Pea Bee #5: Do not insert this inside your ear canal

Apr 04, 2021

Bird Detector

Last year, someone created a project to detect and click pictures of a neighbourhood crow who visited their window.

At first, they trained a model with many pictures of crows using Google’s amazing Teachable Machine. This trained model, along with a camera was used to detect and click pictures of the crow. The pictures taken were then programmatically posted on Twitter. Such an ingenious and simple project.

I wanted to build a similar project but my reasons were a bit more sinister. In my previous home, a group of pigeons was using my balcony as their toilet and for very expressive mating. None of my hollow scare tactics worked. They became fearless and the moaning only got louder. Sometimes even mocking me with the hard stare of their empty eyes.

I thought of building a similar set-up. But instead of the camera clicking cute pictures, I wanted to install a little water hose gun that sprays at them as soon as the camera detects a pigeon. I did not make this of course and I don’t like how pigeons bring out the worst in me.

Spoonbill - Creeping as a Service

Spoonbill is an app that tracks the changes made to any Twitter profile bio and then allows you to subscribe to those updates.

Imagine strangers on the internet subscribing to a daily aggregation of your Google searches or WhatsApp showing the recipients what you type as you type. This is just Twitter bio, which is public anyway, but people make mistakes and typos and sometimes impulsive updates which they quickly delete. But this gets broadcast to all the sneaky little stalkers like me without their knowledge. It is a bit creepy. Remember: every time you make an update to your bio, someone on the internet is watching you.

Related recommendation: Reply All’s episode about a Venmo voyeur who loves spying on the financial transactions of friends and strangers. [https://gimletmedia.com/shows/reply-all/76h5zl]

The OLX scam

A Redditor on /r/bangalore sub recently posted a detailed and honest post about how they got scammed on OLX. I’ve read so many of these stories and this seems to be very common on OLX. This is really good to know if you use PayTM/UPI for online payments. https://www.reddit.com/r/bangalore/comments/mgsxfj/fellow_indians_i_have_just_been_scammed_in_olx/

Another recent and common story from this sub worth reading - how Bengaluru cops will stoop down to any level just to make some cash from the city's young. [https://www.reddit.com/r/bangalore/comments/mhkj61/cops_trying_to_fuck_us_over_with_marijuana_seed/]

TIL - Cotton earbuds

This may be common knowledge but I only recently learned that cotton earbuds are not meant to be inserted inside the ear canal. The manufacturers explicitly advice against it. I checked the box that I have and it does have a caution:

In fact, our ears canals are self-cleaning and the ear wax inside them is not supposed to be removed. It helps to protect the ear canal. I think most people use earbuds because it just feels great. Our ear interiors have sensitive nerve endings and it gives a twisted pleasure to rub the cotton swab end against it.

Am I going to stop using cotton earbuds after knowing what I now know? Nah. And I have to admit, it’s a more thrilling experience now knowing that a certain level of danger is involved with this activity.

MobiKwik data breach

MobiKwik's user data was recently leaked which includes sensitive data of 110 million users including KYC and credit card details. The data dump was available for sale on the dark web for 1.5 BTC.

MobiKwik’s response to this leak should be used in future case studies on how not to respond to a data breach. A security researcher found this leak and reported it to MobiKwik on 26th Feb. This company has since been in repeated denial - instead, they’ve been attacking the security researcher who reported the breach. Due to a growing criticism against MobiKwik’s response, RBI has finally ordered MobiKwik to probe the leak and conduct an external forensic audit. This is happening more than a month after the breach was first reported.

Read this post on the timeline of events from the guy who reported the leak in the first place - https://rajaharia.medium.com/timeline-of-orphan-unclaimed-data-of-10-crore-indian-card-holder-including-kyc-c1a73363e67d

It’s concerning that we still don’t have strict laws against non-disclosure of data breaches. Just a few days back, a dutch court fined Booking.com €475,000 for being late in reporting a data breach of 4000 customers. This MobiKwik data breach includes personal data like KYC information, credit card details, hashed passwords, addresses, etc of more than 100 million users. Will there be a proportionate fine for MobiKwik too? Nah, I don’t think so. Watch them get away with this without any consequences and spinning the narrative to their favour with their IPO target just a few months away.

Related recommendation: Listen to this episode of Darknet Diaries on LinkedIn’s 2012 data breach. It’s a wild story of how the breach happened, how LinkedIn responded, and how they eventually tracked and arrested the hacker. [https://darknetdiaries.com/episode/86/]

Pea Bee