l
l
blogger better. Powered by Blogger.

Search

Labels

blogger better

Followers

Blog Archive

Total Pageviews

Labels

Download

Blogroll

Featured 1

Curabitur et lectus vitae purus tincidunt laoreet sit amet ac ipsum. Proin tincidunt mattis nisi a scelerisque. Aliquam placerat dapibus eros non ullamcorper. Integer interdum ullamcorper venenatis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.

Featured 2

Curabitur et lectus vitae purus tincidunt laoreet sit amet ac ipsum. Proin tincidunt mattis nisi a scelerisque. Aliquam placerat dapibus eros non ullamcorper. Integer interdum ullamcorper venenatis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.

Featured 3

Curabitur et lectus vitae purus tincidunt laoreet sit amet ac ipsum. Proin tincidunt mattis nisi a scelerisque. Aliquam placerat dapibus eros non ullamcorper. Integer interdum ullamcorper venenatis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.

Featured 4

Curabitur et lectus vitae purus tincidunt laoreet sit amet ac ipsum. Proin tincidunt mattis nisi a scelerisque. Aliquam placerat dapibus eros non ullamcorper. Integer interdum ullamcorper venenatis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.

Featured 5

Curabitur et lectus vitae purus tincidunt laoreet sit amet ac ipsum. Proin tincidunt mattis nisi a scelerisque. Aliquam placerat dapibus eros non ullamcorper. Integer interdum ullamcorper venenatis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.

Saturday, September 29, 2018

Ne-Yo wants to make Silicon Valley more diverse, one investment at a time

Dressed in a Naruto t-shirt and a hat emblazoned with the phrase “lone wolf,” Ne-Yo slouches over in a chair inside a Holberton School classroom. The Grammy-winning recording artist is struggling to remember the name of “that actor,” the one who’s had a successful career in both the entertainment industry and tech investing.

“I learned about all the things he was doing and I thought it was great for him,” Ne-Yo told TechCrunch. “But I didn’t really know what my place in tech would be.”

It turns out “that actor” is Ashton Kutcher, widely known in Hollywood and beyond for his role in several blockbusters and the TV sitcom That ’70s Show, and respected in Silicon Valley for his investments via Sound Ventures and A-Grade in Uber, Airbnb, Spotify, Bird and several others.

Ne-Yo, for his part, is known for a string of R&B hits including So Sick, One in a Million and Because of You. His latest album, Good Man, came out in June.

Ne-Yo, like Kutcher, is interested in pursuing a side gig in investing but he doesn’t want to waste time chasing down the next big thing. His goal, he explained, is to use his wealth to encourage people like him to view software engineering and other technical careers as viable options.

“Little black kids growing up don’t say things like ‘I want to be a coder when I grow up,’ because it’s not real to them, they don’t see people that look like me doing it,” Ne-Yo said. “But tech is changing the world, like literally by the day, by the second, so I feel like it just makes the most sense to have it accessible to everyone.”

Last year, Ne-Yo finally made the leap into venture capital investing: his first deal, an investment in Holberton School, a two-year coding academy founded by Julien Barbier and Sylvain Kalache that trains full-stack engineers. The singer returned to San Francisco earlier this month for the grand opening of Holberton’s remodeled headquarters on Mission Street in the city’s SoMa neighborhood.

[gallery ids="1722954,1722952,1722953,1722955"]

Holberton, a proposed alternative to a computer science degree, is free to students until they graduate and land a job, at which point they are asked to pay 17 percent of their salaries during their first three years in the workforce.

It has a different teaching philosophy than your average coding academy or four-year university. It relies on project-based and peer learning, i.e. students helping and teaching each other; there are no formal teachers or lecturers. The concept appears to be working. Holberton says their former students are now employed at Apple, NASA, LinkedIn, Facebook, Dropbox and Tesla.

Ne-Yo participated in Holberton’s $2.3 million round in February 2017 alongside Reach Capital and Insight Venture Partners, as well as Trinity Ventures, the VC firm that introduced Ne-Yo to the edtech startup. Holberton has since raised an additional $8 million from existing and new investors like daphni, Omidyar Network, Yahoo! co-founder Jerry Yang and Slideshare co-founder Jonathan Boutelle.

Holberton has used that capital to expand beyond the Bay Area. A school in New Haven, Conn., where the company hopes to reach students who can’t afford to live in tech’s hubs, is in development.

The startup’s emphasis on diversity is what attracted Ne-Yo to the project and why he signed on as a member of the board of trustees. More than half of Holberton’s students are people of color and 35 percent are women. Since Ne-Yo got involved, the number of African American applicants has doubled from roughly 5 percent to 11.5 percent.

“I didn’t really know what my place in tech would be.”

Before Ne-Yo’s preliminary meetings with Holberton’s founders, he says he wasn’t aware of the racial and gender diversity problem in tech.

“When it was brought to my attention, I was like ‘ok, this is definitely a problem that needs to be addressed,'” he said. “It makes no sense that this thing that affects us all isn’t available to us all. If you don’t have the money or you don’t have the schooling, it’s not available to you, however, it’s affecting their lives the same way it’s affecting the rich guys’ lives.”

Holberton’s founders joked with TechCrunch that Ne-Yo has actually been more supportive and helpful in the last year than many of the venture capitalists who back Holberton. He’s very “hands-on,” they said. Despite the fact that he’s balancing a successful music career and doesn’t exactly have a lot of free time, he’s made sure to attend events at Holberton, like the recent grand opening, and will Skype with students occasionally.

“I wanted it to be grassroots and authentic.”

Ne-Yo was very careful to explain that he didn’t put money in Holberton for the good optics.

“This isn’t something I just wanted to put my name on,” he said. “I wanted to make sure [the founders] knew this was something I was going to be serious about and not just do the celebrity thing. I wanted it to be grassroots and authentic so we dropped whatever we were doing and came down, met these guys, hung out with the students and hung out at the school to see what it’s really about.”

What’s next for Ne-Yo? A career in venture capital, perhaps? He’s definitely interested and will be making more investments soon, but a full pivot into VC is unlikely.

At the end of the day, Silicon Valley doesn’t need more people with fat wallets and a hankering for the billionaire lifestyle. What it needs are people who have the money and resources necessary to bolster the right businesses and who care enough to prioritize diversity and inclusivity over yet another payday.

“Not to toot the horn or brag, but I’m not missing any meals,” Ne-Yo said. “So, if I’m going to do it, let it mean something.”



https://ift.tt/eA8V8J Ne-Yo wants to make Silicon Valley more diverse, one investment at a time https://ift.tt/2xLZm0V

Facebook is weaponizing security to erode privacy

At a Senate hearing this week in which US lawmakers quizzed tech giants on how they should go about drawing up comprehensive Federal consumer privacy protection legislation, Apple’s VP of software technology described privacy as a “core value” for the company.

“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.

Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.

But the company could hardly have made such a claim had it been in the room, given that its business is based on trying to know everything about you in order to dart you with ads.

You could say Facebook has ‘hostility to privacy‘ as a core value.

Earlier this year one US senator wondered of Mark Zuckerberg how Facebook could run its service given it doesn’t charge users for access. “Senator we run ads,” was the almost startled response, as if the Facebook founder couldn’t believe his luck at the not-even-surface-level political probing his platform was getting.

But there have been tougher moments of scrutiny for Zuckerberg and his company in 2018, as public awareness about how people’s data is being ceaselessly sucked out of platforms and passed around in the background, as fuel for a certain slice of the digital economy, has grown and grown — fuelled by a steady parade of data breaches and privacy scandals which provide a glimpse behind the curtain.

On the data scandal front Facebook has reigned supreme, whether it’s as an ‘oops we just didn’t think of that’ spreader of socially divisive ads paid for by Kremlin agents (sometimes with roubles!); or as a carefree host for third party apps to party at its users’ expense by silently hovering up info on their friends, in the multi-millions.

Facebook’s response to the Cambridge Analytica debacle was to loudly claim it was ‘locking the platform down‘. And try to paint everyone else as the rogue data sucker — to avoid the obvious and awkward fact that its own business functions in much the same way.

All this scandalabra has kept Facebook execs very busy with year, with policy staffers and execs being grilled by lawmakers on an increasing number of fronts and issues — from election interference and data misuse, to ad transparencyhate speech and abuse, and also directly, and at times closely, on consumer privacy and control

Facebook shielded its founder from one sought for grilling on data misuse, as UK MPs investigated online disinformation vs democracy, as well as examining wider issues around consumer control and privacy. (They’ve since recommended a social media levy to safeguard society from platform power.) 

The DCMS committee wanted Zuckerberg to testify to unpick how Facebook’s platform contributes to the spread of disinformation online. The company sent various reps to face questions (including its CTO) — but never the founder (not even via video link). And committee chair Damian Collins was withering and public in his criticism of Facebook sidestepping close questioning — saying the company had displayed a “pattern” of uncooperative behaviour, and “an unwillingness to engage, and a desire to hold onto information and not disclose it.”

As a result, Zuckerberg’s tally of public appearances before lawmakers this year stands at just two domestic hearings, in the US Senate and Congress, and one at a meeting of the EU parliament’s conference of presidents (which switched from a behind closed doors format to being streamed online after a revolt by parliamentarians) — and where he was heckled by MEPs for avoiding their questions.

But three sessions in a handful of months is still a lot more political grillings than Zuckerberg has ever faced before.

He’s going to need to get used to awkward questions now that lawmakers have woken up to the power and risk of his platform.

Security, weaponized 

What has become increasingly clear from the growing sound and fury over privacy and Facebook (and Facebook and privacy), is that a key plank of the company’s strategy to fight against the rise of consumer privacy as a mainstream concern is misdirection and cynical exploitation of valid security concerns.

Simply put, Facebook is weaponizing security to shield its erosion of privacy.

Privacy legislation is perhaps the only thing that could pose an existential threat to a business that’s entirely powered by watching and recording what people do at vast scale. And relying on that scale (and its own dark pattern design) to manipulate consent flows to acquire the private data it needs to profit.

Only robust privacy laws could bring Facebook’s self-serving house of cards tumbling down. User growth on its main service isn’t what it was but the company has shown itself very adept at picking up (and picking off) potential competitors — applying its surveillance practices to crushing competition too.

In Europe lawmakers have already tightened privacy oversight on digital businesses and massively beefed up penalties for data misuse. Under the region’s new GDPR framework compliance violations can attract fines as high as 4% of a company’s global annual turnover.

Which would mean billions of dollars in Facebook’s case — vs the pinprick penalties it has been dealing with for data abuse up to now.

Though fines aren’t the real point; if Facebook is forced to change its processes, so how it harvests and mines people’s data, that could knock a major, major hole right through its profit-center.

Hence the existential nature of the threat.

The GDPR came into force in May and multiple investigations are already underway. This summer the EU’s data protection supervisor, Giovanni Buttarelli, told the Washington Post to expect the first results by the end of the year.

Which means 2018 could result in some very well known tech giants being hit with major fines. And — more interestingly — being forced to change how they approach privacy.

One target for GDPR complainants is so-called ‘forced consent‘ — where consumers are told by platforms leveraging powerful network effects that they must accept giving up their privacy as the ‘take it or leave it’ price of accessing the service. Which doesn’t exactly smell like the ‘free choice’ EU law actually requires.

It’s not just Europe, either. Regulators across the globe are paying greater attention than ever to the use and abuse of people’s data. And also, therefore, to Facebook’s business — which profits, so very handsomely, by exploiting privacy to build profiles on literally billions of people in order to dart them with ads.

US lawmakers are now directly asking tech firms whether they should implement GDPR style legislation at home.

Unsurprisingly, tech giants are not at all keen — arguing, as they did at this week’s hearing, for the need to “balance” individual privacy rights against “freedom to innovate”.

So a lobbying joint-front to try to water down any US privacy clampdown is in full effect. (Though also asked this week whether they would leave Europe or California as a result of tougher-than-they’d-like privacy laws none of the tech giants said they would.)

The state of California passed its own robust privacy law, the California Consumer Privacy Act, this summer, which is due to come into force in 2020. And the tech industry is not a fan. So its engagement with federal lawmakers now is a clear attempt to secure a weaker federal framework to ride over any more stringent state laws.

Europe and its GDPR obviously can’t be rolled over like that, though. Even as tech giants like Facebook have certainly been seeing how much they can get away with — to force a expensive and time-consuming legal fight.

While ‘innovation’ is one oft-trotted angle tech firms use to argue against consumer privacy protections, Facebook included, the company has another tactic too: Deploying the ‘S’ word — security — both to fend off increasingly tricky questions from lawmakers, as they finally get up to speed and start to grapple with what it’s actually doing; and — more broadly — to keep its people-mining, ad-targeting business steamrollering on by greasing the pipe that keeps the personal data flowing in.

In recent years multiple major data misuse scandals have undoubtedly raised consumer awareness about privacy, and put greater emphasis on the value of robustly securing personal data. Scandals that even seem to have begun to impact how some Facebook users Facebook. So the risks for its business are clear.

Part of its strategic response, then, looks like an attempt to collapse the distinction between security and privacy — by using security concerns to shield privacy hostile practices from critical scrutiny, specifically by chain-linking its data-harvesting activities to some vaguely invoked “security purposes”, whether that’s security for all Facebook users against malicious non-users trying to hack them; or, wider still, for every engaged citizen who wants democracy to be protected from fake accounts spreading malicious propaganda.

So the game Facebook is here playing is to use security as a very broad-brush to try to defang legislation that could radically shrink its access to people’s data.

Here, for example, is Zuckerberg responding to a question from an MEP in the EU parliament asking for answers on so-called ‘shadow profiles’ (aka the personal data the company collects on non-users) — emphasis mine:

It’s very important that we don’t have people who aren’t Facebook users that are coming to our service and trying to scrape the public data that’s available. And one of the ways that we do that is people use our service and even if they’re not signed in we need to understand how they’re using the service to prevent bad activity.

At this point in the meeting Zuckerberg also suggestively referenced MEPs’ concerns about election interference — to better play on a security fear that’s inexorably close to their hearts. (With the spectre of re-election looming next spring.) So he’s making good use of his psychology major.

“On the security side we think it’s important to keep it to protect people in our community,” he also said when pressed by MEPs to answer how a person who isn’t a Facebook user could delete its shadow profile of them.

He was also questioned about shadow profiles by the House Energy and Commerce Committee in April. And used the same security justification for harvesting data on people who aren’t Facebook users.

“Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers],” he said. “In order to prevent people from scraping public information… we need to know when someone is repeatedly trying to access our services.”

He claimed not to know “off the top of my head” how many data points Facebook holds on non-users (nor even on users, which the congressman had also asked for, for comparative purposes).

These sorts of exchanges are very telling because for years Facebook has relied upon people not knowing or really understanding how its platform works to keep what are clearly ethically questionable practices from closer scrutiny.

But, as political attention has dialled up around privacy, and its become harder for the company to simply deny or fog what it’s actually doing, Facebook appears to be evolving its defence strategy — by defiantly arguing it simply must profile everyone, including non-users, for user security.

No matter this is the same company which, despite maintaining all those shadow profiles on its servers, famously failed to spot Kremlin election interference going on at massive scale in its own back yard — and thus failed to protect its users from malicious propaganda.

TechCrunch/Bryce Durbin

Nor was Facebook capable of preventing its platform from being repurposed as a conduit for accelerating ethnic hate in a country such as Myanmar — with some truly tragic consequences. Yet it must, presumably, hold shadow profiles on non-users there too. Yet was seemingly unable (or unwilling) to use that intelligence to help protect actual lives…

So when Zuckerberg invokes overarching “security purposes” as a justification for violating people’s privacy en masse it pays to ask critical questions about what kind of security it’s actually purporting to be able deliver. Beyond, y’know, continued security for its own business model as it comes under increasing attack.

What Facebook indisputably does do with ‘shadow contact information’, acquired about people via other means than the person themselves handing it over, is to use it to target people with ads. So it uses intelligence harvested without consent to make money.

Facebook confirmed as much this week, when Gizmodo asked it to respond to a study by some US academics that showed how a piece of personal data that had never been knowingly provided to Facebook by its owner could still be used to target an ad at that person.

Responding to the study, Facebook admitted it was “likely” the academic had been shown the ad “because someone else uploaded his contact information via contact importer”.

“People own their address books. We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them,” it told Gizmodo.

So essentially Facebook has finally admitted that consentless scraped contact information is a core part of its ad targeting apparatus.

Safe to say, that’s not going to play at all well in Europe.

Basically Facebook is saying you own and control your personal data until it can acquire it from someone else — and then, er, nope!

Yet given the reach of its network, the chances of your data not sitting on its servers somewhere seems very, very slim. So Facebook is essentially invading the privacy of pretty much everyone in the world who has ever used a mobile phone. (Something like two-thirds of the global population then.)

In other contexts this would be called spying — or, well, ‘mass surveillance’.

It’s also how Facebook makes money.

And yet when called in front of lawmakers to asking about the ethics of spying on the majority of the people on the planet, the company seeks to justify this supermassive privacy intrusion by suggesting that gathering data about every phone user without their consent is necessary for some fuzzily-defined “security purposes” — even as its own record on security really isn’t looking so shiny these days.

WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

It’s as if Facebook is trying to lift a page out of national intelligence agency playbooks — when governments claim ‘mass surveillance’ of populations is necessary for security purposes like counterterrorism.

Except Facebook is a commercial company, not the NSA.

So it’s only fighting to keep being able to carpet-bomb the planet with ads.

Profiting from shadow profiles

Another example of Facebook weaponizing security to erode privacy was also confirmed via Gizmodo’s reportage. The same academics found the company uses phone numbers provided to it by users for the specific (security) purpose of enabling two-factor authentication, which is a technique intended to make it harder for a hacker to take over an account, to also target them with ads.

In a nutshell, Facebook is exploiting its users’ valid security fears about being hacked in order to make itself more money.

Any security expert worth their salt will have spent long years encouraging web users to turn on two factor authentication for as many of their accounts as possible in order to reduce the risk of being hacked. So Facebook exploiting that security vector to boost its profits is truly awful. Because it works against those valiant infosec efforts — so risks eroding users’ security as well as trampling all over their privacy.

It’s just a double whammy of awful, awful behavior.

And of course, there’s more.

A third example of how Facebook seeks to play on people’s security fears to enable deeper privacy intrusion comes by way of the recent rollout of its facial recognition technology in Europe.

In this region the company had previously been forced to pull the plug on facial recognition after being leaned on by privacy conscious regulators. But after having to redesign its consent flows to come up with its version of ‘GDPR compliance’ in time for May 25, Facebook used this opportunity to revisit a rollout of the technology on Europeans — by asking users there to consent to switching it on.

Now you might think that asking for consent sounds okay on the surface. But it pays to remember that Facebook is a master of dark pattern design.

Which means it’s expert at extracting outcomes from people by applying these manipulative dark arts. (Don’t forget, it has even directly experimented in manipulating users’ emotions.)

So can it be a free consent if ‘individual choice’ is set against a powerful technology platform that’s both in charge of the consent wording, button placement and button design, and which can also data-mine the behavior of its 2BN+ users to further inform and tweak (via A/B testing) the design of the aforementioned ‘consent flow’? (Or, to put it another way, is it still ‘yes’ if the tiny greyscale ‘no’ button fades away when your cursor approaches while the big ‘YES’ button pops and blinks suggestively?)

In the case of facial recognition, Facebook used a manipulative consent flow that included a couple of self-serving ‘examples’ — selling the ‘benefits’ of the technology to users before they landed on the screen where they could choose either yes switch it on, or no leave it off.

One of which explicitly played on people’s security fears — by suggesting that without the technology enabled users were at risk of being impersonated by strangers. Whereas, by agreeing to do what Facebook wanted you to do, Facebook said it would help “protect you from a stranger using your photo to impersonate you”…

That example shows the company is not above actively jerking on the chain of people’s security fears, as well as passively exploiting similar security worries when it jerkily repurposes 2FA digits for ad targeting.

There’s even more too; Facebook has been positioning itself to pull off what is arguably the greatest (in the ‘largest’ sense of the word) appropriation of security concerns yet to shield its behind-the-scenes trampling of user privacy — when, from next year, it will begin injecting ads into the WhatsApp messaging platform.

These will be targeted ads, because Facebook has already changed the WhatsApp T&Cs to link Facebook and WhatsApp accounts — via phone number matching and other technical means that enable it to connect distinct accounts across two otherwise entirely separate social services.

Thing is, WhatsApp got fat on its founders promise of 100% ad-free messaging. The founders were also privacy and security champions, pushing to roll e2e encryption right across the platform — even after selling their app to the adtech giant in 2014.

WhatsApp’s robust e2e encryption means Facebook literally cannot read the messages users are sending each other. But that does not mean Facebook is respecting WhatsApp users’ privacy.

On the contrary; The company has given itself broader rights to user data by changing the WhatsApp T&Cs and by matching accounts.

So, really, it’s all just one big Facebook profile now — whichever of its products you do (or don’t) use.

This means that even without literally reading your WhatsApps, Facebook can still know plenty about a WhatsApp user, thanks to any other Facebook Group profiles they have ever had and any shadow profiles it maintains in parallel. WhatsApp users will soon become 1.5BN+ bullseyes for yet more creepily intrusive Facebook ads to seek their target.

No private spaces, then, in Facebook’s empire as the company capitalizes on people’s fears to shift the debate away from personal privacy and onto the self-serving notion of ‘secured by Facebook spaces’ — in order that it can keep sucking up people’s personal data.

Yet this is a very dangerous strategy, though.

Because if Facebook can’t even deliver security for its users, thereby undermining those “security purposes” it keeps banging on about, it might find it difficult to sell the world on going naked just so Facebook Inc can keep turning a profit.

What’s the best security practice of all? That’s super simple: Not holding data in the first place.



from Social – TechCrunch https://ift.tt/2NayE75 Facebook is weaponizing security to erode privacy Natasha Lomas https://ift.tt/2R4Hg2d
via IFTTT

Friday, September 28, 2018

What Instagram users need to know about Facebook’s security breach

Even if you never log into Facebook itself these days, the other apps and services you use might be impacted by Facebook’s latest big, bad news.

In a follow-up call on Friday’s revelation that Facebook has suffered a security breach affecting at least 50 million accounts, the company clarified that Instagram users were not out of the woods — nor were any other third-party services that utilized Facebook Login. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

Third-party apps and sites affected too

Due to the nature of the hack, Facebook cannot rule out the fact that attackers may have also accessed any Instagram account linked to an affected Facebook account through Facebook Login. Still, it’s worth remembering that while Facebook can’t rule it out, the company has no evidence (yet) of this kind of activity.

“So the vulnerability was on Facebook, but these access tokens enable someone to use [a connected account] as if they were the account holder themselves — this does mean they could have access other third party apps that were using Facebook login,” Facebook Vice President of Product Management Guy Rosen explained on the call.

“Now that we have reset all of those access tokens as part of protecting the security of people’s accounts, developers who use Facebook login will be able to detect that those access tokens has been reset, identify those users and as a user, you will simply have to log in again into those third party apps.”

Rosen reiterated that there is plenty Facebook does not know about the hack, including the extent to which attackers manipulated the three security bugs in question to obtain access to external accounts through Facebook Login.

“The vulnerability was on Facebook itself and we’ve yet to determine, given the investigation is really early, [what was] the exact nature of misuse and whether there was any access to Instagram accounts, for example,” Rosen said.

Anyone with a Facebook account affected by the breach — you should have been automatically logged out and will receive a notification — will need to unlink and relink their Instagram account to Facebook in order to continue cross-posting content to Facebook.

How to relink your Facebook account and do a security check

To do relink your Instagram account to Facebook, if you choose to, open Instagram Settings > Linked Accounts and select the checkbox next to Facebook. Click Unlink and confirm your selection. If you’d like to reconnect Instagram with Facebook, you’ll need to select Facebook in the Linked Accounts menu and login with your credentials like normal.

If you know your Facebook account was affected by the breach, it’s wise to check for suspicious activity on your account. You can do this on Facebook through the Security and Login menu.

There, you’ll want to browse the activity listed to make sure you don’t see anything that doesn’t look like you — logins from other countries, for example. If you’re concerned or just want to play it safe, you can always find the link to “Log Out Of All Sessions” by scrolling toward the bottom of the page.

While we know a little bit more now about Facebook’s biggest security breach to date, there’s still a lot that we don’t. Expect plenty of additional information in the coming days and weeks as Facebook surveys the damage and passes that information along to its users. We’ll do the same.



from Social – TechCrunch https://ift.tt/2Qgv2SG What Instagram users need to know about Facebook’s security breach Taylor Hatmaker https://ift.tt/2OYiyz8
via IFTTT

Facebook is blocking users from posting some stories about its security breach

Some users are reporting that they are unable to post today’s big story about a security breach affecting 50 million Facebook users. The issue appears to only affect particular stories from certain outlets, at this time one story from The Guardian and one from the Associated Press, both reputable press outlets.

When going to share the story to their news feed, some users, including members of the staff here at TechCrunch who were able to replicate the bug, were met with the following error message which prevented them from sharing the story.

According to the message, Facebook is flagging the stories as spam due to how widely they are being shared or as the message puts it, the system’s observation that “a lot of people are posting the same content.”

To be clear, this isn’t one Facebook content moderator sitting behind a screen rejecting the link somewhere or the company conspiring against users spreading damning news. The situation is another example of Facebook’s automated content flagging tools marking legitimate content as illegitimate, in this case calling it spam. Still, it’s strange and difficult to understand why such a bug wouldn’t affect many other stories that regularly go viral on the social platform.

This instance is by no means a first for Facebook. The platform’s automated tools — which operate at unprecedented scale for a social network — are well known for at times censoring legitimate posts and flagging benign content while failing to detect harassment and hate speech. We’ve reached out to Facebook for details about how this kind of thing happens but the company appears to have its hands full with the bigger news of the day.

While the incident is nothing particularly new, it’s an odd quirk — and in this instance quite a bad look given that the bad news affects Facebook itself.



from Social – TechCrunch https://ift.tt/2R5OOBD Facebook is blocking users from posting some stories about its security breach Taylor Hatmaker https://ift.tt/2zD2oWC
via IFTTT

Everything you need to know about Facebook’s data breach affecting 50M users

Facebook is cleaning up after a major security incident exposed the account data of millions of users. What’s already been a rocky year after the Cambridge Analytica scandal, the company is scrambling to regain its users trust after another security incident exposed user data.

Here’s everything you need to know so far.

What happened?

Facebook says at least 50 million users’ data may be at risk after attackers exploited a vulnerability that allowed them access to personal data. The company also preventively secure 40 million additional accounts out of an abundance of caution.

What data were the hackers after?

Facebook CEO Mark Zuckerberg said that the company has not seen any accounts compromised and improperly accessed — although it’s early days and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs to obtain some information, like “name, gender, and hometowns” that’s linked to a user’s profile page.

What data wasn’t taken?

Facebook said that it looks unlikely that private messages were accessed. No credit card information was taken in the breach, Facebook said. Again, that may change as the company’s investigation continues.

What’s an access token? Do I need to change my password?

When you enter your username and password on most sites and apps, including Facebook, your browser or device is set an access tokens. This keeps you logged in, without you having to enter your credentials every time you log in. But the token doesn’t store your password — so there’s no need to change your password.

Is this why Facebook logged me out of my account?

Yes, Facebook says it reset the access tokens of all users affected. That means some 90 million users will have been logged out of their account — either on their phone or computer — in the past day. This also includes users on Facebook Messenger.

When did this attack happen?

The vulnerability was introduced on the site in July 2017, but Facebook didn’t know about it until this month, on September 16, 2018, when it spotted unusual activity. That means the hackers could have had access to user data for a long time, as Facebook is not sure right now when the attack began.

Who would do this?

Facebook doesn’t know who attacked the site, but the FBI is investigating, it says.

However, Facebook has in the past found evidence of Russia’s attempts to meddle in American democracy and influence our elections — but it’s not to say that Russia is behind this new attack. Attribution is incredibly difficult and takes a lot of time and effort. It recently took the FBI more than two years to confirm that North Korea was behind the Sony hack in 2016 — so we might be in for a long wait.

How did the attackers get in? 

Not one, but three bugs led to the data exposure.

In July 2017, Facebook inadvertently introduced three vulnerabilities in its video uploader, said Guy Rosen, Facebook’s vice president of product management, in a call with reporters. When using the “View As” feature to view your profile as someone else, the video uploader would occasionally appear when it shouldn’t display at all. When it appeared, it generated an access token using the person who the profile page was being viewed as. If that token was obtained, an attacker could log into the account of the other person.

Is the problem fixed? 

Facebook says it fixed the vulnerability on September 27, and then began resetting the access tokens of people to protect the security of their accounts.

Will Facebook be fined or punished?

If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

However, that fine can’t be levied until Facebook knows more about the nature of the breach and the risk to users.

Another data breach of this scale – especially coming in the wake of the Cambridge Analytica scandal and other data leaks – has some in Congress calling for the social network to be regulated. Sen. Mark Warner (D-VA) issued a stern reprimand to Facebook over today’s news, and again pushed his proposal for regulating companies holding large data sets as ““information fiduciaries” with additional consequences for improper security.

FTC Commissioner Rohit Chopra also tweeted that “I want answers” regarding the Facebook hack. It’s reasonable to assume that there could be investigators in both the U.S. and Europe to figure out what happened.

Can I check to see if my account was improperly accessed?

You can. Once you log back into your Facebook account, you can go to your account’s security and login page, which lets you see where you’ve logged in. If you had your access tokens revoked and had to log in again, you should see only the devices that you logged back in with.

Should I delete my Facebook account?

That’s up to you! But you may want to take some precautions like changing your password and turning on two-factor authentication, if you haven’t done so already. If you’re weren’t impacted by this, you may want to take the time to delete some of the personal information you’ve shared to Facebook to reduce your risk of exposure in future attacks, if they were to occur.



from Social – TechCrunch https://ift.tt/eA8V8J Everything you need to know about Facebook’s data breach affecting 50M users Sarah Perez https://ift.tt/2xYL508
via IFTTT

Y Combinator is changing up the way it invests

To keep up with the growing sizes of early-stage funding rounds, Y Combinator announced this morning that it will increase the size of its investments to $150,000 for 7 percent equity starting with its winter 2019 batch.

Based in Mountain View, Calif., YC funds and mentors hundreds of startups per year through its 12-week program that culminates in a demo day, where founders pitch their companies to an audience of Silicon Valley’s top investors. Airbnb, Dropbox and Instacart are among its greatest successes.

Since 2014, YC has invested $120,000 for 7 percent equity in its companies. It has increased the size of its investment before — in 2007, a YC “standard deal” was just $20,000 — but the amount of equity the accelerator takes in exchange for the capital has been consistent.

“We thought a $30K increase was necessary to help companies stay focused on building their product without worrying about fundraising too soon,” Y Combinator chief executive officer Michael Seibel wrote in a blog post this morning. “Capital for startups has never been more abundant, and we’ll continue to focus on the things that remain hard to come by — community, simplicity, advice that’s systematic and personal, and above all, a great founder experience.”

Seibel was named CEO in 2016. Co-founder Sam Altman serves as YC’s president.

YC is also changing the way it crafts its investments. It will now invest in startups on a post-money safe basis rather than on a pre-money safe. YC invented the fundraising mechanism, safe, in 2013. A safe, or a simple agreement for future equity, means an investor makes an investment in a company and receives the company stock at a later date — an alternative to a convertible note. A safe is a quicker and simpler way to get early money into a company and the idea was, according to YC, that holders of those safes would be early investors in the startup’s Series A or later priced equity rounds.

In recent years, YC noticed that startups were raising much larger seed rounds than before and those safes were “really better considered as wholly separate financings, rather than ‘bridges’ into later priced rounds.” Founders, in the meantime, were struggling to determine how much they were being diluted.

YC’s latest change, in short, will make it easier for founders to know exactly how much of their company they are selling off and will make capitalization table math, which can be extremely grueling for founders, a whole lot easier.

The pre-money safe has been criticized by founders and investors alike.

Last year, a pair of venture capitalists who’d worked with YC companies, Dolby Family Partners’ Pascal Levensohn and Andrew Krowne, wrote that the safe method was screwing over founders.

“Entrepreneurs who don’t do the capitalization table math end up owning less of their company’s equity than they thought they did. And when an equity round is inevitably priced, entrepreneurs don’t like the founder dilution numbers at all. But they can’t blame the VC, they can’t blame the angels, so that means they can only blame… oops!”

A transition to a post-money safe will eliminate that cap table math headache while still being simple and efficient. The trade-off, YC says, “is that each incremental dollar raised on post-money safes dilutes just the current stockholders, which is often the founders and early employees.” So it’s not perfect, but it’s an improvement.

Recent YC grad Deepak Chhugani, the founder of The Lobby, which announced a $1.2 million investment this week, had a positive response to the changes and said either way, most of the resources provided by YC are priceless to a first-time founder, like himself.

“I think given rising costs in the Bay Area and most startup hubs, the new YC deal is going to be great for founders, regardless of whether they stay in the Bay Area afterward or not,” Chhugani told TechCrunch.

YC is also tweaking its policy around pro-rata follow-ons. You can read about that here.

 



https://ift.tt/eA8V8J Y Combinator is changing up the way it invests https://ift.tt/2Ojkm8C

Facebook hack could hasten regulation as Sen. Warner says Congress must “step up”

Senator Mark Warner has issued a stern reprimand to Facebook over today’s revelation that 50 million users had their access token stolen by a hacker. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users” Warner writes. As I’ve said before – the era of the Wild West in social media is over.”

In July, Warner published an expansive policy paper outlining where he believes regulation is necessary for social media companies. He proposes that companies holding large data sets be regulated as “information fiduciaries” with additional consequences for improper security. He suggests requirements for data portability and interoperability that would allow users to export their personal information and use it elsewhere if they were unsatisfied with their treatment by a social media giant. He also suggests applying similar rules to Europe’s GDPR including a requirement that breaches be disclosed within 72 hours of discovery. Notably, Facebook did disclose this hack within that window.

Facebook’s “View As” tool has been disabled following the hack. It let users see how their profile looked to a certain other user

The breach saw sophisticated hackers combine three Facebook bugs in its video uploader, user profile, and “view as” privacy feature to generate and steal the access tokens that allow users to stay logged into Facebook between sessions. These could be used to take over user accounts and take actions on their behalf. Facebook reset the access tokens of the 50 million users impacted and another 40 million who’d had their accounts viewed through the “view as” tool this year, which means they’ll have to log back into Facebook but won’t need to change their password.

The bugs stem from code pushed back in July, but Facebook only discovered the issue Tuesday afternoon as the hackers tried to scale up the attack to steal more tokens. Facebook patched the issue last night and this morning announced it was investigating, though it currently doesn’t have enough information to determine the source of the attack.. It’s already notifed the FBI, as well as the Irish Data Protection office since the breach has GDPR implications. On a call with reporters, CEO Mark Zuckerberg repeatedly called the problem “serious”. But beyond recounting the steps Facebook is taking to address this breach, he didn’t have a good answer for why users should still trust Facebook with their data.

Always quick to pounce on privacy issues, Warner has become one of the strongeest Democratic critics of the social network. He’s seemingly inherited the position of tech watchdog from former-Senator Al Franken. He’s weighed in on recent social media bias and election interference, Google’s plan to launch censored search in China, White House cybersecurity plans and more. With technology becoming an ever more important and dangerous part of people’s lives, Warner seems to see an opportunity to both protect his constituents and advance his career by demonstrating his expertise and ferocity.

This hack could be by Warner as strong evidence that social media companies like Facebook are not voluntarily doing enough to protect uses’ security and privacy. If regulation around security, portability, and interoperability is enacted, it could cost Facebook money for compliance, slow dow the pace of engineering innovation at the company, and make it more vulnerable to competitors. Right now, it’s tough for users to easily switch to another social network, which insulates Facebook from its PR problems becoming user growth problems. But if ditching Facebook for a competitor becomes simpler, it might force the company to treat its users better.

The Senator Mark Warner’s full statement can be found below:

STATEMENT OF U.S. SEN. MARK R. WARNER

~ On Facebook hack ~ 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the announcement by Facebook that it discovered a security issue affecting almost 50 million accounts:

“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened.

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”

To kick start the debate around social media legislation, Sen. Warner in July released a white paper containing a suite of potential policy proposals for the regulation of social media.



from Social – TechCrunch https://ift.tt/2NOXRZU Facebook hack could hasten regulation as Sen. Warner says Congress must “step up” Josh Constine https://ift.tt/2P3SyC8
via IFTTT

Block.Party raises $10M, will adapt Settlers of Catan to its blockchain game console

Blok.Party, the company the upcoming PlayTable game console, announced today raised $10 million in new funding. It’s also unveiling a big content partnership, where Blok.Party will create its own version of the popular board game Settlers of Catan.

I first wrote about Blok.Party and PlayTable earlier this year, when co-founder and CEO Jimmy Chen first laid out his vision to use blockchain technology to build a console that can recognize real-world objects (like figurines and cards), creating a hybrid between tabletop and video gaming.

The idea may have sounded a little abstract at the time, but it got a lot clearer when Chen dropped by the TechCrunch New York office to play a couple rounds of Catan with me.

I’ll admit that I hadn’t played in a while, but it was clear from the start that PlayTable saved us some setup time — instead of putting all the pieces of the physical board together, you play on a digital representation of the board. Most of the pieces are digitized too, and we used and traded our cards using smartphones. But there is a physical “robber” pieces, because Chen said this allows the robber’s movement to remain “a very visceral experience … that a digital version can’t ever capture.”

It may not be too long before you get to try this out for yourself, at least if you’re among the 100,000 pre-orders Blok.Party has received so far. Chen said the company will start shipping its first devices this fall.

He added that Catan, like many of the other games built for PlayTable, will be priced at around $20.

“For us, it’s not about trying to compete based on price,” Chen said. “We’re trying to compete based on experience.”

The new funding comes from crypto fund JRR Capital and other investors. Chen said the company will use the money to continue scaling the product, including further software development and building out the library of games.

At the same time, he emphasized that although Blok.Party is manufacturing the initial devices, his vision is to achieve real scale through partnerships with hardware manufacturers, who will build their own PlayTable consoles. Apparently, some of those discussions are already underway.

“Our strategy is to always have [our own] hardware program running to continually do research,” Chen said. “What I’ve discovered is that keeping a hardware program running is not that expensive. The expensive part is when you try to scale the program.”



https://ift.tt/eA8V8J Block.Party raises $10M, will adapt Settlers of Catan to its blockchain game console https://ift.tt/2NQVbej

Spotify ends test that required family plan subscribers to share their GPS location

{rss:content:encoded} Spotify ends test that required family plan subscribers to share their GPS location https://ift.tt/2DEZTXG https://ift.tt/2IlNcQd September 28, 2018 at 06:10PM

Spotify has ended a test that required its family plan subscribers to verify their location, or risk losing accessing to its music streaming service. According to recent reports, the company had sent out emails to its “Premium for Family” customers which asked them to confirm their locations using GPS. The idea here is that some customers may have been sharing Family Plans, even though they’re not related, as a means of paying less for Spotify by splitting the plan’s support for multiple users. And Spotify wanted to bust them.

Spiegel Online and Quartz first reported this news on Thursday.

Of course, as these reports pointed out, asking users to confirm a GPS location is a poor means of verification. Families often have members who live or work outside the home – they may live abroad, have divorced or separated parents, have kids in college, they may travel for work, or any other number of reasons.

But technically, these sorts of situations are prohibited by Spotify’s family plan terms – the rules require all members to share a physical address. That rule hadn’t really been as strictly enforced before, so many didn’t realize they had broken it when they added members who don’t live at home.

Customers were also uncomfortable with how Spotify wanted to verify their location – instead of entering a mailing address for the main account, for instance, they were asked for their exact (GPS) location.

The emails also threatened that failure to verify the account this way could cause them to lose access to the service.

Family plans are often abused by those who use them as a loophole for paying full price. For example, a few years ago, Amazon decided to cut down on Prime members sharing their benefits, because they found these were being broadly shared outside immediate families. In its case, it limited sharing to two adults who could both authorize and use the payment cards on file, and allowed them to create other, more limited profiles for the kids.

Spotify could have done something similar. It could have asked Family Plan adult subscribers to re-enter their payment card information to confirm their account, or it could have designated select slots for child members with a different set of privileges to make sharing less appealing.

Maybe it will now reconsider how verification works, given the customer backlash.

We understand the verification emails were only a small-scale test of a new system, not something Spotify is rolling out to all users. The emails were sent out in only four of Spotify’s markets, including the U.S.

And the test only ran for a short time before Spotify shut it down.

Reached for comment, a Spotify spokesperson confirmed this, saying:

“Spotify is currently testing improvements to the user experience of Premium for Family with small user groups in select markets. We are always testing new products and experiences at Spotify, but have no further news to share regarding this particular feature test at this time.”

 

 

 

Thursday, September 27, 2018

Our 3 favorite startups from Urban-X’s 4th demo day

Urban-X, the urban-tech startup accelerator backed by BMW MINI and early-stage urban-tech fund Urban.Us, hosted a demo day today for its fourth cohort of companies at its Brooklyn HQ.  The seven presenting companies offered solutions to issues plaguing modern cities, including toll-road pricing, energy and construction management, and even the inefficiencies of modern cycling helmets.

In a day that offered an impressive display of entrepreneurial talent, here are a few of the companies that really stood out to us:

Rentlogic

In hopes of improving landlord transparency, Rentlogic uses years of city government data to create objective algorithmic letter ratings for apartment buildings.  As CEO Yale Fox pointed out, despite city-dwellers spending half our paychecks on rent, urban housing hasn’t seen the same rating systems that we use to guide decisions on where we eat, what car we buy, or what shows we binge.  Rentlogic allows apartment hunters to screen buildings before signing a lease and avoid committing to unhealthy conditions or an absentee landlord.

Rentlogic partners with landlords looking to obtain a stamp of quality for potential renters, offering an added inspection feature that allows them to hang a letter rating outside their building. The company’s roster of customers already includes Blackstone and Phipps Houses, the largest for-profit and non-profit landlords in the world, respectively.   

What stands out with Rentlogic is its ability to scale. Though currently only in New York City, the same data used in New York presumably exists across all major US markets and Rentlogic has minimized the cost of entering new cities by building out the back-end infrastructure required to ingest and analyze the data.  From a demand perspective, as renters defer to Rentlogic for quality assurance and more competitors hang “A” ratings outside their buildings, landlords will face more pressure to maintain the same offering. 

The idea hit home for a born-and-bred New Yorker with my own set of landlord horror stories, and the first thing I did when I left was look up my building on Rentlogic.

Campsyte

Most companies wish they had mega-campuses or “motherships” where they could offer employees access to sprawling outdoor working areas. For companies based in urban areas, offering outdoor space can be tough, with many parks often privatized, far from city centers, or void of the amenities needed to be productive. 

Campsyte transforms underutilized urban outdoor spaces into productive and fun spaces that customers can book for co-working purposes, corporate off-sites, or events. Similar to WeWork’s approach with buildings, Campsyte takes a parking lot, and adds value by filling it with greenery, furniture, electricity, WiFi, and other services. With its services driving nearly 10x the annual revenue per square foot seen by traditional parking lots, the value proposition for lot owners is convincing.

Given the competition companies are facing when it comes to attracting and retaining talent, providing the same amenities as competitors based outside city centers seems invaluable, with Campsyte boasting an extremely impressive roster of partner companies, including LinkedIn, PayPal, Salesforce, and Airbnb. 

ODN (Open Data Nation)

As anyone who has driven in a city knows, car crashes or accidents can often be caused by the built environment around you. Yet insurers, who focus on personal characteristics like credit scores when underwriting a policy, lack the measurement tools to assess the risk of someone’s external environment.

Founded by an MIT-trained city planner, ODN builds risk models using machine learning and public data records to help insurers evaluate risk and mitigate accidents. The resulting analytics eases the selection process for insurers, allowing them to drive more sales with less cost and risk. ODN is already partnered up with some of the world’s largest insurers including Zurich, Travelers, and Hanover insurance.

The potential use cases for ODN’s technology go far beyond the massive existing insurance market, with the eventual rollout of autonomous cars forcing insurers to ask how they construct policies when human behavior plays no role in accidents. ODN is working with carriers to help answer this question while helping create a more efficient and fair underwriting process today. 

Other members of Urban-X Cohort 4 included:

Avvir:  “Avvir automates quality assurance for the construction industry, providing real-time insights into the progress and potential defects on a project.”

ClearRoad:  “ClearRoad helps government agencies automate toll road pricing for any section of road without the need for traditional proprietary hardware infrastructure.”

Park & Diamond:  “Park & Diamond makes biking better by reinventing the bike helmet, using next-generation materials to build a safer, more portable helmet that can roll up into the shape of a water bottle for easier carrying, while looking like a regular hat, cap, or beanie.”

Sapient Industries:  “Sapient Industries has developed an autonomous energy management system that senses and learns human behavior in order to eliminate wasted energy in buildings.”



https://ift.tt/eA8V8J Our 3 favorite startups from Urban-X’s 4th demo day https://ift.tt/2NIlTWp

Facebook policy head makes a surprising cameo at the Kavanaugh hearing

Facebook might be doing its best to stay out of political scandals in the latter half of 2018, but the company had a presence, front and center, at one of the most contentious Senate hearings in modern history.

Facebook’s Vice President of Global Public Policy at Facebook, Joel Kaplan, was spotted sitting prominently near his wife, Laura Cox Kaplan, in the section for Brett Kavanaugh’s supporters. He is pictured on the left side of the header image, second row, in a blue tie.

For reference, below is an image of Kaplan to the immediate right of Mark Zuckerberg during a Senate Judiciary joint hearing in April of this year.

WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg concludes his testimony before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. (Photo by Win McNamee/Getty Images)

Kaplan has not made any public commentary on Twitter or Facebook about his support for the Supreme Court nominee, though through retweets, Kaplan’s wife appears to be of the mind that the hearing is part of a “smear campaign” against the family friend.

Kaplan is also featured in this viral image, making the rounds on Twitter.

His appearance during the hearing is a show of personal support, though it still turns heads for such a prominent Facebook employee to make a visible statement during such a politically divisive event. Kaplan is not representing Facebook in a formal capacity.

Kaplan served as a policy adviser on George W. Bush’s 2000 election campaign and went on to serve as a policy assistant to the president and as the deputy director of the Office of Management and Budget (OMB) and a deputy chief of staff. Kavanaugh worked for the Bush administration during the same period, joining the former president’s legal team and going on to work on the nomination of Chief Justice John Roberts to the Supreme Court.

Kaplan joined Facebook in 2011 as its VP of U.S. public policy. Kaplan continues to serve in a heavily influential political role with the company today, leading its Washington D.C. office which serves as the company’s lobbying arm.



from Social – TechCrunch https://ift.tt/2IkDQ7q Facebook policy head makes a surprising cameo at the Kavanaugh hearing Taylor Hatmaker https://ift.tt/2QcVxZu
via IFTTT

In-car commerce startup Cargo raises $22 million led by Founders Fund

Cargo, the startup that helps ridesharing drivers earn money by bringing the convenience store into their vehicles, has raised $22 million in a Series A round led by Founders Fund.

Additional investment came from Coatue Management, Aquiline Technology Growth and a number of  high-profile entertainment, gaming and technology executives that include Zynga founder Mark Pincus, Twitch’s former CSO Colin Carrier, media investor Vivi Nevo, former NBA commissioner David Stern, Def Jam Records CEO Paul Rosenberg, Steve Aoki, Maria Shriver and Patrick and Christina Schwarzenegger.

To date, Cargo has raised $30 million in venture funding. As part of this latest round, Founders Fund partner Cyan Banister is joining the board.

Cargo provides qualified ridesharing drivers with free boxes filled with the kinds of goods you might find in a convenience store, including snacks and phone chargers. Riders can use Cargo’s mobile web menu on their smartphones (without downloading an app) to buy what they need. Cargo has previously partnered with Kellogg’s, Starbucks and Mars Wrigley Confectionery — companies looking for ways to market their goods to consumers.

“In just a few years, ridesharing has evolved from a niche service to an indispensable element of our global transportation system,” Banister said in a statement. “Founders Fund is excited to support Cargo in driving the next evolution: a better on-trip experience for riders and new revenue generating opportunities for drivers.” 

The round follows Cargo’s partnership with Uber and an international licensing deal with Grab. The company, which was founded in 2017, has activated more than 12,000 drivers across 10 cities.

Cargo says it will use the capital to scale its business in the U.S. and internationally. It’s also working on new digital services — a development Banister eludes to — that will improve users on-trip experience. The strategic investments from gaming and entertainment executives is designed to help Cargo develop those digital services for riders.

“Our default behavior in an Uber is to shop, play games and listen to music on our phone. Riders have ordered more than two million products and today transact with us every five seconds,” Cargo founder and CEO Jeff Cripe said in a statement. “We brought riders instant commerce, now we’ll help them discover and enjoy games, music, and entertainment on one in-car platform.”

Existing Cargo investors participating in the round include CRCM Ventures, Rosecliff Ventures, Kellogg’s eighteen94 capital, RiverPark Ventures, and former Uber executives including Chief Business Officer Emil Michael, New York City General Manager Josh Mohrer and former West Coast General Manager William Barnes.



https://ift.tt/eA8V8J In-car commerce startup Cargo raises $22 million led by Founders Fund https://ift.tt/2Dzd0tn

Mozilla pushes PayPal to make Venmo transactions private by default

Earlier this year, the FTC settled with PayPal over the company’s handling of privacy disclosures in its peer-to-peer payments app Venmo, but Mozilla doesn’t think the changes Venmo made as a result went far enough. This week, Mozilla says it delivered a petition signed by 25,000 Americans asking Venmo to set transactions shared in its app to private by default, instead of public.

As Mozilla explains, “millions of Venmo users’ spending habits are available for anyone to see. That’s because Venmo transactions are currently public by default — unless users manually update their settings, anyone, anywhere can see whom they’re sending money to, and why.”

Many Venmo users likely feel that it’s not very dangerous to share through Venmo’s feed – a key feature of its popular payments app – that they paid back a friend for part of the dinner, drinks or some concert tickets, for example.

But a Berlin-based researcher, Hang Do Thi Duc, recently studied the risks associated with this sort of over-sharing.

Do Thi Duc analyzed more than 200 million public Venmo transactions made in 2017 by accessing the data through a public API. This allowed her to see the names, dates, and transactions of Venmo users. She found that a lot could actually be gleaned from this data, including users’ drug habits in some cases, as well as their relationships, junk food habits, location, daily routines, personal finances, rent payments, and more.

In other words, while the individual transaction itself may seem harmless, in aggregate these transactions can be very revealing about the person in question.

Mozilla says it, along with Ipsos, also polled 1,009 Americans how they felt about Venmo’s “public by default” nature. 77% said they didn’t think that should be the case, and 92% said they don’t support Venmo’s justifications for making them public. (It thinks sharing is fun, basically.)

Venmo didn’t respond to Mozilla’s petition directly, but tells TechCrunch via a spokesperson that its takes its users’ trust seriously.

“Venmo was designed for sharing experiences with your friends in today’s social world, and the newsfeed has always been a big part of this,” the spokesperson said. “The safety and privacy of Venmo users and their information is always a top priority. Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously,” they added.

The company also pointed out it takes several steps to ensure some level of user protection, including not making sensitive transactions public, never publishing dollar amounts, and allowing users to control the publicity of the item, even after the fact.

As part of the FTC settlement, Venmo also had to make other changes, as well.

The company now has to explain to new and existing users how to limit the visibility of transactions through the use of privacy settings.

We recently saw this in the updated Venmo app, in fact.

Users are walked through a tutorial that spells out how you can change settings to make transactions private by default, or any time you choose.

[gallery ids="1721938,1721939,1721940,1721941"]

Mozilla’s petition comes at a time when PayPal has been weighing whether or not it should change the default in Venmo from public to private, according to a report from Bloomberg last month.

Thanks to large-scale scandals like Cambridge Analytica and others involving user data being overexposed, timed alongside the rollout of new privacy regulations like Europe’s GDPR, many companies are reviewing their data protection policies.

Venmo’s casual over-sharing now feels like a holdover from an earlier, more naive time on the web, and it wouldn’t be surprising if it decided to later adjust the app’s settings to match where consumer sentiment is headed today.



from Social – TechCrunch https://ift.tt/eA8V8J Mozilla pushes PayPal to make Venmo transactions private by default Sarah Perez https://ift.tt/2R2Xdpv
via IFTTT

blogger better Headline Animator