[Cryptography] Great IoS quote from LCA 2017

[Ray Dillinger]

On 01/30/2017 05:19 PM, Henry Baker wrote:

> One CES2017 booth had a Bluetooth-controlled vibrator.  By itself, this is unremarkable -- such devices have been on the market for several years.  However, this particular company took things to a whole new level: a Strava-type *social network* on which one can not only upload their own activities for leaderboards, *but also download midi-like sequences from other Bluetooth vibrator users*.  Apparently, music hasn't the only charms to soothe the savage beast!

Okay, I recognize that device, and there is actually a good reason why
it's a cloud device.  In fact, if it's the one I'm thinking of, I'm one
of the people who recommended networking it.  And contrary to your
earlier point, the data it collects is in fact used for the primary
purpose of making the device better for the USERS, not just for the
sellers or the advertisers.

Neural networks (and other machine learning stuff) are one of the things
I do when I'm not doing security or software QA.  I didn't know she had
gone public with that device, but I spoke with her about neural-net
technical issues during its development.

It's applying neural networks to control the devices, with feedback from
embedded conductance, pressure, and temperature sensors, using "presets"
from training different utility functions - maximizing orgasms per hour,
maximizing total time spent having orgasms, and keeping someone within
an estimated ten seconds of having one without quite going there.  Those
three settings, and presumably some others, are things that it's
supposed to learn how to effectively do for individual users, although
the process is very noisy and nonlinear.

Thing about that is, training neural networks needs data.  The more
data, the better.  Training itself via feedback for a single user is
obviously the way to get an effective personalized device for that user;
but it takes an individual user a LONG TIME to generate that much data.

When she spoke to me she was complaining about a learning curve where
the device took *weeks* of semi-regular use to learn to optimize its
interactions with a particular person, and apparently the people who had
volunteered to try out the completely untrained devices (to establish
their basic as-sold presets) went through several months of depressingly
mediocre or distractingly random performance before things started to
get better. "The first three months they were swearing at them - but
then six months after that they were swearing by them,"  is how she put
it.

Obviously a personalized device that takes 9 months to learn the basic
per-user customization isn't terribly marketable, but starting with
basic initial training from the volunteers' data it was already down to
just a few weeks by the time I spoke with her.

The obvious thing to do was to make it a "cloud" device, in order to
have more data available to train with.  This is directly contributing
to its effectiveness and usefulness, the same way Google has to log all
those road hours recording all that data to train with, before their
self-driving cars are ready for prime time.  Use of "big data" should
enable much more effective out-of-the-box settings and much more rapid
self-customization for individual users, at least to the extent that
their reflexes and responses are similar to those of other users in the
training data set.

Ethically that data ought to be statistical-only; anonymized data would
be just as effective for neural-net training purposes.  Practically
speaking there are trust issues, because the users of IoT devices never
know what data is gathered.

The social-network, leaderboards, and program-sharing are a twist I
hadn't yet heard about yet though. From a technical standpoint they're
an absolutely great idea for gathering the needed amount of data,
establishing baselines and comparisons.  From a privacy standpoint ...
???   !!!     I guess the users are doing this voluntarily....

Program-sharing will allow the device to "see" exactly what works for
its individual user, in terms of a performance that doesn't need
training to deliver, without taking a chance on annoying the user by
doing something suboptimal. At least if something is suboptimal then
some other user can be blamed for it instead of people deciding before
it has had time to learn customized responses that the device is no
good. Even better, it allows recording the responses of MANY users to
the same programs, permitting baseline comparisons that will accurately
help predict and classify features of the user's profile.

				Bear


-----
"Security is an illusion.  It's what keeps you from curling up into a
little ball and screaming until the universe inevitably betrays and eats
you." -- Hunter Cressall


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170131/43bc9b50/attachment.sig>