Posts

Hanging by Meta’s Threads

[NB: check the byline, thanks. /~Rayne]

If you are very much online in social media, you’ve likely heard the buzz about Threads – the new microblogging platform owned and operated by Facebook’s parent, Meta.

I’m not going to get into a detailed discussion of Threads versus its problematic competitor Twitter or ex-Twitter CEO Jack Dorsey’s problematic alternative, Bluesky Social. You’re perfectly capable of doing the homework on them and other competing microblogging platforms.

Of concern to me: how will Threads eventually interact with the open source federated universe (fediverse) of platforms including Mastodon. Threads is expected to federate eventually and allow easy sharing of communications and content between member platforms in the fediverse.

There has been so much conversation about this topic in Mastodon that I’ve had to filter it out. The discussion has been warranted, but the subject has been polarizing and frankly exhausting.

Some Mastodon users – mostly those who left Twitter and miss it badly – want this new Meta project to integrate seamlessly with Mastodon so that they can encourage former Facebook folks to come over to Mastodon. They’re missing much busier levels of activity in their timelines which was driven by algorithms at Twitter and as well at Facebook. And some simply can’t handle the increased complexity Mastodon poses, from choosing an instance to finding friends old and new, or building a feed.

Some Mastodon users – like me – don’t really care to federate with Meta’s users whether from Facebook or Instagram. In my case my primary concerns are data privacy and remaining ad free. While I feel fairly confident my experience within Mastodon won’t ever involve ads, I can’t say that will be the case once I make contact with someone in Threads just as looking at a tweet on Twitter will likely expose me to advertising. I simply do not want to give my attention without my advance consent to any business advertising in social media.

(Side note: look around here in emptywheel – see any ads? How’s that shape your experience here?)

Because of these concerns I’ve been looking for ways to limit exposure of personal data now that Meta has begun a soft launch of Threads over the last 24 hours.

~ ~ ~

Ahead of a formal launch, Eugen Rochko, Mastodon’s creator, published a statement about the way Threads and Mastodon are supposed to work. This statement was the result of meetings he had with Meta about the way Threads was expected to work once it joined the fediverse.

See https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/

Note this paragraph in particular:

Will Meta get my data or be able to track me?

Mastodon does not broadcast private data like e-mail or IP address outside of the server your account is hosted on. Our software is built on the reasonable assumption that third party servers cannot be trusted. For example, we cache and reprocess images and videos for you to view, so that the originating server cannot get your IP address, browser name, or time of access. A server you are not signed up with and logged into cannot get your private data or track you across the web. What it can get are your public profile and public posts, which are publicly accessible.

There’s still a problem here, if you think back to what researcher Aleksandr Kogan could do with Facebook’s data harvested ~2014. The network of people around those whose data had been obtained could still be deduced.

If some users outside Meta have past usernames in Facebook/Instagram/WhatsApp which match; and/or if users have had previous long-term contacts with Meta users, and/or if data from Twitter or other social media platforms can also be acquired and correlated, it wouldn’t be difficult to build out the social network of Threads users who interface with Mastodon or other fediverse platform users.

This gets around the reason why Mastodon in particular has been resistant to integrating search across the fediverse. Search was intentionally limited during Mastodon’s development to prevent swarming and brigading attacks and other forms of harassment targeting individuals, particularly those identified in minority and/or protected classes.

Consider for example the case of a gay person who associates with other gay people who know each other locally but communicate using these tools. It won’t take that much effort especially with the aid of GPT AI to to create the means to identify entire networks of gay persons related one to several degrees apart. Once identified, it wouldn’t take much to begin brigading them if enough other hostile accounts have been established. One could even imagine the reverse identification process applied in order find persons who are violently anti-gay and likely to welcome opportunities to harass gays.

Imagine, too, how this could affect young women contacting others looking for reproductive health care information.

~ ~ ~

There is a temporary saving grace: Threads is not approved in the EU. Not yet.

The server which hosts my Mastodon account is located in the EU and therefore will not yet allow Threads users access through federation.

The same server’s administrator also polled users and asked if they wanted to allow Threads to federate with this server they voted it down.

So I guess I’m okay where I’m at for the moment.

There are fediverse servers out there which will never allow Threads to federate with them. I’ve seen a Mastodon server which has said it will never allow Meta applications to federate because it’s against their server’s terms of use to allow entities which enable genocide and crimes against humanity to do so.

Good for them.

And good for us: PressProgress editor Luke LeBrun collected the app privacy policies for Threads, Bluesky, Twitter and Mastodon for contrast and comparison:

Can’t imagine why I would have any concerns about Threads…ahem.

~ ~ ~

This is all fairly new and unfolding even as I write this. What the fediverse will look like once Threads makes full contact is anybody’s guess.

But there are several things we do know right now, with certainty:

– Meta has been and remains a publicly-held holding company for a collection of for-profit social media businesses. Its business model relies on selling ad space based on targeted markets, and selling data. This will not change short of a natural disaster like a meteor strike taking out all of Silicon Valley and the greater San Francisco area, and that may still not be enough to change the inevitable monetization of Threads and all the platform touches.

– Meta has been operating under a consent decree issued by the Federal Trade Commission since 2011 after violating users’ privacy; it violated that agreement resulting in a $5 billion fine which it has fought against paying. Meta’s track record on privacy is not good and includes the non-consensual collection of personal data by academic Aleksandr Kogan. The data was later used by Cambridge Analytica/SCL and may have been involved in influence operations during the 2016 election.

– The EU is light years ahead of the US when it comes to privacy regulations. California as a state comes closest to the EU in its privacy regulations but it shouldn’t matter which state we are in – our privacy concerns are the same across the country, and opt-in should be the standard, period. US state and federal lawmakers have been and will likely continue to be slow to take any effective action unless there is considerable pressure by the public to meet the EU’s efforts.

– Law enforcement in the US have purchased and used without a warrant personal data collected through users’ use of social media. There has been inadequate pressure by the public to make this stop and will put the health and safety of women and minority groups at risk.

Changing the direction in which this is headed requires engagement and action. By now you know the drill: contact your representatives in Congress and demand legislation to protect media users’ privacy. (Congressional switchboard: (202) 224-3121 or Resist.bot)

That’s no slip: no form of media on the internet should be immune from protecting its users’ privacy.

You should also contact your state’s attorney general and as well as your legislators and demand your state matches California’s Consumer Privacy Act (CCPA) when it comes to privacy protections – at a minimum. Meeting the EU’s General Data Protection Regulation (GDPR) would be better yet.

I Did Nazi Crustpunk Bar Fail, Redux [UPDATE-1]

[NB: Check the byline, thanks. Updates to appear at bottom of post. /~Rayne]

Because you people will NOT stop whining about the bird-logoed crustpunk Nazi bar sinking even further below the waterline, I am putting up a dedicated post for that subject.

RULE NUMBER ONE: Nothing but Twitter and social media related comments allowed in this thread.

RULE NUMBER TWO: Do NOT take your comments about Twitter and other social media platforms to other threads.

RULE NUMBER THREE: See the first two rules, and don’t expect this site to have any power to do anything to change the crustpunk Nazi bar or other similarly centralized social media failures like Reddit and that scofflaw Meta (home of Facebook, Instagram, and WhatsApp).

~ ~ ~

UPDATE-1 — 8:30 P.M. ET —

Here’s a rough tick-tock leading to today’s huge uptick in new Mastodon account sign-ups —

Wednesday, May 24 — Ron DeSantis’ live campaign launch via Twitter Spaces was an utter disaster; DeSantis’ supporters try desperately to put a positive spin on it.

Thursday, May 25 — Twitter’s chief engineer resigned.

Friday, May 26 — Apparently Twitter had not paid the software company which provided service for live video feeds used in Twitter Spaces.

Sunday, June 11 — Engadget reports there may be problems ahead for Twitter:

More platform instability could be in Twitter’s near future. In 2018, Twitter signed a $1 billion contract with Google to host some of its services on the company’s Google Cloud servers. Platformer reports Twitter recently refused to pay the search giant ahead of the contract’s June 30th renewal date. Twitter is reportedly rushing to move as many services off of Google’s infrastructure before the contract expires, but the effort is “running behind schedule,” putting some tools, including Smyte, a platform the company acquired in 2018 to bolster its moderation capabilities, in danger of going offline.

Thursday, June 29 — Some folks observe difficult sporadically with accessing Twitter links.

The New York Times reported new Twitter CEO Linda Yaccarino ordered Google to be paid after she spoke with the head of Google’s Cloud division.

Friday, June 30 — Persons attempting to access any Twitter page are unable to do so unless they are a logged-in registered user.

Elon Musk later confirmed access has been deliberately cut off for all outside users, claiming Twitter is being scraped aggressively.

There is a lot of speculation the service is degrading because Twitter didn’t pay Google, but NYT’s report suggested otherwise.

Saturday, July 1 — Twitter users note Twitter is down. Musk also tweets that users will be rate limited on the amount of tweets they can read each day.

Before the widespread outage, observers noted Twitter had been DDoS-ing itself:

Twitter and Mastodon user Sheldon Chang offered more detail:

Sheldon Chang 🇺🇸 @[email protected]
This is hilarious. It appears that Twitter is DDOSing itself.

The Twitter home feed’s been down for most of this morning. Even though nothing loads, the Twitter website never stops trying and trying.

In the first video, notice the error message that I’m being rate limited. Then notice the jiggling scrollbar on the right.

The second video shows why it’s jiggling. Twitter is firing off about 10 requests a second to itself to try and fetch content that never arrives because Elon’s latest genius innovation is to block people from being able to read Twitter without logging in.

This likely created some hellish conditions that the engineers never envisioned and so we get this comedy of errors resulting in the most epic of self-owns, the self-DDOS.

Unbelievable. It’s amateur hour.

#TwitterDown #MastodonMigration #DDOS #TwitterFail #SelfDDOS

Jul 01, 2023, 11:03 · Edited Jul 01, 13:02

You can see the videos he shared at the link above.

Techdirt’s Mike Masnick offered his opinion about the rate limiting:

I don’t have words for this clusterfuck except to say I expected this level of fail and worse to come, even with a new CEO on board. Good luck, Yaccarino. I hope you got a guaranteed payout.

~ ~ ~

Meanwhile, at Mastodon:

Mastodon Users @[email protected]

12,916,975 accounts
+4,614 in the last hour
+34,484 in the last day
+108,119 in the last week

[Graphic alt text: Four time-based charts

Upper blue area: Number of Mastodon users
Upper cyan area: Hourly increases of number of users
Lower orange area: Number of active instances
Lower yellow area: Thousand toots per hour

For current figures please read the text of this post]
Jul 01, 2023, 19:00

~ ~ ~

If there is more news in the next 12-24 hours about Twitter, I will update this post.

Lasciando il matrimonio di Elmo

[NB: check the byline, thanks. /~Rayne]

My moderation team counterpart bmaz is a bit put out at people who are flouncing Twitter dramatically. We don’t see eye to eye about the topic of departing Twitter now. I’m among those who are unwinding their accounts now that Elmo has been forced into marrying Twitter, Inc.

Elmo’s turbulent management style is one reason I’d like to leave. Who knows what any given day will yield – will a new policy pop up out of the blue insisting users must pay for services to which they’ve become accustomed for years?

Security is another matter of concern, and in saying security I mean I have my doubts about personal data security now that Elmo has capriciously announced he’s going to fire 75% of Twitter’s personnel…and now 50% this Friday…and maybe with or without compliance with state or federal WARN Act.

Does anyone really think Twitter personnel are at top form right now when they’re looking over their shoulder for their pink slip? Could you blame them if they aren’t?

But my biggest single reason for wanting to leave Twitter is this: I do not want to be Elmo’s product.

~ ~ ~

Artist Richard Serra said of his experience viewing the painting Las Meninas (c. 1656) by Diego Velázquez:

“I was still very young and trying to be a painter, and it knocked me sideways. I looked at it for a long time before it hit me that I was an extension of the painting. This was incredible to me. A real revelation. I had not seen anything like it before and it made me think about art and about what I was doing, in a radically different way. But first, it just threw me into a state of total confusion.”

When one first sets eyes upon the painting, it appears to be one of the young Infanta Margaret Theresa of Spain and her ladies in waiting, standing next to a portraitist at work. It takes a moment to realize that the portraitist isn’t painting the Infanta but whomever the Infanta is observing, and yet another moment to realize the subject of the portrait and the Infanta’s gaze can be seen in the mirror behind them.

The painting’s observer will then realize they are standing in for the Infanta’s parents who are being painted by the portraitist — and the painting is a self portrait of Velázquez at work. The painting’s observer is a proxy who has not fully consented to their role but nonetheless becomes the subject of the painter at work.

It is this same inversion which must be grasped to understand why I refuse to be Elmo’s product.

I know that I am not Twitter’s customer. I’m not the consumer.

If I remain I am the consumed in Elmo’s forced marriage scenario.

~ ~ ~

Serra and director Carlota Fay Schoolman produced a short film in 1973 entitled, “Television Delivers People.” It was considered video art, using a single channel with a text scroll to critique television.

This excerpt explains the relationship between the audience and television:

Commercial television delivers 20 million people a minute.
In commercial broadcasting the viewer pays for the privilege of having himself sold.
It is the consumer who is consumed.
You are the product of t.v.
You are delivered to the advertiser who is the customer.
He consumes you.
The viewer is not responsible for programming —
You are the end product.

What television did in the 1970s, social media does today. It consolidates access to disparate individuals over distances into audiences of varying sizes and offers them to advertisers.

Social media is mass media.

Social media, however, doesn’t serve audiences to advertisers alone. Given the right kind of incentives and development, audiences can be bought for other purposes.

There are almost no regulatory restrictions on audiences being identified, aggregated, bought, and resold, and very little comprehensive regulation regarding data privacy.

Elmo so far doesn’t appear to understand any of this between his uneducated blather about free speech and his ham handedness about Twitter’s business model.

I do not want to be sold carelessly and indifferently by Elmo.

~ ~ ~

If you are a social media user, even if validated or a celebrity with millions of followers, you are the product. You are being sold by the platform to advertisers.*

There may even be occasions when you’re not sold but used – recall the access Facebook granted to researcher Aleksandr Kogan in 2013 as part of experimentation, which then underpinned the work of Cambridge Analytica ahead of the 2016 election.

Facebook was punished by the Federal Trade Commission for violating users’ privacy, but there’s still little regulatory framework to assure social media users they will not be similarly abused as digital chattel.

What disincentives are there to rein in a billionaire with an incredibly short attention span and little self control now that he’s disbanded Twitter’s board of directors? What will prevent Elmo from doing what Facebook did to its users?

I’ve raised a couple kids with ADD. I don’t want to be on the other end of the equation, handled as digital fungible by an adult with what appears to be ADD weaponized with narcissism.

I deserve better.

I’m only going to get it if I act with this understanding, attributed again to Serra:

If something is free, you’re the product.

~ ~ ~

By now you should be used to hearing this, but I’m leaving this marriage, Elmo.

Treat this as an open thread.

__________

* We do not sell data about our community members.

Live Thread: U.S. Senate Commerce Hearing with Facebook Whistleblower [UPDATE-5]

[NB: Check the byline, thanks. /~Rayne]

The Senate Commerce Committee is conducting a hearing right now; Facebook whistleblower Frances Haugen is currently testifying before the committee.

You can watch the hearing at C-SPAN at:

https://www.c-span.org/video/?515042-1/whistleblower-frances-haugen-calls-congress-regulate-facebook

You can also catch up with the backstory leading into this hearing by catching CBS’s 60 Minutes feature from this past weekend at:

https://www.cbsnews.com/news/facebook-whistleblower-frances-haugen-misinformation-public-60-minutes-2021-10-03/

Haugen is the former Facebook insider who leaked corporate documents to the Wall Street Journal several months ago, culminating in reports published a couple weeks ago. Sadly, the work is paywalled.

These are the key points WSJ reported on based on the documents:

– Facebook internal documents outline an exempt elite who can operate without prohibitions.

– Facebook’s Instagram platform knowingly relies on toxicity dangerous to teen girls.

– Facebook’s 2018 tweaks to algorithms heightened polarization between users.

– Facebook’s response to known use by organized crime from trafficking to drugs is grossly ineffectual.

– Facebook’s own algorithms undermined Zuckerberg’s efforts to encourage COVID-19 vaccinations.

All this in addition to its complicity inciting genocide of more than 25,000 Rohingya minority members in Myanmar means that Facebook is beyond toxic. It’s deadly.

I’ll update this post with additional content. Share your comments related to Facebook, social media, and today’s hearing in this thread.

~ ~ ~

On a personal note: I don’t use Facebook for many of the reasons outlined in Haugen’s disclosures and the reasons that the Federal Trade Commission issued a consent decree against Facebook back in 2011 (which Facebook violated, resulting in a $5 billion fine in 2020).

I already had strong doubts about Facebook because my oldest child was bullied by a classmate on the first day they opened a Facebook account. They had begged me to let them open an account and in spite of all my precautionary measures and coaching, they were still tormented immediately and out of view of the other student’s parents.

That was more than 14 years ago. Think of what 14 years of this kind of behavior alone will do to our children and young adults, let alone what troll farms masquerading as children on line will do to them.

And now we know Facebook has known about this toxicity targeting young women and girls, and that it has continued to develop a platform aimed at monetizing children and teens’ use of social media.

Kill it now.

~ ~ ~

UPDATE-1 — 12:30 PM 05-OCT-2021 —

I missed the earliest part of the hearing, am now going back through earlier portions.

Sen. Cynthia Lummis (R-WY) at 9:27 am expresses reluctance to break up companies or deem social media platforms to be utilities, calling it heavy handed.

Uh, not heavy enough. Yesterday’s outage proved Facebook is a communications system when WhatsApp went down with Facebook and Instagram.

Sen. Dan Sullivan (R-AK) is prodding about regulatory oversight. Haugen says Facebook’s closed system traps the company and prevents them from changing their operations – a closed loop which it can’t break – and government intervention through oversight would break that loop for them.

Nation-state surveillance comes up next; Facebook could see other countries surveilling users. Haugen says the U.S. has a right to protect Americans from this kind of exposure.

UPDATE-2 — 12:36 PM 05-OCT-2021 —

Live hearing again. Sen. Rick Scott (R-FL) says he sent a letter to Facebook about related concerns well before this hearing. He asks Haugen about age restrictions for users; she feels the restriction should be changed to 16-18 years of age because of teens’ weaker impulse controls and concerns about addictive behaviors.

How to screen for age is tricky, IMO. Kids have gotten around this and parents have been just plain neglectful.

UPDATE-3 — 12:47 PM 05-OCT-2021 —

Sen. Richard Blumenthal (calls Facebook a “black box,” designed as such by Mark Zuckerberg, referencing legal obligations under Section 230.

Haugen adjusts the point he’s making by noting Facebook had said it could lie to the courts because it had immunity under Section 230.

Well that explains why Zuckerberg believes he can lie to Congress as well, as he has in at least one hearing, and why a representative for Facebook lied just this week to Congress in spite of Facebook documents liberated by Haugen proving otherwise.

Haugen says she doesn’t like seeing people blaming parents. Sorry, too bad — as a parent I know the ultimate authority over internet use at home with parent-funded devices is the parent, and I know far too many parents are just plain lazy when not willfully uniformed about social media use. More parents should have been up in their representatives’ faces all along about social media’s impact on their children.

UPDATE-4 — 12:55 PM 05-OCT-2021 —

Haugen is responding to questions from Sen. Todd Young (R-IN). She says Facebook knows how vulnerable people are who’ve had big life changes like divorce or death of a friend/loved one, how they can lose touch with surrounding community in real life because they are framing their perspective on thousands of distortive posts on Facebook.

She also doesn’t believe in breaking up Facebook.

Too fucking bad. The outage yesterday proved Facebook needs to be broken up.

Sen. Marsha Blackburn (R-TN) has been given a copy of a tweet by a Facebook employee, Andy Stone, who rebuts Haugen’s credibility based on her work experience. Blackburn invites Mr. Stone and Facebook to be sworn in and testify instead.

You know there will be more concerted attacks on Haugen’s credibility. Sure hope there’s nothing on her in Facebook’s data.

UPDATE-5 — 1:06 PM 05-OCT-2021 —

Sen. Amy Klobuchar (D-MN) asks about Facebook studying children under 13 about eating disorder and whether the company is pushing eating disorder-related content children that age. Haugen implies they are getting ground this by encouraging inauthentic accounts.

Klobuchar asks about banning outside researchers; Haugen says the blocking is an indication that federal oversight is necessary when Facebook goes so far out of its way to block them.

Sen. Ed Markey (D-MA) says he sent a letter to Facebook ten years ago asking if the company was going to collect data on child users on its platform, and now Congress is back revisiting the issue. He plugs further regulation including controls on AI.

Haugen earlier in this hearing said AI was a known problem referring to bias.

Markey brings up the Children’s Television Act of 1990 he authored which protects kids up to age 12.

Sounds like Facebook must have used this as a jumping point for its existing prohibition on accounts for those under age 13.

Haugen responds to Markey saying removing Likes/Comments/Reshares which encourage more engagement aren’t enough to protect children. They’re still exposed to dangerous “extreme and polarizing” content.

Markey asks if Haugen thinks any visible measures of content popularity should be removed on content for children – she’s not quite as forceful on this as his question about removing targeted ads aimed at children to which she’s firmly agreed.

Three Things: Mary Had a Little Lambda [UPDATE-1]

[NB: Note the byline, thanks. Update at bottom of post. /Rayne]

It feels odd after nearly 18 months to spend so much less time reading and writing about COVID. I guess that’s what successful vaccine will do to a pandemic.

But the pandemic isn’t over, not by a long chalk. There are far too many vaccine-resistant individuals in the U.S. let alone the rest of the world for us to think we’re aren’t at continued risk, even those of us who are vaccinated. Every unvaccinated person at this point is an incubator for another variant which may succeed in evading our current vaccines.

Just get your damned shot or shots.

~ 3 ~

It absolutely amazes me how stupid the right-wing has become in this country. They cannot see Trump’s propaganda amplified by Qultists and the foreign-influenced anti-vaxx movement is literally sickening and killing them.

I wonder if this is unintended blowback, though. During the Trump regime we could expect the executive branch to act in a way which hurt minority groups the most when they intersected with Democratic voting and/or Trump’s personal pet peeves (ex. Puerto Rico where thousands died after Hurricane Maria – the same territory where a Trump-managed golf course failed).

Trump as well as Trump minions and supporters may have perceived the disease as one of blue states due to the early, deep impact on locations like New York City and Detroit. Trump’s familial henchman Jared Kushner didn’t want COVID aid to go to blue states because it was against Trump’s political interests (read: helping states with more minority voters).

But what if the right-wing has onboarded the flawed belief that COVID disproportionately affects blue states and minorities to the point that the right-wing feels they don’t need no stinking masks or vaccines? They’re white cis-het GOP voters, they are superior, they are unassailable.

Of course they aren’t and now they are dying from the Delta variant wave, in direct opposition to what a hostile foreign entity’s destabilization program might intend.

~ 2 ~

We’ve worked our way through a handful of SARS-CoV-2 variants, with Delta currently spreading like crazy across the country. This won’t be the last variant virus wave so long as less than 70-80% of the U.S. population is vaccinated.

There’s already another virus virologists, epidemiologists, and public health officials are watching closely to see if it is as transmissible as Delta or worse. Say howdy to Lambda, described here by scientist Rob Swanda.

It wouldn’t hurt to have an overview of Delta for that matter, with regard to its greatly increased transmissibility over previous variants’ mutations. Here’s Swanda’s Delta overview.

~ 1 ~

Media-disseminated disinformation and misinformation related to COVID is killing people, much of it focused on attacking the vaccines which prevent both its spread and severe infection. Joe Biden was too candid for Facebook’s taste when he said it’s killing people.

In this Twitter thread, Renee DiResta, an expert on disinformation and propaganda dispersion, looks at COVID anti-vaxx propaganda’s emergence from the earlier anti-vaxx movement which she has studied for years, and Facebook’s role in dissemination and force amplification.

Though DiResta says Facebook has improved while other media and key political figures continue disperse anti-vaxx nonsense, Facebook remains a distributor of anti-vaxx content. There’s no getting around this and Facebook only responds to accusations with defensiveness rather than offering measures to reduce anti-vaxx material in its platform.

There’s also no getting around Facebook’s resistance to criticism even from our representatives in Congress.

If any other consumer product played a role in the hospitalization of tens of thousands of Americans, hundreds if not thousands of deaths, and thousands of cases long-term disability, would the American people tolerate that product not being regulated?

Apart from guns, of course.

~ 0 ~

Continue to press your unvaccinated friends, family, associates, neighbors to get vaccinated. There’s no good reason to subject our health care professionals to this kind of trauma when this disease is preventable.

And continue to wear a mask in public settings even if you’re vaccinated. You’re not likely to spread the virus, but you may still get infected given the current prevalence of Delta and its much greater transmissibility. If you’re vaccinated your chances of needing hospitalization are extremely low, which is the entire point of being vaccinated. But since we don’t yet know what the long-term effects are of cryptic/asymptomatic/mild cases of COVID in vaccinated persons, it’s not worth taking the risk of future long-term disability.

UPDATE-1 — 10:30 PM ET —

The doctor who couldn’t offer vaccines to COVID patients before intubation has been harassed.


Our health care workers don’t deserve this kind of treatment when they are both doing everything they can and telling the public the truth about COVID.

And while Delta remains the prevailing variant responsible for new cases across the country, Houston Methodist Hospital reported a case of Lambda today. Still no more data as to whether Lambda poses a greater threat than Delta.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Geostrategic and Historic Implications of Crypto

If you haven’t already, you should read the superb WaPo story on Crypto, the Swiss encryption company that German and US intelligence agencies secretly owned, allowing them to degrade the encryption used by governments all over the world. The story relies on classified CIA and BND histories obtained by the paper and a German partner.

The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.

[snip]

The Post was able to read all of the documents, but the source of the material insisted that only excerpts be published.

The CIA and the BND declined to comment, though U.S. and German officials did not dispute the authenticity of the documents. The first is a 96-page account of the operation completed in 2004 by the CIA’s Center for the Study of Intelligence, an internal historical branch. The second is an oral history compiled by German intelligence officials in 2008.

From the 1970s until the early 2000s, the company ensured its encryption had weaknesses that knowing intelligence partners — largely the NSA — exploited. CIA retained control of the company until 2018.

The WaPo correctly puts Crypto in a lineage that includes later spying and politicized fights over which corporations run the global telecommunications system. But it curiously suggests that the US “developed an insatiable appetite for global surveillance” from the project, as if that’s a uniquely American hunger.

Even so, the Crypto operation is relevant to modern espionage. Its reach and duration helps to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden. There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments, including the Russian anti-virus firm Kaspersky, a texting app tied to the United Arab Emirates and the Chinese telecommunications giant Huawei.

Any nation-state or powerful non-state actor is going to want access to as much information as it can obtain. Russia, the Gulf states, and China, as well as the unmentioned Israel, are no different.

The story is better understood, in my opinion, as a lesson in how the US, Cold War partner Germany, and several key individuals and companies who could be motivated by Cold War ideology accomplished its spying. It absolutely provides important background to current US efforts to prevent rivals from achieving hegemony over communication structures. But if you didn’t know the US is so worried about Huawei’s dominance because it gives China a way to supplant the US spying footprint, you’re not paying attention.

Some particular features:

  • Crytpo was a Swiss company. That gave it some plausible deniability.
  • The operation struggled to find cryptologists who were good, but not too good. People who could identify weaknesses in the algorithms Crypto used either had to be fired or bought off.
  • The entire scheme worked off a corruption of market forces. The predecessor to Crypto sold shitty encryption to disfavored countries, but the US made up for the lost profits. Then, as integrated circuits presented a challenge for the business, the US leveraged that to get ongoing cooperation. Then CIA and BND bought out the company via a shell company set up in Lichtenstein. To sustain its customer base, Crypto would smear competitors and bribe customers with gifts and prostitutes.
  • The US leveraged its power in the US-German partnership at the core of the operation, forcing the Germans to sell degraded products to allied governments.
  • The ideology of the Cold War proved a powerful motive for some of the key participants, leading them to work for what ultimately was the CIA for no additional funds.

Those features are worth noting as you consider where this capability moved to as Crypto became less valuable:

  • AT&T and other US backbone providers
  • Silicon Valley companies compelled under Section 702 of FISA
  • Various products supported by CIA’s investment arm, In-Q-Tel
  • SWIFT

702 is the big outlier — in that the US government leveraged existing market dominance and actually didn’t hide what was going on to those who paid attention. But that’s changing. The US government is increasingly demanding that its 702 partners — notably both Apple and Facebook — make choices dictated not by a market interest in security but by their demands.

The WaPo story cites some “successes:” nearly complete visibility on Iran, a critical advantage for the UK in the Falklands war, and visibility on Manuel Noriega as he started to outgrow his client role. One wonders what would have happened if the US or its allies had lost visibility on all those key strategic points.

WaPo focuses its challenge to this spying, however, on what the US had to have known about but overlooked: assassination, ethnic cleansing, and atrocities.

The papers largely avoid more unsettling questions, including what the United States knew — and what it did or didn’t do — about countries that used Crypto machines while engaged in assassination plots, ethnic cleansing campaigns and human rights abuses.

The revelations in the documents may provide reason to revisit whether the United States was in position to intervene in, or at least expose, international atrocities, and whether it opted against doing so at times to preserve its access to valuable streams of intelligence.

Nor do the files deal with obvious ethical dilemmas at the core of the operation: the deception and exploitation of adversaries, allies and hundreds of unwitting Crypto employees. Many traveled the world selling or servicing rigged systems with no clue that they were doing so at risk to their own safety.

I’m actually more interested in the latter case, though (though after all, the US was overlooking atrocities in Iran, Panama, and Argentina, in any case).

These atrocities were known in real time, but ideology — largely, the same Cold War ideology that convinced some of the engineers to play along quietly — served to downplay them. The ideology that excuses much of our current spying, terrorism, likewise leads many to excuse Americans and allies overlooking atrocities by our allies (but that, too, is evident without proving they’re reading the SIGINT proving it).

But the solutions to this problem have as much to do with fixing ideology and market forces behind the power structures of the world as it does with protecting the encryption that people around the world can access.

Was Facebook Biased or Was It Manipulated?

[Notez bien: Cet essai n’a pas été écrit par Marcy ou bmaz mais par moi. Merci. Oh, and some this is speculative. /~Rayne]

Facebook has been in the news a lot this last two weeks with regard to its sneaky surveillance of competitors and users by paying teens for their data as well as its 15th anniversary.

But that’s not what this essay is about.

This is about the 2016 election and in particular a claim I thought was peculiar when it was first reported.

Gizmodo, a former Gawker Media outlet, published two stories claiming that Facebook’s news feed was biased against conservative news based on feedback from contract editors.

It struck me as odd at the time because

  • the first story was published within the week that Trump became the presumptive nominee for the Republican Party;
  • conservative news outlets weren’t complaining about being suppressed by Facebook;
  • the story broke at a troubled outlet via a relatively new technology editor at a lesser technology outlet.

It’d already struck me as bizarre that Trump wasn’t using traditional campaign media practices to reach his base. He wasn’t spending money on ad buys and other media like a new-to-politics candidate would. The commercial media was all over him providing him enough coverage that he didn’t have to buy more. Media coverage of Trump suffocated the rest of the GOP field in addition to swamping coverage of Democrats’ primary race.

So why were these contract editors/curators complaining about Facebook’s bias if so much of the media was focused on a Republican candidate?

Gawker, as you may recall, had been under siege by billionaire Peter Thiel after its founder Nick Denton had allowed Thiel’s sexuality to be outed in an Valleywag article. Thiel helped former professional wrestler and celebrity Terry Bollea, a.k.a. Hulk Hogan, sue Gawker for invasion of privacy, intentional infliction of emotional distress, negligent infliction of emotional distress, publication of private matter, and violation of the right to publicity. Gawker ultimately lost the case in March 2016 in a Florida court; it filed bankruptcy on June 10.

When Gawker lost to Bollea it was clear the media outlet suffered a mortal blow. Bollea won $115 million in compensatory damages and $25 million in punitive damages and Gawker didn’t have that much in cash or assets. It was only a matter of time before Denton would either fold or sell Gawker.

In that nebulous period when Gawker’s fate hung in the balance, Gizmodo ran two stories about Facebook’s alleged anti-conservative bias within six days’ time.

Why would Facebook’s contract editors reach out to an affiliate of troubled outlet Gawker? Facebook was the largest social media platform in the U.S.; why wouldn’t they have gone to a major U.S. newspaper instead of beleaguered Gawker?

One reason could have been Gawker’s financial vulnerability. A hungry outlet might publish any clickbait-y story when they have little to lose but paychecks.

Another reason might be inexperience. The reporter/editor whose byline appears on the Facebook stories didn’t have years-deep experience in technology reporting, unlike folks at competing dedicated technology journalism outlets. The journalist joined the organization in January 2016 and stayed with Gizmodo through Gawker’s subsequent acquisition; they left for another technology outlet mid-2017. Were they approached by sources because they were relatively inexperienced and working at a distressed outlet?

The journalist’s departure doesn’t appear to be neutral based on the observation a Gizmodo sister outlet, io9, published on his exit (cached copy). Perhaps it was a grumbly “break a leg” farewell a la Larry Darrell’s character in The Razor’s Edge (1984), but this doesn’t appear to be a regular practice at Gizmodo or other Gawker affiliates.

Once Gizmodo published the story, other outlets picked it up and repackaged it as original content. The New York Times stepped in and did more digging, treating this almost like Clinton’s emails with five pieces on Facebook and political bias inside May alone:

09-MAY-2016 — Conservatives Accuse Facebook of Political Bias
10-MAY-2016 — Political Bias at Facebook?
10-MAY-2016 — Senator Demands Answers From Facebook on Claims of ‘Trending’ List Bias
11-MAY-2016 — Facebook’s Bias Is Built-In, and Bears Watching
19-MAY-2016 — Opinion | The Real Bias Built In at Facebook

The story of Facebook’s alleged anti-conservative bias in news editing exploded with a huge push by NYT. (It didn’t stop in May; NYT published at least four more pieces before the election focused on Facebook and political bias though not all reflected negatively on Facebook.)

One outlet published a story based on Gizmodo’s second story seven hours after Gizmodo: the Observer, formerly known as The New York Observer, a small print and online media outlet based in New York city.

At the time it ran its story on Facebook’s alleged bias, it was owned by Jared Kushner.

The media editor’s story at the Observer noted the Gizmodo story trended on Facebook.

Facebook ‘Supression of Conservative News’ Story Is Trending on Facebook‘ published at 5:15 p.m. (assume this was local time in NYC).

Was it possible the Gizmodo article had been elevated by conservative news outlets and blogs rather than normal Facebook users’ traffic from reading the article itself, especially if the contract editors on assignment that day were still applying anti-conservative filters as alleged?

The last update to the Gizmodo article included this excerpt from a statement by Vice President of Search at Facebook, Tom Stocky:

…There have been other anonymous allegations — for instance that we artificially forced ‪#‎BlackLivesMatter‬ to trend. We looked into that charge and found that it is untrue. We do not insert stories artificially into trending topics, and do not instruct our reviewers to do so. …

If Facebook could not detect foreign interference at that time — and it was known by September 2017 the Black Lives Matter content on Facebook had been elevated by Russian troll bots — would Facebook have been able to detect any artificial elevation of the Gizmodo stories?

Was it possible pro-conservative contract editors set up this scenario in order to skew Facebook’s content so that it would be easier for the Russian Internet Research Agency to amplify what appeared to be conservative content?

Or were the Gizmodo articles used to identify conservative outlets based on their liking the article?

Or was this scenario a proof-of-concept revealing Facebook’s inability or unwillingness to detect artificial manipulation of content?

Was it possible the Observer’s media page had been prepared to cover this development long before other east coast and national news outlets?

The timing of the Gizmodo stories is awfully convenient:

26-APR-2016 — GOP primaries/caucuses in CT, DE, MD, PA, RI, all won by Trump.

03-MAY-2016 — GOP primary in IN won by Trump.

03-MAY-2016 — Gizmodo article published: Want to Know What Facebook Really Thinks of Journalists? Here’s What Happened When It Hired Some.

03-MAY-2016 — Ted Cruz withdrew from race.

04-MAY-2016 — Trump became presumptive GOP nominee.

04-MAY-2016 — John Kasich withdrew from race.

09-MAY-2016 — Gizmodo article published at 9:10 a.m.: Former Facebook Workers: We Routinely Suppressed Conservative News.

09-MAY-2016 — Gizmodo updated article noting the piece had begun to trend with pickup by conservative sites; time of update not specified.

09-MAY-2016 — Gizmodo posted a second update at 4:10 p.m., posting Facebook’s initial response to TechCrunch, BuzzFeed, other unnamed outlets inquiries; the social media company denied suppression of content by political ideology.

09-MAY-2016 — Observer article published at 5:15 p.m.: Facebook ‘Supression of Conservative News’ Story Is Trending on Facebook.

10-MAY-2016 — Gizmodo adds final update at 8:10 a.m. with a statement from Facebook denying again any suppression by political ideology.

10-MAY-2016 — GOP primaries in NE, WV won by Trump.

17-MAY-2016 — Guardian-US published an op-ed by a Facebook contract curator pushing back at earlier Gizmodo stories. The article does not stop a steady number of stories repeating the earlier claims of anti-conservative bias.

17-MAY-2016 — GOP primary in OR won by Trump.

24-MAY-2016 — GOP primary in WA won by Trump.

26-MAY-2016 — Trump attains 1,237 total delegates, minimum required to win nomination — after CO, ND, and PA unbound delegates pledged to support Trump.

And by the end of May the race for media coverage isn’t a fight on the right among a broad field of GOP candidates but just Trump against Hillary Clinton and Bernie Sanders for the next 10 days.

The too-convenient timing creates so many questions. It’d be nice to know if Facebook traffic showed an uptick of troll or bot interest promoting the Gizmodo story but Facebook has been less than forthcoming about traffic even though its business integrity was questioned.

It’d also be nice to know if the Observer had been tipped off ahead of the Gizmodo story trending and if the Observer’s report had other connotations apart from being a random story about social media.

But just as the Gizmodo journalist/editor who wrote the May 3 and May 9 stories moved on, the Observer journalist left their job, departing in late July 2016.

And the names of the Facebook curators/editors never appeared in subsequent coverage. Non-disclosure agreements may be the reason.

The kicker is another interesting bit of timing bookending Gizmodo’s stories:

19-APR-2016 — A domain for DCLeaks was registered.

. . .

06-JUN-2016 — Clinton attained 2383 delegates, the minimum threshold needed to earn the Democratic nomination.

08-JUN-2016 — A fake American identity posted a link in Facebook to a Russian GRU-associated website, DCLeaks, sharing content stolen from American servers including the DNC. The site “had gone live a few days earlier,” sharing small amounts of hacked material.

10-JUN-2016 — Gawker filed for bankruptcy.

By the time DCLeaks’ content was promoted by a fake account, the conservative commentariat from news sites to blogs had been primed to watch Facebook for a change in their coverage and Gawker as we’d known it under Nick Denton was on life support.

One other oddity about the Gizmodo stories about Facebook’s biased curation and the Observer piece observing Gizmodo’s Facebook pieces?

Trump’s name isn’t mentioned once in any of the three articles though his name had swamped all other media.

Hmm.

 

Treat this as an open thread.

Rattled: China’s Hardware Hack – SMCI’s Response

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response Bloomberg Businessweek received from Super Micro Computer in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. Super Micro Computer’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses to Bloomberg’s story will be posted separately.
__________

Supermicro

While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard.[1] We are not aware of any customer dropping Supermicro as a supplier for this type of issue.[2]

[1] (a) “we are not aware” “nor have we been contacted” — who is we?

(b) “nor have we been contacted by any government agency” — has Supermicro been contacted by customers or their auditors or their security teams, contract or not, about security problems?

[2] Were one or more of Supermicro’s customers dropped by their customers because of security concerns including problems with firmware? Are any of the customers or customers of customers U.S. government entities?

Every major corporation in today’s security climate is constantly responding to threats and evolving their security posture. As part of that effort we are in regular contact with a variety of vendors, industry partners and government agencies sharing information on threats, best practices and new tools. This is standard practice in the industry today. However, we have not been in contact with any government agency regarding the issues you raised.[3]

[3] Has Supermicro been in contact with any government agency regarding any security issues including firmware updates?

Furthermore, Supermicro doesn’t design or manufacture networking chips or the associated firmware and we, as well as other leading server/storage companies, procure them from the same leading networking companies.[4]

[4] Interesting pointer about networking chips. What other motherboard content does Supermicro not design or manufacture, procuring from other companies? What procured motherboard components have firmware associated with them?

Rattled: China’s Hardware Hack – Amazon’s Response

[NB: Note the byline. Portions of my analysis may be speculative. / ~Rayne]

The following analysis includes a copy of an initial response  received from Amazon by Bloomberg Businessweek in response to its story, The Big Hack. In tandem with the Bloomberg story Amazon’s response was published on October 4 at this link. The text of Amazon’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses by Amazon to Bloomberg’s story will be assessed separately in a future post.

This analysis is a work in progress and subject to change.
__________

Amazon

It’s untrue that AWS[1] knew about a supply chain compromise, an issue with malicious chips, or hardware modifications[2] when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI[3] to investigate or provide data about malicious hardware.

[1] Identity – were there ever any third-party contractors or representatives involved in the relationship with Elemental? With Supermicro? Are there more than one Amazon subsidiary entity involved in the evaluation, purchasing, implementation of Elemental or Supermicro products into Amazon or its subsidiary enterprise? Which entity submitted this denial to Bloomberg Businessweek: Amazon, AWS, or some other subsidiary?

[2] What about evidence of bad or mismatched firmware and firmware updates?

[3] Did any law enforcement, military, or intelligence agency work with Amazon or any of its subsidiaries or contractors to investigate or provide data on hardware which failed to operate to specification or as expected?

We’ve re-reviewed our records[4] relating to the Elemental acquisition for any issues related to SuperMicro, including re-examining a third-party security audit[5] that we conducted in 2015 as part of our due diligence prior to the acquisition. We’ve found no evidence to support claims of malicious chips or hardware modifications.[6]

[4] “our records” — whose records and what kind? Identity needs clarification as well as the type of records.

[5] Who is the third-party security auditor? How and why were they engaged?

[6] What about evidence of bad or mismatched firmware and firmware updates?

The pre-acquisition audit described four issues with a web application (not hardware or chips)[7] that SuperMicro provides for management of their motherboards. All these findings were fully addressed before we acquired Elemental. The first two issues, which the auditor[8] deemed as critical, related to a vulnerability in versions prior to 3.15 of this web application (our audit covered prior versions of Elemental appliances as well), and these vulnerabilities had been publicly disclosed by SuperMicro on 12/13/2013.[9]

[7] “web application” — but not firmware?

[8] Is this still the unnamed third-party security auditor or an internal auditor employed by Amazon or a subsidiary?

[9] How was this “publicly disclosed by SuperMicro”? SMCI’s website does not currently have either a press release or an SEC filing matching this date (see screenshots at bottom of this page).

Because Elemental appliances are not designed to be exposed to the public internet, our customers are protected against the vulnerability by default.[10] Nevertheless, the Elemental team had taken the extra action on or about 1/9/2014 to communicate with customers and provide instructions to download a new version of the web application from SuperMicro (and after 1/9/2014, all appliances shipped by Elemental had updated versions of the web application).[11] So, the two “critical” issues that the auditor found, were actually fixed long before we acquired Elemental. The remaining two non-critical issues with the web application were determined to be fully mitigated by the auditors if customers used the appliances as intended, without exposing them to the public internet.[12]

[10] “exposed to the public internet” — did customer data run through Elemental’s Supermicro devices between 2013 and 2015?

[11] What about firmware?

[12] Did customer data still run through devices with the two non-critical issues? Are any machines with these non-critical issues still in production?

Additionally, in June 2018, researchers made public reports of vulnerabilities in SuperMicro firmware.[13] As part of our standard operating procedure, we notified affected customers promptly, and recommended they upgrade the firmware in their appliances.[14]

[13] Researchers at Eclypsium are reported to have told Supermicro of vulnerabilities in January 2018. When was Amazon, AWS, or other Amazon subsidiary notified of these vulnerabilties?

[14] Give the six-month gap between Eclypsium’s notification to Supermicro and the public’s notification, when were Amazon’s, AWS’, or other Amazon subsidiary’s customers notified of these vulnerabilties?

__________

Screenshots

Supermicro’s SEC filings – last of year 2013:

Supermicro’s press releases – last of year 2013:

Rattled: China’s Hardware Hack – Apple’s Response

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response received from Apple by Bloomberg Businessweek in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. Apple’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses from Apple to Bloomberg’s story will be assessed separately in a future post.

This analysis is a work in progress and subject to change.
__________

Apple

Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple.[1] Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them.[2] We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.[3]

[1] Phrasing avoids who made the allegation(s).

[2] “rigorous internal investigations” doesn’t describe what they actually investigated; “each time” refers to investigations AFTER Bloomberg contacted Apple, AFTER 2016 when Apple had broken off relations with Supermicro.

[3] “refuting virtually aspect” does not mean “every and all.”

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server.[4] Apple never had any contact with the FBI or any other agency about such an incident.[5] We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

[4] (a) What about problems with firmware updates, including malicious firmware, firmware not issued by Supermicro, or hijacking to firmware upgrade sites not created by Supermicro?

(b) “purposely planted in any server” refers not to Supermicro’s motherboards but Elemental or other server assemblies.

[5] What about contact with any government agency regarding firmware? What about contact with a third-party entity regarding firmware problems, including security researchers?

[6] This phrasing focuses on law enforcement but not on other possibilities like intelligence entities or non-law enforcement functions like Commerce or Treasury Departments.

In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers;[7] Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips.[9]

[7] (a) What about earlier versions of Bloomberg’s narrative the public hasn’t seen?

(b) Did Siri and Topsy ever share a data farm facility?

[8] (a) Was Siri ever deployed on Elemental brand servers?

(b) Was Topsy ever deployed on Elemental brand servers?

[9] Did any of the servers on which Siri and Topsy were deployed experience firmware problems including malicious firmware, firmware not issued by Supermicro, or hijacking to firmware upgrade sites not created by Supermicro?

As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.[10]

[10] Is this a statement of current practices or practices during the period of time about which Bloomberg reported? Why did Apple end its relationship with Supermicro?

We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs.[11] That one-time event was determined to be accidental and not a targeted attack against Apple.[12]

[11] Gaslighting about the journalists’ credibility. Have there ever been any servers from Elemental or other server manufacturer with “infected drivers,” including the “single Super Micro server in one of our labs”? Were any servers of any make with “infected drivers” in production environments, whether they faced customers or not?

[12] How is an “infected driver” an accident?

While there has been no claim that customer data was involved, we take these allegations seriously and we want users to know that we do everything possible to safeguard the personal information they entrust to us.[13] We also want them to know that what Bloomberg is reporting about Apple is inaccurate.[14]

[13] This is not the same as saying “customer data was not exposed.”

[14] “inaccurate” but not “wrong,” “erroneous,” “false,” or “untrue”?

Apple has always believed in being transparent about the ways we handle and protect data.[15] If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it and we would work closely with law enforcement.[16] Apple engineers conduct regular and rigorous security screenings to ensure that our systems are safe. We know that security is an endless race and that’s why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.[17]

[15] Tell us about iPhone encryption.

[16] “an event” is not “events”. “Forthcoming” may not mean “public disclosure” or “reveal that we are under non-disclosure agreements.” “Would work closely with law enforcement” is not the same as “working with intelligence community,” or “working with Commerce/Treasury Departments.”

[17] No specific mention of nation-state actors.