Good Monday morning. It’s September 23rd. The United Nations Climate Action Summit begins today. Learn more about the session at the official website.

Today’s Spotlight takes about 6 minutes to read. Want to chat about something you see here? There’s a contact form here.

2. News To Know Now

1. Facebook canceled “tens of thousands of apps” while conducting investigations into how they handle user privacy. Four hundred developers are associated with the apps, but Facebook has not identified them.

2.  Facebook political advertisers must create new disclosure statements by mid-October.  Snapchat announced that it will use similar processes and update its political ad library. Political advertisers in Canada and the U.S. have spent more than one million dollars so far in 2019 on Snapchat.  Open Secrets data has the details.

3. Big Tech finance headlines:

• Palantir will seek a $26 billion valuation, according to CNBC
• Salesforce.com has invested another $300 million in WordPress.com developer Automattic-with-the-three-ts. The announcement.
• Payment processing company Stripe added a $1.2 billion round and is now valued at $35 billion. Details at Crunchbase.

3.  Government Data Mining, Part 2: Tattletale Apps and Your Personal Data

Our government data mining analysis covers four areas over four weeks.

1. Facial recognition’s growth – last week
2. Ancillary personal data from DNA testing and app use – below
3. National and local algorithms to make sense of all the data – next week
4. Extensions into areas like personal health records and trackers.

Scary stories about phone apps, browser extensions, and smart devices abound in our society. We’re no longer surprised when we learn that a tech company is selling ovulation data from apps women use to track their periods or that Foursquare doesn’t care if you use their app to check in to a location since they have “passive” data collection.

Personal data from all of your transactions constantly flows into buckets at data brokerages around the world. WaPo columnist Geoffrey Fowler wrote a blockbuster expose this summer about browser extensions that seem innocuous but “leak information” directly to data brokers. In Fowler’s expose, one of the browser extensions was used to magnify images on a screen, but requested the ability “to read and change your browsing history.” The extension had 800,000 users and was packaging each user’s search history.

At a large family gathering this weekend, I was asked to troubleshoot someone’s PC because it seemed like Google was unresponsive. After only fifteen minutes of tinkering I found that there was a Firefox extension that promised private browsing. Instead, it read search data and routed the request to another network. Luckily, they didn’t return to Google but to Yahoo! search, which was my first clue that something terrible was happening.

Don’t forget that the absence of data is also data. Netflix raised eyebrows last month when The Verge found that Netflix was monitoring a phone’s physical activity sensor. Netflix later said it was a test to see if they could improve video quality while people were watching on the move. But the question remains why a video app gets to track your movements and activity. Fitness trackers, phones, and smart watches all have the ability to understand where you are and what you are doing or not doing.

Even medical data isn’t protected despite health privacy laws. ProPublica found 5 million health records on hundreds of computer servers worldwide. Anyone with a web browser or a few lines of computer code can view patient records, they found, including names in some cases. They didn’t do any hacking or nefarious activities because the records—either for consultation or stored for archives—were publicly accessible on the Internet.

Google, Amazon, and Microsoft are part of a new trade group called the CARIN Alliance that is creating a medical records universal standard for patient records. You’re probably already thinking to yourself, “What could go wrong with those three setting up programs accessing my most personal data?” Good news. The federal government, many state governments, and major health insurance companies are also participating.

The point is that your transactions every day create a growing pool of data about you.  Here in northern Virginia, our state is one of several using “remote sensing” that checks a vehicle’s emissions when it passes through a toll booth. The program is a great way to monitor air quality but also allows local jurisdictions to understand which vehicles don’t meet emissions standards and the locations that they travel through. 

Foursquare would call that a passive check-in.

Next week: the algorithms coordinating all of the data about you.

Read Part One of the series, Facial Recognition’s Growth

4.  Checking in On Amazon

Living off the grid has become harder and now Amazon is finding a way to track cash payments. 

The company announced last week that it would begin accepting cash payments via Western Union and a program called “PayCode”. When a user checks out from Amazon and selects PayCode, they receive a code that they bring to Western Union. Once there, they can settle the account and the product will be shipped. The service starts in October.

Deliveries in 2021 and later will likely be made in some fancy new vehicles after Amazon announced that it would become a signatory to the corporate climate pledge that echoes the Paris climate agreement. Amazon announced that it had placed an order to purchase 100,000 electric-powered trucks over 10 years from a startup named Rivian. Amazon’s $10 billion order follows their $700 million investment last February and Ford’s $500 million in April. 

Amazon also got a big assist from The Wall Street Journal (paywall) this weekend after they surfaced a report that a “grass roots” campaign called “Free and Fair Markets” that attacks Amazon is secretly funded by Walmart, Oracle, and commercial real estate behemoth Simon Property.  Campaigns that purport to be independent “grass roots” campaigns but are secretly funded by an interested party are called “astroturf campaigns” because they’re meant to look like grass (roots).

5. Debugged: Can You Identify Where These Pictures Were Taken?

First Draft News has a four image “Observation Challenge” that allows visitors  to assess where images came from and whether you could correctly identify their locations if you were working in a newsroom. There are lots of on-screen hints and you get four chances at each of four images.

Yes, you can use the Internet. It’s not a knowledge test.

6. Also in the Spotlight

Google sister company Wing upped the stakes in the delivery wars by announcing a drone delivery test in rural southwestern Virginia. FedEx and Walgreens are also involved. (via Transport Topics)

Trivia app Givling claims to pay off student debt, but may not be all that it claims to be, say the folks at Truth in Advertising.

LinkedIn will begin offering online testing for users who want to demonstrate their skills knowledge. Read more at TechCrunch.

7. Great Data: Mapping Political Supporters on Twitter

One of the best network maps we’ve seen recently is Erin Gallagher’s take on “Trump Train” supporters on Twitter. This isn’t political, but a good lesson in how to map followers and understand your influencers. Besides, as Erin points out, there is nothing like this in social media on the left side of the political spectrum.

Read the analysis here.

8. Protip: Backing Up Your iPhone

There are new operating systems for iOS users. You should back up your iPhone BEFORE upgrading.

Here is a step-by-step guide showing how.

9. Bizarre Bazaar (strange stuff for sale online)

Rockabye Baby is a music company that creates woodblock and mellotron-based lullabies from popular music, including classic rock, hip hop, and punk. Their new release is Lullaby Renditions of Selena. AV Club interviewed the team.

100 releases and 600 million streams to date.

10. Coffee Break:  Dark Web Images

A team of researchers has indexed 37,500 images from the Dark Web to test automating security images. You can go to their site, but you have to download all of the images in a tarball archive. If you don’t know what the file extension .tar.gz means, then you don’t need to visit. Luckily for you, I downloaded them all and am including three below.

Here’s the site if you’re that kind of interested.

Images showing credit cards, a gun, and drugs for sale so you don’t have to visit to see.

Good Monday morning. It’s September 9th. Apple has a product rollout tomorrow at 1 p.m. Analysts expect the iPhone 11 announcement plus other product news.

Fun fact: Apple has $210 billion in cash, a hoard that would allow the company to buy Netflix or PayPal outright and still have about half. Or it could spin off a holding company that would be the 28th largest U.S. company by market cap. 

Today’s Spotlight takes about 3 minutes to read.

2. News To Know Now

1.  YouTube owner Alphabet agreed to pay a $170 million fine to the FTC and New York state after regulators faulted YouTube privacy and data collection practices for children under the age of 13. YouTube privacy rules required users to be 13 or older, but regulators showed that the company knew the service was used by nearly all “tweens” who are 10-12 years old.

2.  Back in December we told you about then 7-year-old Ryan Kaji, whose YouTube videos as “Ryan ToyReviews” generated tens of millions of dollars in revenue. The channel added more than four million subscribers since and is now the subject of a Truth in Advertising (tina.org) complaint with the FTC alleging that the videos do not provide clear disclosure of compensation. 

3. YouTube reported this week that it’s making great progress on its 4Rs: 

• removing harmful content
•  raising authoritative voices for breaking news
• rewarding creators and artists
• reducing inappropriate content.

Since last year, YouTube has removed more than 100,000 videos, canceled 17,000 channels, and removed more than 500 million comments. Governments and propagandists aren’t the only ones spreading false information. So is someone at the office, three people you see on your commute, and that fifth grade buddy you had to go find on Facebook. 

4. Android 10 was released. Following 8 (Oreo) and 9 (Pie), there should be a cute version name beginning with the letter Q, but Google apparently didn’t want quince or (my choice) queso. Instead they’re choosing boring old Android 10. While you stick to your own preferred sweets, here is when manufacturers are rolling out Android 10 to their phones.

3.  Facebook Dating is Live & Other Social News

“Not everyone on Facebook is interested in dating,” writes the company in its announcement of its dating app-within-an-app starting up in the U.S.

You know that’s not true, and not just because the word “Facebook’ appeared in one-third of divorce filings in one study. Savvy parents watch over their children’s social media, but parents oftentimes need chaperones. 

Facebook’s dating app is mobile only and anyone who claims their age is 18 or older can create a profile in minutes. When I tested the service (honest, sweetheart, it was for the newsletter), my profile was created from my Facebook profile in seconds. Had I gone ahead with my first name, job, town, and employment history, I could’ve been trolling for dates in seconds. 

No one knows yet whether this will stop unsolicited pictures of people’s genitals from appearing in your messages but that seems doubtful. Also doubtful is that anyone looking up old flames will simply choose to use the dating app. But Facebook Dating has rolled out to more than one dozen countries in its first year so this is part of our world.

Much more promising for humanity is Facebook’s test to hide the number of likes a post receives. Researcher Jane Wong (who broke news of the Facebook dating app last year) surfaced that tidbit after first discovering Instagram was doing the same test. The notion is that seeing the high or low reaction counts will bias future visitors. That’s something Sue and I experienced firsthand when we worked with online reviews at Epinions more than a decade ago. The current test will allow only the original poster to see the number and types of reactions.

Facebook also took two big steps to combat misinformation on the site. First, they announced a tightening of requirements necessary to advertise social advocacy and political issues. Then they made a surprise announcement about tightening up information regarding vaccination misinformation.

Users searching for vaccination information will be referred to the specific page at the World Health Organization. Facebook has also said that it will reduce the overall visibility of groups and pages sharing misinformation, including their advertising, and may stop them from using fundraising tools.

4.  Google My Business Showing Competition

Google My Business listings may now show advertising for competing businesses. This screenshot from Twitter shows a Toyota dealership’s ad inside a Chrysler dealership’s listing.

Search Engine Land reporting suggests that the ads can’t be removed which could set up a bidding war for space in free business listings.

Google My Business also announced that the list of “distance based services” has been phased out and place names substituted. Think of services that come to your home or office. You’ll search for them now using place names.

Website sitemaps (the kind computers read) also got a big boost from Google this week when Googler Gary Ilyes confirmed a years-old statement that the sitemaps are the second biggest source of a page’s visibility after Google’s own automated programs.  

Talk with us if you are responsible for an organization’s web presence and don’t know what that means.

5. Debugged: The Private Delta Jet

Vincent Peone got a lot of attention when he posted a video that said that he was the only person on a Delta flight. Gizmodo reports that the plane developed “mechanical problems” and never took off.

Sorry, Vinny. Read the story here.

6. Also in the Spotlight

Google’s differential privacy software that analyzes big data but can cloak identities has been made free by the search giant, according to The Verge.

Someone stole $240,000 by calling a British energy company using software that mimicked the CEO’s voice, according to the Washington Post.

7. Food for Thought:  Misinformation

Publishing inaccurate or misleading information online isn’t going to go away any time soon. Security firms are worried about ransomware striking election offices, power grid susceptibilities and other sabotage, but nothing can cause damage like plausible misinformation.

Where is your organization vulnerable to conspiracy theories that can show up online and damage your operations? And how can you develop resources held in reserve now in case that day comes?

8. Protip: Reporting Misinformation on Instagram

You can report individual Instagram posts that have misinformation through a new feature the company recently rolled out.  From your phone, access the post’s menu in the top right. From there, select:   REPORT –> It’s Inappropriate –> False Information.

9. Great Data: An $86 Trillion Economy

It’s hard for humans to conceptualize the differences between one million, billion, and trillion. One tool we use to help leaders visualize the stark difference is this example:

• 1 million seconds is 12 days ago—when you were looking forward to Labor Day.
• 1 billion seconds is 31 years ago—when Ronald Reagan was president and The Cosby Show topped the Nielsen ratings.
• 1 trillion seconds is 31,000 years ago—when humans first began gathering in settlements.

With those differences in mind, here is an infographic of the world’s $86 trillion economy.

10. Coffee Break:  Strange Emoji Doings

ACLU data scientist Brooke Watson made my day when she posted “just learned with horror that deleting any of the “family” emojis in google slides does not remove the emoji, but rather kills off each individual family member one by one, starting with the children.“

See it for yourself, amaze your friends later  (okay, it’s cute.)

Good Monday morning. It’s August 26th.  Greta Thunberg, a 16-year-old climate activist, is due to arrive Tuesday in New York. She is traveling on a zero-emissions sailboat. You can read more about her trip at Moms Clean Air Force.

Reminder: next Monday is Labor Day in the U.S. and there won’t be a Spotlight.

Today’s Spotlight takes about 4 minutes to read. Want to chat about something you see here? Leave a reply.

2. News To Know Now

1.  Police increasingly use social media, we told you last week, and now we’re reading details of police discounts for Amazon’s Ring service, free training, and police recommending the product to citizens through official channels.  Ars Technica has a good overview.

2.  Open AI is releasing its 774 million parameter AI language program just six months after releasing the 124M model. The organization continues to advocate for more protections as models with 10 times the number of parameters are being tested now.

3. Knowing what is appropriate is vexing researchers. The University of Washington released a study that shows AI can incorrectly flag hate speech almost half the time and appears at times to be racially biased.

4. Human content moderation takes a painful toll. The Intercept reports that Facebook contractors view up to 800 pieces of “disturbing content” each hour and “routinely turn to on-site counselors to help cope”. Accenture, the employer that has the Facebook contract, has attempted to learn the content of therapy sessions according to a whistleblower’s letter.

3.  Old Passwords Still Being Used

Passwords are a pain. They seem unnecessary and everything would be great if digital systems could simply identify us. But since we live in this world, and this world still requires good passwords, please note some scary goings-on.

Data first.  We told you this winter about a Google Chrome extension that checks the password you are using against a database of hacked passwords. Google reported this week that the extension detected 315,000 compromised passwords being used. The good news is that 26% of those who were warned took the opportunity to get a new password which makes me question whether we want the other 74% to continue to have access to passwords.

Doing your best, like using VPN software to secure your communications isn’t a simple fix.  Ars is reporting that Fortigate and Pulse Secure have vulnerabilities that hackers are actively exploiting to steal passwords. In their words, “Now would be a good time to make sure they’re patched.”

Poor data hygiene has bedeviled government agencies for years. Three events this week underscore how much government relies on outdated equipment or the self-discipline of thousands of users.

Hackers coordinated an attack that breached 23 municipal networks in Texas. We’ve told you about ransomware in some small Florida cities and larger attacks in Atlanta and Baltimore, but security experts were surprised at the coordination and speed of these attacks. (Texas state government page)

Wisconsin election offices are also vulnerable according to the Elections Commission’s top cybersecurity official. Tony Bridges says that 527 local elections officials use Windows XP or Windows 7. XP has not received security updates since 2014. Those updates end in January for Windows 7. 

Maine is spending $1 million because of the same issues that affect 10,000 of their computers. The state’s CIO says that Maine is spending the money because Microsoft won’t continue free support of the software it released ten years ago. (Bangor Daily News)

Our take: Stay safe(r) by using multiple protection methods. Use a password manager (we like LastPass), a physical security key (Yubico is what we use), and allow your software, especially your operating system, to be regularly updated. Once that’s done, install a good antivirus program with malware scanning. Finally, use two-factor authentication (2FA) for everything you can, but especially your email, access to work networks, and social media. 

4.  SearchWeek: News about finding things online

You’re not the only one who sometimes can’t find a backup.

Google acknowledged this month that it “temporarily lost part of the Search index” in April. It was a computer engineering nightmare that they’ve helpfully documented the way your kid claimed that the paper was emailed to the teacher. It would be a weird issue but for the fact that they did it or something similar in July and then again on August 20th. Quoting Google’s Danny Sullivan in SEO Roundtable’s coverage, “Yes, I believe there might be some issues” in response to Roundtable’s editor posting that some sites were having trouble getting new content into Google’s index.

We also learned from SparkToro that less than half of Google searches now result in a click. We’ve been telling you about all the video, audio, and other rich media Google is publishing on its search pages. Google says that organizing the world’s information, not publicizing websites, remains its goal.

5. Debugged: Freshman Orientation

Snopes is out with a special article debunking college legends like the library sinking from the weight of its books.

How long must students wait for an absent professor?

6. Also in the Spotlight

Estee Lauder’s CEO says that half its marketing budget is going to influencers, reports Ad Week (and wow!)

Kohls is going the other way with a clothing collection influenced by Facebook data it receives. Don’t forget that Kohls also cut a deal with Amazon to accept returns. How ironic would it be if Kohls becomes a retail winner in the tech age?

Joseph Tartaro bought a vanity license plate: NULL. That’s a condition computer programs often use when no data is present. The result is a madcap story of more than $12,000 owed in fines he didn’t actually get ticketed for.  Read more at Wired.

7. Food for Thought:  Email Jargon

From vacation, Shaun sent me this new data he was perusing in Statista as one does when they’re on vacation. These are the phrases your co-workers hate.

Not sure if you saw my last email, but per our conversation…

8. Protip: Spam in your Google Calendar

I started hearing some people complain about spam in their Google Calendar and figured they had copied the email link to the wrong place. Then a lot of people began complaining.  Yep, spammers figured it out.

How-To Geek has a remedy, but only if you’ve been hit

9. Great Data: A New Look at the Top 100 Websites

This is the best treatment I’ve ever seen for the top 100 websites. Traffic volume is included as is color-coding for the owners of the sites. Porn and scam websites are also included as are sites in China, Japan, Indonesia, and Russia. For example, MicrosoftOnline dot com is the 52nd largest site in terms of traffic, but is a phishing scam that is not affiliated with Microsoft.

In other words, this is the real world wide web that puts the porn sites in their actual places, including the top ten, and associates LinkedIn with Microsoft and #30 Twitch with Amazon.

Top 100 Websites by Visual Capitalist

10. Coffee Break:  Google Goes to Oz

On this 80th anniversary of the Wizard of Oz, Google has made a fun Easter Egg tribute to the beloved movie. Here’s how to activate it.

1. Search for The Wizard of Oz on Google.
2. Click the image of Dorothy’s slippers on the right side of the page.
3. Wheee… you’re back in black-and-white days in Kansas. 
4. To go back to color, click the tornado image now in the spot where you found the slippers. 
5. Whee again!