#205. Ultimately, the weakest link is the human.

Table of Contents

  • What's with
  • The weakest link is always the human
  • Conclusion

What's with smartphones?

На почту прилетел отчет за 2022 год от сервиса Data.AI (formerly App Annie), which analyzes the mobile app market. Russia has, of course, separated from this market. We are building their own app stores and looking for new solutions. But in a short string format, I want to share some data:

  • In Mobile-First markets (these are markets where smartphonesprevail over computers, Russia can be attributed to such markets) the average time that a user spends every day on his smartphone has reached 5 hours. And this can be directly related to the consequences of the pandemic. Look at 2019 and 2022.

  • Russia, according to Data.AI is in the top 6 in terms of the number of downloaded applications and in the top 7 in terms of the number of hours spent on a smartphone. Of course, Russia has taken off from the spending schedule, that is, we are watching, downloading, but not spending.

  • This slide looks pretty interesting.It shows that the decline in household income has led to a decrease in spending in games, but at the same time, spending in service applications continues to grow. This is another consequence of the coronavirus. People are accustomed to deliveries and other services that can be paid through a smartphone.


Affiliate material

Reality and prospects of the IT professions market

What professions are the most popular and highly paid?

Saturday coffee #235

Pour a cup of invigorating Saturday coffee andcheck out the news of the week. Apple introduced new processors, TECNO showed a foldable smartphone, paid apps appeared in RuStore, and HAVAL increased sales…

Full tank #4. Audi A4 test

New issue of our column dedicated tocars. Today, there is some news about new crossovers in the Coupe version from Porsche and Mercedes-Benz, as Yandex and Hyundai will jointly develop drones and, of course, test the Audi A4 car. Go!

Creative SFXI Air Gamer gaming headset review. Let's scan your ears

Creative Customized Gaming HeadsetSXFI, which will require you to provide a photo of your ears and install two apps on your smartphone. She also has two microphones in the kit and the promise that she can replace a regular smartphone headset.

  • Top most used apps in the worldalmost identical. And it says a lot about what people want from life and smartphones. In the first place are TikTok and social networks, followed by platforms for the purchase of goods and delivery, maps and smart home.

  • The mobile games market is an impressive 109.5 billiondollars. This is more than 2 times more than the computer games market. Here, look at the games that take the lion's share of this amount. From something more or less meaningful, Genshin Impact and Roblox can be distinguished. But most of all, nonsense like Candy Crash earns.

  • And here is an illustration of the most downloaded games.It's no surprise that the gaming industry is in a state of depression and even AAA games are slowly turning into donut milking parlors. Accordingly, when you hear about mobile gamers in the news, keep in mind that this is them, playing balls of all formats and other nonsense.

At the same time, it should be noted that spending on meaningful games is decreasing in the world (these are the same Genshin Impact, PUBG, etc.), but the demand for casual balls, racing games and games like Candy Crush Saga is growing.

The weakest link is always the human

The topic of personal data protection has long been on the agenda.qualitatively new level. If earlier only anti-virus companies and trainers in the classes for system administrators talked about data protection, now it is the mainstream, which is buzzing about from every iron.

Some companies are completely built on protectionpersonal data image. So, for example, Apple does, assuring its users that the iPhone is the only smartphone that does not share data with anyone.

Other market players are not far behind. The same Google and Microsoft have begun to build VPNs into their branded products, which should indicate that they care about the safety of their users.

We have already touched upon the topic of VPN.In short, using a VPN, you seem to be saying that you do not trust your Internet provider, but 100% trust some company registered in Panama or some other offshore. And, in principle, to some extent it is reasonable. Since the Internet provider is more likely to transfer data where it should not be and send its client to the bunk. While the VPN provider will sell data to data brokers at most.

The funny thing is that every year more and more people talk about the protection of personal data, as proportionally more and more data leaks on the network.

For Russia, 2022 has certainly become a year of gutting.On a regular basis, the data of delivery users, patients of clinics, banks, shops, taxis, public services, insurance centers and even the Russian Post were merged into the network ... I was subscribed to a Telegram channel that monitors leaks. And at some point I turned off the sound notifications of this channel, because sometimes the smartphone started beeping several times a day, it poured so plentifully.

2023 is not off to a better start.They have already “pleased” with the news about the leakage of data from the customers of the Sportmaster store, they stole something from and unexpectedly hacked the website of Altai State University, laying out the personal information of students.

In no way do I want to belittle the merits of hackers, both black and white, who apply intelligence to find vulnerabilities. However, let's be honest, most "hacks" happen differently.

Of course, there are fatal "bugs" that give accessto the system. But often they are used not by superhackers, but by ordinary cool hackers who have downloaded exploits on well-known forums and roughly understand how to use them. However, I am sure that such a minority. But in fact, the main systemic vulnerability is a person.

Branch of "Sberbank" - no, I'm sorry,"Sbera" - an elderly man dumped his equipment on the table in front of an employee: a smartphone and a tablet. The problem is that neither there nor there it is possible to enter the Sberbank Online application. It was, you guessed it, the day the Sberbank app stopped working on Android 6 and older devices.

An employee of Sberbank tiredly explains thatsystem is no longer supported. And offers to set up a web version. The man sighs, complains about capitalism and prices, mumbles something about the robbery of the population (apparently, he believes that there is a collusion between banks and smartphone manufacturers).

After completing the web service configuration procedure on bothdevices, the manager is glad that he finally got rid of the stuffy contactee, but that was not the case. The man demands that the employee also enter a username and password, because “we know, I’ll come home now, I won’t succeed, and I will have to go back.”

As you can guess, the login-password is recorded onleaflet. However, the man is not easy. He does not give the sheet to the manager (suddenly he steals), but he begins to dictate himself. I even pulled out my headphones to hear better. In principle, this was not necessary, since everything was repeated twice (after all, the man has a smartphone and a tablet). What struck me most about this story was that no one was surprised at all. No people sitting around, no managers behind the counters. No one even raised an eyebrow, as if it should be so.

This example is a typical situation when a person himself does not protect or, more precisely, does not understand how to protect personal data. The saddest thing is that there is nothing you can do to help.

And banks can apply the mostcunning methods of authentication and confirmation of operations. People are still under the influence of, as it is rightly called, social engineering will transfer money to scammers, take loans, sell apartments to help the mythical police operation. What can I say, if officials appear in the reports, and even an employee of the Central Bank, who, it would seem, should understand something.

Relatively recently, the defendant in a high-profile scandalbecame a manufacturer of robotic vacuum cleaners Roomba. iRobot is the market leader in robotic vacuum cleaners, dominating the US market. The company was acquired by Amazon for $1.7 billion.

And now a lot of photos (including some very unpleasant ones) have got on the Internet, which were taken from an obvious angle. Especially "popular" was the photo of a woman on the toilet.

And the question is, who is to blame for such photos being on the Internet?

Of course, the first thing to consider iscunning hackers who hacked into a smart home and gained access to all gadgets. And this is logical, since we are constantly told that the IoT (Internet of Things) is not secure at all and anyone can remotely access a smart kettle.

But no, it turned out that the hackers were not to blame.


As an advertisement

Robot vacuum cleaner 360 Botslab P7

Budget robot vacuum cleaner with voice control, the ability to build room maps and an operating time of up to 90 minutes, as well as wet cleaning.


Samsung Galaxy smartphone security - hacking protection, how to set it up.

We configure the Samsung Galaxy smartphone in such a way as to protect your data and not give a single chance to scammers and intruders. Your data is protected!

Choosing a compact flagship in 2022

The best compact smartphones with great features on the market.

5 facts about Amazfit GTR 3

Stylish smart watch for all occasions…

Then they accused iRobot, which, in the best traditions of the genre, turned the arrows to a contracting company involved in marking models for artificial intelligence.

Not everyone knows this moment, but it exists in the worlda significant layer of IT companies involved in the preparation of data that will then be used for machine learning. And it's usually handmade. Numerous employees sitting in front of monitors open countless photos and either label them from scratch or make adjustments to what artificial intelligence has recognized.

In particular, iRobot is working to ensure that itrobotic vacuum cleaners were better at navigating in space, recognizing rooms by sets of objects. This is necessary to execute complex commands. For example, so that the user can say: "Clean up the kitchen." Or even harder: "Clean around the couch." Relatively speaking, the robot must figure out what a sofa is, where it is located, and designate a working area around the sofa.

Here, perhaps, it is necessary to clarify that we are talking about advanced versions of vacuum cleaners with a camera for the so-called computer vision.

An example of a robot with computer vision. This is ECOVACS DEEBOT OZMO T8 AIVI. Cool robot.

The review can be read here:

Ecovacs Deebot OZMO T8 AIVI: computer vision and electric vibration mopping machine

Perhaps the best robot vacuum cleaner available with computer vision.

And this is what the camera image looks like. This is quite enough to go around the objects scattered on the floor.

Manual data markup is an essential attributeartificial intelligence. To make it so easy for ChatGPT to have meaningful conversations, dozens (if not hundreds) of AI trainers spent days creating conversation variation templates. In the same way, autonomous cars watch endless records of traffic on the road, marking certain situations.

At the same time, “marking” is low-paid work.For such vacancies they pay 600 dollars, or even less. Often this is done by outsourced employees in poor countries, where $500-600 is good money. So it is not surprising that the photos eventually surfaced on one of the forums in Venezuela.

And now it seems that we have already figured out who is to blame in this story. Low-paid employees from poor countries who wanted to sneeze at ethics.

On the one hand, yes.On the other hand, the owners of the robots themselves did not show caution. As the story began to unfold, iRobot was forced to clarify that these were photos of special robots that had been given away to volunteers helping the company improve the product. According to iRobot, the issued robots were equipped with special software and hardware. Plus, a green indicator was provided in the design of the robots, signaling that the robot not only drives, but also records video. And the owners of the robots were informed of this, so it was in their right to remove objects from the frame that they wanted to hide. In this case, this means: close the door to the toilet if you have agreed to have a video recorder autonomous machine connected to the Internet drive around your house.

At the same time, iRobot engineers and the company for primaryprocessing is to be commended. They built in a feature that cut out the faces of the people in the frame. It turned out so funny: there is a butt on the toilet, but there is no face.

And here it seems that the solution could beincreasing the level of education among users. But it's unlikely to help. Here the other day, the boss conducted a small experiment in our telegram channel by posting screenshots of the Microsoft Edge browser from Google Play, saying that the Microsoft browser does not encrypt data.

After scored more than 10 thousand views, collectedcomments. And there is no reason to believe that we have an uneducated audience. Rather, the audience of is one of the most advanced in Runet. However, the comments looked something like this:

More thoughtful went to read the user agreement. Probably for the first time. If you are interested in why it is indicated that the data is not encrypted, then everything is not so simple:

  • Microsoft Edge can be part of corporate systems where traffic is monitored by administrators.
  • Microsoft Edge is an integral part of the ecosystemMicrosoft with many integrated products. For example, if someone gave a link to a document in OneDrive, then this can be perceived as unencrypted data.
  • If synchronization is enabled, then all dataare encrypted, but only addresses, passwords, and other personal information have end-2-end encryption. All other data stored on Microsoft servers (such as browsing history or favorite websites) is also encrypted, but Microsoft has a decryption tool.
  • Personal data can be requested to be deleted. If the user is a member of a corporation (business, study), then you need to go to the administrator to delete the data.

And, of course, it is strange that no one was embarrassed by the factthe absence of at least some news about leaks of Edge users. At the same time, it should be noted that Edge, running on the Chromium engine, is subject to the same vulnerabilities as Chrome and any other browser.

As they say, fear has big eyes.And yet the fact remains: the main weak link is a person. And both the user, and the employee. At the Kaspersky Lab conference at the end of last year, they said that in 2022 the number of “bribery” had increased, when employees of “interesting” companies were offered to simply plug a USB flash drive into a work computer for a fee. For some proposals, the fee was 5 thousand dollars. Whichever way you look at it, the amount is tempting. I invite readers to dream up: would they stick a flash drive? The accountant left for lunch, and you have a flash drive for a minute - op! - and that's it.

100% protection cannot exist iferect a fence around the user, as Apple did. Even then, leaks still happen, like the infamous iCloud hack. The service itself was secure, but Apple made the mistake of allowing multiple password entries. And the users themselves used weak passwords that were easy to guess.


Looking at what games are at the top, there's no reasonto think that humanity will sharply grow wiser and become more attentive. On the contrary, the farther into the forest, the more frivolously people treat their own data. However, who knows? Tell us in the comments, do you ever read the user agreements?

About myself I can say that about two yearsago I began to scroll through the user agreement, peering into the sections about "rights and obligations". At the same time, I can’t say that I’m somehow different from a typical user. I have about four passwords, consisting of a chaotic jumble of letters, numbers and symbols, which I use for "important" services, and a couple of easy passwords that I use in other cases. Often I only update passwords when the service asks me to, so on some platforms I haven’t updated my password for 13 years (here I got a notification saying “you haven’t updated your password for 13 years, this is insecure” - come on ?!). Well, where possible, I use two-factor authentication. And from the relatively recent innovations, I started a virtual machine for all sorts of dubious files from the Internet and mail.