Look at this pleasant tableau: two square-jawed gentlemen and one of their attractive lady friends enjoying a brand new Sony point-and-shoot. And so beautifully photographed! (By a Canon 5D Mark II.)
OK, ok, it’s not that damning—did anyone really think that companies exclusively used their own products?—but it’s hard not to be amused by this little bit of EXIF sleuthing that popped up over at Photography Bay. Basically, all the shots Sony sent out this morning of handsome people enjoying their new Cyber-shot cameras were taken with a Canon 5D Mark II.
The takeaway here? Life looks pretty swell when you’re using a Sony camera. Especially when someone’s shooting you using that camera with a much more expensive Canon camera. [Photography Bay]
There’s nothing worse than watching a 30-second ad to watch some 30-second clip of something the world inevitably finds funnier than you do. Google/YouTube are acknowledging this phenomenon of the consumer psyche and will introduce an ad-skip button this year.
The idea is as simple as this: If an advertiser’s commercial isn’t captivating enough to watch in its own right, it’ll be skipped by viewers. If viewers don’t watch the ad, Google doesn’t charge the advertiser.
Now I know what you’re thinking: Why would anyone watch an ad voluntarily? See exhibit A, the lead video in which the god of the infomercial, Ron Popeil, does his thing. The only way that 9-minute clip could be more captivating is to put ANOTHER 9-minute Ron Popeil clip in front of it.
This skippable ad model will inevitably lead to better ads—at least in terms of catering the online attention span—and, for those of us* with the libidinal fortitude to turn a blind eye on GoDaddy-esque BOOBIES BOOBIES BOOBIES teasers, a lot more free time. [WSJ via Fast Company]
* OK, maybe I don’t skip every such commercial. But I only** watch them to be educated enough to write about them on Giz.
It’s oftentimes easy for us to get swept up in Android mania and forget that Google’s mobile platform is still in its infancy. Then we get cold hard numbers like these — showing iPhone OS owning 28 percent of the US smartphone market and closing in on RIM’s leading 35 percent — and we face up to the realization that Android handsets still account for less than one in every ten smartphones owned by Americans today. In spite of collecting 28 percent of all consumer smartphone purchases in the first quarter of 2010 (according to NPD), Google’s OS was only able to climb up a couple of percentage points in terms of total market share, showing just how long a road lies ahead of its world-conquering plans. Guess that now explains why Apple’s response to the earlier numbers was so nonchalant.
Other intriguing figures include a high rate of loyalty among iPhone OS and Android users, with 80 percent of the former and 70 percent of the latter expressing a preference for the same OS in their next phone — both rather shaming Microsoft and RIM’s numbers, which were a mediocre 34 and 47 percent, respectively. Funnily enough, despite its inflammatory title, this report finds Android and iPhone users are more similar to each other than anyone else — an uncomfortable fact for both parties to deal with, we’re sure. The source link contains some more demographic comparisons, so why not go check them out and drop some sage analysis for us in the comments?
According to SAI sources, the following exchange is between a 19-year-old Mark Zuckerberg and a friend shortly after Mark launched The Facebook in his dorm room:
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How’d you manage that one?
Charlie O’Donnell: “By the time of this post is done, Diaspora, the web decentralization play from four NYU/Courant students in New York, will undoubtedly have $100,000 raised on Kickstarter. Over and above that, it seems like they’re on a clear path towards a million dollars. Think I’m poking the bear? I’m dead serious. You watch. A week from now, they get to seven digits. Why? Because the ire over Facebook’s privacy issues, platform aggression, etc. is real. If you’re concerned about Facebook, these guys are your heroes.”
That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.
Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.
At a recent wiretapping convention however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds designed to intercept those communications, without breaking the encryption, by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.
The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass the messages back and forth without Alice or Bob knowing she was there.
The existence of a marketed product indicates the vulnerability is likely being exploited by more than just information-hungry governments, according to leading encryption expert Matt Blaze, a computer science professor at University of Pennsylvania.
“If company is selling this to law enforcement and the intelligence community, it is not that large a leap to conclude that other, more malicious people have worked out the details of how to exploit this,” Blaze said.
The company in question is known as Packet Forensics, which advertised its new Man-In-The-Middle capabilities in a brochure handed out at the Intelligent Support Systems (ISS) conference, a Washington DC wiretapping convention that typically bans the press. Soghoian attended the convention, notoriously capturing a Sprint manager bragging about the huge volumes of surveillance requests it processes for the government.
According to the flyer: “Users have the ability to import a copy of any legitimate key they obtain (potentially by court order) or they can generate ‘look-alike’ keys designed to give the subject a false sense of confidence in its authenticity.” The product is recommended to government investigators, saying “IP communication dictates the need to examine encrypted traffic at will” and “Your investigative staff will collect its best evidence while users are lulled into a false sense of security afforded by web, e-mail or VOIP encryption.”
Packet Forensics doesn’t advertise the product on its website, and when contacted by Wired.com, asked how we found out about it. Company spokesman Ray Saulino initially denied the product performed as advertised, or that anyone used it. But in a follow-up call the next day, Saulino changed his stance.
“The technology we are using in our products has been generally discussed in internet forums and there is nothing special or unique about it,” Saulino said. “Our target community is the law enforcement community.”
Blaze described the vulnerability as an exploitation of the architecture of how SSL is used to encrypt web traffic, rather than an attack on the encryption itself. SSL, which is known to many as HTTPS://, enables browsers to talk to servers using high-grade encryption, so that no one between the browser and a company’s server can eavesdrop on the data. Normal HTTP traffic can be read by anyone in between – your ISP, a wiretap at your ISP, or in the case of an unencrypted WiFi connection, by anyone using a simple packet sniffing tool.
In addition to encrypting the traffic, SSL authenticates that your browser is talking to the website you think it is. To that end, browser makers trust a large number of Certificate Authorities – companies that promise to check a website operator’s credentials and ownership before issuing a certificate. A basic certificate costs less than $50 today, and it sits on a website’s server, guaranteeing that the BankofAmerica.com website is actually owned by Bank of America. Browser makers have accredited more than one hundred Certificate Authorities from around the world, so any certificate issued by any one of those companies is accepted as valid.
To use the Packet Forensics box, a law enforcement or intelligence agency would have to install it inside an ISP, and persuade one of the Certificate Authorities – using money, blackmail or legal process – to issue a fake certificate for the targeted website. Then they could capture your username and password, and be able to see whatever transactions you make online.
Technologists at the Electronic Frontier Foundation, who are working on a proposal to fix this whole problem, say hackers can use similar techniques to steal your money or your passwords. In that case, attackers are more likely to trick a Certificate Authority into issuing a certificate, a point driven home last year when two security researchers demonstrated how they could get certificates for any domain on the internet simply by using a special character in a domain name.
“It is not hard to do these attacks,” said Seth Schoen, an EFF staff technologist. “There is software that is being published for free among security enthusiasts and underground that automate this.”
China, which is known for spying on dissidents and Tibetan activists, could use such an attack to go after users of supposedly secure services, including some Virtual Private Networks, which are commonly used to tunnel past China’s firewall censorship. All they’d need to do is convince a Certificate Authority to issue a fake certificate. When Mozilla added a Chinese company, China Internet Network Information Center, as a trusted Certificate Authority in Firefox this year, it set off a firestorm of debate, sparked by concerns that the Chinese government could convince the company to issue fake certificates to aid government surveillance.
In all, Mozilla’s Firefox has its own list of 144 root authorities. Other browsers rely on a list supplied by the operating system manufacturers, which comes to 264 for Microsoft and 166 for Apple. Those root authorities can also certify secondary authorities, who can certify still more – all of which are equally trusted by the browser.
Soghoian says fake certificates would be a perfect mechanism for countries hoping to steal intellectual property from visiting business travelers. The researcher published a paper (.pdf) on the risks Wednesday, and promises he will soon release a Firefox add-on to notify users when a site’s certificate is issued from an authority in a different country than the last certificate the user’s browser accepted from the site.
EFF’s Schoen, along with fellow staff technologist Peter Eckersley and security expert Chris Palmer, want to take the solution further, using information from around the net so that browsers can eventually tell a user with certainty when they are being attacked by someone using a fake certificate. Currently browsers warn users when they encounter a certificate that doesn’t belong to a site, but many people simply click through the multiple warnings.
“The basic point is that in the status quo there is no double check and no accountability,” Schoen said. “So if Certificate Authorities are doing things that they shouldn’t, no one would know, no one would observe it. We think at the very least there needs to be a double check.”
EFF suggests a regime that relies on a second level of independent notaries to certify each certificate, or an automated mechanism to use anonymous Tor exit nodes to make sure the same certificate is being served from various locations on the internet – in case a user’s local ISP has been compromised, either by a criminal, or a government agency using something like Packet Forensics’ appliance.
One of the most interesting questions raised by Packet Forensics product is how often do governments use such technology and do Certificate Authorities comply. Christine Jones, the general counsel for GoDaddy – one of the net’s largest issuers of SSL certificates – says her company has never gotten such a request from a government in her 8 years at the company. ”I’ve read studies and heard speeches in academic circles that theorize that concept, but we never would issue a ‘fake’ SSL certificate,” Jones said, arguing that would violate the SSL auditing standards and put them at risk of losing their certification. “Theoretically it would work, but the thing is we get requests from law enforcement every day, and in entire time we have been doing this, we have never had a single instance where law enforcement asked us to do something inappropriate.”
VeriSign, the largest Certificate Authority, declined to comment.
Matt Blaze notes that domestic law enforcement can get many records, such as a person’s Amazon purchases, with a simple subpoena, while getting a fake SSL certificate would certainly involve a much higher burden of proof and technical hassles for the same data.
Intelligence agencies would find fake certificates more useful, he adds. If the NSA got a fake certificate for Gmail – which now uses SSL as the default for e-mail sessions in their entirety (not just their logins) – they could install one of Packet Forensics’ boxes surreptitiously at an ISP in, for example, Afghanistan, in order to read all the customer’s Gmail messages. Such an attack, though, could be detected with a little digging, and the NSA would never know if they’d been found out.
Despite the vulnerabilities, experts are pushing more sites to join Gmail in wrapping their entire sessions in SSL.
“I still lock my doors even though I know how to pick the lock,” Blaze said.
If you’re in the military, here’s a tip: don’t put upcoming missions in your Facebook status. You wouldn’t think someone would need to tell you that, but here we are.
A raid on suspected militants in the West Bank was cancelled yesterday after an Israeli soldier updated his Facebook status to read “On Wednesday we clean up Qatanah, and on Thursday, god willing, we come home.” The solider has since, unsurprisingly, been relieved of combat duty for being a moron. He’ll also spend 10 days in prison for his update.
Trying to educate soldiers on the importance of not leaking classified info to Facebook, the Israel Defense Forces have started putting up new posters in bases:
In posters placed on military bases, a mock Facebook page shows the images of Iranian President Mahmoud Ahmadinejad, Syrian President Bashar Assad and Hezbollah leader Sheik Hassan Nasrallah. Below their pictures – and Facebook “friend requests” – reads the slogan: “You think that everyone is your friend?”
I really want to see one of those posters. Anyone in the IDF want to send us a picture? My email address is below. I won’t post it on Facebook, promise. [NY Times]
The habits of modern consumers and their expectations have so drastically changed the landscape into which marketing and advertising campaigns are launched that what held true in the “golden age of advertising” no longer holds true at this, the dawn of the “golden age of the individual.”
In the classic “The 22 Immutable Laws of Marketing,” Al Ries and Jack Trout expound on laws that are rooted in the ability to use storytelling to weave spellbinding brands and evoke emotion-filled loyalty. However, as the balance of power shifted away from advertisers to the people they used to target, the game has changed.
Increasingly, individuals prefer to do their own research rather than just take advertisers’ word for it. Individuals need greater levels of detailed information than can be conveyed in a :30 spot, a one page ad, or a radio spot. More individuals are empowered with information that is likely to have been created by other individuals (e.g., product reviews, blog posts) instead of advertisers.
AnibalDoRosarioGolden Age of Ads Laws no longer valid in Golden Age Of The Individual “The 22 Laws of Marketing” no longer applicable: http://bit.ly/bGert9
The New York Times takes an interactive look at what Netflix users are watching in a dozen U.S. cities, including my backyard, Boston. My neighbors are watching what now?
Oh, just Mad Men, it seems, with a sizable pocket in Cambridge. We’re so liberal.
And why the heck was Eagle Eye so popular on the North Shore last year? Anyone? [New York Times via Slashdot]
originally investigated and reported on Friday July 31, 2009 by Augustine Fou, with Tugce Esener @tesener
Several friends and colleagues had the same reaction when they found out about this video — that it was at such a high view count already and we were late to the party of finding out. Then we did some more digging — digital forensics :-) And this is a case where a viral hit was indeed successfully manufactured. There’s something to be learned from all this – how to successfully manufacture a viral video sensation and make viral profits.
Chris Brown is successfully tapping into the viral halo of a funny video that coincidentally used his song.
ReadWriteWeb article on how rights owners (Sony, Chris Brown) can make viral profits on other people using their work instead of suing them - http://bit.ly/KA3HI
The video was real. But promotional activities (possibly/likely paid) created the initial viral effect (led to the tipping point of the viral effect) which then got carried a further by people thinking they were simply late to the party, including myself (e.g. 440k bit.ly clicks and 3k detectable retweets out of the 13M views). The numbers don’t jive.
The viral halo has added 1 million more views to the video from August 1 – August 2. (13.1 M to 14.5 M)
Ten ELEVEN TWELVE THIRTEEN proof points to follow, each with screen shot to illustrate.
1a. anyone notice that the “Forever” soundtrack is remarkably consistent throughout the video as if it were dubbed or added in after the original footage was shot. The sound is too consistent in volume and loudness to have come from a built-in, on-camera microphone. At the very end of the video, once it cuts back to the couple at the altar the sound quality goes back to the echo-y, tinny sound of an on-camera mic.
1b. The “TheKHeinz” user on YouTube was registered on July 19, 2009, the day the video was posted. We usually look for clues like this to detect “plants” by PR agencies. This is an issue of trust — a user “CmdrTaco” on Slashdot has been around the forums for years, made hundreds of posts, and was rated by the community very highly. PR agencies trying to seed stories have to create new user accounts during the PR campaign (recent registration date) and have made no other posts or uploads before (no history).
2. The social intensity detected in all of the top social venues like Technorai, Delicious, Reddit, Digg, etc. indicate there was not enough organic sharing to support a view count of 13 million views in 11 days (updated: 14.6 million today August 2, 2009).
a) Bit.ly shows only 447k clicks on the shortened URL
“At Fortune’s Brainstorm:Tech conference Ashton Kutcher effectively took credit for boosting the views from – in his words – 12,500 views before he tweeted the link – to some 1.2 million views 12 hours later…”
Well, unfortunately he used a bit.ly link which provides public analytics on how many people clicked. Most tweets result in immediate traffic, which then tails off immediately after the tweet falls off the first page. In his case, look at the following bit.ly stats URL and click “past month” to see the peak clicks on July 23. All he can actually claim is that his tweet drove a peak of about 100,000 clicks on that day not 1.2 million
too bad Ashton. next time you make a BMOC claim, be sure to use a non trackable method, so analytics won’t “out” you so easily.
after only 3.5 days of retweets the twitter intensity died off to next-to-nothing; if this were a truly viral video, carried forth by real people (and not by paid PR support and paid media) the retweet intensity would remain high. As of August 21, there are over 21M views on the video and the 505k retweets does not show actual organic support for that number.
b) Twitturly shows only 3 thousand retweets on the YouTube URL itself
c) Delicious shows only 447 bookmarks of the video itself
d) Reddit only shows 673 thumbs up for the video itself
e) Technorati shows only 277 blog mentions of the video itself — this could be undercounting if blogs used URL shorteners. But if you look at the blog intensity results (below) sorted by blogs with most authority the blogs have very little authority (i.e. influence or size of audience).
– these are real indications of interest by real people. The social intensity of the passalong for this video does not substantiate the huge number of views in 11 days.
What we are seeing now is the additional viral halo, as the momentum is sustained by large media outlets reporting on the story — even Google Blog blogged about it (boasting about the success of YouTube advertising in driving revenues). Of course TechCrunch is right that viral videos can be monetized: http://www.techcrunch.com/2009/07/30/youtube-viral-wedding-videos-are-great-for-advertising/ )
3. Twitter shows nothing in the top “trending topics” related to this video – indicating few people are actually tweeting about it — if this video is SO viral (13M views in 11 days) then it has GOT to show up on a scan of social intensity. (see screen capture below)
July 31 (Friday) August 2 (Sunday)
4. The original video was posted July 19, 2009. The people from the video appeared on NBC’s Today Show and danced around Rockerfeller Center on July 25th (6 calendar days after posting). Today Show staff may be great at spotting news, but to get all the wedding party from the wedding to re-enact the dance on the Today Show in 6 calendar days — too good to be true? Hmm…
5. Out of all the wedding videos on YouTube, how did Chris Brown detect this particular one that used his song. @glenngabe noted that there are song detection mechanisms - ContentID - which detect the pattern of the copyrighted song and report that to the rights owners. We know there are hundreds, if not thousaands, or really funny wedding home videos — America’s Funniest Videos has been running for years and years on TV showing funny wedding blooper videos that people submitted to them.
6. ALL TEN of the top viral videos on AdAge’s Viral Video Chart took around 3 – 6 months to achieve full viral effect — not 6 days. See all 10 videos’ stats, as reported by YouTube at the following link. This video has not shown up at all on the list of Adage viral videos.
9. For a top-trending topic on twitter, there is usually correspondingly high search volume that is detectable. At first glance, terms related to this viral video like “jkwedding” or “jk wedding dance” all seem to spike. But if you put it against even “Corazon Aquino” (one of the top trending topics NOW on Twitter) those JK wedding search volumes are dwarfed. (see chart below).
10. Google only reports 366 links to the video and most of them are not even important websites (see Alexa blue bar)
11. The video itself has no honors and no stats (yet); YouTube stats are conveniently turned off. Other videos have their stats graphs publicly available.
12. see the fine print in the YouTube description — For more information or to make a donation towards violence prevention please visit our website: http://www.jkweddingdance.com/ – why would a normal wedding video ask people to make a donation towards violence prevention? (see screen capture below), the WHOIS record shows the domain jkweddingdance.com was created 29-Jul-09 — today is 31-Jul-09
Updated: This was circumstantial evidence. A source confirmed that Jill is studying patterns of violence propagation for her PhD. Their choice of charity was their own choice. And the site was set up to help that cause.
Conclusion? The video itself is real, made by those nice people in the wedding. They may not even realize why or how their wedding video went viral (and the tens of thousands of other wedding videos on YouTube did not). On the Today Show, “The couple told Lauer they were surprised at the video’s popularity” (also see NY Daily News article – http://bit.ly/OA3iG )