?️ Emoji Investigator ™

questionable content ? ? ?

Category: Research

Bagpipes and goats

Curiosity has gotten the better of me, and I finally broke down and bought a practice chanter (to learn to play bagpipes) from Amazon. It’s a cheap one, and every bagpipe site I have ever seen likes to write, in all caps, warnings like:

DON'T YOU DARE BUY A CHEAP ONE!!!!

Which is all well and good if you’re sure ahead of time you’re going to make this plunge and commit to it forever. But starting with a $15 trial balloon over a $100 experiment seems like a good idea to me. What do I know!

The more I’ve gotten into researching the types and history of pipes though, the more compelling it actually is. I mean, as far as “windbags” go…

This is one of my favorite piping videos for a lot of reasons:

Oddly, it turns out that goats and bagpipes seem to have been intimately connected for quite some time.

If you delve into piping history (at least the online sources I found), they put the first officially recognized mention of bagpipes to a Roman source sometime in early AD. But there’s an elemental pattern you can see behind the pipes if you look with the “eyes of the goat.”

I’m not going to pretend to be any kind of expert, but I found a bunch of different traditional forms of bagpipes which are not only made of goat skin, but which explicitly seem to reference the form of the animal, with either heads included, or else with drones, chanters and windpipes in place of the limbs of the beast.

Check out, for example, the Zaqq from Malta:

Here’s another one from Eastern Europe:

And this is included ‘just for fun’: via Duda on Wikipedia:

“…there were many legends about bagpipes that could play themselves when hung from the wall on a nail or about pipers summoned to Witches’ Sabbaths to perform for satanic hosts.”

So my hypothesis, for the moment, goes something like this:

Bagpiping is a secondary cultural artifact from raising goats (or sheep, variously–just using goats as a catch-all here). In French, we have this handy word for goat-raising, Capriculture.

Moreover, the evolution of the “windbag” is simply an augmentation of pre-existing reed flutes, like this German dude (assuming he’s German–maybe I’m wrong) makes in the Youtube video below:

Bagpipes are basically this attached to a pipe you do your fingering on – chanter – which sticks out of a bag, and which has anywhere from typically 1-3 drones, which are reeds on pipes each tuned to sound at one continuous note.

So there’s a precursor invention, the reed pipe, which is more or less a “natural” human invention from naturally-occurring material. Which is over time grafted onto this other invention: an animal skin or bladder which can be inflated or deflated with air or liquid.

Taken in this light, the instrument becomes less a strange oddity, and something more elemental, and perhaps very ancient – as ancient as the human relationships with the plants and animals from which the craft originally descended.

That’s the theory anyway. Not sure I’m ready to start keeping goats, but I’m warming up to giving piping a shot. Will keep you posted!

PS. I love how that last video shows the pipes mixed with the sound of sheep’s bells

Trust-breakers (Chinese Social Credit System)

Legal effects of automated processing, a comparison.

I’ve been reading about China’s emerging social credit system, Sesame Credit.

“The score is used to rank citizens of China based on a variety of factors like loyalty to the Chinese government and loyalty to Chinese brands based on social media interactions and online purchases. The rewards of having a high score include easier access to loans, easier access to jobs and priority during bureaucratic paperwork.”

Here are a couple articles to get you started:

Blah blah blah, obligatory Black Mirror reference. Now that we have that out of the way, from the CNBC link:

“When rules are broken and not rectified in time, you are entered in a list of ‘people subject to enforcement for trust breaking’ and you are denied access from things. Rules broken can lead to companies being unable to issue corporate bonds or individuals not being allowed to become company directors,” Creemers said.

Basically, a bunch of apps and agencies work together to rank your behavior and profile you socially as either a trust-keeper or trust-breaker as described above. Via the FP link:

“By 2020, the government says that social credit will “allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step.””

I had a dream years ago that I used a urinal at a shopping mall, and the system automatically administered a drug test on me, which I failed. Not being a cell phone user, I needed to then borrow a friend’s phone to make a call and the system linked my voice-print to my biometric/pee test and I was disallowed from using my friend’s phone. Such a unified system may be a few years off still, but the possibility is becoming tantalizingly real. I might even say it’s, on some level of implementation, pretty much inevitable.

I’ve been following a parallel strand of research these past few months. It’s partly intuition, partly investigative leg work, but it’s lead from public records databases used by private eyes 🕵 to the vast store-houses of data kept commercially against named individuals by data brokers. I’m still largely in the dark about how data brokers operate, and, er, broker — despite hours spent around the subject on Youtube. But I have to assume that those storehouses of information about people have to be searchable — at a price. Whether it’s pseudonymized in aggregate, or traceable to an identified or identifiable individual, all this information exists somewhere out there, waiting to be linked up and put to use.

Meanwhile, half a world away, Europe is set to roll out it’s GDPR next May (2018) which will quite possibly make very difficult – or at least very different – such a social credit system were it to be rolled out to customers in the European Economic Area.

I explored this question elsewhere, of processing of personally-identifying information linked to automated decision-making, and profiling, with “legal effects”. So I won’t completely rehash it here, but to quote Article 22 of the GDPR:

“The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”

The recital for that article mentions explicitly as an example the “automatic refusal of an online credit application” as something that has a legal effect.

I guess this is worth quoting more extensively from second half of Recital 71:

“Such processing includes ‘profiling’ that consists of any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning him or her or similarly significantly affects him or her.”

So this is pretty much explicitly describing an all-encompassing “social credit” system such as is currently being live-beta tested on Chinese society. In other words, Europe is baking into their privacy & data protection regime this idea that the fundamental rights of humanity (from which privacy/data prot. are derived) are incompatible with automated decision-making based on data processing with (potentially negative) legal consequences.

That’s huge.

To me, as we move into the Algorithmic Society (and it’s many diverse, fascinating and horrifying forms, instantiations and iterations), this will be a fundamental tension as humanity transitions to greater and greater levels of algorithmic control, automation and governance of day-to-day life.

Quoting from Art. 22, 3:

“…at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.”

The subject still blows my mind. Partly because we now live in (or very soon will) a society where such rules have become necessary. The algorithmic age where Trust Breakers ™ can’t buy train tickets, or make a phone call. But in exchange for keeping your score up, you’re eligible for ultra-fast lane physical access from Boston to DC in 15 minutes, with no control checkpoints, minimal surge pricing, only light deep packet inspection and limited throttling. [See full Terms & Conditions.]

Or a world where slow, boring, crappy, unreliable human bureaucratic decision-making is baked into break-points in societal algorithms to ensure some sort of fairness, humanity, tolerance, resilience (and maybe forgiveness?) into what will otherwise most assuredly become a mesh of AI’s vying for planetary control…

I’m sorry, that’s just where my mind goes when I pull out my 🔮. I think it’s why I like the GDPR as a document in the first place: it reads like a dystopian cyberpunk text that young punks in the future will repeat back verbatim to quasi-governmental robots that are beating the snot out of them because their social credit score has fallen too low.

Whoops, I went off into la-la land there again at the end*. But what can I say? I’m on vacation! 🌴🍹


* You try talking about this without landing on the subject of killer robots. It’s not so easy. It’s like Godwin’s law, but for killer robots and data processing.

Tom Delonge UFO explainer

In case you were wondering…

I’ve never liked Blink 182, so cracking the lead singer, Tom Delonge’s (pronounced da-long) strange fascination with all things UFO is a bit of a chore since there seem to be a bunch of bad quality Youtube videos on the subject which are gently serenaded by the group’s irritating tunes.

Putting that prejudgement aside, I’ve been vacationing down the 🐇 🕳 which I keep seeing come up on /r/conspiracy related to Tom Delonge’s quest for UFO disclosure.

Anyway, I watched a bunch of bad videos on the subject so you don’t have to – or maybe so you can two. idk. Either way, I recommend starting here:

This video is often referenced elsewhere. Basically, in the Wikileaks DNC dump, we can find references to emails between John Podesta (then presidential advisor) and Tom Delonge about high-level talks around possible UFO disclosure. Here’s one such email from Wikileaks for reference.

I tried watching Delonge’s appearance on Larry King but found it unbearably boring, so follow that link if you want.

This video of somebody named Grant Cameron interviewed in a hotel room at a UFO conference about mostly Delonge is long and rambling and has a few interesting parts.

So take this for whatever it’s worth. Anyway there is a Reddit thread which basically summarizes the video here.

“In a recent interview UFO researcher Grant Cameron claims to have some info regarding Tom’s upcoming announcement.

  • The goal of the operation is to get the story out through Hollywood
  • It’s a billion dollar project backed by one of the richest people in the world
  • 100-episode series that will run for 5 years, directed by Spielberg amd J.J. Abrams

“It’s not gonna be full disclosure, but it’s going to be massive.”

By ‘disclosure’ we’re talking about public announcement/acknowledgement by the US government that extraterrestrials exist, and we’ve been in contact with them as a species since… whatever date. Roswell? The 1950’s? Not fully sure here and doesn’t really matter, as each researcher seems to have their own ideas.

Anyway, I’ve also found some bizarre mentions of Delonge on Reddit within the last week or so. Something about some predatory behavior (of others) and possibly human trafficking? It’s all pretty suspicious, taken as a whole.

Apparently Delonge’s media company which he wants to pin all the possibly-real/possibly-misinformation disclosure stuff onto as a franchis is To the Stars, and he has a book series with Peter Levenda, called Sekret Machines — the spelling of which “drives me nuts” but oh well.

But yeah, that’s basically that. Now you know probably everything you might ever need to know on the subject — and then some!

McAfee Cyber Investigator course review

What’s in a name?

In my path to becoming an 🕵 Emoji Investigator™, there have been many side roads. One of those side roads lead me by the driveway of an online training outfit, the McAfee Institute — no relation to John McAfee, though they are obviously trading on that name’s notorious link to cyber-security. And just to clear up any lingering doubt, you almost definitely don’t want to link yourself to John McAfee, as the excellent Showtime documentary on him proves:

I originally landed on their site by searching around "cyber investigator" online training, after seeing the probably impossible task of trying to get licensed as a private investigator in this province. Most of my work takes place online anyway, so why not look for training geared specifically for that?

Who investigates the investigators?

Beyond the possibly unintentional (giving them the benefit of the doubt) confusion around the name of the organization, there are a number of other red flags I experienced while evaluating the worthiness of this training, but which I eventually set aside in favor of signing up for the at that time $360 USD online training to become a “Certified Cyber Intelligence Investigator” just to give it a shot.

I’d found two semi-favorable, legit-looking reviews tucked away in threads about  the institute and course:

McAfee Institute

Ran across a number of their certs and a few look very interesting. Anyone have any experience with them? Worth doing? The knowledge seems to be worth

Has anybody taken any of the Mcafee Institute courses? * r/AskNetsec

https://www.mcafeeinstitute.com/public-courses/ Are they worth the cost? Are they recognized on the industry? Thanks!

While thread participants voiced many of their own concerns about this program, a handful of people said they took it anyway and learned some useful stuff. So I figured, why not, but not before sending out an email asking them for more information regarding their media references.

Media mentions, maybe…

On their home and news page, they have this graphic:

The only problem is, when you click on it, none of the logos link to anything. I figured they must just have a separate news page somewhere I hadn’t seen.

The next morning, their support was kind enough to send me one link to what was supposed to be a media reference. The site appears to be a local Fox affiliate. This supposed news article looked to me suspiciously like a press release though. It includes both Media Contact information at bottom, along with this peculiar disclaimer:

“Information contained on this page is provided by an independent third-party content provider. Frankly and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact pressreleases@franklyinc.com”

Underneath is also a logo, which reads “Powered by Frankly.”

They told me the other media mentions could be found by searching on Google. I set aside this peculiarity and tried to begin the course.

In their terms, they say they issue refunds if you only consume 5% or less of the course, and don’t download anything. I got through 4% and wrote in asking for a refund.

Course materials

Initially I was turned off by a lot of typos and what I considered not very high-quality written content, plus a lot of information delivered in PDFs — which I find more difficult to read on screen over extended periods than simple text, and much less useful than video presentation, which is probably my preferred online course format.

The piece that tipped me over the edge though was a question in the first review quiz of the first module. I guess the idea is to get you accustomed to the quiz format, but who hasn’t already taken an online quiz? Anyway, the question that I felt it was impossible to answer truthfully in that moment was phrased something like:

“I am awesome and am looking forward to the rest of this course.”

Select one:

– True

– False

I know I’m kind of a wet blanket as a person. I’ve come to terms with it. I try to own it, and use it in a positive way where possible.

But in that moment, I felt like my intelligence was being insulted. While I have no problem admitting that I’m (sometimes) awesome, this has no place that I can see in a professional certification program, and it made me decidedly not look forward to the rest of the course if it was going to include time-wasters like this.

Of course, the predicament in this automated quiz interaction, is that the “answer they are looking for” is True. True is the ‘correct’ answer. But True, in this case, would actually be false (a lie).

Refund

So I wrote in, asked to cancel my account and requested a refund.

I eventually did get a refund (and may have actually ended up making a few dollars by accident due to fluctuations in USD-CAD exchange rates), but not before getting into a minor squabble about the credibility of their course. The unprofessionalism of the “awesome” question was a turn-off, but the lack of links to credible media mentions snowballed for me as I queried the company in more detail over successive emails. It made me eventually question the legitimacy of the entire organization.

Credibility

This is the first thing you see when you go to their company site:

“Credibility” is featured significantly in their pitch. They even have a serious seeming Honesty Policy for students, which reads in part:

“Cheating, forgery, plagiarism and collusion in dishonest acts undermine the McAfee Institute’s educational mission and the students’ personal, professional and intellectual growth.”

This all seems fine on paper. But I did a lot of research into the media mentions from major news outlets they cite under their “Globally Recognized” banner, and only came up with two possible hits:

Both of these documents are a word-for-word match against the local Fox 34 text linked in their original email response, down to the media contact info, and the disclaimer from Frankly, Inc. a distribution network.

Frankly

In fact, I wrote to Frankly, Inc. and asked them how much it would cost me to have a press release distributed to their member network. They told me it could be as low as $20 – $50. Great deal, right? Especially if you want to make some information look credible by having it widely distributed to seemingly legit news sites!

To see how this distribution must have worked for McAfee, you can do some searches in quotes based on the original text of the press release. Here’s a sample Google query.

After easily cruising past 200, I gave up counting how many exact duplicate copies of their press release exist on Google as search results.

Despite the 200+ copies of their press release distributed by the good people at Frankly, Inc., I found no evidence of any mentions of their institute by any sites or affiliates linked to CNN, MSNBC, ABC, NPR, Nightline, New York Times, or USA Today. Where were these links?

I presented to the company some of what I had found, and asked again for a complete list of the media mentions they advertise on their site. Surely, if your company had been mentioned by such high-profile media outlets, you would assiduously keep track of them all in one place to make them visible for prospective clients. It’s a high value set of information.

Instead, they told me again that the links could be found on Google, and in answer to my explaining that I looked carefully, at length and could find nothing – they said that they weren’t responsible for how Google indexes links to their site. Fair enough; they don’t control Google.

Eventually, they linked me to this News/Media page on their site. It includes again this large graphic advertising major media outlets as having spoken about them. But no links to those mentions are included.

Instead, they show, among other items, literal screenshots of the same press release they paid to have distributed to over 200+ sites:

They even show a screenshot of a site called “PRWeb“, which is, as you might have guessed by now, another site you pay money to in exchange for distribution of your press release. From prweb.com:

From the McAfee media page, I did find one seemingly legit-looking story on Inc.com from September 2013. Another article they link to from January 2016 on Fortune.com mentions the founder, who apparently has a “millionaire mindset.” But this is the only mention of the institute or the founder:

“Yesterday, I was chatting with future billionaire, Josh McAfee (Founder of McAfee Institute), who told me how to build a billion-dollar company. Like many of my wealthy comrades, he couldn’t stop talking about the mindset of being a multi-millionaire.”

Unfortunately, “future billionaire” isn’t exactly a professional qualification in my book. And the company is nowhere else mentioned or highlighted in the article.

The rest of the sites they link to as “proof” on their media page are all ‘small potatoes’ compared to what they actually advertise in their graphic with all the media company logos.

And speaking of that graphic, I did a reverse image search on it. It’s used all over the net by people needing a graphic that represents, as Google IDs it, “news media.”

From this, we can make a logical inference that I believe is sound. If the media mentions about this company actually exist, the chances that they would be exactly these same media outlets which hundreds, if not thousands of other sites are also using for diverse purposes is probably very little. Quite possibly none.

Presented with all this research calling the credibility of the organization’s at least advertised media representation into question, I was told in no uncertain terms by them that I obviously “don’t understand how press releases work.” mmkay

In fact, they at no time in correspondence with me used the phrase “news article” or “news stories” to describe these. They only used the phrase “press releases,” and did so consistently three separate times in describing their alleged media mentions. Why would you call an article CNN wrote about your company a press release? That makes no sense…

How they could solve the credibility gap

The simple answer here, of course, would be for the company to simply link to the 10 major media outlets they claim mentioned them, and the credibility problem would dry up (mostly). Or they could remove this possibly deceptive multi-logo graphic from the site, and simply rely on the quality of their course materials.

The fact is, that an average visitor to their site, seeing the headline “Globally recognized, as seen on” followed by 10 major media outlets named would lead to a reasonable expectation that this information is true, and that links and mentions do exist. If the information is not true, or only partly true, and is presented as true, then that is pretty much the textbook definition of deception (which, by the way, they have a course on detecting).

Since no such information can be found by casual searching and the company refuses to produce them, we can include that either: the links never existed in the first place, or the company simply misplaced them. I’m willing to believe either. But I have to admit that, given the evidence I’ve uncovered, my money (which again, I’m happy to reiterate was refunded in full by the company, following their Terms of Service) would be on the former. Or it could be that some links may have existed at one point, but they were all to “local affiliates” holding additional spurious copies of their original press release — which would align with the observed pattern.

I’m not *just* some crank on the internet

The thing is, despite their claims to the contrary, I *do* know how press releases work. And simply re-posting press releases and calling them news is, in fact, considered unethical in journalism. If we ask journalists to hold to such a standard, how much moreso should we hold cybersecurity firms which protect our valuable data, online interactions, identities and reputations?

Wrap-up

In closing, I actually think there is a strong need for and burgeoning job market for people with cyber-security and online privacy training. And I think there’s no legitimate reason such training and certification couldn’t be delivered happily through above-the-board methods via online course. I also think it’s entirely possible that there are some happy and successful clients of McAfee Institute who came away from this course with something different than I did. (Though, admittedly, this actually turned out to be an excellent lesson as an investigator.) But if we’re going to take cyber-security seriously in an increasingly hostile online world, it’s important that we carefully examine any credentials being offered, and decide for ourselves if they are any good or not, who we should give our precious trust to, and why.

But what do I know anyway, right? I’m just an 🕵 Emoji Investigator™. I’m not even “board-certified” — whatever that means. So, don’t take my word for it. Go out and do your own investigations.

Public records databases used by Private Investigators

I’m in no way a licensed private investigator. I’m not even sure that I would want to become one. But I have been exploring a bit how this works, and sort of the lore around it.

One thing I’ve always been curious about around the PI-types as we see represented in media, is these “special” databases we sometimes see, where they can do “deep research” onto a person — or say look up license plates. 🔎 Minor boring stuff like that.

Turns out there is a whole industry around that, which I won’t pretend to be very versed in. Around this topic, I found two main documents which referenced maybe a dozen or so variations on public record searches as a paid “information service,” and from those have basically boiled down the ones that have piqued my curiosity the most being LexisNexis Accurint and Thomson Reuters Clear.

Outside of PI-types, we see a lot of materials marketed towards also people who do legal research, some social media searching, and fraud detection and prevention and others (not to mention criminal investigation, which is outside my interest area). 👣

This first video from Thomson Reuters is fun because it makes use of the “crazy wall” TV trope:

And one from the many different Accurint videos out there:

The privacy/data protection cross-over on these videos should be pretty obvious. In another one from TLOxp, we hear the mention of public records “plus proprietary technology”:

It doesn’t seem to be the most discussed topic ever, but I would wager that for certain of the information services operating in this space, that at least a few of them must be purchasing and correlating data from other agencies, such as the dreaded data-brokers.

It’s something I’ll continue researching and publishing about, as the subject seems vast, deep, and curiouser and curiouser the further in you go…

See also: survey results data of databases used by private investigators.

 

To weirdos with questions

I’ve been 🕵 investigating what it takes to become a licensed private investigator in the province of Quebec. Kind of just for fun, really, as an extension of a burgeoning interest in privacy and data protection.  Apparently there is a 135 hr training requirement, but no one seems to be able to point me to an equivalent training that’s both available in English and online.

Okay, fine. So sue me for living in a French province in a bilingual country and asking for resources in English. I get it, there’s a charter to protect the French language from being overwhelmed in a predominantly English-language culture. But still. We can do both, right? I think that’s the ideal.

Anyway, I’ve been simultaneously querying a variety of agencies for help: from associations, to training providers, to provincial authorities in neighboring Ontario. My hobby is emailing people I don’t know, with some weird questions. So I’m actually pretty used to this now.

Ontario has, by comparison, an only 50 hr training requirement which is significantly less than Quebec. Unclear still if you have to actually *be* a resident of that province to be licensed there.

I don’t know though what your practice would conceivably consist of though. If you’re licensed in one province, but operating in another. Maybe I’m going about all this in the completely wrong direction.  One possible pathway would be to have the operating province recognize the license given in the other. But for what benefit and to what eventual end?

I’m really not an expert on these things. I’m just someone with a lot of questions. 👀 ❓ But here’s the thing you find when you start asking the people or the agencies, or the people who are out there and who *are* the experts: no one necessarily knows the answer. The questions may never have been asked before. A specific pre-built answer may require interpretation and invention.

And few people acting in official capacities are comfortable being publicly wrong. So it’s a natural human response, I’m sure, to just not to want to answer weirdos with questions. At least that’s commonly where I end up on these hare-brained tangents of mine where I end up emailing a dozen different people for help or answers with a specific question or problem.

There exists, a certain, I guess we could call it ‘tenacity of research‘ which one may possess or perhaps develop as a personality trait… such that following through with it in fullness, and learning to harness and direct it, may actively create answers that didn’t exist before through a radical act of questioning. In the course of asking and answering certain questions, you may through patience and persistence become the eventual expert. You might just invoke an unthing into being.

I don’t know what any of this means, though vis-a-vis where we started. Except, if you gotta 🕵, then 🕵. If you look and you find there’s no answer, you make one out of what’s available and what you can dream up.

 

Powered by WordPress & Theme by Anders Norén