A Gentle Ripple in the Datasphere: Soft Fraud

May 18, 2022

Compared with some of the cyber behavior, soft fraud is a small fish, possibly a candiru. My definition of “soft fraud” is a behavior which does not violate the letter of the law. The spirit of the law? That’s a matter for discussion.

Soft fraud sits squarely between the Bernie Madoff-type play and a clueless Web designed happily leading a user into a rat’s nest of captchas.

I have been nagging my research team to look for examples of behavior which though technically legal in the country from which the actor operates, trigger a visceral reaction in some people.

What’s an example of soft fraud?

Apple and the Subscription Trick

Recently Apple announced that an authorized vendor with the Johnny Appleseed seal of approval can sell an Apple customer a subscription at a cut rate price. When the trial or initial order expires, the vendor can just raise the price. The customer does not have to be reminded that billing excitement ensues. What’s a customer to do? Call Apple customer support? Ho ho ho. That works like the feedback forms for podcasts. Perhaps call the outfit selling the subscription? Ha ha ha. No one works, and if they do, these valiant souls operate from office space in a beautiful suburb of Mumbai.  That’s an example of what I call soft fraud. Apple may disagree, but that — so far — is my personal opinion. See “Apple will allow some apps to Automatically Charge You Higher Subscription Prices.”

Say One Thing, Do Whatever One Wants

Examples of this abound. I recall executives from Amazon, Facebook, and Google explaining how their businesses operate. In addition to the popular, “senator, thank you for the question,” the core response was “I will check and send you the information.” In the meantime what happens, absolutely no substantive change in the business processes under discussion. Hiring and firing issues. I will check and send you the information. Monopolistic and predatory behaviors. I will check and send you the information. Content manipulation via oh, so opaque smart software. I will check and send you the information. Yep, I nudge these methods into the soft fraud category. See “Facebook, Twitter and Google CEOs Grilled by Congress on Misinformation.”

The Copyright Violation Play

This is a cute money making maneuver involving some big names. The idea is that an agent representing some “big names” uses ageing image recognition software. The software bot prowls the Web looking for images whose hash code matches that of the rights holder. When a match is identified, an outfit with permission to move forward with legal action against the copyright violators springs into action. You can get a sense of what’s happening in this sector by check out some of these online articles and comments. Note: These may be distorted, crazy, or dead center. I leave it to you:

https://superezsystems.com/2020/01/10/why-are-cartoon-characters-scamming-for-copyright-violations/

https://www.torontomike.com/2020/10/the-picrights-international-inc-shakedown/

https://shannonrawlins2000.medium.com/picrights-ltd-the-shady-company-hounding-journalists-over-historic-cases-of-copyright-infringement-a169685eede6

https://www.trustpilot.com/review/picrights.com

https://www.moreaboutadvertising.com/2020/11/picrights-is-persecuting-websites-and-bloggers-over-alleged-rights-issues-who-are-they-and-their-agents-acting-for/

https://extortionletterinfo.com/forum/getty-images-letter-forum/picrights-com/15/

https://www.quora.com/I-reposted-a-news-photo-on-my-website’s-blog-A-company-picrights-com-is-demanding-money-instead-of-simply-issuing-a-cease-and-desist-order-is-this-extortion-and-or-even-legal

https://randeedawn.com/10-12-20-how-two-spam-emails-cost-me-650-or-when-picrights-enters-your-life/

https://culture-fx.com/picrights-higbee-and-associates-extortion-scam-reviews/

https://sportsweek.org/en/ice-hockey/news/262837698/

https://ziad.ezzat.com/fuckpicrights/

https://site-stats.org/details/picrights-international-inc/

https://www.canadacorporation.info/companies/10058661/

https://opencorporates.com/companies/ca/9682155

https://www.companiesofcanada.com/person/1244351/syed-ahmer-hussain

https://opengovca.com/corporation?director=Syed+Hussain

https://www.redfin.ca/on/aurora/237-Borealis-Ave-L4G-7T6/home/152256940

https://opengovca.com/corporation/12183536

New Opportunity?

My hunch is that soft fraud is likely to get a boost. I noted “DeviantArt Can Now Notify Anyone Whose Art’s Been Used in NFTs without Permission.” The write up explains:

DeviantArt, an online art and design community founded in 2000, is now opening up its NFT protection tool to everyone… You can pay $9.95 per month to get protection for 1,000 pieces of art with a size limit of 50GB.

Is this an opportunity for an individual or entity to use the service to request payment for the NFT. The NFT holder might be grateful for getting control of the bitmap or other digital object. Would the helpful intermediary charge whatever the market will bear and then take a professional services fee?

This strikes me as perfectly legal. The existing copyright laws have a Disneyland feel about them from my perspective.

Net net: Soft fraud may benefit from the advent of NFT and services like that offered by DeviantArt, which is an interesting name in my opinion. Will regulators seize the day and create a category to handle soft fraud, mishandling of NFTs, and other innovations? Sure. Job One after re-election, fund raising, and getting media attention.

Stephen E Arnold, May 18, 2022

MINDS Conference: Truly Baffling

May 6, 2022

I received a link to a conference in Finland, which is just around the corner from Harrod’s Creek, Kentucky. The outfit’s flier perched on a Google Drive, and I learned that the MINDS program is into talking about news, collaboration, and diversity. The sponsors of the conference in Helsinki are

  1. Ifragasätt, another consulting firm “supplies its customers with solutions for live-blogging/reporting and readers comments.
  2. Namia, apparently a consulting firm responsible for STT Spy Tool, STT Little Bird, STT Vault News Robotics and Data Platform and STT’s Crime Database, among others. (Although my research team follows intelware, the STT Crime Database was interesting because it seems to be a resource owned by the Finnish New Agency or “STT.”
  3. PicRights, a copyright enforcement entity which “Using state-of-the-art technology to identify infringements and a team of experienced staff to qualify them as enforceable, PicRights delivers actionable cases to the appropriate regional enforcement unit for settlement and collection of fees for the unlicensed uses.” (There are offices in many countries, just not in the US. What does that suggest, Mr. Higbee?)

If there are other sponsors, I did not spot them in the program.

My reaction to the line up of speakers is that considerable attention will be directed to the news opportunities created by the actions a certain nation state.

What’s interesting is that outputs about the dust up East of Helsinki does not talk about improper reuse of TikTok videos, tweets, and YouTube posts. In my lecture at the 2022 National Cyber Crime Conference, I commented about how a former CIA operator surfed open source information. The former CIA professional writes novels but discovered information about the yachts allegedly owned by Russians who have been sanctioned. The information comes in part from the YouTube videos of eSysman and other open sources. But the former CIA professional did not identify these sources in a Lawfare podcast featuring the information.

My thought is that the MINDS Conference agenda has hip-hopped over the recycling of information related to the misunderstanding roiling Europe and allowing real news organizations to reuse content.

I will never know. The flier which I referenced includes this statement:

PLEASE NOTE THAT ALL INFORMATION GIVEN DURING THE CONFERENCE IS CONFIDENTIAL AND MUST NOT LEAVE THE MINDS NETWORK

The shouting caps appear in the original flier. What’s the penalty if the graduate student speaking at the conference puts her / them ideas in a journal article.

My hunch is that with a crime database and a legal network among the sponsors, something really bad will happen.

Will that punishment be worse than ignoring improper use of individuals posting information as OSINT and hearing crickets from “real news” outfits about fair use?

Of course not. Leveraging OSINT for commercial gain is part of the “real news” game for some publishers. Secrecy is good for some geese. Let’s hope the graduate student does not miss the ALL CAPS message.

Stephen E Arnold, May 6, 2022

Artificial Intelligence Generates Interesting Clowns Perfect for Kiddies

March 18, 2022

Like the Boston Dynamics’ robot reindeer, these constructs delight the eye. I wondered how many pre school and kindergarten classes would use the robot reindeer how technology improves a holiday experience.

See the Terrifying Video of Artificial Intelligence Generating Infinite Killer Clowns” sparked a new idea in my 77 year old mine. Why not use these videos at children’s parties. My hunch is that some would find these clowns a hoot.

The write up states:

… it probably never would have occurred to the futurists of the 20th century, not even in their wildest dream, that once artificial intelligence was developed, it would almost immediately be put to use to create nightmare landscapes of killer clowns.

I would love to illustrate this blog post with an image from the YouTube video cited in the write up. There are, however, the ever present defender of truth, justice, and revenue generation watching to make sure that no image is used without paying. Hats off to Getty, YouTube, Steve Pigeon, and others for making writing fun again.

Navigate to the article. Click the link. View the child centric clowns. Do some of these constructs resemble those who work tirelessly to enforce their view of rules and make money? Sure.

I watched the video and noted a possible resemblance between the terror inducing images and some interesting people I have encountered.

Stephen E Arnold, March 18, 2022

Is It Party Time for STM Professional Publishers?

March 4, 2022

I spotted a TorrentFreak write up called “FBI Gains Access to Sci-Hub Founder’s Google Account Data.” The article explains that investigators are gathering information about Alexandra Elbakyan, the founder of what the article references as the “Pirate Bay of Science.”

The idea behind the service is to make paywall protected content available without the paywalls. The article explains what agencies have been involved and some of the legal procedures followed. These are routine but may be surprising to those who think about new recreational vehicles and the new pizza place.

What makes the investigation interesting is that references are made to Ms. Elbakyan’s alleged links to other governmental entities.

Several observations:

  1. Alleged links to a foreign power engaged in hostile actions move the story from scientific, technical and medical content made available without the pro9fessional publishers permission to a higher level of security concern.
  2. Professional publishers have not been happy campers since Sci-Hub became available. (Is this because the service has chewed into some revenues for these commercial enterprises? My guess is, “Yep.”)
  3. Allegedly, Ms. Elbakyan lives in Russia and, if the Wikipedia is spot on, she is studying philosophy at the Russian Academy of Sciences. (Will extradition be possible? My view is that the process will be interesting.)

When I read the story, I thought about one professional publishing big wig who said off the record, “That crazy Kazakh has to be shut down?”

Is it party time in the world of STM professional publishing? Not yet, but some may want to buy foil party hats and cheap kazoos.

Stephen E Arnold, March 4, 2022

Smart Software and the Cloud, Google, How Is That Working Out?

February 19, 2022

I read “Google Drive Is Flagging Some MacOS Files for Copyright Violation.” The flagging is using Google’s smart software. The copyright violations concern the outfit Google pays a billion or so each year to make Google search the right choice for iPhone users. Yep, the right choice because Google has smart software. Smart software can connect to automated systems which send legal sounding letter which threaten fines and more to alleged offenders.

The write up states:

A disgruntled Reddit user recently reported that a ‘.DS_Store’ file on their Google Drive was flagged by the search giant for violating its copyright infringement policy. Apparently, this isn’t the first time this issue has been encountered as MacOS users also reported experiencing similar problems last month.

This is a small sample and the flagging may have been just some fantasy moment in the metaverse.

I noted this follow on statement:

A similar incident occurred recently when Google Drive accidentally flagged almost empty files containing just a few numbers for violating the company’s copyright infringement files.

Are violators able to call a Googley humanoid to provide input? Sure. Plus Google is working on a fix. A job for an intern? Maybe.

Stephen E Arnold, February 19, 2022

Google CEO Named in Copyright Violation Suit: Travel Plans to India This Week, Mr. Pichai?

January 26, 2022

YouTube, Google, and copyright are a long-term threesome. Reports like “Suneel Darshan Files Complaint, Mumbai Police Books Google CEO Sundar Pichai and Others for Copyright Act Violation” are not likely to be a tweeter meme in the US. However, for the Indian film maker Suneel Darshan, it’s a big deal. Mr. Darshan appears to be unhappy with Google’s smart YouTube copyright violation system powered by Google’s deep diving, snorkel equipped machine learning systems for artificial intelligence.

Mr. Darshan — either for public relations or a desire to amp up his viewpoint — has filed what’s called in India a FIR or First Information Report. Named in the alleged copyright violation is Sundar Pichai and a handful of other Googlers.

So what? Several thoughts from my hollow in rural Kentucky:

  1. Lawyers will descend on the government offices and the zippy Indian legal system will move forward. In time, something will happen. In the meantime, it’s business as usual for the Google.
  2. Mr. Darshan captures the attention of television news hawks and tweeters and generates more interest in the allegedly pirate film “Ek Haseena Thi Ek Deewana Tha”.
  3. Indian authorities put Mr. Pichai and the other Googlers named in the copyright violation matter on a watch list.

Business trips to India could create some unexpected customs and immigration activity for Mr. Pichai and the Googlers identified by the aggrieved Mr. Darshan.

Does Mr. Pichai have upcoming travel plans to India? Compared to the Dark Patterns matter, spending a few extra minutes in the Mumbai International Airport may not make much difference unless the Googlers are hauled off to the Mumbai police headquarters. Take some tchotchkes maybe?

Stephen E Arnold, January 26, 2022

Selective YouTube Upload Filtering or Erratic Smart Software?

May 4, 2021

I received some information about a YouTuber named Aquachiggers. I watched this person’s eight minute video in which Aquachigger explained that his videos had been downloaded from YouTube. Then an individual (whom I shall described as an alleged bad actor) uploaded those Aquachigger videos with a the alleged bad actor’s voice over. I think the technical term for this is a copyright violation taco.

I am not sure who did what in this quite unusual recycling of user content. What’s clear is that YouTube’s mechanism to determine if an uploaded video violates Google rules (who really knows what these are other than the magic algorithms which operate like tireless, non-human Amazon warehouse workers). Allegedly Google’s YouTube digital third grade teacher software can spot copyright violations and give the bad actor a chance to rehabilitate an offending video.

According to Aquachigger, content was appropriated, and then via logic which is crystalline to Googlers, notified Aquachigger that his channel would be terminated for copyright violation. Yep, the “creator” Aquachigger would be banned from YouTube, losing ad revenue and subscriber access, because an alleged bad actor took the Aquachigger content, slapped an audio track over it, and monetized that content. The alleged bad actor is generating revenue by unauthorized appropriation of another person’s content. The key is that the alleged bad actor generates more clicks than the “creator” Aquachigger.

Following this?

I decided to test the YouTube embedded content filtering system. I inserted a 45 second segment from a Carnegie Mellon news release about one of its innovations. I hit the upload button and discovered that after the video was uploaded to YouTube, the Googley system informed me that the video with the Carnegie Mellon news snip required further processing. The Googley system labored for three hours. I decided to see what would happen if I uploaded the test segment to Facebook. Zippity-doo. Facebook accepted my test video.

What I learned from my statistically insignificant test that I could formulate some tentative questions; for example:

  1. If YouTube could “block” my upload of the video PR snippet, would YouTube be able to block the Aquachigger bad actor’s recycled Aquachigger content?
  2. Why would YouTube block a snippet of a news release video from a university touting its technical innovation?
  3. Why would YouTube, create the perception that Aquachigger be “terminated”?
  4. Would YouTube be allowing the unauthorized use of Aquachigger content in order to derive more revenue from that content on the much smaller Aquachigger follower base?

Interesting questions. I don’t have answers, but this Aquachigger incident and my test indicate that consistency is the hobgoblin of some smart software. That’s why I laughed when I navigated to Jigsaw, a Google service, and learned that Google is committed to “protecting voices in conversation.” Furthermore:

Online abuse and toxicity stops people from engaging in conversation and, in extreme cases, forces people offline. We’re finding new ways to reduce toxicity, and ensure everyone can safely participate in online conversations.

I also learned:

Much of the world’s internet users experience digital censorship that restricts access to news, information, and messaging apps. We’re [Google] building tools to help people access the global internet.

Like I said, “Consistency.” Ho ho ho.

Stephen E Arnold, May 4, 2021

Twitter Adulting: Copyright and the President of the United States

July 21, 2020

Imagine. Twitter has procedures which automate a portion of its copyright vigilance. (DarkCyber is not so sure about Twitter’s hiring practices and the internal security of its system, but the copyright function may be working.)

Twitter Disables Trump Tweet over Copyright Complaint” presents as accurate and “real” news this statement:

Twitter removed the video, which Trump had retweeted from White House social media director Dan Scavino, after it received a Digital Millennium Copyright Act notice from Machine Shop Entertainment, according to a notice posted on the Lumen Database which collects requests for removal of online materials. Machine Shop is a management company owned by the rock band Linkin Park, according to its LinkedIn page.

DarkCyber hopes that Twitter will bring similar diligence to its security, management, and governance of a firm which occupies an interesting, if not secure, place in the pantheon of social media luminaries.

As Linkin Park sang:

Go, stop the show
Choppy words…

Indeed, but the DarkCyber team would substitute the word “tweety” for choppy. But we are not song writers or exceptional tweeters.

Stephen E Arnold, July 21, 2020

Oracle: A Gentle, Dulcet Reminder of What It Takes to Survive in the Digital Jungle

March 12, 2020

Before It Sued Google for Copying from Java, Oracle Got Rich Copying IBM’s SQL” is a deerskin moccasin stroll through a dark, dangerous thicket. A company with a penchant for oatmeal container architecture and renaming roadways should serve as a flashing yellow light.

The write up uses phrases like those favored by DarkCyber; for example:

Oracle’s history highlights a possible downside to its stance on API copyrights.

Yeah, but history is a consequence of bright individuals who seize on a particular molecule from the event stream. History does not highlight anything. Humans like lawyers, analysts, and writers do. The “possible downside” is a hedge against a former Marine who can be — ah, what is the word, — “frisky”.

The write-up says:

Oracle got its start in the 1970s selling a database product based on the then-new structured query language (SQL). SQL was invented by IBM. And Oracle doesn’t seem to have gotten a license to use it.

Yikes. What’s this mean? DarkCyber turns to the article for guidance:

Oracle got its start copying IBM’s software interface.

Yes, that’s clear.

Plus, there’s a molecule from the event stream; specifically:

Around 1977, Larry Ellison and his co-founders spotted an opportunity. They had recently started a software consulting company called Software Development Laboratories, but they wanted to transition to selling a software product. Ellison realized there was enough detail in IBM’s white papers to clone IBM’s database technology. He also realized that it would provide a credibility boost if he could say that their new Oracle database was fully compatible with IBM’s SQL standard. According to one of SQL’s designers, Donald Chamberlin, Ellison was so determined to achieve compatibility with IBM’s technology that he called Chamberlin in 1978 seeking more details about IBM’s implementation of SQL.

The digital equivalent of the two largest blocks in the former Soviet union sat down to talk turkey about Java. Oracle “owned” it; Google had some Sun Microsystems’ employees who had a bit of experience with the “write once, run anywhere” methods.

The write up states:

Google claims that “negotiations broke down over issues unrelated to money.” Google says Sun sought more control over the evolution of the Android platform than Google was willing to offer. So Google decided to build its own version of Java without a license from Sun.

The river flowed, and the rushing waters are behaving with the oddball physics of fluid dynamics. Oracle was thrashed; Google was cyclonic.

The roaring river of legal fees has reached the Supreme Court. Will the legal dam of the copyright crowd hold, or will the “let the digital water flow” of the Google crowd prevail?

The write up creeps quietly away, offering this statement:

…fair use is a notoriously complex and subjective legal standard. Any company wanting to make its software interoperable with a competitor’s product would have to worry that the competitor could sue, arguing that this use wasn’t as fair as Google’s use of Java. Most software companies don’t have Google’s legal resources or staying power, so the prospect of a lawsuit—even one they’re likely to win—could be a major deterrent to building interoperable software.

The shadow of no or reduced interoperability falls. On the other hand, consultants, integrators, resellers, and innovators see a new dawn rising.

Go with history. The sun comes up every day, at least so far.

Stephen E Arnold, March 12, 2020

Server Obfuscation Explained

January 28, 2020

An online information service published an article about copyright enforcement: “Patreon Can’t Solve Its P#rn Pirate Problem.” Why can’t a service block its customers who are allegedly violating copyright?

Here’s the legal explanation:

Despite its gung-ho statement to Kotaku two years ago, Patreon now says its terms of service effectively tie its hands. “We can’t do anything,” says Colin Sullivan, Patreon’s head of legal. “We don’t enforce [copyright] because we don’t have a license to the content.” In other words, it’s legally on Patreon’s creators to enforce copyright on their own work.

Here’s a technical explanation about how Yiff Party remains difficult to pin down:

Yiff.Party’s backend is a bit of a chimera by design. Dozes employs a bit of tech called a “reverse proxy.” A typical proxy obfuscates the identity of the user accessing a server; a reverse proxy hides the identity of the server the client accesses. Between Yiff.Party’s server and the Yiff.party website sits another server. “Yiff.party’s main server stays hidden because the ‘real’ IP address isn’t being exposed since traffic is routed through a proxy,” says Dozes. Reverse proxies aren’t uncommon; large sites might use one to help them run faster. “It’s essentially a VPN, but for a website,” Dozes says. “If our real hosting provider found out they hosted the site, we would be at risk of losing all our data.”

Interesting, particularly the idea of “creators.”

Stephen E Arnold, January 28, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta