Month: July 2018

Back in April, Facebook announced that it would be working with a group of academics to establish an independent research commission to look into issues of social and political significance using the company’s own extensive data collection. That commission just came out of stealth; it’s called Social Science One, and its first project will have researchers analyzing about a petabyte’s worth of sharing data.

The way the commission works is basically that a group of academics is created and given full access to the processes and datasets that Facebook could potentially provide. They identify and help design interesting sets based on their experience as researchers themselves, then document them publicly — for instance, “this dataset consists of 10 million status updates taken during the week of the Brexit vote, structured in such and such a way.”

This documentation describing the set doubles as a “request for proposals” from the research community. Other researchers interested in the data propose analyses or experiments, which are evaluated by commission. These proposals are then granted (according to their merit) access to the data, funding, and other privileges. Resulting papers will be peer reviewed with help from the Social Science Research Council, and can be published without being approved (or even seen) by Facebook.

“The data collected by private companies has vast potential to help social scientists understand and solve society’s greatest challenges. But until now that data has typically been unavailable for academic research,” said Social Science One co-founder, Harvard’s Gary King, in a blog post announcing the initiative. “Social Science One has established an ethical structure for marshaling privacy preserving industry data for the greater social good while ensuring full academic publishing freedom.”

If you’re curious about the specifics of the partnership, it’s actually been described in a paper of its own, available here.

The first dataset is a juicy one: “almost all” public URLs shared and clicked by Facebook users globally, accompanied by a host of useful metadata.

It will contain “on the order of 2 million unique URLs shared in 300 million posts, per week,” reads a document describing the set. “We estimate that the data will contain on the order of 30 billion rows, translating to an effective raw size on the order of a petabyte.”

The metadata includes country, user age, device and so on, but also dozens of other items, such as “ideological affiliation bucket,” the proportion of friends vs. non-friends who viewed a post, feed position, the number of total shares, clicks, likes, hearts, flags… there’s going to be quite a lot to sort through. Naturally all this is carefully pruned to protect user privacy — this is a proper research dataset, not a Cambridge Analytica-style catch-all siphoned from the service.

In a call accompanying the announcement, King explained that the commission had much more data coming down the pipeline, with a focus on disinformation, polarization, election integrity, political advertising, and civic engagement.

“It really does get at some of the fundamental questions of social media and democracy,” King said on the call.

The other sets are in various stages of completeness or permission: post-election survey participants in Mexico and elsewhere are being asked if their responses can be connected with their Facebook profiles; the political ad archive will be formally made available; they’re working on something with CrowdTangle; there are various partnerships with other researchers and institutions around the world.

A “continuous feed of all public posts on Facebook and Instagram” and “a large random sample of Facebook newsfeeds” are also under consideration, probably encountering serious scrutiny and caveats from the company.

Of course quality research must be paid for, and it would be irresponsible not to note that Social Science One is funded not by Facebook but by a number of foundations: the Laura and John Arnold Foundation, The Democracy Fund, The William and Flora Hewlett Foundation, The John S. and James L. Knight Foundation, The Charles Koch Foundation, Omidyar Network’s Tech and Society Solutions Lab, and The Alfred P. Sloan Foundation.

You can keep up with the organization’s work here; it really is a promising endeavor and will almost certainly produce some interesting science — though not for some time. We’ll keep an eye out for any research emerging from the partnership.

Back in April, Facebook announced that it would be working with a group of academics to establish an independent research commission to look into issues of social and political significance using the company’s own extensive data collection. That commission just came out of stealth; it’s called Social Science One, and its first project will have researchers analyzing about a petabyte’s worth of sharing data.

The way the commission works is basically that a group of academics is created and given full access to the processes and datasets that Facebook could potentially provide. They identify and help design interesting sets based on their experience as researchers themselves, then document them publicly — for instance, “this dataset consists of 10 million status updates taken during the week of the Brexit vote, structured in such and such a way.”

This documentation describing the set doubles as a “request for proposals” from the research community. Other researchers interested in the data propose analyses or experiments, which are evaluated by commission. These proposals are then granted (according to their merit) access to the data, funding, and other privileges. Resulting papers will be peer reviewed with help from the Social Science Research Council, and can be published without being approved (or even seen) by Facebook.

“The data collected by private companies has vast potential to help social scientists understand and solve society’s greatest challenges. But until now that data has typically been unavailable for academic research,” said Social Science One co-founder, Harvard’s Gary King, in a blog post announcing the initiative. “Social Science One has established an ethical structure for marshaling privacy preserving industry data for the greater social good while ensuring full academic publishing freedom.”

If you’re curious about the specifics of the partnership, it’s actually been described in a paper of its own, available here.

The first dataset is a juicy one: “almost all” public URLs shared and clicked by Facebook users globally, accompanied by a host of useful metadata.

It will contain “on the order of 2 million unique URLs shared in 300 million posts, per week,” reads a document describing the set. “We estimate that the data will contain on the order of 30 billion rows, translating to an effective raw size on the order of a petabyte.”

The metadata includes country, user age, device and so on, but also dozens of other items, such as “ideological affiliation bucket,” the proportion of friends vs. non-friends who viewed a post, feed position, the number of total shares, clicks, likes, hearts, flags… there’s going to be quite a lot to sort through. Naturally all this is carefully pruned to protect user privacy — this is a proper research dataset, not a Cambridge Analytica-style catch-all siphoned from the service.

In a call accompanying the announcement, King explained that the commission had much more data coming down the pipeline, with a focus on disinformation, polarization, election integrity, political advertising, and civic engagement.

“It really does get at some of the fundamental questions of social media and democracy,” King said on the call.

The other sets are in various stages of completeness or permission: post-election survey participants in Mexico and elsewhere are being asked if their responses can be connected with their Facebook profiles; the political ad archive will be formally made available; they’re working on something with CrowdTangle; there are various partnerships with other researchers and institutions around the world.

A “continuous feed of all public posts on Facebook and Instagram” and “a large random sample of Facebook newsfeeds” are also under consideration, probably encountering serious scrutiny and caveats from the company.

Of course quality research must be paid for, and it would be irresponsible not to note that Social Science One is funded not by Facebook but by a number of foundations: the Laura and John Arnold Foundation, The Democracy Fund, The William and Flora Hewlett Foundation, The John S. and James L. Knight Foundation, The Charles Koch Foundation, Omidyar Network’s Tech and Society Solutions Lab, and The Alfred P. Sloan Foundation.

You can keep up with the organization’s work here; it really is a promising endeavor and will almost certainly produce some interesting science — though not for some time. We’ll keep an eye out for any research emerging from the partnership.

Facebook is getting guide bots to help tourist bots explore Hell’s Kitchen in New York in a new research paper published today that’s looking to examine how AI systems can orient themselves and communicate observed data.

The setup for Facebook’s “Walk the Talk” experiment involves throwing a “tourist” bot onto a random street corner of NYC and getting a “guide” bot to direct them to a spot on a 2D map which they have access to. This involved Facebook capturing 360 photos of a bunch of different street corners in random spots in NY and feeding them to the tourist bot who then had to peer around at the behest of the guide bot who would gain a sense of where the tourist was based and try to direct them through a text conversation.

It’s indeed quite the novel experiment, which plays out like this in practice.

Facebook isn’t doing all of this to give you a virtual guide in some unannounced mapping product, this is Facebook AI Research as opposed to their applied machine learning arm so this stuff really resides in the long-term, less product centric sphere. What this experiment is helping Facebook’s AI researchers approach is a concept called “Embodied AI.”

Embodied AI basically entails giving AI models the ability to learn while on-the-go gathering data that is present around them that can help them make sense of what they already do know. In “Talk the Walk,” the guide AI bot had all of this 2D map data and the tourist bot had all of this rich 360 visual data but it was only through communication with each other that they were able to carry out their directives.

The real goal was to work on the two agents gathering information through natural language, but the researchers found that the bots did a better job of completing the task when they used “synthetic language” which relied more on them using more simplistic symbols to convey information and location. This less natural way of communicating data not only outperformed a more human-like chat, it also enable the bots to find their way more concisely than humans would in a natural language chat.

What made this environment particularly difficult was the fact that it was the real world. The 360 snapshots were, of course, much more cluttered than what would appear in a simulated model that a lot of these experiments would typically run in. Putting this into words is hard enough when two humans are already vaguely familiar with a location, for two bots that have access to different data, this can be awfully difficult to communicate efficiently.

To tackle this, Facebook built a mechanism called MASC (Masked Attention for Spatial Convolution) that basically enables these language models the agents are running to quickly parse what the keywords are in responses that are probably the most critical to getting a sense of what’s being conveyed. Facebook said that utilizing the process doubled the accuracy of results that were being tested.

For Facebook’s part, this is foundational research in that it seems to raise far more questions than it seeks to answer about best practices, but even grasping at those is an important milestone and a good direction to point the broader community in taking on hard problems that need to be tackled the company’s researchers say.

“If you really want to solve all of AI, then you probably want to have these different modules or components that solve different subproblems,” Facebook AI research scientist Douwe Kiela told me. “In that sense this is really a challenge to the community asking people how they would solve this and inviting them to work with us in this exciting new research direction.”

Twitter is making a major change aimed at cleaning up the spammy legacy of its platform.

This week it will globally purge accounts that it has previously locked — after suspecting them of being spammy — removing those accounts from users’ follower metrics globally.

Which in plain language means Twitter users with lots of followers are likely to see their follower counts take a noticeable hit in the coming days. So hold tight for the drop.

Late last month Twitter flagged smaller changes to follower counts, also as part of a series of platform-purging anti-spam measures — warning users they might see their counts fluctuate more as counts had been switched to being displayed in near real-time (in that case to try to prevent spambots and follow scams artificially inflating account metrics).

But the global purge of locked accounts from user account metrics looks like it’s going to a rather bigger deal, putting some major dents in certain high profile users’ follower counts — and some major dents in celeb egos.

Hence Twitter has blogged again. “Follower counts are a visible feature, and we want everyone to have confidence that the numbers are meaningful and accurate,” writes Twitter’s Vijaya Gadde, legal, policy and trust & safety lead, flagging the latest change.

It will certainly be interesting to see whether the change substantially dents Twitter follower counts of high profiles users — such as Katy Perry (109,609,073 Twitter followers at the time of writing) Donald Trump (53,379,873); Taylor Swift (85,566,010); Elon Musk (22,329,075); and Beyoncé (15,303,191), to name a few of the platform’s most followed users.

Check back in a week to see how their follower counts look.

“Most people will see a change of four followers or fewer; others with larger follower counts will experience a more significant drop,” warns Gadde, adding: “We understand this may be hard for some, but we believe accuracy and transparency make Twitter a more trusted service for public conversation.”

Twitter is also warning that while “the most significant changes” will happen in the next few days, users’ follower counts “may continue to change more regularly as part of our ongoing work to proactively identify and challenge problematic accounts”.

The company says it locks accounts if it detects sudden changes in account behavior — such as tweeting “a large volume of unsolicited replies or mentions, Tweeting misleading links, or if a large number of accounts block the account after mentioning them” — which therefore may indicate an account has been hacked/taken over by a spambot.

It says it may also lock accounts if we see email and password combinations from other services posted online and believe that information could put the security of an account at risk.

After locking an account Twitter contacts the owner to try to confirm they still have control of the account. If the owner does not reply to confirm the account stays locked — and will soon also be removed from follower counts globally.

Twitter emphasizes that locked accounts already cannot Tweet, like or Retweet, and are not served ads. But removing them from follower counts is an important additional step that it’s great to see Twitter making — albeit at long last…

Twitter also specifies that locked accounts that have not reset their password in more than one month were already not included in Twitter’s MAU or DAU counts — so it today reiterates the CFO’s recent message, saying this change won’t affect its own platform usage metrics. 

The company has been going through what — this time — looks to be a serious house-cleaning process for some months now, after years and years of criticism for failing to tackle rampant spam and abuse on its platform.

In March, Twitter CEO Jack Dorsey also put out a call for ideas to help it capture, measure and evaluate healthy interactions on its platform and the health of public conversations generally — saying: “Ultimately we want to have a measurement of how it affects the broader society and public health, but also individual health, as well.”

Uber SVP and Chief People Officer Liane Hornsey has resigned from the transportation company, Reuters reports. Hornsey’s resignation comes after a previously unreported investigation into Hornsey’s alleged systematic dismissals of racial discrimination complaints within Uber.

In Uber CEO Dara Khosrowshahi’s email to staff, obtained by TechCrunch, he did not provide specific reasons for her departure.

“I am writing to let you know that earlier today Liane told me that she is leaving the company,” Khosrowshahi wrote in a company-wide email. “Liane joined Uber in January 2017, and since then she has led our People & Places teams through a period of enormous positive change.”

According to Reuters, a group of Uber employees of color allege Hornsey discriminated against Bernard Coleman, Uber’s global head of diversity and inclusion, and unfairly criticized and threatened Bozoma Saint John, who left the company in June.

“We are confident that the investigation was conducted in an unbiased, thorough and credible manner, and that the conclusions of the investigation were addressed appropriately,” an Uber spokesperson said in a statement.

When Saint John left in June, I asked her if anything horrible happened that led to her departure. While she told me, “nothing horrible or terrible happened,” she did say that the corporate culture has not “righted itself 100 percent,” noting that it’s not where it needs to be today. I’ve reached out to Saint John and will update this story if I hear back.

Hornsey joined Uber last January, about a month before former Uber engineer Susan Fowler publicly detailed her account of sexual harassment and mismanagement at the company. Shortly after that, Hornsey conducted a survey of Uber employees to find out what they wanted performance reviews to look like moving forward, Hornsey told me last August.

In Hornsey’s email, obtained by TechCrunch, she told staff that she’s “been thinking about this for a while” and knows she’ll be leaving the company in good hands. In the interim, Pranesh Anthapur, Uber’s VP of HR, will take over the reigns.

In April, Uber released its first diversity report under Khosrowshahi. Compared to last year, Uber has increased the percentage of women from 36.1 to 38 percent. But Uber’s black representation has gone down a bit, Latinx representation increased from 5.6 to 6.1 percent.

Valimail, a company that focuses on preventing fake and fraudulent emails from reaching your inbox, today announced that it is extending its anti-impersonation platform with a couple of new features that will make it even harder for hackers to pretend they are somebody they are not.

While Valimail’s original focus was mostly on ensuring that your outgoing email was trustworthy, the new solution, dubbed Valimail Defend, centers around two types of attacks that use fake incoming emails: those that come from lookalike domains (think tech-crunch.com) and those that rely on “friendly-from spoofing,” where attackers manage to make the incoming email address look like it’s from a legitimate user, often within your company.

“We’ve built our cloud-first anti-impersonation solution to be completely automated from the ground up, and the data is clear: We have the highest rate of effectiveness in protecting our customers’ domains from impersonation,” said Valimail CEO and co-founder Alexander García-Tobar. “Valimail Defend is the latest step in the evolution of our deep industry expertise, giving enterprises and government organizations the most advanced protection against email impersonation.”

The new service will become available in Q3 and will complement the company’s existing solutions under its Valimail Enforce brand, which provides services like email authentication for outgoing messages through DMARC enforcement and a number of other techniques.

Since a large number of security breaches rely on spoofed emails, preventing those kinds of scams is now something that many a company’s chief information security officer is looking at. Often, these scams can be prevented with some basic rule-based approaches, but Valimail argues that its machine learning-driven approach is significantly more effective.

Current Valimail customers include the likes of Splunk, City National Bank and Yelp. “Valimail’s automated approach has proven to be both effective and efficient, as it’s saved us countless employee hours compared with other approaches and got us to enforcement effortlessly,” said Vivek Raman, the director of engineering at Yelp. “We are excited about this next generation of automated anti-impersonation technology from Valimail, which will give us the full end-to-end solution.”

Kairos, the face recognition technology used for brand marketing, has announced the acquisition of EmotionReader.

EmotionReader is a Limerick, Ireland-based startup that uses algorithms to analyze facial expressions around video content. The startup allows brands and marketers to measure viewers emotional response to video, analyze viewer response via an analytics dashboard, and make different decisions around media spend based on viewer response.

The acquisition makes sense considering that Kairos core business is focused on facial identification for enterprise clients. Knowing who someone is, paired with how they feel about your content, is a powerful tool for brands and marketers.

The idea for Kairos started when founder Brian Brackeen was making HR time-clocking systems for Apple. People were cheating the system, so he decided to implement facial recognition to ensure that employees were actually clocking in and out when they said they were.

That premise spun out into Kairos, and Brackeen soon realized that facial identification as a service was much more powerful than any niche time clocking service.

But Brackeen is very cautious with the technology Kairos has built.

While Kairos aims to make facial recognition technology (and all the powerful insights that come with it) accessible and available to all businesses, Brackeen has been very clear about the fact that Kairos isn’t interested in selling this technology to government agencies.

Brackeen recently contributed a post right here on TechCrunch outlining the various reasons why governments aren’t ready for this type of technology. Alongside the outstanding invasion of personal privacy, there are also serious issues around bias against people of color.

From the post:

There is no place in America for facial recognition that supports false arrests and murder. In a social climate wracked with protests and angst around disproportionate prison populations and police misconduct, engaging software that is clearly not ready for civil use in law enforcement activities does not serve citizens, and will only lead to further unrest.

As part of the deal, EmotionReader CTO Dr. Stephen Moore will run Kairos’ new Singapore-based R&D center, allowing for upcoming APAC expansion.

Kairos has raised approximately $8 million from investors New World Angels, Kapor Capital, 500 Startups, Backstage Capital, Morgan Stanley, Caerus Ventures, and Florida Institute.

Timehop is admitting that additional personal information was compromised in a data breach on July 4.

The company first acknowledged the breach on Sunday, saying that users’ names, email addresses and phone numbers had been compromised. Today it said it that additional information, including date of birth and gender, was also taken.

To understand what happened, and what Timehop is doing to fix things, I spoke to CEO Matt Raoul, COO Rick Webb and the security consultant that the company hired to manage its response. (The security consultant agreed to be interviewed on-the-record on the condition that they not be named.)

To be clear, Timehop isn’t saying that there was a separate breach of its data. Instead, the team has discovered that more data was taken in the already-announced incident.

Why didn’t they figure that out sooner? In an updated version of its report (which was also emailed to customers), the company put it simply: “Because we messed up.” It goes on:

In our enthusiasm to disclose all we knew, we quite simply made our announcement before we knew everything. With the benefit of staff who had been vacationing and unavailable during the first four days of the investigation, and a new senior engineering employee, as we examined the more comprehensive audit on Monday of the actual database tables that were stolen it became clear that there was more information in the tables than we had originally disclosed. This was precisely why we had stated repeatedly that the investigation was continuing and that we would update with more information as soon as it became available.

In both the email and my interviews, the Timehop team noted that the service does not have any financial information from users, nor does it perform the kinds of detailed behavioral tracking that you might expect from an ad-supported service. The team also emphasized that users’ “memories” — namely, the older social media posts that people use Timehop to rediscover — were not compromised.

How can they be sure, particularly since some of the compromised data was overlooked in the initial announcement? Well, the breach affected one specific database, while the memories are stored separately.

“That stuff is what we cared about, that stuff was protected,” Webb said. The challenge is, “We have to make a mental note to think about everything else.”

The breach occurred when someone accessed a database in Timehop’s cloud infrastructure that was not protected by two-factor authentication, though Raoul insisted that the company was already using two-factor quite broadly — it’s just that this “fell through the cracks.”

It’s also worth noting that while 21 million accounts were affected, Timehop had varying amounts of data about different users. For example, it says that 18.6 million email addresses were compromised (down from the “up to 21 million” addresses first reported), compared to 15.5 million dates of birth. In total, the company says 3.3 million records were compromised that included names, email addresses, phone numbers and DOBs.

None of those things may seem terribly sensitive (anyone with a copy of my business card and access to Google could probably get that information about me), but the security consultant acknowledged that in the “very, very small percentage” of cases where the records included full names, email addresses, phone numbers and DOBs, “identity theft becomes more likely,” and he suggested that users take standard steps to protect themselves, including password-protecting their phones.

Meanwhile, the company says that it worked with the social media platforms to detect activity that used the compromised authorization tokens, and it has not found anything suspicious. At this point, all of the tokens have been deauthorized (requiring users to re-authorize all of their accounts), so it shouldn’t be an ongoing issue.

As for other steps Timehop is taking to prevent future breaches, the security consultant told me the company is already in the process of ensuring that two-factor authentication is adopted across the board and encrypting its databases, as well as improving the process of deploying code to address security issues.

In addition, the company has shared the IP addresses used in the attack with law enforcement, and it will be sharing its “indicators of compromise” with partners in the security community.

Everyone acknowledged that Timehop made real mistakes, both in its security and in the initial communication with customers. (As the consultant put it, “They made a schoolboy mistake by not doing two-factor authentication.”) However, they also suggested that their response was guided, in part, by the accelerated disclosure timeline required by Europe’s GDPR regulations.

The security consultant told me, “We haven’t had the time fine-toothed comb kinds of things we normally want to do,” like an in-depth forensic analysis. Those things will happen, he said — but thanks to GDPR, the company needed to make the announcement before it had all the information.

And overall, the consultant said he’s been impressed by Timehop’s response.

“I think it really says a lot to their integrity that they decided to go fully public the second they knew it was a breach,” he said. “I want to point out these guys responded within 24 hours with a full-on incident response and secured their environments. That’s better than so many companies.”

After spending the last couple of weeks closing the deal to buy TimeWarner for $85 billion and buying ad firm AppNexus for up to $2 billion, today AT&T announced a key distribution move in its new bid to be a media powerhouse: it’s taking a strategic investment into Magic Leap, the high profile augmented reality startup, which will include becoming the exclusive “wireless distributor” of Magic Leap products in the U.S.

Magic Leap has raised more than $2 billion to develop its hardware and software, but it has yet to launch a product. However, coincidentally, Magic Leap is planning to show a demo and specs of the Magic Leap One, Creator Edition, the first commercial fruit of its labor, today at 11am Eastern time on a livestream.

“We’ve joined with AT&T because we believe in a combined vision of expanding high-speed networks, edge computing, and deep integration with creative content,” said Rony Abovitz, Founder, President and CEO of Magic Leap, in a statement. “Coupling the strength of the evolving AT&T network with Magic Leap’s spatial computing platform can transform computing experiences for people.”

AT&T notes, “When available for consumers, AT&T customers will be among the first to experience it in select AT&T stores in Atlanta, Boston, Chicago, Los Angeles, and San Francisco, with more markets to follow.”

The two companies have not revealed the financial terms of the stake: specifically Magic Leap last raised in a round in March of this year led by Sinapore’s Temasek that valued the startup at $6.3 billion, The value of that round was ultimately $963 million, says PitchBook, so we’re wondering if this investment was part of that, or a separate stake (we are reaching out to ask and will update when and if we find out more).

However, the two have laid out some of the strategic terms: the investment gives AT&T exclusive rights to work with Magic Leap across a range of areas covering network access, content distribution and devices.

“AT&T is excited to pair our pioneering technologies, unmatched network, content platform, and vast customer ecosystem with Magic Leap’s efforts to build the next generation of computing,” said AT&T Communications CEO John Donovan, in a statement. “We’re designing and offering the future of entertainment and connectivity, and this exclusive arrangement – in combination with our 5G leadership position – will open up new opportunities and experiences.” Donovan becomes a board observer with this investment.

The Opera Android browser will soon be able to hold your cryptocurrencies. The system, now in beta, lets you store crypto and ERC20 tokens in your browser, send and receive crypto on the fly, and secures your wallet with your phone’s biometric security or passcode.

You can sign up to try the beta here.

The feature, called Crypto Wallet, “makes Opera the first major browser to introduce a built-in crypto wallet” according to the company. The feature could allow for micropayments in the browser and paves the way for similar features in other browsers.

From the release:

We believe the web of today will be the interface to the decentralized web of tomorrow. This is why we have chosen to use our browser to bridge the gap. We think that with a built-in crypto wallet, the browser has the potential to renew and extend its important role as a tool to access information, make transactions online and manage users’ online identity in a way that gives them more control.

In addition to being able to send money from wallet to wallet and interact with Dapps, Opera now supports online payments with cryptocurrency where merchants support exists. Users that choose to pay for their order using cryptocurrency on Coinbase Commerce-enabled merchants will be presented with a payment request dialog, asking them for their signature. The payment will then be signed and transmitted directly from the browser.

While it’s still early days for this sort of technology it’s interesting to see a mainstream browser entering the space. Don’t hold your breath on seeing crypto in Safari or Edge but Chrome and other “open source” browsers could easily add these features given enough demand.