Year: 2018

Swedish telehealth startup Kry has closed a $66 million Series B funding round led by Index Ventures, with participation from existing investors Accel, Creandum, and Project A.

It raised a $22.8M Series A round just over a year ago, bringing its total raised since being founded back in 2014 to around $92M.

The new funding will be put towards market expansion, with the UK and French markets its initial targets. It also says it wants to deepen its penetration in existing markets: Sweden, Norway and Spain, and to expand its medical offering to be able to offer more services via the remote consultations.

A spokesperson for Kry also tells us it’s exploring different business models.

While the initial Kry offering requires patients to pay per video consultation this may not offer the best approach to scale the business in a market like the UK where healthcare is free at the point of use, as a result of the taxpayer funded National Health Service.

“Our goal is to offer our service to as many patients as possible. We are currently exploring different models to deliver our care and are in close discussions with different stakeholders, both public and private,” a spokesperson told us.

“Just as the business models will vary across Europe so will the price,” he added.

While consultations are conducted remotely, via the app’s video platform — with Kry’s pitch being tech-enabled convenience and increased accessibility to qualified healthcare professionals, i.e. thanks to the app-based delivery of the service — it specifies that doctors are always recruited locally in each market where it operates.

In terms of metrics, it says it’s had around 430,000 user registrations to date, and that some 400,000 “patients meetings” have been conducted so far (to be clear that’s not unique users, as it says some have been repeat consultations; and some of the 430k registrations are people who have not yet used the service).

Across its first three European markets it also says the service grew by 740% last year, and it claims it now accounts for more than 3% of all primary care doctor visits in Sweden — where it has more than 300 clinicians working in the service.

In March this year it also launched an online psychology service and says it’s now the largest provider of CBT-treatments in Sweden.

Commenting on the funding in a statement, Martin Mignot, partner at Index Ventures, said: “Kry offers a unique opportunity to deliver a much improved healthcare to patients across Europe and reduce the overall costs associated with primary care. Kry has already become a household name in Sweden where regulators have seen first-hand how it benefits patients and allowed Kry to become an integral part of the public healthcare system. We are excited to be working with Johannes and his team to bring Kry to the rest of Europe.”

As well as the app being the conduit for a video consultation between doctor and patient, patients must also describe in writing and input their symptoms into the app, uploading relevant pictures and responding to symptom-specific questions.

During the video call with a Kry doctor, patients may also receive prescriptions for medication, advice, referral to a specialist, or lab or home tests with a follow-up appointment — with prescribed medication and home tests able to be delivered to the patient’s home within two hours, according to the startup.

“We have users from all age groups. Our oldest patient just turned 100 years old. One big user group is families with young children but we see that usage is becoming more even over different age groups,” adds the spokesman.

There are now a number of other startups seeking to scale businesses in the video-call-a-doctor telehealth space — such as Push Doctor, in the UK, and Doctor On Demand in the US, to name two.

Sumo Logic has long held the goal to help customers understand their data wherever it lives. As we move into the era of containers, that goal becomes more challenging because containers by their nature are ephemeral. The company announced a product enhancement today designed to instrument containerized applications in spite of that.

They are debuting these new features at DockerCon, Docker’s customer conference taking place this week in San Francisco.

Sumo’s CEO Ramin Sayer says containers have begun to take hold over the last 12-18 months with Docker and Kubernetes emerging as tools of choice. Given their popularity, Sumo wants to be able to work with them. “[Docker and Kubernetes] are by far the most standard things that have developed in any new shop, or any existing shop that wants to build a brand new modern app or wants to lift and shift an app from on prem [to the cloud], or have the ability to migrate workloads from Vendor A platform to Vendor B,” he said.

He’s not wrong of course. Containers and Kubernetes have been taking off in a big way over the last 18 months and developers and operations alike have struggled to instrument these apps to understand how they behave.

“But as that standardization of adoption of that technology has come about, it makes it easier for us to understand how to instrument, collect, analyze, and more importantly, start to provide industry benchmarks,” Sayer explained.

They do this by avoiding the use of agents. Regardless of how you run your application, whether in a VM or a container, Sumo is able to capture the data and give you feedback you might otherwise have trouble retrieving.

The company has built in native support for Kubernetes and Amazon Elastic Container Service for Kubernetes (Amazon EKS). It also supports the open source tool Prometheus favored by Kubernetes users to extract metrics and metadata. The goal of the Sumo tool is to help customers fix issues faster and reduce downtime.

As they work with this technology, they can begin to understand norms and pass that information onto customers. “We can guide them and give them best practices and tips, not just on what they’ve done, but how they compare to other users on Sumo,” he said.

Sumo Logic was founded in 2010 and has raised $230 million, according to data on Crunchbase. Its most recent round was a $70 million Series F led by Sapphire Ventures last June.

Another fallout from the massive Yahoo data breach that dates back to 2014: The UK’s data watchdog has just issued a £250,000 (~$334k) penalty for violations of the Data Protection Act 1998.

Yahoo, which has since been acquired by Verizon and merged with AOL to form a joint entity called Oath (which is also the parent of TechCrunch), is arguably getting off pretty lightly here for a breach that impacted a whopping ~500M users.

Certainly given how large data protection fines can now scale under the European Union’s new privacy framework, GDPR, which also requires that most breaches be disclosed within 72 hours of discovery (rather than, ooooh, two years or so later in the Yahoo case… ).

The Information Commissioner’s Office (ICO) focused its investigation on the more than 515,000 affected UK accounts which the London-based Yahoo UK Services Ltd had responsibility for as a data controller.

And it found a catalogue of failures — specifically finding that Yahoo UK Services had: Failed to take appropriate technical and organisational measures to protect the data against exfiltration by unauthorised persons; had failed to take appropriate measures to ensure that its data processor — Yahoo! Inc — complied with the appropriate data protection standards; had failed to ensure appropriate monitoring was in place to protect the credentials of Yahoo! employees with access to Yahoo! customer data; and also that the inadequacies found had been in place for “a long period of time without being discovered or addressed”.

Commenting in a statement, the ICO deputy commissioner of operations, James Dipple-Johnstone, said: “People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it. The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

According to the ICO personal data compromised in the breach included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

It considered the breach to be a “serious contravention of Principle 7 of the Data Protection Act 1998” — which states that appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data.

Happily for Oath, GDPR does not apply historically because the UK’s domestic regime only allows for maximum penalties of £500k.

And given Verizon was able to knock $350M off the acquisition price of Yahoo on account of a pair of massive data breaches, well, it’s not going to be too concerned with the regulatory sting here.

Reputation wise is perhaps another matter. Though, again, Yahoo had disclosed the breaches before the acquisition closed so any damage had already been publicly attached to Yahoo.

An Oath spokesman told us the company does not comment directly on regulatory actions — but pointed to several developments since Yahoo was acquired, including the doubling in size of the global security organization; the creation in March of a cybersecurity advisory board; and the relaunch in April of an integrated bug bounty program.

Also, as we reported last year, Yahoo’s chief information security officer, Bob Lord — who was in charge at the time the breach was unearthed — lost out to AOL’s Chris Nims in the merger process, with the latter taking up the security chief’s chair of the new umbrella entity, Oath.

Security is certainly now being generally pushed up the C-suite agenda for all organizations handling EU data as a consequence of GDPR concentrating minds on much more sizable legal liabilities.

The regulation’s data protection by design requirements also mean privacy considerations need to be baked into the data processing lifecycle, ergo policies and processes must be in place, alongside strong IT governance and security measures, to ensure compliance with the law — with the idea being to shrink the ability for attackers to intrude as happened so extensively in the Yahoo breaches.

“Under the GDPR and the new Data Protection Act 2018, individuals have stronger rights and more control and choice over their personal data. If organisations, especially well-resourced, experienced ones, do not properly safeguard their customers’ personal data, they may find customers taking their business elsewhere,” added Dipple-Johnstone.

Earlier this year the ICO issued a larger fine for a 2015 hack of Carphone Warehouse which compromised data of more than 3M people, and also included historical payment card details for a subset of the affected users.

Another fallout from the massive Yahoo data breach that dates back to 2014: The UK’s data watchdog has just issued a £250,000 (~$334k) penalty for violations of the Data Protection Act 1998.

Yahoo, which has since been acquired by Verizon and merged with AOL to form a joint entity called Oath (which is also the parent of TechCrunch), is arguably getting off pretty lightly here for a breach that impacted a whopping ~500M users.

Certainly given how large data protection fines can now scale under the European Union’s new privacy framework, GDPR, which also requires that most breaches be disclosed within 72 hours of discovery (rather than, ooooh, two years or so later in the Yahoo case… ).

The Information Commissioner’s Office (ICO) focused its investigation on the more than 515,000 affected UK accounts which the London-based Yahoo UK Services Ltd had responsibility for as a data controller.

And it found a catalogue of failures — specifically finding that Yahoo UK Services had: Failed to take appropriate technical and organisational measures to protect the data against exfiltration by unauthorised persons; had failed to take appropriate measures to ensure that its data processor — Yahoo! Inc — complied with the appropriate data protection standards; had failed to ensure appropriate monitoring was in place to protect the credentials of Yahoo! employees with access to Yahoo! customer data; and also that the inadequacies found had been in place for “a long period of time without being discovered or addressed”.

Commenting in a statement, the ICO deputy commissioner of operations, James Dipple-Johnstone, said: “People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it. The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

According to the ICO personal data compromised in the breach included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

It considered the breach to be a “serious contravention of Principle 7 of the Data Protection Act 1998” — which states that appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data.

Happily for Oath, GDPR does not apply historically because the UK’s domestic regime only allows for maximum penalties of £500k.

And given Verizon was able to knock $350M off the acquisition price of Yahoo on account of a pair of massive data breaches, well, it’s not going to be too concerned with the regulatory sting here.

Reputation wise is perhaps another matter. Though, again, Yahoo had disclosed the breaches before the acquisition closed so any damage had already been publicly attached to Yahoo.

An Oath spokesman told us the company does not comment directly on regulatory actions — but pointed to several developments since Yahoo was acquired, including the doubling in size of the global security organization; the creation in March of a cybersecurity advisory board; and the relaunch in April of an integrated bug bounty program.

Also, as we reported last year, Yahoo’s chief information security officer, Bob Lord — who was in charge at the time the breach was unearthed — lost out to AOL’s Chris Nims in the merger process, with the latter taking up the security chief’s chair of the new umbrella entity, Oath.

Security is certainly now being generally pushed up the C-suite agenda for all organizations handling EU data as a consequence of GDPR concentrating minds on much more sizable legal liabilities.

The regulation’s data protection by design requirements also mean privacy considerations need to be baked into the data processing lifecycle, ergo policies and processes must be in place, alongside strong IT governance and security measures, to ensure compliance with the law — with the idea being to shrink the ability for attackers to intrude as happened so extensively in the Yahoo breaches.

“Under the GDPR and the new Data Protection Act 2018, individuals have stronger rights and more control and choice over their personal data. If organisations, especially well-resourced, experienced ones, do not properly safeguard their customers’ personal data, they may find customers taking their business elsewhere,” added Dipple-Johnstone.

Earlier this year the ICO issued a larger fine for a 2015 hack of Carphone Warehouse which compromised data of more than 3M people, and also included historical payment card details for a subset of the affected users.

MIT’s Computer Science and Artificial Intelligence Laboratory has created a system that can see your body through walls, recreating your poses when you walk, sit, or simply stand still. It uses RF waves to sense where you are and then recreates your body as a simple stick figure. It’s called RF-Pose.

From the release:

The researchers use a neural network to analyze radio signals that bounce off people’s bodies, and can then create a dynamic stick figure that walks, stops, sits and moves its limbs as the person performs those actions.

The team says that the system could be used to monitor diseases like Parkinson’s and multiple sclerosis (MS), providing a better understanding of disease progression and allowing doctors to adjust medications accordingly. It could also help elderly people live more independently, while providing the added security of monitoring for falls, injuries and changes in activity patterns.

The team is primarily interested in using this system for healthcare, allowing for passive monitoring of a subject inside a room without cameras or other intrusions. “All data the team collected has subjects’ consent and is anonymized and encrypted to protect user privacy,” wrote the researchers. “For future real-world applications, the team plans to implement a ‘consent mechanism’ in which the person who installs the device is cued to do a specific set of movements in order for it to begin to monitor the environment.”

The researchers trained the neural network by showing a machine a video of a person walking next to the RF interference they made as they moved. They then overlaid stick figures on the movement and trained the network to do the same automatically. Because RF signals are ubiquitous, it was easier to use than other sensing technologies.

Interestingly the researchers never trained the system to see through walls but it was able to “generalize its knowledge to be able to handle through-wall movement.”

“If you think of the computer vision system as the teacher, this is a truly fascinating example of the student outperforming the teacher,” said researcher Antonio Torralba. There is no word if the system will be used other commercial purposes.

Facebook is cracking down on Chinese shopping sites and others that bait and switch customers by delivering lower quality products than what they advertised on the social network. Today, Facebook launches a new e-commerce review option inside its “Recent Ads Activity” dashboard that lets buyers give feedback about slow shipping times, weird smells, and junky merchandise.

Users are able to access the ads that they have clicked, and provide feedback, by clicking on their Ads Activity, where they can also provide feedback on any ad they may have intentionally or unintentionally clicked on. Now, those responses will be tailored when they are related to ads that have resulted in a purchase, and they will also get fed back to advertisers as well as Facebook itself. Facebook is also expanding feedback options to more areas for those who have purchased items on the back of ads: for example, with prompts in their notifications.

There appear to be two aims to the new feedback option. On the more optimistic side, for those advertisers who are selling but not managing customers’ expectations well enough, they are able to get more information to modify their practices. On the more practical (and pessimistic) side, if a business receives a critical mass of bad feedback, Facebook will notify them with an ultimatum to improve. If they don’t, Facebook will refuse to run their ads.

Facebook’s efforts as an e-commerce platform are relatively young: it was only last week that it launched a way for those posting items in its community-focused Marketplace to advertise them also in the News Feed; and in May it expanded its Craigslist competitor also to include home services professionals. So, to make sure that its e-commerce advertising doesn’t die on the vine, it has to boost trust, or else its 2.2 billion users might stop clicking its shopping ads for fear of getting burned.

“We’ve all had negative customer experiences with businesses,” Sarah Epps, product marketing director for Facebook, said in an interview. “Sometimes they’re hard to reach, late shipping items, or ship you low quality goods. What we hear from people is that bad shopping experiences cost them money and are really inconvenient. They’re bad for people, bad for good businesses on Facebook, and they’re bad for Facebook.”

There is another reason for making the experience better for both users and advertisers: there has been research that indicates that some companies, which have grown entire businesses on the back of selling items via Facebook ads, are now looking for alternative platforms after the ads started to become too expensive.

While policing the claims of every sketchy e-commerce vendor would be impossible, it can at least use negative reviews to choke off their traffic and absolve itself of profiting off their scams. Today’s announcement is a start to balancing reliability with avoiding censorship or unscalable enforcement.

In that regard, it’s similar to the approach that Facebook has been taking with regards to offensive posts and outright fake news: rather than expecting or hoping that its algorithm can identify everything accurately, it’s also trying out upvotes and downvotes on comments, and currently works with third parties to fact check and flag news.

Facebook’s move to let users’ experiences shape how advertisers sell products — and in the worst cases whether they sell them at all — stems from two years back, when Buzzfeed first brought to light an ongoing issue among those who were clicking on Facebook ads for merchandise — specifically clothes — and getting products that were far from what they expected.

Facebook says that it’s taken two years to roll this out because of the nature of how things are purchased off the back of ads on Facebook.

“We were exploring this issue before it was surfaced by the press,” a spokesperson said. “The biggest challenge is that this activity was happening off of Facebook — we only have limited ability to understand what you do once you leave Facebook from an ad. So it took us time to develop the proper feedback mechanism to solve this problem, and we wanted to make sure it was fair to businesses and helpful to people.”

He added that the company already had policies in place that prohibit things like online scams, publishing ads with text that misrepresent products, and Facebook had already been proactive in enforcing against landing pages that do not represent an ad. “We enforce against businesses all the time when we learn they do these things. But now we want to get this feedback directly from the community,” he said. “Sometimes ads are totally in line with our policies but those businesses don’t provide shoppers with the best experiences after people have purchased with them — or once they’ve left Facebook. We spoken to people around the world to solve this problem.”

What’s important to note here is that this is not a slam-dunk, where banning advertisers or certain ads from Facebook is the inevitable outcome. Facebook says that it’s just as likely that advertisers are making bad choices in how they present or run their businesses; not that they are intentionally misleading people. A bulk of the ads originally identified by BuzzFeed were found to be coming from companies out of China, pointing both to logistical and language challenges, among other issues.

“We give businesses time to act on the feedback,” said Epps. “Of the hundreds of the businesses we’ve shared negative feedback with so far, many have taken steps to change. If they don’t show improvement over time, their ads won’t deliver to people’s news feeds. The reaction from businesses has been positive so far. That’s been surprising for us. There are some bad actors out there to scam people, but [most businesses do want to offer a good experience].”

Updated with more comment from Facebook

Yet more pressure on the precariously placed EU-US Privacy Shield: The European Union parliament’s civil liberties committee has called for the data transfer arrangement to be suspended by September 1 unless the US comes into full compliance.

Though the committee has no power to suspend the arrangement itself. But has amped up the political pressure on the EU’s executive body, the European Commission .

In a vote late yesterday the Libe committee agreed the mechanism as it is currently being applied does not provide adequate protection for EU citizens’ personal information — emphasizing the need for better monitoring in light of the recent Facebook Cambridge Analytica scandal, after the company admitted in April that data on as many as 87 million users had been improperly passed to third parties in 2014 (including 2.7M EU citizens) .

Facebook is one of the now 3,000+ organizations that have signed up to Privacy Shield to make it easier for them to shift EU users’ data to the US for processing.

Although the Cambridge Analytica scandal pre-dates Privacy Shield — which was officially adopted in mid 2016, replacing the long-standing Safe Harbor arrangement (which was struck down by Europe’s top court in 2015, after a legal challenge that successfully argued that US government mass surveillance practices were undermining EU citizens’ fundamental rights).

The EU also now has an updated data protection framework — the GDPR  — which came into full force on May 25, and further tightens privacy protections around EU data.

The Libe committee says it wants US authorities to act upon privacy scandals such as Facebook Cambridge Analytica debacle without delay — and, if needed, remove companies that have misused personal data from the Privacy Shield list. MEPs also want EU authorities to investigate such cases and suspend or ban data transfers under the Privacy Shield where appropriate.

Despite a string of privacy scandals — some very recent, and a fresh FTC probe — Facebook remains on the Privacy Shield list; along with SCL Elections, an affiliate of Cambridge Analytica, which has claimed to be closing its businesses down in light of press around the scandal, yet which is apparently still certified to take people’s data out of the EU and provide it with ‘adequate protection’, per the Privacy Shield list…

MEPs on the committee also expressed concern about the recent adoption in the US of the Clarifying Lawful Overseas Use of Data Act (Cloud Act), which grants the US and foreign police access to personal data across borders — with the committee pointing out that the US law could conflict with EU data protection laws.

In a statement, civil liberties committee chair and rapporteur Claude Moraes said: “While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR.”

The Privacy Shield was negotiated by the European Commission with US counterparts as a replacement for Safe Harbor, and is intended to offer ‘essentially equivalent’ data protections for EU citizens when their data is taken to the US — a country which does not of course have essentially equivalent privacy laws. So the aim is to try to bridge the gap between two distinct legal regimes.

However the viability of that endeavor has been in doubt since the start, with critics arguing that the core legal discrepancies have not gone away — and dubbing Privacy Shield as ‘lipstick on a pig‘.

Also expressing concerns throughout the process of drafting the framework and since: The EU’s influence WP29 group (now morphed into the European Data Protection Board), made up of representatives of Member States’ data protection agencies.

Its concerns have spanned both commercial elements of the framework and law enforcement/national security considerations. We’ve reached out to the EDPB for comment and will update this report with any response.

Following the adoption of Privacy Shield, the Commission has also expressed some public concerns, though the EU’s executive body has generally followed a ‘wait and see’ approach, coupled with attempts to use the mechanism to apply political pressure on US counterparts — using the moment of the Privacy Shield’s first annual review to push for reform of US surveillance law, for example.

Reform that did not come to pass, however. Quite the opposite. Hence the arrangement being in the pressing bind it is now, with the date of the second annual review fast approaching — and zero progress for the Commission to point to try to cushion Privacy Shield from criticism.

There’s still no permanent appointment for a Privacy Shield ombudsperson, as the framework requires. Another raised concern has been over the lack of membership of the US Privacy and Civil Liberties Oversight Board — which remains moribund, with just a single member.

Threats to suspend the Privacy Shield arrangement if it’s judged to not be functioning as intended can only be credible if they are actually carried out.

Though the Commission will also want to avoid at all costs pulling the plug on a mechanism that more than 3,000 organizations are now using, and so which many businesses are relying on. So it’s most likely that it will again be left to Europe’s supreme court to strike any invalidating blow.

A Commission spokesman told us it is aware of the discussions in the European Parliament on a draft resolution on the EU- U.S. Privacy Shield. But he emphasized its approach of engaging with US counterparts to improve the arrangement.

“The Commission’s position is clear and laid out in the first annual review report. The first review showed that the Privacy Shield works well, but there is some room for improving its implementation,” he told TechCrunch.

“The Commission is working with the US administration and expects them to address the EU concerns. Commissioner Jourová was in the U.S. last time in March to engage with the U.S. government on the follow-up and discussed what the U.S. side should do until the next annual review in autumn.

“Commissioner Jourová also sent letters to US State Secretary Pompeo, Commerce Secretary Ross and Attorney General Sessions urging them to do the necessary improvements, including on the Ombudsman, as soon as possible.

“We will continue to work to keep the Privacy Shield running and ensure European’s data are well protected. Over 3000 companies are using it currently.”

While the Commission spokesman didn’t mention it, Privacy Shield is now facing several legal challenges.

Including, specifically, a series of legal questions pertaining to its adequacy which have been referred to the CJEU by Ireland’s High Court as a result of a separate privacy challenge to a different EU data transfer mechanism that’s also used by organizations to authorize data flows.

And judging by how quickly the CJEU has handled similar questions, the arrangement could have as little as  one more year’s operating grace before a decision is handed down that invalidates it.

If the Commission were to act itself the second annual review of the mechanism is due to take place in September, and indeed the Libe committee is pushing for a suspension by September 1 if there’s no progress on reforms within the US.

The EU parliament as a whole is also due to vote on the committee’s text on Privacy Shield next month, which — if they back the Libe position — would place further pressure on the EC to act. Though only a legal decision invalidating the arrangement can compel action.

Big tech firms including Google, Facebook and Twitter have expressed major concern after Vietnam’s government passed a law that promises to introduce tighter restrictions on free speech online.

The new regulation passed this week strengthens the government’s position on censoring the internet, drawing Amnesty International to decry that it leaves “no safe place for people to speak freely” in Vietnam. Asia Internet Coalition (AIC) — a group that represents Facebook, Google, Twitter, LinkedIn, Line and others — furthered cautioned that it would harm the development of the country’s digital economy.

Among the broad points, the new cyber security law forbids internet users from organizing with, or training, others for anti-state purposes, spreading false information, and undermining the nation state’s achievements or solidarity, according to reports.

“This decision has potentially devastating consequences for freedom of expression in Vietnam. In the country’s deeply repressive climate, the online space was a relative refuge where people could go to share ideas and opinions with less fear of censure by the authorities,” Amnesty International added in a statement.

Internet censorship isn’t new to Vietnam, but the law increases the state’s potential to act. Concern is already high following a string of arrests over the past year which has seen bloggers jailed for discussing environmental issues, politics and more online.

Beyond limiting free speech, the cyber law also applies pressure to foreign internet companies who will now be required to operate a local office and store user information on Vietnamese soil. Currently, in the case of Google and Facebook, data on Vietnam-based users is stored overseas in locations such as Singapore and Hong Kong.

Google and Facebook both declined to comment, but they are part of the AIC which did make a statement condemning the new law.

“The provisions for data localization, controls on content that affect free speech, and local office requirements will undoubtedly hinder the nation’s fourth Industrial Revolution ambitions to achieve GDP and job growth,” AIC wrote in a statement.

“Unfortunately, these provisions will result in severe limitations on Vietnam’s digital economy, dampening the foreign investment climate and hurting opportunities for local businesses and SMEs to flourish inside and beyond Vietnam,” the organization added.

The people of Vietnam have also voiced their discontent at the new law. Bloomberg reports that demonstrations took place on Sunday ahead of the voting.

If you’ve ever found yourself wondering why an app is requesting microphone access when there doesn’t seem to be any logical reason why it should need to snoop on the sounds from your surroundings, hold that thought — and take a closer look at the T&Cs.

Because it might turn out that spying is exactly what the app makers have in mind.

To wit: La Liga, an app for fans of Spanish soccer which has been discovered using microphone access combined with the precise GPS location of Android users to listen in on people’s surroundings during match times — in a bid to catch bars that might not have a license to broadcast the match being watched. 

As surveillance capitalism goes, it’s a fiendishly creative repurposing of your users as, well, unwitting volunteer spies and snitches.

It’s also of course terrible human behavior. Behavior that has now garnered La Liga a bunch of one-star reviews for the Android app — along the lines of “this app converts you into a police whistler without you noticing!” and “it spies on you via the microphone and GPS. Rubbish. Don’t install”.

The snitch feature appears to have surfaced largely as a result of the European Union’s new data protection framework, GDPR — which requires app makers to explain more precisely what exactly they’re doing with people’s data. Ergo, La Ligo users started noticing what the app wanted to do and discussing and denouncing it on social media, where it blew up into a trending topic, as El Pais reports.

In a statement on its website responding to the snitch scandal, the league defends its actions writing that it has “a responsibility to protect the clubs and their fans” from unlicensed broadcasts being made in public places, claiming that such activity results in the loss of an estimated €150M annually from the league.

It also specifies that the feature is only deployed in its Android app — and claims it has apparently only been active since June 8. It also says it’s only used within Spain.

La Liga further claims the spying functionality is used solely for the purpose of detecting unlicensed broadcasts of soccer matches. (According to its explanation of how it works, captured audio is converted locally into an irreversible binary code — and it claims “the content of the recording will never be accessed”.)

A further technical measure implemented to limit how the feature can be used means La Liga only activates the microphone and geolocation of its app users’ mobile devices during time slots of matches in which its teams compete. So, tl;dr, the league is only spying on you to a timetable.

It also defends itself by claiming information about the spy and snitch function is provided to users in a transparent manner and people are specifically asked for their consent and can choose not to allow it or to revoke it at any time.

Although, the app’s description on the Google Play store does not include among several listed features — such as “live minute-by-minute commentary” and “schedules, scores, standings” and “real-time notifications and alerts right from kick-off” — ‘turning on your microphone to snoop on your surroundings during match times’… Funny that.

According to Google Play store stats the La Liga app has had more than 10M downloads to date.

Robot maker Patrick Stefanski has created a 3D-printed – and animated – model of L3-37, the droid in the recent Solo movie. L3-37 is one of the funnest – and woks – droids in recent memory and this recreation is fun and ingenious.

Stefanski used Alexa voice controls to let the robot head respond to voice commands and he set the wake word to “Hey L3” to which the robot responds with a grumpy “What!”

The version you see above is painted and weathered but you can 3D print your own pristine version from here and then add in a Raspberry Pi and Arduino with a simple servo to control the head motion. In all it looks like a lot of fun and the hardest part will be printing all of the larger head parts necessary to recreate L3’s saucer-like dome.

It could make for a nice weekend project and looks to be surprisingly simple to build. Just don’t be surprised L3 rallies your DVR and air conditioner to revolt against attacks on droid rights.