Reddit is raising a huge round near a $3 billion valuation

[ad_1]

Reddit is raising $150 million to $300 million to keep the front page of the Internet running, multiple sources tell TechCrunch. The forthcoming Series D round is said to be led by Chinese tech giant Tencent at a $2.7 billion pre-money valuation. Depending on how much follow-on cash Reddit drums up from Silicon Valley investors and beyond, its post-money valuation could reach an epic $3 billion.

As more people seek esoteric community and off-kilter entertainment online, Reddit continues to grow its link sharing forums. 330 million monthly active users now frequent its 150,000 Subreddits. That warrants the boost to its valuation, which previously reached $1.8 billion when raised $200 million in July 2017. As of then, Reddit’s majority stake was still held by publisher Conde Nast that bought in back in 2006 just a year after the site launched. Reddit had raised $250 million previously, so the new round will push it to $400 million to $550 million in total funding.

It should have been clear that Reddit was on the prowl after a month of pitching its growth to the press and beating its own drum. In December Reddit announced it had reached 1.4 billion video views per month, up a staggering 40 percent from just two months earlier after first launching a native video player in August 2017. And it made a big deal out of starting to sell cost per click ads in addition to promoted posts, cost per impression, and video ads. A 22 percent increase in engagement and 30 percent rise in total view in 2018 pushed it past $100 million in revenue for the year, CNBC reported.

But supporting and moderating all that content isn’t cheap. The company had 350 employees just under a year ago, and is headquartered in pricey San Francisco — though in one if it’s cheaper but troubled neighborhood. Though the exact details of the Series D could fluctuate before it’s formally announced, until Reddit’s newer ad products rev up, it’s still relying on venture capital.

Tencent’s money will give Reddit time to hit its stride. It’s said to be kicking in the first $150 million of the round. The Chinese conglomerate owns all-in-on messaging app WeChat and is the biggest gaming company in the world thanks to ownership of League Of Legends and stakes in Clash Of Clans-maker Supercell and Fortnite developer Epic. But China’s crackdown on gaming addiction has been rough for Tencent’s valuation and Chinese competitor Bytedance’s news reader app Toutiao has grown enormous. Both of those facts make investing in American news board Reddit a savvy diversification, even if Reddit isn’t accessible in China.

Reddit could seek to fill out its round with up to $150 million in additional cash from previous investors like Sequoia, Andreessen Horowitz, Y Combinator, or YC’s president Sam Altman. They could see potential in one of the web’s most unique and internet-native content communities. Reddit is where the real world is hashed out and laughed about by a tech savvy audience that often produces memes that cross over into mainstream culture. And with all those amateur curators toiling away for Internet points, casual users are flocking in for an edgier look at what will be the center of attention tomorrow.

Reddit has recently avoid much of the backlash hitting fellow social site Facebook, despite having to remove 1000 Russian trolls pushing political propaganda. But in the past, the anonymous site has had plenty of problems with racist, mysoginistic, and homophobic content. In 2015 it finally implemented quarantines and shut down some of the most offensive Subreddits. But harassment by users contributed to the departure of CEO Ellen Pao, who was replaced by Steve Huffman, Reddit’s co-founder. Huffman went on to abuse that power, secretly editing some user comments on Reddit to frame them for insulting the heads of their own Subreddits. He escaped the debacle with a slap on the wrist and an apology, claiming “I spent my formative years as a young troll on the Internet.”

Investors will have to hope Huffman has the composure to lead Reddit as it inevitably encounters more scrutiny as its valuation scales up. Its policy choice about what constitutes hate speech and harassment, its own company culture, and its influence on public opinion will all come under the microscope. Reddit has the potential to give a voice to great ideas at a time when flashy visuals rule the web. And as local journalism wanes, the site’s breed of vigilante web sleuths could be more in demand, for better or worse. But that all hinges on Reddit defining clear, consistent, empathetic policy that will help it surf atop the sewage swirling around the internet.

[ad_2]

Source link

Aurora Solar’s computer-generated installation maps pull in a $20M Series A

[ad_1]

Solar installations are becoming a no-brainer for anyone with a roof in much of the country. But getting an estimate on how much it would cost and how much juice it would generate can be complicated and time consuming. Aurora Solar has made an automated process for doing this, and attracted $20 million in funding as a result.

A big part of the uncertainty anyone has about getting solar installed is the upfront cost and return on investment. An on-site visit may cost hundreds, or thousands for a commercial property, or that cost may be rolled up into the overall charge. But why send someone out when all the data you need can be acquired in bulk from the air?

Aurora uses lidar data for this — but not the kind of lidar where you have to fly a drone with the instrument over the house. That would hardly be less expensive and time-consuming than a normal visit. Instead they use lidar collected by small aircraft making low-altitude passes over the city.

The resulting data (you can see it above) produces detailed 3D models of the terrain and all the buildings on it; the exact size and slope of a roof can be determined with high precision. It’s actually similar in a way to how archaeologists used it to map out an ancient Mayan metropolis.

There are some programs and services out there that do virtual site visits, but many just estimate your roof area and orientation by looking at satellite imagery. That’s good for a basic estimate, but Aurora uses multiple sources of data to create a detailed 3D map of your roof, and its proud of its results.

“From the get go, we have been very ambitious about the way we address the problem, probably since we faced same issues our clients face ourselves,” said co-founder Christopher Hopper in an email to TechCrunch. That would have been in 2012, when he and co-founder Samuel Adeyemo experienced significant friction with a solar install in East Africa. The installation itself was a snap, they found, but the planning and design of the system took months.

“Aurora pioneered the concept of ‘remote site visits,’ which enables solar installers to precisely calculate how many solar panels fit on a property, and how much energy they produce without traveling to the site,” Hopper said. “We have a large dataset of LIDAR data pre-loaded in the application that’s accessible to our users. We estimate that that covers about 2/3 of the US population.”

This and other data lets Aurora create a detailed CAD model of the building in just a few minutes, and generate a basic plan for solar cell placement as well that accounts for slope, exposure, and any shade-producing obstacles like chimneys or trees nearby. (Shade reports are usually done in person, and are necessary to receive certain rebates.)

From there users can go straight into the sales and financing process, even including line diagrams for the electrical system you’ll be building. And theoretically it could all take under an hour, which is probably how much time you’d spend on the phone trying to get a local solar installer to come out.

The A round was led by Energize Ventures, whose managing director Amy Francetic will be joining the board, with S28 and seed investor Pear also contributing.

Once nice thing about companies relying on data and automation: they scale well. So Aurora won’t need to buy a thousand new trucks to get its next few thousand customers — it needs to hire engineers, sales and support people, which is exactly what it plans to do.

“We expect to expand all of the functions in our organization,” said Hopper. “We are particularly excited about all of the things we can do on the product side and in customer success. And finally, this funding means that we are here to stay. For companies [i.e. Aurora’s clients] that rely on a software provider for their day-to-day operations this is important factor.”

Adeyemo notes in the press release announcing the funding that “the solar professional” is the “fastest growing occupation in the U.S.” Hopefully making things easier for the customer will keep it that way for a while.

Disclosure: Former TechCruncher Rahul Nihalani now works for Aurora. Rahul’s great, but this does not affect our coverage.

[ad_2]

Source link

Coastal startups don’t have a monopoly on raising big at early-stage

[ad_1]

Early-stage startups throughout much of the U.S. are able to raise larger sums today than any other point in at least a decade, and there are more early-stage rounds than ever, both in North America and globally. (Note: “Early-stage” is defined here as Series A and Series B rounds, plus smaller rounds from several other round types, including equity crowdfunding and convertible notes.)

In analysis published earlier this week, we found that the nationwide average early-stage deal grew more than 20 percent between 2017 and 2018. We quantified that companies on the coasts raise more than their inland counterparts and found some indications that the Midwest lags the rest of the nation.

To find this and more, we aggregated round size data for more than 30,000 early-stage venture rounds struck with U.S.-based companies between the start of 2008 and the end of 2018. We segmented the data by the U.S. Census Bureau’s map of regions and “divisions” (basically, subregions by a different label), took the mean (average) early-stage deal size for each calendar quarter and displayed each region against the national average.

Below, you can see how early-stage rounds around the country compare to the national average. To make it easier to see trends, we display a two-period simple moving average line alongside individual data points.

 

Although the average has certainly crept up, part of that is attributable to a newer trend in companies raising huge sums of money. In the report, we indicated that many of the largest early-stage rounds were raised by companies in the West and Northeast. But startups in these regions don’t hold a monopoly on raising lots of money from venture capitalists.

Here, we wanted to highlight some of the biggest early-stage rounds struck by Midwestern and Southern companies. After all, the coasts tend to dominate the media’s conversation concerning tech. So, here’s some love for the middle of the country, and its biggest deals:

The five biggest early-stage VC rounds raised by Southern startups in 2018 and January 2019

  1. Hailing from Atlanta, Knock, a company aiming to help homeowners streamline the process of trading up for a new house, raised $400 million in Series B funding in a deal announced on January 15, 2019. Crunchbase News covered the transaction, which was led by Foundry Group and was composed of an undisclosed blend of equity and debt.
  2. Viela Bio, based in Gaithersburg, Maryland (which, by the Census Bureau’s definition, is in the South), is a clinical-stage therapeutics company developing novel molecules for treating severe inflammation and autoimmune disorders. The company announced $282.2 million in Series A venture funding in February 2018. Viela Bio was spun out of biopharmaceutical conglomerate AstraZeneca.
  3. Another company entering the home-flipping market is Austin-based Bungalo, which announced $250 million in Series A funding back in September 2018. Austin-based financial services company Amherst Holdings and its real estate investment subsidiary were the sole sources of capital on the deal.
  4. Another Atlanta company, Bakkt, raised $182.5 million in a Series A round announced on December 31, 2018. A number of blockchain-focused investors participated in the round, alongside Microsoft’s early-stage VC arm M12 and the Boston Consulting Group.
  5. Crunchbase News broke the story of Raleigh, NC-based gene editing company Precision BioSciences’s $110 million Series B round based on an SEC filing spotted back in June 2018. The company formally announced the round several weeks after the initial filing. The round was led by ArrowMark Partners, which was joined by nearly two dozen other new and prior investors that participated in the round.

The five biggest early-stage VC rounds raised by Midwestern startups in 2018 and January 2019

  1. Bind, a Minneapolis-based “on-demand” health insurance company, raised $60 million in a Series A round in February 2018. The company offers a core plan to cover the basics, plus the option to purchase coverage for, say, a surgery, only when that coverage is needed.
  2. Sollis Therapeutics, based in Columbus, Ohio, is developing non-opioid pain treatments. The pharmaceutical company raised $50 million in a Series A round announced in April 2018. Opioid overdoses killed 200 Americans per day in 2017. With nearly 33 deaths for every 100,000 people, Ohio is one of the states worst-affected by the surge in opioid abuse.
  3. Detroit-based sneaker and streetwear marketplace company StockX copped $44 million in Series B funding back in September 2018. Battery Ventures and GV co-led the round.
  4. Clearcover, a Chicago-based auto insurance marketplace platform, raised $43 million in a Series B round. Crunchbase News covered the transaction, which was led by Cox Enterprises. Local firm Lightbank and angel ring Hyde Park Angels participated in the round.
  5. TradingView, also based in Chicago, raised $37 million in Series B funding announced in May 2018. The company builds data analysis and social networking tools for financial market participants.

It’s true that the Bay Area is responsible for a huge chunk of the supergiant venture market, but it by no means accounts for all of it. The above should lay to rest the idea that there’s no tech in between EWR and SFO.

[ad_2]

Source link

Startups Weekly: Even Gwyneth Paltrow had a hard time raising VC

[ad_1]

I spent the week in Malibu attending Upfront Ventures’ annual Upfront Summit, which brings together the likes of Hollywood, Silicon Valley and Washington, DC’s elite for a two-day networking session of sorts. Cameron Diaz was there for some reason, and Natalie Portman made an appearance. Stacey Abrams had a powerful Q&A session with Lisa Borders, the president and CEO of Time’s Up. Of course, Gwyneth Paltrow was there to talk up Goop, her venture-funded commerce and content engine.

“I had no idea what I was getting into but I am so fulfilled and on fire from this job,” Paltrow said onstage at the summit… “It’s a very different life than I used to have but I feel very lucky that I made this leap.” Speaking with Frederic Court, the founder of Felix Capital, Paltrow shed light on her fundraising process.

“When I set out to raise my Series A, it was very difficult,” she said. “It’s great to be Gwyneth Paltrow when you’re raising money because people take the meeting, but then you get a lot more rejections than you would if they didn’t want to take a selfie … People, understandably, were dubious about [this business]. It becomes easier when you have a thriving business and your unit economics looks good.”

In other news…

1. Joseph Gordon-Levitt is an entrepreneur, too

The actor stopped by the summit to promote his startup, HitRecord . I talked to him about his $6.4 million round and grand plans for the artist-collaboration platform.

  1. Deals of the week

Backed by GV, Sequoia, Floodgate and more, Clover Health confirmed to TechCrunch this week that it’s brought in another round of capital led by Greenoaks. The $500 million round is a vote of confidence for the business, which has experienced its fair share of well-publicized hiccups. More on that here. Plus, Clutter, the startup that provides on-demand moving and storage services, is raising at least $200 million from SoftBank, sources tell TechCrunch. The round is a big deal for the LA tech ecosystem, which, aside from Snap and Bird, has birthed few venture-backed unicorns.

  1. The Pinterest IPO is really, actually happening

Pinterest, the nine-year-old visual search engine, has hired Goldman Sachs and JPMorgan Chase as lead underwriters for an IPO that’s planned for later this year. With $700 million in 2018 revenue, the company has raised some $1.5 billion at a $12 billion valuation from Goldman Sachs Investment Partners, Valiant Capital Partners, Wellington Management, Andreessen Horowitz, Bessemer Venture Partners and more.

  1. Fundraising efforts

Kleiner Perkins went “back to the future” this week with the announcement of a $600 million fund. The firm’s 18th fund, it will invest at the seed, Series A and Series B stages. TCV, a backer of Peloton and Airbnb, closed a whopping $3 billion vehicle to invest in consumer internet, IT infrastructure and services startups. Partech has doubled its Africa VC fund to $143 million and opened a Nairobi office to complement its Dakar practice. And Sapphire Ventures has set aside $115 million for sports and entertainment bets.

  1. Sam Altman has a new idea

The co-founder of Y Combinator will throw a sort of annual weekend getaway for nerds in picturesque Boulder, Colo. Called the YC 120, it will bring toget her 120 people for a couple of days in April to create connections. Read TechCrunch’s Connie Loizos’ interview with Altman here.

  1. Hims gets unicorn status

Consumer wellness business Hims has raised $100 million in an ongoing round at a $1 billion pre-money valuation. A growth-stage investor has led the round, with participation from existing investors (which include Forerunner Ventures, Founders Fund, Redpoint Ventures, SV Angel, 8VC and Maverick Capital) . Our sources declined to name the lead investor but said it was a “super big fund” that isn’t SoftBank and that hasn’t previously invested in Hims.

  1. a16z bets on VR — again

Five years after Andreessen Horowitz backed Oculus, it’s leading a $68 million Series A funding in Sandbox VR. TechCrunch’s Lucas Matney talked to a16z’s Andrew Chen and Floodgate’s Mike Maples about what sets Sandbox apart.

Here’s your weekly reminder to send me tips, suggestions and more to kate.clark@techcrunch.com or @KateClarkTweets

  1. More startup cash:

  1. An update on the Munchery fiasco

In a new class-action lawsuit, a former Munchery facilities worker is claiming the startup owes him and 250 other employees 60 days’ wages. On top of that, another former employee says the CEO, James Beriker, was largely absent and is to blame for Munchery’s downfall. If you haven’t been keeping up on Munchery’s abrupt shutdown, here’s some good background.

  1. Scooter consolidation

Consolidation in the micromobility space has arrived — in Brazil, at least. Not long after Y Combinator-backed Grin merged its electric scooter business with Brazil-based Ride, it’s completing another merger, this time with Yellow, the bike-share startup based in Brazil that has also expressed its ambitions to get into electric scooters.

  1. Listen to me talk

If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase editor-in-chief Alex Wilhelm, TechCrunch’s Silicon Valley editor Connie Loizos and Jeff Clavier of Uncork Capital chat about $100 million rounds, Stripe’s mega valuation and Pinterest’s highly anticipated IPO.



[ad_2]

Source link

This light-powered 3D printer materializes objects all at once

[ad_1]

3D printing has changed the way people approach hardware design, but most printers share a basic limitation: they essentially build objects layer by layer, generally from the bottom up. This new system from UC Berkeley, however, builds them all at once more or less by projecting a video through a jar of light-sensitive resin.

The device, which its creators call the replicator (but shouldn’t, because that’s a Makerbot trademark), is mechanically quite simple. It’s hard to explain it better than Berkeley’s Hayden Taylor, who led the research:

Basically, you’ve got an off-the-shelf video projector, which I literally brought in from home, and then you plug it into a laptop and use it to project a series of computed images, while a motor turns a cylinder that has a 3D-printing resin in it.

Obviously there are a lot of subtleties to it — how you formulate the resin, and, above all, how you compute the images that are going to be projected, but the barrier to creating a very simple version of this tool is not that high.

Using light to print isn’t new — many devices out there use lasers or other forms of emitted light to cause material to harden in desired patterns. But they still do things one thin layer at a time. Researchers did demonstrate a “holographic” printing method a bit like this using intersecting beams of light, but it’s much more complex. (In fact Berkeley worked with Lawrence Livermore on this project.)

In Taylor’s device, the object to be recreated is scanned first in such a way that it can be divided into slices, a bit like a CT scanner — which is in fact the technology that sparked the team’s imagination in the first place.

By projecting light into the resin as it revolves, the material for the entire object is resolved more or less at once, or at least over a series of brief revolutions rather then hundreds or thousands of individual drawing movements.

This has a number of benefits besides speed. Objects come out smooth — if a bit crude in this prototype stage — and they can have features and cavities that other 3D printers struggle to create. The resin can even cure around an existing object, as they demonstrate by manifesting a handle around a screwdriver shaft.

Naturally different materials and colors can be swapped in, and the uncured resin is totally reusable. It’ll be some time before it can be used at scale or at the level of precision traditional printers now achieve, but the advantages are compelling enough that it will almost certainly be pursued in parallel with other techniques.

The paper describing the new technique was published this week in the journal Science.

[ad_2]

Source link

Twitter bug makes it look like random retweets are appearing in your timeline

[ad_1]

A number of Twitter users have been complaining that tweets that were retweeted by people they don’t follow are now showing in their timeline. The issue, thankfully, is not related to a new Twitter algorithm or recommendation system, as some had feared. Instead, the company confirmed that a bug affecting Android users was mislabeling the “social proof” tag on Retweets.

This is the part of the Retweet that tells you who, among the people you already do follow, had retweeted the post in question.

The company says that the social proof label is wrong, so the Android users were seeing tweets that looked like they had been retweeted by someone they don’t know.

Above: some example complaints

Twitter says the Retweets that showed up were actually tweeted by someone the people did knew, but their social proof label was wrong which made them seem out of place. Its engineers are aware of the problem and working to fix this now. The bug has been live for a few days, Twitter also confirmed.

The company’s @TwitterSupport account had not yet replied to those asking about this problem, which may have led to some user confusion.

After all, Twitter has been known to put what some consider extraneous information in the timeline – like posts that show you when many people you follow have now all followed another Twitter user, or posts that tell you that several people have shared the same link, for example. But even in those cases, that was in-network activity – not something like putting random retweets in your main feed.

Until the bug is fixed, Twitter users who don’t like the content of the seemingly random retweets can tap on the down arrow on the right side of the tweet to tell Twitter it wants to see less content like this.

 



[ad_2]

Source link

The Super Bowl gets voice-enabled

[ad_1]

Amazon, Dish, Comcast and others are hoping to turn Super Bowl 2019 into a way to show off the potential for their voice technologies and TV integrations. The companies this week have been touting new features and a variety of voice commands that will allow viewers to get prepared for the big game, learn about players and teams, tune into NFL news and highlights, set their recordings, and more.

In some cases, this may be as simple as asking your TV to tune to the Super Bowl, record the event, or get more information about the game, as is the case with Dish. Customers can press the button on their Dish voice remote, then say “Super Bowl” or “Super Bowl 53” to watch, find information or record the game, the company says.

Comcast and Amazon are taking things further, however.

Comcast’s Xfinity X1 customers can now use their voice remote to get the latest stats, get pre-game news and post-game highlights, or even turn on an app that tracks real-time stats on the screen during the big game.

For example, X1 customers can say “Tom Brady vs. Jared Goff,” “The Patriots vs. the Rams,” “Show me Julian Edelman,” “Show me Rams leaders,” and other sorts of commands to get stats on teams or to learn about the players. They can also say “Super Bowl” or “NFL” to be taken to news and highlights, or say “X1 Sports app” to launch the stat-tracking feature on their TV screen.

Smart home users with Xfinity Home can even turn their lighting to their favorite team’s colors by saying”Xfinity Home, go Patriots!” or “go Rams!,” as desired.

Alexa’s Super Bowl feature set, is more robust, offering the ability to ask for trivia and quizzes, background on the players and teams, stats, jokes and burns, track the odds, get historical data, and more.

These sorts of questions can range from the basic – like, “where is the Super Bowl this year?” – to the more complex, like “what is the Patriots yards per carry this season?” or “how many times has Tom Brady been to the Super Bowl?”

You can also ask Alexa for a Super Bowl quiz, fact, or past game recaps, in addition to more informational questions. Alexa can give you football jokes and “burns,” too.

What was surprising was that some of the stat-related questions Alexa could answer herself weren’t answered on Google Home, when asked the same way – for example, the above years per carry question, and number of Super Bowls that Tom Brady has seen.

Both Alexa and Google Assistant will give you their own opinion on who they want to win, however. Google says it’s cheering for the underdog, the Rams. Alexa says as much as she wants to cheer for the Rams, she thinks the Patriots will win.

 

[ad_2]

Source link

Everything you need to know about Facebook, Google’s app scandal

[ad_1]

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a day of downtime at the two tech giants.

Confused about what happened? Here’s everything you need to know.

How did all this start, and what happened?

On Monday, we revealed that Facebook was misusing an Apple-issued certificate that is only meant for companies to use to distribute internal, employee-only apps without having to go through the Apple App Store. But the social media giant used that certificate to sign an app that Facebook distributed outside the company, violating Apple’s rules.

The app, known simply as “Research,” allowed Facebook access to all the data flowing out of the device it was installed on. Facebook paid users — including teenagers — $20 per month to install the app. But it wasn’t clear exactly what kind of data was being vacuumed up, or for what reason.

It turns out that the app was a repackaged app that was effectively banned from Apple’s App Store last year for collecting too much data on users.

Apple was angry that Facebook was misusing its special-issue certificates to push an app it already banned, and revoked it — rendering the app useless. But Facebook was using that same certificate to sign its other employee-only apps, effectively knocking them offline until Apple re-issued the certificate.

Then, it turned out Google was doing almost exactly the same thing with its Screenwise app, and Apple’s ban-hammer fell again.

What’s the controversy over these certificates and what can they do?

If you want to develop Apple apps, you have to abide by its rules.

A key rule is that Apple doesn’t allow app developers to bypass the App Store, where every app is vetted to ensure it’s as secure as it can be. It does, however, grant exceptions for enterprise developers, such as to companies that want to build apps that are only used internally by employees. Facebook and Google in this case signed up to be enterprise developers and agreed to Apple’s developer terms.

Apple granted each a certificate that grants permission to distribute apps they develop internally — including pre-release versions of the apps they make, for testing purposes. But these certificates aren’t allowed to be used for ordinary consumers, as they have to download apps through the App Store.

Why is “root” certificate access a big deal?

Because Facebook’s Research and Google’s Screenwise apps were distributed outside of Apple’s App Store, it required users to manually install the app — known as sideloading. That requires users to go through a convoluted few steps of downloading the app itself, and opening and installing either Facebook or Google’s certificate.

Both apps then required users to open another certificate — known as a VPN configuration profile — allowing all of the data flowing out of that user’s phone to funnel down a special tunnel that directs it all to either Facebook or Google, depending on the app you installed.

This is where Facebook and Google’s cases differ.

Google’s app collected data and sent it off to Google for research purposes, but couldn’t access encrypted data — such as iMessages, or other end-to-end encrypted content.

Facebook, however, went far further. Its users were asked to go through an additional step to trust the certificate at the “root” level of the phone. Trusting this “root certificate” allowed Facebook to look at all of the encrypted traffic flowing out of the device — essentially what we call a “man-in-the-middle” attack. That allowed Facebook to sift through your messages, your emails, and any other bit of data that leaves your phone. Only apps that use certificate pinning — which reject any certificate that isn’t its own — were protected.

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone. (Image: supplied)

Google’s app might not have been able to look at encrypted traffic, but the company still flouted the rules and got its certificate revoked anyway.

What data did Facebook have access to on iOS?

It’s hard to know for sure, but it definitely had access to more data than Google.

Facebook said its app was to help it “understand how people use their mobile devices.” In reality, at root traffic level, Facebook could have accessed any kind of data that left your phone.

Will Strafach, a security expert who we spoke to for our story, said: “If Facebook makes full use of the level of access they are given by asking users to install the certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”

Remember: this isn’t “root” access to your phone, like jailbreaking, but root access to the network traffic.

How does this compare to the technical ways other market research programs work?

In fairness, these aren’t market research apps unique to Facebook or Google. Several other companies, like Nielsen and comScore, run similar programs, but neither ask users to install a VPN or provide root access to the network.

In any case, Facebook already has a lot of your data — as does Google. Even if the companies only wanted to look at your data in aggregate with other people, it can still hone in on who you talk to, when, for how long, and in some cases what about. It might not have been such an explosive scandal had Facebook not spent the last year cleaning up after several security and privacy breaches.

Can they capture the data of people the phone owner interacts with?

In both cases, yes. In Google’s case, any unencrypted data that involves another person’s data could have been collected. In Facebook’s case, it goes far further — any data of yours that interacts with another person, such as an email or a message, could have been collected by Facebook’s app.

How many people did this affect?

It’s hard to know for sure. Neither Google nor Facebook have said how many users they have. Between them, it’s believed to be in the thousands. As for the employees affected by the app outages, Facebook has more than 35,000 employees and Google has more than 94,000 employees.

Why did internal apps at Facebook and Google break after Apple revoked the certificates?

You might own your Apple device, but Apple still gets to control what goes on it.

After Facebook was caught out, Apple said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” That meant any app that relied on the certificate — including inside the company — would fail to load. That’s not just pre-release builds of Facebook, Instagram and WhatsApp that staff were working on, but reportedly the company’s travel and collaboration apps were down. In Google’s case, even its catering and lunch menu apps were down.

Facebook’s internal apps were down for about a day, while Google’s internal apps were down for a few hours. None of Facebook or Google’s consumer services were affected, however.

How are people viewing Apple in all this?

Nobody seems thrilled with Facebook or Google at the moment, but not many are happy with Apple, either. Even though Apple sells hardware and doesn’t use your data to profile you or serve you ads — like Facebook and Google do — some are uncomfortable with how much power Apple has over the customers — and enterprises — that use its devices.

In revoking Facebook and Google’s enterprise certificates and causing downtime, it has a knock-on effect internally.

Is this legal in the U.S.? What about in Europe with GDPR?

Well, it’s not illegal — at least in the U.S. Facebook says it gained consent from its users. The company even said its teenage users must obtain parental consent, even though it was easily skippable and no verification checks were made. It wasn’t even explicitly clear that the children who “consented” really understood how much privacy they were really handing over.

That could lead to major regulatory headaches down the line. “If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime,” wrote TechCrunch’s Natasha Lomas.

Who else have been misusing certificates?

Don’t think that Facebook and Google are alone in this. It turns out that a lot of companies might be flouting the rules, too.

According to many finding companies on social media, Sonos uses enterprise certificates for its beta program, as does finance app Binance, as well as DoorDash for its fleet of contractors. It’s not known if Apple will also revoke their certificates.

What next?

It’s anybody’s guess, but don’t expect this situation to die down any time soon.

Facebook may face repercussions with Europe, as well as at home. Two U.S. senators, Mark Warner and Richard Blumenthal, have already called for action, accusing Facebook of “wiretapping teens.” The Federal Trade Commission may also investigate, if Blumenthal gets his way.



[ad_2]

Source link

Let’s save the bees with machine learning

[ad_1]

Machine learning and all its related forms of “AI” are being used to work on just about every problem under the sun, but even so, stemming the alarming decline of the bee population still seems out of left field. In fact it’s a great application for the technology and may help both bees and beekeepers keep hives healthy.

The latest threat to our precious honeybees is the varroa mite, a parasite that infests hives and sucks the blood from both bees and their young. While it rarely kills a bee outright, it can weaken it and cause young to be born similarly weak or deformed. Over time this can lead to colony collapse.

The worst part is that unless you’re looking closely, you might not even see the mites — being mites, they’re tiny: a millimeter or so across. So infestations often go on for some time without being discovered.

Beekeepers, caring folk at heart obviously, want to avoid this. But the solution has been to put a flat surface beneath a hive and pull it out every few days, inspecting all the waste, dirt, and other hive junk for the tiny bodies of the mites. It’s painstaking and time-consuming work, and of course if you miss a few, you might think the infestation is getting better instead of worse.

Machine learning to the rescue!

As I’ve had occasion to mention about a billion times before this, one of the things machine learning models are really good at is sorting through noisy data, like a surface covered in random tiny shapes, and finding targets, like the shape of a dead varroa mite.

Students at the École Polytechnique Fédérale de Lausanne in Switzerland created an image recognition agent called ApiZoom trained on images of mites that can sort through a photo and identify any visible mite bodies in seconds. All the beekeeper needs to do is take a regular smartphone photo and upload it to the EPFL system.

The project started back in 2017, and since then the model has been trained with tens of thousands of images and achieved a success rate of detection of about 90 percent, which the project’s Alain Bugnon told me is about at parity with humans. The plan now is to distribute the app as widely as possible.

“We envisage two phases: a web solution, then a smartphone solution. These two solutions allow to estimate the rate of infestation of a hive, but if the application is used on a large scale, of a region,” Bugnon said. “By collecting automatic and comprehensive data, it is not impossible to make new findings about a region or atypical practices of a beekeeper, and also possible mutations of the Varroa mites.”

That kind of systematic data collection would be a major help for coordinating infestation response at a national level. ApiZoom is being spun out as a separate company by Bugnon; hopefully this will help get the software to beekeepers as soon as possible. The bees will thank them later.

[ad_2]

Source link

Daily Crunch: Facebook fallout continues

[ad_1]

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here:

1. We dismantle Facebook’s memo defending its ‘Research’

The fallout continues following TechCrunch reporting about a Facebook app that was paying people to collect a huge swath of data from their phones. For one thing, a new memo from Facebook’s VP of production engineering and security provides more detail about exactly what data Facebook was trying to collect from teens and adults in the U.S. and India.

We also learned that like Facebook, Google was using Apple enterprise certificates to circulate a consumer-facing data collection app — leading Apple to shut down, then restore access to Google’s internal iOS apps.

2. Amazon and Flipkart pull 100,000s of products to comply with new Indian law

Amazon has been forced to pull an estimated 400,000 products in India after new regulation limiting e-commerce businesses went into force in the country. And Flipkart could pull as many as one-quarter of its products in order to comply with the rule, according to analysis from consulting firm Technopak.

3. Apple fixes FaceTime eavesdrop bug, with software update incoming

“We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week,” the company said.

4. H-1B changes will simplify application process

Danny Crichton does some table-napkin math to conclude that the changes will likely benefit advanced degree holders, while diminishing the chances for regular applicants.

5. Kleiner Perkins gets back to early-stage with its $600M 18th fund

The firm, which was recently rocked by the departure of legendary investor Mary Meeker, says it’s going “back to the future” with a focus on early-stage deals.

6. Amazon reports better than expected Q4, but lowers Q1 guidance

The online retail giant reported $72.4 billion in Q4 revenue, topping last year’s $60.45 billion and besting the analysts’ forecast of $71.92 billion. Amazon Web Services also played a key role, with a massive $2.2 billion operating income.

7. Vice Media will lay off 10 percent of its staff

Vice is the latest digital media company to announce major cuts. The goal is to allow Vice to focus on growth areas like branded content and film and TV production.

[ad_2]

Source link