Insights For Success

Strategy, Innovation, Leadership and Security

DarkPage wants to resurrect Backpages

GeneralEdward KiledjianComment

US law enforcement shutdown online classified ads site in April (2018) because they had evidence it was facilitating human trafficking and exploitation. Supporters applauded the authorities for shutting down a marketplace specifically encouraging sex sale, while free speech advocates highlight this as a limitation of free speech (and press) by government.


There is now an attempt to resurrect this service online (by new owners) using the secrecy of the TOR darknet anonymous network (http://s7guxry2lvu3bblf.onion/)

On the internet, many espouse the belief that if something can be done, then it should be done without any regard to the socioeconomic impact.

The site is very basic, with a clumsy interface. Clearly this was a hastily designed and deployed site.

This site is in startup mode, and you will notice that most categories are still empty, but it will be interesting to watch and see what happens. Could the push for open sexual advertising drive users to a TOR site (which typically is only used by more tech-savvy professionals)?

Review of Quip's toothbrush as a service

GeneralEdward KiledjianComment

This blog article is not advertising and is not a sponsored post.

Quip is a new entrant in the competitive and packed electric toothbrush space. Unlike many of the larger bulkier electric toothbrushes, Quip is a sleek, shiny and well designed modern looking toothbrush.

Like all modern electronic works of art, it comes in different colours, finishes and materials.

It also has the seal of approval from the American Dental Association Seal of Acceptance. The ADA website explains it as "To this day, dentists and consumers recognize it as the gold standard for evaluating safety and efficacy of dental products."

So what how is the Quip compare? Quip is a simpler toothbrush that delivers the basics: it has a vibrating alert timer (to measure brushing each quadrant) and has gently cleaning vibrations that won't harm your gums.

What does it come with? The basic kit comes with a pre-installed battery, brush head and a slim toothbrush holder (attaches to your mirror with micro suction cups but also doubles as a travel cover). I have had it attached to my bathroom mirror for 30 days, and it hasn't fallen off once. I have traveled with it once, rinsed it with warm water when I got back, and it stuck right back on the mirror.

How do you charge the battery? I have used OralB and Philips electric toothbrushes, and they each come with their charging bases (which are usually bulky and consume valuable counter space). The Quip uses a single AAA battery that can be changed within seconds. Since Quip is a Toothbrush As A Service, when you subscribe to their toothbrush head replacement plan, they also send you a replacement battery every three months. If you travel and run out of power, replace it with a cheap AAA, you can buy anywhere, and you don't have to carry a bulky charger.

How does it compare to a "normal" (non-powered) toothbrush? The Quip is definitely better than a normal plastic toothbrush because it offers gentle vibrations and helps with timing. Additionally, they send replacement heads automatically which means you never have to worry about timing replacements.

How does the Quip compare to other electric toothbrushes? It depends. The truth is that the newer electric toothbrushes that vibrate and rotate seem to deliver an easier and better clean. However, the Quip is less than half the cost, easier to travel with and effective when used as directed (in conjunction with flossing and regular dentist visits).

General recommendations included with the introductory guide are:

  • Use a pea-sized amount of toothpaste

  • Brush gently (don’t push too hard or you will injure your gums)

  • Make sure you brush every tooth from all directions

  • Brush for two minutes (30 seconds per quadrant)

  • Brush your tongue (the back of the brush head has a scraper)

  • Don’t rinse your mouth right after brushing

What are the cons?

  • The Quip is better than a plain non-powered toothbrush, but its performance is significantly worse than the modern sonic toothbrushes.

  • The Quip's bristles are better than a non-powered toothbrush, but they aren't as good as the ones on powered brushes that seem to have better reach into hard to reach crevices.

Conclusion: I like the Quip, but it isn't the most effective electric toothbrush. Not a bad offering but you need to determine what your actual needs are. I hope Quip releases another generation of their product with rotating bristles that uses real sonic pulses.

Continuous authentication is the future

GeneralEdward KiledjianComment

User authentication is one of the most important and fundamental building blocks of security. Authentication is built on username, password, token, biometrics or any combination of these. Regardless of the model, authentication is performed when the user starts his/her interaction with the target system.

What do you do if you require a higher level of authentication? What if you need to make sure the user interacting with your system is always whom they say they are. This is where the concept of continuous authentication comes in. We started to see this concept implemented for the mass-market with the Apple Watch and Apple Pay. You authenticate Apple Pay once and as long as the watch stays on your wrist (validated with a pulse), you do not need to re-authenticate. Apple pay can be sure that the person wanting to make a payment is the user that authenticated originally.

Continuous Authentication is a paradigm shift moving authentication from an event to a continuous risk management process.

Dynamic risk-based authentication means the system is continuously monitoring changes to environmental parameters and can decide the trustworthiness of users continually.

The shift to continuous authentication is inevitable. Not only will it make authentication more natural for the user but it will allow security administrators to implement much tighter security models.

As an example, if the user walks away from the computer, the system could notice and freeze the interactive session. Another example is a user working on a PC is tricked and launches malware. The system could be intelligent enough to know that a rogue process is attempting to masquerade as the user and block access.

Continuous authentication is to use the full array of modern technologies and others that have yet to be released. Parameters such as keyboard typing speed and style, how the user swipes on a touchscreen device, how the user moves the mouse, the camera input (from modern day cameras), gait analysis using the accelerometer in a smartphone or smartwatch, etc.

Although continuous authentication will be easy for users, expect it to be very complicated for developers. Expect this to be a burgeoning market in the coming years, something most security professionals have to start thinking about. We expect to start seeing serious mass market products around 2020-2021.

Dramatic drop in the number of US Public Companies

GeneralEdward KiledjianComment

Going public was considered the ultimate sign of success for any company in a capitalist market. It meant the company had succeeded and the founders and original investors could reap some of the benefits. Public stock also allows companies to raise money, use stocks as a means to acquire and much more.

Would it surprise you to learn that the number of publicly listed American (USA) companies has declined dramatically?

We are currently sitting at about half the number of public companies, compared to the 80s and 90s. More are taken off the market through mergers and acquisitions. In 1996, 9080 companies were listed in the USA. In 2017, that number fell to 4336 (an almost 50% drop).

We are seeing more and more companies stay private longer. Why is this? Many, like the US Chamber of Commerce, believe overly burdensome regulations like Sarbanes Oxley are encouraging companies to stay private. Going public means spending millions on compliance and executives running the risk of jail time.

The numbers show that the decline started around 1997-1998, Sarbanes Oxley was enacted iJuly 30 2002. So SOX could be partly to blame for an acceleration in the rate of decline but it cannot be the sole culprit. The other half of the decline could be attributed to the end of an era of irrational exuberance (where hundreds of unprofitable companies couldn’t find continued funding and folded).

While the number of publicly listed companies fell sharply, the value of those that remained listed grew dramatically.

In 1996, the market capitalization of listed US domestic companies totaled 8.48 trillion dollars. In 2017, it hit 32.121 trillion dollars (all the while the number of companies listed dropped ~50%).

Many market purists now complain that this illustrates an unhealthy concentration of market power in the hands of fewer and fewer companies. Perhaps there is some truth to these concerns but on the other hand, many of the winning companies did so through technological innovation and global expansion.

Does this concentration mean newcomers are starving for funding? The answer is a resounding no. Look at the company everyone loves to hate, Uber. According to Crunchbase, Uber has raised 24.2B$ through 21 rounds of funding. The same can be said for dozens of other companies.

Innovative startups are still able to secure critical funding to build, grow and expand.

Aren’t public companies more transparent? The belief is that private companies are more opaque because there are less disclosure requirements and in most cases the company is managed by a small number of investors. Although government regulations like SOX impose a higher burden on public companies to be transparent, the truth is that a select group of large investors hold the majority of the shares for most companies (think hedge funds, pension funds, etc). So if we agree that public and private companies can be controlled by a select group of large investors, then the only difference is forced transparency through government regulation.

In addition to being VP Information Security for a large tech company, I am also responsible for many of the company’s compliance activities. Would I love the compliance burden to lighten? Of course, but the truth is that these compliance requirements instill a certain level of trust in the market. It is this forced transparency that makes the Western Markets so attractive to investors. Additionally we saw that the US attempt to lighten the regulatory burden on early-stage companies, through the 2012 jobs act. The JOBS act was designed to encourage smaller companies to go public. The argument was that these organizations were delaying going public because of overly-burdensome government regulations. The JOBS act dramatically reduced this burden hoping to spur a mad dash to IPO-heaven for companies under 1B$ in annual revenue. 12 months after go live, the number of companies that IPOed were just 63 which was down 20% from the previous year. It didn’t really help companies improve their performance and it didn’t spur a mad dash to the public markets as anticipated.

None of the available data shows that a reduction in government regulation or control would lead to a statistically significant increase in the number of IPOs


The moral of the story is that the USA is still a world leader in free markets and has the most valuable public companies of any country. Part of this success is due to the perceived transparency USA government regulation creates and hurting this in any way could undermine US public market leadership.

US pubic companies are raising more money than ever before, US public companies are larger than ever before. Foreign companies looking for cross-border listings are overwhelmingly choosing US markets.

The US remains the most attractive public equity market in the world.

Although there are fewer IPO companies today (compared to 20 years ago), modern companies are more stable, are raising more money and are considerably more sustainable.

What is a Progressive Web App

GeneralEdward KiledjianComment

Over the last 18 months, I have seen more and more sites prompting me to "Add to Home Screen" from websites I have been browsing. Then you add this site, it installs itself in the background and is now accessible like a native app from your smartphone.


What I have just described is the wondrous workings of a fairly new technology called Progressive Web Apps. This technology (called PWA) works even when you are offline and behaves like a "normal" smartphone app.

What are progressive web apps?

PWAs were created by Alex Russell and Frances Berriman. The technology driving Progressive Web Apps isn’t new. What was required was a new recipe to make Progressive Web Apps behave like native apps. This means that a progressive web app will work (as long as the platform supports it) on an iphone or Androis smartphone, a chromebook or ipad, on Windows or Mac.

True cross platform applications without needed to join an app store with super restrictive controls (I’m looking at you Apple).

Why Progressive Web apps

Like many of you, I live in a world with abundantly fast internet. This simply isn’t the reality everywhere. Even in my own backyard of Ontario (Canada), there are communities where internet is delivered via very slow ADSL,

PWAs, once installed, cache the content locally which means they will respond quickly even for those on slow internet connections.

Statistics show that users still prefer native apps to web pages. There are a tone of reasons for this from convenience (single click from your home screen), ability to get push notifications, etc. The web simply doesn’t offer the same bells and whistles.

PWAs offer most (if not all) native functions. They startup with a single click from the home screen and can hook into most native features. PWAs can even offer notifications (like a native app) and therefore remind the user to open and engage with the app.

What is required to build a progressive web app?

This is not a technical instructional article but you need 4 elements to build a Progressive Web App:

Google Firebase Web App Manifest Generator

Google Firebase Web App Manifest Generator

  1. Web App Manifest - It is a JSON file with meta data about the web app, It contains information such as the icon, background color, app name, etc.

  2. Service Workers - Even driven agents that work in the background. They perform tasks like updating the web app or its content.

  3. Icon - You need an icon to represent the Progressive Web App on the home screen

  4. HTTPS - The app and its content must be securely delivered over a TLS session.

Progressive Web app examples

You will find new PWAs every day but here are a couple of cool ones to get you started: