The Kirchner Report
Posts
Trusting Online Content, and Trusting Remote Vehicle Access

Trusting Online Content, and Trusting Remote Vehicle Access

SDV stands for Software Defined Vulnerability.

Chad Kirchner
October 01, 2024

Website Expertise vs. YouTube Expertise
Cybersecurity Needs to be Paramount
From Around the Internet
More Goodies

Website Expertise vs. YouTube Expertise

Believe Harrison Ford GIF by Indiana Jones

Gif by IndianaJones on Giphy

I’ve talked about YouTube before on these very pages, and how YouTube encourages creators to make good content as a means of growing. “If you build it,” they say, “they will come.” Why? Because YouTube makes money by people staying on platform. If you watch a few videos in a row, you’ll view even more advertising from YouTube’s ad network.

So it makes sense to keep you around. If you make content that signals to YouTube that people will stick around, it’ll get promoted more to users. In fact, there are channels out there with less than 1,000 subscribers that gets tens of thousands of views (or more) per video published.

In a lot of ways, that’s how this is supposed to work. For a network as big as YouTube, there needs to be a way for a user to discover new content. An algorithm has to be in place, and YouTube engineers work hard to try to make something that promotes quality content to keep people on platform.

Alphabet – the parent company of YouTube – gets it right in this regard, for the most part.

But when it comes to Alphabet’s other great property – Google – things are a little different.

Google wants you to stay on its platform. That much is obvious. That’s why it’s using A.I. to generate search result answers so you don’t have to click. It’s why there have always been content boxes that try to deliver you the results you’re looking for without clicking. Google is motivated to show you the results you want, for sure, but the real motivation is to provide you answers, while showing you its ads, instead of clicking off to a website.

Of course, that doesn’t always work. If you find the answer you’re looking for right away, you’re going to click away from Google and go about your day. So the company has to find a way to promote expertise – so it can scrape the content to provide better results – and generate results that’ll keep you coming back to Google.

Because people have been trying to game Google for as long as Google has provided algorithmically-based search results, the company is constantly trying to improve it system. You can’t just key word stuff your way to success in 2024. You can’t just load the footer of a popular website with links to your website. You have to create quality content and get quality inbound links to that content.

Which sounds simple enough, but it’s not. Google puts a ton of value still on domain authority. So if you take a popular website – let’s say Forbes – and then hire some SEOs to game Google to your advantage, you can be successful even outside areas of your assumed expertise.

Lars Lofgren, an expert in marketing and SEO, wrote a post on his personal site recently about how sites like Forbes are growing out something he calls “Parasite SEO.”

To put it succinctly, a business comes in and takes over parts of a very popular website. They then fill that site up with SEO-first, revenue-generating posts, with the sole purpose of ranking top in search results. According to Lofgren, a single number one position on a popular search term can mean hundreds of thousands of dollars of revenue each month on just that post.

We’re all familiar with affiliate marketing, and it’s something lots of websites do. When done properly it can be a tool for a website to make good product recommendations that benefits readers and provide revenue for a website that doesn’t come from annoying advertising.

When you think of a site like Forbes, though, what do you think of? Lofgren postulates that it is not CBD gummies. Yet the site ranks as number one for his search tests.

Because Google puts so much emphasis on domain authority, a company can come in, launch a product under a high-DA site and dominate search results. So far, Google seems unaware or uninterested in working on fixing that.

While sites are seeing massive traffic drops with recent updates, claiming that expertise is what is most important, there’s an obvious concern about these types of practices.

What’s fascinating is that YouTube would absolutely penalize a channel for doing this. If your channel focused on automotive and had a few million subscribers and you dropped a CBD video it’d receive hardly any views relatively-speaking. Rightfully so, the algorithm would be like “whoa, this doesn’t jive.”

So is it wrong to do this? It’s an interesting discussion. You see, if the publication was building out its own team – maybe hiring a consultant to help, but keeping it in-house – there probably wouldn’t be as much of pushback. But in this case it’s a company duplicating an already-existing site to run basically without oversight pumping out content for the sole purpose of ranking? I could see how that would rub people the wrong way. People might trust the advice because they trust the brand name of the site, but is the advice actually trustworthy?

Determining trust is always difficult on the internet. This just muddies that even more.

Gif by Swear_Trek on Giphy

BASHIR: Have you ever heard the story about the boy who cried wolf?

GARAK: No.

BASHIR: It's a children's story about a young shepherd boy who gets lonely while tending his flock. So he cries out to the villagers that a wolf is attacking the sheep. The people come running, but of course there's no wolf. He claims that it's run away, and the villagers praise him for his vigilance.

GARAK: Clever lad. A charming story.

BASHIR: I'm not finished. The next day the boy does it again, and the next day, too, and on the fourth day a wolf really comes. The boy cries out at the top of his lungs, but the villagers ignore him and the boy and his flock are gobbled up.

GARAK: Well that's a little graphic for children, wouldn't you say?

BASHIR: But the point is, if you lie all the time, nobody's going to believe you even when you're telling the truth.

GARAK: Are you sure that's the point, Doctor?

BASHIR: Of course. What else could it be?

GARAK: That you should never tell the same lie twice.

“Improbable Cause” – Star Trek: Deep Space Nine [03×20]

Cybersecurity Needs to be Paramount

Andrey Sayfutdinov / Shutterstock.com

Wired reported last week that a group of ethical hackers were able to gain access and control potentially millions of different Kia vehicles thanks to a simple exploit on Kia’s remote services website.

To make a long story short, the hackers could send commands to the API and assign cars to an account they created. At no point did the API check to make sure the people sending commands to it were dealerships or Kia employees. After using another service to quickly get the VIN numbers via a license plate, the hackers could control everything from locating the vehicle, to unlocking the doors, to starting the car, to viewing the 360-degree camera.

They couldn’t steal the cars, because ignition interlocks would ultimately prevent it, but if you angered someone out on the road, they could take your license plate, come to your house, and break into your car without you ever knowing.

That’s not good.

On another level, it’s also not good that a dealership employee could do this on cars that are already sold. While it makes sense to have a certain amount of access to cars that are owned by the dealership, or vehicles in for repair, it’s not beyond the realm of possibility for a dealership employee to stalk a customer based on the GPS location provided by the connected services app.

Kia has reportedly fixed this particular bug, but it raises a point that isn’t raised enough. Vehicles aren’t just software. A minimally viable product (MVP) that you ship and fix bugs and add features later might work for Microsoft Teams or Adobe Photoshop, but for a car where peoples’ lives and safety are directly involved, automakers need to do better.

With so much focus on convenience and making services available to increase an automaker’s monthly recurring revenue (MRR), nobody is seemingly stopping to think, “is this safe?” Someone needs to.

If you’re an automaker who plans on offering all of these services, or you plan on going full software defined vehicle in the future, you need to have teams of engineers on hand trying to hack all of this. You need to hire firms to try to break your stuff. You need people exploring the “what ifs?” Because the minute someone is assaulted and murdered because a stalker used a connected service to hunt their victim, the automaker is going to be in some deep 💩.

From Around the Internet

Theives Don’t Like EVs – Interested in a new car that people aren’t going to steal? Consider an EV, apparently.
How Many Continents Are There? – Is it 7? Is it 6? It’s complicated.
Destination Charged – I’m stealthily launching a new project, called Destination Charged, as another outlet where I can shovel my wares. This is in addition to, and not replacing, anything else. More to come!

More Goodies

💻 If you enjoyed reading this – and I hope you did – would you consider passing it along to a friend? The more subscribers I have, the more in-depth reporting and analysis I can bring you.

☕️ If you found this useful, consider buying me a coffee! I’m an independent journalist and every dollar received directly funds this project.

🗞️ Have a news tip you want to send? Learn more about sending news tips and secure communications with me by clicking right here.

📧 If you have a news release you want to send, have general feedback, or want to tell me how you really feel about me, you can email directly at [email protected].

🐝 Thinking about doing your own newsletter? I’m using Beehiiv after doing a ton of research, investigating available growth tools, and checking out the philosophies on content. If you’d like to try it out, you can for 30 days and get a discount by clicking here.

Reply

or to participate.