Weekly output: forced-redirect ads, broadband infrastructure, Russian indictments

After a workweek that I interrupted for an overdue reunion with my skis, I have another abbreviated week coming up. On top of Monday being a holiday, early Friday evening I depart for Barcelona to cover my sixth Mobile World Congress show. If you have any questions about the state of the smartphone–especially outside the U.S. market–the next five days would be a great time to get them to me.

2/12/2018: Surfing the web can leave you open to ad hijackings. A browser fix has been slow, USA Today

I revised earlier coverage of “forced-redirect” ads that hijack your Web reading to note that Google had wound up not activating an advertised defense against this scam in January’s update to Chrome.

2/16/2018: Trump needs to do more to get more Americans online, Yahoo Finance

A year ago, even some skeptics of President Trump voiced cautious optimism that his vaunted infrastructure plan would include a broadband component. This week’s release of that plan–yes, over a year after he took office pledging to rebuild America’s roads, rails, airports and waterways–pretty much crushed those hopes. This post outlines some ways that this plan could have done better.

2/17/2018: Russian social-media indictments, Al Jazeera

For once, I was able to chase down a link to one of my appearances on the news network’s Arabic-language channel. If you can speak Arabic, skip to the 11:15 mark in this evening-news roundup and please let me know how intelligent (or not) the live translation made me sound about the Justice Department’s indictment of 13 Russians and the St. Petersburg troll factory that calls itself the “Internet Research Agency.”

Advertisements

I finally remembered to ski

Taking a weekday off to go skiing is one of the more underrated perks of working a flexible schedule around D.C. So I enjoyed it Tuesday for the first time since 2015.

When I started freelancing, that was not the plan. Even at the Post, I was able to carve out a personal day a year for the short drive to one of the two closest ski areas, Ski Liberty (about an hour and 15 minutes away) or Whitetail (roughly an hour and 40).

But parenthood, not getting paid unless I write something and the mid-Atlantic’s increasingly chaotic winters confined my skiing in 2016 and 2017 to my neighborhood–courtesy of snow storms that left just enough accumulation for me to break out my already-trashed cross-country skis.

This season’s scant snowfall has lent no hope of even that. But last weekend, I saw that the forecast called for temperatures in the 30s Tuesday–an appointment-free day. I worked for a couple of hours that morning, grabbed my skis, boots and poles, enjoyed the unlikely driving pleasure of a traffic-free Beltway and I-270, and was on the chairlift at Liberty by noon.

Yes, the only snow in sight had been shot out of machines, and 620 feet of vertical goes by quickly. But with no lift lines in sight either, I could easily get get in seven runs an hour. It felt fantastic to realize that the years off hadn’t left me too rusty, test myself on the most difficult runs, then catch a little air coming off bumps. For a day when I would have been happy merely to avoid injuring myself or others, that was pretty great.

After three hours and change with only brief pauses to check my e-mail (of course), I headed back and once again felt spoiled by my commute. Even after sitting in some Beltway congestion, I pulled into our driveway by 5:10, leaving plenty of time to savor the pleasant soreness of this overdue workout. And to wonder what had gone wrong with my priorities the last two winters.

Weekly output: Falcon Heavy (x2), family-plan wireless math, Strava privacy, Web-site defacements, Tech Night Owl

This week was more exciting than most: I returned to the Kennedy Space Center for the first time since 2011 to see the liftoff of the most powerful rocket to leave American soil since 1973. I still can’t quite believe that I pulled that off… but I have the photos I took around Launch Complex 39A and the audio of the launch I recorded from the KSC press site to remind me that I did.

2/6/2018: SpaceX successfully launches the world’s most powerful rocket, Yahoo Finance

Two posts about the Falcon Heavy appeared at this Web address. The first was a curtain-raiser I filed late Monday explaining the significance of the Falcon Heavy. The second was a launch story–written in advance so I only had to add descriptions of the liftoff and the subsequent landing of the outer first-stage boosters–that my editors subbed in Tuesday afternoon. I also had a third post mostly ready that you didn’t read: a just-in-case piece about an unsuccessful launch that became irrelevant minutes after 3:45 p.m. Tuesday.

If you didn’t get a chance to see the pre-launch story at Yahoo, you can still read it at the Internet Archive, as shown in the screengrab above.

2/7/2018: The family cell-phone bill: How to find savings on shared wireless plans, USA Today

A reader complained that last week’s USAT column on cheaper alternatives to unlimited data for a smartphone didn’t offer any insight about saving money on shared-use family plans. Dear reader: story assignment accepted.

2/7/2018: The Strava social exercise app can reveal your home address, Yahoo Finance

I was grateful for this chance to redeem my prior Strava coverage: a study by a mobile-security firm that revealed how that exercise-tracking app’s geofenced privacy options can pinpoint a Strava user’s home address instead of obscuring it.

2/10/2018: Kuwait interior-ministry site hacked, Al-Jazeera

The Arabic-language news channel had me on to talk (overdubbed live into Arabic) about a recent episode of a hacker in Saudi Arabia defacing the site of Kuwait’s Interior Ministry. There’s a long history of this kind of digital vandalism, and fortunately the host mainly asked me about that instead of Gulf politics.

2/10/2018: February 10, 2018 — Kirk McElhearn and Rob Pegoraro, Tech Night Owl

I talked with host Gene Steinberg about the Falcon Heavy launch, Strava’s privacy issues and Apple’s new HomePod speaker. Gene’s other guest was Kirk McElhearn, who’s long been among my favorite Apple reporters.

Launch logistics: Booking a trip to see Falcon Heavy fly on three days’ notice

I’ve had the idea of covering the first launch of SpaceX’s Falcon Heavy rocket in the back of my mind for the last few years, but I didn’t book my travel for Tuesday’s launch until Saturday afternoon.

I was waiting for a confirmation of the schedule from the company that would be more solid than a notional “No Earlier Than” date, and which would then let me know if I could still attend a Yahoo Finance cryptocurrency conference in New York on Wednesday. Besides, I knew that D.C. and Orlando often represent a cheap city pair.

The schedule details I needed from SpaceX arrived shortly after noon Saturday, so I got to work–one travel component at a time.

Having to reach the Kennedy Space Center by 1:15 p.m. to visit Launch Complex 39A ruled out some decent mid-day fares. But Southwest’s site showed a 6 a.m. nonstop out of National for only $50. Sold!

Then I canceled the D.C.-NYC Amtrak reservation I’d had for Tuesday night (I appreciate that the railroad still lets you do that for free until 24 hours before departure) and booked a Tuesday-night flight from Orlando to New York to replace it.

I went with United for that leg, spending a little extra (a still-reasonable $155) to fly on an airline where my frequent-flyer status would allow a free same-day-change to a Wednesday flight to Newark if a launch scrub required that. A few more clicks to book a rental car and one night’s lodging, and I had launch travel solved… or so I thought until an hour after a liftoff that got pushed back to 3:45 p.m. by upper-atmosphere winds.

At that point, the “OMG! OMG!” shaking had stopped, I’d filed my copy, and Google Maps indicated that the usual 45-minute drive from KSC to Orlando would run an hour and 15 minutes. Nope! As horrendous post-launch traffic dragged Google’s arrival estimates past my flight’s boarding time, I called United to see if they had space on the morning’s first MCO-EWR nonstop, a 5:36 a.m. departure. They did.

After dropping off my rental car and getting through a mercifully quick security checkpoint (is there a better exhibit for TSA Pre or Clear than MCO?), I ran to my original flight’s gate and saw for myself that the plane was gone. I called United back, the rep bailed me out of the consequences of my overly-optimistic travel tactics by putting me on that 5:36 a.m. flight for free, and then I opened my laptop–tethering off my phone because the airport WiFi didn’t let me connect–to book a hotel barely two miles away for $90.

By then, it had been some 10 hours since I’d last eaten, so I treated myself to a nice dinner at the airport. (If you, too, get stuck at MCO and want something more original than the terminal’s fast-casual brands, head upstairs to McCoy’s in the Hyatt Regency). After a prolonged wait for the hotel van, thanks to no visible signage indicating that these shuttles could pick up at either of two spaces on the B side that sit maybe 800 feet apart, I was in bed by around midnight.

I somehow woke up one minute before the 4:15 alarm I’d set on my phone and was through security 40 minutes later. You can image my relief at seeing my upgrade clear, then having a quick NJ Transit ride from EWR to Manhattan help wrap up this prolonged commute by 9:10 a.m.

A long and informative day ensued with Yahoo colleagues, most of whom I hadn’t seen in months, and various cryptocurrency experts. But then my travel luck ran out again when my train to D.C. left more than an hour and a half late. Twitter, not Amtrak, informed me that this was the result of a tragedy–a northbound Acela striking and killing a person walking along the tracks in the Bronx, which led police to close the railroad for two hours.

That meant I didn’t get home until nearly 1 a.m, almost 21 hours after my day had begun. But I did get to sleep in my own bed, and I came home with two posts filed from KSC that more than covered my travel costs as well as dozens of photos (since edited into a Flickr album) and one unusual recording that you can hear after the jump.

Continue reading

Weekly output: Amy Webb, unlimited data, connected-car privacy, commercial geoint, U2F adoption, ECPA reform

The next few days will be a little crazy–starting with a 6 a.m. flight tomorrow to Orlando. I’m returning to Central Florida for the first time since 2011 to cover SpaceX’s attempt Tuesday to launch the Falcon Heavy rocket, the most powerful launch vehicle the U.S. has seen since the Saturn V. Assuming no scrubs, then I’m flying up to New York Tuesday night so I can cover Yahoo Finance’s cryptocurrency-focused All Markets Summit Wednesday, after which I will be delighted to sleep in my own bed once again.

1/29/2018: Fireside Chat with Futurist Amy Webb, State of the Net

I interviewed Amy at this tech-policy conference. She started with some harsh words about Washington’s ability to forecast future tech trends (her stock in trade), which probably didn’t go over very well in the room even if many policymakers around here need to realize the limits of their vision.

1/31/2018: Unlimited wireless data is here to stay; so is the need to check your options, USA Today

A new study by OpenSignal finding that download speeds at AT&T and Verizon have rebounded after a slump the research firm blamed on their shift to selling unlimited-data plans provided a news peg for this column reminding readers that they may be able to save money by opting for a limited-data plan–as unfashionable as that may be.

1/31/2018: Why a car can’t protect your privacy as well as a smartphone, Yahoo Finance

Watching a few panels at the Washington Auto Show’s public-policy day last week got me thinking about how Google Maps and connected cars each treat your location history–only one lets you inspect, edit, export and delete that information, and it’s not the one that requires an oil change.

1/31/2018: The Vanguard of Commercial GEOINT, Trajectory Magazine

This is the cover story for the U.S. Geospatial Intelligence Foundation’s quarterly magazine that holds up reasonably well for the first three-fourths or so–after which comes a bit on Strava that now looks problematic.

2/1/2018:  The authentication solution government has been slow to adopt, Fifth Domain

I’ve been meaning to write something about what’s held up the usage of “U2F” security keys–the cryptographically-signed USB fobs that can protect your Gmail or Facebook account from both phishing and the loss of either your phone number or your phone. This new government-cybersecurity site gave me that opportunity.

2/2/2018: The email privacy hole Congress won’t fix, Yahoo Finance

A couple of years ago, I started thinking that whenever Congress finally passed reform of the Electronic Communications Privacy Act, it would be fun to write a post recapping how long that took. Well, that hasn’t happened, so I decided to use Groundhog Day to instead write a post recapping how long Congress has failed to fix this obsolete law.

How I screwed up a Strava story

A story I wrote weeks ago started to go bad last Saturday, before it had even been published and posted.

That’s when an Australian student named Nathan Ruser tweeted out an interesting discovery: The Global Heatmap provided by the activity-tracking social network Strava revealed the locations of both documented and secret foreign military bases, as outlined by the running and walking paths of service members that Strava’s apps had recorded.

The feature I had filed for the U.S. Geospatial Intelligence Foundation’s Trajectory Magazine–posted Wednesday and landing in print subscribers’ mailboxes this week–also covered Strava, but in a different light.

As part of an overview of interesting applications of “geoint,” I wrote about Strava Metro, the database of activities over time available to local governments and cyclist-advocacy organizations (but not commercial buyers). In that part of the story, I quoted Strava executive Brian Devaney explaining the company’s efforts to keep its users anonymous in both Metro and the heatmap.

Looking at Strava from the perspective of “will this show where people live?”, I didn’t even think about how Strava users might unwittingly map temporary workplaces abroad. I had my chance to clue in on Strava’s military user base from looking around D.C.–that’s Joint Base Andrews precisely outlined southeast of the District in the screengrab above–but I failed to draw any conclusions from that.

Apparently, so did everybody else in the months after the Nov. 1 debut of the heatmap, heralded in a post by Strava engineer Drew Robb that touted how “our platform has numerous privacy rules that must be respected.”

You can blame Strava for making it difficult to set a geofence around a sensitive area. But it’s less fair to hound a privately-run service built to share workout data–remember, it calls itself “the social network for athletes”–for not maintaining a database of classified military locations to be blacked out on its heatmap.

After Ruser’s first tweets, however, developer Steve Loughran poked around Strava’s system and found that he could correlate the heatmap with the records of individual people by uploading a fabricated GPS file of a workout to spoof the site into thinking he’d jogged along the same path. That’s a deeper problem, and one that appears to be Strava’s fault.

After I asked Strava to explain these new findings, spokesman Andrew Vontz pointed me to a Jan. 29 post by CEO James Quarles pledging action to make privacy a simpler choice in its system.

I hope that they do so forthwith. Meanwhile, a fourth of a magazine feature with my name on it (at least it’s the last fourth!) looks dumb. It’s true that every other journalist to write about Strava between November and last week also missed these angles–but I may be unique in having a positive piece about Strava land this week. That’s not a great feeling.

Weekly output: Section 702 surveillance, ad fraud, App Store review

Monday will be my first workday spent entirely in D.C. since mid December. I’m both attending and speaking (as in, quizzing futurist Amy Webb) at the State of the Net conference at the Newseum. “SOTN” is always a good tech-policy talkfest, and you can watch the proceedings live at its site.

1/22/2018: What you need to know about the government’s renewed surveillance law, Yahoo Finance

This explanation of the National Security Agency’s “Section 702” authorization to spy on foreign-intelligence suspects from within U.S. territory should have run in December. But once again, CES Advent left me with too little bandwidth to write the post then.

1/23/2018: How a gang of crooks hijacked your web browser, Yahoo Finance

One of the companies that I talked to for a December post on the plague of “forced-redirect” ads offered me an advance look at a study they’d done of a racket that not only inflicted these ads on readers at scale but set up its own network of fake ad agencies to get their fake ads on real networks. We updated the post a couple of days later to note that the report no longer mentioned two ad networks as being especially willing to do business with con-ad artists.

1/24/2018: Net neutrality app is a lesson in Apple’s App Store power, USA Today

I’ve been writing about Apple’s use and misuse of its App Store review authority for almost as long as I’ve been writing about net neutrality, so an episode involving Apple rejecting an app designed to help users spot net-neutality violations was an obvious topic.