The Market Ticker
Commentary on The Capital Markets- Category [Technology]

It just never ends, does it?

Microsoft MSFT +0.00% has been on a roll lately. Its massive Windows 10 update ‘Threshold 2’ has far more good features than bad ones, the ‘free upgrade’ rules have been improved and even Microsoft’s Black Friday 2015 deals are surprisingly great. But a new discovery has been made which isn’t good news – at all… 

What Microsoft did was rename the "telematics" service from DiagTrack to "Connected User Experiences."

Uh huh.  They didn't get rid of it, which is what they wanted you to think.  Instead they renamed it.

So Forbes caught it; I've not yet been "offered" Threshold 2, so it's not on my machines yet.  But this is a reminder that free never exists and the price is usually something you think is no big deal but in fact is a very big deal indeed.

I will keep reminding you that not is free never actually free but what's worse is that the data collected, once collected, is never deleted and that while there are plenty of "benign" or even helpful things that someone can do with data they collect on you, there are also very malignant things that can be done too.

There is something that everyone needs to understand about companies like Facebook and similar that claim large "revenue per user" figures: Someone is paying them that money.

You've probably never paid for advertising and such, unless you have either run a company that bought it or were involved in a larger marketing organization for a large firm.  I have, because I did when I ran MCSNet.

Here's the calculus that intelligent businesses put into such advertising buys: They must return at least 10x what is spent on them in revenue.

This is is because nobody has a 100% profit margin; even if you sell a service with no direct hard costs (like an ISP does) there are a lot of costs!  I had to buy hardware to run the ISP, I had to buy telecom services and most importantly I had to pay people -- that is, paychecks and benefits to employees -- which is almost always your largest expense as a business.

All of that comes off the top before anyone sees anything called "profit."

So look at what Facebook, for example, claims.  Their claim is that a US/Canada user provides $10.49 in revenue per quarter, or about $42/year.

Think about that.  You don't pay Facebook anything.  So exactly how does Facebook make $42 a year off your being on their site?  They sell your eyeballs to people for that $42.

What does that have to return to the buyer to be worth it?

About $400 -- and that's just one company in the Internet space.

Facebook is not free for you.  It costs you about $400 a year to use it on average, but you don't see the price directly.  You do pay it though -- you must, or they couldn't operate as they wouldn't have that revenue.

Now contemplate how that happens, then multiply by the number of applications and other things on your phone, your tablet and your computer that collect data about you -- such as exactly where you are 24x7 and what you do while online -- and send it off to mother.

If you think this doesn't go into various pricing decisions that are individualized to you -- such as your car and other forms of insurance -- you're dead wrong.  Whether you'll pay more than someone depends highly on how your "individual risk" is assessed; these firms do not make money by being wrong about how risky you are.

Why is Microsoft doing this?  Because Facebook and others have gotten away with it without you revolting; if you'll put up with Facebook doing it why not Microsoft?

But this of course leads to the obvious question: Exactly how many $420 extractions per year, all by stealth, can you absorb?

If you're wondering how you get bled to almost-literally nothing in this world today, that's one way it happens.  You're tricked into believing that something like Facebook is "free", while the company discloses that you are "worth" $42 a year to them in direct revenue that someone else forks up and then must multiply by a factor of 10 or more in order for their investment to be worth it.  That money all comes out of your pocket whether you recognize it or not, and it happens simply because you use Facebook and thus give those firms the ability to buy the data that they then use against you to extract that $420!

Start thinking of your "relationship" with these businesses in this way and you might wake up a bit.

You might also decide that this isn't such a good deal, especially if that $420 means something to you.

Or, perhaps, you might decide that having $420 taken from you every year by stealth while it is claimed that your use of said resource is "Free and always will be" is perfectly fine.

View this entry with comments (registration required to post)

No, not on the shoppers.

Or even on Daesh.

No, declare war on Apps.  Specifically, apps that siphon off your location (and often other) data on an unchecked, constant basis once loaded. with many of them making a diligent effort to keep you from stopping them.

Reality is this: "Free" apps aren't free.  The price is that they want to advertise to you.  Location-based advertising is more-accurate in terms of value to the advertiser in that it's more likely to result in a sale.  Fine -- as long as you're actively using a given app -- that is, as long as it has focus, or is on the display.  It's also fine if it's something like a fitness tracking app while you are actually performing some activity you're trying to track (like a run, hike, etc.)

But it's not ok for an app to keep doing this sort of thing when it doesn't have focus and is not in some activity you've asked for.  There are many reasons for this, which I will outline here:

First, the most-mundane.  Every time an application on your phone does this it consumes battery power.  If you're wondering why your phone dies so fast, that's a big part of the reason.  If you have 20 apps on your device that all do this that's 20x every five minutes or so (which is the average interval!) that these apps all pull your location and send it to "momma".  Every one of those instances consumes both battery power and network bandwidth, which I remind you is something you're paying for.

Do not believe for a second that this sort of misbehavior is isolated or uncommon.  All of the social messaging apps do it, including Facebook and others.  But the offenders aren't limited to apps like Facebook; they're also things like Walmart's app, which continually pulls location data once started.  Even worse are games, which almost-universally do this sort of thing.

Some of these apps are extremely persistent, such as Charity Miles that I documented earlier; these will hammer on location requests, including trying to use the GPS repeatedly, if you're in a location without a clear view of the sky.  This is extremely bad for your power consumption because the GPS chip is one of the most-hungry in your phone when it comes to power budget.

Second, there is the less-mundane.  This data can be trivially used to identify you with specificity along with your daily habits.  It requires no linkage to your device ID or a login to do so either; all it requires is a bit of time.  Within a few days or weeks it is trivially easy to know exactly who you are and since there is a unique device ID associated with each of these data points it's not even slightly difficult to link it to your characteristics.  While this might not link it to a name that doesn't matter.

And this brings me to the real risk: You have absolutely no idea nor control over who has this data, who's keeping it, for how long (the presumption has to be "forever") and who it's being given or sold to.

The latter is an extremely serious issue.  Let's say, for the sake of argument, that Daesh wanted to murder a bunch of law enforcement officers and military members in this country.  Let's further assume that they managed to get a few thousand of their jackasses into the country and they obtained illicit arms (both solid assumptions, by the way; even though an illegal invader cannot legally buy a gun he can sure steal one or get it from a gang-banger.)

Now they buy one of these databases.  They don't get names this way, but they don't need to.  What they analyze and obtain is a number of people who on a daily basis go from a residence to a police station or military base, both of which are endpoints that are trivially associated with a place of work and residence by the times spent there.

It is an utterly trivial matter to determine this from an every 5 minute location ping.

Now the jackasses have a list of homes to target their assaults; that not every one of them is correct doesn't matter.  What does matter is that this constitutes a high-value target list and there is not a damn thing you can do about it once the data has been collected and is owned by these companies as they do, can and will sell that data.  There is no way to determine with certainty that the person buying it wants it only for a so-called "legitimate" purpose, never mind the risk of the database being stolen once sold or resold by the buyer.  Worse, all of this analysis can be completed from thousands of miles away beyond the reach of American law enforcement or anyone else for that matter and once the analysis is complete exactly zero exposure to arrest occurs until the jackass attempts his hideous act.

THIS is why the practice of allowing that sort of data "mining" from your personal devices must be stopped and those firms doing so severely sanctioned.  It is probably already too late in terms of whether this kind of abuse will eventually happen (it will) but the longer we let this go on the worse, and more irrevocable, the damage will be.

There is utterly nothing that can be done to filter or mitigate this risk other than prohibiting app publishers along with phone and OS vendors from doing this in the first place, defaulting any such tracking to off when other than in a legitimate activity and allowing it to be disabled entirely for a given app or globally.  Here's looking at you, Google and Apple, but those are not the worst of the offenders -- no, the worst are the app publishers over which there is zero oversight or accountability.

View this entry with comments (registration required to post)

First impression on taking the device out of the box: Wow.

The build quality is extremely high.  It's substantial and feels very nice in the hand.  The camera "bulge", which some people have said bad things about aesthetically, keeps the camera lens off flat surfaces, which should materially reduce scratch risk, yet it doesn't protrude much at all -- less than it looks like.

Build date is 11/05 (!!); I literally have a device that was assembled a week ago.

The device immediately saw my Qi-enabled nightstand and when placed in on it started charging, even though it was not yet on of course.  I proceeded to insert the SIM and SD cards, which are a bit tricky -- they have an "eject" tool, but the trays only fit the cards one way and you have to pay attention; the cards will fit flush with the tray skeleton when you have it right and you do not have to force them.

Both my Wifi network and cell worked immediately out of the box; at first-blush signal strength looks good.  Speed tests on cellular beat my Passport side-by-side in the same place on multiple occasions, but the displayed number of bars tends to be lower.  It's not the number of bars folks, it's the solidity of the recoverable (and sent) signal that matters.  WiFi performance in particular makes my Passport look sheepish in comparison.

One note -- the built-in BlackBerry apps did not automatically show as updatable; I had to go look for them in the Play store and select them manually.  Do this folks; getting those on the "auto update" schedule is actually quite important.

There were also a material number of system updates (for Google apps) that wanted to install; you have to approve them, but they all came down without incident.

 The phone showed up about 50% charged; I managed to get a bit of energy into it before heading out for the evening, as I happened to have a QC 2.0 charger.

My first evening was an exercise in a bit of frustration, but it's not the device -- it's Android, with a few notable exceptions.  However, that frustration was tempered by a number of things BlackBerry has done to keep the BB10 experience available on the Priv.

Let's talk about the really good first.  My first-blush view of the main camera is that it's really good.  In fact, I'll go further -- for a cellphone camera my first impressions are basically summed up as "Hot damn!"  You may not realize this but it has manual exposure control!  Slide at the bottom of the viewfinder window, and there you have it -- a couple of stops either way in compensation, what you see is what you get when you shoot, and it's extremely useful.  I only got a couple of shots inside a (dark) bar that I tend to frequent, no flash. OIS works exceptionally well, the phase-detect autofocus is both fast and accurate including in that crappy light and while there are visible Jpeg compression artifacts in the result (as is true of all compressed format output) it's materially better than the Passport's camera.   I'm not talking about "a little better", I'm talking about a lot better.

Now the front camera.... well, it's not the selfie-shooter that some self-absorbed people are into.  It's fine in decent light but falls apart fast when the light level drops.  It's basically what the Passport is in that regard and is ok for arms-length selfies, but won't win any awards. If your phone's primary purpose in life is selfie hedonism I'm not going to shine you on -- this is not your phone.  Why the compromise?  I suspect space; there just isn't any in the top piece of the phone that holds the display and the front-facing camera.  This is the trade-off you get for having a keyboard, basically.  On the other hand if you usually point your camera at other people I think you're going to be impressed.  There will be much more on this in the next review when I have some image snippets to put together, with detail and comparisons against some of my semi-pro and pro gear (along with the Passport.)

Oh, yeah, that keyboard.  Oh my.  I like it a lot, and here's the real crusher for those of you who are all into the on-screen thing: You don't give up any screen real estate when you're entering something with the keyboard open!  It changes a lot in terms of your device interaction with apps and web pages.  The keys are smaller than the Passport's (by a lot) and I'm still getting used to it but it's fast, accurate and for anything more than a one-liner I found myself sliding the screen up and using it.

The slide mechanism has a very solid and satisfying snick to it when actuated.  It has the sort of tactile feel that a really nice luxury car does; think Mercedes, not Chevy.  The same follows through on the back; the surface is grippy but not sticky and makes holding the phone really easy.  It feels great in the hand and ought to go a long way toward preventing the potentially-catastrophic drop.  The material is pretty-much the same as a Z10, Z30 or Passport for those coming from that device.

The BlackBerry launcher and integrated calendar and hub bring a lot, but not all, of the BB10 experience to Android.  I joined the phone to my Exchange server without incident and all of my Contacts and Calendar entries (along with email) immediately showed up on the phone.

The other immediate note is that triage mode is missing in The Hub.  For the love of everything holy this needs to be added.  If you're not coming from BB10 you don't understand this.  If you do, well, you do.  It really, really matters when it comes to dealing with email and was one of the BB10 innovations that isn't available anywhere else and makes a huge difference in productivity.

Blend is missing, as has been noted by others.  Let's hope BlackBerry brings that over; I miss it already.

The square (right side) key on the home page brings up a "tile manager", which shows recent apps.  I'm not sure all of them are always actually still open, but it looks like it -- and acts like it, much like the tile listing in BB10.  If this is base Android it's new to me, but if it's not, well, it wins huge over stock Android.

Performance is outstanding.  I have noted no lag or other misbehavior at all.

I have one (very) serious complaint that is an absolute mess and needs fixed right now -- if you store any credentials locally in the PKI store (e.g. machine certificate, private CA key, etc) the phone refuses to allow you to use a picture password -- it forces a PIN, Alpha password or pattern gesture.  The latter is much less secure than the picture password.  BlackBerry needs to fix this immediately as anyone with a VPN credential to store on the phone can't and use Picture Password as things stand right now.

This is far enough up the list that I'd call it an emergency patch situation as it directly impacts a security issue.  Let's see if BlackBerry actually will use their emergency patch capability; I was able to recover the ability to use a Picture Password but as it stands now I have to choose between having a working VPN with a PKI authenticator (through the StrongSwan app) and a Picture Password.  No, no and no; that's stupid.

Wireless charging works, but it's not fast.  Last night I drained the phone bad, and by morning it was close to full -- but not quite full.  Compare this against putting 30% in the phone within a few minutes on a QC 2.0 charger, and you see the problem.

Speaking of battery, I can't speak to the performance of the (huge) battery in the device as of yet as my usage pattern right now is borderline massively abusive with the app and data downloads I'm doing to get the device to where the Passport was.  It'll be a few days, at least, before I can speak to that -- but just screwing around with the browser and apps at the bar it looks pretty good.

There will be at least one more review -- a full one -- but I wanted to get this out there with first impressions.

Summed up, it's this: BlackBerry looks to have a winner in the Priv; most of the really annoying things that once you've used BB10 you just couldn't live with under Android are taken care of with the code they brought over.  The Hub still needs some work but all-in, this is a device that not only "just works" but works very, very well.

More, and in much more detail, including a fine-grained look at the privacy aspect of the device, coming soon.

PS: Buy it through Amazon or (gasp!) your carrier.  I simply cannot recommend that anyone deal with Digital River.  Amazon got the unit to me in less than 24 hours.

View this entry with comments (registration required to post)

Oh c'mon.

Apple's Tim Cook is trying to claim that the new "larger" iPad (Pro model) gives you no reason to buy a PC any more.


Why would I want to buy a PC?  First, because I can have roughly half of my money remain in my pocket compared against your iPad and have a laptop.  But even more to the point it's not a PC and never will be a PC.

Tablets are not PCs and the reality of things is that the "worker dude" isn't going to carry around a 12" tablet.  If you want a big tablet, the new iPad makes some sense, but the laptop still has a real keyboard and a real hinge between keyboard and display; the tablet does not.

Is a tablet a good media consumption device?  Sure.

But will it replace the laptop and make it obsolete?  Good luck with that Tim.

View this entry with comments (registration required to post)

The EFF is known to be a bit.... over the top when it comes to the real scope of risk in the electronic world.  But once in a while they hit the nail on the head, and this is one of those times -- sort of.

Last month, Chinese security researchers uncovered a security vulnerability in an Android software library developed by the Chinese search giant Baidu, and when it comes to security vulnerabilities, this one’s a whopper. It allows an attacker to remotely wreak all sorts of havoc on someone’s phone, from sending fake SMS messages to downloading arbitrary files to installing other apps without the user’s authorization.

The widespread deployment of the vulnerable software library makes things even worse. The library, known as the Moplus SDK, is used by over 14,000 separate Android apps. By some estimates, as many as 100 million unique Android devices were vulnerable. And that isn’t even the worst of it.

This is, quite-arguably, one of the worst events ever recorded against any computer software worldwide.  The reason is simple -- it's not an error or an accident; the software is designed to permit these things to happen and was developed by a large company that actually patented the technology in it!

There are several problems here.  EFF wants to lay the blame on both Baidu (appropriate) and Google, which got dragged kicking and screaming into the granular permission world, but left off "network access" as a permission.  They arguably did the latter (and EFF identifies this) because that "flashlight" app couldn't serve ads if it couldn't get to the network to grab them, and of course Google makes it money from ads.

The other side of the argument, however, is worse.  It's simply this: There ought to be some sort of vetting process going on and when you have a major corporation intentionally developing and deploying spyware, to the point that they patent the technology involved, I ask again: WHERE ARE THE DAMN COPS?

There certainly are laws on computer fraud and abuse; if I knowingly write and distribute such code I can be arrested, and people have been.  Baidu trades as a public corporation on our stock market!

WTF, Department of Justice?  WTF, Google?  WTF, SEC?  Why hasn't Baidu been delisted, why isn't there a criminal indictment pending against the company and why in the hell is Google not both publicizing this far and wide along with putting forward effective means of putting a stop to it, particularly when the company claims that it's slogan is "First, do no evil."

Did someone forget The Big Guy in the Red Suit when they were discussing the definition of "evil"?

View this entry with comments (registration required to post)

Main Navigation
MUST-READ Selection:
Really, Let's Cut the Crap Eh?

Full-Text Search & Archives
Archive Access

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.