Month: August 2019

Disinformation Campaigns Targeting Hong Kong Protesters Run Rampant on Twitter buzzfeednews.com

Maciej Cegłowski in a Twitter thread:

Every day I go out and see stuff with my own eyes, and then I go to report it on Twitter and see promoted tweets saying the opposite of what I saw. Twitter is taking money from Chinese propaganda outfits and running these promoted tweets against the top Hong Kong protest hashtags

What China is doing is clear. If these peaceful, extremely self-disciplined protesters who enjoy the clear backing of the overwhelming majority of Hong Kongers can be discredited, it will be easier to crack down. What the fuck Twitter thinks it’s doing is less clear.

Ryan Mac and Rosalind Adams, Buzzfeed News:

The Chinese government has struggled to contain the narrative of the months-long protests, which have seen pro-democracy activists face increasingly aggressive police tactics in the streets. Though Twitter and Facebook are banned in China, the Chinese state media runs several English-language accounts to present its views to the outside world.

“It’s very clear that the Chinese state media is essentially buying ads on Twitter and Facebook for the purpose of reaching an international audience as part of China’s effort to ‘tell its story better,’” said Adam Ni, a China researcher at Macquarie University in Sydney. The Communist Party sees this “as critical in the battle of hearts and minds,” he added.

In a similar vein, Ryan Gallagher of the Intercept reported that the Chinese government was also buying ads on Twitter that served as propaganda against the Uighur people of Xinjiang.

Twitter responded:

Today, we are updating our advertising policies with respect to state media. Going forward, we will not accept advertising from state-controlled news media entities. Any affected accounts will be free to continue to use Twitter to engage in public conversation, just not our advertising products.

This is a global approach and will be enforced across our entire business.

The turnaround on this policy change was just a few days from when Cegłowski began tweeting about it, indicating that Twitter can change quickly when it needs to, and tacitly raising the question of why it takes so long for the company to react to other obvious shortcomings in its product.

Twitter also disclosed today that there was a coordinated astroturfing campaign of propaganda that used a little over 900 accounts in an effort to surreptitiously manipulate opinion and coverage of the demonstrations in Hong Kong.

Facebook has said that it won’t ban state-run media advertisers on its platform.

Media’s Mega-Mergers Are Already Having an Impact on Storytelling io9.gizmodo.com

Alex Cranz, io9:

Now imagine what’s happening right this moment. The House of Mouse may already be self-censoring because it has a brand image to uphold. That self-censorship will now be applied to nearly 40 percent all the movies you watch, and between ABC and Hulu and Disney+ it will own a whole heckuva lot of the TV you consume too. AT&T is cutting costs and killing favorites to try and build a popular and inoffensive rival to the other big streamers (and Disney’s looming giant). CBS and Viacom have only just begun their own plans for streaming domination, but already people are noting, and/or hoping, for reboots and continuations of their favorites.

Cranz’s piece illustrates the necessary impact on storytelling when new films and television shows are run through the machinations of a shrinking number of large studio, the largest of which has a particularly sensitive approach to more challenging topics. But because these companies also control many of the distribution channels to the greatest degree since United States v. Paramount, it’s possible that independent films would find themselves shut out of an audience even if they could be financed.

Or, perhaps the combined bureaucratic weight of these mega-studios will cause them to collapse on themselves; they may find it difficult to produce captivating new works. That doesn’t seem to be likely. When all but a couple of the twenty highest-grossing films of the year are either franchise tie-ins or sequels, we’ve demonstrated a booming market for mediocrity.

AT&T, Disney, and CBS haven’t been as explicit in noting their desire for our viewing habits, but it’s absolutely one reason they’re pushing into the streaming space and trying to gobble up as much of the pie as they can. “Basically, sign up as many subscribers as possible and get them into the service, and give them a chance to enjoy the great intellectual property and product that will be part of that service,” Disney CEO Bob Iger told a group of analysts and reporters last week, per a CNBC report.

Nothing would warm my heart and disrupt my stomach more than for “intellectual property” to replace the current miserable term for anything made by anyone in any context.

Server-Side Rendering With AMP mjtsai.com

Let me get this straight: Google launched AMP as a way to speed up the web by, somehow, adding a hundred kilobytes of JavaScript as an intermediary for all pages created with its language. It then realized that this was not as fast as serving plain markup, so it’s now extolling the virtues of adding a server-side rendering process, which — and I promise that I am not making this up — breaks the AMP spec. And, somehow, this is all better and more logical than sending some standard HTML down the pipe.

I guess that it must be, so long as Google keeps manipulating search results for mobile users to favour its own AMP project over any normal webpage, even very fast ones.

WebKit Publishes Tracking Prevention Policy webkit.org

Earlier this week, Apple’s WebKit team announced its strong Tracking Prevention Policy:

This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user’s privacy without giving users the ability to identify, understand, consent to, or control them.

[…]

We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.

This is the correct position. Kudos.

Reflecting on the Targeted Harassment of Women on the Internet, Five Years After ‘Gamergate’ nytimes.com

It is very hard to come to terms with the brutality of the tactics honed by abusive people — nearly entirely men — during the “Gamergate” saga, and now used constantly to dehumanize women, queer individuals, and non-white people.

Sarah Jeong was targeted last year for some decontextualized Twitter jokes:

Tucker Carlson did a segment about me on Fox News. The president called me “disgusting” in a tweet. Shortly after the arrest of Mr. Sayoc, the MAGA bomber, the media discovered that he had sent me a death threat on Twitter.

Of the many threats of rape, dismemberment and murder sent to me and to my workplace, at least one was concerning enough that The New York Times filed a police report. But Mr. Sayoc’s tweet at me — a bizarre, confusing insinuation that my corpse was going to be dumped in the Everglades — barely pinged anyone’s radar, let alone my own, until he made the news for mailing pipe bombs.

Charlie Warzel contributed an article documenting the myriad influences on broader culture that are directly linked to the reaction on Reddit and 4chan to a crappy blog post. But the pieces from Jeong and Brianna Wu reflect on the terrible effects these harassment techniques have had on the women who experience them, and they are absolutely worth your time and reflection.

The Cost of Cross-Platform Code Sharing blogs.dropbox.com

Eyal Guthmann of Dropbox:

Until very recently, Dropbox had a technical strategy on mobile of sharing code between iOS and Android via C++. The idea behind this strategy was simple—write the code once in C++ instead of twice in Java and Objective C. We adopted this C++ strategy back in 2013, when our mobile engineering team was relatively small and needed to support a fast growing mobile roadmap. We needed to find a way to leverage this small team to quickly ship lots of code on both Android and iOS.

We have now completely backed off from this strategy in favor of using each platforms’ native languages (primarily Swift and Kotlin, which didn’t exist when we started out). This decision was due to the (not so) hidden cost associated with code sharing. Here are some of the things we learned as a company on what it costs to effectively share code. And they all stem from the same basic issue:

By writing code in a non-standard fashion, we took on overhead that we would have not had to worry about had we stayed with the widely used platform defaults. This overhead ended up being more expensive than just writing the code twice.

Fascinating stuff from a company that is about to launch an Electron-based desktop client.

Amazon’s Bezos Brigade Unleashed On Twitter bellingcat.com

Aric Toler, Bellingcat:

On August 14, a Twitter thread that included a small army of “Amazon FC Ambassadors” went viral, bringing to light Amazon’s year-long social media brand ambassador program.

[…]

Last year, Amazon rolled out a program where employees at these fulfillment centers (warehouses) are able to also work as brand ambassadors to describe their experiences working at Amazon. A number of media outlets reported on this new program last year after the first wave of Ambassadors sent out bizarre tweets promoting Amazon’s workplace conditions.

Per the 2018 reports, these Ambassadors were given “an extra paid day off and a [$50] gift card” for their efforts in volunteering to defend Amazon from their online detractors.

If employees want to defend their employer against criticism — online or offline, I don’t care — that’s their jam. But they shouldn’t be paid to be a public relations prop when they’re clearly not an official representative. This is a dismal practice that I hope does not spread.

Tech Companies Should Be More Upfront and Plain-Spoken with Practices That Could Violate Users’ Privacy buzzfeednews.com

Nicole Nguyen, Buzzfeed News:

As we found out yesterday, Facebook paid outside contractors to transcribe voice memos from users who turned on chat transcription in the Messenger app. The company is the latest in a string, including Amazon, Google, Apple, and Microsoft, caught sending users’ audio to third-party firms for analysis.

[…]

Most folks buying Google Homes and Echos from a mall kiosk aren’t aware. That’s in part because of the products’ “just like that!” marketing, but largely because Amazon, Google, Apple, Microsoft, and Facebook haven’t clearly told consumers what they do with their voice and video information. None of those companies’ data policies state that what we say and do in front of our voice assistants, internet-connected cameras, and messaging apps can be shown to strangers employed by the companies or their contractors.

Plain-language explanations of practices that may be compromising to users’ privacy can be hard to write. I am certain that the opt-in rate would be extremely low if these devices asked users — during the onboarding process, for example — whether a selection of their voice recordings can be retained and later reviewed by a human being.

Nevertheless, it is unquestionably the right thing to do.

Companies should be able to educate customers on why they should opt-in. They should be upfront and direct about what they will do with recordings. They should go to great lengths to explain how recordings will be de-identified, processed anonymously, and removed within days. That builds confidence that users’ recordings will not be exploited, and that a small compromise of their privacy will lead to better results, should they so choose. Of course the opt-in rate for this will be low — but that’s how it should be. Better that then having these shady practices exposed, with users left feeling violated.

Suprema’s Biometrics Database with Fingerprints, Face Photos, and Plain Text Passwords Found to Be Publicly Accessible theguardian.com

Josh Taylor, the Guardian:

The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches.

In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

Biostar 2 is operated by Suprema, a Korean company, which means that this breach should be investigated under the country’s strict Personal Information Protection Act. If this report is true, it’s shocking that they did not bother to encrypt fingerprint data, staff details, or administrative usernames and passwords.

Apple Card’s Targeted Ads May Be Non-Creepy, But They’re Still Unexpected thetapedrive.com

Steve Moser (via Michael Tsai):

Apple will target users for marketing emails and push notifications based on their transaction history. “For example, Apple may send a message to your device that is relevant to people who typically purchase travel.” Apple might have been able to negotiate reduced fees by agreeing to allow advertising to Apple Card users.

Moser posted a copy of the on-boarding text in full, which describes this in more detail:

Apple may use your Apple Card account status, such as whether you have applied for or have a current Apple Card account, to determine whether a message is relevant to you, including a marketing message. Apple may also send messages to your device, which may use information known only to you and your device, such as your transaction history and location, to help determine whether a message is relevant to you. For example, Apple may send a message to your device that is relevant to people who typically purchase travel. Apple does not need to know whether you purchased travel. Your device can use your transaction history to decide whether the message is relevant to you. This helps to ensure that you receive relevant communications, while protecting your privacy. Apple does not know which messages you see on your device.

Anonymous and aggregate information that cannot be tied to you may also be used for Apple Card marketing and other messaging. You may opt out of marketing messages by clicking the unsubscribe link in a marketing email or by turning off notifications for Apple Card.

Based on what I’m reading here, it sounds like Apple is sending push notification message text to all Apple Card users, but only displaying it if it’s relevant to a specific user. It’s a clever way of doing semi-targeted ads without violating users’ privacy.

I think that’s less relevant to users than whether they expect to receive ads in their email account and on their lock screen because they signed up for Apple’s credit card. The more nihilistic user might, but Apple is supposed to be the company that doesn’t point to some clause in their terms and conditions as a free pass to exploit users.

Apple’s marketing website:

At Apple, we firmly believe in your right to privacy. That’s why we created a unique architecture for Apple Card that generates things like your transaction history and spending summaries right in the Wallet app on your iPhone.

Of course, Goldman Sachs will use your data to operate Apple Card. But they will never share or sell your data to third parties for marketing or advertising.

Apple’s solution is in agreement with the letter of these statements, but certainly not the spirit.1

There is are parts of this product that are distinctly un-Apple-like, but none more so than the use of push notifications to send targeted advertisements. I do not believe that Apple must compromise its advantages and expectations to compete effectively in the services business; but, if it feels like it does, why should I choose its offerings over those from competitors?

  1. Also, I thought that using push notifications to deliver advertisements was against Apple’s policies. It certainly was. But a 2018 rewrite of the App Review policies document indicates a softer stance (italics mine):

    4.5.4 Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information. Abuse of these services may result in revocation of your privileges.

    “Must not” indicates an outright ban on app functionality being dependent on enabling push notifications, but “should not” is basically just a recommendation. Gross.

    Update: The allowance of push notification advertising actually dates back to 2016. Thanks, George↥︎

Netflix Is Starting to Behave a Lot More Like a Traditional Big Studio hollywoodreporter.com

Natalie Jarvey, Hollywood Reporter:

With a market-leading 152 million global subscribers, 10 percent of TV screen time in the U.S. and a several-year head start, Netflix may be too big to fail. But that hasn’t stopped a growing chorus of questions over how long the “Netflix bubble” can last. Its ballooning costs — analysts estimate that it will spend between $10 billion and $15 billion on content this year — means it burns through cash ($3 billion in 2018). Its current debt load is $12 billion.

Worries ratcheted up July 17 when the company reported its first subscriber loss in the U.S. in eight years. Its high-flying stock came crashing down 15 percent, erasing $24 billion in value in less than a week. “It’s notable that they lost subscribers before they lost a meaningful amount of content and before there was direct competition from their suppliers,” says Wedbush’s Michael Pachter, a noted Netflix bear. “This suggests they will face additional pressure when they lose content later this year and as their current [licensing] contracts with Warner Bros., Fox, Disney and NBCU expire.”

Once the studios figured out that they, too, could sign a contract with AWS and build a streaming media player, they replaced Netflix’s big advantage with an even worse version of the old cable television model. If you’re a film or television buff and want to maintain a moral and legal high ground, there’s no question in my mind that you’ll pay more for a combination of streaming services than you used to for cable.

But if I were an executive at one of these conglomerates, I’m not sure I’d wager too much on the inability for users to remember how their torrent client works.

Automattic Acquires Tumblr axios.com

Ursula Perano and Dan Primack, Axios:

Verizon is set to sell the social network Tumblr to Automattic Inc, the owner of online publishing tool WordPress. A source familiar with the deal puts the price-tag “well below” $20 million, while another source puts it below $10 million.

To clarify, Automattic is the owner of WordPress.com, the commercial entity that provides hosting and support of websites powered by WordPress the software; the latter is maintained by the WordPress Foundation, and Automattic’s CEO is Matt Mullenweg, who began developing WordPress alongside Mike Little. It’s quite confusing. I assume his favourite song is “Wilco” off the album Wilco by Wilco.

Primack on Twitter:

Again, just to be clear… emphasis on the “well below” $20 million…

Story updated: Price less than $3 million.

A fire sale for the property, but that excludes the salaries of the two hundred employees they’re also bringing with them. Kudos to Automattic for keeping the staff on board.

Matt Mullenweg formally announced the acquisition on his Tumblr account:

When the possibility to join forces became concrete, it felt like a once-in-a-generation opportunity to have two beloved platforms work alongside each other to build a better, more open, more inclusive – and, frankly, more fun web. I knew we had to do it.

[…]

In the underlying technology of our platforms, I think there are some good opportunities to standardize on the Open Source WordPress tech stack, but the front-end user experience on Tumblr will evolve on its own path. It has been so successful already, and we want to keep that going. The Tumblr team also has some exciting functionality they’re eager to unlock once we close the acquisition officially in a few weeks…

Automattic will obviously be a better steward of Tumblr than Yahoo or Verizon were, but I question whether the unique qualities of its communities can experience a resurgence. It has felt for years like it has been dying a protracted death, and its 99% discounted sale price speaks to that.

In Pursuit of Increased and Diversified Revenue Streams, Google’s Internal Culture Eroded wired.com

Nitasha Tiku, Wired:

All of those precepts sent Google’s workforce into full tilt after the travel ban was announced. Memegen went flush with images bearing captions like “We stand with you” and “We are you.” Jewglers and HOLA, affinity groups for Jewish and Latinx employees, quickly pledged their support for Google’s Muslim group. According to The Wall Street Journal, members of one mailing list brainstormed whether there might be ways to “leverage” Google’s search results to surface ways of helping immigrants; some proposed that the company should intervene in searches for terms like “Islam,” “Muslim,” or “Iran” that were showing “Islamophobic, algorithmically biased results.” (Google says none of those ideas were taken up.) At around 2 pm that Saturday, an employee on a mailing list for Iranian Googlers floated the possibility of staging a walkout in Mountain View. “I wanted to check first whether anyone thinks this is a bad idea,” the employee wrote. Within 48 hours, a time had been locked down and an internal website set up.

[…]

In his short, off-the-cuff remarks to the packed courtyard, Pichai called immigration “core to the founding of this company.” He tried to inject a dose of moderation, stressing how important it was “to reach out and communicate to people from across the country.” But when he mentioned Brin’s appearance at the airport, his employees erupted in chants of “Ser-gey! Ser-gey! Ser-gey!” Brin finally extricated himself from the crowd and shuffled up to the mic, windbreaker in hand. He, too, echoed the protesters’ concerns but tried to bring the heat down. “We need to be smart,” he said, “and that means bringing in folks who have some different viewpoints.” As he spoke, a news chopper flew overhead.

And that was pretty much the last time Google’s executives and workers presented such a united front about anything.

Tiku presents a deep, well-investigated look at an increasingly toxic internal culture as executives pursued morally-challenged money making opportunities.

We’re All Killing Uber Just By Using It ftalphaville.ft.com

Jamie Powell, FT (registration required):

Uber is a decade old global brand whose core business — ride-sharing — is now growing at just 2 per cent. It is also betting heavily that its smaller business lines, such as food delivery and freight, will be a source of future growth.

In other words, it’s acting less like a start-up, and more like a legacy tech company scrambling for new growth. Think Oracle, IBM or perhaps even the modern-day Apple.

Notice the difference, however. All of these companies have “cash cow” products which help to keep the buybacks and dividends flowing, as well as funding future bets. Uber on the other hand…

Edward Ongweso Jr, Vice:

Typically, this business model would be paid for with passenger fares. But Uber’s passenger fares are artificially low because it uses investor money to subsidize trips, attract customers, and undercut competitors. This means that Uber is losing money on many of its rides. Taxicab companies can’t operate like this because they don’t have the billions in investor capital that Uber does. Simply put, Uber is losing money in part because its fares are too low; it’s long-game is to undercut competitors long enough for them to go out of business so it can jack up prices, or to develop driverless car technology before it completely runs out of money, pushing its expenses on drivers down toward zero.

I keep returning to a 2017 piece in the Economist, which was summarized and expanded upon by Ryan Felton at Jalopnik: in short, the most shocking thing about Uber would be if it had long-term success. It’s worth pointing out that the Economist made this assessment on having losses of a billion dollars a year; Uber just reported five billion dollars of loss in a single quarter. Even if you’re desperate to give them all the benefit of accounting by deducting the losses incurred from paying out shareholders — and have not read Powell’s piece refuting this very argument — that’s still over a billion dollars in a single quarter.

That’s not to say that Uber is an assured failure. But indicators are stacking up that something must fundamentally change for the company to function in the long term.

The FTC Completely Blew Its Settlement With Equifax

The rollercoaster of stories that followed last month’s settlement between the FTC and Equifax was truly something to behold. The FTC touted its value, which critics excoriated as inadequate. Articles soon explained how to get a cash settlement for those who already have a credit monitoring service, but were quickly followed by those arguing that the widely-publicized $125 figure was dependent on the number of claimants for a $31 million pool. Some, like Karl Bode at Vice, said that the “FTC should fine itself for false advertising” after claiming that those affected could be eligible for $125.

I don’t think this fully grasps just how badly the FTC blew this settlement, and primarily for a reason almost entirely unrelated to the confusion about the $31 million fund for credit monitoring payouts.

I was among many who got this wrong when I repeated the claim of the $125 payout, and also in my summary of why that $125 figure may be incorrect, so I thought it would be valuable to go back to the settlement itself to explain why this is a raw deal. In its press release, the FTC summarized the divvying up of the $575–700 million settlement:

  • $100 million is paid as a fine to the Consumer Financial Protection Bureau

  • $175 million is paid to settle cases brought by 48 states, plus Washington D.C. and Puerto Rico

  • $300 million is set aside for a consumer restitution fund, which would compensate individual claimants directly

It’s that last bucket of cash in which two specific piles of money reside. The first is a $31 million pool for alternative payouts for credit monitoring, which the FTC required Equifax provide to claimants. But if a claimant already has credit monitoring, they can opt to be paid up to $125 instead. And we will get to that “up to” in a moment.

A second pool, also of $31 million, is to be used to compensate claimants for time spent dealing with the settlement. For example, if a claimant spent an hour on the phone with an Equifax representative to get their credit frozen, that would be paid out of this second pool.

The remainder of the $300 million is to be set aside for direct out-of-pocket losses arising from the breach, such as those stemming from fraud, identity theft, and so forth. None of the money from this settlement will be given back to Equifax, but the details are not as simple as the FTC portrayed, either.

I want to get the matter of the $31 million buckets out of the way first, and I think Lily Hay Newman of Wired explains it perfectly:

But not all is lost, and there’s still a decent chance that Equifax will pay you all $125. As Slate points out, the $31 million cap will lift, assuming Equifax hasn’t spent all of the $425 million in its “Consumer Fund” — money it has committed to things like covering people who can specifically document losses stemming from the breach — in four and a half years. At that point, whatever’s left of that $425 million will be applied to the $125 payouts, presenting much better, if belated, odds.

Like all things Equifax, this does not come without a caveat. Even if the full $425 million in the consumer restitution bank account goes towards $125 payments for compensation of credit monitoring services, that amount would only support the claims of 3,400,000 people. Over forty-three times that number were affected by this breach.

Also, because this bucket is part of a pile of money with broader scope, those claims will be mixed with requests for compensation of time spent, as well as direct losses from fraud.

A bigger problem still is that this settlement is designed to mitigate the financial damage to consumers. That would be handy if this data were stolen for economically opportunistic reasons, but that doesn’t seem to be the case. A February report from Kate Fazzini at CNBC noted that no Equifax breach data had surfaced anywhere, despite financially-motivated hackers usually publicizing their haul with urgency.

A more likely scenario is that those responsible for exfiltrating Equifax’s files were state actors. A Bloomberg story from September 2017, citing investigators and those briefed on their findings, claimed that China was a likely culprit, though another country could be responsible.1 It is likely that the data stolen — which comes from a financial firm, making it ostensibly more accurate than any old data dump — could be combined with other sources to target specific individuals, per Fazzini’s reporting and Bloomberg’s story.

This settlement does nothing to dissuade state actors from continuing to pilfer sensitive data, nor does it encourage care for those who stockpile information like this. Of course, the FTC has limited scope and powers. It could not accomplish the former, but it certainly could attempt the latter.

Instead, the Commission agreed to a weak deal that barely impacts Equifax’s financial status and does little to encourage better behaviour in data-hoarding industries. Even if this were a financially-motivated crime, this settlement does not protect those affected. But this breach was so much more, and this settlement doesn’t begin to address the far more serious and more likely rationale.

  1. I am obligated to point out that this Bloomberg story bears in its byline the two reporters responsible for the inaccurate “Big Hack” feature.

    By the way, that story just won the Black Hat Pwnie for the most overhyped bug. Congratulations — I guess? — Michael Riley and Jordan Robertson. ↥︎

Uber Lost Over $5 Billion Last Quarter, Including $3.9 Billion in Stock-Based Compensation After IPO techcrunch.com

Kate Clark, TechCrunch:

$5.2 billion in net losses represents the company’s largest-ever quarterly loss. Revenue, for its part, is up only 14% year-over-year, igniting concerns over slower-than-ever growth. The company says a majority of 2Q losses are a result of stock-based compensation expenses for employees following its May IPO. Stock compensation aside, Uber still lost $1.3 billion, up 30% from Q1.

Aaron Gordon, Jalopnik:

But you math whizzes out there will note that leaves approximately $1.3 billion in regular ol’ we-just-lost-a-buncha-money losses, up from $1 billion last quarter and $878 million a year ago.

[…]

As of this writing, Uber has lost $16.2 billion since 2016.

How is this investor-subsidized pirate taxi operation not considered predatory?

Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials vice.com

Kim Zetter, Vice:

For years, U.S. election officials and voting machine vendors have insisted that critical election systems are never connected to the internet and therefore can’t be hacked.

But a group of election security experts have found what they believe to be nearly three dozen backend election systems in 10 states connected to the internet over the last year, including some in critical swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties — all states that are perennial battlegrounds in presidential elections.

Some of the systems have been online for a year and possibly longer. Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year. But at least 19 of the systems, including one in Florida’s Miami-Dade County, were still connected to the internet this week, the researchers told Motherboard.

A reminder that proposals to fund increased election security are being blocked by Senate Republicans. Also, it remains unclear to me what glaring problems exist with paper ballots which are solved by electronic voting machines.

The Grey Fog of Moderating the Web stratechery.com

I’m not sure why, but the hottest topic right now in technology ethics seems to be Section 230 of the Communications Decency Act, and I’m already hearing the snoring of half of the people reading this post. This latest round of discussion was perhaps spurred by the ridiculous bill brought by Josh Hawley, which resulted in horrible articles in mainstream publications — one in the New York Times, and another in Bloomberg.

Moderation powers, more generally, have become newsworthy after Cloudflare dropped 8chan in the wake of revelations that the terrorist responsible for the two-hundred-ninety-first mass shooting of 2019 in the U.S. posted his manifesto on the discussion board. Jennings Brown of Gizmodo found this to be a symbolic and ineffectual gesture.

I think Ben Thompson’s take is well-rounded:

This third point is a valid concern, but one I, after long deliberation, ultimately reject. First, convenience matters. The truly committed may find 8chan when and if it pops up again, but there is real value in requiring that level of commitment in the first place, given said commitment is likely nurtured on 8chan itself. Second, I ultimately reject the idea that publishing on the Internet is a fundamental right. Stand on the street corner all you like, at least your terrible ideas will be limited by the physical world. The Internet, though, with its inherent ability to broadcast and congregate globally, is a fundamentally more dangerous medium. Third, that medium is by-and-large facilitated by third parties who have rights of their own. Running a website on a cloud service provider means piggy-backing off of your ISP, backbone providers, server providers, etc., and, if you are controversial, services like Cloudflare to protect you. It is magnanimous in a way for Cloudflare to commit to serving everyone, but at the end of the day Cloudflare does have a choice.

One nitpick I have with Thompson’s piece is that he compares Cloudflare’s decision to net neutrality:

To be perfectly clear, I would prefer that 8chan did not exist. At the same time, many of those arguing that 8chan should be erased from the Internet were insisting not too long ago that the U.S. needed to apply Title II regulation (i.e. net neutrality) to infrastructure companies to ensure they were not discriminating based on content. While Title II would not have applied to Cloudflare, it is worth keeping in mind that at some point or another nearly everyone reading this article has expressed concern about infrastructure companies making content decisions.

I see these as vastly different concerns. Internet service providers are utility providers. All of your web traffic from the same location goes through the same ISP, so it’s truly infrastructural. Cloudflare is entirely unlike that: it’s something that a web engineer can insert into the technology stack between their web host and incoming connections. It feels infrastructural, but it isn’t.

That nitpick aside, this is an excellent piece.

Despite Tech’s Universal Reach, Mainstream Writers Remain Overwhelmingly White macchia.to

Shawn Wilkins:

Over the years, I’ve become exceptionally privy to websites that lack depth when it comes to having people of color on their teams. The first site that I noticed was BGR. BGR has put up some questionable articles in the past, but to say their site isn’t one of the smaller-yet-respectable ones around when it comes to tech news, information, leaks, and rumors, would be misguided. As one of the first sites I wanted to explore when applying for jobs, this one hit the worst. Their team lacks any people of color or any other groups outside of “white 20s-30s male”. But this post isn’t just about BGR alone. If you name a tech-based site, chances are you see the same kind of results in various degrees throughout. Some have one or two POC writers, some have a plethora, others have none at all and are absurdly brazen about it to the point of tone-deafness or a lack of awareness – possibly both.

It is bafflingly myopic for the press covering an omnipresent industry to continue to rely upon mostly white and mostly male voices.