As Wired reports, YouTube continues to recommend young kids watch some deeply weird (and sometimes downright disturbing) videos:
YouTube videos using child-oriented search terms are evading the company’s attempts to control them. In one cartoon, a woman with a Minnie Mouse head tumbles down an escalator before becoming trapped in its machinery, spurting blood, while her children (baby Mickey and Minnie characters) cry.
The cartoon, “Minnie Mouse Mommy Has Pregnancy Problem & Doctor Treats Episodes! Mickey Mouse, Donald Duck Cartoon”, racked up over three million views in a single day. It could be viewed even with YouTube’s family-friendly restricted mode enabled and existed, along with plenty of similarly distressing content, on Simple Fun, a channel that had been in operation since July 2017.
This is after a high profile opinion piece was published last year by author James Bridle, which detailed how YouTube was systematically traumatising children, and Google promising to toughen its approach.
The YouTube Kids app is supposed to filter out content flagged as inappropriate for children under 13.
However, as Business Reporter revealed earlier this month, it’s not immune to promoting videos that argue the moon landings were faked, or that the Royal family are shape-shifting lizards.
My feeling is that your kids might be a lot happier watching a DVD box set of “Paw Patrol”, or streaming 1960s episodes of “Scooby Doo” and “The Flintstones”, than left to their own devices with YouTube.
Last month, we discussed the problem of YouTube showing disturbing videos to kids on an episode of the “Smashing Security” podcast. You can check it out here.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
This is a little stink pad. They had no computer power. You weren't controlling nuclear weapons from a laptop, Carole.
And you know, if you're installing Angry Birds, yeah, maybe it's not that big a deal, is it? Sorry, do you understand? 1 petaflop! 1 petaflop is what I'm talking about.
And you know, if you're installing Angry Birds, yeah, maybe it's not that big a deal, is it? Sorry, do you understand? 1 petaflop! 1 petaflop is what I'm talking about.
And yet Facebook still runs really slow.
Smashing Security, Episode 65: Cryptominomania, Poppy, and Your Amazon Alexa with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to episode 65 of Smashing Security for the 15th of February 2018.
Hello, hello, and welcome to episode 65 of Smashing Security for the 15th of February 2018.
My name is Graham Cluley, and I'm Carole Theriault.
And Carole, we are joined today by a good friend of the show. She's been on several times before. By popular demand, it's our very own superhero, Maria Varmazis.
Hello, Maria, welcome back to the show.
Hello, Maria, welcome back to the show.
Hi, I'm not a superhero though, but that's very, very flattering.
You wouldn't admit it. You wouldn't admit, you know, Superman doesn't walk around saying, "I'm Superman." So.
I don't have my pants on outside of my, anyway.
You are a big Trekkie, right? You love—
Massive.
Yes. I mean, just I like the superior Doctor Who. You vastly superior. No, but you are equally a crazy Trekkie fan.
But I do love Doctor Who. I mean, I grew up watching Doctor Who as well. So, you know.
That actually makes you worse in my eyes because you watched it and yet you came to the conclusion that Trek was better. But anyway, we'll be right back.
Can't I love both? There's room in my heart for both.
No.
And I don't Star Wars, so it's okay.
Oh, well, it's for kids really, isn't it? We'll be right back after this break and after all the hate mail from the Star Wars fans.
This episode of Smashing Security is sponsored in part by LastPass. Did you know that 81% of breaches are caused by weak passwords?
Failing to protect them could be a costly mistake for you and your business. Every single password is one more entryway into your business.
LastPass makes it easy to secure them all, giving insight into employee password behavior.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses.
This episode of Smashing Security is sponsored in part by LastPass. Did you know that 81% of breaches are caused by weak passwords?
Failing to protect them could be a costly mistake for you and your business. Every single password is one more entryway into your business.
LastPass makes it easy to secure them all, giving insight into employee password behavior.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses.
Rapid7 is sponsoring Smashing Security. Rapid7's Insight IDR has been named a visionary in Gartner's latest SIEM Magic Quadrant.
It is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster.
You can download a 30-day trial by visiting rapid7.com/insightidr.
It is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster.
You can download a 30-day trial by visiting rapid7.com/insightidr.
And welcome back. Well, in the last couple of years, I think we've all witnessed this huge rise of ransomware, haven't we?
Where they're taking over computers, encrypting our important files, and then demanding that a cryptocurrency payment is made in order to get your files back.
That has grown enormously. But what's interesting is that we're beginning to see something of a shift, maybe a move away from ransomware and much more crypto mining.
In fact, I would to announce that we now live in an era of crypto-minomania. Crypto-minomania. Thank you.
Where they're taking over computers, encrypting our important files, and then demanding that a cryptocurrency payment is made in order to get your files back.
That has grown enormously. But what's interesting is that we're beginning to see something of a shift, maybe a move away from ransomware and much more crypto mining.
In fact, I would to announce that we now live in an era of crypto-minomania. Crypto-minomania. Thank you.
it.
it.
Yeah.
So crypto mining, for anyone who doesn't know, maybe some people who listen to the show don't know what happens here.
Maybe you go to a website or you run a program and in the background, without you realizing it, your browser or the program which you have installed is secretly mining for cryptocurrency.
So it's doing all of the complex and intensive CPU work in order to make bitcoins or make Monero or one of the other cryptocurrencies which is out there.
So this is a different way for the bad guys to make a buck. And obviously it's very different from ransomware in so much as ransomware is very visual and obvious.
You know that you've been hit. It has to tell you that you've been hit and then you're going to take some measure to get rid of it.
When it's crypto mining, they won't necessarily announce the fact that they've done it. So lots of people are jumping on this bandwagon. And what do you mean people?
Maybe you go to a website or you run a program and in the background, without you realizing it, your browser or the program which you have installed is secretly mining for cryptocurrency.
So it's doing all of the complex and intensive CPU work in order to make bitcoins or make Monero or one of the other cryptocurrencies which is out there.
So this is a different way for the bad guys to make a buck. And obviously it's very different from ransomware in so much as ransomware is very visual and obvious.
You know that you've been hit. It has to tell you that you've been hit and then you're going to take some measure to get rid of it.
When it's crypto mining, they won't necessarily announce the fact that they've done it. So lots of people are jumping on this bandwagon. And what do you mean people?
You mean website owners or bad people?
Website owners, bad people, lots of folks, right, are crypto mining.
Either they are buying computers and hardware themselves, setting up little rigs to mine for cryptocurrency, or they're actually doing it sneakily inside websites.
And we've seen a few examples of websites which have done this, including some file-sharing websites.
But what's interesting now is, I said, we're seeing criminals really try and take advantage of this to make money.
Last weekend, for instance, it was discovered that more than 4,000 websites, including many belonging to governments around the world— US government, US courts, the National Health Service, and ironically, the Information Commissioner's Office in the UK, who are the people who normally slap your wrists if you have some sort of data incident— had their websites mangled, messed with, hijacked by a third-party plugin which was using some cryptocurrency mining code.
And this plugin was something called BrowseAloud.
And BrowseAloud is a piece of software, a plugin which you can put on your website to make it more accessible to people who are visually impaired.
And of course, many public sector bodies are doing exactly that. They need to have their website accessible to a wide range of the population.
And so they think, "Oh crumbs, how are we going to do this? Let's just plug in this little bit of software and it will do it for us." Magic.
Now, the problem is the bad guys messed with that BrowseAloud plugin and included some code in it, which took CoinHive.
CoinHive is probably the most commonly used piece of cryptocurrency mining JavaScript, which is out there at the moment in order that every person who went to those websites was actually secretly mining Monero for the bad guys' pockets.
Either they are buying computers and hardware themselves, setting up little rigs to mine for cryptocurrency, or they're actually doing it sneakily inside websites.
And we've seen a few examples of websites which have done this, including some file-sharing websites.
But what's interesting now is, I said, we're seeing criminals really try and take advantage of this to make money.
Last weekend, for instance, it was discovered that more than 4,000 websites, including many belonging to governments around the world— US government, US courts, the National Health Service, and ironically, the Information Commissioner's Office in the UK, who are the people who normally slap your wrists if you have some sort of data incident— had their websites mangled, messed with, hijacked by a third-party plugin which was using some cryptocurrency mining code.
And this plugin was something called BrowseAloud.
And BrowseAloud is a piece of software, a plugin which you can put on your website to make it more accessible to people who are visually impaired.
And of course, many public sector bodies are doing exactly that. They need to have their website accessible to a wide range of the population.
And so they think, "Oh crumbs, how are we going to do this? Let's just plug in this little bit of software and it will do it for us." Magic.
Now, the problem is the bad guys messed with that BrowseAloud plugin and included some code in it, which took CoinHive.
CoinHive is probably the most commonly used piece of cryptocurrency mining JavaScript, which is out there at the moment in order that every person who went to those websites was actually secretly mining Monero for the bad guys' pockets.
And okay, yeah. Well, I'm wondering, I'm thinking, does antivirus software, can it protect you from this? Or could it be labeled as a PUA? Can you just block it from actually?
Well, yeah, you can put blockers in place both in your web browser or indeed your ad blocker.
Doesn't come as standard at the moment with antivirus?
Well, some antivirus software, yes, will detect this kind of thing in web pages, just they may discover malicious code.
It depends rather on how much the code is attempted to be hidden and hidden away from people.
It depends rather on how much the code is attempted to be hidden and hidden away from people.
Is it yet another JavaScript thing?
It's just another piece of JavaScript. In this case, it was obfuscated.
And so you would expect any decent antivirus to have a reasonable go of warning the user that something was going on.
But of course, some people don't have these things configured properly. Some people haven't kept them updated properly.
And so you would expect any decent antivirus to have a reasonable go of warning the user that something was going on.
But of course, some people don't have these things configured properly. Some people haven't kept them updated properly.
Anyway, from around the world?
Well, it's not so much them, it's the people visiting the web page.
Granted. Yeah, right.
Okay.
Who would have that alert go off. And this happened over the weekend, so there's probably less actual traffic going to them as a result. Now, things could have been much worse.
Imagine if that code running all those web pages— it was spotted by Scott Helmee, friend of the show, who's been on before.
He alerted everyone that this was going on, and within about 4 or 5 hours, the code was taken down and was no longer causing problems.
But you have to wonder, how much worse could this have been if they had been plugging this plugin in and they hadn't realized that it had actually turned completely and entirely malicious, designed to keylog, for instance, designed to steal passwords on all of those high-profile websites?
Could have been very, very damaging and nasty. So that's just one example of the crypto-miner mania which is going on right now.
But there's more than just that, because people are so bonkers right now to earn cryptocurrency that some people are going to extreme lengths. Let me take you right now to Russia.
Okay.
Imagine if that code running all those web pages— it was spotted by Scott Helmee, friend of the show, who's been on before.
He alerted everyone that this was going on, and within about 4 or 5 hours, the code was taken down and was no longer causing problems.
But you have to wonder, how much worse could this have been if they had been plugging this plugin in and they hadn't realized that it had actually turned completely and entirely malicious, designed to keylog, for instance, designed to steal passwords on all of those high-profile websites?
Could have been very, very damaging and nasty. So that's just one example of the crypto-miner mania which is going on right now.
But there's more than just that, because people are so bonkers right now to earn cryptocurrency that some people are going to extreme lengths. Let me take you right now to Russia.
Okay.
We're doing bad accents again.
No, we're doing flipping good accents. So there is a nuclear weapons facility, a top secret nuclear weapons—
That you know of.
Research. Well, it's top secret. Okay.
Connections. It's that chess thing. That's where he finds out. That's his actual—
When I was chatting to Garry Kasparov the other day—
Top secret nuclear weapons facility that you're aware about, but no one else is. Carry on.
Look, just because something is top secret doesn't mean it's actually a secret. It just means it's— Oh, I don't know. Maybe you just can't get to it.
Maybe there's a big barbed wire and things, and you're not allowed into the city. Russian authorities have arrested several scientists working at this facility.
Because what they did was they hijacked the Uber supercomputer.
Maybe there's a big barbed wire and things, and you're not allowed into the city. Russian authorities have arrested several scientists working at this facility.
Because what they did was they hijacked the Uber supercomputer.
Of course they did.
To mine cryptocurrencies.
Excellent.
This is a 1 petaflop supercomputer.
I love that word so much.
And how much bitcoin did they make? 0.01?
Petaflops. You know what that is? That's a mere 1,000 trillion floating point operations per second. This is some rig which does that.
But I wonder how much actual bitcoin they made. Using that ginormous rig?
Well, I haven't managed to find out that particular detail.
Super secret. Okay.
One bitcoin. Super duper secret.
Exactly. That's what I'm waiting for. One whole bitcoin.
Now you're probably wondering, how did they get caught?
Well, they got caught because in order to do crypto mining, you need to connect your computer to this little thing called the internet.
Well, they got caught because in order to do crypto mining, you need to connect your computer to this little thing called the internet.
What?
And now this is, now this is going to surprise you. But you're not supposed to connect nuclear weapons facility research supercomputers to the internet.
No way.
Really not.
What? Now why is that?
Really not.
How come?
They can't watch YouTube?
Why would you want to do that? What if you really want to play some Call of Duty? I don't know, whatever. It gets boring in there.
Basically, the message here is you can't trust your own staff, right? And people will go to extraordinary lengths saying, hehehe, we can— or maybe ho ho ho, oh, it's French.
I can't do a Russian laugh. Yeah, yeah, yeah, yeah. Right, that's a Russian laugh.
I can't do a Russian laugh. Yeah, yeah, yeah, yeah. Right, that's a Russian laugh.
You're going to be boycotted.
You can't trust anybody these days, any member of staff, as to what they're getting up to with your computers.
I don't think there's anything that's changed. I think the same thing happened when we were first given laptops, for instance, and it was all, laptops are just for work people.
How many people do you think followed the rules there?
How many people do you think followed the rules there?
That's just a ThinkPad. They had no computer power. You weren't controlling nuclear weapons from your laptop, Carole.
And you know, if you're installing Angry Birds or something on it, yeah, maybe it's not that big a deal, is it?
And you know, if you're installing Angry Birds or something on it, yeah, maybe it's not that big a deal, is it?
You just want to check Facebook.
One petaflop. One petaflop is what I'm talking about.
And yet Facebook still runs really slow on that website.
It is really scary though, isn't it, actually, a nuclear weapons facility PC computer and just, let's connect it up.
It was the Ethernet cable was just unplugged. It was next to the wall and they're just, let's just right there. And then there we go.
That's sort of that. No one will notice.
Okay, so getting back to real life, if I am a user and a visitor of a website which has the secret JavaScript code on it, what would I notice?
How would I know if I wasn't running an antivirus or something? How would I know that it's there and how can I stop... Are you okay? Was that just... I don't know what just happened.
How would I know if I wasn't running an antivirus or something? How would I know that it's there and how can I stop... Are you okay? Was that just... I don't know what just happened.
Your fan goes crazy. Your battery life diminishes. Everything runs slowly, right? Because, well, it's taking up all of your CPU.
It's someone threw honey into the back of your computer.
It's exactly that. I'm glad we've been able to describe this scientifically. Yes.
That is something I am completely familiar with.
It's a teeny weeny problem.
Yes. That happens to me all the time.
It just turns to sludge. And talking of sludge, there was a sewage plant which got hacked in order to mine crypto coins. Can you believe that?
And some people will view its content as sludge. Salon.com. Have you heard of Salon.com? It's not an online hairdresser's. What it is, is a left-wing media outlet. Is that right, Maria?
You're our token American.
And some people will view its content as sludge. Salon.com. Have you heard of Salon.com? It's not an online hairdresser's. What it is, is a left-wing media outlet. Is that right, Maria?
You're our token American.
I would say that's correct.
Eyebrow-raising topics occasionally.
Yeah, there's a lot of hate reads on Salon.com where people are all right.
So what they're doing right now is if you go to their website, you will see a pop-up, and we're all used to these pop-ups saying, oh, you know, turn off your ad blocker.
And we're all, bugger off. No, we're not going to turn off our ad blocker because we don't want to get infected by malware and we don't want you tracking us and all the rest of it.
But this particular one says, look, you've got a choice. You can either stop blocking ads, so whitelist us in your ad blocker, or you can let us mine some cryptocurrency.
And we're all, bugger off. No, we're not going to turn off our ad blocker because we don't want to get infected by malware and we don't want you tracking us and all the rest of it.
But this particular one says, look, you've got a choice. You can either stop blocking ads, so whitelist us in your ad blocker, or you can let us mine some cryptocurrency.
Are you serious?
Sorry.
Or maybe I'm a ransomware.
Okay, hold on. That's so Salon though. All right. I'm going right now to check it out.
Go there right now. Make sure you've got an ad blocker on.
I do have my ad blocker on. Of course I have an ad blocker. I'm not getting that message.
I'm going to.
I really want to see this story.
Oh, I got it. You got it, Carole?
Oh, I just got it too.
Right.
Get out.
For real.
Suppress ads. It says block ads by allowing Salon to use your unused computing power.
Oh, yeah.
Right.
And if you click on the link through to the FAQ, you will find out that they are using CoinHive code to mine Monero in the background.
And there are people who've gone there and they've said, well, it now takes 10 times longer to read any Salon article because you're better off anyway.
Your computer has turned to sludge.
And there are people who've gone there and they've said, well, it now takes 10 times longer to read any Salon article because you're better off anyway.
Your computer has turned to sludge.
They can't even scroll.
No, it's because everything's so slow. And imagine if all these websites begin doing this and you've all got, you've got them all open in tabs, right? That's what I'm doing.
I have loads of tabs open all the time and you're thinking, why is my computer turning this slow?
I have loads of tabs open all the time and you're thinking, why is my computer turning this slow?
Yeah, yeah, yeah. This, yep.
Now in some ways I think it's great, you know, Salon being upfront about it and going, hey, let us do this. They're not doing this sneakily.
It's an interesting solution, isn't it though? I mean, given that nobody wants to see ads, nobody is going to get money from ads. I mean, I hate the idea, but it's also interesting.
It is interesting. I think it is an interesting alternative, but I think maybe the way in which it's being done isn't quite right. Maybe they're taking too many resources.
And this is the other problem with crypto mining. Everyone's jumping on this bandwagon. That's what the mania that we're seeing right now.
But, you know, at the beginning of this, I mentioned about these 4,000 government websites which got hit and had crypto mining code on them.
How much money do you think the bad guys actually made from doing that? Really huge, high-profile hack. By the way, say a big number, otherwise it's going to appear unimpressive.
So it's—
And this is the other problem with crypto mining. Everyone's jumping on this bandwagon. That's what the mania that we're seeing right now.
But, you know, at the beginning of this, I mentioned about these 4,000 government websites which got hit and had crypto mining code on them.
How much money do you think the bad guys actually made from doing that? Really huge, high-profile hack. By the way, say a big number, otherwise it's going to appear unimpressive.
So it's—
18 million.
18 million. Maria, can you come up with a similarly huge amount of money?
81 million.
81 million. No, no, it wasn't. Let me tell you how much it was. $24.
Cha-ching!
The whole thing's just a joke.
You can't even fill up a car with that much money right now.
That was 4,000 websites, admittedly only for about 6 hours or so. But, you know, is it really worth it?
That's not even their hourly wage. I mean, that's not—
So I think crypto mining is a bit of a trendy thing to do right now, isn't it? By the criminals and indeed by other legitimate websites which are trying to make money.
Maybe they're finding advertising isn't working, but it just doesn't seem to really bring in enough cash to be worth it.
Maybe they're finding advertising isn't working, but it just doesn't seem to really bring in enough cash to be worth it.
It's the user has a choice right now. That's the thing that bugs me about all this.
If they, you know, in this case, in the salon.com example, you do have a choice and I agree, that's good.
But if this is sneaking onto your machine and there's no real way that you can flag it and stop it or being asked permission to do it, it's gross.
If they, you know, in this case, in the salon.com example, you do have a choice and I agree, that's good.
But if this is sneaking onto your machine and there's no real way that you can flag it and stop it or being asked permission to do it, it's gross.
Well, obviously you can install a browser plugin or something like that, which will alert you if a known crypto mining code is being used by website. That's terrific.
But I wonder whether we're going to start seeing more attacks which don't involve just the browser.
Just recently we've seen a whole series of Android Google Play apps and games which have been secretly crypto mining in the background.
And I was thinking, hey, you know, there's all this free software out there, right, which we all love to use. Maybe those guys want to make a bit of cash.
What's to stop some of them introducing some sort of crypto mining element if they keep it at a low enough level? So it doesn't massively impede your computer.
Maybe that is a legitimate way to fund themselves.
For instance, I was thinking if I'm running a backup program, my computer backs itself up at 2 o'clock in the morning every morning.
If my backup program sneakily did some crypto mining at the same time, I probably wouldn't notice, would I?
But I wonder whether we're going to start seeing more attacks which don't involve just the browser.
Just recently we've seen a whole series of Android Google Play apps and games which have been secretly crypto mining in the background.
And I was thinking, hey, you know, there's all this free software out there, right, which we all love to use. Maybe those guys want to make a bit of cash.
What's to stop some of them introducing some sort of crypto mining element if they keep it at a low enough level? So it doesn't massively impede your computer.
Maybe that is a legitimate way to fund themselves.
For instance, I was thinking if I'm running a backup program, my computer backs itself up at 2 o'clock in the morning every morning.
If my backup program sneakily did some crypto mining at the same time, I probably wouldn't notice, would I?
Oh, you'd notice your bill.
You'd be paying for it.
Yeah, you're looking at your bill.
You'd be paying for it. Helping, helping to— True.
I'm not saying it should sneakily do it, but I wonder whether we will see more free apps thinking, actually, this is a way we can make cash without having to worry with all that hassle of ads.
This seems like every time somebody says something crypto something or blockchain something or other, everybody just loses their minds and wants to get in on that, even though they may not understand what it means.
Like, I barely understand what this stuff means.
Like, I barely understand what this stuff means.
So I know I was talking to a financial advisor and he was saying daily he gets calls from people saying, hey, I'd like to invest in bitcoin, do you do that?
And he says, no, I'm not involved in this. And I really— I don't think, you know, if you don't know a lot about it, I don't think— I don't recommend you do this either.
And he says, no, I'm not involved in this. And I really— I don't think, you know, if you don't know a lot about it, I don't think— I don't recommend you do this either.
If you're asking, don't. Yeah, pretty much.
But maybe we can give an address at the end of the show if people want to send us their money. And we will, of course, invest it wisely for them.
There goes Greedy Guts once again, courtesy of a Panama PO box.
What about doing a splinter episode talking about blockchain and all that kind of stuff? Because it's huge right now.
Yeah, that's such a good idea, isn't it?
Yeah. Imagine if we had done that a while ago.
I would actually love to hear it because I could learn about it.
Maybe about 10 weeks ago.
Yeah. Imagine if we put that out at the beginning of the year.
Oh, don't tell me that was on the agenda and it didn't— Oh, sorry.
We've done that, Maria.
Wait, did you? And I missed it? Oh, fuck me. I'm sorry. Listen, I have a baby. What can I say?
Maria, what's your story for us this week?
Sorry, need a moment. So, continuing my trend of being the old man who yells at clouds, I'm going to get mad at technology again this week.
So my story is about this thing called YouTube for Kids. YouTube for Kids is still showing scary videos to children, and still, despite all their efforts.
Despite all the attention about this and all the efforts, and I'll get into that in a second, but it's still a problem.
So I think we can all agree that it is an absolutely terrible idea to park a child in front of YouTube and just go, you know, have fun.
But what is YouTube's obligation to the public at large in keeping kids safe if they're marketing their own product as kid-friendly when it's clearly not?
So that's sort of the question I want us to keep in mind.
So the problem with YouTube Kids is that YouTube says this is an app that they've made specifically for children to, quote, make it safer and simpler for kids to explore the world through online video, right?
Except as we've talked about just now, it's been shown repeatedly that YouTube Kids is failing on that safer bit. And it's been known for a little while.
And a story that really caught fire late last year, I want to say October, was this Medium article by this guy named James Bridle called Something Is Wrong on the Internet, which is— of course there is.
So this story, if you haven't read it and definitely include it in the show notes because it's a great weird read, is that there's this bizarre weird gray area of videos that targets children specifically on YouTube Kids that aren't obvious troll videos.
So it's not ISIS beheading videos, obviously over the top, completely inappropriate for children.
These are things where it's just kind of off and kind of weird, just enough that as an adult you'd go, I don't really think that's child appropriate, but it's not super obviously weird.
So it's something a Disney character that is very popular in pain or doing something really gross eating poo or worse.
So it's not— again, it's not something that would be obviously flagged by the YouTube filters as, this is completely inappropriate.
So my story is about this thing called YouTube for Kids. YouTube for Kids is still showing scary videos to children, and still, despite all their efforts.
Despite all the attention about this and all the efforts, and I'll get into that in a second, but it's still a problem.
So I think we can all agree that it is an absolutely terrible idea to park a child in front of YouTube and just go, you know, have fun.
But what is YouTube's obligation to the public at large in keeping kids safe if they're marketing their own product as kid-friendly when it's clearly not?
So that's sort of the question I want us to keep in mind.
So the problem with YouTube Kids is that YouTube says this is an app that they've made specifically for children to, quote, make it safer and simpler for kids to explore the world through online video, right?
Except as we've talked about just now, it's been shown repeatedly that YouTube Kids is failing on that safer bit. And it's been known for a little while.
And a story that really caught fire late last year, I want to say October, was this Medium article by this guy named James Bridle called Something Is Wrong on the Internet, which is— of course there is.
So this story, if you haven't read it and definitely include it in the show notes because it's a great weird read, is that there's this bizarre weird gray area of videos that targets children specifically on YouTube Kids that aren't obvious troll videos.
So it's not ISIS beheading videos, obviously over the top, completely inappropriate for children.
These are things where it's just kind of off and kind of weird, just enough that as an adult you'd go, I don't really think that's child appropriate, but it's not super obviously weird.
So it's something a Disney character that is very popular in pain or doing something really gross eating poo or worse.
So it's not— again, it's not something that would be obviously flagged by the YouTube filters as, this is completely inappropriate.
So it's basically, let's try and trick the YouTube filters to get something a little bit inappropriate in there, and somehow that's a win.
Somehow that's a win.
I've always found Donald Duck slightly disturbing because he doesn't wear trousers, I have to say.
So I can understand the difficulty YouTube for Kids has working out what's appropriate and what isn't, right?
So I can understand the difficulty YouTube for Kids has working out what's appropriate and what isn't, right?
I mean, if even we adults can't figure it out, then how the heck can a machine figure it out?
Apparently, thousands upon thousands of these videos would have what Bridle calls word salad titles, where the titles are just complete nonsense with a ton of keywords that are popular with kids, Frozen or whatever, Lego, Spider-Man, Batman, whatever, you know, eat spaghetti in a tub with cake, Minecraft.
Yeah, you name it. And they're usually— the whole video is computer generated, so it's got these really cheap computer animations just thrown together.
And the hope is that enough kids will watch them that apparently through monetization they'll make money.
But some of these actually have live actors dressed up real people doing these weird and disturbing things.
And apparently this is a successful enough model that they're making money, because clearly why else would they be doing this?
Apparently, thousands upon thousands of these videos would have what Bridle calls word salad titles, where the titles are just complete nonsense with a ton of keywords that are popular with kids, Frozen or whatever, Lego, Spider-Man, Batman, whatever, you know, eat spaghetti in a tub with cake, Minecraft.
Yeah, you name it. And they're usually— the whole video is computer generated, so it's got these really cheap computer animations just thrown together.
And the hope is that enough kids will watch them that apparently through monetization they'll make money.
But some of these actually have live actors dressed up real people doing these weird and disturbing things.
And apparently this is a successful enough model that they're making money, because clearly why else would they be doing this?
Okay, can I ask a question?
No.
Why wouldn't they just make videos that aren't rude if they're trying to monetize it? Because it gets attention? Because the media might pick up on it and then everyone goes to it?
That's a bloody good question.
It's a great question. I've— maybe it's just easier to do this nonsense bullshit. I mean, Elsa eating spaghetti in a tub.
Maybe it's an algorithm. Maybe it's an algorithm that goes out and just grabs videos and it's— I don't know. It's really weird.
Yeah.
To me, if it was a monetizing thing, you would try and stick to the rules as much as you could.
Oh, you know what it could be? I wonder if the people behind this are actually child psychotherapists.
And what they're doing is they're trying, they're trying, yes, they're making money out of the monetization of the video being watched, but also thinking we can potentially get paid thousands for years and years in order to put the kid's head right again.
And what they're doing is they're trying, they're trying, yes, they're making money out of the monetization of the video being watched, but also thinking we can potentially get paid thousands for years and years in order to put the kid's head right again.
They're playing the long game is what you're saying.
Yeah, that's not an insane suggestion at all.
I'm just trying to be logical. I'm trying to be logical about what I thought was a very good question.
You've done a very good job, Graham.
Thank you.
I mean, the only answer always, I mean, the answer is always money.
I mean, they wouldn't do it if it didn't make them money because you've got a kid parked in front of a screen and the YouTube Kids app is just pulling up video after video after video.
And the parent presumably has no idea what's going on. And the kid is just auto-playing all these bizarre videos that the algorithm keeps serving up to them.
I mean, they wouldn't do it if it didn't make them money because you've got a kid parked in front of a screen and the YouTube Kids app is just pulling up video after video after video.
And the parent presumably has no idea what's going on. And the kid is just auto-playing all these bizarre videos that the algorithm keeps serving up to them.
It must be that these are, no one's actually looking at them. They're just being automatically compiled and slapped up there.
Exactly. Yep. And they keep getting past what YouTube calls, you know, their automated quality filters.
And they insist— YouTube does— that through the magic of machine learning, that they're getting better at rooting this junk out and protecting kids.
And they insist— YouTube does— that through the magic of machine learning, that they're getting better at rooting this junk out and protecting kids.
I bet that's probably true. I bet that's probably true.
It probably is. It's— I'm sure it's an arms race. And the response from YouTube is, well, parents and kids should just flag the bad content when you see it. So that's not—
That's just— I can— it's fine for adults. I just think that just cannot be for kids. You can't do that approach.
The burden's on the kid to protect themselves from the bad stuff. So kiddo, if you got nightmares seeing Winnie the Pooh being decapitated, just flag it and move on, okay? Right?
That's basically what they're saying. That's a great approach. Yeah.
That's basically what they're saying. That's a great approach. Yeah.
I can understand the trauma of this. My oldest childhood friend is a womble called Orinoco, who was a pajama case. And I'm looking up at him right now.
He's on one of the shelves in my office.
He's on one of the shelves in my office.
You're lucky he's still with you.
I took him on a trip with me once as a grown-up, and a number of unfortunate events happened to him.
Carole, I don't know if you know anything about what happened to him, but he ended up basically being crucified. I think at one point he was found hanging from a banister.
It was— and I was quite upset— stabbed and— Was it being used for voodoo?
Carole, I don't know if you know anything about what happened to him, but he ended up basically being crucified. I think at one point he was found hanging from a banister.
It was— and I was quite upset— stabbed and— Was it being used for voodoo?
I mean, we were all really concerned in the house.
Carole was there. She expressed concern at the time, but at the same time was also seen smirking a lot.
No, no, I was trying to get to the bottom of what was happening.
Were you? Yeah, interesting. Yeah, so I can understand this.
But anyway, yes, you sound traumatized, a little triggered, if I may.
Yes, I feel I have been. I'm going to actually have to go and find my emotional support womble right now.
You should see this thing. It's been hugged bare. It's a little rat.
Can we have a photo in the show notes? This is really important. I have to respect his privacy, so I'm not sure if it'll make it in.
Anyway, sorry, continue.
I don't know how to proceed from there. I think we should just end the segment right there.
So basically they're saying it's people's fault, it's the user's fault. They've got to handle it. Little Timmy has to press report.
Right. So I can hear what a whole bunch of people are thinking right now.
I don't have kids, or my kids won't watch YouTube kids because I'm a perfect parent, whatever, and problem solved, who cares, I don't give an F about this.
So this, I think, is a much bigger problem than just YouTube and kids stuff and all that kind of thing. And as Graham alluded to, it's the attitude of users will fix it for us.
It's the user problem, the users will handle it. And in this case, fundamentally, YouTube Kids is failing its users. And of course, in this case, the kids are very vulnerable.
But it just makes me think of so much else that we've heard, both in the podcast and in general, that we have all this tech that makes huge promises and then it grows so quickly, way faster than anybody can predict, that it very quickly outpaces its reasonable use and it gets abused so much faster than anyone can possibly moderate it or enforce any kind of sane rule.
I don't have kids, or my kids won't watch YouTube kids because I'm a perfect parent, whatever, and problem solved, who cares, I don't give an F about this.
So this, I think, is a much bigger problem than just YouTube and kids stuff and all that kind of thing. And as Graham alluded to, it's the attitude of users will fix it for us.
It's the user problem, the users will handle it. And in this case, fundamentally, YouTube Kids is failing its users. And of course, in this case, the kids are very vulnerable.
But it just makes me think of so much else that we've heard, both in the podcast and in general, that we have all this tech that makes huge promises and then it grows so quickly, way faster than anybody can predict, that it very quickly outpaces its reasonable use and it gets abused so much faster than anyone can possibly moderate it or enforce any kind of sane rule.
Do you know what would be better? Why don't we just ask adults to kind of take part?
You know, if Google are not going to do anything about it, why doesn't just an adult every day go watch one kid video from YouTube Kids and report it if there's anything bad in it?
If we all did that, and then Google can collect all the money from having a really safe channel.
You know, if Google are not going to do anything about it, why doesn't just an adult every day go watch one kid video from YouTube Kids and report it if there's anything bad in it?
If we all did that, and then Google can collect all the money from having a really safe channel.
From crypto mining our activity while we watch the video. Exactly.
Yeah.
But that wouldn't even cover— I'm sure with the number of videos out there, it wouldn't even cover it, even if people actually wanted to do that, which nobody would.
But yeah, it's just, it's a really yucky problem.
Yeah. My kid loves YouTube for Kids. I'm sorry, Maria, my kid's older than yours.
I don't doubt it. Yeah.
And so he's been corrupted by it.
No, it's not a—
Against my better judgment. But he hasn't, thankfully, as far as I know, encountered anything this.
He has seen a couple which he found a little bit scary, but I think that was just him being a bit sensitive or whatever to it.
But I wonder whether what we really need to do is we need to say, you know what, YouTube isn't for kids.
Now, kids are into screens, but there's no reason why we couldn't plonk them down and say, 'Watch 5 episodes of Scooby-Doo' or something instead.
Something which hasn't been made by the great unwashed public.
He has seen a couple which he found a little bit scary, but I think that was just him being a bit sensitive or whatever to it.
But I wonder whether what we really need to do is we need to say, you know what, YouTube isn't for kids.
Now, kids are into screens, but there's no reason why we couldn't plonk them down and say, 'Watch 5 episodes of Scooby-Doo' or something instead.
Something which hasn't been made by the great unwashed public.
Right.
Well, it is a great program apart from when Scrappy-Doo was in it. I think they did ruin it.
I never watched Scrappy-Doo. That was after my time.
It was an aberration. Yeah, he was awful. But if it's pure proper Scooby-Doo, that's all right. Or Danger Mouse, something that.
So you actually see stuff which has been made by proper organizations producing output, media organizations who have been producing kids' programs.
Rather than, you know, who have some responsibilities, rather than, you know, Uncle Norman down the road has made a video and he's—
So you actually see stuff which has been made by proper organizations producing output, media organizations who have been producing kids' programs.
Rather than, you know, who have some responsibilities, rather than, you know, Uncle Norman down the road has made a video and he's—
Voted.
I agree with you there, but I think that's a very reasonable and really smart decision on the small sliver of the issue being YouTube Kids specifically, but bigger picture—
But it is bigger than that, isn't it?
Yeah, why do we throw our hands up in the air and go, well, you know, users, you should really be flagging this stuff and you figure it out and when you flag it, we'll clean up the mess, but until then, you know, I mean, that to me, that just feels so half-assed.
Have we really done all that we can to protect users? And I'm not talking just about kids, I'm talking about users in general.
Have we really done all that we can to protect users? And I'm not talking just about kids, I'm talking about users in general.
No, no, I think we need to ask the big giants to step off the arms race. I mean, Facebook as well is going after 13-year-olds and under, right, with their new Facebook for Kids.
And so we've got both internet giants trying to compete for mindshare of our children. And I think you're asking the right questions. Should we allow our kids to do this?
And so we've got both internet giants trying to compete for mindshare of our children. And I think you're asking the right questions. Should we allow our kids to do this?
To me, it seems almost like a— I think it's a no-brainer. Most people would say, yeah, keep kids off of this stuff.
And I'm just thinking just in general, again, I'm going hugely, massively big picture.
And I'm just thinking just in general, again, I'm going hugely, massively big picture.
You've gone big.
You've gone way beyond just kids on the internet because I feel that one's— that's much more black and white.
I'm thinking more why are we expecting users to do all the content policing and the frontline defense? That to me is—
I'm thinking more why are we expecting users to do all the content policing and the frontline defense? That to me is—
Why are people accepting it? Which is even, you know, right?
Because, yeah, I mean, I'm a Reddit user, for example. Reddit is both amazing and the absolute cesspool of the internet, one of the many. And one, I mean, it's both at the same time.
And basically every time Reddit comes out with a new rule saying, hey, we're doing something about some abhorrent thing that has popped up on Reddit, inevitably they go, well, we can't police this stuff.
You guys just need to flag it and then we'll look into it. And it just seems so noncommittal and a complete abdication of responsibility. I don't have a genius solution here.
And basically every time Reddit comes out with a new rule saying, hey, we're doing something about some abhorrent thing that has popped up on Reddit, inevitably they go, well, we can't police this stuff.
You guys just need to flag it and then we'll look into it. And it just seems so noncommittal and a complete abdication of responsibility. I don't have a genius solution here.
It's not okay.
And we've just seen this with the deepfakes thing, which we spoke about a couple of weeks ago as well.
The sort of celeb fake porn, you know, where people can take pictures of you and insert you into a porno movie, haven't they?
The sort of celeb fake porn, you know, where people can take pictures of you and insert you into a porno movie, haven't they?
Yeah. And Reddit came out a week after that story came out. I don't know, maybe we helped with that. I have no idea.
And said, you know what, we're banning that subreddit that has the deepfakes on it. Great. Problem solved. And then people in the thread said, okay, great.
So what are you going to do about it if, say, somebody's involuntarily in a deepfake porno, and they said it's the responsibility of the person who has appeared in that porno to flag it and say, I don't want to be in it.
So again, it's, me, I would need to go trolling through this stuff to find—
And said, you know what, we're banning that subreddit that has the deepfakes on it. Great. Problem solved. And then people in the thread said, okay, great.
So what are you going to do about it if, say, somebody's involuntarily in a deepfake porno, and they said it's the responsibility of the person who has appeared in that porno to flag it and say, I don't want to be in it.
So again, it's, me, I would need to go trolling through this stuff to find—
Yeah, right.
I can do that. I can do that for you, Maria, actually. I'm happy to watch lots of those videos, and I'll tell you, both of you, if I see you in there.
I'm so sorry.
I'm so sorry.
I'm so sorry. He doesn't know what he's doing.
He doesn't know what he's doing.
It's okay. I'm just— okay. He's blushing. I'm just— I'm dying.
Fro, what have you got for us?
Do you hear that sound, guys? Do you hear that?
That sound is the sound of UK advertisers utterly thrilled with a recent precedent that was set by the UK Advertising Standards Authority, or known as the ASA.
Oh yeah, do you want to know why? It all starts with virtual assistants. So roughly 1 in 10 households apparently have an Amazon device in the UK and US.
That sound is the sound of UK advertisers utterly thrilled with a recent precedent that was set by the UK Advertising Standards Authority, or known as the ASA.
Oh yeah, do you want to know why? It all starts with virtual assistants. So roughly 1 in 10 households apparently have an Amazon device in the UK and US.
Wait, an Amazon device being an actual speaker thingy?
Yeah, sorry, yeah, an Amazon virtual assistant. So an Echo, a Dot, Alexa.
Yeah, you call that whole group But wait, is this— is the number seriously 1 in 10?
I'm—
Yes, that's what—
Okay, I know this is apparently 1 in 10, and 1 in 20 have a Google Home. I think this sounds huge.
I cannot with that.
And Apple have just put out their new HomePod, right?
So people are in love with these virtual assistants because they can play songs and podcasts and manage their smart home and get updates on the weather.
I'm not sure why that's important, but people seem to love to know about.
So people are in love with these virtual assistants because they can play songs and podcasts and manage their smart home and get updates on the weather.
I'm not sure why that's important, but people seem to love to know about.
Do either of you have one of these? No.
And I have my own podcast. You know, I would be playing it constantly if I did, but just to get the numbers up.
Like the blockchain episode that apparently exists that I forgot about. So yeah, just play it over and over.
And people also love, and I think this is particular to Amazon's assistants, is the shopping element, right? Where you can make a list and you can confirm orders, etc., etc.
But things may be about to be getting very annoying for virtual assistant users. Let me set the scene here.
So you remember from last January, there was this famous Amazon Dollhouse order fiasco. We talked about it on the show.
This is where a kid managed to order a dollhouse and cookies from Amazon Alexa because the parental controls were not activated.
And then ironically, it was that the TV news anchors compounded the problem with the report because the anchor said as part of the story, "I love when little girls is saying, Alexa, order me.
But things may be about to be getting very annoying for virtual assistant users. Let me set the scene here.
So you remember from last January, there was this famous Amazon Dollhouse order fiasco. We talked about it on the show.
This is where a kid managed to order a dollhouse and cookies from Amazon Alexa because the parental controls were not activated.
And then ironically, it was that the TV news anchors compounded the problem with the report because the anchor said as part of the story, "I love when little girls is saying, Alexa, order me.
You can't say something like that on a podcast.
Exactly. Exactly.
Oh my goodness.
Let's fast forward to today.
All right.
Let's start with last month where White House Press Secretary Sarah Sanders took to Twitter to call out Amazon after her young son inadvertently ordered an $80 toy using the company's Echo device.
And she tweeted, Alexa, we have a problem. If my 2-year-old can order a Batman toy by yelling Batman over and over again into the Echo.
And she tweeted, Alexa, we have a problem. If my 2-year-old can order a Batman toy by yelling Batman over and over again into the Echo.
In fairness, at least he didn't order a copy of Fire and Fury.
Oh, political. But things are about to get a lot worse, I think, at least in the UK. Pet food suppliers Purina launched an Alexa-focused ad campaign in the UK recently.
Tell me if you can catch how this ad might be opening a can of worms rather than a can tuna flakes and gravy.
Tell me if you can catch how this ad might be opening a can of worms rather than a can tuna flakes and gravy.
Alexa, reorder Purina Beyond cat food. Order confirmed. Okay, that's pretty blatant.
Highly sophisticated campaign there.
That's so subtle.
Cute cats though.
It's clever, right? Clever.
So not surprisingly, a viewer lodged a complaint with the advertising regulator saying that the ad made the virtual assistant device place an order for said cat food.
So not surprisingly, a viewer lodged a complaint with the advertising regulator saying that the ad made the virtual assistant device place an order for said cat food.
Yeah, quite right too.
And according to the BBC, the viewer complained that the ad was socially irresponsible.
Now, upon receiving this complaint, the UK ad regulator ASA— actually, let's make this fun, let's make this fun. I'm going to give you a choice.
Did A, ASA, known by ad types the world over to be super strict, uphold the viewer's complaint and slap Purina smartly on the wrist for their unethical attempt at getting on a virtual shopping list?
Now, upon receiving this complaint, the UK ad regulator ASA— actually, let's make this fun, let's make this fun. I'm going to give you a choice.
Did A, ASA, known by ad types the world over to be super strict, uphold the viewer's complaint and slap Purina smartly on the wrist for their unethical attempt at getting on a virtual shopping list?
Okay.
Yeah.
Or B, Did the ASA say, "We concluded that the ad was not socially irresponsible and did not breach the code"?
Yeah. Do we need some quiz music? Ding, ding, ding, ding, ding, ding, ding.
I'm going to say that they were super strict and told Purina, "Don't be such wallies, please." They did not.
I'm going to say that they were super strict and told Purina, "Don't be such wallies, please." They did not.
Now, I will get to the socially irresponsible bit in a minute.
Hey, thanks for asking me my opinion.
Oh, sorry, Maria. Maria, tell me A or B.
I actually was gonna say I have hope for my UK counterparts that you have better taste than we in the US do and say in the US this would have been totally fine, but in the UK y'all are better about it.
So you'd say nope, this is not okay.
So you'd say nope, this is not okay.
Yeah, I have a lot of friends who work in advertising and they say trying to get ads into the UK TV channels is so difficult.
There are so many regulations compared to the US. I mean, it's a free-for-all over here, so I know ads like this are completely fine in the States. I see them all the time.
Yeah, so maybe it's not a big deal for our US listeners, but for us it's outrageous.
Anyway, I decided to have a look at the UK Code of Broadcast Advertising, and it does indeed seem that there is nothing that jumped out at me that would control this emerging type of ad loophole, where basically devices are communicating to each other, bypassing the person who actually owns both devices.
So the code largely consists of content controls, like rules for adult content or gambling or controlled substances like tobacco and alcohol or rules for children's ads.
Ironically, YouTube, pay attention. They even have a section on e-cigarettes, so it's not like it hasn't been updated in the last 5 years, right?
But nothing jumped out to me as applicable to the situation.
The UK ad regulator said, we understood that it would not be possible for a purchase to be made without the account owner's knowledge, even in instances where technology intended to stop ads interacting with devices had not been effective.
So this is what I understand from that. What I hear is the UK regulator acknowledges that these ads will in fact place the order into the said shopping cart of a virtual assistant.
But hey, customer, it's your job to review your order list and take all the crap that you never wanted out of the list before actually placing your order.
So I think these commercials are basically going to fill your order list if you've got it connected to your Amazon shopping list, for instance, if you have an Alexa device, and then before you put your order in, you're just gonna say, I need to review my shopping list.
Oh, I didn't want to buy adult diapers. I didn't need any Purina cat food, and I don't want a new pair of sunglasses.
Anyway, I decided to have a look at the UK Code of Broadcast Advertising, and it does indeed seem that there is nothing that jumped out at me that would control this emerging type of ad loophole, where basically devices are communicating to each other, bypassing the person who actually owns both devices.
So the code largely consists of content controls, like rules for adult content or gambling or controlled substances like tobacco and alcohol or rules for children's ads.
Ironically, YouTube, pay attention. They even have a section on e-cigarettes, so it's not like it hasn't been updated in the last 5 years, right?
But nothing jumped out to me as applicable to the situation.
The UK ad regulator said, we understood that it would not be possible for a purchase to be made without the account owner's knowledge, even in instances where technology intended to stop ads interacting with devices had not been effective.
So this is what I understand from that. What I hear is the UK regulator acknowledges that these ads will in fact place the order into the said shopping cart of a virtual assistant.
But hey, customer, it's your job to review your order list and take all the crap that you never wanted out of the list before actually placing your order.
So I think these commercials are basically going to fill your order list if you've got it connected to your Amazon shopping list, for instance, if you have an Alexa device, and then before you put your order in, you're just gonna say, I need to review my shopping list.
Oh, I didn't want to buy adult diapers. I didn't need any Purina cat food, and I don't want a new pair of sunglasses.
Adult diapers, cat food, and sunglasses. That's a really weird party.
So you're expecting a wave of adult diaper TV ads now?
Well, I'm expecting— my thinking is that ad guys around the UK today are going huzzah and rejoice.
It's a pretty rubbish ad, isn't it?
Anyone— Actually, any humans who are watching the television are just going to get tired of everyone pulling off the same prank, frankly, aren't they?
Anyone— Actually, any humans who are watching the television are just going to get tired of everyone pulling off the same prank, frankly, aren't they?
Yeah, it's a gimmick. Yes. And it's been— it's been like South Park had a whole episode where they did that.
They just kept activating different Amazon and Google devices over and over. It's actually pretty funny. And they have them feeding each other. And that was a year ago.
So that gimmick is old, I think.
They just kept activating different Amazon and Google devices over and over. It's actually pretty funny. And they have them feeding each other. And that was a year ago.
So that gimmick is old, I think.
Yeah.
Well, maybe not here. I expect that we're going to see every ad on telly in the next few months barking shopping orders at our devices.
And I bet UK listeners out here are going to be super stoked with this, right? How fun to have to go through every item on your shopping list before you press buy.
So I would politely request the ASA review the rules and ask ourselves, do we really want to allow advertisers to put orders directly into a virtual trolley willy-nilly?
Is that what we want? Geoff, take a look, look into it.
And I bet UK listeners out here are going to be super stoked with this, right? How fun to have to go through every item on your shopping list before you press buy.
So I would politely request the ASA review the rules and ask ourselves, do we really want to allow advertisers to put orders directly into a virtual trolley willy-nilly?
Is that what we want? Geoff, take a look, look into it.
And presumably it wouldn't just be necessarily orders which they're making.
They could also send a command saying, you know, dim the lights or something, put on the sexy music or something else.
They could also send a command saying, you know, dim the lights or something, put on the sexy music or something else.
Yeah, it's Valentine's Day.
Yes, play Smashing Security.
Hey, hey, Amazon Echo, play Smashing Security. All right, fair enough.
This episode of Smashing Security is sponsored in part by Rapid7, trusted by over 6,700 organizations globally.
Rapid7's security solutions harness the critical information essential to protect an organization's best interests.
Rapid7's Insight IDR has been named Visionary in Gartner's latest SIEM Magic Quadrant.
Insight IDR unifies SIEM, UBA, and EDR and is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster.
You can download a 30-day trial by visiting rapid7.com/insightidr. Rapid7.com/insightidr. That's rapid7.com/insightidr.
Rapid7's security solutions harness the critical information essential to protect an organization's best interests.
Rapid7's Insight IDR has been named Visionary in Gartner's latest SIEM Magic Quadrant.
Insight IDR unifies SIEM, UBA, and EDR and is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster.
You can download a 30-day trial by visiting rapid7.com/insightidr. Rapid7.com/insightidr. That's rapid7.com/insightidr.
And thanks also to LastPass for sponsoring this episode of Smashing Security. Failing to protect your business's passwords could be a costly mistake.
From easy onboarding to automated security reports, LastPass makes it easy for businesses to fix weak passwords without slowing down their employees.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses. And welcome back.
And you join us at our favorite part of the show, which we like to call Pick of the Week. Pick of the Week.
From easy onboarding to automated security reports, LastPass makes it easy for businesses to fix weak passwords without slowing down their employees.
Go to smashingsecurity.com/lastpass to see why LastPass is the trusted enterprise password manager of over 33,000 businesses. And welcome back.
And you join us at our favorite part of the show, which we like to call Pick of the Week. Pick of the Week.
Pick of the Week.
Squeak. Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like.
You like.
It doesn't have to be security-related necessarily.
Yeah.
My pick of the week this week, I'm going to recommend to you an app which you can install on your iPad, or I think maybe there's a PC version of it as well.
It's called Dinosaur Chess, and if you have a young person in your household who you'd like to teach to learn chess, maybe you can get them interested in it via the power of dinosaurs.
It's called Dinosaur Chess, and if you have a young person in your household who you'd like to teach to learn chess, maybe you can get them interested in it via the power of dinosaurs.
That's cute.
Cute, I automatically love it.
It is written by a Scottish chap. The dinosaurs all have crazy Scottish accents. Okay, right, let's teach you how to use the—
That's crazy, all right.
Another bad accent.
Let's teach you how to use the knight.
And the more you succeed in the various chess trials and puzzles it gives you, the bigger and more powerful your dinosaur becomes in order to have the dinosaur fight against the T-Rex at the end.
And the more you succeed in the various chess trials and puzzles it gives you, the bigger and more powerful your dinosaur becomes in order to have the dinosaur fight against the T-Rex at the end.
Okay, kids nothing. I will play this. That sounds great. That sounds really fun.
Oh, it's good fun. And it actually plays a reasonable game of chess. So it's good fun. And they've just livened it up with lots of Scottish accents and things like that.
And dinosaurs in kilts. I say we need more of those on the internet rather than YouTube videos of Donald Duck. And that is why it is my pick of the week.
And dinosaurs in kilts. I say we need more of those on the internet rather than YouTube videos of Donald Duck. And that is why it is my pick of the week.
Excellent pick of the week, Mr. Cluley.
I like it.
Yeah. Give that one to him.
Thank you.
Thank you. Maria, what's your— pardon?
I hear Carole has already clicked on the link for my pick of the week.
All right, well, I am nothing if not keen on serving up complete nightmare fuel for all your Smashing Security listeners.
So without further ado, please have a little listen to the Furby organ. I promise it's not really—
All right, well, I am nothing if not keen on serving up complete nightmare fuel for all your Smashing Security listeners.
So without further ado, please have a little listen to the Furby organ. I promise it's not really—
Furby what?
Organ in this case refers to a musical organ.
And is he a Furby that I'm looking at right now? Because he's got hair like a Furby.
He's got 44 Furbies attached to a musical organ, and they all work together to play music. It is completely horrifying and amazing and creative, but mostly—
No, Maria, where did you get this?
Where did he get 44 Furbies from?
I am not an internet superhero, but I do have my sources of really weird shit on the internet. I'm really good at finding the weird shit. Yeah, I told you I'm on Reddit a lot, right?
So as he plays with his organ, his 44 furry friends chirp up.
That's actually why I—
Is that right?
Mm-hmm. Yep. If you skip to, let's see, it's a long video, but skip to about 3 minutes in and you can see the whole thing at work.
Okay, here we go.
It's about 3 minutes in.
Oh, here it goes.
I love his notes. I love the notes, how clear they are.
And they're wiggling their ears. I kind of like Furbies. How do we feel about Furbies?
Are you kidding? You like Furbies?
They're not like Cabbage Patch dolls, which are just—
This is quite cool, but I don't think it's as cool as the Wintergarten.
No.
The marble machine.
The Wintergarten is brilliant.
You seen that?
What?
The Wintergarten marble machine. Maria, you should check that out. I would contend that that is— oh, I've seen this.
Yeah, yeah, yeah, yeah, yeah. It is.
I'm sending it to you right now. Here we are. I'm putting it— I'm going to put it in the show notes as well. And frankly, it's a heck lot better than Fabioch.
But not as funny.
Yeah, I was going to say, I do not doubt that musically there are way better things out there, but they're not made with Furbies.
Yeah, you win. You win. You win the Furby war.
It's not a war. I didn't even know I was in it, but okay, great.
Thank you, Maria, for your pick of the week.
You're so welcome.
Top that if you can.
I think I can. I think I can.
So listeners may not know that we as podcast hosts have actually no idea who's listening to us, and that is why so many podcasts go out and ask users to fill in surveys and forms just to get an idea of who's listening and what they think of the show.
But I'm gonna guess that Smashing Security listeners are mostly around 30, 30+, and I think I owe you guys a heads up on an internet sensation that's rocking our kids' worlds right now.
And kids under 30, you'll know about this, you can tune out now because this is so last year. Graham, Maria, take a look at this.
So listeners may not know that we as podcast hosts have actually no idea who's listening to us, and that is why so many podcasts go out and ask users to fill in surveys and forms just to get an idea of who's listening and what they think of the show.
But I'm gonna guess that Smashing Security listeners are mostly around 30, 30+, and I think I owe you guys a heads up on an internet sensation that's rocking our kids' worlds right now.
And kids under 30, you'll know about this, you can tune out now because this is so last year. Graham, Maria, take a look at this.
I've been waiting so long for this moment, but we're finally interviewing this plant.
Hello, puppy.
Poppy, thank you so much for having me. How are you today, plant?
You look so beautiful.
Okay, this is the YouTube sensation Poppy, and in this clip, she's sitting against a white background interviewing a basil plant, and that's all.
She has 235 million views combined, increasing by 250,000 a day. Poppy is the creation of a musician called Moriah Poppy, dated with the director Titanic Sinclair.
She has 235 million views combined, increasing by 250,000 a day. Poppy is the creation of a musician called Moriah Poppy, dated with the director Titanic Sinclair.
Both these names are obviously— I had to delete, stop the video because I'm too alarmed. I can't watch anymore, it's just too weird.
Really?
This is some twee, twee shit.
It is weird. So last year she launched an album, this Poppy girl, and there's one called Here's My Microphone, which is just edgy enough for me to listen to.
The rest is a bit saccharine for my PJ Harvey-loving ways, right? But she's also just launched her subscription YouTube channel.
And the reason you need to pay attention, and I think it's The Guardian says it best, she is the sort of celebrity who could not have existed even half a decade ago, born of and beloved by the internet and essentially unknown outside of it.
And her YouTube channel is crazy. It's crazy fun to dip into.
So I suggest go take a look, if only just to be able to talk to your kids about it and watch their eyes grow like sausages.
The rest is a bit saccharine for my PJ Harvey-loving ways, right? But she's also just launched her subscription YouTube channel.
And the reason you need to pay attention, and I think it's The Guardian says it best, she is the sort of celebrity who could not have existed even half a decade ago, born of and beloved by the internet and essentially unknown outside of it.
And her YouTube channel is crazy. It's crazy fun to dip into.
So I suggest go take a look, if only just to be able to talk to your kids about it and watch their eyes grow like sausages.
So does she always talk in this weird, twee kitty voice?
She has this one where she's like, "People often ask me if I'm in a cult. I am not in a cult." And then does loads of cult stuff. And that's the video is like 40 seconds.
Odd, crazy, but interesting.
Odd, crazy, but interesting.
Can you get this on YouTube for kids?
I have no idea. I have no idea.
Because if you can, I just want that banned right now. Because this, this, I forget all that, forget all the clowns and things and sharp knives.
Oh yeah, you don't mind the beheadings.
Oh yeah, you don't mind the beheadings.
This is what you're going to take a stand against?
Oh, are there really any beheadings on YouTube for kids?
Yeah.
Oh, there are? Oh, okay.
Yeah. Yeah, there are. Yeah.
That's— I don't know if you've read any articles recently, Graham, but yeah, that's the problem.
Or listen to any podcasts, which I won't.
I can send you a little link to— Okay, this show has got weird enough.
That's what I'm here for.
No, don't thank you. I mean, thank you for coming next time you're on the show, Maria.
Thank you for bringing a proper pick of the week rather than anything which is going to spook us out. And on that bombshell, we've just about wrapped it up. Crikey.
If you want to follow us on Twitter, we're at Smashing Security without a G. Twitter wouldn't let us have a G. We're on Facebook. Just look for the Smashing Security Podcast Group.
And we've also got a store at smashingsecurity.com/store. And thank you for tuning in. If you like the show, rate it on Apple Podcasts.
Thank you for bringing a proper pick of the week rather than anything which is going to spook us out. And on that bombshell, we've just about wrapped it up. Crikey.
If you want to follow us on Twitter, we're at Smashing Security without a G. Twitter wouldn't let us have a G. We're on Facebook. Just look for the Smashing Security Podcast Group.
And we've also got a store at smashingsecurity.com/store. And thank you for tuning in. If you like the show, rate it on Apple Podcasts.
And thank you to everyone who already has. I've been wanting to say that forever.
Yes.
Thank you for your reviews.
And yeah, leaving a review really helps new people discover the show and you can check out past episodes at smashingsecurity.com as well.
Until next time, thank you so much, Maria, for joining us. Joining us yet again.
Until next time, thank you so much, Maria, for joining us. Joining us yet again.
My pleasure. Thanks for having me on.
And no problem, Graham.
From Carole and me to Lou. Bye-bye.
Hey, at least you didn't forget to ask me a question when you were doing a poll in the middle of the segment. I was like, okay, well, fine.
Sorry. Do you know what I need to do? Actually, this is really— from now on, I'm going to always ask guests first, then Graham, because I think I normally do that.
Yes, maybe it was on purpose. You're like, I don't actually care what Maria thinks.
Oh, I always care what Maria thinks. I care what Maria thinks a bit more than someone else on the ship.
Here’s an idea, stop giving children unsupervised internet access, and take responsibility for their upbringing.
Gosh Mark it must be wonderful to be perfect! These days with smart tv's, multiple devices and children often more tech savvy than their parents it's nigh on impossible to monitor them every second of every day. Even five minutes watching ceebeebies while you make the tea can carry risk. As the article clearly states this circumvented parental controls. But hey, let's blame the parents and take any onus away from big corps doing something about it…
There's nothing wrong with kids NOT watching TV or media unsupervised. The world has changed because parents gave up and took the easy route of believing their children had the capability to discern good from bad. Remember Friday night TV nights? No? Maybe they should come back – like gathering the family around the proverbial LED fire for a fun tale.
Be intentional about being a parent, not some higher-earning buddy provider or best friend.
Wasn't their a report about Tom & Jerry cartoons on TV being to violent for children? In the 1970's?