How Ad Tech Sees You themarkup.org

Jon Keegan and Joel Eastwood, the Markup:

If you spend any time online, you probably have some idea that the digital ad industry is constantly collecting data about you, including a lot of personal information, and sorting you into specialized categories so you’re more likely to buy the things they advertise to you. But in a rare look at just how deep—and weird—the rabbit hole of targeted advertising gets, The Markup has analyzed a database of 650,000 of these audience segments, newly unearthed on the website of Microsoft’s ad platform Xandr. The trove of data indicates that advertisers could also target people based on sensitive information like being “heavy purchasers” of pregnancy test kits, having an interest in brain tumors, being prone to depression, visiting places of worship, or feeling “easily deflated” or that they “get a raw deal out of life.”

The apparent granularity and volume of these segments will likely not surprise anyone who has worked in digital advertising, but it is quite something to see it all in one place. It is remarkable to know this was published in the open, though it has now been taken down; while Xandr is now owned by Microsoft, the date in the filename and in its metadata indicates it was produced while Xandr was an AT&T subsidiary.

The Markup authors note you can ask to view the advertising segments you are in and request editing or removal. That, like many suggested avenues of recourse for anti-privacy technologies, is predicated on your knowledge of the businesses involved. For example, if you wanted to know if your information was in any way associated with Planned Parenthood — a segment which could be used against you in the United States — you must contact at least five different providers with segment names which contain “Planned Parenthood”, according to this list. Have you ever heard of Alliant or Eyeota? They might be associating your personal information with any number of segments based on indicators you do not know about. There are probably more businesses you have never heard of doing the same thing and it is up to you, individually, to ask for your information from all of them based on little understanding of this market, and then hope they honour your request to be removed.

If that feels overwhelming, that is because it is. Is it supposed to be? I would hate to be so cynical, but it is a solution for internet advertisers that heavily favours them, and only provides an illusion of control for individuals. This entire industry is built on deception and implied consent.

Fox News Downplays the Danger of Breathing Soot and Ash mediamatters.org

If a movement’s knee-jerk contrarianism demands a fair and balanced approach to the smoke and soot causing the worst air quality in the world, that ideology just plain sucks and the morons promoting it should be ashamed.

Update: Our local purveyor of nonsense is dodging questions about a link between the effects of the petroleum industry — the provincial cash cow — and the conditions which have permitted these wildfires to grow and spread so easily this early in the year.

‘Apple Exploring 3D Desktop and Application Interfaces’ macrumors.com

Arnold Kim, writing at MacRumors in 2008:

Dozens of Apple patent applications were published today revealing research that Apple had done in 2007 on many topics encompassing future versions of Mac OS X. The most intriguing is a series of patent applications which describe a “Multidimensional” user interface. Apple has essentially been working on true 3D desktop environments.

Via Steve Troughton-Smith:

15 years later and Apple has finally created a fully-3D spatial operating system; not suggesting a direct link, but it’s fun to go back and see them trying to sound this stuff out right at the time iPhone was introduced

The patent describes several versions of this, all of which are fascinating. But what is most notable is how this is almost the inverse of what Apple seems to be trying to do with visionOS. This patent appears, to me, to show a simulation of a 3D environment within the two-dimensional desktop space of a typical computer display, and it leans hard into the depth component. Some of the drawings show a virtual stack of windows or files within the depth stylings of a Leopard-style Dock. Based on what I can see of visionOS and what has been described by those who have used it, it is much more like two-dimensional interfaces projected into three-dimensional space. It does not seem to be replicating the clutter of a physical desk in an immersive digital space; instead, it is bringing the massless pixel environment into the real world.

Apollo to Shut Down on June 30 Because of Reddit API Changes reddit.com

Christian Selig:

Eight years ago, I posted in the Apple subreddit about a Reddit app I was looking for beta testers for, and my life completely changed that day. I just finished university and an internship at Apple, and wanted to build a Reddit client of my own: a premier, customizable, well-designed Reddit app for iPhone. This fortunately resonated with people immediately, and it’s been my full time job ever since.

Today’s a much sadder post than that initial one eight years ago. June 30th will be Apollo’s last day.

This sucks, and the details in Selig’s lengthy post make it worse. Even keeping in mind that it is from the perspective of a single person, it is damning for Reddit’s developer relations and its management.

Ten Years Ago, Edward Snowden Warned Us About State Surveillance theguardian.com

David Smith, the Guardian:

It was the day his life changed forever. When Edward Snowden blew the whistle on mass surveillance by the US government, he traded a comfortable existence in Hawaii, the paradise of the Pacific, for indefinite exile in Russia, now a pariah in much of the world.

But 10 years after Snowden was identified as the source of the biggest National Security Agency (NSA) leak in history, it is less clear whether America underwent a similarly profound transformation in its attitude to safeguarding individual privacy. Was his act of self-sacrifice worth it – did he make a difference?

Jessica Lyons Hardcastle, the Register:

The architecture put in place to curb surveillance misuse including FISA, FISC and the US House and Senate select committees on intelligence was all created in the late 1970s as a reaction to Hoover-era abuses. These are all good ideas in theory, but not necessarily in practice – especially after 9-11 when the US government essentially greenlighted mass domestic spying for the sake of preventing another terrorist attack.

“Ten years have gone by,” since the first Snowden disclosures, “and we don’t know what other kinds of rights-violating activities have been taking place in secret, and I don’t trust our traditional oversight systems, courts and the Congress, to ferret those out,” [Ben Wizner, of the ACLU] said. “When you’re dealing with secret programs in a democracy, it almost always requires insiders who are willing to risk their livelihoods and their freedom to bring the information to the public.”

Alan Rusbridger, editor of the Guardian at the time it published stories based on documents Snowden leaked:

Even now the British government, in hastily revising the laws around official secrecy, is trying to ensure that any editor who behaved as I did 10 years ago would face up to 14 years in prison. Lamentably, the Labour party is not joining a cross-party coalition that would allow whistleblowers and journalists the right to mount a public interest defence.

So do not hold your breath for future Edward Snowdens in this country. The British media is, by and large, not known for holding its security services rigorously to account, if at all.

I remember the week when articles based on these disclosures began showing up. I remember being surprised not by the NSA’s espionage capabilities — that much was hinted at — but by its brazen carelessness about operating at a scale which would ensure illegal collection. Snowden’s heroic whistleblowing gave the world a peek into this world, but it was ever so brief. There is little public knowledge of the current capabilities of the world’s most intrusive surveillance agencies — by design, of course — and even the programmes exposed by Snowden continue to be treated with extreme secrecy. My FOIA requests from that week remain open.

One other thing which has become clear in the past ten years is that intelligence agencies and their leaders were lying as they repeatedly claimed their expansive dragnet surveillance mechanisms were saving us from deadly terrorist plots left and right. Snowden’s whistleblowing and the resulting tightening of online security practices, they implied, would cost lives. Setting aside the suggestion for all of us to be under constant surveillance for ease of policing, in the years that followed, it has only become clearer that none of this has any bearing in reality. These systems had a poor track record of efficacy at the time, vectors for law enforcement have only increased since, and even the NSA’s contemporaneous star example was quickly exposed as the product of targeted and specific surveillance.

SEC Sues Binance and Coinbase theguardian.com

Jonathan Yerushalmy and Alex Hern, the Guardian:

On Monday, after months of discussions, threats and warnings, the US Securities and Exchange Commission (SEC) took aim at the most powerful force in the world of cryptocurrencies.

The US financial watchdog accused the crypto exchange Binance and its founder Changpeng Zhao of operating a “web of deception,” charging him and his exchange with 13 offences.

[…]

On Tuesday, the SEC accused another crypto platform, Coinbase, of putting customers at risk by operating as an “unregistered broker, exchange and clearing agency”.

Matt Levine of Bloomberg has the full rundown.

Ryan Broderick:

The Twitter account @unusual_whales noticed some very curious activity. Someone opened a bunch of puts on Coinbase’s stock on Monday and ended up making millions of dollars on the news of the SEC suit against the exchange. How lucky is that?!

Sounds like somebody is shocked — shocked — to find that gambling is going on at Coinbase.

Apple Completes Its Transition to Its Own Processors With a Weird New Mac Pro 512pixels.net

Apple:

Mac Pro delivers the groundbreaking performance of M2 Ultra, plus the versatility of PCIe expansion, taking the most demanding workflows to the next level. While the Intel-based Mac Pro started with an 8-core CPU and could be configured up from there, every Mac Pro has Apple’s most powerful 24-core CPU, an up to 76-core GPU, and starts with twice the memory and SSD storage. The new Mac Pro can also be configured with up to a massive 192GB of memory with 800GB/s of unified memory bandwidth. […]

Apple can compare this new model to the Intel-based Mac Pro all it wants, but its main competition is the updated Mac Studio. It is a Mac Studio with twice as many Thunderbolt ports, and lots more internal connectivity and space, with a hefty $3,000 price premium. Unlike the Mac Studio, the Pro comes with a keyboard and mouse, which explains the cost difference.

And, if you do choose to compare this Mac Pro to the Intel model it replaces, there are some changes which are difficult to swallow. It is $1,000 more expensive than the one it replaces. The outgoing model was endlessly upgradeable with dedicated video encoding hardware, graphics processors, and up to 1.5 terabytes of memory. The M2 Mac Pro appears to support none of those things. Apple has tried to preempt criticism by claiming this version effectively has the power of seven Afterburner video encoding cards built in, but there are no known differences between the M2 Ultra in the Pro and the one in the Studio. Even its PCIe slots are being marketed for comparatively less demanding workflows:

[…] From audio pros who need digital signal processing (DSP) cards, to video pros who need serial digital interface (SDI) I/O cards for connecting to professional cameras and monitors, to users who need additional networking and storage, Mac Pro lets professionals customize and expand their systems, pushing the limits of their most demanding workflows.

There is nothing about graphics or video expandability here. While the Mac Pro was rumoured to support memory upgrades, that did not pan out. One maybe good argument for buying a Mac Pro instead of a Studio is that you do not have to pay Apple’s abhorrent rates for storage upgrades: the company wants $2,200 (U.S.) to upgrade to eight terabytes of storage in either model, but you have other options with the Mac Pro.

Stephen Hackett:

The number of 2019 Mac Pros sold cannot be huge, but the new one’s numbers are going to be even smaller. As a Mac Pro fan that worries me. Yes, there are users who are reliant on PCI solutions and I’m sure those folks will upgrade to this new machine at some point. Those who purchased a Mac Pro in the past to have a machine they could keep current over the long haul are seemingly out of luck.

Are some extra Thunderbolt ports and a bunch of open PCI slots enough to justify the Mac Pro’s $3,000 premium over the Mac Studio? For most users, my guess is no. The days of the Mac Pro being the most powerful, most capable Mac are over, at least for now.

This is a worrisome sign that feels like a product which went horribly awry at some point. Mark Gurman reported a configuration with two merged M2 Ultra chips was scrapped, but maybe it — or a similar configuration differentiating it from the Studio — will be introduced in the future. But I fear that is not what will happen. It looks like this type of Mac could be on its way out in favour of the external extensibility. The pendulum is swinging back to the 2012 “trash can” Mac Pro in the form of the Studio.

The Strange Survival of Guinness World Records theguardian.com

Imogen West-Knights, the Guardian:

It is strange to think of Guinness World Records – a business named after a beer company, which catalogues humanity’s most batshit endeavours – as the kind of entity that could sell out. At first glance, it seems like accusing Alton Towers or Pizza Express of selling out. But the deeper I delved into the world of record breaking, the more sense it made. In spite of its absurdity, or maybe because of it, record breaking is a reflection of our deepest interests and desires. Look deeply enough at a man attempting to break the record for most spoons on a human body, or the woman seeking to become the oldest salsa dancer in the world, and you can find yourself starting to believe that you’re peering into humanity’s soul.

Maybe the strangest thing I learned from this article is that Guinness Record adjudicators are not permitted to drink alcohol while on the job, despite this entire book being created under the umbrella of the Guinness beer company.

New Privacy and Security Features at WWDC 2023 apple.com

There is certainly plenty to talk about from WWDC this year, but the privacy and security updates are not to be missed. One notable highlight:

App Privacy Improvements

New tools give developers more information about the data practices of third-party software development kits (SDKs) they use in their apps, allowing them to provide even more accurate Privacy Nutrition Labels. These changes also improve the integrity of the software supply chain by supporting signatures for third-party SDKs to add another layer of protection against abuse.

Like existing privacy labelling in the App Store, this is naturally predicated on the honour system, but it is a step in the right direction. Third-party sharing is one of the shadiest sides of digital privacy in apps and on the web, and it is only good for light to be shined in this area.

Other improvements include optional automatic blurring of potentially sensitive images and video — as I suggested — two-factor authentication autofill from Mail messages, and automatic removal of tracking junk on links shared through Mail and Messages.

Update: More on the SDK disclosure requirements from Apple:

First, to help developers understand how third-party SDKs use data, we’re introducing new privacy manifests — files that outline the privacy practices of the third-party code in an app, in a single standard format. When developers prepare to distribute their app, Xcode will combine the privacy manifests across all the third-party SDKs that a developer is using into a single, easy-to-use report. With one comprehensive report that summarizes all the third-party SDKs found in an app, it will be even easier for developers to create more accurate Privacy Nutrition Labels.

This sounds promising but, again, relies on compliant developers and software vendors. Apple says it will name and shame common third-party SDKs later this year.

Engineering the Apple Watch’s Strap Buttons theverge.com

Antonio G. Di Benedetto, the Verge:

While I often prefer a universal solution over a proprietary connector, here’s the thing — Apple’s band release button beats the hell out of fiddling with little spring bars and jeweler’s tools. Instead, you just press a near-invisible button, slide your band out, slide another one in, and get a lovely audible click as it locks in. No fuss, no muss; just a simple swap for a different visual vibe to match your style and wardrobe.

But how does it get that precise click, that nearly foolproof snap? Hint: it’s not magnets. My colleague Sean Hollister and I spoke with two ex-Apple engineers who worked on manufacturing the original parts. We quickly learned that it’s kind of the unsung hero of the Apple Watch — despite launching a $1 billion accessory ecosystem and remaining unchanged since its debut eight years ago.

The one thing I have missed most about the Apple Watch after not wearing one for a few years now is this mechanism and its compatible straps. Swapping bands quickly and easily without risking any damage to the watch or the strap is something I have wondered why others have not copied anywhere near as well. After reading this piece, though, I can appreciate why the Apple Watch remains in a league of its own in this regard.

Group Location Sharing Followup inhab.it

I received more feedback than I had expected on my recent link to an article about people who routinely — and often permanently — share their live location with friends, and I thought it was worth highlighting here.

A reader sent me this by email, which I am publishing with permission:

[…] I do share my location with a couple of long-time trusted friends. I’m a full-time RVer, and I not only move around from place to place, but spend a lot of time boondocking in the desert or on other public lands. Having my friends able to see my location if necessary makes me feel a bit safer. I know other full-time RVers who do this, but we’re a small minority of the general population.

And, on a similar note, Stuart Breckenridge shares this use case:

It’s common in cycling clubs to share live location should something untoward happen. Garmin/Telegram/Find My (etc.) are all useful for this.

And Nathan Snelgrove:

I also actually know women who share locations with friends and tell them when they’re out with men they don’t know and where they should be on the map. That use case is very real.

Jennings also mentioned that use case in the article I linked to, citing a 2019 TechCrunch piece by Rae Witte, and noted how often families use it to know the whereabouts of their children. All of these responses make sense to me. This angle unfortunately explains the popularity of the Life360 app, which is now being sued for selling the location data of children to third-party data brokers. Safety is such a smart rationale that it is disappointing to see such private data entrusted to garbage businesses with exploitative side hustles.

I received a few other replies for why people use permanent location sharing, too, most commonly within families. One, also from Snelgrove:

My wife and my in-laws all do it. We started doing it together when we would ski together, because it’s so easy to lose each other skiing. But far and away the most common use now is checking to see how far away they are if we know they are coming over for dinner.

From Felix, via email, also published with permission:

Indispensable for one use case: Picking up kids from kindergarten. Spares us the question “got time to pick ’em up today?” As I can see whether my wife has already left the office or is still miles away. Also: I’d rather share my location with her than to feel guilty not seeing her message “where you at?” (Which, to me, feels more intrusive, ironically)

These both feel like good examples of the convenience of sharing locations within a family, which reflects my own use case: when I am making a timing-sensitive dinner, I occasionally check my partner’s location on her way home from work. But neither reflects the apparently common case of sharing with a bunch of friends.

Wil Turner, in 2015, wrote a lovely piece about how the Find My network led to chance encounters with friends while travelling:

I wait on an overhead walkway in the reflected lights of a Las Vegas evening for a friend. We live five hundred miles apart, and are lucky to be briefly so close. He is here with friends from high school, I with some from Houston, some from San Francisco. In a small bar we have a drink and he puts Johnny Cash on the record player. It’s a brief break from the rest of our weekends, which are a brief break from the rest of our lives.

Except in so many ways neither of these are a break, both of our lives are a mishmash of locations and people that we have somehow managed to keep up with for a decade or more. Thanks to jobs, education, and opportunities that take us from one place to another and to technology, from Instagram to Find my Friends, we’re in fact growing more connected to more people.

I guess I need to get out more.

Location Sharing Is Apparently Really Common Among Acquaintances vox.com

Rebecca Jennings, Vox:

Friends sharing their real-time locations with each other is a pretty recent facet of modern life. Though apps like Foursquare have been around since the dawn of the smartphone age, mass location sharing was only introduced around 2017, when Google rolled out location sharing on its Maps function and Snapchat launched Snap Map, allowing users to see where their contacts were at any moment. By the time Apple merged the Find My iPhone and Find My Friends apps into a single app called “Find My” in 2019, location sharing had become just another type of social networking, despite the fact that for many people, it still feels a little icky.

Shows how out of touch I am that I am only now learning this is an apparently common thing among friends. When Apple launched Find My Friends in 2011, these kinds of use cases were in its marketing pitch — why would someone need to know the location of their friends, even temporarily, “for a couple of hours for a dinner”? — and I do not know anyone who has actually used Find My in this way. None of my friends do; neither does my family.

U.S. FTC Settles With Amazon Over Insecure Ring Cameras ftc.gov

Lesley Fair, of the U.S.’ Federal Trade Commission:

Many consumers who use video doorbell and security cameras want to detect intruders invading the privacy of their homes. Consumers who installed Ring may be surprised to learn that according to a proposed FTC settlement, one “intruder” that was invading their privacy was Ring itself. The FTC says Ring gave its employees and hundreds of Ukraine-based third-party contractors up-close-and-personal video access into customers’ bedrooms, their kids’ bedrooms, and other highly personal spaces – including the ability to download, view, and share those videos at will. And that’s not all Ring was up to. In addition to a $5.8 million financial settlement, the proposed order in the case contains provisions at the intersection of artificial intelligence, biometric data, and personal privacy. It’s an instructive bookend to another major biometric privacy case the FTC announced today, Amazon Alexa.

To put the financial settlement in context, Amazon sold an estimated 1.7 million Ring cameras in 2021 — the most recent year for which I could find sales figures — and the cheapest Ring camera you could buy at the time retailed for $60. In response to years of contractor and public abuses of its insecure webcams, Amazon has to pay about three weeks’ worth of a single year of sales. That is hardly a punitive amount, and the FTC only says it is to be “used for consumer refunds”: sorry Amazon fibbed about the security of the cheap product it sold to 55,000 people, thus permitting many of them to be tormented and spied upon, but at least some of them can get their money back. And of course Amazon has to admit no culpability.

Russian Intelligence Baselessly Accuses Apple of Assisting the NSA in Breaching Officials’ iPhones therecord.media

Daryna Antoniuk, the Record:

Russia’s Federal Security Service (FSB) is accusing U.S. intelligence of hacking “thousands of Apple phones” to spy on Russian diplomats.

According to FSB’s statement published on Thursday, the U.S. used previously unknown malware to target iOS devices.

[…]

Russian intelligence claims that the investigation revealed that Apple is collaborating with the U.S. National Security Agency (NSA).

[…]

Oleg Shakirov, an expert on foreign policy and security at the Center for Strategic Research, said that this type of accusation — which he referred to as “quasi-attribution” — is not unusual for Russian authorities.

Kaspersky discovered this malware. It has affected devices running versions up to iOS 15.7, and it has been seen in use as early as 2019.

The FSB, for its part, has shown no proof of Apple’s involvement — nor has Kaspersky made such an accusation — and Apple denied those claims in a statement to Reuters. Creating a loophole for law enforcement or intelligence purposes would deviate from its longstanding objections and be a blatant violation of users’ trust. Furthermore, the NSA does not need Apple’s help; there are plenty of spyware developers with which it would be happy to sign a contract. Finally, it is an accusation made by a government agency, and should be treated with at least the same level of skepticism of a similar claim made by any other spy agency.

This is a serious accusation, made without any proof, and should obviously be rejected until substantive evidence is shown.

Wishing Well 2023

It has already been a busy year for Apple, and the company has not yet held a single presentation. Just two weeks into the new year, it launched new Macs and a refreshed HomePod, followed by some services updates, and new iPad software. All of those things — and more — were launched via press release instead of the full power of a real demo. They are all things which do not require much of a demo.

What Apple is rumoured to have in store for WWDC, however, demands the pomp and circumstance of one of its signature events.

The rumour mill paints a picture of a headset in the company style. The hardware is allegedly a technical masterstroke.1 But none of that is very interesting, nor does it tell the story of this product. Apple has not tried to quell the rumours and expectations leading up to Monday; on the contrary, it is marketing the conference as a “new era”. The single thing everyone will be asking going into this WWDC is what a mixed reality headset can do when it is developed by a company famously obsessed with the bigger picture.

Earlier entries in the field have come from the usual suspects, with familiar results. Google’s Glass was an interesting but antisocial experiment. Microsoft spent most of 2022 attempting to convince HoloLens users of the future of the device, but announced layoffs in January which affected its augmented and mixed-reality pursuits. Meta is as enthusiastic about these kinds of products as it is institutionally visionless.

The one thing these products have had in common is their lack of a use case that piques the interest of more than a niche audience. Make no mistake: this will disappoint anyone expecting a product which immediately and obviously usurps the iPhone’s place as the go-to, do-anything device for a billion people. I do not think it will feel as capable as a Mac, either, nor do I think it will be as limiting as an Apple Watch.

What it will be, undeniably, is fascinating. It could very well represent a vision of the future of how we all use computers, though it may not be immediately so at its introduction. But even if you lower the massive expectations for this product, it is at the very least a new Apple product category, which is inherently interesting. It may not be a company making just four Macs, but its product line still is not very large. Another category appearing in the main navigation on Apple’s website is a big deal.

Whatever it is, it will also likely represent the kind of product which few of us will buy immediately, even if we want to. If the rumours are correct, the price tag will make our eyes pop, the features will feel somewhat limited, and the hardware — while powerful and polished — will be obviously compromised. While many of us are waiting for a day many years from now when this category feels more attainable, we will be using our existing devices — two billion of them. If much of Apple’s own attention has been directed at the future, what does that mean for its here-and-now lineup?

This is an honest question, not just a rhetorical one. As Apple’s operating system line has grown from one to at least five — more if you count the HomePod’s audioOS and BridgeOS for Macs with T-series chips — the limitations of scale have begun to show. New versions of iPadOS oscillate between key feature updates to fundamental parts of the system, like multitasking, one year, and tepid improvements the next. iOS is a mature platform and, so, it makes sense for there to be fewer core feature updates, but one wishes the slower development cycle would bring increased stability and refinement; actual results have been mixed. MacOS is the system which feels like it ought to be the closest to some imagined finish line, but it also seems like it is decaying in its most core qualities — I am having problems with windows losing foregrounding or not becoming focused when they should. Also, why are Notifications still like that?

Whatever the future may bring, what I hope for this WWDC is what I hope for every year: bug fixes and performance improvements. If iPadOS represents one vision for the future of computing and xrOS is another, more distant one, the most mature products in Apple’s line should reflect a level of solidity and reliability not yet possible for its more ambitious ideas.

I believe coverage of its event should reflect that, too. As magnetic as an entirely new Apple product may be, I hope that can be balanced with scrutiny of the updates which affect the billions of devices already in use. After all, these operating systems and devices go hand-in-hand; neither is available without the other. That represents a great deal of trust between vendor and customer in a weakly competitive market. As excited as I am for what is new and what is next, I know my world for the foreseeable future will be tied to what is announced for the products I already own. They are the tools I use for work and play. I need to have confidence in them, which has been dimmed by Apple’s mediocre record for changes. I filed an average of something like three bug reports every week last year solely from a user-facing perspective. I would love to be able to close some of those and, by doing so, feel like the computers I use today are a solid foundation on which the next generation of digital environments will be built.

  1. Like some kind of reality distortion field. ↥︎

Internal TikTok and ByteDance Reports Say Some Non-China User Data Is Stored in China forbes.com

Sapna Maheshwari and Ryan Mac, New York Times:

[…] According to the documents obtained by The Times, the driver’s licenses of American users were also accessible on the platform [ByteDance’s Lark], as were some users’ potentially illegal content, such as child sexual abuse materials. In many cases, the information was available in Lark “groups” — essentially chat rooms of employees — with thousands of members.

[…]

TikTok has played down the access that its China-based workers have to U.S. user data. In a congressional hearing in March, TikTok’s chief executive, Shou Chew, said that such data was mainly used by engineers in China for “business purposes” and that the company had “rigorous data access protocols” for protecting users. He said much of the user information available to engineers was already public.

The internal reports and communications from Lark appear to contradict Mr. Chew’s statements. Lark data from TikTok was also stored on servers in China as of late last year, the four current and former employees said.

Alexandra S. Levine, Forbes:

TikTok uses various internal tools and databases from its Beijing-based parent ByteDance to manage payments to creators who earn money through the app, including many of its biggest stars in the United States and Europe. The same tools are used to pay outside vendors and small businesses working with TikTok. But a trove of records obtained by Forbes from multiple sources across different parts of the company reveals that highly sensitive financial and personal information about those prized users and third parties has been stored in China. The discovery also raises questions about whether employees who are not authorized to access that data have been able to. It draws on internal communications, audio recordings, videos, screenshots, documents marked “Privileged and Confidential,” and several people familiar with the matter.

In testimony before Congress earlier this year, TikTok CEO Shou Zi Chew claimed U.S. user data has been stored on physical servers outside China. “American data has always been stored in Virginia and Singapore in the past, and access of this is on an as-required basis by our engineers globally,” he said under oath at a House hearing in March.

[…]

“Even if TikTok was not a subsidiary of a Chinese company, this would be pretty alarming IT security malpractice,” Bryan Cunningham, a former national security lawyer for the White House and CIA, told Forbes. He described tax records as some of the most sensitive data there is.

Add these to the long list of things being investigated by European regulators since September 2021, especially as it now falls under its list of Very Large Online Platforms. If there are concerns about Europeans’ private data being intercepted by U.S. intelligence agencies, a similar level of worry should apply in this case as well.

Zippyshare Has Shut Down torrentfreak.com

Andy Maxwell, writing at TorrentFreak in March:

After almost 17 years online, file-hosting veteran Zippyshare will shut down at the end of the month. Founded in 2006, Zippyshare was known for its free, no-nonsense, no-frills approach to storing files online. Having changed very little over the years, Zippyshare’s operators say the platform is now a dinosaur that costs too much to run in a world where ad-blocking is widespread.

I missed this news when it was announced, but I wanted to call it out. Zippyshare joins a long line of file hosting services — most notably Megaupload and RapidShare — which have either shut down willingly or been forced to do so by law enforcement. All of these services have been historically used by, among others, plenty of old-school music blogs. There are many reasons to object to file sharing, but I do think there is something special about that era of online publishing.

These abandoned blogs — many full of rare albums usually unavailable without carefully watching the Discogs marketplace for an expensive vinyl record — now have a series of worthless links at the bottom of each post. It somehow feels appropriate, as though these records will always elude all but the most dedicated collector.

Cyberweapon Developers Are Ingratiating Themselves With U.S. Officials ft.com

Thomas Brewster, Forbes, 2021:

Paragon Solutions doesn’t have a website. There’s very little information at all about them online, even if the Tel Aviv-based smartphone surveillance startup’s employees are all over LinkedIn, more than 50 of them. That’s not a bad headcount for a company that’s still in stealth mode.

[…]

With an American backer, it appears Paragon is going to try and crack American law enforcement agencies where others like NSO have failed. According to a LinkedIn profile, a 30-year veteran of Israeli intelligence, Menachem Pakman, has been employed to help find business in the U.S. There’s no indication that they have clients across the Atlantic yet, however.

Mehul Srivastava and Kaye Wiggins, Financial Times:

The Israeli start-up had watched local rival NSO Group, makers of the controversial Pegasus spyware, fall foul of the Biden administration and be blacklisted in the US. So Paragon sought guidance from top American advisers, secured funding from US venture capital groups and eventually scored a marquee client that eludes its competition: the US government.

[…]

President Joe Biden signed an executive order in March barring any US agency from purchasing spyware that “poses risks to national security or has been misused by foreign actors to enable human rights abuses around the world.”

The wording of the executive order is seen by experts as targeting NSO, while carving out a space for companies like Paragon to continue selling similar spyware, but only to the closest of US allies. The American expectation — still unproven — is that friendly nations are less likely to abuse such a weapon on civil society, or to spy on US government officials deployed abroad.

According to a New York Times report last month, the U.S. government is very much a client of NSO Group. It seems the Biden administration’s policies are neither motivated by a moral objection to an unregulated spyware market, nor heeded by U.S. officials, making Paragon’s more cautious on-side approach look a little unnecessary. These are scuzzy companies no matter how careful their public relations teams frame them.

A.I. Developers Say Their Product Creates a ‘Risk of Extinction’ in Self-Serving Statement safe.ai

Hundreds of experts in artificial intelligence — including several executives and developers in the field — issued a brief and worrying statement via the Center for AI Safety:

Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.

The Center calls out Meta by name for not signing onto the letter; Elon Musk also did not endorse it.

OpenAI’s Sam Altman was among the hundreds of signatories after feigning an absolute rejection of regulations which he and his peers did not have a role in writing. Perhaps that is an overly cynical take, but it is hard to read this statement with the gravity it suggests.

Martin Peers, the Information:

Perhaps instead of issuing a single-sentence statement meant to freak everyone out, AI scientists should use their considerable skills to figure out a solution to the problem they have wrought.

I believe the researchers, academics, and ethicists are earnest in their endorsement of this statement. I do not believe the corporate executives who simultaneously claim artificial intelligence is a threat to civilization itself while rapidly deploying their latest developments in the field. Their obvious hypocrisy makes it hard to take them seriously.