The phrase in today’s screed is adapted from an infamous 1964 Supreme Court decision, when Potter Stewart was asked to define obscenity. In a report issued today by Stanford researchers, the new phrase (when referring to materials relating to abused children) has to do with recognizing a URL. And if you thought Stewart’s phrase made it hard to create appropriate legal tests, we are in for an even harder time when it comes to figuring out how to prevent this in the age of GenAI and machine learning. Let me explain.

If you are trying to do research into what is called child abuse materials (abbreviated CSAM, and you can figure out the missing word on your own), you have a couple of problems. Firstly, you can’t actually download the materials to your own computer, not unless you work for law enforcement and do the research under conditions akin to when intelligence operatives are in a secured facility (now made infamous and called a SCIF).

This brings me to my second point. Since you can’t examine the actual images, what you are looking at are bunches of URLs that point to the actual images. URLs are also used instead of the actual images because of copyright restrictions. And that means looking at metadata, which could be in a variety of languages, because let’s face it, CSAM knows no geographic boundaries. The images are found by sending out what is called “crawlers” that examine every web page they can find at a point in time.

Next, and this comes as no surprise to anyone who has spent at least one minute browsing the web, there is a lot of CSAM out there: billions of files as it turns out. The Stanford report found more than three thousand suspected images. Now that doesn’t seem like a lot, but when you consider that they probably didn’t catch most of it (they acknowledge a severe undercounting), it is still somewhat depressing.

Also, we (and by that, I mean most everyone in the world) are too late to try to prevent this stuff from being disseminated. That is a more complicated explanation and has to do with the way the GenAI and mathematical models have been constructed. The optimum time to have done this would have been, oh, two or more years ago, back before AI became popular.

The main villain in this drama is something called the large-scale AI open network or LAION-5B model, which contains 5.85B data elements, half of which are in English. This is the data that is being used to train the more popular AI tools, such as Stable Diffusion, Google’s Imagen, and others.

The Stanford paper lays out the problems in examining LAION and the methodology and tools that they used to find the CSAM images. They found that anyone using this model has thousands of illegal images in their possession. “It is present in several prominent ML training data sets,” they state. While this is a semi-academic research paper, it is notable in that they provide some mitigation measures to remove this material. There are various steps that are mostly ineffective and some that are difficult to pull off, especially if your goal is to remove the material entirely from the model itself. I won’t get into the details here, but there is one conclusion that is most troubling:

The GenAI models are good at creating content, right? This means we can take a prototype CSAM image and have it riff on creating various versions, using say the face of the same child in a variety of poses for example. I am sure that is being done in one forum or another, which make me sick.

Finally, there is the problem of timing. “if CSAM content was uploaded to a platform in 2018 and then added to a hash database in 2020, that content could potentially stay on the platform undetected for an extended period of time.” You have to update your data, which is certainly being done but there is no guarantee that your AI is using the most recent data, which has been well documented. The researchers recommend better reporting feedback mechanisms when a user finds these materials by Hugging Face and others. UC Berkeley professor Hany Farid wrote about this issue a few years ago, and said these materials “should not be so easily found online. Neither human moderation nor AI is currently able to contend with the spread of harmful content.”

A friend told me this tale of woe that someone he knows had all their Mac Things compromised to the point where they were no longer working. Before I describe the situation, if you use iCloud, do these three things now:

1. Change your iCloud password now. Pick something unique, complex enough to satisfy all of Apple’s requirements (lower case, upper case, a number and a symbol). For easy typing on phones, I use a series of words with the other adornments. I know changing passwords is a pain. But please do this now. Really. I will wait.
2. Go to the iCloud security settings page and make sure you are using a two-factor method that isn’t SMS-based (and if you dare, uses passkeys).
3. Go to your photo collection, and delete pictures of your ID documents, like driver’s license or passport. If you travel (remember travel?), one of the things they tell you is to make copies of your ID in your photo stream. I don’t think that is safe advice now, and will explain later. If you want to keep copies of these documents, make a printed photocopy and keep it in a different place from your actual documents.

Now, why go through all this? If you don’t know about SIM swapping, take a moment to click on that piece that I wrote a few years ago and learn more about it. Basically, once a criminal knows your cell phone number, they can impersonate you and get your phone number reassigned to their own phone and the fun begins.

What if you don’t use iCloud but use Google’s Account? You should follow a similar path, particularly if you have an Android phone.

Now, why the business of deleting your identity docs? This is because once someone has control over your iCloud, they look through your photo stream and find these things, and then use that as the authentication process to recover your other accounts. And if you employ the “fake birthday” dodge (as I do and described here) you will have additional pain and suffering if you have to show your ID and the person you are talking to can’t match it to your fake birthday that you set up when you first created your FaceTwitTok account.

Happy holidays folks. Don’t respond to texts from out of the blue. Don’t click on anything in email, even from someone you correspond with. And don’t reuse your passwords and eat your veggies while you are at it too.

Is it possible to fall in love with a protocol? I mean, really? I know I am a nerd, and I guess this is yet further evidence of my nerdom. But to properly tell this story, we have to go in the Wayback Machine with Mr. Peabody to 50 years ago, when Vint Cerf and Bob Kahn were working at Stanford and inventing these protocols. I was too young to appreciate the events at the time, but later my life would change drastically as I learned more about TCP/IP and how to get it working in my professional life.

You can read the original 1974 paper here as well as watch an interview with both men that was recorded earlier this year.

In the mid 1990s, I would meet Vint and so began our correspondence that has lasted to this day. I posted an interview with him in 2005 here that is still one of my favorite profiles. This was when he was about to start at Google and when I was running Tom’s Hardware. I asked him to recall the most significant moments of TCP/IP’s development:

• 1/1/1983 – The cutover on Arpanet to TCP/IP
• 6/1986 — The beginning of NSFNET
• 1994 — Netscape supports HTTP over TCP/IP and when Berkeley BSD 4.2 unix release with support for TCP/IP
• 2007 – The introduction of the iPhone

That is a pretty broad piece of computing history.

TCP/IP spent its first couple of decades growing up. Few people used it, and those that did were more akin to being members of a secret society, the keepers of the flame called Unix. (Unix would evolve into Linux, as well as the MacOS, and then into containers.) But then something called the Internet caught hold in the early 1990s. I wrote a blog post not too many years ago about the early tools we had to suffer with during that era to get TCP/IP working on other computers, such as DOS and Windows and Netware. It was far from easy, and many businesses had all sorts of pain points to get TCP/IP working properly. BTW, that link also has a hilarious clip about “the internet” that has held up well.

Netware is actually where my love for the protocols blossomed. Many of you might recall how powerful this early network operating system was, and how it could run multiple protocols with relative ease. They saw the importance of TCP/IP and invested heavily in equipment that would bring it to ordinary desktops, and by ordinary I mean the versions of Windows that we had to suffer with back then. Setting up a computer to connect to something else then was made a lot easier with Netware’s TCP/IP support.

But it wasn’t just Netware, but the web that really turbo-charged TCP/IP. That also took off during the 1990s, and it went from curiosity to standard practice seemingly overnight. The web really changed how we interacted with information. In my own case, I saw the publications that were making millions of dollars selling printed magazines go to a much reduced online form, and editorial staffs drop dozens of people from their mastheads. Now it is rare that a publication has more than a single full-time editor, which is great if you are a freelancer (which I am) but then budgets continue to shrink too, which is not great.

But in spite of these cataclysmic moments, I still say that I love TCP/IP. I don’t blame the protocol for the transformation of my industry. Au contraire, it made my computing life so much easier. Its beauty was its extensibility, its universal connectedness that was useful in so many different situations. And it also enabled so many apps, both then and now. And every app tells another story, which is after all my bread and butter.

This week, I bought a lighting controller that supports TCP/IP, for example. And that brings up another point. Today, we don’t give TCP/IP much attention, because it has been woven into the fabric of our computing systems so well. It is pervasive: you would be hard pressed to name a computer that doesn’t support TCP/IP. And by computer, I mean our smart TVs and other home appliances, our cable modems, our networks, our cars.

Vint wrote me after he read this essay: “TCP/IP has been improved over the years by people like Van Jacobson and David Taht among others. Google introduced QUIC which provides TCP-like functionality with some additional features. But it has certainly been a workhorse for the world wide web and its applications.” Note what he is doing here: giving credit to other innovators and extensions who have built some interesting things on what he and Kahn came up with 50 years ago. A class act.

So much love to spread around. I count myself lucky to have been present for the last 30 years of the tenure of TCP/IP, and chronicle its growth and popularity.

About 20 years ago, Skype was the backbone of my telecoms. I used it to stay in touch with a worldwide collection of editors when I was running Tom’s Hardware and to make all of my international calls for pennies per minute. Some of you are old enough to remember when these calls cost dearly, if they could be made at all.

When you think about this broad stretch of time, and that you can now reach people on the other side of the world, with usually solid audio (and in some cases video) quality, it is pretty amazing. And it is nice to have lots of choices for your comms too.

If you want some perspective on how much this tech has changed since 2006, check out this piece that I wrote for the NY Times about the business instant messaging use. Remember Lotus Sametime? Jabber? AOL? Yahoo?

I wrote about this most recently in 2020 here, where I staked out the entire messaging interoperability problem, and when Teams was just muscling into this market.

This week I gave up my subscription and last remaining Skype credits of some $3. I haven’t used the thing in months, and it was time to say goodbye. Since being absorbed by the Redmond Borg, it has gotten less usable and useful. I almost always get stuck trying to figure out how to authenticate myself into live.com among my numerous accounts.

My choices for international communications is now plentiful. If I have to actually talk to someone, the most used is WhatsApp, which works reasonably well and is almost universal among people that I connect with. In second place is texting, either using SMS/iMessage or sometimes with Facebook Messenger. If I were younger I would probably put texting in first place. I use Microsoft Teams or Slack to communicate with my business colleagues, depending on which platform they are using. Sometimes I use Google Talk to make a few calls from my computer. My mother-in-law has an Alexa show, which makes for yet another channel to use.

Juggling all this tech can be tiresome to be sure. But it meant that Skype was gradually marginalized as time went on.

I have been writing about online shopping for more than 25 years, starting in the mid-1990s when I became so enmeshed in it that I taught classes for IT folks to implement it in practice in their companies. I reviewed that history in an earlier post here.

Back in those early days,​ I had fun assignments like trying to figure out how long it took staff from an online storefront to respond to me-as-a-customer email queries, or documenting how hard it was to actually buy stuff online. Yes, someone actually was paying me to write an article about online stuff, which then would be published in a printed magazine weeks later. It seems so quaint now.

I also had a two-day seminar at various international trade shows about understanding internet commerce, payment systems, and installing and operating your own web storefront. One group of the attendees were from the US Postal Service, who were trying to put up a storefront selling stamps. Seems simple, right? What happens when your inventory can’t reflect the actual real-time situation — then you have a lot of angry stamp collectors. As I said, fun times.

Today I want to vent about a more basic issue: why has the online storefront become such a shopping hellscape? Let me explain.

Last week I wasted about an hour of my life trying to purchase two toiletries: shaving cream and deodorant. For many things, I am not brand-sensitive, but for these two items I am. Being a Prime Family, I went first to Amazon, where I was presented by dozens of online merchants that would try to sell me the exact item that I wanted. Except, they weren’t actually Amazon itself, but third parties. Many of which had “only 2 items left” warning labels — the latest come-on employed by online scammers everywhere. Create that sense of urgency, fueled by Covid supply chain issues, and get the customer to commit NOW! I moved on.

Next was Target.com, where I was greeted by first making sure that I had captured my account password before I attempted to buy anything. Then I had to decide which of three methods to get my stuff: by mail, pickup in the nearest store (what was my zip code, since I neglected — deliberately — to have that in my account profile), or same-day delivery. Each had a raft of options depending on how quickly I needed my items. And I hadn’t yet gotten to where I actually could search for my two precious toiletries. Forget Target.

Walgreens and CVS websites weren’t much better. I almost bought something here — I can’t recall which drug store — that would have one item mailed, one that I could pickup. Only it wasn’t at the nearest store, but one a few miles away. What was I doing? That was when I came to my senses.

I closed my computer in disgust and got on with my day.

Yesterday, I resumed my quest. There is a local drugstore that is a few blocks from my house, and I happened to walk by and thought, let’s just go in and see what they have in stock. Now, this is a small family operation not affiliated with the big chains. But that is a good thing because of three reasons. First, if you call them, you can actually talk to a live pharmacist within a moment, without having to wait on hold for 20 minutes or more. Second, they don’t lock away their stuff, like the big chains do, because of theft problems. But they get around that with an interesting twist: their shelves look very bare, because only one item of a given product is put there. That is their solution to shoplifters and the effect initially is quite eerie. But they didn’t have my brands, so I went away empty handed. (The third reason is that I have gone there to get my shots, because again they are easy to deal with.)

I came home frustrated. Then I thought I would try the small grocery store literally across the street from my home. Finally — and ironically — success. After running around in circles, the solution was simple, and the prices just a little more for the convenience of not having to navigate a series of lengthy menus and other effluvia.

Mission accomplished.

So what has happened to online storefronts in the past 25 or so years? In the quest to make everyone able to buy just about anything, they have become unusable. Menus are inscrutable, choices confound, and delivery mechanisms are so plentiful that they can paralyze consumers. So as I am looking through my slide deck for those c.1997 seminars that I taught around the world, I happened upon this summary of the implications of ecommerce:

• Consumer control of privacy is essential  — most folks simply want the choice of opting out
• The granularity of control must be fine, e.g.,
  • over number and frequency;
  • over categories of interests; and/or
  • over (indirect) dissemination to third-parties

In some respects, we have come a long way since those early days. In others, we are still learning these basic concepts. And next time I need something, I will head across the street to my local shop first.

I wrote about the insidious operations of the spyware known as Predator for SiliconANGLE today. This nasty piece of work infects your phone and can capture everything going on around you, and what you type, and where you go, among other things. If this sounds familiar, it is. Remember the Pegasus spyware that was sold by the Israeli NSO Group?

A consortium of international researchers and reporters have published a coordinated expose about the spyware, just like what happened a few years ago with Pegasus. What I want to talk about in conjunction with this effort are things that you can do to protect yourself. While you may not be a target, if you are sufficiently paranoid, you might want to implement at least one of the suggestions from the main Amnesty International report to protect your privacy.

I have annotated their recommendations with my own experience.

If you are thinking of attending a protest, take a few moments to review the EFF’s recommended strategies for protecting your digital assets and privacy in this blog post. It is  both an interesting document and a sad testimonial to the state of our present day that the document had to be written at all.

Here is the issue: police are increasingly counting on protesters’ cell phones to be used as evidence, so information on them — your contacts, your photos, your text messages — can be used against you. And not just during protests, either: border crossings can be problematic too. So as the scouts say, be prepared.

The suggestions span the gamut from things to do before you attend a protest, what to do during the protest, and what to do if you are arrested and if your phone and other digital devices are seized. EFF recommends leaving your regular phone at home and buying a burner that just has the Signal messaging app on it; Signal provides end-to-end message encryption, something that I spent some time thinking about. I put together a series of recommendations for business IT managers about how to enable and use this feature across other messaging services for SiliconANGLE earlier this summer.

One of the aspects of Signal is that you can use it to scrub the metadata from your photos. This is important if you intend to post any of the pictures online. You can also take screenshots of your photos if you don’t care about image quality.

There are other helpful suggestions too, such as taking pictures without unlocking your phone, and disabling the facial or fingerprint ID feature, in case a law enforcement officer forces you to unlock it. They explain: “Under current U.S. law using a memorized passcode generally provides a stronger legal footing to push back against a court order of compelled device unlocking/decryption.” They explain the difference between encrypting the data on the phone and encrypting an external SD memory card might require two different steps. And there are numerous suggestions on how to turn off location tracking, Bluetooth, and other radios. That may only be a temporary solution, however: once you turn these radios back on, your phone may send the stored data once you reconnect. The best solution is to turn your phone off entirely.

Finally, they sum everything up with this piece of advice: “It’s important to carry the bare minimum of data with you, and use the strongest level of encryption, when going into a risky situation like a protest.”

For the past month, I have been messing around with an Ecobee “smart” thermostat for my condo’s heat pump. The reason for the quotes will become clear as you follow along in my journey.

I live in a high-rise condo and it was time for the regular servicing of our heat pump, if by regular you mean a spousal request that I should finally get the AC tech out to tend to it. The tech came, said everything was looking good but that you might want to get a new thermostat, for reasons that I don’t recall now. That provided enough motivation for me to start down my Ecobee journey, which is the brand that the tech recommended.

My electric utility was offering half off if I bought it through them. They also had free Nest thermostats, which my tech said I should steer clear of. Given that they were free I figured that something was wrong with them. So I got the mid-priced model and it arrived a few days later. It did take three phone calls to find the webpage to order the thing, let’s just put that there in terms of pain points.

Now, I have to say right up front that I am not a handy guy. Generally, I know my limitations. I was going to give the Ecobee a try, until I saw that I had to deal with putting a bunch of tiny wires in the right places. (You can see what I mean in the photo above. The putty around the edges is to block out airflows from behind the wall, which was suggested by the hot line folks.) I put in a call to my AC repair folks, who happily charged me more than I paid for the device to come install it with tech #2 (a different guy from the first one). Some drilling was involved. I made the right choice not to fly solo on this install.

I was impressed with the level of support from Ecobee: their smartphone app will take you step by step through the initial installation and also help troubleshoot any problems. There is also a phone hotline that is answered promptly and by native English speakers who have tremendous patience to deal with your issues, and I had plenty. One concerned the fact that the temperature reported by the thermostat was off by four degrees with a thermometer that we were using to verify that it was working. After several calls to the hot line, they told me that I could adjust the temperature with a “fudge factor” (that wasn’t the term they used but that is what it was) so they could match.

But we also had another problem, which the kind folks at Ecobee put the blame squarely on my heat pump. It turns out the water drain from the unit would clog up, but only after the unit would operate for an hour. Another visit from the AC tech, at least this one was free where tech #2 (the same guy who installed the thermostat) found the problem.

So I think we finally have all systems go. One issue that still remains is that the Ecobee has three different ways to control its operation: a touch screen on its front panel, a web page or via its smartphone app. All three have slightly to majorly different user interfaces. Some things are quickly accessed with one or the other interface, which doesn’t make it spousal friendly. But one nice thing is that you can control it when you aren’t home, which is helpful in debugging problems and also when you are on vacation and want the home cooled or heated to your requirements before you walk in the door.

Do I regret buying the Ecobee? No. I regret that it takes an IT guy 10 phone calls and an outlay of cash to get professional help to get it operational. Hence why I put the “smart” in quotes: maybe if it was used by a “smarter” home owner I would feel differently. Now if only I could get my “smart” TV to work the way I want it to.