The FTX disaster, dangerous World Cup apps

This is an archived issue of my newsletter The Sleepy Fox from 12 November 2022. If you want to receive new issues as they are released, you can sign up for delivery to your inbox here.

Header image: Crazy-haired Sam Bankman-Fried ran his crypto currency exchange into the ground, but at least he has taste when it comes to ties (photo: Agence France-Presse)

This morning, I am watching a video about how to sharpen knives by hand with a whetstone. I’ve been trying to get better at this over the last few years, but my knives still aren’t as sharp as they could be. This video is the best explanation I’ve found of this process and I’m going to try Joshua’s simplified technique while sharpening some of our kitchen knives over the weekend.

I’ve also backed this neat Kickstarter project last night. It’s a solid titanium wrist bracelet made by a Scottish artist called Gregory Venters. Titanium is fascinating. I can’t wait to wear this every day.

Prototypes of the Omegaband bracelet (video: Gregory Venters)

In Ukraine, there are celebrations as the Ukrainian army apparently takes control of Kherson. Meanwhile, the Institute for the Study of War1 is reporting that the Antonivsky Bridge, the Antonivsky Railway Bridge, the Darivka Bridge and the Nova Kakhovka dam across the Dnipro and Inhulets rivers have been destroyed by Russian forces to block a further Ukrainian advance. Kherson is also still being shelled by the Russian military and some Russian soldiers have, reportedly, stayed behind the Ukrainian lines in small groups to conduct partisan and sabotage operations.

In the US, political commentators see the midterm elections mostly as a loss for Trump-aligned Republicans. I haven’t looked into this topic enough to judge if this is true. All I can say is that even if it wasn’t true, I’d expect exactly this to be the take the political commentators over there would have. Because Trump is evil. Orange man: bad.

The FTX Disaster, World Cup Apps Are a Security Nightmare

Colour me surprised: another crypto currency exchange has collapsed. FTX, the world’s third-largest marketplace to buy and trade crypto currencies, filed for bankruptcy yesterday. The company’s CEO, crazy-haired Sam Bankman-Fried, has resigned.

FTX, based in the Bahamas, held about $16 billion in customer assets but had lent about $10 billion of those funds to Alameda Research, a trading firm also run by Bankman-Fried and headquartered in Hong Kong, according to a Wall Street Journal report. Alameda, in turn, had lent out billions of dollars, with some loans secured by FTT, a cryptocurrency created by FTX, according to a Nov. 2 report from CoinDesk.

The value of FTT crashed as FTX faced $5 billion in customer withdrawal requests last weekend, which left FTX facing an $8 billion shortfall, according to Bankman-Fried. Binance, the world’s largest crypto exchange, had said it was selling its $500 million in FTT based on reports of FTX’s loans to Alameda.

It all sounds like this Bankman-Fried guy was running a massive scam that somehow collapsed. Which wouldn’t be that unusual for this “industry”. Apparently this “company” was lacking even the most basic controlling functions.

“I fucked up, and should have done better,” said the crypto maven, who is personally set to lose billions in net worth to FTX’s financial issues. Bankman-Fried said he had messed up multiple times, including a misreading of the use of margin on the platform.

In other news that should surprise absolutely no one, mandatory apps for the stupidly-held-in-winter football World Cup in Qatar will probably be used by the Gulf state’s security apparatus to spy on visitors.

Football fans and others visiting Qatar must download two apps: Ehteraz, a Covid-19 tracker, and Hayya, which allows ticket holders entry into the stadiums and access to free metro and bus transportation services. Qatar’s Ehteraz contact tracking scheme came under scrutiny even before its World Cup use because it allows remote access to users' pictures and videos, and can make unprompted calls. Additionally, Ehteraz requires background location services to always be on and it gives the app the ability to read and write to the file system.

After reviewing the two apps, France’s data protection agency CNIL suggested bringing a burner phone to keep your information safe from prying eyes — and ears. And Norway’s head of security offered similar advice, telling the Norwegian Broadcasting Company: “I would never bring my mobile phone on a visit to Qatar."

Additionally, some 15,000 cameras using facial recognition will monitor the event and attendees, ostensibly to keep footballers and fans safe. But considering the country’s dismal human rights' record, it’s probably not a bad idea to approach this surveillance with a healthy dose of skepticism. When asked about security concerns related to the two apps, a spokesperson for Germany’s data protection agency BfDI told The Register it is working with the the German Foreign Ministry and the German Federal Office for Information Security to investigate Etheraz and Hayya.

The bottom line is that by downloading these apps, which are required to visit Qatar and attend the World Cup, users are forced to “hand over all sensitive IP on a silver platter upon arrival After accepting the terms of these apps, moderators will have complete control of users' devices. All personal content, the ability to edit it, share it, extract it as well as data from other apps on your device is in their hands. Moderators will even have the power to unlock users' devices remotely. With this in mind, they’ll most likely be using these apps to scrape all your contacts, check your call and SMS history, track your location through GPS and device radio interfaces (bluetooth and wifi) and probably pillage your social media contacts,” Tom Lysemose Hansen, CTO and co-founder of app security firm Promon said, noting this also puts friends and acquaintances at risk.

At least there are some good news for gamers: Microsoft Flight Simulator2 is finally getting helicopters and glider planes.

Helicopters finally make it to Microsoft Flight Simulator (screenshot: Microsoft)

On My Desk Today

Today and tomorrow, I’m mostly finishing up work I didn’t get to yesterday. That includes everything mentioned in yesterday’s newsletter. I’ll also be taking some time off over the weekend, mostly to play New World.

Thanks for the nice comments on the first issue, by the way. I am happy to see people enjoy my work! Expect the next newsletter on Monday.

  1. A US think tank that is, of course, relative Ukraine-friendly and is being used by most major Western news sites as the main source for most of their reporting on the war. ↩︎

  2. This confusingly named game was released in 2020, it is in fact the 12th game of the series. Microsoft isn’t good at naming things, as Microsoft Flight Simulator X was actually the 11th PC game with this name. ↩︎