Another “links only” issue this week, due to feverish activity on a professional project. Hopefully more time for Surveilled next week. Also, introducing a new section this week, read on.
Attackers can block your WhatsApp account without you doing anything–Basically, the attacker installs WhatsApp on their phone with your number, and then takes advantage of weaknesses in WhatsApp’s verification mechanism to block your number, so it doesn’t require much skill at all. You would know something is up when you receive verification codes over SMS, but other than contacting WhatsApp support there’s not much you can do.
WhatsApp is by far the biggest messaging service out there, so it’s no surprise that attackers are trying every possible idea against them, but on the other hand, the last significant change to their security model seems to be the upgrade to the Signal Protocol, which happened in 2016. Of course, Facebook’s overall track record on user security doesn’t bode well either… Read (Forbes)
Crypto marketplace Coinbase goes public in a frenzy–Their market capitalisation immediately shot up to some 86bn USD, more than Intercontinental Exchanges (68bn USD), who own the New York Stock Exchange, among others. I would love to see the DCF model that justifies that valuation. Also, they went public via a direct listing, like all the cool kids. Read (CNBC)
Alibaba gets hit by Chinese antitrust ruling–The market dominance of Big Tech is not only a hot topic in the West. Chinese antitrust regulators took on Alibaba, fining it for placing restrictions on merchants, and in particular prohibiting its subsidiary Ant Financial from integrating closely with other members of the group. Effectively, this severely handicaps Ant’s fast-growing lending activities, which are based on collecting behavioural data from across the other subsidiaries. The regulator didn’t hesitate putting in place organisational remedies in other words, will this be seen as a precedent? Read (FT $)
Amazon tried to force smart home device maker Ecobee in sharing private user data–Speaking of abuse of market dominance: Ecobee’s products integrate with Amazon’s Alexa, but the e-commerce giant wanted user information even from users who didn’t link Alexa to their devices. If it didn’t cooperate, Amazon would limit Ecobee’s ability to sell its products on the Amazon platform. While this is appalling in itself, the brazenness with which Big Tech keeps behaving even after years of mounting alarm is even more breathtaking. Read (The Verge)
How we escaped government-mandated encryption backdoors, for now–In 2015, there was a showdown between the FBI and Apple, with the former wanting the latter to unlock an iPhone belonging to an apprehended terrorist. Apple refused, setting up a court hearing which could have led to government-mandated backdoors in encryption systems. In the end, the hearing was cancelled when an Australian firm provided the FBI with a so-called “exploit chain” that unlocked the phone in question.
The details and backstory in this article are very interesting, but most compelling is the notion, expressed by security expert Will Strafach, that the outcome sketched above was the best possible. In other words, security research firms should keep looking for flaws which they are free to offer to others. This process ends up acting as a sort of release valve for the pressure manufacturers endure to weaken security for law enforcement’s benefit. Read (WaPo)
Winning in Zwift’s virtual cycling world leads to a real-world professional contract–Zwift is a very popular virtual workout game. Basically you attach your road bike to a home trainer connected to the service, which then allows you to cycle through virtual worlds and compete against other riders from all over the world, while getting in a real workout. Zwift also organises contests. The worldwide winner of one such contest, 25 year-old Australian Jay Vine, was offered a professional contract with the Alpecin-Fenix cycling team, also based on the detailed performance stats logged in the app. Now Vine placed second in the most difficult stage in the Presidential Cycling Tour of Turkey, effectively validating the approach. Interesting case study on the increasingly blurred boundaries between real and virtual worlds. Read (Sporza, in Dutch)
Welcome to the new section I mentioned at the start. Sometimes I’ll mention a story that is still developing, or additional facts come to light after sending the issue. These updates are usually not important enough to include in the “Six Links” section, but still good to know. Hence, from now on I’ll group them here in a quick overview.
The Yamauchi No 10 family office manages the wealth of the third CEO of Nintendo, the one who turned the maker of playing cards into the legendary maker of video games. The family office’s website pays a superb tribute to that history (sound on!) Link