Archiv für den Monat September 2019

Call it ‚Rich Asshole Syndrome’—the tendency to distance yourself from people with whom you have a large wealth differential.

In 2007, Gary Rivlin wrote a New York Times feature profile of highly successful people in Silicon Valley. One of them, Hal Steger, lived with his wife in a million-dollar house overlooking the Pacific Ocean. Their net worth was about $3.5 million. Assuming a reasonable return of 5 percent, Steger and his wife were positioned to cash out, invest their capital, and glide through the rest of their lives on a passive income of around $175,000 per year after glorious year. Instead, Rivlin wrote, “Most mornings, [Steger] can be found at his desk by 7. He typically works 12 hours a day and logs an extra 10 hours over the weekend.” Steger, 51 at the time, was aware of the irony (sort of): “I know people looking in from the outside will ask why someone like me keeps working so hard,” he told Rivlin. “But a few million doesn’t go as far as it used to.”

Steger was presumably referring to the corrosive effects of inflation on the currency, but he appeared to be unaware of how wealth was affecting his own psyche. “Silicon Valley is thick with those who might be called working-class millionaires,” wrote Rivlin, “nose-to-the-grindstone people like Mr. Steger who, much to their surprise, are still working as hard as ever even as they find themselves among the fortunate few. But many such accomplished and ambitious members of the digital elite still do not think of themselves as particularly fortunate, in part because they are surrounded by people with more wealth—often a lot more.”

book cover of Civilized to Death with an illustration of a monkey using a phone and dressed business casual
Excerpted from Civilized to Death: The Price of Progress, by Christopher Ryan. Buy on Amazon.Photograph: Avid Reader Press/Simon & Schuster

After interviewing a sample of executives for his piece, Rivlin concluded that “those with a few million dollars often see their accumulated wealth as puny, a reflection of their modest status in the new Gilded Age, when hundreds of thousands of people have accumulated much vaster fortunes.” Gary Kremen was another glaring example. With a net worth of around $10 million as the founder of Match.com, Kremen understood the trap he was in: “Everyone around here looks at the people above them,” he said. “You’re nobody here at $10 million.” If you’re nobody with $10 million, what’s it cost to be somebody?

Now, you may be thinking, “Fuck those guys and the private jets they rode in on.” Fair enough. But here’s the thing: Those guys are already fucked. Really. They worked like hell to get where they are—and they’ve got access to more wealth than 99.999 percent of the human beings who have ever lived—but they’re still not where they think they need to be. Without a fundamental change in the way they approach their lives, they’ll never reach their ever-receding goals. And if the futility of their situation ever dawns on them like a dark sunrise, they’re unlikely to receive a lot of sympathy from their friends and family.

What if most rich assholes are made, not born? What if the cold-heartedness so often associated with the upper crust—let’s call it Rich Asshole Syndrome—isn’t the result of having been raised by a parade of resentful nannies, too many sailing lessons, or repeated caviar overdoses, but the compounded disappointment of being lucky but still feeling unfulfilled? We’re told that those with the most toys are winning, that money represents points on the scoreboard of life. But what if that tired story is just another facet of a scam in which we’re all getting ripped off?

The Spanish word aislar means both “to insulate” and “to isolate,” which is what most of us do when we get more money. We buy a car so we can stop taking the bus. We move out of the apartment with all those noisy neighbors into a house behind a wall. We stay in expensive, quiet hotels rather than the funky guest houses we used to frequent. We use money to insulate ourselves from the risk, noise, inconvenience. But the insulation comes at the price of isolation. Our comfort requires that we cut ourselves off from chance encounters, new music, unfamiliar laughter, fresh air, and random interaction with strangers. Researchers have concluded again and again that the single most reliable predictor of happiness is feeling embedded in a community. In the 1920s, around 5 percent of Americans lived alone. Today, more than a quarter do—the highest levels ever, according to the Census Bureau. Meanwhile, the use of antidepressants has increased over 400 percent in just the past 20 years, and abuse of pain medication is a growing epidemic. Correlation doesn’t prove causation, but those trends aren’t unrelated. Maybe it’s time to ask some impertinent questions about formerly unquestionable aspirations, such as comfort, wealth, and power.

I was in India the first time it occurred to me that I, too, was a rich asshole. I’d been traveling for a couple of months, ignoring the beggars as best I could. Having lived in New York, I was accustomed to averting my attention from desperate adults and psychotics, but I was having trouble getting used to the groups of children who would gather right next to my table at street-level restaurants, staring hungrily at the food on my plate. Eventually, a waiter would come and shoo them away, but they’d just run out to the street and watch from there—waiting for me to leave the waiter’s protection, hoping I’d bring some scraps with me.

In New York, I’d developed psychological defenses against the desperation I saw in the streets. I told myself that there were social services for homeless people, that they would just use my money to buy drugs or booze, that they’d probably brought their situation on themselves. But none of that worked with these Indian kids. There were no shelters waiting to receive them. I saw them sleeping in the streets at night, huddled together for warmth, like puppies. They weren’t going to spend my money unwisely. They weren’t even asking for money. They were just staring at my food like the starving creatures they were. And their emaciated bodies were brutally clear proof that they weren’t faking their hunger.

A few times, I bought a dozen samosas and handed them out, but the food was gone in an instant, and I was left with an even bigger crowd of kids (and, often, adults) surrounding me with their hands out, touching me, seeking my eyes, pleading. I knew the numbers. With what I’d spent on my one-way ticket from New York to New Delhi, I could have pulled a few families out of the debt that would hold them down for generations. With what I’d spent in New York restaurants the year before, I could have put a few of those kids through school. Hell, with what I’d budgeted for a year of traveling in Asia, I probably could have built a school.

I wish I could tell you I did some of that, but I didn’t. Instead, I developed the psychological scar tissue necessary to ignore the situation. I learned to stop thinking about things I could have done but knew I wouldn’t. I stopped making facial expressions that suggested I had any capacity for compassion. I learned to step over bodies in the street—dead or sleeping—without looking down. I learned to do these things because I had to—or so I told myself. Textbook RAS.

Research conducted at the University of Toronto by Stéphane Côté and colleagues confirms that the rich are less generous than the poor, but their findings suggest it’s more complicated than simply wealth making people stingy. Rather, it’s the distance created by wealth differentials that seems to break the natural flow of human kindness. Côté found that “higher-income individuals are only less generous if they reside in a highly unequal area or when inequality is experimentally portrayed as relatively high.” Rich people were as generous as anyone else when inequality was low. The rich are less generous when inequality is extreme, a finding that challenges the idea that higher-income individuals are just more selfish. If the person who needs help doesn’t seem that different from us, we’ll probably help them out. But if they seem too far away (culturally, economically), we’re less likely to lend a hand.

The social distance separating rich and poor, like so many of the other distances that separate us from each other, only entered human experience after the advent of agriculture and the hierarchical civilizations that followed, which is why it’s so psychologically difficult to twist your soul into a shape that allows you to ignore starving children standing close enough to smell your plate of curry. You’ve got to silence the inner voice calling for justice and for fairness. But we silence this ancient, insistent voice at great cost to our own psychological well-being.

A wealthy friend of mine recently told me, “You get successful by saying yes, but you need to say no a lot to stay successful.” If you’re perceived to be wealthier than those around you, you’ll have to say no a lot. You’ll be constantly approached with requests, offers, pitches, and pleas—whether you’re in a Starbucks in Silicon Valley or the back streets of Calcutta. Refusing sincere requests for help doesn’t come naturally to our species. Neuroscientists Jorge Moll, Jordan Grafman, and Frank Krueger of the National Institute of Neurological Disorders and Stroke (NINDS) have used fMRI machines to demonstrate that altruism is deeply embedded in human nature. Their work suggests that the deep satisfaction most people derive from altruistic behavior is not due to a benevolent cultural overlay, but comes from the evolved architecture of the human brain.

When volunteers in their studies placed the interests of others before their own, a primitive part of the brain normally associated with food or sex was activated. When researchers measured vagal tone (an indicator of feeling safe and calm) in 74 preschoolers, they found that children who’d donated tokens to help sick kids had much better readings than those who’d kept all their tokens for themselves. Jonas Miller, the lead investigator, said that the findings suggested “we might be wired from a young age to derive a sense of safety from providing care for others.” But Miller and his colleagues also found that whatever innate predisposition our species has toward charity is influenced by social cues. Children from wealthier families shared fewer tokens than the children from less well-off families.

woman on stack of coins looking up

Psychologists Dacher Keltner and Paul Piff monitored intersections with four-way stop signs and found that people in expensive cars were four times more likely to cut in front of other drivers, compared to folks in more modest vehicles. When the researchers posed as pedestrians waiting to cross a street, all the drivers in cheap cars respected their right of way, while those in expensive cars drove right on by 46.2 percent of the time, even when they’d made eye contact with the pedestrians waiting to cross. Other studies by the same team showed that wealthier subjects were more likely to cheat at an array of tasks and games. For example, Keltner reported that wealthier subjects were far more likely to claim they’d won a computer game—even though the game was rigged so that winning was impossible. Wealthy subjects were more likely to lie in negotiations and excuse unethical behavior at work, like lying to clients in order to make more money. When Keltner and Piff left a jar of candy in the entrance to their lab with a sign saying whatever was left over would be given to kids at a nearby school, they found that wealthier people stole more candy from the babies.

Researchers at the New York State Psychiatric Institute surveyed 43,000 people and found that the rich were far more likely to walk out of a store with merchandise they hadn’t paid for than were poorer people. Findings like this (and the behavior of drivers at intersections) could reflect the fact that wealthy people worry less about potential legal repercussions. If you know you can afford bail and a good lawyer, running a red light now and then or swiping a Snickers bar may seem less risky. But the selfishness goes deeper than such considerations. A coalition of nonprofit organizations called the Independent Sector found that, on average, people with incomes below $25,000 per year typically gave away a little over 4 percent of their income, while those earning more than $150,000 donated only 2.7 percent (despite tax benefits the rich can get from charitable giving that are unavailable to someone making much less).

There is reason to believe that blindness to the suffering of others is a psychological adaptation to the discomfort caused by extreme wealth disparities. Michael W. Kraus and colleagues found that people of higher socio-economic status were actually less able to read emotions in other people’s faces. It wasn’t that they cared less what those faces were communicating; they were simply blind to the cues. And Keely Muscatell, a neuroscientist at UCLA, found that wealthy people’s brains showed far less activity than the brains of poor people when they looked at photos of children with cancer.

Books such as Snakes in Suits: When Psychopaths Go to Work and The Psychopath Test argue that many traits characteristic of psychopaths are celebrated in business: ruthlessness, a convenient absence of social conscience, a single-minded focus on “success.” But while psychopaths may be ideally suited to some of the most lucrative professions, I’m arguing something different here. It’s not just that heartless people are more likely to become rich. I’m saying that being rich tends to corrode whatever heart you’ve got left. I’m suggesting, in other words, that it’s likely the wealthy subjects who participated in Muscatell’s study learned to be less unsettled by the photos of sick kids by the experience of being rich—much as I learned to ignore starving children in Rajastan so I could comfortably continue my vacation.

In an essay called “Extreme Wealth is Bad for Everyone—Especially the Wealthy,” Michael Lewis observed, “It is beginning to seem that the problem isn’t that the kind of people who wind up on the pleasant side of inequality suffer from some moral disability that gives them a market edge. The problem is caused by the inequality itself: it triggers a chemical reaction in the privileged few. It tilts their brains. It causes them to be less likely to care about anyone but themselves or to experience the moral sentiments needed to be a decent citizen.”

Ultimately, diminished empathy is self-destructive. It leads to social isolation, which is strongly associated with sharply increased health risks, including stroke, heart disease, depression, and dementia.

In one of my favorite studies, Keltner and Piff decided to tweak a game of Monopoly. The psychologists rigged the game so that one player had huge advantages over the other from the start. They ran the study with over a hundred pairs of subjects, all of whom were brought into the lab where a coin was flipped to determine who’d be “rich” and “poor” in the game. The randomly chosen “rich” player started out with twice as much money, collected twice as much every time they went around the board, and got to roll two dice instead of one. None of these advantages was hidden from the players. Both were well aware of how unfair the situation was. But still, the “winning” players showed the tell-tale symptoms of Rich Asshole Syndrome. They were far more likely to display dominant behaviors like smacking the board with their piece, loudly celebrating their superior skill, even eating more pretzels from a bowl positioned nearby.

After fifteen minutes, the experimenters asked the subjects to discuss their experience of playing the game. When the rich players talked about why they’d won, they focused on their brilliant strategies rather than the fact that the whole game was rigged to make it nearly impossible for them to lose. “What we’ve been finding across dozens of studies and thousands of participants across this country,” said Piff, “is that as a person’s levels of wealth increase, their feelings of compassion and empathy go down, and their feelings of entitlement, of deservingness, and their ideology of self-interest increases.”

group of people socializing and hugging

Of course, there are exceptions to these tendencies. Plenty of wealthy people have the wisdom to navigate the difficult currents their good fortune generates without succumbing to RAS—but such people are rare, and tend to come from humble origins. Perhaps an understanding of the debilitating effects of wealth explains why some who have built large fortunes are vowing not to pass their wealth to their children. Several billionaires, including Chuck Feeney, Bill Gates, and Warren Buffett have pledged to give away all or most of their money before they die. Buffet has famously said that he intends to leave his kids “enough to do anything, but not enough to do nothing.” The same impulse is expressed among those lower on the millionaire totem pole. According to an article on CNBC.com, Craig Wolfe, the owner of CelebriDucks, the largest custom collectible rubber duck manufacturer, intends to leave the millions he’s made to charity, which is amazing—but nowhere near as amazing as the fact that someone made millions of dollars selling collectible rubber ducks.

Do you know someone who suffers from RAS? There may be help for them. UC Berkeley researcher Robb Willer and his team conducted studies in which participants were given cash and instructed to play games of various complexity that would benefit “the public good.”

Participants who showed the greatest generosity benefited from more respect and cooperation from their peers and had more social influence. “The findings suggest that anyone who acts only in his or her narrow self-interest will be shunned, disrespected, even hated,” Willer said. “But those who behave generously with others are held in high esteem by their peers and thus rise in status.” Keltner and Piff have seen the same thing: “We’ve been finding in our own laboratory research that small psychological interventions, small changes to people’s values, small nudges in certain directions, can restore levels of egalitarianism and empathy,” said Piff. “For instance, reminding people of the benefits of cooperation, or the advantages of community, cause wealthier individuals to be just as egalitarian as poor people.” In one study, they showed subjects a short video—just 46 seconds long—about childhood poverty. They then checked the subjects’ willingness to help a stranger presented to them in the lab who appeared to be in distress. An hour after watching the video, rich people were as willing to lend a hand as were poor subjects. Piff believes these results suggest that “these differences are not innate or categorical, but are malleable to slight changes in people’s values, and little nudges of compassion and bumps of empathy.”

Piff’s findings align with the lessons passed along by thousands of generations of our foraging ancestors, whose survival depended on developing social webs of mutual aid. Selfishness, they understood, leads only to death: first social and ultimately biological. While the neo-Hobbesians struggle to explain how human altruism can exist, other scientists question their premise, asking if there’s any functional utility to selfishness. “Given how much is to be gained through generosity,” says Robb Willer, “social scientists increasingly wonder less why people are ever generous and more why they are ever selfish.”

Decades of “greed is good” messaging has sought to remove a sense of shame from being a beneficiary of outrageous extremes of wealth inequality. Still, the shame lingers, because the messaging runs up against one of our species’ deepest innate values. Institutions seeking to justify a fundamentally anti-human economic system constantly re-broadcast the message that winning the money game will bring satisfaction and happiness. But we’ve got around 300,000 years of ancestral experience telling us it just isn’t so. Selfishness may be essential to civilization, but that only raises the question of whether a civilization so out of step with our evolved nature makes sense for the human beings within it.

From Civilized to Death: The Price of Progress by Christopher Ryan. Copyright © 2019 by Christopher Ryan. Reprinted by permission of Avid Reader Press, a Simon & Schuster imprint

Why robots will soon be picking soft fruits and salad

London (CNN Business)

It takes a certain nimbleness to pick a strawberry or a salad. While crops like wheat and potatoes have been harvested mechanically for decades, many fruits and vegetables have proved resistant to automation. They are too easily bruised, or too hard for heavy farm machinery to locate.

But recently, technological developments and advances in machine learning have led to successful trials of more sensitive and dexterous robots, which use cameras and artificial intelligence to locate ripe fruit and handle it with care and precision.
Developed by engineers at the University of Cambridge, the Vegebot is the first robot that can identify and harvest iceberg lettuce — bringing hope to farmers that one of the most demanding crops for human pickers could finally be automated.
First, a camera scans the lettuce and, with the help of a machine learning algorithm trained on more than a thousand lettuce images, decides if it is ready for harvest. Then a second camera guides the picking cage on top of the plant without crushing it. Sensors feel when it is in the right position, and compressed air drives a blade through the stalk at a high force to get a clean cut.
The Vegebot uses machine learning to identify ripe, immature and diseased lettuce heads

Its success rate is high, with 91% of the crop accurately classified, according to a study published in July. But the robot is still much slower than humans, taking 31 seconds on average to pick one lettuce. Researchers say this could easily be sped up by using lighter materials.
Such adjustments would need to be made if the robot was used commercially. „Our goal was to prove you can do it, and we’ve done it,“ Simon Birrell, co-author of the study, tells CNN Business. „Now it depends on somebody taking the baton and running forward,“ he says.

More mouths to feed, but less manual labor

With the world’s population expected to climb to 9.7 billion in 2050 from 7.7 billion today — meaning roughly 80 million more mouths to feed each year — agriculture is under pressure to meet rising demand for food production.
Added pressures from climate change, such as extreme weather, shrinking agricultural lands and the depletion of natural resources, make innovation and efficiency all the more urgent.
This is one reason behind the industry’s drive to develop robotics. The global market for agricultural drones and robots is projected to grow from $2.5 billion in 2018 to $23 billion in 2028, according to a report from market intelligence firm BIS Research.
„Agriculture robots are expected to have a higher operating speed and accuracy than traditional agriculture machinery, which shall lead to significant improvements in production efficiency,“ Rakhi Tanwar, principal analyst of BIS Research, tells CNN Business.
Fruit picking robots like this one, developed by Fieldwork Robotics, operate for more than 20 hours a day

On top of this, growers are facing a long-term labor shortage. According to the World Bank, the share of total employment in agriculture in the world has declined from 43% in 1991 to 28% in 2018.
Tanwar says this is partly due to a lack of interest from younger generations. „The development of robotics in agriculture could lead to a massive relief to the growers who suffer from economic losses due to labor shortage,“ she says.
Robots can work all day and night, without stopping for breaks, and could be particularly useful during intense harvest periods.
„The main benefit is durability,“ says Martin Stoelen, a lecturer in robotics at the University of Plymouth and founder of Fieldwork Robotics, which has developed a raspberry-picking robot in partnership with Hall Hunter, one of the UK’s major berry growers.
Their robots, expected to go into production next year, will operate more than 20 hours a day and seven days a week during busy periods, „which human pickers obviously can’t do,“ says Stoelen.
Octinion's robot picks one strawberry every five seconds

Sustainable farming and food waste

Robots could also lead to more sustainable farming practices. They could enable growers to use less water, less fuel, and fewer pesticides, as well as producing less waste, says Tanwar.
At the moment, a field is typically harvested once, and any unripe fruits or vegetables are left to rot. Whereas, a robot could be trained to pick only ripe vegetables and, working around the clock, it could come back to the same field multiple times to pick any stragglers.
Birrell says that this will be the most important impact of robot pickers. „Right now, between a quarter and a third of food just rots in the field, and this is often because you don’t have humans ready at the right time to pick them,“ he says.
A successful example of this is the strawberry-picking robot developed by Octinion, a Belgium-based engineering startup.
The robot — which launched this year and is being used by growers in the UK and the Netherlands — is mounted on a self-driving trolley to serve table top strawberry production.
It uses 3D vision to locate the ripe berry, softly grips it with a pair of plastic pincers, and — just like a human — turns it 90 degrees to snap it from the stalk, before dropping it gently into a punnet.
„Robotics have the potential to convert the market from (being) supply-driven to demand-driven,“ says Tom Coen, CEO and founder of Octinion. „That will then help to reduce food waste and increase prices,“ he adds.

Harsh conditions

One major challenge with agricultural robots is adapting them for all-weather conditions. Farm machinery tends to be heavy-duty so that it can withstand rain, snow, mud, dust and heat.
„Building robots for agriculture is very different to building it for factories,“ says Birrell. „Until you’re out in the field, you don’t realize how robust it needs to be — it gets banged and crashed, you go over uneven surfaces, you get rained on, you get dust, you get lightning bolts.“
California-based Abundant Robotics has built an apple robot to endure the full range of farm conditions. It consists of an apple-sucking tube on a tractor-like contraption, which drives itself down an orchard row, while using computer vision to locate ripe fruit.
This spells the start of automation for orchard crops, says Dan Steere, CEO of Abundant Robotics. „Automation has steadily improved agricultural productivity for centuries,“ he says. „[We] have missed out on much of those benefits until now.“

DKIM, SPF, DMARC demystified

What all the stuff in email headers means—and how to sniff out spoofing

Parsing email headers needs care and knowledge—but it requires no special tools.

Come to think of it, maybe you shouldn't open this one at all.
Enlarge / Come to think of it, maybe you shouldn’t open this one at all.
Aurich / Thinkstock

I pretty frequently get requests for help from someone who has been impersonated—or whose child has been impersonated—via email. Even when you know how to „view headers“ or „view source“ in your email client, the spew of diagnostic wharrgarbl can be pretty overwhelming if you don’t know what you’re looking at. Today, we’re going to step through a real-world set of (anonymized) email headers and describe the process of figuring out what’s what.

Before we get started with the actual headers, though, we’re going to take a quick detour through an overview of what the overall path of an email message looks like in the first place. (More experienced sysadmin types who already know what stuff like „MTA“ and „SPF“ stand for can skip a bit ahead to the fun part!)

From MUA to MTA, and back to MUA again

The basic components involved in sending and receiving email are the Mail User Agent and Mail Transfer Agent. In the briefest possible terms, an MUA is the program you use to read and send mail from your own personal computer (like Thunderbird, or Mail.app, or even a webmail interface like Gmail or Outlook), and MTAs are programs that accept messages from senders and route them along to their final recipients.

Traditionally, mail was sent to a mail server using the Simple Mail Transfer Protocol (SMTP) and downloaded from the server using the Post Office Protocol (abbreviated as POP3, since version 3 is the most commonly used version of the protocol). A traditional Mail User Agent—such as Mozilla Thunderbird—would need to know both protocols; it would send all of its user’s messages to the user’s mail server using SMTP, and it would download messages intended for the user from the user’s mail server using POP3.

As time went by, things got a bit more complex. IMAP largely superseded POP3 since it allowed the user to leave the actual email on the server. This meant that you could read your mail from multiple machines (perhaps a desktop PC and a laptop) and have all of the same messages, organized the same way, everywhere you might check them.

Finally, as time went by, webmail became more and more popular. If you use a website as your MUA, you don’t need to know any pesky SMTP or IMAP server settings; you just need your email address and password, and you’re ready to read.

Ultimately, any message from one human user to another follows the path of MUA ⟶ MTA(s) ⟶ MUA. The analysis of email headers involves tracing that flow and looking for any funny business.

TLS in-flight encryption

The original SMTP protocol had absolutely no thought toward security—any server was expected to accept any message, from any sender, and pass the message along to any other server it thought might know how to get to the recipient in the To: field. That was fine and dandy in email’s earliest days of trusted machines and people, but it rapidly turned into a nightmare as the Internet scaled exponentially and became more commercially valuable.

It’s still possible to send email with absolutely no thought toward encryption or authentication, but such messages will very likely get rejected along the way by anti-spam defenses. Modern email typically is encrypted in-flight, and signed and authenticated at-rest. In-flight encryption is accomplished by TLS, which helps keep the content of a message from being captured or altered in-flight from one server to another. That’s great, so far as it goes, but in-flight TLS is only applied when mail is being relayed from one MTA to another MTA along the delivery path.

If an email travels from the sender through three MTAs before reaching its recipient, any server along the way can alter the content of the message—TLS encrypts the transmission from point to point but does nothing to verify the authenticity of the content itself or the path through which it’s traveling.

SPF—the Sender Policy Framework

The owner of a domain can set a TXT record in its DNS that states what servers are allowed to send mail on behalf of that domain. For a very simple example, Ars Technica’s SPF record says that email from arstechnica.com should only come from the servers specified in Google’s SPF record. Any other source should be met with a SoftFail error; this effectively means „trust it less, but don’t necessarily yeet it into the sun based on this alone.“

SPF headers in an email can’t be completely trusted after they’re generated, because there is no encryption involved. SPF is really only useful to the servers themselves, in real time. If a server knows that it’s at the outside boundary edge of a network, it also knows that any message it receives should be coming from a server specified in the sender’s domain’s SPF record. This makes SPF a great tool for getting rid of spam quickly.

DKIM—DomainKeys Identified Mail

Similarly to SPF, DKIM is set in TXT records in a sending domain’s DNS. Unlike SPF, DKIM is an authentication technique that validates the content of the message itself.

The owner of the sending domain generates a public/private key pair and stores the public key in a TXT record on the domain’s DNS. Mail servers on the outer boundary of the domain’s infrastructure use the private DKIM key to generate a signature (properly an encrypted hash) of the entire message body, including all headers accumulated on the way out of the sender’s infrastructure. Recipients can decrypt the DKIM signature using the public DKIM key retrieved from DNS, then make sure the hash matches the entire message body, including headers, as they received it.

If the decrypted DKIM signature is a matching hash for the entire body, the message is likely to be legitimate and unaltered—at least as verified by a private key belonging only to the domain owner (the end user does not have or need this key). If the DKIM signature is invalid, you know that the message either did not originate from the purported sender’s domain or has been altered (even if only by adding extra headers) by some other server in between. Or both!

This becomes extremely useful when trying to decide whether a set of headers is legitimate or spoofed—a matching DKIM signature means that the sender’s infrastructure vouches for all headers below the signature line. (And that’s all it means, too—DKIM is merely one tool in the mail server admin’s toolbox.)

DMARC—Domain-based Message Authentication, Reporting, and Conformance

DMARC extends SPF and DKIM. It’s not particularly exciting from the perspective of someone trying to trace a possibly fraudulent email; it boils down to a simple set of instructions for mail servers about how to handle SPF and DKIM records. DMARC can be used to request that a mail server pass, quarantine, or reject a message based on the outcome of SPF and DKIM verification, but it does not add any additional checks on its own.

Cybersecurity is one of the fastest-growing segments of the technology industry

Source: https://www.fool.com/investing/the-10-biggest-cybersecurity-stocks.aspx

The 10 Biggest Cybersecurity Stocks

When looking to invest in this high-growth tech industry, start with the biggest names on the cybersecurity block.

Cybersecurity is one of the fastest-growing segments of the technology industry. As more people around the globe connect to the internet and hundreds of millions of devices get connected to a network every year, the need to keep all of that data secure is on the rise.

In fact, according to research firm Global Market Insights, cybersecurity is expected to go from a $120 billion-a-year endeavor in 2017 to more than $300 billion in 2024, good for an average 12% annual growth rate. It’s no wonder, then, that so many businesses are getting in on the movement. Old tech titans like Microsoft (NASDAQ:MSFT), Cisco (NASDAQ:CSCO), and Oracle (NYSE:ORCL) all offer cybersecurity as part of their service suites. Other names are investing in the action, too. Old smartphone maker BlackBerry (NYSE:BB), for example, bought small cybersecurity outfit Cylance in early 2019 to further its transformation as a software company.

A silhouette of a person filled in with digital data, signifying artificial intelligence.

Image source: Getty Images.

As the world goes digital, managing new digital-first business operations and keeping information safe and secure will continue to evolve and grow in importance. For those wanting to invest in the cybersecurity industry, researching the biggest names in the business is a good place to get started (after brushing up on the basics here). Here are the 10 largest companies that make cybersecurity their primary concern based on market capitalization (the value of the company calculated by number of shares outstanding multiplied by price per share).

Company Market Capitalization as of July 2019 What the Company Does
1. Palo Alto Networks (NYSE:PANW) $21.3 billion A diversified provider of security solutions, with an increasing focus on cloud software
2. Splunk (NASDAQ:SPLK) $20.5 billion Big data analytics, including security orchestration and automated response
3. Check Point Software (NASDAQ:CHKP) $17.9 billion A diversified provider of security software and hardware
4. CrowdStrike (NASDAQ:CRWD) $17.5 billion Cloud-based endpoint security
5. Okta (NASDAQ:OKTA) $15.4 billion Cloud-based identity and privileged-access management software
6. Fortinet (NASDAQ:FTNT) $14.9 billion A diversified provider of security software and hardware
7. Symantec (NASDAQ:SYMC) $14.0 billion Largest security provider by revenue; owner of LifeLock and Norton Antivirus
8. Akamai Technologies (NASDAQ:AKAM) $13.6 billion Internet content delivery and security
9. Zscaler (NASDAQ:ZS) $10.4 billion Diversified provider of cloud-based security
10. F5 Networks (NASDAQ:FFIV) $8.7 billion Internet and application content delivery and security
Bonus: Proofpoint (NASDAQ:PFPT) $7.0 billion Employee communications and internet security

Data as of July 23, 2019. Data source: YCharts and company-specific investor relations.

Types of cybersecurity stocks

„Cybersecurity“ is the umbrella term, but there are different types of security firms tackling various problems in today’s connected age.

Broad-focus cybersecurity companies

For example, the larger outfits have been angling themselves to cover a wide range of needs, becoming one-stop security shops. Palo Alto Networks and Fortinet are two such companies, covering everything from firewalls (a network feature, sometimes a piece of hardware but more often software, that decides what data to let in and out) to artificial intelligence-based software that automates tasks and monitors an organization’s digital activity.

Endpoint security providers

These companies focus on securing remote devices connected to a network. The number of devices hooked up to the internet has been growing by the hundreds of millions every year, and that trend is expected to continue. Businesses are leading the charge, and everything from employee smartphones and tablets to assets in transit to connected machinery is in need of safekeeping. Endpoint protection software handles that specific need. Startup CrowdStrike, among others, is a specialist in this space.

Specialized security services

These niche companies include Okta, which provides privileged-access management — basically, only allowing users access to the sensitive data that they’re supposed to see. Then there’s security for the cloud, or computing and software that is offered remotely by way of a data center. Zscaler concerns itself with keeping cloud connections and data safe for businesses and organizations.

Regardless of the security need, digital-based operations and communications are on the rise across the board, which means all of the top cybersecurity companies are experiencing growth of some sort. That creates an opportunity for investors to cash in on the movement. Here is a breakdown of each of the top cybersecurity companies and how their stocks are valued.

The top 10 biggest cybersecurity stocks

1. Palo Alto Networks: The largest cybersecurity stock

Sitting atop the cybersecurity pure-play list is Palo Alto Networks. The company has built itself into the leader in the security space, offering a broad range of services for its customers from firewalls to automated threat response to cloud security. The largest player in the cybersecurity niche by market cap, Palo Alto has managed to outpace the industry’s average growth rate in spite of its size.

Part of the story behind Palo Alto’s growth is the company’s acquisition spree of smaller competitors. In May 2019, the company announced its intent to purchase two cloud-based cybersecurity outfits, one for $410 million and the other for a smaller undisclosed sum. Both were added to a new cloud security service segment called Prisma, aimed at continuously updating Palo Alto’s offerings as needs of customers evolve over time. CEO Nikesh Arora, a former executive at Alphabet’s (NASDAQ:GOOGL) (NASDAQ:GOOG) Google, has indicated that strategic acquisitions will continue to play an integral part in his company’s strategy to remain relevant.

The sums of money paid for acquisitions have been substantial (at least $1 billion spent since 2018), and they’re among the reasons Palo Alto is not yet a profitable business. However, when backing out one-time nonrecurring expenses and noncash items, the company still manages to post positive free cash flow (money left over after basic operating expenses and capital expenditures). In short, that means the company can afford its aggressive buying spree.

The free cash flow generation is important, because it gives the leader in pure-play network security the wiggle room it needs to invest heavily in cloud computing, AI, and other technology as customer needs change over time. Global cloud spending is expected to grow an average of about 16% a year through 2022, according to technology research group Gartner. Sitting at the intersection of two double-digit growth industries, that long-term trend should give Palo Alto Networks an enduring outlet to sustain double-digit sales growth and help it maintain its pole position within the world of cybersecurity.

2. Splunk: Big data and securing business operations

Splunk started out as a big data monitoring company. Its software suite allows organizations to analyze and make sense of information being generated from their digital systems, from websites to connected equipment to payment processing networks, among other things. If it’s an electronic system, it creates data; and if it creates data, Splunk can help monitor it and give customers the ability to make sense of trends and other behavior of digital systems. Incidentally, one of the primary use cases for the data parsing and analytics platform is cybersecurity.

To increase its capabilities in that department, Splunk has also embarked on an aggressive acquisition spree. As a result, the big data company is now a leader in the fast-growing security orchestration, automation, and response (SOAR) segment of the cybersecurity industry. SOAR utilizes artificial intelligence (a software system that mimics how the human brain works and learns and adapts to changing circumstances) to sift through information in real time, detect potential threats, and take action to keep things on lockdown. With data breaches a constant threat, the ability to automate aspects of the workload holds appeal for large organizations.

Despite its size, Splunk has still been growing quickly. The downside is that Splunk is spending lots of cash to foster further expansion, which keeps the company in the red. Specifically, research and development of new software capabilities and sales and marketing to acquire new customers are the biggest line items affecting the bottom line. However, much like Palo Alto Networks, Splunk is free cash flow positive; profits will be a bigger consideration later on as the company matures.

That’s because Splunk’s primary industry, big data analytics, should grow an average of 13% a year and surpass $274 billion in size by 2023 — according to researcher IDC. Along the way, Splunk will also benefit from the booming and fast-changing cybersecurity industry, making it one of the best plays on the trend. The company’s expertise in monitoring and making sense of large and complex sets of data particularly lends itself to keeping business information locked up, and its recent takeovers of smaller peers have helped bolster its position in network security. Splunk’s prospects and chances at continued industry leadership look especially good.

3. Check Point Software: Adjusting to a new technology

Check Point Software, as its name implies, offers software security along with hardware to keep business networks secure. Much like Palo Alto Networks, the company has a diversified mix of solutions covering on-premeses computer networks, cloud, and endpoint protection.

Though it’s one of the largest and oldest cybersecurity companies around (founded in 1993), Check Point has not been growing at the breakneck speed of some of its peers. Low-single-digit sales growth has been the norm for some time. The reason? New technologies like the cloud have made some of Check Point’s legacy services like hardware-based security less compelling. The company is trailing some of its competitors, so spending to update the business model for today’s security needs has been a top priority. It isn’t paying off yet, and Check Point’s sluggish pace could mean its younger peers will bypass it in the years ahead.

There is one thing that makes Check Point different from other companies on this list, though. As an older, well-established company, it does turn a profit. Thus, traditional valuation metrics (without the need to make adjustments for things like stock-based compensation, shares a company pays to employees as an extra perk) work for the stock. However, heavy spending to transform the business into a more relevant one for the times has the bottom line stuck in a rut. Until that changes, there’s little compelling reason to consider the stock.

Check Point has been working hard to update its offerings for more modern needs, but the sheer number of newer start-ups could mean this established cybersecurity business will continue to get disrupted. That’s not an enviable situation to be in, especially when the industry overall is growing by double digits.

4. CrowdStrike: The newest stock on the top-10 list

Endpoint security company CrowdStrike more than doubled in value after it had its IPO (sold shares to raise money, making it available to the general investing public for the first time) in June 2019. That easily puts the firm among the largest in the cybersecurity business by market cap.

The stock has years‘ worth of double-digit sales growth baked into it, but momentum could be on CrowdStrike’s side. Revenues more than doubled in 2018. The number of connected devices around the globe is increasing every year — by the hundreds of millions — which plays right into the hands of this security company and its endpoint-protection software suite. Since many of those devices are not tethered to an office or other physical location, CrowdStrike’s cloud computing-native system lends itself to this type of security particularly well.

Because it is cloud based, CrowdStrike also boasts the ability to make near-instant system updates when a threat is detected, and its software can learn and adapt from uploaded customer data. Paired with millions of new connections getting added to an internet-connected network every year, it adds up to lots of new customer sign-ups and expanding relationships with existing ones. Dollar-based net expansion (which measures how much money existing clients spend each year) has been over 100% for years, indicating customers spend more with CrowdStrike as time passes. It’s a powerful business model, one that CrowdStrike plans on putting to use in other security disciplines as it begins to expand beyond endpoint security. With the cloud and the number of endpoints increasing dramatically, it’s no wonder this stock is off to a hot start and looks like it has years‘ worth of growth left ahead of it.

5. Okta: Keeping data on a need-to-know basis

Another upstart security company, Okta has only been around since 2009, but the identity-protection specialist has been growing like a weed. The company ensures that employees and others with privileged access within an organization get connected to the apps and data they need — and keeps everyone else out. The number of digital systems and software being utilized by organizations continues to rise, increasing the complexity and difficulty in keeping systems secure from intruders. Thus, the need for Okta’s identity services has been booming.

In just a few years‘ time, Okta has become one of the largest cybersecurity pure plays around, with sales consistently growing north of 50% in the past. Management expects that trajectory will moderate to somewhere in the mid-30% range for the foreseeable future — still nothing to balk at. And that rate of expansion could be sustainable, too. According to the Global Market Insights cybersecurity report, identity, authentication, and access management services are expected to be an especially fast-growing subset of cybersecurity, with the potential for services to increase an average of 17% a year through 2024. At the forefront of the movement, Okta is primed to gobble up market share as identity and access management increases in importance.

Here’s the downside: Okta is not a profitable business as of this writing. The company is funneling cash into marketing and research to maximize its sales growth now. Profits will be a concern later. The good news, though, is that gross profit margin (the amount of money the company keeps after producing a service and then selling it but before paying other operating expenses) is on the rise as the company grows.

That bodes well for the future of this cybersecurity leader. Identity security/privileged data access rights is expected to be a high-growth segment of network security for the next few years, and Okta is a leader in the space.

6. Fortinet: Successfully bridging legacy security with the new

Another diversified provider of firewalls, cloud and endpoint security, and identity management, Fortinet took a hit amid worries that the trade war between the U.S. and China would dampen growth in the company’s important international markets — Asia and Europe specifically. Newer security upstarts have also disrupted some of Fortinet’s legacy offerings like hardware-based network security for on-premises protection. Economic and industry headwinds or not, though, this cybersecurity outfit is doing just fine.

Revenues and adjusted earnings were up 20% and 77%, respectively, in 2018. Fortinet has been adding dozens of new deals worth more than $1 million every quarter, winning customers over with its new and improved software suite aimed at keeping all parts of an organization safe. Although less aggressive in its acquisition strategy than Palo Alto Networks or Splunk, Fortinet continues to invest heavily in updating its offerings to keep its customers secure. The cloud has been an area of focus, as well as increasing the number of subscription-based software deals. The investments in new technology have been paying off and yielding results for shareholders, even as other legacy cybersecurity companies have been failing to make the cut.

As a result of its less aggressive nature, Fortinet also runs a profitable business where some of its competitors don’t — and the bottom line has been rising faster than sales as the company’s investments have started to yield results. Ample cash means this security business can continue to invest in its new high-octane segments like cloud, endpoint, and identity security, which bodes well for it being able to maintain its two-figure top-line growth rate for some time even as legacy lines of business fade. With a well-established presence in the industry and a successful business update strategy well underway and paying off, Fortinet is one of the best cybersecurity stocks around.

7. Symantec: The biggest cybersecurity company by revenue

Symantec is the world leader in cybersecurity services when using sales figures as the metric. With nearly $5 billion in revenue in the last year, it is nearly double the size of its younger peers like Palo Alto Networks. Yet despite Symantec’s leadership, its market cap lags. One of the oldest network security players around and owner of recognizable software names like LifeLock and Norton Antivirus, Symantec has had to deal with disruption and shifting technology that have left growth near nonexistent and profitability underwhelming.

Though Symantec has been updating its operations — it recently announced a new comprehensive cloud-based security suite covering everything from email to application login protection — results have been sluggish. Fiscal 2019 sales fell 2%. The company’s legacy operations are holding it back, and bloated operating expenses have meant paltry bottom-line earnings. Not exactly what investors should be looking for from the leader of a high-flying industry.

There could be hope of a rebound, though, as Symantec continues to work through its transition. Chipmaker Broadcom (NASDAQ:AVGO) thought there was value in Symantec and was reportedly interested in acquiring the old security company to add it to its growing software division. However, negotiations fell through, and Symantec will have to go it alone for now. Until the company can demonstrate a strategy that can gain some traction in the growing world of cybersecurity, Symantec will continue to struggle in the wake of younger and more nimble peers that started investing earlier in the shifting landscape.

8. Akamai: Guarding the security of the internet itself

The next security outfit on the list handles a different piece of the industry than any of the others covered thus far. Akamai (NASDAQ:AKAM) helps deliver and secure web content as it travels from its source to the end user, from live and streaming video to traditional web page text and pictures. The internet’s continual expansion has been a boon for Akamai, which has launched new services to cover new web applications (like video streaming) and new mobile device types to keep the internet connection to them secure.

Akamai’s traditional web business is a low- to mid-single-digit growth story, but its newer cloud security services have been growing well into the double digits. New services are still a small fraction of the whole, but they are a high-margin endeavor. Akamai’s bottom line has been getting a big double-digit boost as Akamai’s investment and spending on new web delivery applications subside and past spending starts to yield results.

Akamai has grown into one of the internet’s primary content delivery platforms, responsible for handling as much as a third of global web traffic. As such, this company will be slower moving than other security businesses, but Akamai still has growth prospects ahead of it. Internet infrastructure company Cisco expects web traffic — led by video content — to grow an average of 26% a year through 2022. That means Akamai’s newer business should continue to move the needle for some time; plus the overall operation is solidly in profitable territory. In short, the leading internet content delivery and security company should be a slow-and-steady play for the foreseeable future.

9. Zscaler: Another investment in the cloud

Back to small but up-and-coming cybersecurity. Zscaler has its sights set on securing cloud computing and thus built itself from the ground up as a cloud-only software suite. The world is going mobile, and so are business operations. With fewer centralized locations and more remotely connected devices popping up, Zscaler helps keep newer business networks safe for its customers and their employees.

With a business model similar to those of CrowdStrike and Okta, Zscaler plays in a new multibillion-dollar industry that will only continue to grow larger, and the company has been frank in saying it is all about maximizing growth right now. And no wonder, as Gartner says in its cloud research that annual spending will nearly double from 2018 to 2022 to more than $330 billion a year. Sales at Zscaler have been growing north of 60% year over year for some time, but what’s a few hundred million in annual sales when the whole market is worth hundreds of billions? The downside is that in spite of massive growth and a rosy outlook for the good times to continue, operating losses are still substantial. With Zscaler all about nurturing sales as fast as possible, the red ink is unlikely to disappear anytime soon.

Much like its start-up peers, though, Zscaler takes those losses by design as it keeps its foot on the gas. Gross profit margin was an enviable 81% at last report, one of the best in the industry. With profit potential like that in a fast-expanding cloud computing sandbox, it makes sense Zscaler is all about growth now and profit later. With the world going mobile, this security stock looks like an especially promising one in the years ahead as it takes advantage of its early cloud-based security lead.

10. F5 Networks: Lagging behind the cybersecurity growth average

F5 Networks provides hardware and software solutions that help companies keep their applications and app delivery secure. Similar to Akamai, the company’s legacy business isn’t exactly lighting the world on fire. However, newer services, particularly those aimed at cloud computing-based apps, are on a tear. To that end, F5 recently acquired app optimization and security peer NGINX for $670 million.

It’s a sizable sum but likely a prudent move for F5. The company has been reporting low-single-digit revenue growth the last few years — nearly all of which has been driven by big expansion in its software service segment. While the top line has been sluggish, the upside is that new software and security offerings are a much more profitable concern. As a result, earnings are up nearly 40% over the last trailing three-year stretch.

During its transition phase to more modern app security and delivery, F5’s stock has taken a beating. There’s worry that the transition will continue to be a bumpy one, thus making this stock among the cheapest in the cybersecurity industry. However, though the low valuation reflects the fact that F5 has fallen behind the curve in the digital age, F5 is an inexpensive play on digital security and delivery. With internet traffic and content delivery still a slow-and-steady endeavor, F5 can continue to thrive — albeit at a much slower rate than elsewhere in cybersecurity.

Bonus. Proofpoint: An up-and-coming communications security specialist

One of the smaller outfits in the security space, Proofpoint is worth a mention as a bonus number 11 on the top-10 list. The company specifically helps organizations keep their employees safe. Email attacks are a key pain point for many businesses, and securing communications in that department — as well as on social media, cloud applications, and mobile devices — is a specialty at Proofpoint.

Though a niche offering within the greater cybersecurity industry, Proofpoint is expanding fast. After the company grew 38% in 2018, management forecasted full-year 2019 revenue to be up at least another 22%. However, as with its high-powered sales-oriented peers, the company does run up big losses. As with many other cybersecurity plays we’ve been discussing, though, that’s due to Proofpoint reinvesting in itself to foster more growth.

Nevertheless, when we adjust the bottom line for one-time items and other noncash expenses, Proofpoint is free cash flow positive, a metric that has been steadily on the rise. That should help Proofpoint keep up its double-digit growth trajectory as employee access points via remote computers, smartphones, and other devices continue to boom in the States and especially overseas. It’s a much smaller business than the top 10 companies are, but this cybersecurity concern still offers a compelling growth story worth keeping an eye on as it keeps communications safe and secure.

Proofpoint will also likely see long-term benefit from the explosion in devices hooked up to a network in the years ahead. The workforce’s increasing mobility means keeping employee communications on lockdown will be an increasingly complex problem, one that this small security company can help solve.

An illustrated shield displayed on top of a wall of digital data.

Image source: Getty Images.

Choosing the right cybersecurity stock to invest in

Taking a high-level look at the biggest companies in the cybersecurity market is only the start to choosing an investment. Some of the stocks are buys, others not so much. As the industry is still in high-growth mode and adapting fast to technological developments, investors would be best off picking the companies posting the fastest revenue expansion rates and those that carry the highest gross profit margins. Click here for a discussion on the top cybersecurity stocks and an introduction on how to pick the best companies in the industry.

Before investing, though, it’s important to remember a few things. Though cybersecurity is one of the fastest-expanding industries around, with high growth expectations comes a high level of volatility. Stock prices can run higher very quickly — and reverse course just as fast. Only investors who have a long-term perspective (no less than a few years) and the ability to purchase a position over time (buying a few shares at a time on a set schedule, like monthly, quarterly, or whenever the stock dips in price by at least double digits) should consider buying.

For those with the time to wait, though, investing in cybersecurity should be a profitable endeavor. In a decade’s time, this top-10 list will no doubt look very different, but a few of these names will still be around and will likely be much larger than they are today.

 

Travel Blogging

„While travel blogging is a relatively young phenomenon, it has already evolved into a mature and sophisticated business model, with participants on both sides working hard to protect and promote their brands.

Those on the industry side say there’s tangible commercial benefit, provided influencers are carefully vetted.
„If people are actively liking and commenting on influencers‘ posts, it shows they’re getting inspired by the destination,“ Keiko Mastura, PR specialist at the Japan National Tourism Organization, tells CNN Travel.
„We monitor comments and note when users tag other accounts or comment about the destination, suggesting they’re adding it to their virtual travel bucket lists. Someone is influential if they have above a 3.5% engagement rate.“
For some tourism outlets, bloggers offer a way to promote products that might be overlooked by more conventional channels. Even those with just 40,000 followers can make a difference.
Kimron Corion, communications manager of Grenada’s Tourism Authority, says his organization has „had a lot of success engaging with micro-influencers who exposed some of our more niche offerings effectively.“
Such engagement doesn’t come cheap though.“

That means extra pressure in finding the right influencer to convey the relevant message — particularly when the aim is to deliver real-time social media exposure.
„We analyze each profile to make sure they’re an appropriate fit,“ says Florencia Grossi, director of international promotion for Visit Argentina. „We look for content with dynamic and interesting stories that invites followers to live the experience.“
One challenge is weeding out genuine influencers from the fake, a job that’s typically done by manually scrutinizing audience feedback for responses that betray automated followers. Bogus bloggers are another reason the market is becoming increasingly wary.“