1. Good Monday Morning

It’s January 10th. Spotlight is off next week to commemorate Dr. King’s birthday. Each year I read his Letter From a Birmingham Jail (PDF). I encourage you to read or revisit this powerful message contained in only 5½ pages.

Today’s Spotlight is 1,325 words — about a 5 minute read.

2. News To Know Now

Quoted:“We really try to encourage people. Just get past the 17th of January.” — Strava CEO Michael Horvath to Bloomberg. Strava measures distances run or cycled for millions of users and has dubbed next Monday as Quitter’s Day–when the company sees its biggest user decrease each year.  

a)  Uber users need to be vigilant about email from the company. For at least the third time since 2016, security researchers demonstrated how hackers could send targeted phishing emails that are seemingly from Uber. It’s not a simple email spoof, but an actual vulnerability in Uber’s email system. The company hasn’t fixed the vulnerability and says that it is outside the scope of their bug reward program.

b)  Pabst might believe that the enemy is within. An employee of the brewer tweeted an X-rated comment about “Dry January,” a pop culture event when people stop drinking alcohol beginning with the new year. Pabst deleted the tweet and said that the employee showed poor judgment. 

The Pabst employee still likely had a better day than someone in the IT department at Kyoto University after 77 TB in 34 million files were lost due to a backup error at the university’s supercomputer. One terabyte can store about 6 million pages or one quarter-million images. 

c) The original Winnie-the-Pooh story, Hemingway’s The Sun Also Rises, recordings by Rachmaninoff and compositions by Irving Berlin and the Gershwins are among the works that entered the public domain in the U.S. on January 1. Duke Law School published a nifty explainer and list of highlighted works.

3. Search Engine News — The Cost of Bad Translations & IndexNow

The Microsoft-backed IndexNow protocol notifies search engines when content on a website has been added, deleted, or changed. The notifications about tens of thousands of websites are going to Microsoft and Yandex. Web teams of all sizes can now easily use IndexNow as a WordPress plug in or via Cloudflare.

This is a great time to remind you that Google may be synonymous with search, but that Microsoft Bing processes more than one-quarter of all US search volume.

Google search executive John Mueller confirmed last week that poor quality translations posted on a website can harm that site’s rankings in other languages even for pages that were not involved. Mueller was quoted during a year-end webinar by Search Engine Journal, “So in short, I guess if you have a very low quality translation that’s also indexed and that’s also very visible in search then that can definitely pull down the good quality translation as well or the good quality original content that you also have.”

Unabashed partner plug: our friends at Uno Translations have been helping our clients with translations into many languages for a decade. Our SEO advice remains constant. Use people who speak the language rather than translation software.

4. Spotlight Explainer — Biometrics in 2022

Few people like passwords. Tech security people hate them. Tech’s goal is to replace them with biometrics and eventually use your face, fingerprints, irises, and even your gait to identify you. From there, you can pay for goods and services or access your workplace. The outlook isn’t all rosy. Count on mistaken identities and privacy issues, but also a lot of positive things.

Continuing Adoption of Biometrics in 2022

This period might be compared to the time when people other than remote field staff began carrying mobile phones. There’s been growing acceptance of biometrics in consumer devices. Yubico security keys that unlock websites or devices now include fingerprint instead of password access. Meanwhile, concertgoers at Colorado’s iconic Red Rocks can scan their palm instead of using a paper ticket for entry. The technology was built by Amazon for use in its convenience stores and as it spreads to different systems, more people are becoming comfortable with it.

Amazon’s Own Employees Are Suing Over Biometrics

Illinois has long been recognized as having some of the strongest biometric protection laws in the country. Those laws will be tested in a class action brought by Amazon warehouse employees in the state who say that the company’s activities are illegal. The suit alleges that Amazon scanned the faces of warehouse workers with thermal imaging cameras to detect fever during the COVID-19 pandemic. Workers say that the company disclosed the information to third parties and did not delete the data as required. The suit passed a significant hurdle last week when a judge declined to dismiss the case.

The Industry Expects Biometrics Legislation

JD Supra reports that almost thirty states had some form of biometric legislation pending in 2021. There is also a proposed federal regulation under review as well as FTC enforcement actions related to facial recognition technology. Legislative action is also pending in both Europe and the UK.

Biometrics Aren’t Just For Humans

A new biometric Smart Dog Collar debuted at last week’s CES 2022 show. The collar monitors location and health data, including respiration and heart vital signs, and will alert owners when there are abnormalities. 

5. Did That Really Happen? — Betty White Did Not Die From a COVID Vaccine Boost

Betty White’s agent has emphatically countered an online rumor that falsely claims that her death was caused by a reaction to a COVID-19 vaccine booster shot. Jeff Witjas, the actress’ agent, said that a quote about the vaccine booster attributed to the actress was false and that she did not have a booster shot three days before she died.

6. Following Up — FTC Warns Companies To Fix Log4j Vulnerability

We told you right before Christmas about the Log4j vulnerability that is believed to exist on up to 25% of the computer servers in use today. The Federal Trade Commission is warning US organizations to apply the security patches that fix the software or face potential enforcement actions. As Gizmodo’s coverage elaborates, the FTC can sue a company for security practices that endanger consumer data.

7. Protip — Don’t Charge Devices in Freezing Temps

January’s cold temperatures require another kind of advisory. This one is about charging devices that have been out in freezing temperatures, and the advice is simple: warm up the device before you charge it.

Imagine that a phone or tablet was accidentally left in a car overnight or otherwise subjected to below-freezing temperatures. Experts say that charging the device before it has a chance to warm up could permanently reduce the battery’s capacity or even cause it to explode. Details are available at Lifehacker.

8. Screening Room — Ryan Reynolds Reads

9. Science Fiction World — Drone Delivers Defib Unit In Minutes

Swedish company Everdrone used an autonomously operated drone to deliver a defibrillator unit to a physician who was administering CPR to a man in his driveway. The physician saw a 71-year-old man who was shoveling snow collapse with a heart attack. While he aided the man, a passerby called authorities, who sent an ambulance and the Everdrone unit. The device arrived in only three minutes, and the man was saved.

10. Coffee Break — Scale-A-Tron

This nifty Mapbox tool lets you draw a shape on a map in your browser and move that shape to anywhere else on a map. I was able to measure my neighborhood and drag it to other places I had lived to see the scale. Or go to your favorite outdoor spot and drag it to your downtown area to see how they match up. 

11. Sign of The Times

1. Good Monday Morning

It’s December 20th. Spotlight is off next week and back on January 3. We wish joy, happiness, and a wonderful holiday to everyone celebrating.

Today’s Spotlight is 1,446 words — about a 5 minute read.

2. News To Know Now

Quoted:“CISA also strongly urges every organization large and small to follow the federal government’s lead and take similar steps to assess their network security and adapt the mitigation measures outlined in our Emergency Directive. If you are using a vulnerable product on your network, you should consider your door wide open to any number of threats,” — Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency Director

a) Family location app Life360 is reportedly sharing locations with more than just parents. The Markup is reporting that the software company that sells the app is also selling location data to brokers. Those brokers then package the data and sell it broadly to all sorts of companies. A former employee told The Markup that people who didn’t opt out could have their location data shared within twenty minutes of it being recorded.

b) Amazon is under intense fire after Illinois-based delivery drivers accused the company of threatening their jobs if they stopped deliveries during a tornado alert. Six of their co-workers died when their warehouse workplace was hit by a tornado. Amazon says that local managers did not follow the company’s safety policies.

c) FTC Chair Lina Khan pledged to make data privacy an agency priority in a letter to Sen. Richard Blumenthal (D-CT). Rulemaking that sets national data privacy requirements similar to those in California and Virginia is one of the options being explored.

3. Search Engine News — Local SEO Update & Learning What Works

Besides being physically attractive and very, very smart, search marketers are usually excellent at recommending best practices to improve a website’s visibility in Google and other search engines. Many of us generally know what works, what Google and Bing recommend, and the technical knowledge to tie them all together.

But the best of us will tell you that we can’t divine which element is responsible for a website’s success in search visibility. Google search exec John Mueller cut through the hyperbole last Wednesday when he answered a question this way. 

He’s right, of course. We don’t know exactly which of the things that we told you to do worked, and in truth, it’s got to be combinations of things, but this is your regular warning that anyone telling you they have the secrets is not being honest.

Here is another secret. We have an incredibly active industry that constantly shares case studies and information. That’s what Canadian SEO Joy Hawkins did last week with this fantastic overview of Florida law firms that showed how their search visibility changed after a big Google update several weeks ago. They’ve dubbed the update the “Vicinity Update” based on the change in rankings for those firms shown in close proximity to the searcher.

4. Spotlight Explainer — Log4j Vulnerability

About one-quarter of computer servers use software called Apache, a twenty-five year old open source platform offered for free to everyone. One of its most popular logging tools used for analytics is software called Log4j. Hackers have devised a way to break into servers using that code.

Sizing the Log4j vulnerability problem

Jen Easterly is the U.S. Director of the Cybersecurity and Infrastructure Agency. She’s a West Point graduate, a Rhodes scholar, a twenty year combat vet with two Bronze Stars, has worked at the NSA, was Morgan Stanley’s global head of cybersecurity, and came back to the federal government to lead CISA.

She told industry leaders that the Log4j vulnerability “is one of the most serious I’ve seen in my entire career, if not the most serious.”

Everything from ransomware to denial of service attacks is open to hackers on unpatched servers.

Ubiquity makes this a big deal

CISA estimates that hundreds of millions of devices globally are at risk. And because of the nature of computer servers, they can potentially affect many others.

Companies known to be involved with mitigation efforts for more than one week: Oracle, Microsoft, Amazon, Google, Cisco, RedHat, and more.

It’s not as easy as upgrading your computer

There really isn’t an apt comparison for someone who isn’t a cybersecurity professional. There was a fix for this problem, but last Tuesday, researchers at Akamai discovered that the fix could be bypassed. Apache published another fix late Friday, and here we are on Monday, but that’s not enough time for any organization to have potential problems fixed.

One of Easterly’s executives addressed the issue this way: “There’s no single action that fixes this issue. It’s a mistake to think anyone is going to be done with this in a week or two.”

What next? CISA is updating a page on their site throughout the crisis and has told the cybersecurity world to “update or isolate affected assets. Assume compromise, and hunt for signs of malicious activity.”

5. Did That Really Happen? — Why Covid-19 Testers Don’t Have to Quarantine

The CDC has done more than its share of fact checking over the last two years, and now faces a series of dumb posts alleging that testing personnel don’t have to isolate when coming in contact with someone who tests positive for COVID-19.

The inaccurate meme has been shared more than 50,000 times and generated a lot of buzz. The reason why they don’t, according to the scientists, has to do with the presence of medical PPE and the amount of exposure. CDC guidelines only call for quarantine if someone has been closer than 6 feet from an infected person for 15 minutes or more.

6. Following Up — NSO Group

Back in July we told you about NSO Group, an Israeli spyware company whose software was found planted on thousands of phones belonging to journalists, activists, and fourteen heads of state. Amazon kicked the company off its servers, and Apple sued them.

Google’s Cybersecurity group has researched the exploit and published a report last week that said the software was one of the most technically sophisticated they had ever seen and rivaled software thought to be accessible to only a handful of nation states.

The plum quote picked out by Cyberscoop’s excellent coverage: “Short of not using a device, there is no way to prevent exploitation … it’s a weapon against which there is no defense.”

7. Protip — What Data Can You Share?

This is the season for infographics synthesizing data at your house, organizations, or businesses. If you were born in a year that begins with a “1”, you can remember a time when technologists talked about “big data”. 

The great news is that big data is here, and you can use it. Think about how Spotify Wrapped uses a simple report dressed up as a playlist to generate millions of impressions.  Or take a look at these graphics from Instacart that show the hottest grocery store products tied to popular recipes this year.

Protip: have fun doing it. Instacart measured the number of bananas ordered in LA as able to create a stack as high as 87,196 Hollywood signs.

8. Screening Room — Chevy Tearjerker

9. Science Fiction World — Remotely Powering Drone Flight

DARPA (those nice government types who brought us the internet) has given a grant to Electric Sky, a company that says they can use radio waves tied only to specific drones to improve on microwaves or lasers that power drones in flight. 

 10. Coffee Break — The Best of Primitive 1990s Sites

There is no way that I will show you the images from a website I built in the 1990s with a purple and pink color scheme. Decades later I remember my graphics-oriented buddy and her pained expression as she scurried away while muttering, “I must fix this.”

But Lifehacker has unearthed a bunch of 1990s era websites still live online. You’ll be able to check out the Dole-Kemp 1996 site, the Jurassic Park and Space Jam promo sites, and SFSU’s FogCam, which still provides live images of the campus 27 years later.

11. Sign of the Times

Many of you have written and said that you love our weekly Sign of the Times feature.  Thanks!  Remember that you can (and should!) write me whenever you want–just press reply. 

Until we see you again on January 3, we assembled a photo album of all of the signs we posted this year. Enjoy it, stay safe, and wear your mask.