Year: 2018

Startups are strange beasts. Founders and investors are obviously so super-focused on building their companies that sometimes they forget to delve into the big issues behind tech and startups. Plus, do they ever know what’s going on outside their laser-focused view? Sometimes it’s good to take stock.

That’s why we’ve built The Europas Awards & Unconference (July 3) in association with TechCrunch, to give you a heads-up on the big issues, time to network, and time to celebrate with peers and friends, on a great day in London.

So what is The Europas?

• Key Founders and investors speaking
• No secret VIP rooms, maximum Speaker interaction
• Ultra-high quality crowd, largely invited
• Convivial, relaxed atmosphere conducive to networking
• Intimate “breakout” sessions with key players
• Journalists from major tech titles
• Percentage of profits will be donated to charity
• A stunning awards dinner and party which honours both the hottest startups and the leading lights in the European startup scene

The Unconference

Pull up a front row seat at our Unconference as some of the most incisive and prescient thought leaders in tech will discuss and debate some of the biggest issues, opportunities and challenges in tech. You won’t want to miss these panels:

• Should We Stay or Should We Go Now? What next for European’s tech economy as Brexit looms? We’re joined by LocalGlobe partner Suzanne Ashman, BGF partner, Wendy Tan White, and Eloise Todd, CEO of Best for Britain to dissect what the Leave ramifications are for the tech ecosystem.

• The Disinfoconomy: We were all shocked, shocked, to learn that Facebook had allowed commercial entities access to our private data with no oversight into how that data was being used and for what purpose. Our panelists debate what next for businesses peddling in private data, do consumers care enough to change their behaviour, what impact has this had on the media, and is there a way to sort all this mess out?

• Mapping the Future of Transportation in an Autonomous Age: The era of the autonomous vehicle is nigh! But how will AVs interact with our existing transportation landscape in our current gridlocked cities? Bill Gross-backed AIPod thinks it has a solution. CRO and co-founder Steve Gledden unpacks the details.

• AI + Startups – A Non Starter? So you wanna be an AI startup, but there’s the pesky little problem of enough data. Paul Dowling of Dreamstake Ventures leads a discussion with Steve King of social prediction startup Black Swan and Draper Esprit partner and long-time health tech investor Vishal Gulati on the data challenge.

• APPily Ever After or APPocalypse now? Dating Apps in a Post #MeToo World. Dating apps have radically reshaped how we form relationships, our attitudes toward sex, sexism, objectification and desire — and quite frankly, what constitutes good manners. We’re joined by Olivia June, founder of vina.io, and more to come.

• TWO tracks on Crypto and Blockchain:

We’ve got TWO tracks on Crypto and Blockchain this year, one dedicated to understanding the ins and outs of investing, token economics, and ICOs; the other to the industries being disrupted by the use of blockchain or DLT. We have panels looking at social impact; the media, creative industries and visual arts, digital identity, and financial services. These panels are meant to get you clued up quickly and to explore the most exciting startups in these verticals.

• Startup Central Zone

Finally, we’ve got Startup Central, with panels packed with advice on fundraising from seed to C and beyond. You’ll want to join the Future of Funding panel, a deep dive into raising money through ICOs, traditional venture capital, and crowdfunding. We’re excited to be joined by Ali Ganjavian, founder of Studio Banana. Yes, he’s the Kickstarter darling behind the Ostrich Pillow. Our favourite tech journos, including Steve O’Hear of TechCrunch, join our popular Meet the Press panel, where you’ll get to turn the tables and grill reporters on what they think makes a tech story.

• Pitch Roulette

At the end of the day, join us for Pitch Roulette, where some of Europe’s biggest VCs will be giving selected startups feedback on their pitch.

A week after appointing a CEO for its healthcare joint venture with Berkshire Hathaway and JPMorgan, Amazon today announced an acquisition that underscores how it also hopes to have a more direct — and more commercial — role in the world of healthcare in the coming years. The company has purchased PillPack, an online pharmacy the lets users buy medications in pre-made doses.

Terms of the deal have not been disclosed by Amazon, but sources close to the deal say it was for just under $1 billion. PillPack had reportedly been in talks with Walmart — one of Amazon’s big rivals — for an acquisition, and we confirmed that this was indeed the case. “But someone” — that is, Amazon — “came along offering more.”

According to PitchBook, PillPack was last valued at $361 million after a round of funding in 2016. This deal is expected to close in the second half of 2018.

The move (and that reported valuation hike) signal how heated the e-health market is becoming, and also how Amazon views it as a key frontier in its bid to be the go-to place for anything a consumer (or medical organization) might want or need in the area of healthcare.

The might of Amazon in commerce plays a massive role in how the market is poised to develop: it buying the company is not only a signal of how PillPack will likely get scaled out (not least through Amazon’s healthcare JV) but also because of how other pharmacy companies will have to respond. So far, the market is punishing the rest for not already being where Amazon appears to be going.

“PillPack’s visionary team has a combination of deep pharmacy experience and a focus on technology,” says Jeff Wilke, Amazon CEO of Worldwide Consumer, in a news release. “PillPack is meaningfully improving its customers’ lives, and we want to help them continue making it easy for people to save time, simplify their lives, and feel healthier. We’re excited to see what we can do together on behalf of customers over time.”

PillPack has a license to operate in all 50 states in the U.S. and has other accreeditations such as URAC AND VIPPS, but it doesn’t seem to be operational in international markets. Its PharmacyOS — the system it has built that forms the basis of the company — is a platform that helps manage patient data and figure out how to balance meds together in safe doses for its customers.

The challenge that the company is addressing is very real: the US is a huge consumer of medicines, and some of that has tipped into a large epidemic of abuse. While there are a lot of things that will have to happen to tackle that in the long and short term, at least helping to provide controlled doses of what patients are being prescribed is one aspect of how to tackle the problem.

It looks like TJ Parker, co-founder and CEO of PillPack, will be staying on to run the business.

“PillPack makes it simple for any customer to take the right medication at the right time, and feel healthier,” he said in a statement. “Together with Amazon, we are eager to continue working with partners across the healthcare industry to help people throughout the U.S. who can benefit from a better pharmacy experience.”

PillPack, based in Manchester, New Hampshire, started out at TechStars in Boston in 2013, when it was still led by Katie Rae, and over the years it had raised $123 million with investors including Accel, Accomplice, Charles River Ventures and Menlo Ventures.

Slowly but surely, Amazon’s been turning its Fire tablets into Echos. It started with push to talk Alexa function. Last year, the company added a hands-free mode for the voice assistant. Now, it’s adding Show Mode, which brings the same title card UI you get on the company’s screen-enabled smart speaker.

Better still, Amazon’s introducing a Show Mode Charging Dock, a stand that effectively transforms the Fire into a makeshift Show. Place the tablet into a dock and it starts charging and automatically flips into Show mode, so you can do all of the standard Echo activities from across the room.

The dock works with both the most recent Fire HD 8 and 10 (if I had to venture a guess, I’d say the 7 will probably be getting the functionality, as well). If you already have one of the devices, the feature will be coming through an over-the-air update starting July 2. Once it’s in place, it will play nicely with other Echos in your home, using Amazon’s ESP (“Echo Spatial Perception”) feature.

I’d have to imagine a new, less bulky version of the Show is in the works. In the meantime, this is a pretty compelling alternative — and a chance for Amazon to be a bit more competitive with the numerous third-party devices Google unveiled back at CES. The tablet+dock package is ultimately a cheaper option than the Show’s $230 price tag (though that device is discounted to $160 at the moment).

The docks themselves run $40 for the eight-inch and $55 for the 10 (both are discounted $5 for the time being). If you don’t already have the tablets on-hand, you can pick up a bundle for $110 and $190, respectively. Picking up this configuration also gives you a lot more flexibility versus just going in on the Show.

As for what the Show brings to the table? Better built-in mics and speakers are the primary answer. Ultimately, however, I suspect Amazon isn’t really concerned about some of its devices cannibalizing others, so long as it gets more Amazon products out in the world.

Nuro, an autonomous vehicle startup focused on local deliveries, has partnered with 135-year-old grocery retailer Kroger to offer same-day deliveries. The two have yet to announce which market this will be live in, but the plan is to launch the several-month-long pilot this fall.

Nuro’s intent is to use its self-driving technology in the last mile for the delivery of local goods and services. That could be things like groceries, dry cleaning, an item you left at a friends house or really anything within city limits that can fit inside one of Nuro’s vehicles. Nuro has two compartments that can fit up to six grocery bags each.

When it came to going to market, Nuro CEO Dave Ferguson told me groceries were most exciting to him. And Kroger particularly stood out because of its smart shelf technology and partnership Ocado around automated fulfillment centers.

“With the pilot, we’re excited about getting more experience interacting with real customers and understanding exactly what they want,” Ferguson said. “The things they love about it, the things they don’t love as much. As an organization for us, it’s also very valuable for us to have to exercise our operational muscle.”

Throughout the pilot program, Nuro will be looking to see how accurate its estimated delivery times are, how the public reacts to the vehicles and how regular, basic cars interact with self-driving ones.

The pilot will be live in just one market, but Kroger has 2,800 stores nationwide so Nuro sees the partnership as an opportunity to reach the vast majority of America. Kroger already offers same-day delivery to 75 percent of its customers. With Nuro on board, the idea is to deploy the self-driving cars in areas where Kroger has yet to offer delivery services.

“We want to be available to every single customer of ours,” Kroger Chief Digital Officer Yael Cosset told TechCrunch.

On the customer side, the experience will surely be different from what they’re used to. Currently, Kroger customers expect the grocery delivery drivers to bring their items to their front door. With Nuro’s vehicles, they’ll only go as far as curbside.

“This is an area where we’re going to learn a lot from the pilot,” Cosset said. “We have theories and assumptions about high density and low density and we want to see how that plays out.”

Cosset went on to describe how he doesn’t see the current model for delivery and autonomous vehicle-powered delivery as mutually exclusive.

“We believe they’re complimentary,” Cosset said. “We may realize the optimal time to use autonomous vehicles is between 10 – 11 in the morning and the rest of the day have a fully-staffed model.”

Down the road, Nuro will continue looking at additional partners for its local delivery ambitions. Although Nuro is excited about the partnership with Kroger, it’s not an exclusive one.

“Given we’re a startup, we can’t afford to put our eggs in one basket,” Ferguson said. “But we do have the full intention of going big with Kroger and trying to do as much as we can together.”

Other potential partners for Nuro may include those like local dry cleaners, bakeries and florists.

“I think the only way realistically to do that is to provide a way for customers to access all of these local services through one spot,” Ferguson said. “That way, we’ll be able to collectively provide this local community delivery service and have some way to get all these local businesses within the same experience.”

Zagster, the bike-share company behind the Pace brand, is launching what it’s calling Pace Parking. The idea is for it so serve as a parking platform for bikes, electric bikes and electric scooters. Pace is first launching these in Chicago, Austin and Bloomington, Ind., with the plan to launch in additional cities this year.

This parking platform is designed to support dockless lock-to vehicles, like JUMP bikes and Skip scooters. In partnership with cities, private landowners and local businesses, the idea is to make sure communities have proper parking infrastructure.

“With the meteoric rise of dockless bikes, ebikes and scooters in the U.S., our cities are now in the early stages of a massive transformation in how people get around — one as significant as the personal automobile in 20th century,” Zagster CEO Tim Ericson said in a statement. “Imagine a city with tens of thousands of cars and nowhere to park them — this is the huge challenge faced by every major U.S. city right now. Without mobility parking infrastructure, cities have no solution to secure the flood of new vehicles descending upon their streets and sidewalks, and we are the first company to do something about it. As the pioneer of lock-to dockless bike sharing, we’re proud to deliver the first ever universal, secure, smart parking platform for parking not just Pace bikes, but other shared bikes, personal bikes, electric scooters, and future mobility vehicles.”

Earlier this year, Zagster raised a $15 million round led by Edison Capital Partners. The startup has also unveiled its new bike parking system for both shared and personal bikes.

“Bikes have always locked to things,” Zagster CEO Tim Ericson said in a press release. “Cities have been willing to experiment with dockless bikes that don’t lock to anything because they lack sufficient bike parking and, until Pace, lacked a partner willing to install this infrastructure at no cost.”

Zagster’s Pace is one of the newer entrants to the bike-share space, which consists of a number of startups and larger companies battling for contracts with cities all over the world.

Pace, which launched in December, currently operates in Tallahassee, Florida and Knoxville, Tennessee. With the funding, Zagster plans to launch Pace in additional cities this year. Zagster also operates a bike-share solution for municipalities looking to offer their own city-specific services. Zagster, which launched in 2007, operates more than 200 bike-shares across 35 states in the U.S. This move to support multi-modal transportation options likely signals the entrance of yet another electric scooter service.

What does brand loyalty even mean anymore? App downloads, points, stars, and other complex reward systems have not just spawned their own media empires trying to decipher them, they have failed at their most basic objective: building a stronger bond between a brand and its consumers.

Bumped wants to reinvent the loyalty space by giving consumers shares of the companies they shop at. Through Bumped’s app, consumers choose their preferred retailer in different categories (think Lowe’s vs The Home Depot in home improvement), and when they spend money at that store using a linked credit card, Bumped will automatically give them ownership in that company.

The startup, which is based in Portland and was founded in March 2017, announced the beta launch of its service today, as well as a $14.1 million series A led by Dan Ciporin at Canaan Partners, along with existing seed investors Peninsula Ventures, Commerce Ventures, and Oregon Venture Partners.

Bumped is a brokerage, and the company told me that it has passed all FINRA and SEC licensing. When consumers spend money at participating retailers, they receive bona fide shares in the companies they shop at. Each retailer determines a loyalty percentage rate, which is a minimum of 1% and can go up to 5%. Bumped then buys shares off the public market to reward consumers, and in cases where it needs to buy fractional shares, it will handle all of those logistics.

For founder and CEO David Nelsen, the startup doesn’t just make good business sense, it can have a wider social impact of democratizing access to the public equity markets. “A lot of brands need to build an authentic relationship with the customers,” he explained to me. “The brands that have a relationship with consumers, beyond price, are thriving.” With Bumped, Nelsen’s goal is to “align the interests of a shareholder and consumer, and everybody wins.”

His mission is to engage more Americans into the equity markets and the power of ownership. He notes that far too many people fail to setup their 401k, and don’t invest regularly in the stock market, citing a statistic that only 13.9% of people directly own a share of stock. By offering shares, he hopes that Bumped engages consumers to think about their relationship to companies in a whole new way. As Nelsen put it, “we are talking about bringing a whole new class of shareholders into the market.”

This isn’t the first time that Nelsen has built a company in the loyalty space. He previously was a co-founder and CEO of Giftango, a platform for prepaid digital gift cards that was acquired by InComm in late 2012.

That previously experience has helped the company build an extensive roster for launch. Bumped has 19 brands participating in the beta, including Chipotle, Netflix, Shake Shack, Walgreens, and The Home Depot. Another 6 brands are currently papering contracts with the firm.

Ciporin of Canaan said that he wanted to fund something new in the loyalty space. “There has been just a complete lack of innovation in the loyalty space,” he explained to me. “I think about it as Robinhood meets airline points programs.” One major decider for Ciporin in making the investment was academic research, such as this paper by Jaakko Aspara, showing that becoming a shareholder in a company tended to make consumers significantly more loyal to those brands.

In the short run, Bumped heads into a crowded loyalty space that includes companies like Drop, which I have covered before on TechCrunch. Nelsen believes that the stock ownership model is “an entirely different mechanism” in loyalty, and that makes it “hard to compare” to other loyalty platforms.

Longer term, he hints at exploring how to offer this sort of equity loyalty model to small and medium businesses, a significantly more complex challenge given the lack of liquid markets for their equity. Today, the company is exclusively focused on publicly-traded companies.

Bumped today has 14 people, and is targeting a team size of around 20 employees.

After the launching of the Fire HD Kids Edition 7, customers asked for a larger version, so Amazon announced the Fire HD Kids Edition 8. Now the company’s back at it again, with the Fire HD Kids Edition 10. Not exactly groundbreaking, but when you’re Amazon, you give the people what they want.

As with its predecessors, the new tablet is essentially a Fire HD outfitted with a bumper, software for kids and parents and a two-year “worry-free guarantee.” Amazon says it’s “built from the ground up for kids,” which isn’t really true — though that’s perfectly fine. The important thing is that you’re getting decent enough specs for a low price.

At $200, it’s a $50 premium over the standard 10-inch Fire. Given all of the stuff the company is bundling in here, however, Amazon says you’re essentially getting a $120 discount, when all is said and done.

The device once again ships with a year of Amazon FreeTime unlimited, bringing 15,000 books/movies/apps/games to the device. Using that, parents can limit and track screen time on the device, assuring that kids are using the device to read an actual book, in addition to various other media consumption.

The newer, larger kids tablet will be available in blue, pink or yellow. It’s up for pre-order today and starts shipping July 11.

A lot of the innovation we’ve seen in the world of commerce has been focused on the front end of the business: how to use digital tools to improve shoppers’ experiences both online and offline — ultimately get them to buy more. Today, however, comes news of some funding for a startup that has built an app to help the retailers themselves. Yoobic, whose SaaS platform lets retail staff communicate with head offices to plan and execute merchandising and marketing campaigns using technology like computer vision to get the job done — to make the in-store experience as agile as the online one, in the words of CEO and co-founder

has raised $25 million in funding, money that it will use to expand beyond its home markets of London and Europe to the US.

The funding is being led by Insight Venture Partners, the prolific investor that has been especially active of late. Felix Capital, which led the startup’s Series A, is also in this round.

The money comes on the heels of strong growth for Yoobic: revenues are up by 143 percent between 2016 and 2017, and the product is now being used by 100 retailers and their wider range of 20,000 stores in 44 countries. Some 100,000 tasks get completed each month using the app each month, a 250 percent rise versus 2017. Customers include a number of luxury brands, Lacoste, the Casino Group, Aldi UK (part of Aldi Sud, which also has operations in the US; Aldi Nord, a separate business, owns Trader Joe’s), and car companies like Peugeot and Citroen.

Yoobic is using the power of technology to address a particular pain point in the world of retail. When a company — either a brand or the retailer selling goods — has merchandise dispersed across multiple locations, it becomes a challenge to sell items in a consistent way.

A sale, or a particular campaign, or simply just a house style for how to lay out products are all scenarios that are hard to do consistently and efficiently when you have a disparate staff of salespeople — the average level of churn of retail salespeople is 50 percent annually and it’s rising — needing to take communications from a central office and people who may be nowhere in your physical vicinity.

Yoobic’s solution is a platform that works on a mobile app — or a computer, although the vast majority of salespeople use mobile devices as they do not sit at desks — that provides running conversations around different campaigns, with instructions of how to present items.

Crucially, it’s very simple to use: you need something simple not just because of employee churn, but because campaigns, sales and other changes in retail layout potentially might be taking place throughout the day, said Fabrice Haïat, CEO and co-founder of Yoobic. “We don’t have time to train.”

The remote salespeople can use their device’s camera to shoot their own layouts to check them against the provided instructions, and the app’s algorithms checks these automatically and suggests changes where they might be needed. When everything meets specifications, notifications get sent to managers at the head office to let them know that the layout has been completed.

Down the line, the same systems can potentially be used for inventory checks, updates on in-store footfall, and other physical details that are harder to monitor when you’re not at the store. “We’re just scratching the surface,” Haïat said.

Haïat added that in the past, a company would have had to rely on managers’ assessments, or in-store checks to monitor whether things are running as they should be, but that can be inconsistent, or costly if you do it well. Similarly, messaging has always been slow and clumsy. “The communications between a store and head office have been based around emails,” he said. “The object is to kill the email and replace it with an intelligent task management solution.”

The rise of Yoobic — which actually made its debut on TechCrunch’s Disrupt stage — mirrors that of how the retail industry has tried to tap into the advances of technology to make their operations more efficient, and more profitable, not just to improve the experience but to make sure that brick-and-mortar can keep pace with whatever advantages online sales, and online sales behemoths like Amazon, might have.

It may be some time before physical commerce becomes devoid of all human involvement — an endgame that companies like Amazon are already testing — but in the meantime, we’re seeing innovations like better experiences in trying to figure out what might look good on you, how to find what you want in a store, more efficient check-out flows, and stronger links between purchasing and how users are browsing online. All of those are now being digitised and that’s creating a vast array of data points that map out a customer’s digital profile.

While Yoobic doesn’t directly tie in with the customer experience, the work that it enables definitely makes use of those data points, and contributes to fulfilling bigger marketing strategies. “For example, say you get data from the point-of-sale system that indicates that sales of Coke are dropping, but you also know you’re about to have a heatwave,” Haïat explained. “A retailer can use Yoobic to lay out a promotional display for Coke to meet that potential demand and boost sales of the drink in the process.”

Yoobic also offers an API that can integrate the service into other systems — there are already integrations with Workplace and Slack, Haïat said, which mean Yoobic itself isn’t used for basic messaging and chat services, just the business of retailing, marketing and selling.

“The YOOBIC team has created a best-in-class product offering and we are looking forward to working on the company’s future and expansion in the US,” said Jeff Lieberman, MD of Insight Venture Partners, in a statement. “We believe solutions like this will become a must-have for retailers, and that YOOBIC has the opportunity and the potential to become the leader of its category.”

Interestingly, the founders of Yoobic — Fabrice, Avi, and Gilles Haïat, all brothers — are serial entrepreneurs whose previous startup, Vizelia, was sold to Schneider Electric. It had an interesting parallel to what they have built with Yoobic: it was a energy monitoring solution for buildings. “Initially we were monitoring energy, and now we are monitoring retail,” Fabrice said. “Conceptually, there is a connection.”

Facebook knows the historical app audit it’s conducting in the wake of the Cambridge Analytica data misuse scandal is going to result in a tsunami of skeletons tumbling out of its closet.

It’s already suspended around 200 apps as a result of the audit — which remains ongoing, with no formal timeline announced for when the process (and any associated investigations that flow from it) will be concluded.

CEO Mark Zuckerberg announced the audit on March 21, writing then that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity”.

But you do have to question how much the audit exercise is, first and foremost, intended to function as PR damage limitation for Facebook’s brand — given the company’s relaxed response to a data abuse report concerning a quiz app with ~120M monthly users, which it received right in the midst of the Cambridge Analytica scandal.

Because despite Facebook being alerted about the risk posed by the leaky quiz apps in late April — via its own data abuse bug bounty program — they were still live on its platform a month later.

It took about a further month for the vulnerability to be fixed.

And, sure, Facebook was certainly busy over that period. Busy dealing with a major privacy scandal.

Perhaps the company was putting rather more effort into pumping out a steady stream of crisis PR — including taking out full page newspaper adverts (where it wrote that: “we have a responsibility to protect your information. If we can’t, we don’t deserve it”) — vs actually ‘locking down the platform’, per its repeat claims, even though the company’s long and rich privacy-hostile history suggests otherwise.

Let’s also not forget that, in early April, Facebook quietly confessed to a major security flaw of its own — when it admitted that an account search and recovery feature had been abused by “malicious actors” who, over what must have been a period of several years, had been able to surreptitiously collect personal data on a majority of Facebook’s ~2BN users — and use that intel for whatever they fancied.

So Facebook users already have plenty reasons to doubt the company’s claims to be able to “protect your information”. But this latest data fail facepalm suggests it’s hardly scrambling to make amends for its own stinkingly bad legacy either.

Change will require regulation. And in Europe that has arrived, in the form of the GDPR.

Although it remains to be seen whether Facebook will face any data breach complaints in this specific instance, i.e. for not disclosing to affected users that their information was at risk of being exposed by the leaky quiz apps.

The regulation came into force on May 25 — and the javascript vulnerability was not fixed until June. So there may be grounds for concerned consumers to complain.

Which Facebook data abuse victim am I?

Writing in a Medium post, the security researcher who filed the report — self-styled “hacker” Inti De Ceukelaire — explains he went hunting for data abusers on Facebook’s platform after the company announced a data abuse bounty on April 10, as the company scrambled to present a responsible face to the world following revelations that a quiz app running on its platform had surreptitiously harvested millions of users’ data — data that had been passed to a controversial UK firm which intended to use it to target political ads at US voters.

De Ceukelaire says he began his search by noting down what third party apps his Facebook friends were using — finding quizzes were one of the most popular apps. Plus he already knew quizzes had a reputation for being data-suckers in a distracting wrapper. So he took his first ever Facebook quiz, from a brand called NameTests.com, and quickly realized the company was exposing Facebook users’ data to “any third-party that requested it”.

The issue was that NameTests was displaying the quiz taker’s personal data (such as full name, location, age, birthday) in a javascript file — thereby potentially exposing the identify and other data on logged in Facebook users to any external website they happened to visit.

He also found it was providing an access token that allowed it to grant even more expansive data access permissions to third party websites — such as to users’ Facebook posts, photos and friends.

It’s not clear exactly why — but presumably relates to the quiz app company’s own ad targeting activities. (Its privacy policy states: “We work together with various technological partners who, for example, display advertisements on the basis of user data. We make sure that the user’s data is pseudonymised (e.g. no clear data such as names or e-mail addresses) and that users have simple rights of revocation at their disposal. We also conclude special data protection agreements with our partners, in which they commit themselves to the protection of user data.” — which sounds great until you realize its javascript was just leaking people’s personally identified data… [facepalm])

“Depending on what quizzes you took, the javascript could leak your facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends,” writes De Ceukelaire.

He reckons people’s data had been being publicly exposed since at least the end of 2016.

On Facebook, NameTests describes its purpose thusly: “Our goal is simple: To make people smile!” — adding that its quizzes are intended as a bit of “fun”.

It doesn’t shout so loudly that the ‘price’ for taking one of its quizzes, say to find out what Disney princess you ‘are’, or what you could look like as an oil painting, is not only that it will suck out masses of your personal data (and potentially your friends’ data) from Facebook’s platform for its own ad targeting purposes but was also, until recently, that your and other people’s information could have been exposed to goodness knows who, for goodness knows what nefarious purposes… 

The Facebook-Cambridge Analytica data misuse scandal has underlined that ostensibly frivolous social data can end up being repurposed for all sorts of manipulative and power-grabbing purposes. (And not only can end up, but that quizzes are deliberately built to be data-harvesting tools… So think of that the next time you get a ‘take this quiz’ notification asking ‘what is in your fact file?’ or ‘what has your date of birth imprinted on you’? And hope ads is all you’re being targeted for… )

De Ceukelaire found that NameTests would still reveal Facebook users’ identity even after its app was deleted.

“In order to prevent this from happening, the user would have had to manually delete the cookies on their device, since NameTests.com does not offer a log out functionality,” he writes.

“I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends,” he adds, fleshing out the risks for affected Facebook users.

As well as alerting Facebook to the vulnerability, De Ceukelaire says he contacted NameTests — and they claimed to have found no evidence of abuse by a third party. They also said they would make changes to fix the issue.

We’ve reached out to NameTests’ parent company — a German firm called Social Sweethearts — for comment. Its website touts a “data-driven approach” — and claims its portfolio of products achieve “a global organic reach of several billion page views per month”.

After De Ceukelaire reported the problem to Facebook, he says he received an initial response from the company on April 30 saying they were looking into it. Then, hearing nothing for some weeks, he sent a follow up email, on May 14, asking whether they had contacted the app developers.

A week later Facebook replied saying it could take three to six months to investigate the issue (i.e. the same timeframe mentioned in their initial automated reply), adding they would keep him in the loop.

Yet at that time — which was a month after his original report — the leaky NameTests quizzes were still up and running,  meaning Facebook users’ data was still being exposed and at risk. And Facebook knew about the risk.

The next development came on June 25, when De Ceukelaire says he noticed NameTests had changed the way they process data to close down the access they had been exposing to third parties.

Two days later Facebook also confirmed the flaw in writing, admitting: “[T]his could have allowed an attacker to determine the details of a logged-in user to Facebook’s platform.”

It also told him it had confirmed with NameTests the issue had been fixed. And its apps continue to be available on Facebook’s platform — suggesting Facebook did not find the kind of suspicious activity that has led it to suspend other third party apps. (At least, assuming it conducted an investigation.)

Facebook paid out a $4,000 x2 bounty to a charity under the terms of its data abuse bug bounty program — and per De Ceukelaire’s request.

We asked it what took it so long to respond to the data abuse report, especially given the issue was so topical when De Ceukelaire filed the report. But Facebook declined to answer specific questions.

Instead it sent us the following statement, attributed to Ime Archibong, its VP of product partnerships:

A researcher brought the issue with the nametests.com website to our attention through our Data Abuse Bounty Program that we launched in April to encourage reports involving Facebook data. We worked with nametests.com to resolve the vulnerability on their website, which was completed in June.

Facebook also claims it received De Ceukelaire’s report on April 27, rather than April 22, as he recounts it. Though it’s possible the former date is when Facebook’s own staff retrieved the report from its systems. 

Beyond displaying a disturbingly relaxed attitude to other people’s privacy — which risks getting Facebook into regulatory trouble, given GDPR’s strict requirements around breach disclosure, for example — the other core issue of concern here is the company’s apparent failure to enforce its own developer policy. 

The underlying issue is whether or not Facebook performs any checks on apps running on its platform. It’s no good having T&Cs if you don’t have any active processes to enforce your T&Cs. Rules without enforcement aren’t worth the paper they’re written on.

Historical evidence suggests Facebook did not actively enforce its developer T&Cs — even if it’s now “locking down the platform”, as it claims, as a result of so many privacy scandals. 

The quiz app developer at the center of the Cambridge Analytica scandal, Aleksandr Kogan — who harvested and sold/passed Facebook user data to third parties — has accused Facebook of essentially not having a policy. He contends it is therefore Facebook who is responsible for the massive data abuses that have played out on its platform — only a portion of which have so far come to light. 

Fresh examples such as NameTests’ leaky quiz apps merely bolster the case Kogan made for Facebook being the guilty party where data misuse is concerned. After all, if you built some stables without any doors at all would you really blame your horses for bolting?

Five years ago, you weren’t a proper celebrity unless you had your own line of branded headphones. Times change, of course, and now every famous person worth their salt has their own cryptocurrency or kombucha line. 

But Dwayne Johnson isn’t just any celebrity. He’s the freaking Rock. If he can turn a 30-year-old arcade game into a blockbuster monster movie, surely he can launch a successful pair of celebrity headphones in 2018.

The UA Sport Wireless Train Headphones — Project Rock Edition are as over the top as their nature and name suggest. They’ve got big bull outline on each cup — the logo has graced all of the Rock’s Under Armour collaborations — along with various oversized buttons and switches, along with screws that give them a kind of industrial aesthetic.

The headphones are on-ear, with large spongey cups — an interesting design choice given that they’re clearly designed for workouts. I submit this image of a sweaty Rock deep in thought, lifting dumbbells as Exhibit A:

I suppose it depends on what sort of working out you’re planning to do. As someone who spends most of his time at the gym on the treadmill, earbuds are generally my preferred choice. If you’re The Rock, you clearly go over-ear. 

For those who’re looking for some wireless headphones with a side of movie star endorsement, the headphones run $249.