As we described on a recent episode of the “Smashing Security” podcast, serious security flaws in the API of a so-called “smart” chastity lock meant that men could find their umm.. personal equipment permanently inaccessible.
It’s what you might call a cock-up lock-up.
The Bluetooth Qiui Cellmate attaches itself to a man’s penis, allowing a remote partner to lock up your proverbials if they think you don’t deserve to use them for a while.
And with no umm.. manual over-ride, you could find your pickle in a right pickle if an unauthorised third-party exploits the flaws to lock the cage without your permission. Built from a mixture of polycarbonate and toughened steel, removal is non-trivial and might involve taking an angle grinder or bolt cutters to a delicate part of your anatomy.
The fine fellows at Pen Test Partners, who first uncovered the flaw and attempted to convince Qiui to fix their product, produced a video with an alternative way to override the lock which involved prising open a circuit board on the Cellmate and applying a voltage to two wires to drive a motor to unlock the sex toy.
Notably, the video demonstrates the technique with a Qiui Cellmate which is not currently attached to someone’s penis. I suspect that makes things a little less fiddly.
Personally I wouldn’t be keen to either have an angle grinder near my nuts or to apply an electrical charge anywhere in their vicinity, but then I (hopefully) wouldn’t be found wearing one of these gadgets in the first place.
Inevitably, news of the security hole caught the media’s attention, and Qiui has now come forward with its own video demonstrating how the device can be opened with a screwdriver.
No, still not rushing to experiment with that either…
And before you think the threat of a malicious party locking someone else’s cock lock without permission is overhyped, it appears some owners have been receiving threats demanding a ransom be paid…
QIUIのハッキングされたら届くメール
焦らずレポートしたら、解錠されます pic.twitter.com/bprXtRUFgI— 貞操奴隷 (@teisoudorei_000) October 8, 2020
For more discussion of this latest IoT security disaster, be sure to listen to the latest “Smashing Security” podcast:
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Hi everybody, Carole Theriault here on our 199th show, and I'm here to give a shout out to just a few of our very special, very wonderful, very fantastic Patreon supporters.
This week's shout out goes to Irma Gerd, Mo, Dan Allen, Rob Van de Weyer, Goran Josipovic, Tim Collinson, Steve Lupton, Jeremy, Marin Cathayer, Armand. You guys rock.
Thanks for your support. If you want to join this very cool group of Patreon supporters, check it out on smashingsecurity.com/patreon. Now let's get this show on the road.
This week's shout out goes to Irma Gerd, Mo, Dan Allen, Rob Van de Weyer, Goran Josipovic, Tim Collinson, Steve Lupton, Jeremy, Marin Cathayer, Armand. You guys rock.
Thanks for your support. If you want to join this very cool group of Patreon supporters, check it out on smashingsecurity.com/patreon. Now let's get this show on the road.
Some of us, from time to time, ladies, some of us to dim the lights. Ladies?
Zoe and I? There are men listeners as well. I don't know if you know that.
You just think you're talking to all the ladies, it's almost to dim the lights, put Barry White on, and slip into something a little bit more comfortable. Maybe a smoking jacket.
Okay, I'm out of here.
Turkish slippers.
What has happened to this show?
I know, I'm sorry, Zoe.
I don't remember this the last time.
Yeah, no, I'm out of here.
Smashing Security, episode 199: A Few Tech Cock-ups and One Cock Lock-up with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 199.
My name's Graham Cluley.
My name's Graham Cluley.
Ever closer to 200. I'm Carole Theriault.
Well, Carole, it is episode 199 and we've got a couple of things to get very excited about. First of all is our guest, of course.
We are joined once again by the marvelous BBC technology correspondent Zoe Kleinman. Hello, Zoe.
We are joined once again by the marvelous BBC technology correspondent Zoe Kleinman. Hello, Zoe.
Hello, Graham and Carole. How are you guys?
Fantastic having you here, Zoe. I'm so glad you came on the show.
Oh, that's so smooth. Thank you very much.
Well, the other thing that we're excited about is that Carole and I are obviously about to celebrate our 200th episode.
We're not going to see each other. Don't panic.
And we're thinking, what can we do possibly to enjoy this?
See, I was thinking maybe we would make cakes for all of them. What? We have about 5 million, 6 million downloads so far. That's not going to be that many cakes.
Well, I think we've gained some inspiration, perhaps, by the TV star in our midst. Because what we're going to do is we are going to do, is it called a live stream?
A live stream up on YouTube where people can come and join us and ask questions and see us chatting.
A live stream up on YouTube where people can come and join us and ask questions and see us chatting.
And that's basically saying YouTube AMA, dudes. Be there, be square.
Oh, that's very cool sounding. Yeah. So you will be able to join in. We are going to hold this on Thursday, October 15th at 8 PM UK time. That is 3 PM Boston.
Okay.
All you have to do to find it.
What about the people in California?
Oh, for goodness sake. They'll be at noon. They'll be at noon.
Okay.
So it'll be noon on Thursday the 15th for them.
What about Australia?
Shut up! To find out when it's happening in your time zone, all you have to do is go to smashingsecurity.com/live.
And that will automatically give you everything that you need to know in order for this wonderful thing to happen. But please be there.
Otherwise, I'll be stuck with Carole on my own.
And that will automatically give you everything that you need to know in order for this wonderful thing to happen. But please be there.
Otherwise, I'll be stuck with Carole on my own.
Yeah, Graham is really afraid that no one shows up. So I say stay away. I say stay home. I just want to see him freak out.
More cake for me though. Okay, what's coming up on this week's show, Carole?
Well, first, let's thank this week's sponsors, LastPass and Immersive Labs. Their support helps us give you this show for free.
Now, coming up on today's show, Graham heads to the bedroom. Thank God this is radio, right? Zoe gives us the latest on the UK COVID tracing app.
And I take a rather wacky look at automated recruitment tech. All this and much more coming up on this episode of Smashing Security.
Now, coming up on today's show, Graham heads to the bedroom. Thank God this is radio, right? Zoe gives us the latest on the UK COVID tracing app.
And I take a rather wacky look at automated recruitment tech. All this and much more coming up on this episode of Smashing Security.
Chums, chums, last week you will remember that we talked about so-called smart coffee makers, right? Remember Chucky? And how it could take over your life.
I hated that you chose that logo for that episode. It's kind of, as a coffee lover and a coffee drinker, I thought that was just uncouth.
Oh, because I used the Chucky doll?
Yes.
You didn't like that?
Nope.
Okay. Sorry about that.
Well, if you remember, researchers demonstrated how they were able to create a proof of concept ransomware that could obviously get in the way of you getting your daily swig of Java.
And that would obviously be very frustrating for people. Well, it's not the only thing which frustrates people, of course.
And coffee isn't the only thing that makes the world go round. Some of us, from time to time, ladies, some of us like to dim the lights. Ladies?
Well, if you remember, researchers demonstrated how they were able to create a proof of concept ransomware that could obviously get in the way of you getting your daily swig of Java.
And that would obviously be very frustrating for people. Well, it's not the only thing which frustrates people, of course.
And coffee isn't the only thing that makes the world go round. Some of us, from time to time, ladies, some of us like to dim the lights. Ladies?
What are you talking about, Zoe and I? There are men listeners as well. I don't know if you know that. You just think you're talking to all the ladies.
Some of us like to dim the lights, put Barry White on, and slip into something a little bit more comfortable. Maybe a smoking jacket.
Okay, I'm out of here.
Turkish slippers.
What has happened to this show?
I know. I'm sorry, Zoe. I don't remember this the last time. Yeah, no. I'm out of here.
Well, some of you might like to slip into something comfortable, and some of you might like to slip into something uncomfortable, because let me introduce you to a Chinese-made gadget called— it comes from a company called Qiui, I believe it is.
They're spelled Q-I-U-I. I believe it's Qiui, and it's the Qiui Cellmate. And the Qiui Cellmate is a chastity device.
They're spelled Q-I-U-I. I believe it's Qiui, and it's the Qiui Cellmate. And the Qiui Cellmate is a chastity device.
What?
What?
It's a chastity—
We almost made it to 200. Almost.
It is a chastity device designed for men.
Oh my God.
Who probably need it, to be honest.
What does it look like? Do I even want to know what it looks like?
Well, it's sort of— it's a cage for your— for your— well, not your one, obviously. I imagine you don't have one, or Carole, but— But by proxy, maybe you do. But it's a cage.
It's a sort of thing which you clamp on to one's—
It's a sort of thing which you clamp on to one's—
Graham, you're over 50 now. I need you to take a breath.
Okay.
You know that we are in 2020?
Yes.
You are talking about a chastity device, a cage that goes around your—
Your man's wilbur. Yes, exactly. It is made— Let me explain how it works. You're probably wondering, how doesn't this just fall off? Right?
Isn't there something called... isn't it—
What?
Iron maiden, there's something. It's not a merkin.
No, there has to be. Is it what people wear for sport?
A jockstrap?
Yes, that's right. With spikes.
Let me explain how it attaches to the man. 'Cause my question was, how would it not slip off? There's two parts to the Qiui Cellmate.
So, you get, first of all, this ring attachment made out of toughened steel. And that you put sort of behind the boys, right? So it doesn't fall off.
And then there's this other bit, which is, oh, how can I describe it? Well, it's sort of like a metal sheath, which goes on and locks on to the ring. Okay?
So, you get, first of all, this ring attachment made out of toughened steel. And that you put sort of behind the boys, right? So it doesn't fall off.
And then there's this other bit, which is, oh, how can I describe it? Well, it's sort of like a metal sheath, which goes on and locks on to the ring. Okay?
Yeah.
And that's made out of polycarbonate. With that locked on, and by the way, it comes in different sizes. It comes in both long and short models.
Can I interrupt? Is this because the ferocity of their erections is so strong it breaks through jeans? Is that why someone wants this kind of thing?
I believe there used to be this thing called the Prince Albert, didn't there?
Maybe there still is, where, of course, gentlemen in Victorian times, you could sort of tie something just so it would— Anyway.
Maybe there still is, where, of course, gentlemen in Victorian times, you could sort of tie something just so it would— Anyway.
Zoe, I'm going to call you after the show, okay?
Look, we'll have therapy. You're really distracting me. You're taking me somewhere I don't want to go.
No, what was Zoe?
Graham! You're just—
Come on the show, they said. Talk about cybersecurity, they said.
I had nothing to do with this.
I went to Qiui's online store, and I found that the short version was perhaps unsurprisingly completely sold out. There's plenty of long versions.
Oh, now that does surprise me actually. Really? Because I would have thought that gentlemen might be a bit more ambitious in their choice of sizes.
It'd be a bit bulky though, if it's all metal and stuff.
Oh, that's a good point.
Zoe, let me take you into the male psyche.
Oh, do you have to?
You want a small one so that you might appear larger.
Aha.
Right?
I see.
You want to be able to say, "I can barely fit into this."
Is that why you always wear a G-string when you go to the pool, Graham?
What?
Anyway, so you can choose what size you want. You can even get it personalised. You can get your name lasered onto it if you want.
€110 to you, and you can have it shipped to you, of course, from the Netherlands.
€110 to you, and you can have it shipped to you, of course, from the Netherlands.
And what's the tech side of this?
Right, I'm glad you're coming on to that, because that is very important. I'm just going to hide under my desk, so you carry on.
It is, aside from all these other features, it is of course connected to the internet.
It is, aside from all these other features, it is of course connected to the internet.
Oh my goodness.
And that is where the problems begin.
Because the whole point of the Cellmate is that you can give control of your cock lock to somebody else who could be based anywhere in the world.
Because the whole point of the Cellmate is that you can give control of your cock lock to somebody else who could be based anywhere in the world.
Right.
So if you're in a relationship where your partner doesn't want you using your penis inappropriately, you can give them the app and they can remotely lock or unlock your doodah via that mobile phone app wherever they are in the world.
Question.
Yes.
Yes, true. I'm glad you've got one. Go on, Carole.
Do you think this is a good idea?
Personally, it's not my cup of tea.
Question 2. How is this in your echo chamber? How did you hear about this, Clue?
I had two separate Smashing Security listeners send me this link earlier today, saying, "You've got to read about this." You bunch of grubby-minded—
I'm shocked.
They said, "Perfect for your show, we think." Because what has happened is that the penetration testers—
Oh, for God's sake.
—at Pen Test Partners they discovered that the API used to drive these devices and communicate with them had a myriad of flaws. Oh dear.
And it actually means that someone could remotely lock all of these devices.
And it actually means that someone could remotely lock all of these devices.
You know, I'm actually—
Around the world.
I'm kind of glad they alpha tested this on the penis, not the vagina. I gotta say, you know.
Can you still pee when you're wearing one? I haven't tested it. You sound like you know a lot about it, Graham. That's why I'm asking.
I don't know if Tomorrow's World or The Gadget Show have looked into this.
Maybe tune into the YouTube livestream to find out. Oh yeah, the stream.
Now, there's a threat here, right? Because if you could remotely lock anybody's cock lock, as I'm calling it, or Cellmate, then they can't unlock it themselves. That's the thing.
Sorry, I haven't really explained this very well. If yours is locked, the only way to get it off is via the mobile phone app.
Sorry, I haven't really explained this very well. If yours is locked, the only way to get it off is via the mobile phone app.
Wow, there's no manual override or anything?
No, there is not.
Hope you're not in the north of England with poor reception, 'cause that could get a bit annoying.
According to Pentest Partners, once remotely locked, you cannot unlock it, and you would have to take some bolt cutters or an angle grinder to— Oh my word.
Can you imagine going to the hospital going, look, I know there's a pandemic. I know there's a pandemic, but I have a bit of a situation.
I really need to pee. I'm sure you can still pee. It's probably got a hole for that. Otherwise it'd be pointless, wouldn't it? You can't have your partner going off.
What if you have an itch? Do you have a specially chiseled chopstick from the takeaway?
Well, yes, it's probably if you break your arm and you get a chopstick or a knitting needle, don't you?
So I would imagine you would use something or a coat hanger, which you could bend into the right shape, and you could scratch yourself that way, I imagine. I've got a question.
Thank you, Zoe. Let's raise the tone.
So I would imagine you would use something or a coat hanger, which you could bend into the right shape, and you could scratch yourself that way, I imagine. I've got a question.
Thank you, Zoe. Let's raise the tone.
I'm going to try. Does it only work with one person's app, or could you have multiple people—
Like a WhatsApp group?
Yeah. Controlling your device. I don't actually know.
I mean, I would imagine technologically it's possible, but I— It's not something I know, but what we do know is that the API also leaked precise location data, personal information, and even private chats and other metadata, including what the company calls the member code.
Hang on, what private chat? Who or what was having a private chat?
So the app communicates with the cage via Bluetooth, but the app also speaks to the internet, so it gets a command from the internet, from the other user who has the app as well, which is sort of coupled up with yours.
And then it communicates via Bluetooth telling you to unlock. So I think via this app you can also say, "Hey big boy," or whatever. "Have you been behaving yourself?
If you have, I'll unlock you." All right.
And then it communicates via Bluetooth telling you to unlock. So I think via this app you can also say, "Hey big boy," or whatever. "Have you been behaving yourself?
If you have, I'll unlock you." All right.
Okay, people are really bored if they're doing this for kicks. Seriously, don't you think?
Well, I think— I don't think it's for us to judge, Carole. Everyone's got a— Oh really?
You don't think it's for us to judge? No, not really. You definitely have one.
You definitely 100% have one, and I'm totally 100% judging you because— Tell me about the security of the device.
You definitely 100% have one, and I'm totally 100% judging you because— Tell me about the security of the device.
Well, the security is not that good because clearly the API can be exploited. And this is of course true of so many IoT devices in the past.
There's even a website called the Internet of Dongs, which is all about sex toys connected to the internet, which have had vulnerabilities in the past.
We've seen things like this before. I'm sure you remember, Carole, John Hawes.
He came on the show, or he appeared on the show at least a few years ago, telling us about an adult bedroom entertainment system.
There's even a website called the Internet of Dongs, which is all about sex toys connected to the internet, which have had vulnerabilities in the past.
We've seen things like this before. I'm sure you remember, Carole, John Hawes.
He came on the show, or he appeared on the show at least a few years ago, telling us about an adult bedroom entertainment system.
I wish there was a sound for rolling your eyes.
And what that did was it recorded your session with the device without asking permission.
Absolutely astonishing. In all seriousness, it is very easy to snigger at sort of sex tech, isn't it? And we do, but there's a lot of money in it actually.
I went to CES in January— God, that feels a lifetime ago— but I did, and there was, for the first time ever, they had this little corner which was devoted to sex tech, and there were sort of half a dozen vendors there showing off, you know, what they developed.
And actually it was kind of thriving, it was doing really well.
I mean, CES, they've got a really funny history with sex tech where they kind of like it and then they get a bit freaked out by it.
And there was a horrible story where they'd given an innovation award to a woman who designed a smart vibrator, and then they took it off her again.
I went to CES in January— God, that feels a lifetime ago— but I did, and there was, for the first time ever, they had this little corner which was devoted to sex tech, and there were sort of half a dozen vendors there showing off, you know, what they developed.
And actually it was kind of thriving, it was doing really well.
I mean, CES, they've got a really funny history with sex tech where they kind of like it and then they get a bit freaked out by it.
And there was a horrible story where they'd given an innovation award to a woman who designed a smart vibrator, and then they took it off her again.
Yes, I remember that story. It was shocking. Yeah. Then they gave it back to her at the end though, didn't they?
Yeah. And then it all kicked off because she was horrified, and then they gave it back to her, but it was all really awkward.
And then this was the following year that I went, January just gone, and they had— I guess because they were trying to show how open-minded they were, they were like, yeah, this year we're having a sex tech section because we're fine with it.
And it was kind of, you know, it was hard to find.
It was sort of tucked away in the corner by the loos, and I think there was a sense that they were sort of trying to make an effort but didn't really want anyone to see it.
And then this was the following year that I went, January just gone, and they had— I guess because they were trying to show how open-minded they were, they were like, yeah, this year we're having a sex tech section because we're fine with it.
And it was kind of, you know, it was hard to find.
It was sort of tucked away in the corner by the loos, and I think there was a sense that they were sort of trying to make an effort but didn't really want anyone to see it.
There must be IoT toilets. Oh, there are. You see, this— my whole life right now, I don't know.
I remember there was a story about a Japanese IoT-connected toilet which could be hacked and it could squirt you in an uncomfortable place.
We've covered a lot of really important stories. We do cover the really important ones. Anyway, Pentest Partners found this security hole.
They wanted to obviously bung it up and prevent it causing any problems. And so they tried for months to get the manufacturers at Qi, this Chinese company, to fix it.
And they weren't really getting very far.
One of the problems appears to be that the manufacturer said, well, we can't really replace the API because if we do, there's a danger we could unintentionally lock everyone into their cock cage, which you wouldn't want.
Or maybe you would, I don't know.
But now details of this problem have been released because other researchers have stumbled across other vulnerabilities in these particular male chastity devices.
And there's also concern because the manufacturer said that they're going to produce one of these devices with an internal element, I think to make it even harder to take it off.
So you can just imagine, that's probably your knitting needle, Carole, there. But you wouldn't, I mean, you don't really want that kind of device going wrong. However—
We've covered a lot of really important stories. We do cover the really important ones. Anyway, Pentest Partners found this security hole.
They wanted to obviously bung it up and prevent it causing any problems. And so they tried for months to get the manufacturers at Qi, this Chinese company, to fix it.
And they weren't really getting very far.
One of the problems appears to be that the manufacturer said, well, we can't really replace the API because if we do, there's a danger we could unintentionally lock everyone into their cock cage, which you wouldn't want.
Or maybe you would, I don't know.
But now details of this problem have been released because other researchers have stumbled across other vulnerabilities in these particular male chastity devices.
And there's also concern because the manufacturer said that they're going to produce one of these devices with an internal element, I think to make it even harder to take it off.
So you can just imagine, that's probably your knitting needle, Carole, there. But you wouldn't, I mean, you don't really want that kind of device going wrong. However—
You don't want that kind of device, full stop.
Well, no, but some people do, Carole. We're not really to judge, right? If someone gets—
Do you want to be an alpha tester of a male chastity belt? Hands up, hands up, waiting.
If they want to sponsor us, we'll consider it.
But isn't this a classic example though? It's amazing, I think, how much trust people put in tech, isn't it?
In a way that you think— if you think about this for a minute, my goodness, that's a leap of faith, isn't it, to put that on and trust? Not our listeners, fine.
But then, you know, do you remember all those stories about people driving their cars into lakes because they were following the sat nav, even though they can see that in front of them is a lake, and your rational brain is going, no, I don't want to drive into the lake.
And then your other brain is going, ah, but the sat nav says it's in the lake, and they all go.
It's a really interesting bit of human psychology, isn't it, how much we trust in the tech that we get.
In a way that you think— if you think about this for a minute, my goodness, that's a leap of faith, isn't it, to put that on and trust? Not our listeners, fine.
But then, you know, do you remember all those stories about people driving their cars into lakes because they were following the sat nav, even though they can see that in front of them is a lake, and your rational brain is going, no, I don't want to drive into the lake.
And then your other brain is going, ah, but the sat nav says it's in the lake, and they all go.
It's a really interesting bit of human psychology, isn't it, how much we trust in the tech that we get.
So I want to hear from our listeners. I want to hear from you guys.
Not a single one, not a single listener would fall for this.
If you do know somebody who's got one of these devices and they do happen to get locked in, either because of the vulnerability or they've got a partner.
You want them to send a picture?
No, no, no, no, no. There is a way which doesn't involve an angle grinder to get it off, and the guys at Pentest Partners have produced a video showing you.
Basically, you break— laser your balls? Well, almost. You break open a battery compartment, and you have to apply some voltage to two particular wires to unlock the lock.
If you're comfortable doing that, that is a way out.
Basically, you break— laser your balls? Well, almost. You break open a battery compartment, and you have to apply some voltage to two particular wires to unlock the lock.
If you're comfortable doing that, that is a way out.
This is a health warning. Do not do that. No one do that. Absolutely do not listen to Graham.
Moving on. Zoe, what's your story for us this week?
Well, I'm not really sure how to follow that, actually. We're gonna have to segue quite rapidly into a completely different subject.
The story that has consumed my entire life for the last couple of weeks has been the launch, the long-awaited launch of the COVID-19 tracing app for England and Wales, which I feel like I should practically lay a place for it at the dinner table because I've lived and breathed it now for so long.
But finally, is that the end of it? No, it's not. There's loads of issues. I'll be talking about this forever.
The story that has consumed my entire life for the last couple of weeks has been the launch, the long-awaited launch of the COVID-19 tracing app for England and Wales, which I feel like I should practically lay a place for it at the dinner table because I've lived and breathed it now for so long.
But finally, is that the end of it? No, it's not. There's loads of issues. I'll be talking about this forever.
I keep making the mistake of calling it the UK COVID-19 contact tracing app. And you get so many Scottish people annoyed with you at that point, and Northern Irish people.
What's it called?
I actually haven't installed this, and I'm paying attention because I have to go to a dentist tomorrow, and I'm gonna have to check in. I'm gonna ask loads of questions, Zoe.
Yeah, well, I feel like everyone is asking questions about stuff.
For something that's supposed to be so simple, it's just an app that's supposed to tell you whether you're at risk of having COVID-19, and actually it's become an absolute minefield.
It's called the NHS Test COVID-19 app, and it is for England and Wales. So Scotland has its own, and Northern Ireland has its own. And guess what?
So far, they don't really communicate together.
So if you are in England and Wales and then you go to Scotland, you'll have to start using the Scotland app to continue if that's what you want to do.
It's done quite well in that over 14 million people downloaded it in the first few days, which is quite— that's pretty good.
I mean, if I was an app developer, I'd be happy with that. That's a quarter of the population.
For something that's supposed to be so simple, it's just an app that's supposed to tell you whether you're at risk of having COVID-19, and actually it's become an absolute minefield.
It's called the NHS Test COVID-19 app, and it is for England and Wales. So Scotland has its own, and Northern Ireland has its own. And guess what?
So far, they don't really communicate together.
So if you are in England and Wales and then you go to Scotland, you'll have to start using the Scotland app to continue if that's what you want to do.
It's done quite well in that over 14 million people downloaded it in the first few days, which is quite— that's pretty good.
I mean, if I was an app developer, I'd be happy with that. That's a quarter of the population.
It's incredible.
Yeah, it's not bad, but then almost immediately, as you can imagine, the minute people actually started using it, they've got questions. Oh my word, there's a lot of questions.
Right, so one of the first things that emerged was you can check into a venue, right?
You scan a QR code and it says, "Oh yes, here you are, you are at the Dog and Duck in Stratford" or whatever, but you can't check out.
You are in that venue until you check in somewhere else, so that's confusing people.
Right, so one of the first things that emerged was you can check into a venue, right?
You scan a QR code and it says, "Oh yes, here you are, you are at the Dog and Duck in Stratford" or whatever, but you can't check out.
You are in that venue until you check in somewhere else, so that's confusing people.
It's like the song Hotel California. You can check in any time you like, but you can never leave.
Can I just be clear?
So if I go to a coffee shop and I check in at the coffee shop and then I don't check out and I stay home for five days before I go out next again, I am basically at that coffee shop for five days?
So if I go to a coffee shop and I check in at the coffee shop and then I don't check out and I stay home for five days before I go out next again, I am basically at that coffee shop for five days?
It keeps you logged in until midnight.
However, this is not the big problem that it sounds like it is because ultimately what it's looking for is your phone being near somebody else's phone for a certain amount of time, for more than 15 minutes, and less than two meters apart from it, who then registers that they have tested positive, right?
So if that person comes into the coffee shop six hours after you left, well, you're not going to be near their phone, are you? Because you're not there.
So in a way, it doesn't matter, but it's just an awkward little bit of user experience, isn't it, that people are like, "Well, I want to check out.
I don't want to be registered in this cafe for 10 hours, and what if somebody then comes in later and then I get caught up in their disaster?" I think that's exactly what happened to my neighbor.
However, this is not the big problem that it sounds like it is because ultimately what it's looking for is your phone being near somebody else's phone for a certain amount of time, for more than 15 minutes, and less than two meters apart from it, who then registers that they have tested positive, right?
So if that person comes into the coffee shop six hours after you left, well, you're not going to be near their phone, are you? Because you're not there.
So in a way, it doesn't matter, but it's just an awkward little bit of user experience, isn't it, that people are like, "Well, I want to check out.
I don't want to be registered in this cafe for 10 hours, and what if somebody then comes in later and then I get caught up in their disaster?" I think that's exactly what happened to my neighbor.
I think this is exactly the problem that happened to him.
And then when he went online to check it out, apparently he wasn't at risk, but he didn't check out of the location because you can't check out.
And then when he went online to check it out, apparently he wasn't at risk, but he didn't check out of the location because you can't check out.
Yeah, and the other thing that's really freaking people out, and I've had it, and even though I knew what it was, it was worrying me, is that you get these weird little phantom alerts, right?
So you're going about your business and you get a little flash on your phone and it says something like "possible COVID-19 exposure detected." And then it says "signal strength"—it's not very user-friendly language—"signal strength saved" or something, and then it disappears.
And if you go into the app, there's nothing there.
So you're going about your business and you get a little flash on your phone and it says something like "possible COVID-19 exposure detected." And then it says "signal strength"—it's not very user-friendly language—"signal strength saved" or something, and then it disappears.
And if you go into the app, there's nothing there.
Yes, that's what happened to him. That is what happened to my neighbor. And he was really panicking a bit. Well, I'm not surprised.
Why does it do that?
When it happened to me, it panics me, and I know what it does, right? So what this is, this is not actually part of the app.
The app is built using this tool that was developed by Google and Apple. That enables the phones to communicate with each other, right?
We weren't going to use it in England, and then we decided, okay, it's there, we might as well — why are we reinventing the wheel here?
We'll use what's already there, we'll use that. So what that notification is, it's coming from the Apple and Google API rather than coming from the app.
And it basically — what it means is you have been around somebody who's tested positive potentially, but not for long enough for it to be a threat.
So not to the point where you have to do anything about it unless they sneeze again. It's like, why do you need to know that? You know, I don't need to know that.
I would be much happier living my life not knowing and worrying about that. So a lot of this has sort of come back down to bad user experience.
And the final thing that's worried people is that it turned out pretty early on that you could not register test results very easily.
So the minute you go onto it and you say, oh, I've got symptoms here, I've lost my taste of taste, I've got a temperature and I've got a cough, it goes, right, self-isolation starts now.
And this little timer starts counting down. You got two weeks, right? And then you go and get your test and it's negative and you're like, hooray, I don't need to self-isolate.
But you go into the phone and it says, okay, you've got your test results, input the code so that we can update your app. But there is no code, it doesn't come with a code.
So a lot of people are freaking out going, well, you know, what do I do? I'm okay, I haven't got, my test was negative, but I've still got this isolation clock counting down.
Am I going to get into trouble? The answer is no, you won't get into trouble because, and this is an anomaly in a way, the app is guidance.
So the police can't fine you for breaking the app, because if you get a notification, nobody knows you've got it apart from you.
The whole thing is so confidential, there's no data stored anywhere, right? So they can't enforce it.
So you can carry on going about your business with this countdown going, knowing that you're okay.
But for a lot of people, you know, as we talked about, who trust the tech and want to do what they're told, this is actually really distressing.
The app is built using this tool that was developed by Google and Apple. That enables the phones to communicate with each other, right?
We weren't going to use it in England, and then we decided, okay, it's there, we might as well — why are we reinventing the wheel here?
We'll use what's already there, we'll use that. So what that notification is, it's coming from the Apple and Google API rather than coming from the app.
And it basically — what it means is you have been around somebody who's tested positive potentially, but not for long enough for it to be a threat.
So not to the point where you have to do anything about it unless they sneeze again. It's like, why do you need to know that? You know, I don't need to know that.
I would be much happier living my life not knowing and worrying about that. So a lot of this has sort of come back down to bad user experience.
And the final thing that's worried people is that it turned out pretty early on that you could not register test results very easily.
So the minute you go onto it and you say, oh, I've got symptoms here, I've lost my taste of taste, I've got a temperature and I've got a cough, it goes, right, self-isolation starts now.
And this little timer starts counting down. You got two weeks, right? And then you go and get your test and it's negative and you're like, hooray, I don't need to self-isolate.
But you go into the phone and it says, okay, you've got your test results, input the code so that we can update your app. But there is no code, it doesn't come with a code.
So a lot of people are freaking out going, well, you know, what do I do? I'm okay, I haven't got, my test was negative, but I've still got this isolation clock counting down.
Am I going to get into trouble? The answer is no, you won't get into trouble because, and this is an anomaly in a way, the app is guidance.
So the police can't fine you for breaking the app, because if you get a notification, nobody knows you've got it apart from you.
The whole thing is so confidential, there's no data stored anywhere, right? So they can't enforce it.
So you can carry on going about your business with this countdown going, knowing that you're okay.
But for a lot of people, you know, as we talked about, who trust the tech and want to do what they're told, this is actually really distressing.
No, and I know a few people that maybe, you know, have experienced a fever and then they go, 'No, I'm fine, I'm fine, I'm fine, don't worry about it,' and carry on.
And it's really difficult because I'm on the other side of the spectrum.
And it's really difficult because I'm on the other side of the spectrum.
I think this would freak you out. You're off to the dentist tomorrow, aren't you? I'm so not.
You're installing this app, you don't want to go out anyway, you don't want to go to a dentist.
You're installing this app, you don't want to go out anyway, you don't want to go to a dentist.
Well, I don't want to go to a dentist. No one wants to go to a dentist. But I particularly don't want to go to a dentist now. But I have to.
And you're going to install this app, I presume, and you might get one of these weird alerts.
Honestly, though, like we've said before, it's probably the least of my worries right now. You know, I'll just install the app, do the thing, come home, uninstall the app.
But you can imagine people would just have the bejesus scared out of them.
Well, not anymore, because Zoe has explained what's going on.
So are they fixing these issues?
Well, the thing with the test results not quite working, it's kind of going to resolve itself, because if you book a test through the app, then it will update automatically for you.
So this is slightly historic, because people had booked tests before the app came out, you know, it hasn't been out for that long. So that will kind of resolve itself.
They are also saying if you get a positive test and you can't notify the app, then the contact tracers, the people who phone you up, will give you a code over the phone to put in your app, which seems like a very low-tech solution, doesn't it?
But there we are. So that will resolve itself. The— what was the other issues? The phantom alerts, apparently they are working on that as well.
But as I said, you know, that's not actually the app doing it, that's an Apple/Google thing.
So this is slightly historic, because people had booked tests before the app came out, you know, it hasn't been out for that long. So that will kind of resolve itself.
They are also saying if you get a positive test and you can't notify the app, then the contact tracers, the people who phone you up, will give you a code over the phone to put in your app, which seems like a very low-tech solution, doesn't it?
But there we are. So that will resolve itself. The— what was the other issues? The phantom alerts, apparently they are working on that as well.
But as I said, you know, that's not actually the app doing it, that's an Apple/Google thing.
Yeah, that's presumably going to require some kind of OS update to be pushed out.
Yeah, so that's an Apple/Google issue to resolve.
Honestly though, they're going to be complicated apps, and I can totally see that there's going to be teething problems between the UK kind of crowbarring in what it requires with the Apple and Google technology, right?
I'm not surprised that there's a few niggles at this stage. I just hope that they go away soon.
I'm not surprised that there's a few niggles at this stage. I just hope that they go away soon.
I mean, I think it's worth saying that I would love to be able to point you to one particular country's app and go, here you go, you know, they've got it right, this is brilliant.
But there isn't one. Nobody's really got it right. Nobody's is working brilliantly. But I thought it was quite interesting what Matt Hancock said, the Secretary of Health here.
They were talking about how many people need to have this app in order for it to be any good. You know, you'd think you need a lot of the population to have it.
But he sort of said, well, do you know what? It's kind of a prompt really to get people to think differently and change their behavior.
You know, we've been doing this now for months, we're all sick of it, the rules keep changing, and it's easy to sort of feel a bit complacent about it.
But he said if only two people downloaded this app and it stopped one of them going around spreading coronavirus, then it's done its job, you know.
But there isn't one. Nobody's really got it right. Nobody's is working brilliantly. But I thought it was quite interesting what Matt Hancock said, the Secretary of Health here.
They were talking about how many people need to have this app in order for it to be any good. You know, you'd think you need a lot of the population to have it.
But he sort of said, well, do you know what? It's kind of a prompt really to get people to think differently and change their behavior.
You know, we've been doing this now for months, we're all sick of it, the rules keep changing, and it's easy to sort of feel a bit complacent about it.
But he said if only two people downloaded this app and it stopped one of them going around spreading coronavirus, then it's done its job, you know.
He set himself quite a low bar there though, hasn't he? So no journalist can come up to him later and say, you said two would be a success but you didn't manage that.
What is it they say? Set people's expectations low and then overdeliver.
This is all via Bluetooth, isn't it? This magic which is going on, work out people have been raged.
I wonder if that could be applied to other purposes you know, once all this coronavirus pandemic is over, or we've moved on a bit.
Because I'm thinking about, once again, these cocklocks, which are running on Bluetooth as well.
I would be quite interested if someone has come into a restaurant and is wearing one of those. Oh, I see. And wouldn't it be great if you're—
I wonder if that could be applied to other purposes you know, once all this coronavirus pandemic is over, or we've moved on a bit.
Because I'm thinking about, once again, these cocklocks, which are running on Bluetooth as well.
I would be quite interested if someone has come into a restaurant and is wearing one of those. Oh, I see. And wouldn't it be great if you're—
That's a great segue, Graham. Bluetooth is amazing, though, isn't it?
It's been around for so long, and it's never really sort of shone, has it? And now this is its moment.
My word. Well, Carole, good luck at the dentist tomorrow. Yeah, good luck. I'm saying that for the dentist, obviously.
You're saying that just before I tell my story as well, which, you know—
Given you a bit of a downer, has it? Well, I still have to talk a bit.
Is that why you're going tomorrow?
So you could do this first?
Yeah, no, I have a little tooth issue. So if I'm a little grumpy, that's why. I'm sorry.
I don't think you're a little grumpy.
Yeah, well, just in case. Just wait till my story starts. Come on.
Emphasis in the middle. Carole, what's your topic this week?
Obviously, as I'm not feeling great, I'm going to give you guys a lot of homework during my class. Okay, so do you remember your first job interview?
Or perhaps your worst job interview? I'm terrible at job interviews.
Or perhaps your worst job interview? I'm terrible at job interviews.
I don't think I've ever had a very good job interview.
I've gone to very few job interviews. I've been very lucky.
My husband has this great one.
I think it was a university interview, and he was up north, and he had to wear his suit from Burton's, and he had slippy shoes on, and he'd taken the train all the way up, and it was snowing and full of ice, and he slid down the hill completely in his suit and then had to show up and kind of go, "Hi." Did he get the job?
I think it was a university interview, and he was up north, and he had to wear his suit from Burton's, and he had slippy shoes on, and he'd taken the train all the way up, and it was snowing and full of ice, and he slid down the hill completely in his suit and then had to show up and kind of go, "Hi." Did he get the job?
Yeah, he did.
Oh, it worked. But there you go. You didn't do any jobs, Graham? You didn't actually work, did you?
No, I have. When I was at Polytechnic, I tried to get a job at a computer game magazine because I'd written computer games and things.
You thought you were a shoo-in?
I thought, wouldn't it be great? Because I quite liked writing. I thought that way I can play computer games all day and then write about them, and that would be a job.
But I made the mistake of turning up in a suit, which I assumed was the thing to do, and they looked at me like I was a complete weirdo in this computer game magazine place.
But I made the mistake of turning up in a suit, which I assumed was the thing to do, and they looked at me like I was a complete weirdo in this computer game magazine place.
Oh, they probably just thought you were an important man. They did. Yeah, but being interviewed is horrid, but being the interviewer is also horrible. Yes.
You used to hire real characters. I was going to say—
I'm sorry?
You had some curious people who worked for you, girl. What, like you? No, no, no, no. Oh, when you worked for me? Yeah, I didn't interview you. I should have. You worked for me first.
Yes. Did you make more money than I did when I worked for you? I'm sorry? Because that's not the case when you worked for me. I would never put up with that today, do you know that?
I'm shocked I put up with that. It's true, Zoe. He used to work for me and he made way more money than I did, and I knew that because I was the boss.
I'm shocked I put up with that. It's true, Zoe. He used to work for me and he made way more money than I did, and I knew that because I was the boss.
Well, how did that happen? How did you let that happen?
How did I— exactly. I was in a male-dominated environment and I somehow got talked into, wouldn't it be great to manage Graham?
It wasn't. It's probably people who work for Boris Johnson who earn more than him. It just happens. Yeah, yeah, yeah.
Okay, Boris.
Anyway, so in the olden days before services like Monster and LinkedIn, you would get— you'd put a job out there and then you'd get this deluge of resumes and 50% were totally not appropriate candidates or showing no interest at all in the job.
Anyway, so in the olden days before services like Monster and LinkedIn, you would get— you'd put a job out there and then you'd get this deluge of resumes and 50% were totally not appropriate candidates or showing no interest at all in the job.
When I was a manager, it was just a nightmare. Tell me about it. Trying to find good people to come, and you'd invite people in to talk to them, and some of them were real weirdos.
I remember one guy— now, I don't know if this is inappropriate or against the law, whatever— there was a chap who came in and he had an unusual name, and so I thought, oh, I'll just Google him.
And it turned out he had been in the news because of some sort of shooting incident.
He was an animal rights activist in his spare time, and he'd tried to free some wombats or whatever the animal was, and the farmer had shot at him, and he'd been hurt by this, right?
And I was thinking, well, this is more interesting than the interview and talking about programming or web development or whatever.
And so I kept on trying to find out from him, is there anything you're really passionate about? Are you a pet owner? You know, just, I'm just trying to—
I remember one guy— now, I don't know if this is inappropriate or against the law, whatever— there was a chap who came in and he had an unusual name, and so I thought, oh, I'll just Google him.
And it turned out he had been in the news because of some sort of shooting incident.
He was an animal rights activist in his spare time, and he'd tried to free some wombats or whatever the animal was, and the farmer had shot at him, and he'd been hurt by this, right?
And I was thinking, well, this is more interesting than the interview and talking about programming or web development or whatever.
And so I kept on trying to find out from him, is there anything you're really passionate about? Are you a pet owner? You know, just, I'm just trying to—
This was before people knew how to Google people, right? You were so cutting-edge, Clue.
He didn't have a social media presence, but I knew it was this guy. And thinking, oh, this interview is so dull. Come on, tell us about when you got shot. But I can't say that to him.
I can't say, tell me about the time when this guy shot you. Because I had no intention of giving him the job because I'd already decided I didn't like him.
But he might have thought that was the reason, right? That I was discriminating against him because he was a human dartboard.
I can't say, tell me about the time when this guy shot you. Because I had no intention of giving him the job because I'd already decided I didn't like him.
But he might have thought that was the reason, right? That I was discriminating against him because he was a human dartboard.
I've got a story. Now I've got to be careful about telling this story. I'm going to be very vague.
I know a story about someone who developed a bit of a habit for partying and was partying quite hard, quite a lot, and it was starting to really impact on this person's work, you know, to the point that they just weren't really functioning very well during the day.
And there was a meeting between managers to discuss this and try and work out what to do, you know, because obviously this is a problem, right?
And so, what they decided to do, which I don't think I've ever read in any HR policy I've ever seen, was they phoned this person's mum.
Can you imagine your mum getting a call from your boss saying, "Can you have a word?" My mum would be like, "Okay, well, I just have to empty the dishwasher at the same time."
I know a story about someone who developed a bit of a habit for partying and was partying quite hard, quite a lot, and it was starting to really impact on this person's work, you know, to the point that they just weren't really functioning very well during the day.
And there was a meeting between managers to discuss this and try and work out what to do, you know, because obviously this is a problem, right?
And so, what they decided to do, which I don't think I've ever read in any HR policy I've ever seen, was they phoned this person's mum.
Can you imagine your mum getting a call from your boss saying, "Can you have a word?" My mum would be like, "Okay, well, I just have to empty the dishwasher at the same time."
Oh, I think it's really cute. I think, do you know, you know when you get in trouble with HR and HR say, would you like to bring a friend in with you or a colleague?
I've always wanted to say, can I bring my mum in?
I've always wanted to say, can I bring my mum in?
Oh, I thought you meant, I thought you were going to say me.
Because you're bad bud. Hey, Zoe, I once applied for a job at the BBC.
Oh yeah, did you? Which one? My job?
I think Alistair Milne had just resigned or retired or something as Director General, and Duke Hussey was on the board of governors.
This was when I was about 15 or 16, and I took it upon myself, because I was busy not studying for exams, took it upon myself to adopt a pseudonym and to keep on applying.
I got lovely letters back from him, but they never actually brought me in for an interview.
This was when I was about 15 or 16, and I took it upon myself, because I was busy not studying for exams, took it upon myself to adopt a pseudonym and to keep on applying.
I got lovely letters back from him, but they never actually brought me in for an interview.
They probably recognized that the only thing that changed was the name that was crossed out in crayon. Hank Cluley.
No, my name was Guy Scott Tremblow, actually, was the name I was using at the time.
That sounds like a very strong name for a director general.
Yes. Yeah, I thought so.
Should I get back to my story?
Yes, let's get back to that.
So in the early days, pre-LinkedIn, pre-Monster, pre-everything, you would just get this deluge of resumes.
And then if your company succeeded, I guess, and your HR department got busier and you got more staff, the HR department took on that job, right?
So they would weed out some of the candidates for you.
They did this for me for a time, and you know, in hindsight, it bothers me that they let them do that because you never see the resumes they deemed unsuitable.
And then if your company succeeded, I guess, and your HR department got busier and you got more staff, the HR department took on that job, right?
So they would weed out some of the candidates for you.
They did this for me for a time, and you know, in hindsight, it bothers me that they let them do that because you never see the resumes they deemed unsuitable.
And how would they know? How would they really know?
Exactly. They're not experts in my field.
You used to be in charge of localization and translation and stuff like that, didn't you?
Well, when I first started working, but later on, I was managing your ass.
My very expensive ass.
Very, very expensive ass. Hardly worth it ass. Anyway, HR became a choke point.
If you're in a big company like Ford or Walmart or Amazon or Uber, where you have to scale up the hiring, traditional recruitment processes just don't work. It's not viable.
And this is where automated recruitment services come in. So I went looking at this. And I know nothing about this, so guys, you know, do your own research.
But I found these companies. These companies like Hubert+One, it's an AI recruiting platform built to help hiring teams crush it, it says.
If you're in a big company like Ford or Walmart or Amazon or Uber, where you have to scale up the hiring, traditional recruitment processes just don't work. It's not viable.
And this is where automated recruitment services come in. So I went looking at this. And I know nothing about this, so guys, you know, do your own research.
But I found these companies. These companies like Hubert+One, it's an AI recruiting platform built to help hiring teams crush it, it says.
Oh my goodness.
And it says it takes the boring and repetitive tasks from your applicant screening process and replaces it with solid, transparent advice from artificial intelligence trained on millions of reliable data.
Getting a computer, an algorithm to choose who would be a good hire for you, or just to weed out the chaff?
So I guess they must do a search on you based on your socials and where you are on the web. They must ask you questions. They must record those answers.
They're probably looking for keywords. There's this other one called Predictive Hire. It does top-of-funnel interviews for you, saving you time.
Everyone gets the same interview anywhere, anytime, and untimed. It doesn't care for what you are, just who you are.
And according to Slate, it's kind of like humans interviewing because these bot recruiters have their own unique styles for interviewing.
Some are merely seeking logistical information. Where are you available? Are you really interested in this job?
While others are looking to assess the drive initiative, your team-building skills, your adaptability.
Getting a computer, an algorithm to choose who would be a good hire for you, or just to weed out the chaff?
So I guess they must do a search on you based on your socials and where you are on the web. They must ask you questions. They must record those answers.
They're probably looking for keywords. There's this other one called Predictive Hire. It does top-of-funnel interviews for you, saving you time.
Everyone gets the same interview anywhere, anytime, and untimed. It doesn't care for what you are, just who you are.
And according to Slate, it's kind of like humans interviewing because these bot recruiters have their own unique styles for interviewing.
Some are merely seeking logistical information. Where are you available? Are you really interested in this job?
While others are looking to assess the drive initiative, your team-building skills, your adaptability.
So like a chatbot.
Yes, it's like a chatbot.
Do you actually see someone? Do they have an avatar going, "Hello, I've got a look here"? Like Max Headroom or something?
Yeah. Okay, I'm gonna give you guys a scenario. Okay, because we haven't even hit security yet, right? We may not, I don't know. Okay, so it's 2025, okay?
And things have not gone well for you guys, okay? Things have gone very, very badly.
And things have not gone well for you guys, okay? Things have gone very, very badly.
Oh no, I've been fired. Podcast is in ruins.
We're not talking. Yeah, we all hate each other, and both of you are desperately looking for a new job, okay? Now the question is, would you worry that a human might be biased?
So Graham, we'll start with you.
So Graham, we'll start with you.
I mean, you know... What do you mean, you know?
Well, you're a big personality, right? Would you worry about that? You're a little older than, you know.
Oh, I see. Because I'm old and annoying.
You know, you've been around the block maybe 100 times.
Well, yeah, I think that's quite possible. I think I am getting that age where I think people would think, oh, he's a bit old hat, isn't he?
So do you think maybe an automated interview might work better for you?
Well, wouldn't it know how old I was as well? Maybe it would be biased.
Yeah, but maybe it doesn't judge.
It's not some 25-year-old who's interviewing you to work at Costco and they're thinking, "Ooh, wow, check out this old boomer." Maybe I could subvert the algorithm.
It's not some 25-year-old who's interviewing you to work at Costco and they're thinking, "Ooh, wow, check out this old boomer." Maybe I could subvert the algorithm.
Maybe I could go in with different personas and work out, a bit one of those choose-your-own-adventure books. I would try and find the right way through.
And so we're both girls.
We know that often we've probably gone for jobs and you're just thinking, "This guy does not, yeah, he doesn't want a woman working for this role at all." I don't even know why I'm here.
So maybe an automated bot would get rid of that kind of bias.
We know that often we've probably gone for jobs and you're just thinking, "This guy does not, yeah, he doesn't want a woman working for this role at all." I don't even know why I'm here.
So maybe an automated bot would get rid of that kind of bias.
Well, I the idea of it, but I think we just all know that algorithms and bots are not as great as the people who make them will have us believe yet, are they?
Can I show you? Can I prove you wrong? Yeah, do go ahead. So let's get back to our scene, okay? You've got an interview and they ask you to come in to the office and you're, why?
Why would I come in? There is a pandemic going on. They said, do not worry, we're following all the rules. A bit me having to go to the dentist. You need this job.
So you get there, you got your mask on, you go into an empty room and you wait. And then someone comes in with a big cart, white cloth.
And you're thinking, this is fancy schmancy, a few croissants. And you're waiting for everything to start. Yeah. And I pull off the blanket and this happens.
Why would I come in? There is a pandemic going on. They said, do not worry, we're following all the rules. A bit me having to go to the dentist. You need this job.
So you get there, you got your mask on, you go into an empty room and you wait. And then someone comes in with a big cart, white cloth.
And you're thinking, this is fancy schmancy, a few croissants. And you're waiting for everything to start. Yeah. And I pull off the blanket and this happens.
Hi, my name is Tengai.
Whoa. I'm a social interview robot. What is this? Would you to answer one of my interview questions? That is who's interviewing you.
I would to talk about problem solving.
Can you tell me about a work or school-related situation where you had to come up with a solution on your own and why it was a problem to begin with?
It looks a piece out of the Cluedo game, doesn't it?
Can you elaborate? What was the result of your actions?
Oh, well, that doesn't freak me out at all.
Thinking back on this situation, could you have acted in a different way? Can you elaborate?
Can you elaborate? Can you elaborate? I know, right? It's fucking insane. I'll tell our listeners what they're missing. This is Tengai, a 16-inch tall robot recruiter. Hi.
That could be the future of job interviews. Tengai is programmed to conduct every interview exactly the same way. 16 inches.
That could be the future of job interviews. Tengai is programmed to conduct every interview exactly the same way. 16 inches.
Does it also come in a small size the— Can you put it in a cage?
Can you elaborate? It's—
This is a little peculiar, Carole.
It's really weird. So they can change the face imprint on it.
I don't think just changing the face is going to reassure me, to be honest.
Really? So anyone out there interested in seeing this for yourself, there are going to be tons of links in the show notes. Okay, but it is really weird.
Imagine this kind of physical robot interviewing you and looking empathetic with its facial expressions as you try to answer.
Imagine this kind of physical robot interviewing you and looking empathetic with its facial expressions as you try to answer.
I still don't quite get this humanoid robot business, do you? I mean, why are we making robots that look us? Why? We don't need to do that. They don't need to look human, do they?
I think we should make all robots look Yogi Bear, because everyone loves Yogi Bear. And he does have human characteristics.
I kind of married Yogi Bear, actually.
You have, actually. But, you know, other than a hamper and need for the occasional sandwich to pinch, I think that would make people feel more comfortable interacting with robots.
I agree.
I agree.
I like so many of these robots. There's just a sort of uncanny valley about them, isn't there? Because they look human, but they're not.
And I feel like that detracts, you know, robotics has got a long way to go, but it's amazing. All of these robots have evolved far more dramatically than I have in the last 5 years.
You know, it is impressive, but there's just no need for them to look weirdly half-human.
And I feel like that detracts, you know, robotics has got a long way to go, but it's amazing. All of these robots have evolved far more dramatically than I have in the last 5 years.
You know, it is impressive, but there's just no need for them to look weirdly half-human.
Yeah, no, no, totally. And then there's all these little weird security questions.
So I'm thinking if you don't actually have a very strong online presence, you could be penalized for not having enough of a public footprint when you were going through one of these automated recruitment processes.
That would suck. Yeah, that's true.
So I'm thinking if you don't actually have a very strong online presence, you could be penalized for not having enough of a public footprint when you were going through one of these automated recruitment processes.
That would suck. Yeah, that's true.
I wonder why this whole physical robot element is required at all.
Oh, I think it's just a gimmick.
I would feel so much more comfortable if it was a telephone interview, even if it was a telephone interview with a robot. You know, I feel that that would put me at ease.
You know, I'm having Invisalign at the moment. I'm getting my teeth straightened during lockdown. Amazing. And so I've got these braces, and I can't go to the orthodontist very often.
They don't want to see me. So I've got this amazing thing. It looks like a VR headset, but you put your phone into it and there's an app that you use.
And when you put it in and you start the app, basically you put this thing up by your mouth.
The camera of the phone and the light of the phone take these pictures from side to side of your teeth. And you have to do this with the braces in, the braces out, once a week.
And then you get a little message about how your teeth are going. And I've got— because with these Invisalign things, you have to change them every week or 10 days or whatever.
And I get a little message going, right, you're ready for your next retainer. So I've literally only been once to the orthodontist.
They don't want to see me. So I've got this amazing thing. It looks like a VR headset, but you put your phone into it and there's an app that you use.
And when you put it in and you start the app, basically you put this thing up by your mouth.
The camera of the phone and the light of the phone take these pictures from side to side of your teeth. And you have to do this with the braces in, the braces out, once a week.
And then you get a little message about how your teeth are going. And I've got— because with these Invisalign things, you have to change them every week or 10 days or whatever.
And I get a little message going, right, you're ready for your next retainer. So I've literally only been once to the orthodontist.
So you don't have a problem putting your gnashers into an IoT device? No, exactly.
And sharing all of that. But she wouldn't put her penis in. Well, surprising.
I was just leaving... You put a dot dot dot there, Graham.
Thank you for finishing that sentence.
And I think it's pronounced "vegine" anyway.
This episode of Smashing Security is sponsored by LastPass. Now, everyone knows about LastPass's password manager for end users, but it's also a great solution for businesses.
In fact, tens of thousands of companies rely upon LastPass to protect themselves.
LastPass Enterprise simplifies password management for companies of all sizes and helps you secure your workforce. So whatever the size of your business, go and check it out.
Go and visit lastpass.com/smashing to find out more. And thanks to LastPass for supporting the show. Attacks and breaches are sadly a fact of life. They happen.
What's most important is how well your organization responds, and technology isn't really enough. Your staff must be ready too.
Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cyber skills strategy and improve your security posture by identifying weaknesses.
Go to immersive labs.com/smashing right now to download your free ebook. That's immersive labs.com/smashing. Smashing Security. And thanks to Immersive Labs for supporting the show.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
In fact, tens of thousands of companies rely upon LastPass to protect themselves.
LastPass Enterprise simplifies password management for companies of all sizes and helps you secure your workforce. So whatever the size of your business, go and check it out.
Go and visit lastpass.com/smashing to find out more. And thanks to LastPass for supporting the show. Attacks and breaches are sadly a fact of life. They happen.
What's most important is how well your organization responds, and technology isn't really enough. Your staff must be ready too.
Immersive Labs delivers hands-on, challenge-based training and exercises to make your team ready to fight real-world threats.
Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cyber skills strategy and improve your security posture by identifying weaknesses.
Go to immersive labs.com/smashing right now to download your free ebook. That's immersive labs.com/smashing. Smashing Security. And thanks to Immersive Labs for supporting the show.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
Better not be.
Well, this week, my pick of the week is again something musical.
This week would have seen the 80th birthday of John Lennon, and in honor of that, Sean Ono Lennon, his son with Yoko Ono, has created a little show on BBC Sounds, a two-part show where he speaks to Elton John and Paul McCartney and his half-brother Julian Lennon.
And obviously Sir Paul McCartney as well, about their memories of John Lennon, because obviously John Lennon tragically died when Sean was just 5 years old.
You call him Sir Paul McCartney.
This week would have seen the 80th birthday of John Lennon, and in honor of that, Sean Ono Lennon, his son with Yoko Ono, has created a little show on BBC Sounds, a two-part show where he speaks to Elton John and Paul McCartney and his half-brother Julian Lennon.
And obviously Sir Paul McCartney as well, about their memories of John Lennon, because obviously John Lennon tragically died when Sean was just 5 years old.
You call him Sir Paul McCartney.
You call him Sir Paul. You don't call him just Paul.
I've never— I don't feel that familiar with him. I think we still need some decorum.
I quite enjoyed this, and obviously I'm a huge John Lennon fan, and maybe some of you are as well.
So, you might want to listen to Sean Ono Lennon on John Lennon at 80, and you can find it for the next 30 days or so on BBC Sounds. And that is my pick of the week.
Zoe, what's your pick of the week?
I quite enjoyed this, and obviously I'm a huge John Lennon fan, and maybe some of you are as well.
So, you might want to listen to Sean Ono Lennon on John Lennon at 80, and you can find it for the next 30 days or so on BBC Sounds. And that is my pick of the week.
Zoe, what's your pick of the week?
Mine is a bit of a personal revelation to me, and that is, I think the last time I spoke to you two, actually, I was telling you that I was a very proud owner of a 12-year-old television.
And I'd put on social media that, you know, that it was my oldest working gadget, and it wasn't a smart TV, and I had to use a Chromecast, but you know, it was doing its job and I was very proud of it.
And then hundreds and hundreds of people got in touch and shared with me their oldest working devices, and it was all enormous fun, and I thought that this was marvelous.
But I've got a confession to make, moving on from that story, because I am now the owner of a new television, which— What? I know, I feel like a traitor, but it was a gift.
And I'd put on social media that, you know, that it was my oldest working gadget, and it wasn't a smart TV, and I had to use a Chromecast, but you know, it was doing its job and I was very proud of it.
And then hundreds and hundreds of people got in touch and shared with me their oldest working devices, and it was all enormous fun, and I thought that this was marvelous.
But I've got a confession to make, moving on from that story, because I am now the owner of a new television, which— What? I know, I feel like a traitor, but it was a gift.
It's very decadent. It was a gift?
Someone gave you a television?
Yeah, my partner bought me a new television for my birthday.
And I have to say, it's a bit like, you know, when you get new glasses and you say, I don't need new glasses, I'm fine, I can see, I'm fine.
And then you put on your new glasses and you're like, whoa, this is what eyesight is about! So I can see through the Matrix now, this is incredible.
That's kind of the experience I'm currently having with my new television. And it's changed the way I view television. I'm watching more TV.
It's really a surprising revelation to nobody apart from myself that having a good bit of kit does make a difference.
And I have to say, it's a bit like, you know, when you get new glasses and you say, I don't need new glasses, I'm fine, I can see, I'm fine.
And then you put on your new glasses and you're like, whoa, this is what eyesight is about! So I can see through the Matrix now, this is incredible.
That's kind of the experience I'm currently having with my new television. And it's changed the way I view television. I'm watching more TV.
It's really a surprising revelation to nobody apart from myself that having a good bit of kit does make a difference.
It hasn't really changed the way you view television, has it?
I mean, you're still using the same method, but it has some kind of new— I mean, does this one get Channel 4 or something?
I mean, you're still using the same method, but it has some kind of new— I mean, does this one get Channel 4 or something?
What's the revelation? I asked my children what we should call it because we had to come up with a name, and they've come up with the name She-Ra.
And I have to say that saying— I hope it doesn't do it now— saying, Alexa, turn on She-Ra is never ever going to get old.
And I have to say that saying— I hope it doesn't do it now— saying, Alexa, turn on She-Ra is never ever going to get old.
Glorious. I like that.
I like that. So what— who's the manufacturer of this TV?
It's a Hisense TV. It's Ultra HD. It's got a really crisp picture. I mean, it's not bank-breaking, but obviously a new TV is a treat. I appreciate that.
And that will be probably 4K, is it?
It is. Yeah. And, you know, if it lasts 12 years. Exactly.
So, if anyone else is out there who's got a 12 or 15-year-old TV, your recommendation is go and grab a new one because they're so cheap these days as well, aren't they?
And that is my pick of the week.
And that is my pick of the week.
Well, it's actually Zoe's.
Yes. Carole, what have you got for us?
Okay, so I'm a little bit arty or trying to be, as some of our regular listeners know. And actually, you know what?
Watch, Graham, I'll show a few on the— if we do the YouTube AMA, live stream.
Watch, Graham, I'll show a few on the— if we do the YouTube AMA, live stream.
Oh yes, on October 15th, 8 PM UK time.
I'll show one or two of the pieces and you can kind of go, oh my God, so bad.
Anyway, part of my self-education learning how to improve my drawing and painting skills is obviously consuming loads of online content, and some of them are very bad and some of them are very good.
And I'm going to share a channel, a YouTube channel with you called Perspective and this is the business.
It's an art channel and it has a glut of documentaries that kind of look into music or theater or opera or paintings and artists and all that.
So if you don't know much about the whole culture side of things, this is an amazing place to just go and explore and learn stuff.
But if you are into one of these things, maybe theater, you might want to go watch documentaries on Les Misérables or Hamilton, or if you're into painting, you might want to watch really dozens and dozens of strong documentaries on specific painters or art movements or the art of Islam or the Tang Dynasty.
Anyway, part of my self-education learning how to improve my drawing and painting skills is obviously consuming loads of online content, and some of them are very bad and some of them are very good.
And I'm going to share a channel, a YouTube channel with you called Perspective and this is the business.
It's an art channel and it has a glut of documentaries that kind of look into music or theater or opera or paintings and artists and all that.
So if you don't know much about the whole culture side of things, this is an amazing place to just go and explore and learn stuff.
But if you are into one of these things, maybe theater, you might want to go watch documentaries on Les Misérables or Hamilton, or if you're into painting, you might want to watch really dozens and dozens of strong documentaries on specific painters or art movements or the art of Islam or the Tang Dynasty.
They're all there. And these are all on this YouTube channel, respectively?
Yeah, there's quite a few there.
There's probably maybe 50 different documentaries, all about an hour long, and I'm particularly fond of those presented by the wonderful Waldemar Januszczak.
There's probably maybe 50 different documentaries, all about an hour long, and I'm particularly fond of those presented by the wonderful Waldemar Januszczak.
Oh, Waldemar Januszczak. You will know him.
He was the art critic for The Guardian and then The Sunday Times. He's just got a really good presentation style and he's very salt of the earth.
This is why it's good, this is why it's not. He knows his onions and he's just great, I love him. That sounds really good. Yeah, no, totally.
And I mean, I wouldn't say he's up with Sinister Wendy just yet, who is basically the god of all art documentaries in my opinion.
This is why it's good, this is why it's not. He knows his onions and he's just great, I love him. That sounds really good. Yeah, no, totally.
And I mean, I wouldn't say he's up with Sinister Wendy just yet, who is basically the god of all art documentaries in my opinion.
What about Brian Sewell? Don't you think Brian Sewell—
There's not very much video of Brian Sewell, actually.
There's only one that I found, a two-parter, which is actually incredible and really interesting, but it was right before he died.
But he didn't do a lot of television, he did much more writing. Anyway, so there you go. And I want to give a shout out to our local art store, Broad Canvas.
This is our Oxford art shop, because I had to order some supplies.
And then I got a phone call from the owner saying that he needed, you know, he didn't have whatever I wanted and he was going to give me a better and bigger product and he was going to drop it off himself later in the day, which he did.
So I got same-day delivery from the owner delivered to my door. I got way more than I've even bargained for, so thank you very much, Broad Canvas.
There's only one that I found, a two-parter, which is actually incredible and really interesting, but it was right before he died.
But he didn't do a lot of television, he did much more writing. Anyway, so there you go. And I want to give a shout out to our local art store, Broad Canvas.
This is our Oxford art shop, because I had to order some supplies.
And then I got a phone call from the owner saying that he needed, you know, he didn't have whatever I wanted and he was going to give me a better and bigger product and he was going to drop it off himself later in the day, which he did.
So I got same-day delivery from the owner delivered to my door. I got way more than I've even bargained for, so thank you very much, Broad Canvas.
That's nice. Shop local, don't shop at Amazon. And that's what your message is.
Yeah, Broad Canvas are awesome. They're awesome, so if you're in Oxford, check them out. So my pick of the week this week is Perspective Channel on YouTube.
Get yourself a bowl of huge popcorn and get yourself educated and cultured.
Get yourself a bowl of huge popcorn and get yourself educated and cultured.
That just about wraps it up this week. Zoe, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
Please do. I'm on Twitter @ZSK.
Oh, so cool. So cool.
And you can follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And you can also join the Smashing Security subreddit.
And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast apps such as Spotify, Apple Podcasts, or Pocket Casts.
And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast apps such as Spotify, Apple Podcasts, or Pocket Casts.
Remember to clear your calendar and join us for a live video session to celebrate our 200th show. Yay, 200 times, guys.
Thursday, 15th of October at 8 PM UK time, be there, be square. Graham, the link?
Thursday, 15th of October at 8 PM UK time, be there, be square. Graham, the link?
Yes, the link is smashingsecurity.com/live. That will—
Okay. And socially responsible ankle wiggles to all of you for listening, supporting the show via Patreon, and sharing this podcast with your entourage.
And special thanks to you out there who've left us reviews. They keep me smiling in between shows, even when this show is not very funny.
Graham, also high five to this week's Smashing Security sponsors, Immersive Labs and LastPass. Their support helps us give you the show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
And special thanks to you out there who've left us reviews. They keep me smiling in between shows, even when this show is not very funny.
Graham, also high five to this week's Smashing Security sponsors, Immersive Labs and LastPass. Their support helps us give you the show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio, bye-bye, bye! Bye-bye. Oh, thank you so much, Zoe, for joining us today, really appreciate it.
My pleasure. Little baptism of fire there for you, Zoe, with Graham's whole IoT cock blocks.
I'm gonna hit stop.
