Huntley. Sock puppet, alias, I don’t know, and I am not willing to spend time poking around. That’s a job for an enthusiastic NFT fan perhaps?
Where does G. Huntley reside?
That question has an interesting answer. A van that is slowly working its way around Australia. You can check out the entity’s Web site at this link. Yep, vanlife meets NFTs and InfoSec.
Now about your explanation for Thanksgiving.
Stephen E Arnold, November 22, 2021
Gmail: Is It a Go To Platform for Bad Actors?
November 22, 2021
“91% of All Bait Attacks Conducted over Gmail” is a report. Like many other cyber security related studies, the information is shaped to send a shiver of fear through the reader. Now is the assertion “all” accurate? Categorical affirmatives appear to make the writer appear confident in the data presented. The phrase “bait attack” sounds like insider speak. What’s the write up present? Here’s a passage I found interesting:
Researchers from Barracuda analyzed bait attack patterns in September 2021 from 10,500 organizations.
Where are the findings; specifically, the information about “bait attacks”?
The answer is, “Not in the article.” The write up points the reader to a link for a study conducted by Barracuda. If you want to read that report in its marketing home, navigate here. Then accept cookies. You will see that the examples are indeed email. The connection to Google is that the service is popular. It makes sense that bad actors would use a large email system as a convenient method of reaching individuals, obtaining information about valid and invalid email accounts, and other sorts of mischief.
What’s the fix? Put the onus on Goggle? Nah. Buy a Barracuda product? But if the cyber defense system worked, wouldn’t the method become less effective. Organizations would license the solution in droves. Has that happened?
Well, the attacks are widespread, according to the research. Google apparently is not able to manage the messages. The user remains an unwitting target.
So what’s the fix?
My thought is that Gmail accounts have to be verified. Cyber security companies should publish reports that reveal significant payoffs from their methods. Users should be smarter, more willing to keep their email address under wraps, and better at security.
Right now, none of these actions and attitudes are happening. What is happening is content marketing and jargon.
Some companies are quite good at talk. Cyber security solutions? That’s another story. I love that “all” approach too.
Stephen E Arnold, November 22, 20201
An Example of Modern Moral Responsibility Avoidance
November 22, 2021
Virtual Private Networks (VPNs) are supposed to be one of the Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:
“Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”
Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:
“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”
Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.
And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.
Cynthia Murrell November 22, 2021
Veraset: Another Data Event
November 22, 2021
Here is a good example of how personal data, in this case tracking data, can be used without one’s knowledge. In its article “Files: Phone Data Shared” the Arkansas Democrat Gazette reports that data broker Veraset provided phone location data to the US Department of Health last year as part of a free trial. The transaction was discovered by digital-rights group Electronic Frontier Foundation. The firm marketed the data as valuable for COVID research, but after the trial period was up the agency declined to move forward with a partnership. The data was purportedly stripped of names and other personal details and the researchers found no evidence it was misused. However, Washington Post reporter Drew Harwell writes:
“[Foundation technologist Bennett Cyphers] noted that Veraset’s location data includes sequences of code, known as ‘advertising identifiers,’ that can be used to pinpoint individual phones. Researchers have also shown that such data can be easily ‘de-anonymized’ and linked to a specific person. Apple and Google announced changes earlier this year that would allow people to block their ID numbers from being used for tracking. Veraset and other data brokers have worked to improve their public image and squash privacy concerns by sharing their records with public health agencies, researchers and news organizations.”
Amidst a pandemic, that tactic just might work. How do data brokers get this information in the first place? We learn:
“Data brokers pay software developers to include snippets of code in their apps that then sent a user’s location data back to the company. Some companies have folded their code into games and weather apps, but Veraset does not say which apps it works with. Critics have questioned whether users are aware that their data is being shared in such a way. The company is a spinoff of the location-data firm SafeGraph, which Google banned earlier this year as part of an effort to restrict covert location tracking.”
Wow, banned by Google—that is saying something. Harwell reports SafeGraph shared data with the CDC during the first few weeks of the pandemic. The agency used that data to track how many people were staying home for its COVID Data Tracker.
App users, often unwittingly, agree to data sharing in those opaque user agreements most of us do not read. The alternative, of course, is to deprive oneself of technology that is increasingly necessary to operate in today’s world. It is almost as if that were by design.
Cynthia Murrell November 22, 2021
Ommmm, Ommmm: Pundit Zen
November 21, 2021
I read “How Twitter Got Research Right.” Okay, Twitter. Short messages. Loved by a comparatively modest coterie of Left and Right Coasters. Followers. Blue. Management hate from the rock star professor Scott (buy my book and invest in Shopify) Galloway. Okay, Casey Newton. Verge-tastic. Silicon Valley savvy. Independent journalist. Budding superstar with Oprah’s staff checking him out.
The write up explains “got right” as a fine expression of business savvy. The write up offered this observation:
Twitter hosted an open competition to find bias in its photo-cropping algorithms.
I think I failed a college class because I was unable to find a suitable definition for the concept “mea culpa.” I think the instructor was unhappy with my one word research paper which pivoted on the acronym PR. I was supposed to write down something like a person or entity says something that is one’s fault. (See, I am writing in a gender neutral way.” Ommmmm. Ommmmm.
In the shadow of this “real news” Silicon Valley essay, I think the proper term is apologia. As I recall from another course in which I wallowed in academic desperation, an apologia means “speaking in defense.” I wonder if I ever finished reading Plato’s Apology.
Somewhere in my lousy college education I learned about the dialectic or motive force of an action that creates a thought or reaction. The subsequent events go off the rails, and the actors do the explaining away thing.
What’s up in the Twitter mea culpa / apologia event is that social media have been quite significant in several ways: Amplification of certain information and providing a free, unfettered mechanism to whip up frenzy. (Some examples come to mind, but I shall refrain from writing their names because stop word lists….
To sum up: Quite a rhetorical tour de force, and I don’t buy into the Twitter is trying to do good despite the got right assurance. Ommmmm. Ommmmm. That’s the sound of regulators calming themselves before actually regulating.
Stephen E Arnold, November 22, 2021
MIT, Facebook, and Google: Estimable Outfits Indeed
November 21, 2021
In 2019, MIT was the outfit issued a letter to the MIT community with this statement:
Here are the core facts, as best as we can determine: Over the course of 20 years, MIT received approximately $800,000 via foundations controlled by Jeffrey Epstein. All of those gifts went either to the MIT Media Lab or to Professor Seth Lloyd. Both Seth and Media Lab Director Joi Ito have made public statements apologizing to Jeffrey Epstein’s victims and others for judgments made over a series of years.
I read “How Facebook and Google Fund Global Misinformation.” I noted this passage:
But there’s a crucial piece missing from the story. Facebook isn’t
just amplifying misinformation. The company is also funding it. An MIT Technology Review_ _investigation, based on expert interviews, data analyses, and documents that were not included in the Facebook Papers, has found that Facebook and Google are paying millions of ad dollars to bankroll clickbait actors, fueling the deterioration of information ecosystems around the world.
What did the 2019 Epstein related missive from L. Rafael Reif and the MIT Technology Review article spark in my mind?
Here’s the summary:
- How many Facebook and Google employees are former students or graduates of these two estimable companies?
- Why does MIT rely on confidential documents appropriated by a Harvard graduate? Was this action by the Harvard graduate legal?
- The MIT – Epstein interactions took place over 20 years; Facebook and Google have been breaking moral ground for the same interval. Why is so much time required to identify, research, and apologize for certain behaviors?
I have other thoughts as well, but these convey the direction in which these “revelations” are drifting. MIT, Facebook, and Google — estimable outfits indeed.
Stephen E Arnold, November 21, 2021
Expert Surprised That Health Club Billing Methods Are Used by SaaS and Cloud Companies
November 19, 2021
I enjoy write ups which reveal the obvious. Consider health clubs or gym memberships. One gym located in the whiskey and fried chicken capital of the flyover states is about 3,000 square feet. How many members does the facility have? The answer is 3,000. How many use the gym on a regular basis? About 100. How does the outfit make money? Billing the “members” who never use the equipment. Plus, the billings each month are facilitated by the smart software at Visa, MasterCard, and banks with auto-withdrawal capability. Is this a scam? Nope, it’s the business model of health clubs. Just sign up and never come. Works like a champ by the way.
“I Analyzed SaaS Billing Dark Patterns” and learned that the author was surprised, shocked, horrified, and troubled that cloud providers use the health club approach to revenue. The write up reveals:
SaaS providers are more than willing to use dark billing patterns to increase their growth metrics and revenue. They exploit positive user acquisition loops in recurring subscriptions to get money from users as surreptitiously as possible.
Yep, shocker.
I loved this rhetorical question? Why do SaaS providers deploy the dark patterns?
The answer is, “The method generates money.”
But, but, but…. That’s bad.
Well, it depends on what point of view one adopts, doesn’t it.
Hollowing out is dumbing down in my book. The surprise in the write up illustrates the failure of basic management oversight.
What’s this mean? Higher costs, people who cannot figure out why something doesn’t work, and a lack of awareness about the obvious. Yep, the thumbtyper world is a fascinating construct.
Stephen E Arnold, November 19, 2021
Battle of the Experts? Snowden Versus Sullivan, Wowza
November 19, 2021
This is a hoot: “Edward Snowden Dunks on Search Gurus in Hilarious Twitter Clapback.” Mr. Snowden is an individual who signed a secrecy agreement and elected to ignore it. Mr. Sullivan is a search engine optimization journalist, who is now laboring in the vineyards of Google.
The write up makes clear that Mr. Snowden finds the Google Web search experience problematic. (I wanted to write lousy, but I wish to keep maintain some level of polite discourse.)
Mr. Sullivan points out that Mr. Snowden was talking about “site search.” For those not privy to Google Dorks, a site search requires the names of a site like doe.gov preceded by the Google operator site: At least, that’s the theory.
The write up concludes with a reference to search engine optimization or SEO. That’s Mr. Sullivan’s core competency. Mr. Snowden’s response is not in the article or it could be snagged in the services monitored by the Federal service for supervision of Communications, Information Technology and Mass Media (Roskomnadzor) in everyone favorite satellite destroying country.
Quite a battle. The Snowden Sullivan slugfest. No, think this is emblematic of what has happened to those who ignore secrecy agreements and individuals who have worked hard to make relevance secondary to Google pay to play business processes.
Stephen E Arnold, November 19, 2021