Franklin Faraday Insights Roundup for March 20, 2021
Technology + Common Sense + Lots of Green
Note to readers:
We have some awesome original content coming soon!
Sign up for the mailing list so you don’t miss it!
Welcome to our weekly roundup of actionable and interesting things!
In this issue:
— The challenges of Responsible AI at Facebook… and the PR response…
— No one wants a normal workweek again
— How to talk to a conspiracy theorist
— Governments are after your cryptocurrency
— All that 2 factor authentication stuff? Oops, maybe not so good… and of course China causing more cyber problems… plus catching bad guys in 3 hours!
— How to start a cybersecurity company + avoiding common VC pitch mistakes
— Sharks, cacti, lab leaks, and companies monitoring your every move
— “I feel the need… the need for… legos!”
We ask every week — why haven’t you followed us yet on Twitter @FranklinFaraday???
If you like our newsletter, forward it to your friends!
If you don’t like our newsletter, spam your enemies!
AI
Karen Hao’s (@_KarenHao) Technology Review story about “Responsible AI” at Facebook got a lot of attention this week. It’s a thoughtful and well-researched piece that provoked a spectrum of strong reactions: we’ve heard everything from “What did you expect?” to “Facebook is literally killing people!”
The punchline—algorithms push people to more extreme views, and Facebook prioritizes engagement and revenue over other factors—should come as no surprise to anyone following social media. The value of the article is really in understanding the unforeseen consequences of algorithms, the technical challenges in cleaning up the platform, and the decision making process and incentives inside the company. This story is good for deciding how you and your family engage with the platform, if at all. Indicting all employees in large organizations with sweeping generalizations is not productive. There are 58,000+ people working at Facebook, and we know some personally that are very competent and focused on rooting out bad activity.
A former Facebook AI researcher who joined in 2018 says he and his team conducted “study after study” confirming the same basic idea: models that maximize engagement increase polarization. They could easily track how strongly users agreed or disagreed on different issues, what content they liked to engage with, and how their stances changed as a result. Regardless of the issue, the models learned to feed users increasingly extreme viewpoints. “Over time they measurably become more polarized,” he says.
The researcher’s team also found that users with a tendency to post or engage with melancholy content—a possible sign of depression—could easily spiral into consuming increasingly negative material that risked further worsening their mental health. The team proposed tweaking the content-ranking models for these users to stop maximizing engagement alone, so they would be shown less of the depressing stuff…
But anything that reduced engagement, even for reasons such as not exacerbating someone’s depression, led to a lot of hemming and hawing among leadership. With their performance reviews and salaries tied to the successful completion of projects, employees quickly learned to drop those that received pushback and continue working on those dictated from the top down.
The most interesting thing about the controversy is editor Gideon Lichfield’s (@glichfield) detailed Twitter thread about Facebook’s multi-pronged PR response (click on the top of the box to read Gideon’s thread vs. the article itself):
“Boss, I’ve Got Some News…”
Bloomberg says that the four day work week is coming. We say, “It’s already here, why do you think people want to keep working from home?”
Meanwhile, the FT asks:
(Note: No paywall if following Twitter link… we think)
Conspiracy Theories
We are huge fans of Tim Harford (@TimHarford), and his latest article on “how to bring a conspiracy theorist back to reality” is excellent.
One must recognize that this is a person who already mistrusts what most authoritative sources say. One should ask calm questions, inviting the conspiracy theorist to explain and reflect on his beliefs, rather than advance evidence or quote the experts. The evidence and the experts, remember, are exactly what the conspiracy theorist has already rejected.
When someone has dismissed the obvious facts, repeating them will not persuade him to see sense. But when people are given time and space to explain themselves, they may start to spot the gaps in their own knowledge or arguments. The psychologists Leonid Rozenblit and Frank Keil coined the phrase “the illusion of explanatory depth” to refer to the way our self-assurance crumples when we are invited to explain apparently simple ideas.
Cryptocurrency
We aren’t fans of this bandwagon and think it will end badly. Of course “the market can remain irrational longer than you can stay solvent” so we’re just staying clear.
Nonetheless, here’s one way it can end badly: regulation. India is a considering a new law that would ban possession, trading, transferring, mining, and issuing crypto-assets. Given current Indian politics, it may well pass… though the catch is that India still has eyes on building an “official” digital currency.
In the U.S., the IRS has been cracking down with stricter and stricter regulations. The first page of the 2020 tax form even asks:
“At any time during 2020, did you receive, sell, send, exchange, or otherwise acquire any financial interest in any virtual currency?”
If so… welcome to a potential tax mess and possibly soon FBAR reporting requirements for overseas holdings.
…informal IRS guidance such as FAQs - and even the Internal Revenue Manual - can’t be relied on by taxpayers. Yes, you read that right. The IRS is allowed to and does publish guidance in the form of FAQs and the Internal Revenue Manual to assist taxpayers (and Revenue Agents) in navigating the web of tax law. But there is an abundance of caselaw that says taxpayers don’t have “rights” based on them and can’t try to enforce them.
Finally, given the growth in ransomware and millions of dollars in bitcoin paid to criminals in order to recover data, expect a “cryptocurrencies facilitate crime” drumbeat to start any day now…
If you think a ban can’t happen in the U.S., remember that the U.S. also banned gold in 1933 and it was not legalized again until 1974.
Cybersecurity
1.) Brian Krebs (@briankrebs) provided detailed commentary on Joseph Cox’s (@josephfcox) Vice article on how hackers can easily take over your phone number and reroute SMS messages used for two factor authentication.
The “how they did it” was sickeningly simple. It cost just $16, and there was precious little to prevent someone from stealing your text messages without your knowledge.
Krebs adds:
Given the potentially broad impact of fraudsters abusing this and other weaknesses in the vast mobile ecosystem to completely subvert the security of SMS based communications and multi-factor authentication, it’s probably a good idea to rethink your relationship to your phone number. It’s now plainer than ever how foolish it is to trust SMS for anything.
My advice has long been to remove phone numbers from your online accounts wherever you can, and avoid selecting SMS or phone calls for second factor or one-time codes. Phone numbers were never designed to be identity documents, but that’s effectively what they’ve become. It’s time we stopped letting everyone treat them that way.
2.) Because it’s a day of the week that ends in a y, there must be a new cyber attack from China. This time it’s McAfee reporting on Chinese espionage against telecom companies, presumably with the goal of stealing or gaining access to 5G networks and information. Oh, and of course there’s a Flash connection.
"We believe with a medium level of confidence that the attackers used a phishing website masquerading as the Huawei company career page to target people working in the telecommunications industry. We discovered malware that masqueraded as Flash applications, often connecting to the domain "hxxp://update.careerhuawei.net" that was under control of the threat actor. The malicious domain was crafted to look like the legitimate career site for Huawei, which has the domain: hxxp://career.huawei.com. In December, we also observed a new domain name used in this campaign: hxxp://update.huaweiyuncdn.com."
3.) Our friends at Nisos posted this very cool document describing how they identified an individual leaking proprietary information on social media within 3 hours of receiving a customer request. The most interesting thing here was the quantity and variety of clues on the internet from the target’s prior activities.
Entrepreneurship
If you read the cybersecurity section each week and think, “Wow, this is really bad!” that’s because it is.
However, this week entrepreneur and venture investor Ron Gula reminded us that there are lots of opportunities for cybersecurity companies. He outlined how to start one in this video for the Cybersecurity 2021 conference, and he focused on 5 simple questions that every founder should be able to answer.
In addition, Ron talked about common mistakes that he sees in pitch decks… and they may surprise you. Check it out!
Environment
If your cryptocurrency and startup dreams are crashing, you could always invest in this $250,000 cactus.
#FAIL
This guy kept sharks in a pool in his basement and tried to sell them online. How did he get caught? A traffic stop, of course…
State officials started investigating in July of 2017 after he was arrested in Georgia for driving without a license and for possessing five undersized sharks in a large circular tank in the back of his truck.
All we want to know is: Did they have freakin’ laser beams on their heads?
Health
This week Nature reported:
Machine learning methods offer great promise for fast and accurate detection and prognostication of coronavirus disease 2019 (COVID-19) from standard-of-care chest radiographs (CXR) and chest computed tomography (CT) images.
But unfortunately…
Our search identified 2,212 studies, of which 415 were included after initial screening and, after quality screening, 62 studies were included in this systematic review. Our review finds that none of the models identified are of potential clinical use due to methodological flaws and/or underlying biases.
That’s right: NONE of them worked!
Nature then called in Dr. Obvious for a code blue to conclude:
This is a major weakness, given the urgency with which validated COVID-19 models are needed.
Lab Leaks
One year after COVID lockdowns began in the U.S., the “lab leak” hypothesis has gone from tin foil hattery to a topic re-emerging in more mainstream outlets across the spectrum, such as here and here. Charles Schmidt published an article on this subject in Undark that was also picked up by Technology Review and is well worth reading in its entirety.
Politics and conflicts of interest likely mean we will never know the origin of COVID-19. Yet, if it was an accident, it’s critical that we find out how it happened so we can prevent another event in the future.
The risk increases in proportion with the number of labs handling bioweapons and potential pandemic pathogens (more than 1,500 globally in 2010), he says, many of them, like the Wuhan lab, located in urban areas close to international airports.
Most people assume that a laboratory virus would have been genetically altered; however, the less well known “gain of function” research seems to be equally if not more probable. Here is a great article on this subject.
Accidents happen more frequently than people think. Coverups do too, such as the 1979 anthrax leak in Sverdlovsk, Russia, that killed 100 people (and was a serious violation of the 1975 Biological Weapons Convention, for those who believe treaties can solve such things.)
Privacy
Joseph Cox (@josephfcox) also had another Vice story saying, “Cars have your location. This spy firm wants to sell it to the U.S. Military.”
As shocking as that might sound—and as much as the scary title ignores the reality of the Posse Comitatus Act (but hey, Joe is a Brit, so we cut him some slack)—the cat is not only out of the bag, it’s so far gone that it doesn’t even remember the bag and is busy drinking Mai Tais on a beach in Florida.
Cox writes:
With a consumer using a GPS navigation tool, for instance, "The OEM will have first dibs to the data, because they made the car and have access to the telematics," Andrea Amico, the founder of Privacy4Cars, which, among other things, sells tools to help dealerships remove data from vehicles, told Motherboard in a phone call. "But the company that provides the map itself, for instance, would have access to it; the company that provides the infotainment system may have access to it; the company that provides the traffic data may have access to it; the company that provides the parking data may have access to it. Right there and then you've got five companies that are getting your location."
And consider the Israeli firm Otonomo:
Otonomo says it has partnerships with 16 OEMs, with an installed base of over 40 million vehicles, according to an Otonomo presentation made for investors. The presentation adds that "thousands of organizations" in turn have access to Otonomo's data, and that it collects 4.3 billion data points a day.
Random
“This LEGO ‘Top Gun: Maverick’ trailer looks better than the actual movie”
Isn’t that always the case?
Something we think our lawyer looked up on Google and then charged us $2,500 for “writing” when he was actually out drinking green beer:
The Franklin Faraday Group [insert entity] is part of Digital Heavy Industries LLC [insert company name]. All linked content is the property of the respective author(s). Commentary and non-linked content [insert topic] is Copyright © 2021 [insert year] Digital Heavy Industries LLC [insert company name].
(Estimated billing time to complete: 5 hours. Thank you for using reallycheaplegaltemplatesfast.com)