Discord: Following the Telegram Road Map?
September 26, 2024
This essay is the work of a dumb dinobaby. No smart software required.
A couple of weeks ago, I presented some Telegram (the company in Dubai’s tax-free zone) information. My team and I created a timeline, a type of information display popular among investigators and intelligence analysts. The idea is that if one can look at events across a span of hours, days, months, or years in the case of Telegram, one can get some insight into what I call the “innovation cadence” of the entity, staff growth or loss, type of business activity in which the outfit engages, etc.
Some high-technology outfits follow road maps in circulation for a decade or more. Thanks, MSFT Copilot. Good enough.
I read “Discord Launches End-to-End Encrypted Voice and Video Chats.” This social media outfit is pushing forward with E2EE. Because the company is located in the US, the firm operates under the umbrella of US laws, rules, and regulations. Consequently, US government officials can obtain documents which request certain information from the company. I want to skip over this announcement and the E2EE system and methods which Discord is using or will use as it expands its services.
I want to raise the question, “Is Discord following the Telegram road map?” Telegram is, as you probably know, is not providing end-to-end encryption by default. In order to send a “secret” encrypted message, one has to click through several screens and send a message to a person who must be online to make the Telegram system work. However, Telegram provides less sophisticated methods of keeping messages private. These tactics include a split between public Groups and private Groups. Clever Telegram users can use Telegram as a back end from which to deliver ransomware or engage in commercial transactions. One of the important points to keep in mind is that US-based E2EE outfits have far fewer features than Telegram. Furthermore, our research suggests that Telegram indeed a plan. The company has learned from its initial attempt to create a crypto play. Now the “structure” of Telegram involves an “open” foundation with an alleged operation in Zug, Switzerland, which some describe as the crypto nerve center of central Europe. Plus, Telegram is busy trying to deploy a global version of the VKontakte (the Russian Facebook) for Telegram users, developers, crypto players, and tire kickers.
Several observations:
- Discord’s innovations are essentially variants of something Telegram’s engineers implemented years ago
- The Discord operation is based in the US which has quite different rules, laws, and tax regulations than Dubai
- Telegram is allegedly becoming more cooperative with law enforcement because the company wants to pull off an initial public offering.
Will Discord follow the Telegram road map, undertaking the really big plays; specifically, integrated crypto, an IPO, and orders of magnitude more features and functional capabilities?
I don’t know the answer to this question, but E2EE seems to be a buzzword that is gaining traction now that the AI craziness is beginning to lose some of its hyperbolicity. However, it is important to keep in mind that Telegram is pushing forward far more aggressively than US social media companies. As Telegram approaches one billion users, it could make inroads into the US and tip over some digital apple carts. The answer to my question is, “Probably not. US companies often ignore details about non-US entities.” Perhaps Discord’s leadership should take a closer look at the Telegram operation which spans Discord functionality, YouTube hooks, open source tactics, its own crypto, and its recent social media unit?
Stephen E Arnold, September 26, 2024
AI Automation Has a Benefit … for Some
September 26, 2024
Humanity’s progress runs parallel to advancing technology. As technology advances, aspects of human society and culture are rendered obsolete and it is replaced with new things. Job automation is a huge part of this; past example are the Industrial Revolution and the implementation of computers. AI algorithms are set to make another part of the labor force defunct, but the BBC claims that might be beneficial to workers: “Klarna: AI Lets Us Cut Thousands Of Jobs-But Pay More.”
Klarna is a fintech company that provides online financial services and is described as a “buy now, pay later” company. Klarna plans to use AI to automate the majority of its workforce. The company’s leaders already canned 1200 employees and they plan to fire another 2000 as AI marketing and customer service is implemented. That leaves Klarna with a grand total of 1800 employees who will be paid more.
Klarna’s CEO Sebastian Siematkowski is putting a positive spin on cutting jobs by saying the remaining employees will receive larger salaries. While Siematkowski sees the benefits of AI, he does warn about AI’s downside and advises the government to do something. He said:
“ ‘I think politicians already today should consider whether there are other alternatives of how they could support people that may be effective,’ he told the Today programme, on BBC Radio 4.
He said it was “too simplistic” to simply say new jobs would be created in the future.
‘I mean, maybe you can become an influencer, but it’s hard to do so if you are 55-years-old,’ he said.”
The International Monetary Fund (IMF) predicts that 40% of all jobs will worsen in “overall equality” due to AI. As Klarna reduces its staff, the company will enter what is called “natural attrition” aka a hiring freeze. The remaining workforce will have bigger workloads. Siematkowski claims AI will eventually reduce those workloads.
Will that really happen? Maybe?
Will the remaining workers receive a pay raise or will that money go straight to the leaders’ pockets? Probably.
Whitney Grace, September 26, 2024
Google Rear Ends Microsoft on an EU Information Highway
September 25, 2024
![green-dino_thumb_thumb_thumb_thumb_t[2]_thumb](https://arnoldit.com/wordpress/wp-content/uploads/2024/09/green-dino_thumb_thumb_thumb_thumb_t2_thumb-3.gif "green-dino_thumb_thumb_thumb_thumb_t[2]_thumb")
This essay is the work of a dumb dinobaby. No smart software required.
A couple of high-technology dinosaurs with big teeth and even bigger wallets are squabbling in a rather clever way. If the dispute escalates some of the smaller vehicles on the EU’s Information Superhighway are going to be affected by a remarkable collision. The orange newspaper published “Google Files Brussels Complaint against Microsoft Cloud Business.” On the surface, the story explains that “Google accuses Microsoft of locking customers into its Azure services, preventing them from easily switching to alternatives.”
Two very large and easily provoked dinosaurs are engaged in a contest in a court of law. Which will prevail, or will both end up with broken arms? Thanks, MSFT Copilot. I think you are the prettier dinosaur.
To put some bite into the allegation, Google aka Googzilla has:
filed an antitrust complaint in Brussels against Microsoft, alleging its Big Tech rival engages in unfair cloud computing practices that has led to a reduction in choice and an increase in prices… Google said Microsoft is “exploiting” its customers’ reliance on products such as its Windows software by imposing “steep penalties” on using rival cloud providers.
From my vantage point this looks like a rear ender; that is, Google — itself under considerable scrutiny by assorted governmental entities — has smacked into Microsoft, a veteran of EU regulatory penalties. Google explained to the monopoly officer that Microsoft was using discriminatory practices to prevent Google, AWS, and Alibaba from closing cloud computing deals.
In a conversation with some of my research team, several observations surfaced from what I would describe as a jaded group. Let me share several of these:
- Locking up business is precisely the “game” for US high-technology dinosaurs with big teeth and some China-affiliated outfit too. I believe the jargon for this business tactic is “lock in.” IBM allegedly found the play helpful when mainframes were the next big thing. Just try and move some government agencies or large financial institutions from their Big Iron to Chromebooks and see how the suggestion is greeted.,
- Google has called attention to the alleged illegal actions of Microsoft, bringing the Softies into the EU litigation gladiatorial arena.
- Information provided by Google may illustrate the alleged business practices so that when compared to the Google’s approach, Googzilla looks like the ideal golfing partner.
- Any question that US outfits like Google and Microsoft are just mom-and-pop businesses is definitively resolved.
My personal opinion is that Google wants to make certain that Microsoft is dragged into what will be expensive, slow, and probably business trajectory altering legal processes. Perhaps Satya and Sundar will testify as their mercenaries explain that both companies are not monopolies, not hindering competition, and love whales, small start ups, ethical behavior, and the rule of law.
Stephen E Arnold, September 25, 2024
The Zuck: Limited by Regulation. Is This a Surprise?
September 25, 2024
Privacy laws in the EU are having an effect on Meta’s actions in that region. That’s great. But what about the rest of the world? When pressed by Australian senators, a the company’s global privacy director Melinda Claybaugh fessed up. “Facebook Admits to Scraping Every Australian Adult User’s Public Photos and Posts to Train AI, with No Opt-Out Option,” reports ABC News. Journalist Jake Evans writes:
“Labor senator Tony Sheldon asked whether Meta had used Australian posts from as far back as 2007 to feed its AI products, to which Ms Claybaugh responded ‘we have not done that’. But that was quickly challenged by Greens senator David Shoebridge. Shoebridge: ‘The truth of the matter is that unless you have consciously set those posts to private since 2007, Meta has just decided that you will scrape all of the photos and all of the texts from every public post on Instagram or Facebook since 2007, unless there was a conscious decision to set them on private. That’s the reality, isn’t it? Claybaugh: ‘Correct.’ Ms Claybaugh added that accounts of people under 18 were not scraped, but when asked by Senator Sheldon whether public photos of his own children on his account would be scraped, Ms Claybaugh acknowledged they would. The Facebook representative could not answer whether the company scraped data from previous years of users who were now adults, but were under 18 when they created their accounts.”
Why do users in Australia not receive the same opt-out courtesy those in the EU enjoy? Simple, responds Ms. Claybaugh—their government has not required it. Not yet, anyway. But Privacy Act reforms are in the works there, a response to a 2020 review that found laws to be outdated. The updated legislation is expected to be announced in August—four years after the review was completed. Ah, the glacial pace of bureaucracy. Better late than never, one supposes.
Cynthia Murrell, September 25, 2024
Consistency Manifested by Mr. Musk and the Delightfully Named X.com
September 25, 2024
This essay is the work of a dumb dinobaby. No smart software required.
You know how to build credibility: Be consistent, be sort of nice, be organized. I found a great example of what might be called anti-credibility in “Elon Rehires lawyers in Brazil, Removes Accounts He Insisted He Wouldn’t Remove.” The write up says:
Elon Musk fought the Brazilian law, and it looks like the Brazilian law won. After making a big show of how he was supposedly standing up for free speech, Elon caved yet again.
The article interprets the show of inconsistency and the abrupt about face this way:
So, all of this sounds like Elon potentially realizing that he did his “oh, look at me, I’m a free speech absolutist” schtick, it caused ExTwitter to lose a large chunk of its userbase, and now he’s back to playing ball again. Because, like so much that he’s done since taking over Twitter, he had no actual plan to deal with these kinds of demands from countries.
I agree, but I think the action illustrates a very significant point about Mr. Musk and possibly sheds light on how other US tech giants who get in regulatory trouble and lose customers will behave. Specifically, they knock off the master of the universe attitude and adopt the “scratch my belly” demeanor of a French bulldog wanting to be liked.
The failure to apply sanctions on companies which willfully violate a nation state’s laws has been one key to the rise of the alleged monopolies spawned in the US. Once a country takes action, the trilling from the French bulldog signals a behavioral change.
Now flip this around. Why do some regulators have an active dislike for some US high technology firms? The lack of respect for the law and the attitude of US super moguls might help answer the question.
I am certain many government officials find the delightfully named X.com and the mercurial Mr. Musk a topic of conversation. No wonder some folks love X.com so darned much. The approach used in Brazil and France hopefully signals consequences for those outfits who believe no mere nation state can do anything significant.
Stephen E Arnold, September 25, 2024
Amazon Has a Better Idea about Catching Up with Other AI Outfits
September 25, 2024
AWS Program to Bolster 80 AI Startups from Around the World
Can boosting a roster of little-known startups help AWS catch up with Google’s and Microsoft’s AI successes? Amazon must hope so. It just tapped 80 companies from around the world to receive substantial support in its AWS Global Generative AI Accelerator program. Each firm will receive up to $1 million in AWS credits, expert mentorship, and a slot at the AWS re:Invent conference in December.
India’s CXOtoday is particularly proud of the seven recipients from that country. It boasts, “AWS Selects Seven Generative AI Startups from India for Global AWS Generative AI Accelerator.” We learn:
“The selected Indian startups— Convrse, House of Models, Neural Garage, Orbo.ai, Phot.ai, Unscript AI, and Zocket, are among the 80 companies selected by AWS worldwide for their innovative use of AI and their global growth ambitions. The Indian cohort also represents the highest number of startups selected from a country in the Asia-Pacific region for the AWS Global Generative AI Accelerator program.”
The post offers this stat as evidence India is now an AI hotspot. It also supplies some more details about the Amazon program:
“Selected startups will gain access to AWS compute, storage, and database technologies, as well as AWS Trainium and AWS Inferentia2, energy-efficient AI chips that offer high performance at the lowest cost. The credits can also be used on Amazon SageMaker, a fully managed service that helps companies build and train their own foundation models (FMs), as well as to access models and tools to easily and securely build generative AI applications through Amazon Bedrock. The 10-week program matches participants with both business and technical mentors based on their industry, and chosen startups will receive up to US$1 million each in AWS credits to help them build, train, test, and launch their generative AI solutions. Participants will also have access to technology and technical sessions from program presenting partner NVIDIA.”
See the write-up to learn more about each of the Indian startups selected, or check out the full roster here.
The question is, “Will this help Amazon which is struggling to make Facebook, Google, and Microsoft look like the leaders in the AI derby?”
Cynthia Murrell, September 25, 2024
Open Source Dox Chaos: An Opportunity for AI
September 24, 2024
It is a problem as old as the concept of open source itself. ZDNet laments, “Linux and Open-Source Documentation Is a Mess: Here’s the Solution.” We won’t leave you in suspense. Writer Steven Vaughan-Nichols’ solution is the obvious one—pay people to write and organize good documentation. Less obvious is who will foot the bill. Generous donors? Governments? Corporations with their own agendas? That question is left unanswered.
But there is not doubt. Open-source documentation, when it exists at all, is almost universally bad. Vaughan-Nichols recounts:
“When I was a wet-behind-the-ears Unix user and programmer, the go-to response to any tech question was RTFM, which stands for ‘Read the F… Fine Manual.’ Unfortunately, this hasn’t changed for the Linux and open-source software generations. It’s high time we addressed this issue and brought about positive change. The manuals and almost all the documentation are often outdated, sometimes nearly impossible to read, and sometimes, they don’t even exist.”
Not only are the manuals that have been cobbled together outdated and hard to read, they are often so disorganized it is hard to find what one is looking for. Even when it is there. Somewhere. The post emphasizes:
“It doesn’t help any that kernel documentation consists of ‘thousands of individual documents’ written in isolation rather than a coherent body of documentation. While efforts have been made to organize documents into books for specific readers, the overall documentation still lacks a unified structure. Steve Rostedt, a Google software engineer and Linux kernel developer, would agree. At last year’s Linux Plumbers conference, he said, ‘when he runs into bugs, he can’t find documents describing how things work.’ If someone as senior as Rostedt has trouble, how much luck do you think a novice programmer will have trying to find an answer to a difficult question?”
This problem is no secret in the open-source community. Many feel so strongly about it they spend hours of unpaid time working to address it. Until they just cannot take it anymore. It is easy to get burned out when one is barely making a dent and no one appreciates the effort. At least, not enough to pay for it.
Here at Beyond Search we have a question: Why can’t Microsoft’s vaunted Copilot tackle this information problem? Maybe Copilot cannot do the job?
Cynthia Murrell, September 24, 2024
Guess What? Most Conferences Leak High Value Information
September 24, 2024
This essay is the work of a dumb dinobaby. No smart software required.
I read the Wired “real news” article titled “Did a Chinese University Hacking Competition Target a Real Victim?” The main idea of the article is that a conference attracted security professionals. To spice up the person talking approach to conferences, “games” were organized. The article makes clear that the conference and the activities could have and maybe were a way for some people involved with and at the conference to obtain high-value information.
News flash! A typical conference setting. Everyone is listening for hot info. Thanks, MSFT Copilot. Good enough.
I have a “real news” flash for the folks at Wired. Any conference — including those with restricted attendance or special security checks — can be vectors for exfiltration of high-value information. After one lecture I delivered at a flashy public conference, a person who identified himself as a business professional wanted to invite me to give lectures in a country not in the EU. I listened. I asked questions. I received only fuzzy wuzzy answers. I did hear all expenses paid and an honorarium. I explained that I was a dinobaby. I wanted more details before I could say yes or no. I told the gentleman I had a meeting and had to get to that commitment. How often has that happened to me? At one conference I attended for six or seven years, a similar conversation took place with me and a business professional every time I gave a lecture.
Within the last 12 months, one of my talks was converted into an email from someone in the audience and a “real” journalist. Some of my team’s findings appeared without attribution in one of few remaining big name online publications. Based on my experience alone, I think attending conferences related to any “hot” technical subject is going to be like a freshly grilled Trader Joe’s veggie burger to a young-at-heart member of the Diptera clan (that’s a house fly, but you probably know that).
Let me offer several observations which may be use to people speaking at public, semi-public, or restricted events:
- Make darned sure you are not providing high-value actionable information. If one is not self aware, speakers get excited and do a core dump. The people seeking information for a purpose the speaker has not intended just writes it down and snaps mobile phone pix of the visuals. If a speakers says something of utility, that information is gone and can make its way into the hands of competitors, bad actors, or enemies of one nation state or another. The burden is on the attendee. Period.
- If handouts are provided, make certain these do not contain the complete information payload. If I prepare what I call a feuilles détachées, these are sanitized by omitting specific details. The general idea is expressed, but the good stuff is omitted. In short, neuter what is publicly available.
- Research the conference. Know before you go. If the conference is “secure,” you will have to chase down one of the disorganized and harried organizers and ask them to read you the names of the companies or agencies which sent representatives.
- Find out who the exhibitors are. Often some names appear on the conference Web site, but others — often some interesting outfits — don’t want any publicity. The conference is a way to learn what competitors are doing, identify prospects, pick up high value information, and recruit people to do work that can get them in some interesting conversations. Who knows? Maybe that consulting job dangled in front of a clueless attendee is a way to penetrate an organization?
- Leveraging conferences for intelligence is standard operating procedure.
Net net: Answer the question, “What’s the difference between high-value information and marketing baloney?” Here’s my response: “A failure to know or anticipate what the other person knows and needs. This is not news. It is common sense.
Stephen E Arnold, September 24, 2024
Open Podcast Index Lists Many
September 24, 2024
Podcasters who wish to be indexed by Apple or Spotify must abide by certain guidelines, some of which appear arbitrary or self-serving to some. Enter the Podcast Index, introduced by long-time broadcaster turned “podfather,” Adam Curry. The site follows the open-source tradition, promising:
“The Podcast Index is here to preserve, protect and extend the open, independent podcasting ecosystem. We do this by enabling developers to have access to an open, categorized index that will always be available for free, for any use. … Podcast Index LLC is a software developer focused partnership that provides tools and data to anyone who aspires to create new and exciting Podcast experiences without the heavy lifting of indexing, aggregation and data management.”
Funded by its founders and by donations, the site aims to list every available podcast so would-be listeners need not rely on commercial firms to discover them. This goal is emphasized by a running tally on the homepage, which counts over four million (!) podcasts listed as of this writing. One can filter and browse the many supporting apps, directories, and hosting companies here. Developers can sign up to use the API here. And, of course, donations can be made through the red button at the foot of the home page. For anyone wondering how to put content from around the world in their ears, this is a good place to start.
Cynthia Murrell, September 24, 2024
Zapping the Ghost Comms Service
September 23, 2024
This essay is the work of a dumb dinobaby. No smart software required.
Europol generated a news release titled “Global Coalition Takes Down New Criminal Communication Platform.” One would think that bad actors would have learned a lesson from the ANOM operation and from the take downs of other specialized communication services purpose built for bad actors. The Europol announcement explains:
Europol and Eurojust, together with law enforcement and judicial authorities from around the world, have successfully dismantled an encrypted communication platform that was established to facilitate serious and organized crime perpetrated by dangerous criminal networks operating on a global scale. The platform, known as Ghost, was used as a tool to carry out a wide range of criminal activities, including large-scale drug trafficking, money laundering, instances of extreme violence and other forms of serious and organized crime.
Eurojust, as you probably know, is the EU’s agency responsible for dealing with judicial cooperation in criminal matters among agencies. The entity was set up 2002 and concerns itself serious crime and cutting through the red tape to bring alleged bad actors to court. The dynamic of Europol and Eurojust is to investigate and prosecute with efficiency.
Two cyber investigators recognize that the bad actors can exploit the information environment to create more E2EE systems. Thanks, MSFT Copilot. You do a reasonable job of illustrating chaos. Good enough.
The marketing-oriented name of the system is or rather was Ghost. Here’s how Europol describes the system:
Users could purchase the tool without declaring any personal information. The solution used three encryption standards and offered the option to send a message followed by a specific code which would result in the self-destruction of all messages on the target phone. This allowed criminal networks to communicate securely, evade detection, counter forensic measures, and coordinate their illegal operations across borders. Worldwide, several thousand people used the tool, which has its own infrastructure and applications with a network of resellers based in several countries. On a global scale, around one thousand messages are being exchanged each day via Ghost.
With law enforcement compromising certain bad actor-centric systems like Ghost, what are the consequences of these successful shutdowns? Here’s what Europol says:
The encrypted communication landscape has become increasingly fragmented as a result of recent law enforcement actions targeting platforms used by criminal networks. Following these operations, numerous once-popular encrypted services have been shut down or disrupted, leading to a splintering of the market. Criminal actors, in response, are now turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity. By doing so, they seek new technical solutions and also utilize popular communication applications to diversify their methods. This strategy helps these actors avoid exposing their entire criminal operations and networks on a single platform, thereby mitigating the risk of interception. Consequently, the landscape of encrypted communications remains highly dynamic and segmented, posing ongoing challenges for law enforcement.
Nevertheless, some entities want to create secure apps designed to allow criminal behaviors to thrive. These range from “me too” systems like one allegedly in development by a known bad actor to knock offs of sophisticated hardware-software systems which operate within the public Internet. Are bad actors more innovative than the whiz kids at the largest high-technology companies? Nope. Based on my team’s research, notable sources of ideas to create problems for law enforcement include:
- Scanning patent applications for nifty ideas. Modern patent search systems make the identification of novel ideas reasonably straightforward
- Hiring one or more university staff to identify and get students to develop certain code components as part of a normal class project
- Using open source methods and coming up with ad hoc ways to obfuscate what’s being done. (Hats off to the open source folks, of course.)
- Buying technology from middle “men” who won’t talk about their customers. (Is that too much information, Mr. Oligarch’s tech expert?)
Like much in today’s digital world or what I call the datasphere, each successful takedown provides limited respite. The global cat-and-mouse game between government authorities and bad actors is what some at the Santa Fe Institute might call “emergent behavior” at the boundary between entropy and chaos. That’s a wonderful insight despite suggesting another consequence of living at the edge of chaos.
Stephen E Arnold, September 23, 2024
x
A
-
- Subscribe to Beyond Search
Feature archive
News archive
-
