Browse > Home / Business intelligence

Microsoft and Its Magic Touch: Slurp, Slurp, Slurp

April 28, 2026

green-dino_thumbAnother dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold. I find it interesting that AI detectors identify my writing style as AI output. I suppose I should be flattered, but I just don’t care.

I read “LinkedIn Is Illegally Searching Your Computer.” No, I don’t know if the write up is a confection or concrete. The publisher is “BrowserGate”. The title is snappy. I want to take a quick look at what the essay (news report?) asserts. I personally believe everything I read on the Internet. You may take a a different road in the “yellow woods.”

The main point of the article strikes me as:

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

This is a thought provoking series of statements, and my first thought is that the legal eagles in Microsoft / LinkedIn hangers are putting on their flight suits. Ground crews are checking the verbal ammunition. The air traffic control professionals are clearing air space. The lawyers will be going aloft.

image

Moving the cash from data sales is a big business but boring. Thanks, Venice.ai, aside from one employee going the wrong way the image is good enough.

I noted the statement “one of the largest corporate espionage operations in modern history.” I would agree that Microsoft is in the data collection business. But if the firm is using these data for corporate espionage, one must act, “With all that information, how could the estimable firm foul up its artificial intelligence service, image, and mindshare? Something does not compute for me.

The second point is that a distinctly American company is not outputting information about what it does, is doing, did do, and will do. Evidence of this approach may be gleaned from the firm’s former president’s testimony in a trial in Europe and the marketing information about the firm’s relationship with its Number One AI partner, OpenAI.

The third point is that cross correlation is as commonplace as hitting a drive-through for a cup of coffee on the way to work. Of course, those with access to data find relationships, map them, and process the analytics outputs for signals. Now at first glance, the entire process seems sketchy. I assure you that it is the equivalent of hitting speed dial to see if a lunch date with a colleague is okay for today. No big deal. Why make a standard operating procedure a hair-on-fire event. Folks, cross correlation has been a thing for decades in policeware, intelware, and regular software. I know these statements may be surprising to some people, but that’s where the idea of life-long learning shows that most people do not keep up.

The write up continues with yellow lights blinking and sirens sounding. It offers up this gems:

LinkedIn’s scan reveals the religious beliefs, political opinions, disabilities, and job search activity of identified individuals…. Under EU law, this category of data is not regulated. It is prohibited. LinkedIn has no consent, no disclosure, and no legal basis. Its privacy policy does not mention any of this.

Okay, what’s the problem? For those in the EU, just embrace Linux as France is doing and stop using US social media. Most of the US outfits really don’t recognize countries, blocs, and royal edicts. The US companies do what is necessary to generate revenue, capture and hold user attention, and sell advertising. Believe me, the data slurpers know that selling advertising is a darned good business.

The link reveals that this “essay” is quite a lengthy white paper. I will leave it to you to work through the entire document. I had to break my reading into separate segments. I know that my interest in reports that BAIT outfits (big AI tech firms) are making people unhappy. Sure, some kids kill themselves because of certain outputs. Sure, US messaging services allow bad actors to coordinate. (Keep in mind that the coded-in-the-snow Telegram Messenger is in this game too.) Of course, the price gouging, dark patterns, and “Senator, thank you for that question” transparency puts some fire in the eyes of otherwise rational people. But the process has been chugging along for a quarter of century, and what do we have. BAIT.

One assertion is:

LinkedIn’s code uses a three-stage fallback chain to detect whether a specific extension is installed in your browser.

Stage 1: Direct communication. The code attempts to contact the extension directly using Chrome’s externally_connectable messaging API. If the extension developer has explicitly disabled this channel in their manifest.json, this method fails, and LinkedIn moves to stage 2.

Stage 2: Resource probing. The code attempts to fetch a known file from the extension using its web_accessible_resources. This is the equivalent of checking whether a door is unlocked by trying the handle. If the extension developer has not exposed any web-accessible resources, this also fails, and LinkedIn moves to stage 3.

Stage 3: DOM mutation detection. The code monitors for changes to the page structure that are characteristic of specific extensions injecting elements into LinkedIn’s interface. This catches extensions that modify what you see on the page.

This strikes me as a variant on the methods used by some Telegram Messenger bots. I don’t want to label the method malware, but one might be able to find some similarities. In fact, in my upcoming Telegram lecture I walk through one approach that performs similar functions just within the mini app and dApp environments. My example is a fake job posting but operates via a smart contract with the payloads stored in the TON blockchain. The approach makes detection and removal somewhat more difficult that the approach used by Microsoft LinkedIn. I suppose their approach can be upgraded, but for now, it’s lagging behind the state of the art in sporty container activity.

The essay ends with a call for action. There’s a list of “extensions.” There is a — heaven help me — WhatsApp group. There is a call for the readers of the essay to talk with a journalist. But the big request is “Support the Browsergate Legal Fund.”

Several observations:

  1. What data are public facing AI companies acquiring and monitoring when a person needs hallucinating smart software to be more productive and increase one’s chances for brain fry?
  2. What data are cross correlated in most major cities by government agencies, financial institutions, private companies, and capable black hat hackers? Where do those data end up?
  3. What is the revenue generated by repackaging such collected data and offered to marketers on different financial terms via third party data brokers or subsidiaries of BAIT outfits that provide advertisers with market data?

I appreciate and enjoy the reaction to a reality that has been chugging along for decades. My question is, “Where have you been?” The Browser Gate Web site provides a link. Click it and you get updates. That’s called “sticky.”

Stephen E Arnold, April 28, 2026

Written by Stephen E. Arnold · Filed Under Aggregation, Business intelligence, Data mining, Database, News | Leave a Comment 

Incentivizing Cheating with Smart Software

March 20, 2026

green-dino_thumbAnother dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.

One of my children attended a nifty university which operated on an honor system. This child grew up with a Anderson Jacobson terminal with bunny rabbit ears in the kitchen. Gee, didn’t every family in the 1970s have this online device? When he joined a fraternity, he was enshrined on fake currency issued by “brothers” to commemorate his value to his fellow members. Here is an image of that artifact:

image

One of the last surviving commemorative faux bank notes issued for my son’s online expertise.

The question one might ask is, “Why?”

The answer is that when my son went to the nifty university, I equipped him with the tools of my profession: Online wizard. He had a computer, a high-speed modem for that time point, and online accounts for Dialog Information Services, European Space Agency DataStar, Delphi, and Systems Development Corporation. (You remember that outfit and Dr. Carlos Cuadra, don’t you?) The system — clunky by today’s standards — was magic. A fraternity brother would ask Erik, “Can you get me information for the 10 page paper I have to turn in Monday?” Erik replied, “Yep. What’s the topic?” His fraternity brother said something like, “I have to explain role of the price system and knowledge in market coordination.” Erik fired up his computer logged into Dialog, entered File 15, input the search statement, and printed off the citations and 150 word abstracts. Time elapsed was five minutes. His fraternity brother was grateful. Erik’s magical ability diffused. He was a life saver. Hence, the commemorative green faux bank note.

Was this cheating? For those unfamiliar with online information in the early 1980s, it was not cheating. Online access was magic, just like AI today. To the university, I am fairly confident, some professors and administrators would be horrified and scheduling faculty meetings to discuss this technological assault on academia even though the university research librarian had access to these systems. My point is that cheating is relative.

From my point of view, my son was using a system I had been fortunate enough to help create some of the digital information he accessed. For my son, online was no big deal, and it was not much different from watching a weird but amusing script display a cookie monster moving across his screen. Based on what I have heard from his fraternity brothers whom I have been fortunate to meet, several expressed their gratitude to me for setting up my son to help these bright sparks graduate with a knowledge of online access. I want to add that none of those whom I met is a loser or felon as far as I know.

Why am I recounting a decades old anecdote? Answer: I read “We’re Training Students To Write Worse To Prove They’re Not Robots, And It’s Pushing Them To Use More AI.” The main idea of the essay is that AI has had an unintended consequence. The students using AI will become stupid, and they will be taught to write in a stupid way so no one thinks the author is using AI. Yeah, believe it or not.

The write up cites an academic who is not too keen on smart software. The essay says:

… the answer is to stop treating AI as a policing problem and start treating it as an educational one. Teach students how to write. Teach them how to think critically about AI tools. Teach them when those tools are helpful, when they’re harmful, and when they’re a crutch. And for the love of all that is good, stop deploying detection tools that punish good writers and push everyone toward a bland, algorithmic mean. We are, quite literally, limiting our students’ writing to satisfy a machine that can’t tell the difference.

My reaction? Cheating or a tool? Stupid or successful tool users? If I had a child today, his or her access device would have multiple AI tools installed by me. The trick, of course, is to show, discuss, and guide.

Robots should be so lucky. They learn by violating copyright and invisible data sucking. Humans do the interaction thing.

Stephen E Arnold, March 20, 2026

Written by Stephen E. Arnold · Filed Under AI, Business intelligence, Business strategy, News | Leave a Comment 

Yext: Selling Search with Subtlety

January 27, 2026

green-dino_thumbAnother dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.

Every company with AI is in the search and retrieval business. I want to be direct. I think AI is useful, but it is a utility. Integrated with thought into applications, smart software can smooth some of the potholes in a work process. But what happens when a company with search-and-retrieval technology embraces AI? Do customers beat a path to the firm’s office door? Do podcasters discuss the benefits of the approach? Do I see a revolution?

I thought about the marketing challenge facing Yext, a company whose shares were trading at about $20 in 2021 and today (January 26, 2026) listing at about $8 per share. On the surface, it would seem that AI has not boosted the market’s perception of the value of the value of the company. Two or three years ago, I spoke with a VP at the company. In my “Search” folder I added my text file with the url of the company, an observation about the firm’s use of the terms “search” and “SEO.” I commented, “Check out the company when something big hits.”

I find myself looking at a write up from a German online publication called Ad Hoc News. The article I read has a juicy title and a beefy subtitle; to wit:

The Truth about Yext Inc: Is This AI Search Stock a Hidden Gem or Dead App Walking? Everyone’s Suddenly Talking about Yext Inc and Its AI Search Platform. But Is Yext Stock a Must Cop or a Value Trap You Must Dodge?

I turned to my Overflight system and noticed announcements from the company of about the company like this:

  • The CEO Michael Walrath wanted to take the company private in the autumn of 2025
  • The company acquired two outfits: Hearsay Systems and Places Scout. (I am unfamiliar with these firms.)
  • The firm launched Yext Social. I think this is a marketing and social media management service. (I don’t know anything about social media management.)
  • Yext rolled out a white paper about the market.

My thought was that these initiatives represented diversification or amplification of the firm’s search solution. A couple of them could be interesting to learn more about. The winner in this list of Overflight items was the desire of Mr. Walrath to take the firm private. Why? Who will fund the play? What will the company do as a private enterprise that it cannot with access to the US NASDAQ market?

image

Which direction is this company executive taking the firm? AI, SEO, enterprise search, product shopping, customer service, or some combination of these options? Thanks, MidJourney. Good enough.

When I read through the write up “The Truth about Yext”, I was surprised. The German publication presented me with an English language write up. Plus, the word choice, tone, and structure of the article were quite different from the usual articles about search with smart software. Google writes as if it is a Greek deity with an inferiority complex. Microsoft writes to disguise how much people dislike Copilot using a mad dad tone. Elasticsearch writes in the manner of a GitHub page for those in the know.

But Yext? Here are three examples of the rhetoric in the article:

  • Not exactly viral-core… but the AI angle is pulling it back into the chat.
  • The AI Angle: Riding the Wave vs Getting Washed
  • not a sleepy bond proxy

The German publication appears to have these rhetorical principles in mind when writing about Yext: [a] Use American AI systems to rewrite the German text in a hip, jazzy way, [b] a writer who studied in Berkeley, Calif. and absorbed the pseudo-hip style of those chilling at the Roast & Toast Café, [c] a gig worker hired to write about Yext and trying very hard to hit a home run.

Does the write up provide substantive information about Yext? Answer: From my point of view, the answer is, “No.” Years ago I did profiles of enterprise search vendors for the Enterprise Search Report. My approach can be seen in the profiles on my Xenky Web site. Although these documents are rough drafts and not the final versions for the Enterprise Search Report, you can get a sense of what I expect when reading about search and retrieval.

Does the write up present a clear picture of the firm’s secret sauce? Answer: Again I would answer, “No.” After reading the article and tapping the information at my fingertips about next, I would say that the write up is a play to make Yext into a meme stock. Place a bet and either win big or lose. That’s okay, but when writing about search solid information is needed.,

Do I understand how smart software (AI) integrates into the firm’s search and retrieval systems? My answer, “No.” I am not sure if the “search” is post-processed using smart software, if the queries are converted in some way to help deliver an on point answer. I don’t know if the smart software has been integrated into the standard workflow of acquiring, parsing, indexing, and outputting results that hopefully align with the user’s query. Changing underlying search plumbing is difficult. Gemini recycles and wraps Google’s search and ad injection methods with those quantumly supreme, best-est of the universe assertions. I have no idea what Yext purports to do.

Let me offer several observations whether you like it or not:

  1. I think the source article had some opportunity to get up close and personal with an AI system, maybe ChatGPT or Qwen?
  2. I think that Yext is doing some content marketing. Venture Beat is in this game, and I wonder why Yext did not target that type of publication.
  3. Based on the stock performance in the heart of the boom in AI, I have some difficulty identifying Yext’s unique selling proposition. The actions from taking the company private to buying an SEO services outfit don’t make sense to me. If the tie up worked, I would expect to see Yext in numerous sources to which I have access.

Net net: Yext, what’s next?

Stephen E Arnold, January 27, 2026

Written by Stephen E. Arnold · Filed Under AI, Business intelligence, News, Search | 2 Comments 

Stolen iPhone Building: Just One Building?

May 21, 2025

Dino 5 18 25Just the dinobaby operating without Copilot or its ilk.

I am not too familiar with the outfits which make hardware and software to access mobile phones. I have heard that these gizmos exist and work. Years ago I learned that some companies — well, one company lo those many years ago — could send a text message to a mobile phone and gain access to the device. I have heard that accessing iPhones and some Androids is a tedious business. I have heard that some firms manufacture specialized data retention computers to support the work required to access certain actors’ devices.

So what?

This work has typically required specialized training, complex hardware, and sophisticated software. The idea that an industrial process for accessing locked and otherwise secured mobile phones was not one I heard from experts or that I read about on hacker fora.

And what happens? The weird orange newspaper published “Inside China’s Stolen iPhone Building.” The write up is from a “real news” outfit, the Financial Times. The story — if dead accurate — may be a reminder that cyber security has been gifted with another hole in its predictive, forward-leaning capabilities.

The write up explains how phones are broken down, parts sold, or (if unlocked) resold. But there is one passage in the write up which hip hops over what may be the “real” story. Here’s the passage:

Li [a Financial Times’ named source Kevin Li, who is an iPhone seller] insisted there was no way for phone sellers to force their way into passcode-locked devices. But posts on western social media show that many who have their phones stolen receive messages from individuals in Shenzhen either cajoling them or threatening them to remotely wipe their devices and remove them from the FindMy app. “For devices that have IDs, there aren’t that many places that have demand for them,” says Li, finishing his cigarette break. “In Shenzhen, there is demand . . . it’s a massive market.”

With the pool of engineering and practical technical talent, is it possible that this “market” in China houses organizations or individuals who can:

  1. Modify an unlocked phone so that it can operate as a node in a larger network?
  2. Use software — possibly similar to that developed by NSO Group-type entities — to compromise mobile devices. Then these devices are not resold if they contain high-value information. The “customer” could be a third party like an intelligence technology firm or to a government entity in a list of known buyers?
  3. Use devices which emulate the functions of certain intelware-centric companies to extract information and further industrialize the process of returning a used mobile to an “as new” condition.

Are these questions ones of interest to the readership of the Financial Times in the British government and its allies? Could the Financial Times ignore the mundane refurbishment market and focus on the “massive market” for devices that are not supposed to be unlocked?

Answer: Nope. Write about what could be said about refurbing iPads, electric bicycles, or smart microwaves. The key paragraph reveals that that building in China is probably one which could shed some light on what is an important business. If specialized hardware and software exist in the US and Western Europe, there is a reasonable chance that similar capabilities are available in the “iPhone building.” That’s a possible “real” story.

Stephen E Arnold, May xx, 2025

Written by Stephen E. Arnold · Filed Under Business intelligence, cybercrime, Mobile, News, Publishing | Comments Off on Stolen iPhone Building: Just One Building? 

Paragon: Specialized Software Revealed

April 14, 2025

It can be difficult to get information about spyware and the firms that produce it. That is why we welcome the report, “Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations” from University of Toronto’s Citizen Lab. The detailed report gives a brief background on the company and a thorough map of its spyware infrastructure. Eye-opening. We learn about the effort by Meta and WhatsApp to thwart a Paragon zero-click exploit. The lab also shares details from its investigations into links between Paragon and the Italian and Canadian governments. See the article for all the details.

The report’s conclusion? “You Can’t Abuse-Proof Mercenary Spyware.” The authors emphasize:

“Paragon specifically courts media attention with claims that by only selling to a select group of governments, they can avoid the abuse scandals plaguing their peers. The implicit message: if you do not sell to autocrats, your product will not be used recklessly and in anti-democratic ways. History, however, shows us that this is not always the case. Many democratic states have histories of using secret surveillance powers and technologies against journalists and members of civil society. Mercenary spyware is no exception, with multiple democracies deploying spyware against journalists, human rights defenders, and other members of civil society. Indeed, organizations working against the proliferation and abuse of spyware, including the Citizen Lab, have warned that the temptation to use this technology in a rights-abusing way is so great that, even in democracies, it will be abused. Overall, the cases described in this report suggest that Paragon’s claims of having found an abuse-proof business model may not hold up to scrutiny. We acknowledge that this report does not seek to cover the totality of Paragon cases, but rather a set of cases where targets have chosen to come forward at this time and in our report. However, the pattern in these cases challenges Paragon’s marketing approach which has claimed that the company would only sell to clients that ‘abide by international norms and respect fundamental rights and freedoms.’”

Quite a surprise. The researchers are not stopping here. On the contrary, they describe this report as a first step. We look forward to hearing what they find next.

Cynthia Murrell, April 14, 2025

Written by Stephen E. Arnold · Filed Under Business intelligence, intelware, News | Comments Off on Paragon: Specialized Software Revealed 

China Smart, US Dumb: Some AI Readings in English

January 28, 2025

dino orange_thumb_thumbA blog post from an authentic dinobaby. He’s old; he’s in the sticks; and he is deeply skeptical.

I read a short post in YCombinator’s Hacker News this morning (January 23, 2025). The original article is titled “Deepseek and the Effects of GPU Export Controls.” If you are interested in the poli sci approach to smart software, dive in. However, in the couple of dozen comments on Hacker News to the post, a contributor allegedly named LHL posted some useful links. I have pulled these from the comments and displayed them for your competitive intelligence large language model. On the other hand, you can read them because you are interested in what’s shaking in the Lin-gang Free Trade Zone in the Middle Kingdom:

Deepseek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning

Deepseek-V3 Technical Report

Deepseek Coder V2: Breaking the Barrier of Closed Source Models in Code Intelligence

Deepseek-V2: A Strong, Economical, and Efficient Mixture-of-Experts Language Model

Deepseek LLM Scaling Open-Source Language Models with Longtermism

GitHub Deepseek AI

Hugging Face Deepseek AI.

First, a thanks to the poster LHL. The search string links timed out, so you may already be part of the HN herd who is looking at the generated bibliography.

Second, several observations:

  1. China has lots of people. There are numerous highly skilled mathematicians, Monte Carlo and gradient descent wonks, and darned good engineers. One should not assume that wizardry ends with big valuations and tie ups among Oracle, Open AI and the savvy funder of Banjo, an intelware outfit of some repute.
  2. Computing resource constraints translate into one outcome. Example: Howard Flank, one of my team members, received the Information Industry Association Award decades ago for cramming a searchable index of the Library of Congress’ holdings. Remember those wonderful machines in the early 1980s. Yeah, Howard did wonders with limited resources. The Chinese professionals can too and have. (Note to US government committee members: Keep Howard and similar engineering whiz kids in mind when thinking about how curtailing computer resources will stop innovation.)
  3. Deepseek’s methods are likely to find there way into some US wrapper products presented as groundbreaking AI. Nope. These innovations are enabled by an open source technology. Now what happens if an outfit like Telegram or one of the many cyber gangs which Microsoft’s Brad Smith references? Yeah. Innovation of a type that is not salubrious.
  4. The authors of the papers are important. Should these folks be cross correlated with other information about grants, academic affiliations with US institutions, and conference attendance?

In case anyone is curious, from my dinobaby point of view, the most important paper in the bunch is the one about a “mixture of experts.”

Stephen E Arnold, January 28, 2025

Written by Stephen E. Arnold · Filed Under AI, Business intelligence, Government, News | 1 Comment 

Why Ghost Jobs? Answer: Intelligence

January 21, 2025

dino orange_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb Prepared by a still-alive dinobaby.

A couple of years ago, an intelware outfit’s US “president” contacted me. He was curious about the law enforcement and intelligence markets appetite for repackaged Maltego, some analytics, and an interface with some Palantir-type bells and whistles. I explained that I charged money to talk because as a former blue-chip consultant, billing is in my blood. I don’t have platelets. I have Shrinky-dink invoices. Add some work, and these Shrinky-dinks blow up to big juicy invoices. He disconnected.

A few weeks later, he sent me an email. He wanted to pick up our conversation because his calls to other people whom he thought knew something about selling software to the US government did not understand that his company emerged from a spy shop. I was familiar with the issues: Non-US company, ties to a high-power intelligence operation, an inability to explain whether the code was secure, and the charming attitude of many intelligence professionals who go from A to B without much thought about some social conventions.

The fellow wanted to know how one could obtain information about a competitor; specifically, what was the pricing spectrum. It is too bad the owner of the company dumped the start up and headed to the golf course. If that call came to me today, I would point him at this article: “1 in 5 Online Job Postings Are Either Fake or Never Filled, Study Finds.” Gizmodo has explained one reason why there are so many bogus jobs offering big bogus salaries and promising big bogus benefits.

The answer is obvious when viewed from my vantage point in rural Kentucky? The objective is to get a pile or résumés, filter through them looking for people who might have some experience (current or past) at a company of interest to the job advertiser. What? Isn’t that illegal? I don’t know, but the trick has been used for a long, long time. Headhunting is a tricky business, and it is easy for someone to post a job opening and gather information from individuals who want to earn money.

What’s the write up say?

The Wall Street Journal cites internal data from the hiring platform Greenhouse that shows one in five online job postings—or between 18% and 22% of jobs advertised—are either fake or never filled. That data was culled from Greenhouse’s proprietary information, which the company can access because it sells automated software that helps employers fill out job postings. The “ghost job” phenomenon has been growing for some time—much to the vexation of job-seekers.

Okay, snappy. Ghost jobs. But the number seems low to me.

The article fails to note the intelligence angle, however. It concludes:

The plague of such phantom positions has led some platforms to treat job postings in very much the same way that other online content gets treated: as either A) verified or B) potential misinformation. Both Greenhouse and LinkedIn now supply a job verification service, the Journal writes, which allows users to know whether a position is legit or not. “It’s kind of a horror show,” Jon Stross, Greenhouse’s president and co-founder, told the Journal. “The job market has become more soul-crushing than ever.”

I think a handful of observations may be warranted:

  1. Some how the education of a job seeker has ignored the importance of making sure that the résumé is sanitized so no information is provided to an unknown entity from whom there is likely to be zero response. Folks, this is data collection. Volume is good.
  2. Interviews are easier than ever. Fire up Zoom and hit the record button. The content of the interview can be reviewed and analyzed for tasty little info-nuggets.
  3. The process is cheap, easy, and safe. Getting some information can be quite tricky. Post an advertisement on a service and wait. Some podcasts brag about how many responses their help wanted ads generate in as little as a few hours. As I said, cheap, easy, and safe.

What can a person do to avoid this type of intelligence gathering activity? Sorry. I have some useful operational information, but those little platelet sized invoices are just so eager to escape this dinobaby’s body. What’s amazing is that this ploy is news just as it was to the intelware person who was struggling to figure out some basics about selling to the government. Recycling open source software and pretending that it was an “innovation” was more important than trying to hire a former US government procurement officer, based in the DC area with a minimum of 10 years in software procurement. We have a situation where professional intelligence officers, job seekers, and big time journalists have the same level of understanding about how to obtain high-value information quickly and easily. Amazing what a dinobaby knows, isn’t it?

Stephen E Arnold, January 21, 2025

Written by Stephen E. Arnold · Filed Under Business intelligence, News | Comments Off on Why Ghost Jobs? Answer: Intelligence 

Can the UN Control the Intelligence Units of Countries? Yeah, Sure. No Problem

January 16, 2025

dino orange_thumbThis blog post is the work of an authentic dinobaby. Sorry. No smart software can help this reptilian thinker.

I assume that the information in “Governments Call for Spyware Regulations in UN Security Council Meeting” is spot on or very close to the bull’s eye. The write up reports:

On Tuesday [January 14, 2025] , the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, which marks the first time this type of software — also known as government or mercenary spyware — has been discussed at the Security Council.  The goal of the meeting, according to the U.S. Mission to the UN, was to “address the implications of the proliferation and misuse of commercial spyware for the maintenance of international peace and security.” The United States and 15 other countries called for the meeting.

Not surprisingly, different countries had different points of view. These ranged from “we have local regulations” to giant nation state assertions about bad actions by governments being more important to it is the USA’s fault.

The write up from the ubiquitous intelligence commentator did not include any history, context, or practical commentary about the diffusion of awareness of intelware or what the article, the UN, and my 90 year old neighbor calls spyware.

The public awareness of intelware coincided with hacks of some highly regarded technology. I am not going to name this product, but if one pokes about one might find documentation, code snippets, and even some conference material. Ah, ha. The conference material was obviously designed for marketing. Yes, that is correct. Conferences are routinely held in which the participants are vetted and certain measures put in place to prevent leakage of these materials. However, once someone passes out a brochure, the information is on the loose and can be snagged by a curious reporter who wants to do good. Also, some conference organizers themselves make disastrous decisions about what to post on their conference web site; for example, the presentations. I give some presentations at these closed to the public events, and I have found my slide deck on the organizer’s Web site. I won’t mention this outfit, but I don’t participate in any events associated with this outfit. Also, some conference attendees dress up as sheep and register with possibly bogus information. These folks happily snap pictures of exhibits of hardware not available to the public, record audio, and at one event held in the Hague sat in front of me and did a recording of my lecture about some odd ball research project in which I was involved. I reported the incident to the people at the conference desk. I learned that the individual left the conference and that his office telephone number was bogus. That’s enough. Leaks do occur. People are careless. Others just clever and duplicitous.

image

Thanks, You.com. You are barely able to manage a “good enough” these days. Money problems? Yeah, too bad. My heart bleeds for you.

However, the big reveal of intelware and its cousin policeware coincided with the push by one nation state. I won’t mention the country, but here’s how I perceived what kicked into high gear in 2005 or so. A number of start ups offered data analytics. The basic pitch was that these outfits had developed a suite of procedures to make sense of data. If the client had data, these companies could import the information and display important points identified by algorithms about the numbers, entities, and times. Marketers were interested in these systems because, like the sale pitches for AI today, the Madison Avenue crowd could dispense with the humans doing the tedious hand work required to make sense of pharmaceutical information. Buy, recycle, or create a data set. Then import it into these systems. Business intelligence spills forth. Leaders in this field did not disclose their “roots” in the intelligence community of the nation encouraging its entrepreneurs to commercialize what they learned when fulfilling their government military service.

Where did the funding come from? The nation state referenced provided some seed funds. However, in order to keep these systems in line with customer requirements for analyzing the sales of shampoo and blockbuster movies. Venture firms with personnel familiar with the nation state’s government software innovations were invited to participate in funding some of these outfits. One of them is a very large publicly traded company. This firm has a commercial sales side and a government sales side. Some readers of this post will have the stock in their mutual fund stock baskets. Once a couple of these outfits hit the financial jackpot for the venture firms, the race was on.

Companies once focused squarely on serving classified entities in a government in a number of countries wanted to sanitize the software and sell to a much larger, more diverse corporate market. Today, if one wants to kick the tires of commercially available once-classified systems and methods, one can:

  1. Attend conferences about data brokering
  2. Travel to Barcelona or Singapore and contact interesting start ups and small businesses in the marketing data analysis business
  3. Sign up for free open source intelligence online events and note the names and organizations speaking. (Some of these events allow a registered attendee to conduct an off line for others but real time chat with a speaker who represents an interesting company.

There are more techniques as well to identify outfits which are in the business of providing or developing intelware and policeware tools for anyone with money. How do you find these folks? That’s easy. Dark Web searches, Telegram Group surfing, and running an advertisement for a job requiring a person with specialized experience in a region like southeast Asia.

Now let me return to the topic of the cited article: The UN’s efforts to get governments to create rules, controls, or policies for intelware and policeware. Several observations:

  1. The effort is effectively decades too late
  2. The trajectory of high powered technology is outward from its original intended purpose
  3. Greed because the software works and can generate useful results: Money or genuinely valuable information.

Agree or disagree with me? That’s okay. I did a few small jobs for a couple of these outfits and have just enough insight to point out that the article “Governments Call for Spyware Regulations in UN Security Council Meeting” presents a somewhat thin report and lacks color.

Stephen E Arnold, January 18, 2025

Written by Stephen E. Arnold · Filed Under Analytics, Business intelligence, Financial, News | Comments Off on Can the UN Control the Intelligence Units of Countries? Yeah, Sure. No Problem 

Guess What? Most Conferences Leak High Value Information

September 24, 2024

green-dino_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

I read the Wired “real news” article titled “Did a Chinese University Hacking Competition Target a Real Victim?” The main idea of the article is that a conference attracted security professionals. To spice up the person talking approach to conferences, “games” were organized. The article makes clear that the conference and the activities could have and maybe were a way for some people involved with and at the conference to obtain high-value information.

image

News flash! A typical conference setting. Everyone is listening for hot info. Thanks, MSFT Copilot. Good enough.

I have a “real news” flash for the folks at Wired. Any conference — including those with restricted attendance or special security checks — can be vectors for exfiltration of high-value information. After one lecture I delivered at a flashy public conference, a person who identified himself as a business professional wanted to invite me to give lectures in a country not in the EU. I listened. I asked questions. I received only fuzzy wuzzy answers. I did hear all expenses paid and an honorarium. I explained that I was a dinobaby. I wanted more details before I could say yes or no. I told the gentleman I had a meeting and had to get to that commitment. How often has that happened to me? At one conference I attended for six or seven years, a similar conversation took place with me and a business professional every time I gave a lecture.

Within the last 12 months, one of my talks was converted into an email from someone in the audience and a “real” journalist. Some of my team’s findings appeared without attribution in one of few remaining big name online publications. Based on my experience alone, I think attending conferences related to any “hot” technical subject is going to be like a freshly grilled Trader Joe’s veggie burger to a young-at-heart member of the Diptera clan (that’s a house fly, but you probably know that).

Let me offer several observations which may be use to people speaking at public, semi-public, or restricted events:

  1. Make darned sure you are not providing high-value actionable information. If one is not self aware, speakers get excited and do a core dump. The people seeking information for a purpose the speaker has not intended just writes it down and snaps mobile phone pix of the visuals. If a speakers says something of utility, that information is gone and can make its way into the hands of competitors, bad actors, or enemies of one nation state or another. The burden is on the attendee. Period.
  2. If handouts are provided, make certain these do not contain the complete information payload. If I prepare what I call a feuilles détachées, these are sanitized by omitting specific details. The general idea is expressed, but the good stuff is omitted. In short, neuter what is publicly available.
  3. Research the conference. Know before you go. If the conference is “secure,” you will have to chase down one of the disorganized and harried organizers and ask them to read you the names of the companies or agencies which sent representatives.
  4. Find out who the exhibitors are. Often some names appear on the conference Web site, but others — often some interesting outfits — don’t want any publicity. The conference is a way to learn what competitors are doing, identify prospects, pick up high value information, and recruit people to do work that can get them in some interesting conversations. Who knows? Maybe that consulting job dangled in front of a clueless attendee is a way to penetrate an organization?
  5. Leveraging conferences for intelligence is standard operating procedure.

Net net: Answer the question, “What’s the difference between high-value information and marketing baloney?” Here’s my response: “A failure to know or anticipate what the other person knows and needs. This is not news. It is common sense.

Stephen E Arnold, September 24, 2024

Written by Stephen E. Arnold · Filed Under Business intelligence, Conferences, News | Comments Off on Guess What? Most Conferences Leak High Value Information 

Anarchist Content Links: Zines Live

July 19, 2024

dinosaur30a_thumb_thumb_thumb_thumb_[1]_thumbThis essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

One of my team called my attention to “Library. It’s Going Down Reading Library.” I know I am not clued into the lingo of anarchists. As a result, the Library … Library rhetoric just put me on a slow blinking yellow alert or emulating the linguistic style of Its Going Down, Alert. It’s Slow Blinking Alert.”

Syntactical musings behind me, the list includes links to publications focused on fostering even more chaos than one encounters at a Costco or a Southwest Airlines boarding gate. The content of these publications is thought provoking to some and others may be reassured that tearing down may be more interesting than building up.

The publications are grouped in categories. Let me list a handful:

  • Antifascism
  • Anti-Politics
  • Anti-Prison, Anti-Police, and Counter-Insurgency.

Personally I would have presented antifascism as anti-fascism to be consistent with the other antis, but that’s what anarchy suggests, doesn’t it?

When one clicks on a category, the viewer is presented with a curated list of “going down” related content. Here’s a listing of what’s on offer for the topic AI has made great again, Automation:

Livewire: Against Automation, Against UBI, Against Capital

If one wants more “controversial” content, one can visit these links:

Each of these has the “zine” vibe and provides useful information. I noted the lingo and the names of the authors. It is often helpful to have an entity with which one can associate certain interesting topics.

My take on these modest collections: Some folks are quite agitated and want to make live more challenging that an 80-year-old dinobaby finds it. (But zines remind me of weird newsprint or photocopied booklets in the 1970s or so.)  If the content of these publications is accurate, we have not “zine” anything yet.

Stephen E Arnold, July 19, 2024

Written by Stephen E. Arnold · Filed Under Business intelligence, News, Publishing | Comments Off on Anarchist Content Links: Zines Live 

Next Page »

  • Archives

  • Recent Posts

  • Meta