Year: 2018

A ruling in late October against a little-known French adtech firm that popped up on the national data watchdog’s website earlier this month is causing ripples of excitement to run through privacy watchers in Europe who believe it signals the beginning of the end for creepy online ads.

The excitement is palpable.

Impressively so, given the dry CNIL decision against mobile “demand side platform” Vectaury was only published in the regulator’s native dense French legalese.

Digital advertising trade press AdExchanger picked up on the decision yesterday.

Here’s the killer paragraph from CNIL’s ruling — translated into “rough English” by my TC colleague Romain Dillet:

The requirement based on the article 7 above-mentioned isn’t fulfilled with a contractual clause that guarantees validly collected initial consent. The company VECTAURY should be able to show, for all data that it is processing, the validity of the expressed consent.

In plainer English, this is being interpreted by data experts as the regulator stating that consent to processing personal data cannot be gained through a framework arrangement which bundles a number of uses behind a single “I agree” button that, when clicked, passes consent to partners via a contractual relationship.

CNIL’s decision suggests that bundling consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

Consent under this regime must be specific, informed and freely given. It says as much in the text of GDPR.

But now, on top of that, the CNIL’s ruling suggests a data controller has to be able to demonstrate the validity of the consent — so cannot simply tuck consent inside a contractual “carpet-bag” that gets passed around to everyone else in their chain as soon as the user clicks “I agree.”

This is important, because many widely used digital advertising consent frameworks rolled out to websites in Europe this year — in claimed compliance with GDPR — are using a contractual route to obtain consent, and bundling partner processing behind often hideously labyrinthine consent flows.

The experience for web users in the EU right now is not great. But it could be leading to a much better internet down the road.

Where’s the consent for partner processing?

Even on a surface level the current crop of confusing consent mazes look problematic.

But the CNIL ruling suggests there are deeper and more structural problems lurking and embedded within. And as regulators dig in and start to unpick adtech contradictions it could force a change of mindset across the entire ecosystem.

As ever, when talking about consent and online ads the overarching point to remember is that no consumer given a genuine full disclosure about what’s being done with their personal data in the name of behavioral advertising would freely consent to personal details being hawked and traded across the web just so a bunch of third parties can bag a profit share.

This is why, despite GDPR being in force (since May 25), there are still so many tortuously confusing “consent flows” in play.

The longstanding online T&Cs trick of obfuscating and socially engineering consent remains an unfortunately standard playbook. But, less than six months into GDPR we’re still very much in a “phoney war” phase. More regulatory rulings are needed to lay down the rules by actually enforcing the law.

And CNIL’s recent activity suggests more to come.

In the Vectaury case, the mobile ad firm used a template framework for its consent flow that had been created by industry trade association and standards body, IAB Europe.

It did make some of its own choices, using its own wording on an initial consent screen and pre-ticking the purposes (another big GDPR no-no). But the bundling of data purposes behind a single opt in/out button is the core IAB Europe design. So CNIL’s ruling suggests there could be trouble ahead for other users of the template.

IAB Europe’s CEO, Townsend Feehan, told us it’s working on a statement reaction to the CNIL decision, but suggested Vectaury fell foul of the regulator because it may not have implemented the “Transparency & Consent Framework-compliant” consent management platform (CMP) framework — as it’s tortuously known — correctly.

So either “the ‘CMP’ that they implemented did not align to our Policies, or choices they could have made in the implementation of their CMP that would have facilitated compliance with the GDPR were not made,” she suggested to us via email.

Though that sidesteps the contractual crux point that’s really exciting privacy advocates — and making them point to the CNIL as having slammed the first of many unbolted doors.

The French watchdog has made a handful of other decisions in recent months, also involving geolocation-harvesting adtech firms, and also for processing data without consent.

So regulatory activity on the GDPR+adtech front has been ticking up.

Its decision to publish these rulings suggests it has wider concerns about the scale and privacy risks of current programmatic ad practices in the mobile space than can be attached to any single player.

So the suggestion is that just publishing the rulings looks intended to put the industry on notice…

Meanwhile, adtech giant Google has also made itself unpopular with publisher “partners” over its approach to GDPR by forcing them to collect consent on its behalf. And in May a group of European and international publishers complained that Google was imposing unfair terms on them.

The CNIL decision could sharpen that complaint too — raising questions over whether audits of publishers that Google said it would carry out will be enough for the arrangement to pass regulatory muster.

For a demand-side platform like Vectaury, which was acting on behalf of more than 32,000 partner mobile apps with user eyeballs to trade for ad cash, achieving GDPR compliance would mean either asking users for genuine consent and/or having a very large number of contracts on which it’s doing actual due diligence.

Yet Google is orders of magnitude more massive, of course.

The Vectaury file gives us a fascinating little glimpse into adtech “business as usual.” Business which also wasn’t, in the regulator’s view, legal.

The firm was harvesting a bunch of personal data (including people’s location and device IDs) on its partners’ mobile users via an SDK embedded in their apps, and receiving bids for these users’ eyeballs via another standard piece of the programmatic advertising pipe — ad exchanges and supply side platforms — which also get passed personal data so they can broadcast it widely via the online ad world’s real-time bidding (RTB) system. That’s to solicit potential advertisers’ bids for the attention of the individual app user… The wider the personal data gets spread, the more potential ad bids.

That scale is how programmatic works. It also looks horrible from a GDPR “privacy by design and default” standpoint.

The sprawling process of programmatic explains the very long list of “partners” nested non-transparently behind the average publisher’s online consent flow. The industry, as it is shaped now, literally trades on personal data.

So if the consent rug it’s been squatting on for years suddenly gets ripped out from underneath it, there would need to be radical reshaping of ad-targeting practices to avoid trampling on EU citizens’ fundamental right.

GDPR’s really big change was supersized fines. So ignoring the law would get very expensive.

Oh hai real-time bidding!

In Vectaury’s case, CNIL discovered the company was holding the personal data of a staggering 67.6 million people when it conducted an on-site inspection of the company in April 2018.

That already sounds like A LOT of data for a small mobile adtech player. Yet it might actually have been a tiny fraction of the personal data the company was routinely handling — given that Vectaury’s own website claims 70 percent of collected data is not stored.

In the decision there was no fine, but CNIL ordered the firm to delete all data it had not already deleted (having judged collection illegal given consent was not valid); and to stop processing data without consent.

But given the personal-data-based hinge of current-gen programmatic adtech, that essentially looks like an order to go out of business. (Or at least out of that business.)

And now we come to another interesting GDPR adtech complaint that’s not yet been ruled on by the two DPAs in question (Ireland and the U.K.) — but which looks even more compelling in light of the CNIL Vectaury decision because it picks at the adtech scab even more daringly.

Filed last month with the Irish Data Protection Commission and the U.K.’s ICO, this adtech complaint — the work of three individuals, Johnny Ryan of private web browser Brave; Jim Killock, exec director of digital and civil rights group, the Open Rights Group; and University College London data protection researcher, Michael Veale — targets the RTB system itself.

Here’s how Ryan, Killock and Veale summarized the complaint when they announced it last month:

Every time a person visits a website and is shown a “behavioural” ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies. Advertising technology companies broadcast these data widely in order to solicit potential advertisers’ bids for the attention of the specific individual visiting the website.

A data breach occurs because this broadcast, known as an “bid request” in the online industry, fails to protect these intimate data against unauthorized access. Under the GDPR this is unlawful.

The GDPR, Article 5, paragraph 1, point f, requires that personal data be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.” If you can not protect data in this way, then the GDPR says you can not process the data.

Ryan tells TechCrunch that the crux of the complaint is not related to the legal basis of the data sharing but rather focuses on the processing itself — arguing “that it itself is not adequately secure… that they’re aren’t adequate controls.”

Though he says there’s a consent element too, and so sees the CNIL ruling bolstering the RTB complaint. (On that keep in mind that CNIL judged Vectaury should not have been holding the RTB data of 67.6M people because it did not have valid consent.)

“We do pick up on the issue of consent in the complaint. And this particular CNIL decision has a bearing on both of those issues,” he argues. “It demonstrates in a concrete example that involved investigators going into physical premises and checking the machines — it demonstrates that even one small company was receiving tens of millions of people’s personal data in this illegal way.

“So the breach is very real. And it demonstrates that it’s not unreasonable to suggest that the consent is meaningless in any case.”

Reaching for a handy visual explainer, he continues: “If I leave a briefcase full of personal data in the middle of Charing Cross station at 11am and it’s really busy, that’s a breach. That would have been a breach back in the 1970s. If my business model is to drive up to Charing Cross station with a dump-truck and dump briefcases onto the street at 11am in the full knowledge that my business partners will all scramble around and try and grab them — and then to turn up at 11.01am and do the same thing. And then 11.02am. And every microsecond in between. That’s still a fucking data breach!

“It doesn’t matter if you think you’ve consent or anything else. You have to [comply with GDPR Article 5, paragraph 1, point f] in order to even be able to ask for a legal basis. There are plenty of other problems but that’s the biggest one that we highlighted. That’s our reason for saying this is a breach.”

“Now what CNIL has said is this company, Vectaury, was processing personal data that it did not lawfully have — and it got them through RTB,” he adds, spelling the point out. “So back to the GDPR — GDPR is saying you can’t process data in a way that doesn’t ensure protection against unauthorized or unlawful processing.”

In other words, RTB as a funnel for processing personal data looks to be on inherently shaky ground because it’s inherently putting all this personal data out there and at risk…

What’s bad for data brokers…

In another loop back, Ryan says the regulators have been in touch since their RTB complaint was filed to invite them to submit more information.

He says the CNIL Vectaury decision will be incorporated into further submissions, predicting: “This is going to be bounced around multiple regulators.”

The trio is keen to generate extra bounce by working with NGOs to enlist other individuals to file similar complaints in other EU Member States — to make the action a pan-European push, just like programmatic advertising itself.

“We now have the opportunity to connect our complaint with the excellent work that Privacy International has done, showing where these data end up, and with the excellent work that CNIL has done showing exactly how this actually applies. And this decision from CNIL takes, essentially my report that went with our complaint and shows exactly how that applies in the real world,” he continues.

“I was writing in the abstract — CNIL has now made a decision that is very much not in the abstract, it’s in the real world affecting millions of people… This will be a European-wide complaint.”

But what does programmatic advertising that doesn’t entail trading on people’s grubbily obtained personal data actually look like? If there were no personal data in bid requests Ryan believes quite a few things would happen. Such as, for e.g. the demise of clickbait.

“There would be no way to take your TechCrunch audience and buy it cheaper on some shitty website. There would be no more of that arbitrage stuff. Clickbait would die! All that nasty stuff would go away,” he suggests.

(And, well, full disclosure: We are TechCrunch — so we can confirm that does sound really great to us!)

He also reckons ad values would go up. Which would also be good news for publishers. (“Because the only place you could buy the TechCrunch audience would be on TechCrunch — that’s a really big deal!”)

He even suggests ad fraud might shrink because the incentives would shift. Or at least they could so long as the “worthy” publishers that are able to survive in the new ad world order don’t end up being complicit with bot fraud anyway.

As it stands, publishers are being screwed between the twin plates of the dominant adtech platforms (Google and Facebook), where they are having to give up a majority of their ad revenue — leaving the media industry with a shrinking slice of ad revenues (that can be as lean as ~30 percent).

That then has a knock on impact on funding newsrooms and quality journalism. And, well, on the wider web too — given all the weird incentives that operate in today’s big tech social media platform-dominated internet.

While a privacy-sucking programmatic monster is something only shadowy background data brokers that lack any meaningful relationships with the people whose data they’re feeding the beast could truly love.

And, well, Google and Facebook.

Ryan’s view is that the reason an adtech duopoly exists boils down to the “audience leakage” being enabled by RTB. Leakage which, in his view, also isn’t compliant with EU privacy laws.

He reckons the fix for this problem is equally simple: Keep doing RTB but without any personal data.

A real-time ad bidding system that’s been stripped of personal data does not mean no targeted ads. It could still support ad targeting based on real-time factors such as an approximate location (say to a city region) and/or generic and aggregated data.

Crucially it would not use unique identifiers that enable linking ad bids to a individual’s entire digital footprint and bid request history — as is the case now. Which essentially translates into: RIP privacy rights.

Ryan argues that RTB without personal data would still offer plenty of “value” to advertisers — who could still reach people based on general locations and via real-time interests. (It’s a model that sounds much like what privacy search engine DuckDuckGo is doing, and also been growing.)

The really big problem, though, is turning the behavioral ad tanker around. Given that the ecosystem is embedded, even as the duopoly milks it.

That’s also why Ryan is so hopeful now, though, having parsed the CNIL decision.

His reading is regulators will play a decisive role in pushing the ad industry’s trigger — and force through much-needed change in their targeting behavior.

“Unless the entire industry moves together, no one can be the first to remove personal data from bid requests but if the regulators step in in a big way… and say you’re all going to go out of business if you keep putting personal data into bid requests then everyone will come together — like the music industry was forced to eventually, under Steve Jobs,” he argues. “Everyone can together decide on a new short term disadvantageous but long term highly advantageous change.”

Of course such a radical reshaping is not going to happen overnight. Regulatory triggers tend to be slow motion unfoldings at the best of times. You also have to factor in the inexorable legal challenges.

But look closely and you’ll see both momentum massing behind privacy — and regulatory writing on the wall.

“Are we going to see programmatic forced to be non-personal and therefore better for every single citizen of the world (except, say, if they work for a data broker),” adds Ryan, posing his own concluding question. “Will that massive change, which will help society and the web… will that change happen before Christmas? No. But it’s worth working on. And it’s going to take some time.

“It could be two years from now that we have the finality. But a finality there will be. Detroit was only able to fight against regulation for so long. It does come.”

Who’d have though “taking back control” could ever sound so good?

Four days ago the crypto markets were crashing hard. Now they’re crashing harder. Bitcoin, which hasn’t fallen past $6,000 for months, has dumped to $4,413.99 as of this morning, and nearly everything else is falling in unison. Ethereum, flying high at $700 a few months ago, is at $140. Coinbase, that bastion of crypto stability, is currently sporting a series of charts that look like Aspen black-diamond ski runs.

What is happening? There are a number of theories, and I’ll lay out a few of them here. Ultimately, sentiment is bleak in the crypto world, with bull runs being seen as a thing of a distant past. As regulators clamp down, pie-in-the-sky ideas crash and shady dealers take their shady dealings elsewhere, the things that made cryptocurrencies so much fun — and so dangerous — are slowly draining away. What’s left is anyone’s guess, but at least it will make things less interesting.

The bag holder theory

November was supposed to be a good month for crypto. Garbage sites like FortuneJack were crowing about bitcoin stability while the old crypto hands were optimistic and pessimistic at the same time. Eric Vorhees, founder of ShapeShift, felt that the inevitable collapse of the global financial system is good for folks with at least a few BTC in their wallets.

Others, like the Binance CEO Changpeng Zhao, are expecting a bull run next year and said his company was particularly profitable.

Ultimately, crypto hype moves the market far more than it has any right to, and this is a huge problem.

So who do you believe, these guys or your own lying eyes? That’s a complex question. First, understand that crypto is a technical product weaponized by cash. Companies like Binance and Coinbase will work mightily to maintain revenue streams, especially considering Coinbase’s current level of outside investment. These are startups that can literally affect their own value over time. We’ll talk about that shortly. Ultimately, crypto hype hasn’t been matching reality of late, a major concern to the skittish investor.

“I think that the downturn is due to things not going up as much as people had wanted. Everyone was expecting November to be a bull month,” said Travin Keith, founder of Altrean. “When things indicated that it wasn’t going that way, those who were on borrowed time, such as those needing some buffer, or those in the crypto business needing some money, needed to sell.”

Tether untethered

Tether has long been the prime suspect in the Bitcoin run up and crash. Created by an exchange called Bitfinex, the currency is pegged to the dollar and, according to the exchange itself, each tether — about $2.7 billion worth — is connected to an actual dollar in someone’s bank account. Whether or not this is true has yet to be proven, and the smart money is on “not true.” I’ll let Jon Evans explain:

What are those whiffs of misconduct to which I previously referred? I mean. How much time do you have? One passionate critic, known as Bitfinexed, has been writing about this for quite some time now; it’s a pretty deep rabbit hole. University of Texas researchers have accused Bitfinex/Tether of manipulating the price of Bitcoin (upwards.) The two entities have allegedly been subpoenaed by US regulators. In possibly (but also possibly not — again, a fog of mystery) related news, the US Justice Department has opened a criminal investigation into cryptocurrency price manipulation, which critics say is ongoing. Comparisons are also being drawn with Liberty Reserve, the digital currency service shut down for money laundering five years ago:

So what the hell is going on? Good question. On the one hand, people and even companies are innocent until proven guilty, and the opacity of cryptocurrency companies is at least morally consistent with the industry as a whole. A wildly disproportionate number of crypto people are privacy maximalists and/or really hate and fear governments. (I wish the US government didn’t keep making their “all governments become jackbooted surveillance police states!” attitude seem less unhinged and more plausible.)

But on the other … yes, one reason for privacy maximalism is because you fear rubber-hose decryption of your keys, but another, especially when anti-government sentiment is involved, is because you fear the taxman, or the regulator. A third might be that you fear what the invisible hand would do to cryptocurrency prices, if it had full leeway. And it sure doesn’t look good when at least one of your claims, e.g. that your unaudited reserves are “subject to frequent professional audits,” is awfully hard to interpret as anything other than a baldfaced lie.

Now Bloomberg is reporting that the U.S. Justice Department is looking into Bitfinex for manipulating the price of Bitcoin. The belief is that Bitfinex has allegedly been performing wash trades that propped up the price of Bitcoin all the way to its previous $20,000 heights. “[Researchers] claimed that Tether was used to buy Bitcoin at pivotal periods, and that about half of Bitcoin’s 1,400 percent gain last year was attributable to such transactions,” wrote Bloomberg. “Griffin briefed the CFTC on his findings earlier this year, according to two people with direct knowledge of the matter.”

This alone could point to the primary reason Bitcoin and crypto are currently in free fall: without artificial controls, the real price of the commodity becomes clear. A Twitter user called Bitfinex’d has been calling for the death of Tether for years. He’s not very bullish on the currency in 2019.

“I don’t know the when,” Bitfinex’d said. “But I know Tether dies along with Bitfinex.”

Le shitcoin est mort

As we learned last week, the SEC is sick of fake utility tokens. While the going was great for ICOs over the past few years with multiple companies raising millions if not billions in a few minutes, these salad days are probably over. Arguably, a seed-stage startup with millions of dollars in cash is more like a small VC than a product company, but ultimately the good times couldn’t last.

What the SEC ruling means is that folks with a lot of crypto can’t slide it into “investments” anymore. However, this also means that those same companies can be more serious about products and production rather than simply fundraising.

SEC intervention dampens hype, and in a market that thrives on hype, this is a bad thing. That said, it does mean that things will become a lot clearer for smaller players in the space, folks who haven’t been able to raise seed and are instead praying that token sales are the way forward. In truth they are, buttoning up the token sale for future users and, by creating regulation around it, they will begin to prevent the Wild West activity we’ve seen so far. Ultimately, it’s a messy process, but a necessary one.

“It all contributes to greater BTC antifragility, doesn’t it?,” said crypto speculator Carl Bullen. “We need the worst actors imaginable. And we got ’em.”

Bitmain

One other interesting data point involves Bitmain. Bitmain makes cryptocurrency mining gear and most recently planned a massive IPO that was supposed to be the biggest in history. Instead, the company put these plans on hold.

Interestingly, Bitmain currently folds the cryptocurrency it mines back into the company, creating a false scarcity. The plan, however, was for Bitmain to begin releasing the Bitcoin it mined into the general population, thereby changing the price drastically. According to an investor I spoke with this summer, the Bitmain IPO would have been a massive driver of Bitcoin success. Now it is on ice.

While this tale was apocryphal, it’s clear that these chicken and egg problems are only going to get worse. As successful startups face down a bear market, they’re less likely to take risks. And, as we all know, crypto is all about risk.

Abandon all hope? Ehhhhh….

Ultimately, crypto and the attendant technologies have created an industry. That this industry is connected directly to stores of value, either real or imagined, has enervated it to a degree unprecedented in tech. After all, to use a common comparison between Linux and blockchain, Linus Torvalds didn’t make millions of dollars overnight for writing a device driver in 1993. He — and the entire open-source industry — made billions of dollars over the past 27 years. The same should be true of crypto, but the cash is clouding the issue.

Ultimately, say many thinkers in the space, the question isn’t whether the price goes up or down. Instead, of primary concern is whether the technology is progressing.

“Crypto capitulation is once again upon us, but before the markets can rise again we must pass through the darkest depths of despair,” said crypto guru Jameson Lopp. “Investors will continue to speculate while developers continue to build.”

Elon Musk’s dabble with the doobage in a September radio interview may have sparked more than just an outpouring of adulation from his acolytes (and a fairly interesting conversation around artificial intelligence, social media, invention, and space).

The Washington Post reports that the folks at the National Aeronautics and Space Administration were less than amused with Musk’s antics and have ordered a safety review of SpaceX and Boeing as a response to the colorful chief executive’s shenanigans.

In an interview, NASA associate administrator for human exploration, William Gerstenmaier told the Post that the review will begin next year and would examine the “safety culture” of both Boeing and SpaceX.

Rather than focus on the safety of the actual rockets, the Post said that the review would look at the hours employees work, drug policies, leadership and management styles, and the responsiveness of both companies to safety concerns from employees. 

The review is going to be led by the Office of Safety and Mission Assurance within NASA, which has conducted similar probes before, according to the Post report.

According to the NASA official, the process could be “pretty invasive” with the potential for hundreds of interviews with employees at every level and across all locations where the companies operate.

At stake is the potential $6.8 billion in contracts the two companies received in 2014 to revive crewed missions to space. SpaceX grabbed $2.6 billion from NASA for the program, while the remainder went to Boeing.

Both companies have stumbled as they test their crewed systems to get NASA astronauts into orbit. Boeing still needs to test the heat shields and parachute systems of its spacecraft and address the potential for propellant leakage during the emergency abort process.

SpaceX also is having problems with its parachute system.

In a statement given to the Post, SpaceX said, “We couldn’t be more proud of all that we have already accomplished together with NASA, and we look forward to returning human spaceflight capabilities to the United States.”

More than half a million users have installed Android malware posing as driving games — from Google’s own app store.

Lukas Stefanko, a security researcher at ESET, tweeted details of 13 gaming apps — made by the same developer — which were at the time of his tweet downloadable from Google Play. Two of the apps were trending on the store, he said, giving the apps greater visibility.

Combined, the apps surpassed 580,000 installs before Google pulled the plug.

Anyone downloading the apps were expecting a truck or car driving game. Instead, they got what appeared to be a buggy app that crashed every time it opened.

In reality, the app was downloading a payload from another domain — registered to an app developer in Istanbul — and installed malware behind the scenes, deleting the app’s icon in the process. It’s not clear exactly what the malicious apps do; none of the malware scanners seemed to agree on what the malware does, based on an uploaded sample to VirusTotal. What is clear is that the malware has persistence — launching every time the Android phone or tablet is started up, and has “full access” to its network traffic, which the malware author can use to steal secrets.

We reached out to the Istanbul-based domain owner, Mert Ozek, but he did not respond to our email. (If that changes, we’ll update).

It’s another embarrassing security lapse by Google, which has long faced criticism for its backseat approach to app and mobile security compared to Apple, which some say is far too restrictive and selective about which apps make it into its walled garden.

Google has spent years trying to double down on Android security by including better security features and more granular app permission controls. But the company continues to battle rogue and malicious apps in the Google Play app store, which have taken over as one of the greatest threats to Android user security. Google pulled more than 700,000 malicious apps from its app store last year alone, and has tried to improve its back-end to prevent malicious apps from getting into the store in the first place. 

And yet — clearly — that isn’t enough.

When reached, a Google spokesperson did not immediately comment.

The social media singularity continues with the arrival of Snapchat Stories-style slideshows on LinkedIn as the app grasps for relevance with a younger audience. LinkedIn confirms to TechCrunch that it plans to build Stories for more sets of users, but first it’s launching “Student Voices” just for university students in the US. The feature appears atop the LinkedIn home screen and lets students post short videos to their Campus Playlist. The videos (no photos allowed) disappear from the playlist after a week while staying permanently visible on a user’s own profile in the Recent Activity section. Students can tap through their school’s own slideshow and watch the Campus Playlists of nearby universities.

LinkedIn now confirms the feature is in testing, with product manager Isha Patel telling TechCrunch “Campus playlists are a new video feature that we’re currently rolling out to college students in the US. As we know, students love to use video to capture moments so we’ve created this new product to help them connect with one another around shared experiences on campus to help create a sense of community.” Student Voices was first spotted by social consultant Carlos Gil, and tipped by Socially Contented’s Cathy Wassell to Matt Navarra.

A LinkedIn spokesperson tells us the motive behind the feature is to get students sharing their academic experiences like internships, career fairs, and class projects that they’d want to show off to recruiters as part of their personal brand. “It’s a great way for students to build out their profile and have this authentic content that shows who they are and what their academic and professional experiences have been. Having these videos live on their profile can help students grow their network, prepare for life after graduation, and help potential employers learn more about them” Patel says.

But unfortunately that ignores the fact that Stories were originally invented for broadcasting off-the-cuff moments that disappear so you DON’T have to worry about their impact on your reputation. That dissonance might confuse users, discourage them from posting to Student Voices, or lead them to assume their clips will disappear from their profile too — which could leave embarrassing content exposed to hirers. “Authenticity” might not necessarily paint users in the best light to recruiters, so it seems more likely that students would post polished clips promoting their achievements…if they use it at all.

LinkedIn seems to be desperate to appeal to the next generation. Social app investigator and TechCrunch’s favorite tipster Jane Manchun Wong today spotted 10 minor new features LinkedIn is prototyping that include youth-centric options like GIF comments, location sharing in messages, and Facebook Reactions-style buttons beyond “Like” such as “Clap”, “Insightful”, “Hmm”, and “Support”.

When users post to Student Stories, they’ll have their university’s logo overlaid as a sticker they can move around. LinkedIn will generate this plus a set of suggested hashtags like #OnCampus based on a user’s profile including what school they say they attend, though users can also overlay their own text captions. Typically, users in the test phase were sharing videos of around 30 to 45 seconds. “Students are taking us to their school hackathons, showing us their group projects, sharing their student group activities and teaching us about causes they care about” Patel explains. You can see an example video here, and watch a sizzle reel about the feature below.

For now, LinkedIn tells me it has no plans to insert ads between clips in Student Voices. But if the Stories content assists with discovering and vetting job candidates, it could make LinkedIn more unique and indispensable to recruiters who do pay for premium access. And if these Stories get a ton of views simply by being emblazoned atop the LinkedIn feed, users might return to the app more frequently to share them. As we’ve seen with the steady increase in popularity of Facebook Stories, if you give people a stage for narcissism, they will fill it.

LinkedIn’s start as a dry web tool for seeking jobs has made for a rocky transition as it tries to become a daily habit for users. Some tactical advice in its feed can be helpful, but much of LinkedIn’s content feels blatantly self-promotional, boring, or transactional. Meanwhile, it’s encountering new competition as Facebook integrates career listings and job applications for blue-collar work into its social network that already sees over a billion people visit each day. It’s understandable why LinkedIn would try to latch on to the visual communication trend, as Facebook estimates Stories sharing will surpass feed sharing across all apps in 2019. But Student Voices nonetheless feels unabashedly “how do you do, fellow kids?”

Black Friday is, for the most part, bad. People are awful, retailers pull all sorts of shenanigans to make it seem like you’re getting a better deal than you are and a lot of people end up buying junk they don’t need to make the day feel like a “success.”

But you know that. If you’re gonna do this, you might as well go in with some sort of game plan. Our advice? Stay inside and shop online where you can, be aware that most of the best deals are stocked in hilariously low quantities and don’t be stubborn and buy some no-name Android tablet just because the sign says it’s 80 percent off and, well, they’re out of the TV you wanted anyway.

We’ve had roughly 4 billion Black Friday deal emails hit our inboxes over the last month. We’ve sifted through most of them to try to sort out the junk. We’ll keep adding new deals as we find them, so check back on the regular.

Many (most?) of these are already live, unless otherwise noted.

Amazon

If you’re trying to load up on Amazon’s own gear (things like the Fire TV stick, or the Echo), Black Friday is one of the best days to do it. Plus, since it’s all online, no waiting outside in the cold for you!

If you’re buying something else on Amazon on Black Friday because it seems like a good deal, punch it into CamelCamelCamel to check the price history first:

• Fire TV Stick: $25, usually $40.
• Fire TV Stick 4K: $35, usually $50.
• Fire TV Cube: $60, usually $120.
• Echo Sub with 2 Echo Plus: This one’s a combo pack, but it’s $330 for something that would normally cost $430 separately. Our own Matt Burns checked out the Echo Sub and liked it.
• Two-pack of Echo Spots: $160 for the pair. It’s normally $260 for two. This one is kinda weird, in that you have to add two to your cart and get to the final step before you’ll see the discount — but as of 11/19, it’s working.

---

---

Audible

Amazon’s audiobook service, Audible, is usually $15 per month. This week they’re selling three-month plans for $7 per month. That gets you one audiobook per month (plus two Audible Originals)… so, in a roundabout way, you’re getting three audiobooks for roughly $21.

Just remember to cancel when you’re done if you’re not using it, as the price jumps back up to $15 after three months. Set up a calendar reminder or something, if you have to.

Google

If you’ve put off buying a Pixel 3 or updating your Chromecast in hopes that there’d be some sort of deal, you’re in luck. Google says the sale won’t start until 11/22, but they’re pretty solid:

• Buy one Pixel 3 or Pixel 3 XL, you can get a second one 50 percent off.
• Just need one? The Pixel 3 will be $150 off its normal price ($649 instead of $799), while the Pixel 3 XL will be $200 off ($699 instead of $899).
• Google Home Hub, Google’s first Home device with a big ol’ screen on it, is being dropped from $149 to $99.
• Google Home Mini, usually $49, is dropping to $25.
• The standard Google Home will drop from $129 to $79.
• Chromecast is going from $35 to $25, while the 4K-friendly Chromecast Ultra is going from $69 to $49.
• The Pixelbook will drop from $999 to $699.

All of these will be available on Google’s own store but, again, they don’t go live until 11/22.

---

---

Samsung

Living that Android life, but don’t want a Pixel? Samsung has cut a few hundred bucks off both of its current flagship Android smartphones. The Galaxy S9 (64GB, unlocked) is currently $520 — down from $720. The bigger, beefier S9+ (64GB, unlocked) is down to $639, usually $839. The same $200 discount applies to all capacities, so you can bump it up to 128GB or 256GB if you need the space.

Sony

Sony is making a huge push this season by selling the 1 TB PlayStation 4 Slim, usually $300, for $199 at most major retailers. Better yet: It comes with a copy of Spider-Man, the new(ish) and absolutely fantastic PS4 exclusive that ate hundreds upon hundreds of hours of my life.

They’re pushing this sale at all the big-box stores, so you have your pick. You can find it at, for example, GameStop, Target, Walmart or Best Buy.

You also can get a year of PlayStation Plus, usually $60, for $40 from Walmart or Amazon. It’s a digital renewal code, so even if you’re not ready to renew right now, you can hang on to it for later.

GameStop, meanwhile, has PS4 controllers marked down to $38 (usually $60)

Microsoft

It’s not quite as good as the PS4 deal — but if you lean heavier toward the Xbox camp, Amazon has 1 TB Xbox One S with Battlefield V or with NBA 2K19, each for $230 (usually $299).

Need more controllers? Starting on Thanksgiving Day, Microsoft will also be selling controllers for $40 — down from the normal price of $60. Walmart is price-matching the deal a little early, though the price isn’t showing until it’s in your cart.

Got your sights set on the highest-end Xbox, the Xbox One X? It doesn’t come with any games, but both Amazon and Walmart have it marked down to $400 from its usual price of $499.

Apple

Apple doesn’t really play the Black Friday game. As a result, there are only a handful of Apple-related deals this year — expect stock to be super limited, and most of them won’t go live until Thanksgiving Day.

Walmart, Target, Costco and Jet will all be selling the 2018 iPad (32 GB) for $250 — down from the usual price of $320. Best Buy, meanwhile, will sell the 2018 iPad (128 GB) for $329 — down from $429.

Target and a few other stores, meanwhile, are dropping the Apple Watch Series 3 down from $279 to $199…. but be aware that this is a generation behind, as Apple has already moved on to Series 4.

---

---

Sonos

Sonos doesn’t often do sales on its speakers, but they’ve got a few lined up for this week. These won’t actually start until Thanksgiving day — but once they do, they should be available on Sonos.com and run until Monday, 11/26.

Sonos One, the company’s compact speaker with Alexa built in (and pictured above), will drop from $199 to $175.

Sonos Beam, their smaller soundbar, will drop from $399 to $349 (alas, there’s no official deal on the company’s bigger, badder soundbar, the Playbar — but Amazon has a deal going right now that keeps it at the normal $699 price but also throws in a wallmounting kit and a $50 Amazon gift card).

The Sonos SUB, meanwhile, drops from $699 to $599.

Another day, another stock market setback for once high-flying technology companies, which have lost roughly $1 trillion in the latest stock market slide.

Shares of the core group of consumer technology companies including Facebook, Amazon, Apple, Alphabet, and Netflix are falling again — contributing to the big indexes like the Dow Jones Industrial Average and the S&P 500 sliding into negative territory for the year.

This collapse is thanks in part to rising interest rates that have investors looking for a more stable return profile than placing bets on high-growth technology companies. There’s also some concern that maybe growth won’t be so high for these technology giants as they enter their teenage and twenty-something years as public companies.

It’s also happening against the backdrop of an overall economic picture that looks less rosy for the United States. Single family housing starts, which are considered a bellwether for the nation’s economic health are still down from their highs, despite multi-family housing starts picking up.

None of this is particularly good news for startups or venture investors.

Indeed it could impact planned IPOs for 2019, which has been billed as the big year when several later stage companies were to make their public market debuts. Those public offerings were supposed to give investors liquidity and bolstering the argument for the billions of dollars which investors have poured into high tech startups over the past decade.

If the IPO window closes, which looks likely should this slide continue, investors might be less inclined to open their wallets for startups looking to raise cash.

That could, in turn, present problems for companies with high burn rates. The declining value of tech stocks will also impact liquidity in other ways as companies become more conservative and will likely spend less on mergers or acquisitions that provided another avenue to exits for startup companies.

In all, this is tenuous time for the tech industry and it might mean the beginning of the end for this current boom cycle.

FedEx is turning to a relatively new and unknown startup as it ramps up its efforts to electrify its fleet of delivery vans. The company announced Tuesday plans to add 1,000 electric delivery vehicles from Chanje Energy, a California-based and China-backed startup founded in 2015.

FedEx is purchasing 100 of the vehicles from Chanje Energy. It will lease the remaining 900 Chanje vehicles from Ryder System. The purpose-built electric vehicles will be delivered on a rolling basis over the next two years.

The vans, which can travel more than 150 miles when fully charged, will be used by FedEx Express for commercial and residential pick-up and delivery services in California. 

Chanje’s roots grew out of Smith Electric Vehicles, a now defunct electric-truck company based in Kansas City. Chanje was originally meant to be joint venture between Smith and FDG Electric Vehicles. Smith no longer operates and Chanje, led by Smith’s former CEO Bryan Hansel, has gone on to grow.

Chanje, which is targeting last-mile delivery and energy (or charging) services, has a strategic partnership with Hong Kong-based FDG.

Chanje’s vans are being manufactured by FDG in Hangzhou, China; the startup’s headquarters are in Los Angeles and has some operations in Kansas City. Eventually, Chanje has plans to open an assembly plant in the U.S. The company hasn’t determined a location yet.

FedEx has been using EVs as part of part of its pickup-and-delivery fleet since 2009; and its sustainability goal promises that it will continue to add more. The company has a goal to increase vehicle fuel efficiency 50 percent from a 2005 baseline by 2025.

FedEx had more than 2,860 alternative-fuel, electric and hybrid-electric vehicles at the end of 2017. The EVs have the potential to help FedEx save 2,000 gallons of fuel while avoiding 20 tons of emissions per vehicle each year, according to the companies.

15 weeks after Facebook announced its “Your Time On Facebook” tool that counts how many minutes you spend on the app, the feature is finally rolling out around the world. Designed to help you manage your social networking, the dashboard reveals how many minutes you’ve spent on Facebook’s app on that device each day for the past week and on average.

You can set a daily limit and receive a reminder to stop after that many minutes each day, plus access shortcuts to notification ,News Feed, and Friend Request settings. Those last two shortcuts are new, but otherwise the feature works the same as when it was previewed. You can access it by going to Facebook’s More tab -> Settings & Privacy -> Your Time On Facebook.

TechCrunch first broke the news that Facebook was working on the feature in June. Facebook gave some explanation for the delayed access to the feature, with spokespeople telling me “We typically rollout features slowly so we can catch bugs early and resolve them quickly. We slowed the rollout of the tools after launch so our teams could fix a few bugs before we expanded globally” and that “the tools will continue rolling out over the next few weeks.” Social consultant Matt Navarra had spotted the tool reaching more users today.

With the launches of similar tools as part of the latest versions of iOS and Android, plus the roll out of the similar Your Activity tab on Instagram last week, digital well-being features are becoming available to a wide swath of smart phone users. The question is whether simply burying these features in the Settings menus is enough to actually get people to shift towards healthier behavior.

Facebook and Instagram’s versions are particularly toothless. There are no options to force you to ease off your usage, just a quick daily limit notification to dismiss. iOS 12’s Screen Time at least delivery’s a weekly usage report by default so the feature finds you even if you don’t go looking for it. And Android’s new Digital Wellbeing dashboard is by far the most powerful, graying out app icons and requiring you to dig into your settings to unlock apps once you hit your daily limit. Facebook doesn’t necessarily need to force heavier restrictions on us, but it should at least provide more compelling optional tools to actually make us put our phones down and look up at the real world.

Facebook’s dashboard doesn’t integrate with Instagram’s, which would give people a more holistic sense of their activity on the social networks. You also won’t have your desktop Facebooking or time on secondary mobile devices like tablets tabulated here either.

But the biggest flaw remains that Your Time On Facebook treats all time the same. That seems to ignore the research Facebook itself has presented about digital well-being on social networks, as well as CEO Mark Zuckerberg’s comments on what constitutes healthy and unhealthy behavior. Zuckerberg said on the Q1 2018 earnings call “the well-being research that we’ve done . . . suggests that when people use the Internet for interacting with people and building relationships, that is correlated with all the positive measures of well-being that you’d expect — like longer term health and happiness, feeling more connected and less lonely – whereas just passively consuming content is not necessarily positive on those dimensions.”

Yet you can’t tell active and passive Facebooking apart from the dashboard. There’s no way to see a breakdown of how long you spend browsing the News Feed, watching Stories, or exploring photos on profiles versus creating posts or comments, messaging, or interacting in Groups. That segmentation would give users a much clearer view of where they’re spending or wasting hours, and what they could do to make their usage healthier. Hopefully with time, Facebook gives the dashboard more nuance so we can track not just time, but time well spent.

Valve has quietly updated the Steam page for the Steam Link. The message says that Valve is discontinuing the Steam Link. The device will become unavailable once all units have been sold.

When Valve introduced the Steam Link in 2015, your TV setup was completely different. Google, Amazon and Apple just released Android TV, the Fire TV and tvOS. Smart TVs weren’t so smart. In other words, you had no way to install an app and run it on your TV.

The Steam Link was a tiny box with an HDMI port, USB ports, an Ethernet port, Wi-Fi, Bluetooth and more. It could only do one thing — you could connect the Steam Link to a Steam client running on a powerful computer and play games on a different screen. Even before the Nintendo Switch, companies were thinking about ways to play the same game in multiple ways.

And if you were wondering why the Steam Link has yet to receive an update, you now have the answer. The company is switching to a software strategy.

“The supply of physical Steam Link hardware devices is sold out. Moving forward, Valve intends to continue supporting the existing Steam Link hardware as well as distribution of the software versions of Steam Link, available for many leading smart phones, tablets and televisions,” the company says on the store page.

You can still find devices on third-party retailers, but they’ll soon be all gone.

Going forward, you’ll be able to install the Steam Link app on your phone or Android TV device (including on the Fire TV if you side-load the app). You can then launch a Steam game on your PC and play it on your TV.

Unfortunately, Apple currently refuses to allow the Steam Link app on the App Store. I really hope that Apple is going to change its mind because it would be a pretty good gaming and entertainment system.