Month: August 2018

So much for summer Fridays. Yesterday, BuzzFeed reported that a dozen tech companies, including Facebook, Google, Microsoft and Snapchat, would meet at Twitter headquarters on Friday to discuss election security. For two of them, that wasn’t the only meeting in the books.

In what appears to be a separate event on Friday, Facebook and Microsoft also met with the Department of Homeland Security, the FBI and two bodies of state election officials, the National Association of State Election Directors (NASED) and the National Association of Secretaries of State (NASS), about their election security efforts.

The discussion was the second of its kind connecting DHS, Facebook and state election officials on “actions being taken to combat malicious interference operations.” The meetings offer two very different perspectives on threats to election security. States are largely concerned with securing voter databases and election systems, while private tech companies are waging a very public war against coordinated disinformation campaigns by U.S. foreign adversaries on their platforms. Social media platforms and election systems themselves are two important yet usually disconnected fronts in the ongoing war against Russian election interference.

“Effectively combatting coordinated information operations requires many parts of society working together, which is why Facebook believes so strongly in the need for collaboration between law enforcement, government agencies, security experts and other companies to confront these growing threats,” Facebook VP of Public Policy Kevin Martin said of the meeting.

“We are grateful for the opportunity to brief state election officials on a recent call convened by DHS and again today as part of our continued effort to develop collaborative relationships between government and private industry.”

Curiously, while Microsoft and Facebook attended the DHS-hosted meeting, it doesn’t look like Twitter did. To date, Twitter and Facebook have faced the most fallout for foreign interference on their platforms meant to influence American politics, though Google was also called to Congress to testify on the issue last fall. When reached, Twitter declined to comment on its absence, though the company was reportedly playing host to the other major tech election security meeting today.

The meeting with state officials sounds like it was largely informative in nature, with Facebook and Microsoft providing insight on their respective efforts to contain foreign threats to election integrity. On Tuesday, Microsoft revealed that its Digital Crimes Unit secured a court order to take down six domains created by Russia’s GRU designed to phish user credentials. Half of the phishing domains were fake versions of U.S. Senate websites.

“No one organization, department or individual can solve this issue alone, that’s why information sharing is so important,” said Microsoft VP of Customer Security and Trust Tom Burt. “To really be successful in defending democracy, technology companies, government, civil society, the academic community and researchers need to come together and partner in new and meaningful ways.”

For the second time this week, U.K. phone giant EE has fixed a security lapse, which allowed a security researcher to gain access to an internal site.

The researcher, who goes by the pseudonym Six, found the company’s internal training site indexed on Google. (We’re not linking to the page as it remains an active site.) Although the site required an employee username and password to log in, the researcher found that an “admin” account existed, of which anyone with the answer to the secret question could reset the password.

It turns out that secret question could have been stronger.

“What is your eye color,” the researcher told TechCrunch. “I tried loads of colors and they all give an error,” he said. “The answer was simply ‘brown,'” he said.

From there, he gained access to the entire internal training site.

EE is the largest phone network in the U.K. with more than 30 million users.

TechCrunch reported the security lapse to the company on Wednesday. A spokesperson for EE said a fix was implemented early Thursday, and thanked the researcher.

“This account has now been disabled and we have also changed the password and security question for the account,” said a spokesperson. “No customer data is, or has been, at risk as the user account on the training website only gave access to a dummy environment with fake accounts.”

But the researcher disputed part of EE’s response, accusing the company of downplaying the security incident.

The researcher shared several screenshots with TechCrunch of the site. According to the site’s login page, the portal is the “home of training” for all EE staff. Employees are given access in the first week of their start date, and can access the site for the first time with a password which is their “surname all in lower case.”

Some screenshots showed dummy data, but others showed course content and employee knowledge base resources. He said that he had access to training on linked organizations, including Orange and Plusnet.

Although the researcher found no employee or customer data, he said the admin account allowed him to grant himself “any permissions” he wanted, and change the access of any other group of users, he said.

“I didn’t do any of that because of the law, but that doesn’t mean a malicious attacker couldn’t have done it,” he said.

Earlier this week, EE fixed a vulnerability that allowed customers to gift their own or linked accounts unlimited data for free. The company fixed the bug within two days.

For startups, especially e-commerce companies, branding is everything.

A slogan, an ad, even the design of the logo can make the difference between success and failure. But understanding how to develop a brand and strategically evolve that brand over time isn’t the easiest task. Luckily, three experts are coming to Disrupt to talk through the ins and outs.

Red Antler’s Emily Heyward, Brandless’ Tina Sharkey, and Casper CEO Philip Krim will join us at TC Disrupt SF in early September, and it’s a conversation you won’t want to miss.

Emily Heyward cofounded Red Antler in 2007 after working in advertising at Saatchi & Saatchi. She graduated magna cum laude from Harvard with a degree focused on postmodern theory and consumer culture. At Red Antler, she serves as Chief Strategist and has helped brands like AllBirds, BirchBox and Casper find their unique voice in a cluttered market.

Tina Sharkey hails from Brandless, the new e-commerce company that brings its own line of household and food items to the market for $3 each. Brandless has raised nearly $300 million since launching in 2016, an impressive feat on its own. What makes Brandless so attractive to investors? Tina Sharkey’s unwavering focus on understanding her customers. Alongside democratizing these products, and bringing eco-friendly and FDA-approved ‘safer choice’ goods to the masses, Sharkey makes data around consumer behavior a priority at the company, which helps with insights on how to sell Brandless’s portfolio of more than 300 products.

Heyward and Sharkey will be joined by Casper CEO and cofounder Philip Krim. Casper sprung onto the market in 2013 with a relatively simple premise: sell a quality mattress for cheaper. While it makes sense, it’s not the sexiest brand proposition. But with the help of Heyward and Red Antler, and a keen sense of the type of customer who chooses Casper over a traditional mattress, Casper has become one of the most effectively marketed brands out there right now.

We’re thrilled to hear from this trio of greatness at Disrupt SF.

Check out the full agenda here. Tickets are still available even though the show is less than two weeks away. Grab one here.

Last call, folks! Last call to take advantage of the potentially life-changing connections and opportunities that await early-stage founders in Startup Alley. Today is the final day you can secure an exhibit table in Startup Alley at Disrupt San Francisco 2018 — which takes place September 5-7. Buy your Disrupt SF Startup Alley Exhibitor Package today before the clock strikes 5 p.m. PT.

Picture it. You and more than 1,200 exhibitors and sponsors showcasing the latest and greatest in tech products, services and platforms. We fully expect 10,000 or more attendees to descend on Moscone Center West — we’re talking technologists, investors, tech journalists, founders, marketers and entrepreneurs. And this is the last day to snag a pass that lets you place your early-stage startup smack dab in their path.

Here’s what comes with a Startup Alley Exhibitor Package:

• Two Founder passes for all three days of Disrupt SF 2018
• One day to exhibit on the Startup Alley show floor
• Use of CrunchMatch — our curated investor-to-startup matching platform
• Access to The Main Stage, The Next Stage, The Q&A Stage, The Showcase Stage
• All workshops
• Access to the attendee list and ability to message attendees with the Disrupt App
• Attend the TC After Party

And who knows? Your startup might be one of two selected to compete as a Wild Card in Startup Battlefield — our epic pitch competition with an equally epic grand prize of $100K. If you don’t believe us, check out this story from our Wild Card winner from last year:

If you’re wondering whether exhibiting is worth your time and effort, we get it. Consider what Vlad Larin, co-founder of Zeroqode, has to say about his experience:

“Startup Alley is an outstanding opportunity. We showed our technology to the world and had meaningful conversations with investors, accelerators, incubators, solo founders and developers. Give it your all, and you will not be disappointed.”

Startup Alley goes down at Disrupt San Francisco 2018 — which takes place September 5-7. You have today and today only to grab a table. Buy your Startup Alley Exhibitor Package now.

When Alibaba reported its earnings yesterday, the cloud data got a bit buried in other stories, but it’s worth pointing out that its cloud business grew 93 percent in the most recent quarter to $710 million. That’s down a smidgen from the gaudy triple digit growth of last report, but their market share has doubled in just two years, and they are growing fast.

As John Dinsdale, principal analyst at Synergy Research, a firm that keeps a close eye on the cloud market points out, the dip in growth is all about the law of large numbers. Alibaba couldn’t sustain triple digit growth for long.

“Microsoft Azure and Google Cloud Platform have recently seen similar reductions in growth rates, and if you go back far enough in time, AWS did too. The key thing is that the market for cloud infrastructure services is now very big, yet is still growing by 50% per year — and the leading players are either maintaining or growing their market share,” he said.

Back in 2015, when the Chinese eCommerce giant launched a big cloud push as part of an effort to expand beyond its eCommerce roots, Alibaba Cloud’s president Simon Hu bragged to Reuters, “Our goal is to overtake Amazon in four years, whether that’s in customers, technology, or worldwide scale.”

That is obviously not happening, but the company has managed to move the market share needle, doubling from just 2 percent of worldwide cloud infrastructure market share in 2016 to 4 percent today. That’s nothing to sneeze at, according to Dinsdale, but it’s also worth pointing out that most that business is in Asia, and of that, most of it is in its native China.

Like all its cloud competitors, the company is concentrating on some key technologies to drive that growth including big data analytics, artificial intelligence, security and Internet-of-Things, all of which are resource intensive and help grow revenue quickly.

To sustain its growth, however, Alibaba needs to begin to develop markets outside of China  and Asia. Dinsdale thinks that could happen as Chinese customers expanded internationally. He also recognizes the political realities that the company faces as it tries to move into western markets. “Alibaba has what it takes to seriously challenge the top four cloud providers — despite some inevitable political headwinds that it will face,” he said.

While Alibaba might not reach the lofty heights of catching AWS any time soon, or probably ever, it has a good shot at IBM and Google Cloud Platform and for a company that just started taking the cloud market seriously in 2015, that’s amazing progress.

The World Bank has launched the first bond on a blockchain with the Commowealth Bank of Australia.

The A$110 million ($87 million) bond-i (blockchain operated new debt instrument) — so named, I’m assuming, because of Australia’s famed Bondi Beach (bankers have the funnies!) — is the first bond to be created, allocated, transferred and managed using distributed ledger technology.

The investment is one small step for Australian finance and one giant leap for blockchains in the world (or not).

Investors in the blockchain bond include CBA, First State Super, NSW Treasury Corporation, Northern Trust, QBE, SAFA, and Treasury Corporation of Victoria. It’s a smorgasbord of Australian state financial institutions and makes a ton of sense, because the Australian fintech community is one that’s strong, and blockchain is something that these institutions are definitely interested in exploring.

According to a statement from the World Bank this will be one of many experiments that the global financial organization will make into blockchain research. Last June, the World Bank launched a Blockchain Innovation Lab to play around with the technology. .

“We are particularly impressed with the breath [sic] of interest from official institutions, fund managers, government institutions and banks. We were no doubt successful in moving from concept to reality because these high-quality investors understood the value of leveraging technology for innovation in capital markets,” said World Bank Treasurer Arunma Oteh.

It’s not just parents who are worrying about their children’s device usage. According to a new study released by Pew Research Center this week, U.S. teens are now taking steps to limit themselves from overuse of their phone and its addictive apps, like social media. A majority, 54% of teens, said they spend too much time on their phone, and nearly that many – 52% – said they are trying to limit their phone use in various ways.

In addition, 57% say they’re trying to limit social media usage and 58% are trying to limit video games.

The fact that older children haven’t gotten a good handle on balanced smartphone usage points to a failure on both parents’ parts and the responsibilities of technology companies to address the addictive nature of our devices.

For years, instead of encouraging more moderate use of smartphones, as the tools they’re meant to be, app makers took full advantage of smartphones’ always-on nature to continually send streams of interruptive notifications that pushed users to constantly check in. Tech companies even leveraged psychological tricks to reward us each time we launched their app, with dopamine hits that keep users engaged.

Device makers loved this addiction because they financially benefited from app sales and in-app purchases, in addition to device sales. So they built ever more tools to give apps access to users’ attention, instead of lessening it.

For addicted teens, parents were of little help as they themselves were often victims of this system, too.

Today, tech companies are finally waking up to the problem. Google and Apple have now both built in screen time monitoring and control tools into their mobile operating systems, and even dopamine drug dealers like Facebook, Instagram and YouTube have begun to add screen time reminders and other “time well spent” features.

But these tools have come too late to prevent U.S. children from developing bad habits with potentially harmful side effects.

Pew says that 72% of teens are reaching for their phones as soon as they wake up; four-in-ten feel anxious without their phone; 56% report that not have their phone with them can make them feel lonely, upset or anxious; 51% feel their parents are distracted by phones during conversations (72% of parents say this is true, too, when trying to talk to teens); and 31% say phones distract them in class.

The problems are compounded by the fact that smartphones aren’t a luxury any longer – they’re in the hands of nearly all U.S. teens, 45% of whom are almost constantly online.

The only good news is that today’s teens seem to be more aware of the problem, even if their parents failed to teach balanced use of devices in their own home.

Nine-in-ten teens believe that spending too much time online is a problem, and 60% say it’s a major problem. 41% say they spend too much time on social media.

In addition, some parents are starting to take aim at the problem, as well, with 57% reporting they’ve set some screen time restrictions for their teens.

Today’s internet can be a toxic place, and not one where people should spend large amounts of time.

Social networking one the top activities taking place on smartphones, reports show.

But many of these networks were built by young men who couldn’t conceive of all the ways things could go wrong. They failed to build in robust controls from day one to prevent things like bullying, harassment, threats, misinformation, and other issues.

Instead, these protections have been added on after the fact – after the problems became severe. And, some could argue, that was too late. Social media is something that’s now associated with online abuse and disinformation, with comment thread fights and trolling, and with consequences that range from teen suicides to genocide.

If we are unable to give up our smartphones and social media for the benefits they do offer, at the very least we should be monitoring and moderating our use of them at this point.

Thankfully, as this study shows, there’s growing awareness of this among younger users, and maybe, some of them will even do something about it in the future – when they’re the bosses, the parents, and the engineers, they can craft new work/life policies, make new house rules, and write better code.

Cyber security has never gone away as a hot topic in the technology sphere and in 2018 it remains an enormous issue. As the next 3 billion or so of the planet’s people come online, it’s never been more important to secure their safety, their privacy and the security of their personal data. As the same time we are already in the process of building the infrastructure of the future. The smart cities and the autonomous cars-to-come will all have to be secure from cyber attack, from private or state actors.

It’s therefore salient that TechCrunch Disrupt feature the work of two of the key players in this space.

Machine learning can help companies better protect their networks, but it also provides attackers with new tools. DiDi Labs Security VP Fengmin Gong and Mike Hanley of Duo are both are the forefront of this sector. On stage at Disrupt they will discuss how their companies use these new technologies to keep hackers at bay and how others can do the same to keep their systems secure.

Hanley leads all security research, development and operations functions at Duo. Prior to Duo, he was a senior member of the technical staff at CERT/CC, working on applied R&D programs for the US Department of Defense and the Intelligence Community.

Hanley recently pointed out that it’s a a myth that most hackers are using sophisticated tactics to access data.

It’s his view that the vast majority of cyber security attacks start with phishing – where people respond to fraudulent emails and reveal their own personal information.

The problem is, he thinks, is that the security industry has been slow to offer simple, efficient solutions to protect companies’ and individuals’ digital information. He thinks the industry is too focused “on complexity and not necessarily effectiveness” and that “complexity really does breed insecurity.”

He’ll be joined on stage by Fengmin Gong of DiDi Labs, part of the Chinese ride-hailing startup.

Gong is a well-respected cybersecurity technologist with more than 30 years of industry experience. As head of DiDi Labs, Dr. Gong currently drives R&D innovation and strategy for safety, security and user experience on DiDi platforms, and works on developing the next generation of security tools

Gong has held chief scientist and R&D VP roles in a variety of large security corporations, including McAfee and Symantec JV, and served as chief security content strategy officer for FireEye, where he led the development and management of the company’s security initiatives. He is also a serial entrepreneur, having founded several leading security companies, including Palo Alto Networks and Cyphort Inc., and is an angel investor in more than half a dozen startups.

Didi was recently given the go-ahead to start testing self-driving cars in California, as it looks to catch up with its Silicon Valley rivals’ earlier start in autonomous systems.

Check out the full agenda here. Tickets are still available even though the show is less than two weeks away. Grab one here.

Need something to put on that new Wireless Charging Duo? Good news — the Galaxy Note 9 and Galaxy Watch are available now. Here’s the my full 3,000 word review of the Note 9. The TLDR version is, essentially:

• Good screen
• Very good camera
• Decently long battery
• Interesting new S-Pen tricks
• Way, way too pricey

As for the Galaxy Watch, well, I’m wearing that one as I type this. Expect a review in the near future. But in the meantime, I’m enjoying the experience and am glad the company finally opted for a smaller size — even if that one might still be too larger for many wrists.

Both devices are available in a bunch of places, but it’s different SKUs for different vendors, so here’s the info straight from Samsung:

The 128GB Galaxy Note 9 can be purchased through carriers including AT&T, Sprint, T-Mobile, U.S. Cellular, Verizon Wireless and Xfinity, along with Best Buy, Costco, Sam’s Club, Straight Talk Wireless, Target, Walmart, Samsung.com and the ShopSamsung app. The 512GB version is available at select retail locations and online at AT&T, T-Mobile, Verizon, U.S. Cellular and Samsung.com.

And here’s the same for the Galaxy Watch

Starting at $329.99 for the 42mm and $349.99 for the 46mm, is now available at Amazon, Best Buy and Samsung.com in the U.S. The Galaxy Watch LTE version is also available today, at Samsung.com and T-Mobile starting at $379.99 for the 42mm, and $399.99 for the 46mm.

As for the Galaxy Home smart speaker, your guess is as good as ours.

Waymo, the former Google self-driving project that spun out to become a business under Alphabet, has opened a subsidiary in China.

The unit, called Huimo Business Consulting Co., opened in Shanghai on May 22, according to a filing with China’s National Enterprise Credit Information Publicity System. China Money Network was the first to report on the new entity. The unit, which was set up with 3.5 million yuan ($511,000), lists Waymo as an investor.

A Waymo spokesperson confirmed Thursday to TechCrunch that the unit had been formed in Shanghai and that people are working there. The company declined to comment further on its plans in China.

Don’t expect Waymo to launch an autonomous ride-hailing service in China, or even to test there.The filing says the subsidiary will be focused on logistics consulting, supply chain, and autonomous driving parts and product design.

An unnamed source familiar with the company’s plans backed up the description in the filing and told TechCrunch that the subsidiary will be working on building out a supplier network not launching a service there.