AWS and Microsoft reap most of the benefits of expanding cloud market

While it appears that overall economic activity could be slowing down, one area that continues to soar is the cloud business. Just this week, Amazon and Microsoft reported their cloud numbers as part of their overall earnings reports.

While Microsoft’s cloud growth was flat from the previous quarter, it still grew a healthy 76 percent to $9.4 billion or a $37.6 billion run rate. Meanwhile AWS, Amazon’s cloud division, grew 46 percent to $7.4 billion or a $29.6 billion run rate. That’s up from $5.11 billion from a year ago. As always, it’s important to remember that it isn’t necessarily an apples to apples comparison as each company counts what they call cloud revenue a little differently, but it gives you a sense of where this market is going.

Both businesses also face the law of large numbers in terms of growth, that is, the bigger you get, the harder it is to keep growing at a substantial rate. The two companies are doing quite well though considering how mature their offerings are.

Last year Synergy Research reported the overall cloud market worldwide grew 32 percent to $250 billion. In Synergy’s last report on cloud market share in October, it had Amazon well in the lead with around 35 percent and Microsoft around 15 percent. A Canalys report from the same time period had AWS with 32 percent and Microsoft with 17 percent, so close you could call it a tie for statistical purposes.

Alibaba, which just reported earnings was up 84 percent. IBM, which bought Red Hat for $34 billion last year, hoping to grab a bigger piece of the hybrid cloud market, reported cloud revenue was up only 12 percent for 2018 in its earnings report last week, which seem pretty paltry compared to the rest of the market. It’s worth noting that the Red Hat sale won’t close until later this year. Google will be reporting at the beginning of next week, but has not been breaking out cloud revenue recently. It will be interesting to see if that changes.

Most experts agree that we are just beginning to scratch the surface of cloud adoption and that the vast majority of workloads are still locked in private data centers around the world. That means even if there is a broader economic downturn in the future, the cloud could be somewhat insulated because companies are already in process of moving parts of their businesses to the cloud.

As these companies grow, it requires increasing numbers of data centers to deal with all this new business, and a Canalys report found that Microsoft and Amazon have been busy in this regard. Amazon currently has 60 cloud locations worldwide with another 12 under construction. Canalys reports that the company’s CapEx spending (which includes non-data center spend) reached $26 billion, up a modest 7 percent. Meanwhile Microsoft, which is chasing AWS, had much more aggressive infrastructure spending with expenditures up 64 percent to $14 billion.

You can expect that unless something drastic happens, the market pie will continue to expand, but the numbers probably won’t change dramatically as these two market leaders have hardened their market positions and it will become increasingly difficult for competitors to catch them.

H1-B changes will simplify application process

The federal government yesterday published the final rule for changes to the H1-B visa program, which is one of the primary conduits for technical talent to come and work in the United States.

There are two key changes coming with the rule. First, the government will require applicants for an H1-B visa to electronically register with the immigration office for the H1-B lottery before they submit their applications or documentation.

Due to hard caps imposed by Congress on the number of workers who can be admitted under the program, tens of thousands of people apply for a visa who ultimately do not attain it. Under the current process, applicants must submit their entire applications including supporting documentation in order to apply for a lottery run by USCIS, the immigration authority.

Last year, roughly 190,000 applicants applied for 85,000 total slots. That means 105,000 people put together complete applications but lost out on the lottery.

Under the new rule that will be in force for this year’s H1-B process, applicants will first register with USCIS electronically, which will process the lottery. If selected in the lottery, an applicant would then be invited to submit their application and supporting materials. The idea is that you only have to do all the work of applying when there is an actual slot available.

The change is likely to cut into the revenue of immigration attorneys, who today prepare full applications for all applicants. A typical H1-B visa application retainer for an attorney today in Silicon Valley runs in the low thousands of dollars each, with companies picking up the tab. I am sure attorneys will still recommend doing some prep work, but the new rules should cut costs for employers.

The second change of the final rule has to do with how the lottery is conducted. Be very careful here, as the changes are somewhat subtle and there is a lot of malarkey being written across the internet about it.

Under the H1-B program, there are two pools of applicants: let’s call them the regular pool and the advanced degree holders pool. There is a cap of 65,000 for the regular pool, and 20,000 for the advanced degree pool, which is limited to applicants holding a master’s degree or better.

In today’s process, advanced degree applicants first go through the lottery of the advanced degree pool, and if they fail, they get added to the regular pool for the second lottery. In the new process just confirmed by USCIS, that process is inverted: the regular pool lottery will be run first with all applicants, and then the advanced degree pool will happen second with advanced degree applicants who failed in the first lottery.

What does that mean for applicants? Well, we have to do a bit of table napkin probability math to understand* (feel free to skip ahead if you just want the answer).

Using last year’s numbers there were 95,885 advanced degree applicants for 20,000 spots, so a roughly 20.85% chance of receiving a visa. That means 75,885 advanced degree applicants who lost out were then added to the regular pool of 94,213 applicants. That’s 170,098 applicants for 65,000 visas, or roughly a 38.21% chance of getting a visa. Across the two lotteries then, advanced degree holders statistically would have gotten 20,000 visas from the first lottery, and then 38.21% of 75,885 or 28,998 visas from the regular pool lottery. So an advanced degree holder had a 51.1% of getting an H1-B visa, compared to 38.21% for regular pool applicants.

That’s the old probabilities, so let’s see how reversing the sequence of lotteries change the probabilities. Now, 95,885 advanced degree holders join 94,213 regular applicants for 65,000 spots, for a success rate of 34.19%. That means 32,786 advanced degree holders will be successful in the regular pool. From there, the 63,099 advanced degree applicants who were not successful would get to go through the advanced degree lottery of 20,000 spots, a probability rate of 31.70%. Combined then, you have 20,000 + 32,786 = 52,786 successful advanced degree holders out of 95,885, for a combined statistical success rate of 55.05%.

Net-net, the changes in the lottery sequence mean that advanced degree holders would been successful 55.05% of the time last year, compared with 51.1% under the previous system. For regular applicants, the success rate declines from 38.21% to 31.70%.

So to be accurate in language, I would say that USCIS is (from a statistical point of view) “placing an additional emphasis” on advanced degree holders. It’s a meaningful adjustment if you are applying of course, but ultimately nothing has changed since immigration priorities are written into the law and the executive branch doesn’t have much flexibility to change these systems.

(*One side note: that probability math is “rough” because the H1-B program has a variety of small preferences and set asides that make the probability math unique for each person. Citizens of Chile and Singapore get special treatment, and if you apply to work in Guam and a few other territories, you also have your own special process).

Talking about borders: Huawei and smartphone privacy

The Huawei logo is seen in the center of Warsaw, Poland

(Photo by Jaap Arriens/NurPhoto via Getty Images)

The U.S., like many countries around the world, doesn’t provide a lot of privacy rights at the border. The country can scan the electronic devices of any traveler, and save files and other data in those sweeps, and such tactics are increasingly common much to the chagrin of privacy advocates like the ACLU.

But there is a benefit of these sweeps when it comes to closing in on an international investigation. The U.S. Department of Justice charged Huawei’s CFO Meng Wanzhou with a variety of crimes including bank fraud and wire fraud this week in connection with Huawei’s alleged breach of U.S. sanctions on Iran.

From the indictment, some of the key evidence for the case comes from a sweep of Meng’s smartphone while she passed through JFK Airport, where border officials captured Huawei’s talking points about the Iran / Skycom situation. From the indictment, “When she entered the United States, MENG was carrying an electronic device that contained a file in unallocated space—indicating that the file may have been deleted […]”

As with debates over end-to-end encryption, there are complexities to the level of privacy that should be offered at national borders. While the general right to privacy should be protected, law enforcement should also have the tools it needs to stop crimes within a proper due process system.

Talking about borders: Brexit and manufacturing scale

(Photo by Dan Kitwood/Getty Images)

I talked about manufacturing scale yesterday in the context of Foxconn’s multiple shutdowns of its factories in Wisconsin and Guangzhou this week. Apple isn’t the only one failing to find a screw these days — now the entirety of Britain’s industrial base is worried about finding components.

Bloomberg noted that British “Companies’ inventory holdings grew in January at the quickest rate in the 27-year history of IHS Markit’s survey, the group said in a report Friday.” Companies are stockpiling everything from screws and parts to medications as the risk of a no-deal Brexit increases after Parliament has repeatedly struck down plans for Britain’s withdrawal from the European Union.

Stockpile as much as you want, but China’s success over the past three decades since reform and opening up has been making its borders, customs, and ports some of the most efficient in the world. If Britain wants to compete, it needs to do the same.

TechCrunch is experimenting with new content forms. This is a rough draft of something new – provide your feedback directly to the author (Danny at danny@techcrunch.com) if you like or hate something here.

Share your feedback on your startup’s attorney

My colleague Eric Eldon and I are reaching out to startup founders and execs about their experiences with their attorneys. Our goal is to identify the leading lights of the industry and help spark discussions around best practices. If you have an attorney you thought did a fantastic job for your startup, let us know using this short Google Forms survey and also spread the word. We will share the results and more in the coming weeks.

What’s Next

  • More work on societal resilience
  • I’m reading a Korean novel called The Human Jungle by Cho Chongnae that places a multi-national cast of characters in China’s economy. It’s been a great read a quarter of the way in.

Carbon is 3D printing custom football helmet liners for Riddell

Just in time to ride the last of the pre-Super Bowl buzz, Carbon today announced that it’s teaming up with sports equipment giant Riddell to 3D print customized football helmet padding.

Referred to as “Diamond technology,” the collaboration creates lattice design pads of resin that are custom built to a player’s dimensions and position. Carbon says the pads were created by analyzing data from more than five million on-field collisions collected by Riddell smart helmets.

“We scan heads, and then you’ve got the shell of the helmet,” Carbon co-founder and CEO Joseph DeSimone told TechCrunch. “The gap between the head and the shell is now customized. That space is now custom to everybody, and we fill that space with a lattice that controls the impact of the sport. It allows you to get really great performance as you control the impact that the players see.”

The technology arrives as the health impacts of football are receiving stronger scrutiny. The repetitive nature of football hits has been tied to a number of unfortunate side effects, including, notably, CTE. A recent study found that the dementia-causing condition was found in 110 out of 111 brains of autopsied football players. 

“As someone who’s spent thousands of hours watching film, I know that no two players play the same way,” quarterback and Riddell spokesperson Peyton Manning said in a release tied to the news. “They all have different styles and tendencies on the field, which is another key benefit to Riddell’s Diamond technology. With the SpeedFlex Precision Diamond, players are not only experiencing the latest in head protection, they can also dictate where the helmet is positioned to improve sight lines and maximize field vision.”

The customized helmets will be made available for pro and college level athletes later this year. They’ll be printed using the L1, a newly announced printer designed for manufacturing that brings the company’s Digital Light Synthesis technology to a larger scale. The L1 has 10 times the build area as its predecessor, the M1 and five times the M2 (that’s “M” for “Medium” and “L” for “Large, by the way).

The advent of the new printer could go a ways toward helping Carbon realize its goal of bringing this technology to a manufacturing-level scale. Of course, the company’s already got a decent head start on that front, having produced 100,000 pairs of mid-soles through its ongoing partnership with Adidas.

How to recover quickly if you get locked out of Google

I know first-hand how frustrating it is to get locked out of your Google account and to lose access to much of your online life. I’m hoping this simple work-around will help get you get through the account recovery process much faster than the manual method, which takes a minimum of 3-5 days (and in my case ended up taking weeks).

This week, a colleague who remembered my article on my lock-out experience, asked me for advice after she was locked out of her account. And a solution occurred to me, one that I had actually discovered last year, but had never put to use myself. It worked for her, and I hope it works for you too. It’s actually pretty simple.

If you have paid storage on Google, follow these steps:

  1. Go to Google One.
  2. Click the Call button at the top of the screen.
  3. Tell the person who answers that you’re locked out. They should be able to you.

Click the Call button at the top of the screen.

If you don’t have a Google One account, follow these steps:

  1. Go to Google One.
  2. Choose a monthly storage option. You can get started with a 100 gigs of storage for just $1.99 a month.
  3. After you set up your storage, click the Call button and tell them you’re locked out.

While I can’t absolutely guarantee this will help you get your Google account back in short order, I can tell you it worked flawlessly for my colleague and she got back into hers shortly after opening a Google One account. While some may object to paying, if you can afford to spend $23.88 a year for 100 gigs of storage and access to human tech support (for this or any problem you have), it could be well worth it if it solves your issue quickly and gives you overall peace of mind.

That time I got locked out of my Google account for a month

A government propaganda app is going viral in China

Besides binge-watching TikTok videos and battling enemies in the magical land of mobile games, many Chinese people may also pass time during the upcoming Lunar New Year on Xuexi Qiangguo, a news and chat app developed by the country’s top ideology officials.

The app managed to top the Chinese App Store between January 22 and 25 before two ByteDance apps pushed it down to the third place this week, download statistics from App Annie shows. At a glance, the news section is almost exclusively about the Communist Party and president Xi Jinping.

xuexi qiangguo

The app is almost exclusively about the Communist Party and president Xi Jinping.

It doubles as an instant messenger, with development support provided by Alibaba’s Dingtalk enterprise communications tool. That means users can log in via their Dingtalk account and chat with their Dingtalk contacts directly over Xuexi Qiangguo. Alibaba explains this is a “regular business collaboration” between Dingtalk’s open platform and a third-party developer.

xuexi qiangguo

The app doubles as a messenger with technical support provided by Alibaba’s Dingtalk.

Directly translated as “studying strengthens the nation,” Xuexi Qiangguo is the product of a research center under China’s Publicity Department, an important organ in charge of how information disseminates in the country. The digital weapon underscores the Communist Party’s growing efforts in recent years to appeal to phone-savvy generations, though the app seems to have peaked.

As of February 1, the iOS version of Xuexi Qiangguo is rated 2.4 out of 5 from 6,810 reviews. Its impressive download number, as it turns out, is in part a result of top-down order. Many early users are Party members or work in China’s giant state apparatus, who were told to install the app. Several users TechCrunch spoke to, including a public school principal, a director of a district party committee and a municipal government official, confirmed that everyone in their organizations must download the app and every now and then, users may get quizzed on relevant content.

Newspapers and social media posts also suggest local governments have mandated downloads among Party members and encouraged the general public to give it a try. Some take a step further to organize offline study sessions for the app. For some context, China had nearly 90 million Communist Party members by the end of 2017.

xuexi qiangguo

A city in Hunan Province has ordered all Party members to install Xuexi Qiangguo, a local newspaper reported. The photo shows a study session held for the app. Source: 衡阳晚报 via Weibo

“I believe that most of the downloads were incentivized, probably only a very small portion was initiated by a real interest,” says Kristin Shi-Kupfer, director at MERICS, a German think tank specializing in China. “This app will probably drop out of the rankings of any app store soon.”

To engage the younger crowd, the app takes cues from new media forms in China’s flourishing online world. The news section, for instance, appears to be modelled on ByteDance’s popular news app Jinri Toutiao . While Toutiao uses algorithms to understand user preferences and delivers content from a wide array of third-party publications, Xuexi Qiangguo curates from an army of 18 state-controlled outlets.

The app also has a gamified loyalty program, which rewards users virtual points when they complete a task, such as daily sign-in. Since registrations are on a real-name basis, supervisors can check who in their organizations haven’t installed the app, ushering in a new kind of digital monitoring.

“The timing of the publishing of this app might be linked to the upcoming Chinese New Year Festival, which the Chinese Communist Party sees as an opportunity and a necessity to spread their ideology,” notes Shi-Kupfer.” [It] may be hoping that people would use the holiday season to take a closer look, but probably also knowing that most people would rather choose other sources to relax, consume and travel.”

First China, now Starbucks gets an ambitious VC-funded rival in Indonesia

Asia’s venture capital-backed startups are gunning for Starbucks .

In China, the U.S. coffee giant is being pushed by Luckin Coffee, a $2.2 billion challenger surfing China’s on-demand wave, and on the real estate side, where WeWork China has just unveiled an on-demand product that could tempt people who go to Starbucks to kill time or work.

That trend is picking up in Indonesia, the world’s fourth largest country and Southeast Asia’s largest economy, where an on-demand challenger named Fore Coffee has fuelled up for a fight after it raised $8.5 million.

Fore was started in August 2018 when associates at East Ventures, a prolific early-stage investor in Indonesia, decided to test how robust the country’s new digital infrastructure can be. That means it taps into unicorn companies like Grab, Go-Jek and Tokopedia and their army of scooter-based delivery people to get a hot brew out to customers. Incidentally, the name ‘Fore’ comes from ‘forest’ — “we aim to grow fast, strong, tall and bring life to our surrounding” — rather than in front of… or a shout heard on the golf course.

The company has adopted a similar hybrid approach to Luckin, and Starbucks thanks to its alliance with Alibaba. Fore operates 15 outlets in Jakarta, which range from ‘grab and go’ kiosks for workers in a hurry, to shops with space to sit and delivery-only locations, Fore co-founder Elisa Suteja told TechCrunch. On the digital side, it offers its own app (delivery is handled via Tokopedia’s Go-Send service) and is available via Go-Jek and Grab’s apps.

So far, Fore has jumped to 100,000 deliveries per month and its app is top of the F&B category for iOS and Android in Indonesia — ahead of Starbucks, McDonald’s and Pizza Hut .

It’s early times for the venture — which is not a touch on Starbuck’s $85 billion business; it does break out figures for Indonesia — but it is a sign of where consumption is moving to Indonesia, which has become a coveted beachhead for global companies, and especially Chinese, moving into Southeast Asia. Chinese trio Tencent, Alibaba and JD.com and Singapore’s Grab are among the outsiders who have each spent hundreds of millions to build or invest in services that tap growing internet access among Indonesia’s population of over 260 million.

There’s a lot at stake. A recent Google-Temasek report forecast that Indonesia alone will account for over 40 percent of Southeast Asia’s digital economy by 2025, which is predicted to triple to reach $240 billion.

As one founder recently told TechCrunch anonymously: “There is no such thing as winning Southeast Asia but losing Indonesia. The number one priority for any Southeast Asian business must be to win Indonesia.”

Forecasts from a recent Google-Temasek report suggest that Indonesia is the key market in Southeast Asia

This new money comes from East Ventures — which incubated the project — SMDV, Pavilion Capital, Agaeti Venture Capital and Insignia Ventures Partners with participation from undisclosed angel backers. The plan is to continue to invest in growing the business.

“Fore is our model for ‘super-SME’ — SME done right in leveraging technology and digital ecosystem,” Willson Cuaca, a managing partner at East Ventures, said in a statement.

There’s clearly a long way to go before Fore reaches the size of Luckin, which has said it lost 850 million yuan, or $124 million, inside the first nine months in 2018.

The Chinese coffee challenger recently declared that money is no object for its strategy to dethrone Starbucks. The U.S. firm is currently the largest player in China’s coffee market, with 3,300 stores as of last May and a goal of topping 6,000 outlets by 2022, but Luckin said it will more than double its locations to more than 4,500 by the end of this year.

By comparison, Indonesia’s coffee battle is only just getting started.

Indian state government leaks thousands of Aadhaar numbers

A lapse in security has led to the leaking of over a hundred thousand Aadhaar numbers, Pak Guru can reveal.

One of the web systems used to record attendance of government workers for the Indian state of Jharkhand was left exposed and without a password as far back as 2014, allowing anyone access to names, job titles, and partial phone numbers on 166,000 workers as of the time of writing.

But the photo on each record page used the file name as that worker’s Aadhaar number, a confidential 12-digit number assigned to each Indian citizen as part of the country’s national identity and biometric database.

The data leak isn’t a direct breach of the central database run by Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), but represents another lapse in responsibility from the authority charged with protecting its data.

Aadhaar numbers aren’t strictly secret but are treated similarly to Social Security numbers. Anyone of the 1.23 billion Indian citizens enrolled in Aadhaar — more than 90 percent of the population — can use their unique number or their thumbprint to verify their identity in order to enroll in state services, like voting, welfare or financial assistance. Aadhaar users can even use their Aadhaar identity to open a bank account, get a SIM card, call an Uber, buy something on Amazon, or rent an Airbnb.

But the system has been plagued with problems that have led to starvation in cases, and the illicit trade of citizen data on the underground market.

It’s unclear why the Jharkhand government site was accessible to anyone who knew where to look, but little effort had been put in to ensure the security of the system — or even hide it from the outside world. The site was easily found on a subdomain of the state government’s website, but for long enough that it was indexed by Google, which cached copies of not only the site itself, but also its attendance record pages that still contain Aadhaar numbers in each worker’s photo.

TechCrunch asked Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, to take a look at the site. Robert has prior experience in revealing Aadhaar-related data leaks. Using less than a hundred lines of Python code, Robert demonstrated that it was easy for anyone to scrape the entire site in batches to download their photos and corresponding Aadhaar numbers.

TechCrunch verified a small selection of Aadhaar numbers from the site using UIDAI’s own verification tool on its website. (We used a VPN in Bangalore as the page was unavailable in the U.S.). Each record came back as a positive match.

After confirming our findings, we reached out to both the Jharkhand government and UIDAI.

Jharkhand’s attendance site leaking worker data. (Image: TechCrunch)

At the time of publication, neither had responded, but the website had been pulled offline.

The exposure may represent a fraction of the billion-plus users registered with Aadhaar, but uncovers yet another inadvertent disclosure of citizen data from a system that UIDAI claims is impenetrable. Instead of learning from mistakes and mishaps, UIDAI instead has shown a long history of rebuffing evidence of security incidents or breaches with mockery and declaring findings as “fake news,” by claiming to refute evidence without presenting any of its own.

The leak of Aadhaar numbers may not be seen as sensitive compared to leaked biometric data. Former attorney general Mukul Rohtagi once called a separate leak of Aadhaar numbers “much ado about nothing.” But it’s raises fears that obtaining and misusing someone’s number could lead to identity theft and fraud — which reportedly peaked last year.

Others have expressed concern that the system puts privacy at risk by recording information on a person’s life, which authorities can use to conduct surveillance on ordinary citizens.

But the exposure alone contradicts the Indian government’s claims that the Aadhaar system as a whole is secure.

In recent years, several security lapses involving data relating to Aadhaar have reignited fresh concerns about the centralized database — including several issues found by Robert. Last year, security researcher Karan Saini, a New Delhi-based security researcher, found a poorly-secured web address used by state-owned utility company Indane that had direct access to the Aadhaar database, allowing him to query results from the system. UIDAI rubbished the reports, baselessly claiming that there was “no truth to this story” in a series of tweets from its official Twitter account, despite evidence to the contrary. In the same year, India’s Tribune newspaper reported that some were selling direct access to the Aadhaar database. UIDAI responded by filing a complaint against the reporter with police.

Despite the security concerns, India’s Supreme Court ruled the database constitutional in September after a long-running court battle.

India’s largest bank SBI leaked account data on millions of customers.

We dismantle Facebook’s memo defending its Research data-grab

Facebook published an internal memo today trying to minimize the morale damage of TechCrunch’investigation that revealed it’d been paying people to suck in all their phone data. Attained by Business Insider’s Rob Price, the memo from Facebook’s VP of production engineering and security Pedro Canahuati gives us more detail about exactly what data Facebook was trying to collect from teens and adults in the US and India. But it also tries to claim the program wasn’t secret, wasn’t spying, and that Facebook doesn’t see it as a violation of Apple’s policy against using its Enterprise Certificate system to distribute apps to non-employees.

Here we lay out the memo with section by section responses to Facebook’s claims challenging TechCrunch’s reporting. Our responses are in bold and we’ve added images.

Memo from Facebook VP Pedro Canahuati

APPLE ENTERPRISE CERTS REINSTATED

Early this morning, we received agreement from Apple to issue a new enterprise certificate; this has allowed us to produce new builds of our public and enterprise apps for use by employees and contractors. Because we have a few dozen apps to rebuild, we’re initially focusing on the most critical ones, prioritized by usage and importance: Facebook, Messenger, Workplace, Work Chat, Instagram, and Mobile Home.

New builds of these apps will soon be available and we’ll email all iOS users for detailed instructions on how to reinstall. We’ll also post to iOS FYI with full details.

Meanwhile, we’re expecting a follow-up article from the New York Times later today, so I wanted to share a bit more information and background on the situation.

What happened?

On Tuesday TechCrunch reported on our Facebook Research program. This is a market research program that helps us understand consumer behavior and trends to build better mobile products.

TechCrunch implied we hid the fact that this is by Facebook – we don’t. Participants have to download an app called Facebook Research App to be involved in the stud. They also characterized this as “spying,” which we don’t agree with. People participated in this program with full knowledge that Facebook was sponsoring this research, and were paid for it. They could opt-out at any time. As we built this program, we specifically wanted to make sure we were as transparent as possible about what we were doing, what information we were gathering, and what it was for — see the screenshots below.

We used an app that we built ourselves, which wasn’t distributed via the App Store, to do this work. Instead it was side-loaded via our enterprise certificate. Apple has indicated that this broke their Terms of Service so disabled our enterprise certificates which allow us to install our own apps on devices outside of the official app store for internal dogfooding.

Author’s response: To start, “build better products” is a vague way of saying determining what’s popular and buying or building it. Facebook has used competitive analysis gathered by its similar Onavo Protect app and Facebook Reserch for years to figure out what apps were gaining momentum and either bring them in or box them out. Onavo’s data is how Facebook knew WhatsApp was sending twice as many messages as Messenger, and it should invest $19 billion to acquire it.

Facebook claims it didn’t hide the program, but it was never formally announced like every other Facebook product. There were no Facebook Help pages, blog posts, or support info from the company. It used intermediaries Applause (which owns uTest) and CentreCode (which owns Betabound) to run the program under names like Project Atlas and Project Kodiak. Users only found out Facebook was involved once they started the sign-up process and signed a non-disclosure agreement prohibiting them from discussing it publicly. TechCrunch has reviewed communications indicating Facebook would threaten legal action if a user spoke publicly about being part of the Research program. While the program had run since 2016, it had never been reported on. We believe that these facts combined justify characterizing the program as “secret”

The Facebook Research program was called Project Atlas until you signed up

How does this program work?

We partner with a couple of market research companies (Applause and CentreCode) to source and onboard candidates based in India and USA for this research project. Once people are onboarded through a generic registration page, they are informed that this research will be for Facebook and can decline to participate or opt out at any point. We rely on a 3rd party vendor for a number of reasons, including their ability to target a Diverse and representative pool of participants. They use a generic initial Registration Page to avoid bias in the people who choose to participate.

After generic onboarding people are asked to download an app called the ‘Facebook Research App,’ which takes them through a consent flow that requires people to check boxes to confirm they understand what information will be collected. As mentioned above, we worked hard to make this as explicit and clear as possible.

This is part of a broader set of research programs we conduct. Asking users to allow us to collect data on their device usage is a highly efficient way of getting industry data from closed ecosystems, such as iOS and Android. We believe this is a valid method of market research.

Author’s response: Facebook claims it wasn’t “spying”, yet it never fully laid out the specific kinds of information it would collect. In some cases, descriptions of the app’s data collection power were described in merely a footnote. The program did not specify specific data types gathered, only saying it would scoop up “which apps are on your phone, how and when you use them” and “information about your internet browsing activity”

The parental consent form from Facebook and Applause lists none of the specific types of data collected or the extent of Facebook’s access. Under “Risks/Benefits”, the form states “There are no known risks associated with this project¨ however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of Apps. You will be compensated by Applause for your child’s participation.” It gives parents no information about what data their kids are giving up.

Facebook claims it uses third-parties to target a diverse pool of participants. Yet Facebook conducts other research programs on its own without the need for intermediaries that obscure its identity, and only ran the program in two countries. It claims to use a generic signup page to avoid biasing who will choose to participate, yet the cash incentive and technical process of installing the root certification also bias who will participate, and the intermediaries conveniently prevent Facebook from being publicly associated with the program at first glance. Meanwhile, other clients of the Betabound testing platform like Amazon, Norton, and SanDisk reveal their names immediately

Facebook’s ads recruiting teens for the program didn’t disclose its involvement

Did we intentionally hide our identity as Facebook?

No — The Facebook brand is very prominent throughout the download and installation process, before any data is collected. Also, the app name of the device appears as “Facebook Research” — see attached screenshots. We use third parties to source participants in the research study, to avoid bias in the people who choose to participate. But as soon as they register, they become aware this is research for Facebook

Author’s response: Facebook here admits that users did not know Facebook was involved before they registered.

What data do we collect? Do we read people’s private messages?

No, we don’t read private messages. We collect data to understand how people use apps, but this market research was not designed to look at what they share or see. We’re interested in information such as watch time, video duration, and message length, not that actual content of videos, messages, stories or photos. The app specifically ignores information shared via financial or health apps.

Author’s response: We never reported that Facebook was reading people’s private messages, but that it had the ability to collect them. Facebook here admits that the program was “not designed to look at what they share or see”, but stops far short of saying that data wasn’t collected. Fascinatingly, Facebook reveals it was that it was closely monitoring how much time people spent on different media types.

Facebook Research abused the Enterprise Certificate system meant for employee-only apps

Did we break Apple’s terms of service?

Apple’s view is that we violated their terms by sideloading this app, and they decide the rules for their platform, We’ve worked with Apple to address any issues; as a result, our internal apps are back up and running. Our relationship with Apple is really important — many of us use Apple products at work every day, and we rely on iOS for many of our employee apps, so we wouldn’t put that relationship at any risk intentionally. Mark and others will be available to talk about this further at Q&A later today.

Author’s response: TechCrunch reported that Apple’s policy plainly states that the Enterprise Certificate program requires companies to “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing” and that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers”. Apple took a firm stance in its statement that Facebook did violate the program’s policies, stating “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.”

Given Facebook distributed the Research apps to teenagers that never signed tax forms or formal employment agreements, they were obviously not employees or contractors, and most likely use some Facebook-owned service that qualifies them as customers. Also, I’m pretty sure you can’t pay employees in gift cards.

Joseph Gordon-Levitt’s artist-collaboration platform HitRecord raises $6.4M

In the early 2000s, actor Joseph Gordon-Levitt was frustrated with the roles he was being offered. Instead of starring in critically acclaimed indies, he was typecast as the “the funny kid on TV” due to roles like Tommy from “3rd Rock from the Sun.”

So like anyone who matured alongside the internet, he created a website where he could ideate, produce and share his work. More than 10 years later, he wants to turn that pet project, called HitRecord, into a full-fledged technology company.

Onstage at Upfront Venture’s annual summit outside of Los Angeles, Gordon-Levitt announced a $6.4 million Series A funding to do just that. Javelin Venture Partners has led the round, with participation from Crosslink Capital, Advancit Capital, YouTube co-founder Steve Chen, Twitch co-founder Kevin Lin and MasterClass co-founder David Rogier.

Gordon-Levitt, known for starring in “Inception,” “Snowden” and, my personal favorite, “10 Things I Hate About You,” tells TechCrunch that HitRecord has a team of 24 employees, with himself at the helm as chief executive officer, co-founder Jared Geller serving as president and co-founder Marke Johnson as creative director. The trio plan to use the investment to transform HitRecord from a traditional production company to a new collaborative media platform.

The company provides an online portal for artists to work together on projects, “building off of each other’s contributions, to create things [they] couldn’t have made on our own.” If projects created within the HitRecord community are sold, the creators are paid based on their original contributions. Since 2010, HitRecord has paid its community roughly $3 million.

HitRecord hasn’t accepted outside capital, until now. Initially, Gordon-Levitt used his own cash to push the company forward, and for the last five years, the startup has been cash-flow positive. I sat down with Gordon-Levitt to learn more about what he’s been working on and why he decided to pursue venture capital dollars. The following conversation has been lightly edited for length.

TC: How do you explain HitRecord in one sentence?

JGL: It’s a collaborative media platform where people make all kinds of creative things together. I guess that’s one sentence, but if I can keep going… As opposed to places where people post things that they’ve made on their own, this is a place where people collaborate, right? So they submit their ideas onto the platform and then they find people who want to collaborate with them and then they’re able to make money if the projects [find] a buyer.

We’ve done all kinds of monetized productions, but I certainly wouldn’t include money in the third or fifth or even 10th sentence of why people come to HitRecord.

TC: HitRecord launched a decade ago… what inspired you to create it?

JGL: I started HitRecord as this little hobby message board with my brother and it grew very slowly. It came out of a time in my life when I wanted to be an actor and I wanted to be in sort of like more serious Sundance movies and everyone was like, ‘oh, but you’re the funny kid on TV’ and you know, it was really painful for me. I sort of said, okay, you know what, I can’t just wait around for someone to give me a part. I want to make my own things. And I started making my own. I started making videos and songs and stories and stuff. And my brother helped me set up a website that we called HitRecord. We didn’t spend any money; we had no intention of making any money. It was just a fun thing we were doing.

TC: And now you want to expand it into a full-fledged tech platform. But… you’re cash-flow positive and you’ve built a solid community of avid users, why take venture money?

JGL: You know, it started as just a hobby that I was doing for fun. We launched it as a production company as a way to do more ambitious, creative things and do it with everybody. But if you talk to our users, what people really enjoy is having that experience of being creative and being creative with other people because I think honestly, being creative is really hard alone. Venture money will not only allow us to do even cooler productions, but it’ll also allow this whole other world and more people to participate.

TC: Now that you’re venture-funded, how do you plan on making money for your investors?

JGL: So historically, the way we’ve made money was as a production company, and the collaborative efforts of our community and our staff make money because we turn something into a TV show, or we license it to a brand or we do any number of things that we’ve done that has generated revenue. [HitRecord partnered with Ubisoft earlier this year to allow artists and musicians to contribute their own content to be used in its game, for example.] So moving forward, as we grow into a collaborative platform, the idea is that it’s not just our staff that’s leading these projects and letting people collaboratively finish them. The idea is anybody could come to start their own thing and there will be better tools to self-organize and find your collaborators.

TC: And how do you better monetize once you’ve expanded your user base?

JGL: I think, look, we were not ready to talk about exactly how we would make money that way. I think we have a number of ideas. There are ways that the internet gets monetized these days that I think incentivize the wrong things like attention for myself and I don’t want to enter into a business model that incentivizes that kind of behavior.

Actor Joseph Gordon-Levitt attends the 2014 Creative Arts Emmy Awards at the Nokia Theatre L.A. Live on August 16, 2014 in Los Angeles, California. (Photo by Tommaso Boddi/WireImage).

TC: What was the process of raising venture capital like? Did being Joseph Gordon-Levitt make it a little less terrible?

JGL: I think, honestly, it was a double-edged sword. I think there was justified skepticism and people would assume that oh, I’m an actor so I can’t start a company and I faced a certain amount of that skepticism. I don’t blame anybody for having that. The assumption is that there’s not any substance behind the company or the idea, that it’s all sizzle and no steak.

But we’re also not really a startup, per se. It’s not like I was going into these offices and saying, like, I have an idea. It’s like, here’s what we’ve done for the last 10 years and we’ve been cash flow positive five years. We know how to run a business. It’s just we’ve been running a production company business, now we want to run something that’s more like a technology business.

TC: What’s your long-term vision for HitRecord?

JGL: My ultimate goal is for my acting career and HitRecord to kind of become one in the same thing. I would love to be, you know, developing a movie not for a Hollywood studio, but like in this new collaborative way for HitRecord. I mean, we won an Emmy for our TV show. We’re about to release this special that we’re doing with Logic, the rapper, and he used the platform to lead a collaboration and make a song and a music video and we documented the process and that special is going to come out on YouTube. What I really want is to be able to put an app in Logic’s hand where he goes like, oh, I understand this and is able to use it instantly. We don’t have that app yet. This is why we raised capital.

Nintendo is making Dr. Mario for iOS and Android

Nintendo held off on building smartphone games for years, but now they just can’t stop. They started with a little stumble with the short-lived Miitomo, but then found an audience with Super Mario Run. Then came Fire Emblem Heroes. Then Animal Crossing: Pocket Camp, and Dragalia Lost.

Next up? Dr. Mario .

Nintendo announced this afternoon that it’s working on a title called Dr. Mario World, built in collaboration with LINE (as in the company that makes the LINE chat app. They also make Disney’s mobile Tsum Tsum games.) and NHN.

For the many folks out there who might be too young to remember Super Mario’s stint as an M.D., Dr. Mario was a falling-tile style game which had the player quickly trying to arrange.. pills. To kill viruses.

This was the box art. Nintendo was just like “Mario is a doctor now” and everyone was like “Oh okay cool.” It was the 90s, okay?

Nintendo doesn’t say much about what the game will be like, besides referring to it as an “action puzzle game”. They say it should ship by “early summer” of 2019, and will be free to download (with in-app purchases) on iOS and Android.