The Stochastic Terrorism Loophole: A Hidden Dimension?
September 7, 2022
Now that’s an interesting way to describe the actions of network providers / ISPs who look like “good guys” but may have a less visible suite of services on offer. I think stochastic terrorism is information warfare designed to achieve specific goals. You may disagree, but this notion is okay for me.
I read “How Cloudflare Got Kiwi Farms Wrong.” The write up states:
Most casual web surfers may be unaware of Cloudflare’s existence. But the company’s offerings are essential to the functioning of the internet. And it provided at least three services that have been invaluable to Kiwi Farms.
That’s a fair statement … as far as it goes. I would suggest that the world of network providers / ISPs — what the source article calls infrastructure — is not well understood even by those who are the senior managers of Cloudflare-type companies. This willful unknowing produces statements like, “Senator, thank you for the question. I will get the answer to your office…” My hunch is that Cloudflare is large enough to have a plethora of apologists and explainers, PR professionals and lawyers, to make clear that Cloudflare is working overtime to be wonderful.
The cited article asserts:
… it’s notable that for all its claims about wanting to bring about an end to cyberattacks, Cloudflare provides security services to … makers of cyberattack software! That’s the claim made in this blog post from Sergiy P. Usatyuk, who was convicted of running a large DDoS-for-hire scheme. Writing in response to the Kiwi Farms controversy, Usatyuk notes that Cloudflare profits from such schemes because it can sell protection to the victims.
Is this what I call the saloon door approach? The idea is that technology like a saloon door can admit anyone who can stagger, walk, or crawl. Plus the saloon door swings both ways, just like a flow of zeros and ones.
Also, Cloudflare is visible, has many customers, and positions itself as a champion of truth, justice, and the American way. Is this a new tactic? Has the rhetorical positioning be used by other network providers / ISPs; say, for instance, Amazon, Google, Microsoft, and some others? Are there network providers and ISPs which most people know nothing about? Is there such an operation in Bulgaria, Germany, or Moldova? (Next week I will share some details with those attending my lecture to a couple of cyber professionals who are affiliated with the US government. Sorry. That information is not appropriate for my free blog about stuff that sort of intrigues me.
Let me try to share how I translated the the Silicon Valley real news essay about Cloudflare and KiwiFarms. I think the point beneath the surface of 2,000 word essay is something along the lines of:
No one understands too much about these network providers / ISPs, their business models, their customers, and their services. Wow. Wow. Wow.
May I ask a couple of questions?
Who is responsible for paying attention to the plumbing? Is it the government, the local police department’s cyber investigators, the folks at Interpol, the companies’ boards of directors, the Silicon Valley real news people, or those zapped by weaponized information and services?
I think you know the answer.
No one.
The nifty phrase stochastic terrorism loophole is a consequence of the Wild West, revenue-any-way- one-can-get-it, apologize-and-never ever-ask-for-permission mentality that is having a few trivial social consequences. How are those YouTube content creators in Russia dealing with network providers / ISPs? One could ask Bald and Bankrupt I suppose as he modifies his life in the face of IRL.
News flash: There are thousands of network providers and ISPs in North America. There are some interesting outfits in Iceland and Romania. There are countries not aligned with American processes providing plumbing, including an almost unknown outfit in northern India.
The fancy phrase makes clear that a good understanding of network services / ISPs is not part of the equipment for living. The current dust up has captured the hearts, minds, and clicks of some observers.
There’s more to learn but when one does know what one does not know, the stochastic terrorism loophole does not provide what a day time drama tried to deliver: A guiding light. Who sponsored that program anyway?
Stephen E Arnold, September 7, 2022
Consumer Image Manipulation: Deep Fakes or Yes, That Is Granny!
September 7, 2022
I find deep fake services interesting. Good actors can create clever TikTok and YouTube videos. Bad actors can whip up a fake video résumé and chase a work from home job. There are other uses as well; for example, a zippy video professional can create a deep fake of a “star” who may be dead or just stubborn and generate a scene. Magic and maybe cheaper.
I read “Use This Free Tool to Restore Faces in Old Family Photos.” The main idea is that a crappy old photo with blurry faces can be made almost like “new.” The write up says:
This online tool—called GFPGAN—first made it onto our radar when it was featured in the August 28 edition of the (excellent) Recomendo newsletter, specifically, a post by Kevin Kelly. In it, he says that he uses this free program to restore his own old family photos, noting that it focuses solely on the faces of those pictured, and “works pretty well, sometimes perfectly, in color and black and white.”
The service has another trick amidst its zeros and ones:
According to the ByteXD post, in addition to fixing or restoring faces in old photos, you can also use GFPGAN to increase the resolution of the entire image. Plus, because the tool works using artificial intelligence, it can also come in handy if you need to fix AI art portraits. ByteXD provides instructions for both upscaling and improving the quality of AI art portraits, for people interested in those features.
Will it work on passport photos and other types of interesting documents? We will have to wait until the bad actors explore and innovate.
Stephen E Arnold, September 8, 2022
Microsoft and Opaque Clarity
September 7, 2022
Ah, Microsoft, we wish we could say we were surprised. HackerNoon explains “How Bing Is Spying on Users Without Their Consent Using Microsoft Clarity.” A companion to Bing Ads, Clarity collects and analyzes how users interact with one’s website. It can detect how long someone spends on each page, for example, or what kind of device they use. While the tool provides helpful information to webmasters, it appears Microsoft is also helping itself to the data. The writer was dismayed to discover Clarity was collecting their users’ information and promptly banished it from their site. We learn:
“Although Microsoft Clarity does not collect personally identifiable information (PII), it does collect data that could be used to personally identify a website visitor. This data includes the visitor’s IP address, which could be used to approximate their geographic location. Clarity also collects data about the visitor’s browser, device, and operating system, which could be used to identify the visitor’s identity or track their online activity. Ask yourself, are you okay with malicious hackers installing Remote Access Trojan (RAT) on your computer and they promise they couldn’t identify who you are and only wanted to study your behavior?”
The only hint to this activity in the Clarity user agreement is the vague notice data may be used for research and development. That can mean a lot of things. The write-up continues:
“You have to specifically tell Bing Ads not to track you by submitting a request form through this form. But even if you do opt-out, there’s no guarantee that your data won’t be collected. If you would like to continue using Bing Ads for conversion tracking, I urge you to fill up the form beforehand and only start using Bing Ads after they have approved opting you out. So if you’re concerned about your privacy, you might want to avoid Bing Ads altogether. Or at the very least, be aware that your every move is being tracked.”
The writer admits the insights Clarity provides can be valuable, but warns they might not be worth the tradeoff. Yes, it is a free tool, but we are reminded that “when you’re not paying for the product, then you are the product.” They suggest choosing an alternative, like those on this list (conveniently hosted on their now Clarity-free website).
Cynthia Murrell, September 6, 2022
US Federally Funded Research: Open Access, Folks
September 7, 2022
In a surprise announcement, reports Ars Technica, “US Government to Make All Research it Funds Open Access on Publication.” The new policy was issued by the Office of Science and Technology Policy (OSTP) at the end of August. We expect this will be a windfall for researchers—in and outside the US. Though the US government is believed to be the world’s largest funder of scientific research, only those paying for subscriptions to academic journals have had access to many (most?) publicly funded studies. Writer John Timmer notes this constraint has loosened in recent years as a result of increased open-access journals and, especially with COVID-19 research, a trend toward preprints. We learn:
“Some people involved in scientific publishing worried that these trends would undercut the finances of the entire publishing industry, while others hoped to push them to open up all scientific publishing. This tension played out in the halls of Congress, where competing legislation would mandate or block open access to federal research. A truce of sorts was reached during the Obama administration. For federally funded research, publishers had two choices: either make the publication open access from the start or have subscription-only access for a year before opening things up. Government-sponsored repositories were opened to host copies of papers that weren’t made open access on the publisher’s site. In the intervening time, there has been a lot of growth in open access journals, and many subscription journals allowed authors to pay a fee to immediately open published papers. Most subscription journals also offered COVID-related papers as open access without any additional fees. OSTP has apparently decided that these adjustments have prepared the industry to survive even greater access levels.”
One provision requires a digital identifier, like a DOI, for all data and documentation. The policy memorandum argues the benefits of open access became apparent during the pandemic, when it accelerated researchers’ understanding of the virus and the development of a vaccine. Acting head of the OSTP Alondra Nelson expects the change will lead to gains across society. She stated:
“When research is widely available to other researchers and the public, it can save lives, provide policymakers with the tools to make critical decisions, and drive more equitable outcomes across every sector of society.”
Publishers have some time to pivot—the policy goes fully into effect in 2026. The article notes they could still make a buck from these papers by creating versions with added features like integrated graphics / videos or cross-references to other studies. Will that be enough to sooth ruffled feathers?
Cynthia Murrell, September 7, 2022
Facebook: Number One Again in Most Negatively Reviewed Apps List
September 6, 2022
I suppose I should feel sorry for Meta or the Zuckbook. Darn, I keep getting confused about what to call the college drop out’s effort to bring everyone together. Facebook — despite getting cored by Apple, the privacy outfit — has formed a coalition of the disgruntled if I understand a recent report from Decluttr. (Why not spell the company’s name DKlutr? Make it even easier to recall the url?)
You can find the league table and the leader in negative comments in “The 100+ Apps Americans Love to Complain About, Ranked.” I have decided to stifle my desire to raise questions about methodology and the claptrap taught in Statistics 101. That is a waste of my time because who really cares.
Let’s go with the Number One in negatives.
The write up says:
Facebook: Gets a thumbs down from users…. Facebook takes the crown for having the highest number of one start reviews. 61 percent of the social media app’s 1.25 million total reviews happen to be a one start rating! At present, on the [Apple] App Store Facebook has a mediocre 2.2 start rating. But why? The social media app has often taken center stage in the midst of bad press for its privacy concerns and unfair censorship. In addition to this, Facebook’s confusing interface and navigation settings have left users feeling less than satisfied.
The explanation strikes me as ignoring a few other factors which may contribute to the positive negativeness; for instance:
- The media coverage of the Zuckster’s vision for the future of digital content. (Hey, that avatar was quite nifty in my opinion.)
- The shift to TikTok. I know that Facebook and Google both suggest TikTok is not big deal. If that were true, why are these estimable icons of things go better with technology copying TikTok at this instant?
- Facebook has become a haven for old people like me. I think one of my team created a Facebook persona based on one of my deceased boxers. Between those who live in fear of missing information about a grandchild and accounts anchored in non human spoofdom, why not go elsewhere for community?
Net net: Facebook may be positioning itself to beat MySpace’s record for achieving cultural irrelevance. You know what that means? Yes, another record.
Stephen E Arnold, September 6, 2022
Meta: Another Moment of Adulting
September 6, 2022
I spotted this story in the usually understated online publication Variety: “Instagram Removes Pornhub’s Account.” The subject is a difficult one to discuss in some social situations. I would not bring it up in most business meetings. I do address CSAM and related topics in my lectures to law enforcement and intelligence professionals, but I try to keep the examples in terms of methods for identifying ultimate domain owners, geolocations of images and videos, etc.
Not Variety.
The publication states:
Instagram has suspended Pornhub’s widely followed account on the social platform. Before the sex site’s account was removed from Instagram, Pornhub had 13.1 million followers and more than 6,200 posts. Reps for Meta, Instagram’s parent company, did not respond to a request for comment.
Why?
How about this paragraph:
On its Instagram account, Pornhub shared no pornographic videos and images. However, it had “directly promoted pornography” and featured videos like “Next Career Goal” encouraging people to become pornography performers, according to Dawn Hawkins, CEO of the National Center on Sexual Exploitation. The NCOSE had been among a group of advocates that has lobbied Instagram to remove Pornhub. “Instagram is courageously choosing to stop partnering with Pornhub, and it is time for all corporate entities to follow its example,” Hawkins said.
Are examples of adulting “courageous” in the context of Meta (Facebook)?
I suppose to some people. For me, this is another example of high tech management taking steps to deliver PR in the hopes of improving one’s image.
Now what about other types of content on Meta properties; specifically, images and messages about activities which are possibly illegal and pose risks to certain individuals.
Consistent, rigorous adulting — not random acts of belated management action — strike me as showmanship. Hence, Variety’s coverage?
Stephen E Arnold, September 6, 2022
YouTube: Podcasts, Vidcasts, Any Old Casts Will Do for Advertising
September 6, 2022
It appears YouTube is eager to jump onto the podcast bandwagon. The Hustle ponders whether “YouTube = Future Podcast Champ?” Maybe, but Google will have to maintain interest; otherwise, another Google Plus type situation may emerge. Writer Juliet Bennett Rylah reports:
A new podcasts homepage is now available to US users, going live sans fanfare in late July. TechCrunch speculates YouTube is waiting for its creator event next month to make a formal announcement. But YouTube also:
- Hired podcast exec Kai Chuk in 2021 Offered podcasters and networks $50k-$300k to create videos
- Discussed audio ads and new analytics for audio-centric creators in a leaked document
- Partnered with NPR to bring on 20+ of its most popular shows.
Why’s it matter? While YouTube is often seen as a video-first platform, YouTube Music had 2B+ monthly users and 50m+ paid subs as of September 2021. Though competitors including Spotify, Apple, and Amazon have made big moves in the space, a Cumulus Media analysis found YouTube is America’s most popular podcast platform, capturing 24.2% of listeners compared to Spotify’s 23.8% and Apple’s 16%.”
Rylah, fittingly, points us to a podcast for another perspective. On an episode of Marketing Against the Grain, HubSpot’s Kipp Bodnar and Kieran Flanagan assert YouTube subscribers are now the most valuable subscribers on the Internet. They also make a few predictions. For example, the pair believes YouTube’s discovery platform will give its podcasters a leg up. They also suspect the site’s background listening feature is about to become free for everyone, as it currently is in a Canadian pilot program. At the same time, the site may push both podcasts and the brands that support them toward a more visual format. But wouldn’t that just turn them into more video content? What makes a podcast a podcast? Perhaps that is a philosophical question beyond the ken of this humble, text-based content creator.
Cynthia Murrell, September 6, 2022
UK Pundit Chops at the Google Near Its Palatine Raphe
September 6, 2022
I read “Google’s Image-Scanning Illustrates How Tech Firms Can Penalise the Innocent.” The write up is an opinion piece, and I am not sure whether the ideas expressed in the essay are appropriate for my Harrod’s Creek ethos.
The write up states:
The background to this is that the tech platforms have, thankfully, become much more assiduous at scanning their servers for child abuse images. But because of the unimaginable numbers of images held on these platforms, scanning and detection has to be done by machine-learning systems, aided by other tools (such as the cryptographic labelling of illegal images, which makes them instantly detectable worldwide). All of which is great. The trouble with automated detection systems, though, is that they invariably throw up a proportion of “false positives” – images that flag a warning but are in fact innocuous and legal.
Yep, false positives from Google’s smart software.
Do these types of errors become part of the furniture of living? Does Google have a duty to deal with disagreements in a transparent manner? Does Google’s smart software care about problems caused by those who consume Google advertising?
It strikes me that the UK will be taking a closer look at the fascinating palatine raphe, probably in one of those nifty UK jurisprudence settings: Wigs, big words, and British disdain. Advertising, privacy, and false positives. I say, “The innocent!”
Stephen E Arnold, September 6, 2022
Google: More Management Mysteries
September 6, 2022
I read a somewhat odd article about Google in the New York Times. That’s a newspaper, not a Harvard Business Review? Sorry. The world of “real journalists” has embraced the wonkiness of management gurus and Drukerism.
The article which caught my attention was named by someone — possibly a really busy editor — “Google Employee Who Played Key Role in Protest of Contract with Israel Quits.” The idea that an individual who accepts pay in return for work does not like a corporation’s direction is becoming a thing, a trend. The idea is that a company pays a person and that person gets to alter the direction in which a decision is heading.
Yeah, okay.
From my point of view, the person who accepts money to work at a company, presumably eight or more hours a day, has several options:
- Just quit. Hunt for a new job. This is a good solution.
- Keep quiet. Do the work. Cash the check or look at the bank balance in an online only bank app.
- Work harder, get promoted, and earn a position and responsibility so that one’s ideas can influence colleagues. This is a better solution.
The newspaper article skips these ideas and focuses on the actions taken by the employee. The implicit idea is that the employee’s approach to a problem was just wonderful. The company’s response to these actions was inappropriate, ill advised, and stupid.
Maybe Google’s approach to management is different from what someone of my age expects?
The one point in the article which struck me as significant was:
… Google had tried to retaliate against her for her activism.
The retaliation point is one that warrants more development. The newspaper article could have been boiled down to 150 words. The MBA- / the-big-tech-outfit-is bad angle could have been expanded, explained, and analyzed in an HBR-type of write up or a law review-type analysis.
What I perceive is a newspaper trying to to something its is not geared up to do well. Is the Google perfect? Nah. Do I think this situation reveals a facet of the online ad outfit which is troubling?
Absolutely.
Both the employee and the company could have been more old fashioned, which then would not have been “real news.”
That’s a problem.
Stephen E Arnold, September 6, 2022
Ethics Is a Thing in 2022. Oh, Really?
September 5, 2022
When companies toss around the word ethics, I roll my eyes. If I am not mistaken, the high technology luminaries have created an ethical waste land. Each day more examples of peak a-ethical behavior flow to me in an electronic Cuyahoga River complete with flames, smoke, and nifty aromas. Now consider “ethical smart software.”
“Why Embedding AI Ethics and Principles into Your Organization Is Critical” is an oddity, almost a prose elegiac appeal. On one hand, the essay admits ethical shortcomings exist. I noted:
Universal adoption of AI in all aspects of life will require us to think about its power, its purpose, and its impact. This is done by focusing on AI ethics and demanding that AI be used in an ethical manner. Of course, the first step to achieving this is to find agreement on what it means to use and develop AI ethically.
On the other hand, businesses must embrace ethics. That sounds like a stretch to me.
Just a possibly irrelevant question: What’s ethics mean? And another: What’s artificial intelligence?
No answers appear in the cited article.
What does appear is this statement:
If you are not proactively prioritizing inclusivity (among the other ethical principles), you are inherently allowing your model to be subject to overt or internal biases. That means that the users of those AI models — often without knowing it — are digesting the biased results, which have practical consequences for everyday life.
Ah, “you.” I would submit that the cost of developing unbiased trained data means automated systems for building training data will be adopted and then packaged like sardines. The users of these data and the libraries of off-the-shelf models, numerical recipes, and workflow modules will further distance smart software from the pipes beneath the Pergo floor.
Costs and financial payoff, not the undefined and foggy “AI ethics”, will create some darned exciting social, political, and financial knock on effects. As I recall that bastion of MBA thinking added charcoal starter to the opioid opportunity. The world’s online bookstore struggles to cope with fake reviews and designer purses. The world’s largest online advertising outfit is — well, let’s just say — trying to look past its handling of smart software professionals who disagree with the company’s management about bias in AI/ML.
Quite a write up. The conclusion is swell too:
My organization’s development and use of AI is a minor subsection of AI in our world. We have committed to our ethical principles, and we hope that other technology firms do as well.
Absolutely.
Stephen E Arnold, September 5, 2022