Year: 2018

Good Eggs, the food delivery service that promises “absurdly fresh” groceries and meal kits, has raised $50 million in new funding.

That looks like a big turnaround from 2015, when the company had multiple rounds of layoffs, shut down operations outside of San Francisco and brought on Bentley Hall (an executive from Plum Organics and Clif Bar) as its new CEO.

Hall said that after he took over, he spent months focused on retooling the fundamental business: “We didn’t have a single conversation about growth.” Since then, he said the company started looking at “growth with purpose” and in 2018 is ready for “thoughtful, measured expansion.”

“The first change is, we realized that we were a food company enabled by technology, versus a technology company that sells food,” Hall said.

That might sound vague, but it led to more concrete “trickle effects,” like quadrupling the number of products that Good Eggs sells to more than 1,000. Hall said the service has become people’s “primary food supplier,” with the average customer ordering from Good Eggs more than once a week. That also meant the company had to shift from next-day to same-day delivery, which he described as “table stakes in the future.”

At the same time, Hall said the company maintains its “rigorous sourcing criteria,” with 70 percent of its products sourced locally. And thanks to the Good Eggs model, where the company buys directly from local farmers and producers, customers don’t have to worry about sending a delivery person to the supermarket only to discover that the product they want isn’t available.

The new funding comes from was led by Benchmark, with additional participation from existing investors Index Ventures, Obvious Ventures, S2G Ventures, DNS Capital, Uprising and Collaborative Fund. Benchmark’s Bill Gurley is joining Good Eggs’ board of directors.

“Our team was deeply impressed by the operational discipline that Bentley and the team at Good Eggs have implemented to transform this business,” Gurley said in the funding announcement. “We made a study of what Good Eggs has achieved and believe the business is very well positioned to capture and scale the growing market of people who are passionate about the quality and provenance of the food they consume. It’s a massive opportunity.”

Good Eggs delivery remains limited to the San Francisco Bay Area, but the company said it will be expanding throughout the region and adding capacity, then launch in Southern California next year.

“We’re not going to grow where we sacrifice the foundation we’ve worked so hard to build, and we’re not going to grow in a way that sacrifices the customer experience,” Hall said. “We’ll grow as quickly as we can while maintaining those two principles. For us, that means expanding slowly and thoughtfully throughout the West Coast.”

And while Hall was happy to frame the Good Eggs story as a turnaround, he didn’t want to take all the credit for it.

“This is such a team effort,” he said. “I know this usually gets told as somebody came in and turned it around, but this was across the entire team. Our 260, 270 hourly employees, they get as much if not more of the credit as I do.”

Russian cybersecurity software maker Kaspersky Labs has announced it will be moving core infrastructure processes to Zurich, Switzerland, as part of a shift announced last year to try to win back customer trust.

It also said it’s arranging for the process to be independently supervised by a Switzerland-based third party qualified to conduct technical software reviews.

“By the end of 2019, Kaspersky Lab will have established a data center in Zurich and in this facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow,” it writes in a press release.

“Kaspersky Lab will relocate to Zurich its ‘software build conveyer’ — a set of programming tools used to assemble ready to use software out of source code. Before the end of 2018, Kaspersky Lab products and threat detection rule databases (AV databases) will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide.

“The relocation will ensure that all newly assembled software can be verified by an independent organization, and show that software builds and updates received by customers match the source code provided for audit.”

In October the company unveiled what it dubbed a “comprehensive transparency initiative” as it battled suspicion that its antivirus software had been hacked or penetrated by the Russian government and used as a route for scooping up US intelligence.

Since then Kaspersky has closed its Washington D.C. office — after a ban on its products for U.S. government use which was signed into law by president Trump in December.

Being a trusted global cybersecurity firm and operating core processes out of Russia where authorities might be able to lean on your company for access has essentially become untenable as geopolitical concern over the Kremlin’s online activities has spiked in recent years.

Yesterday the Dutch government became the latest public sector customer to announce a move away from Kaspersky products (via Reuters) — saying it was doing so as a “precautionary measure”, and advising companies operating vital services to do the same.

Responding to the Dutch government’s decision, Kaspersky described it as “very disappointing”, saying its transparency initiative is “designed precisely to address any fears that people or organisations may have”.

“We are implementing these measures first and foremost in response to the evolving, ultra-connected global landscape and the challenges the cyber-world is currently facing,” the company adds in a detailed Q&A about the measures. “This is not exclusive to Kaspersky Lab, and we believe other organizations will in future also choose to adapt to these trends. Having said that, the overall aim of these measures is transparency, verified and proven, which means that anyone with concerns will now be able to see the integrity and trustworthiness of our solutions.”

The core processes that Kaspersky will move from Russia to Switzerland over this year and next — include customer data storage and processing (for “most regions”); and software assembly, including threat detection updates.

As a result of the shift it says it will be setting up “hundreds” of servers in Switzerland and establishing a new data center there, as well as drawing on facilities of a number of local data center providers.

Kaspersky is not exiting Russia entirely, though, and products for the Russian market will continue to be developed and distributed out of Moscow.

“In Switzerland we will be creating the ‘worldwide’ (ww) version of our products and AV bases. All modules for the ww-version will be compiled there. We will continue to use the current software build conveyer in Moscow for creating products and AV bases for the Russian market,” it writes, claiming it is retaining a software build conveyor in Russia to “simplify local certification”.

Data of customers from Latin American and Asia (with the exception of Japan, South Korea and Singapore) will also continue to be stored and processed in Russia — but Kaspersky says the list of countries for which data will be processed and stored in Switzerland will be “further extended, adding: “The current list is an initial one… and we are also considering the relocation of further data processing to other planned Transparency Centers, when these are opened.”

Whether retaining a presence and infrastructure in Russia will work against Kaspersky’s wider efforts to win back trust globally remains to be seen.

In the Q&A it claims: “There will be no difference between Switzerland and Russia in terms of data processing. In both regions we will adhere to our fundamental principle of respecting and protecting people’s privacy, and we will use a uniform approach to processing users’ data, with strict policies applied.”

However other pre-emptive responses in the document underline the trust challenge it is likely to face — such as a question asking what kind of data stored in Switzerland that will be sent or available to staff in its Moscow HQ.

On this it writes: “All data processed by Kaspersky Lab products located in regions excluding Russia, CIS, Latin America, Asian and African countries, will be stored in Switzerland. By default only aggregated statistics data will be sent to R&D in Moscow. However, Kaspersky Lab experts from HQ and other locations around the world will be able to access data stored in the Transparency Center. Each information request will be logged and monitored by the independent Swiss-based organization.”

Clearly the robustness of the third party oversight provisions will be essential to its Global Transparency Initiative winning trust.

Kaspersky’s activity in Switzerland will be overseen by an (as yet unnamed) independent third party which the company says will have “all access necessary to verify the trustworthiness of our products and business processes”, including: “Supervising and logging instances of Kaspersky Lab employees accessing product meta data received through KSN [Kaspersky Security Network] and stored in the Swiss data center; and organizing and conducting a source code review, plus other tasks aimed at assessing and verifying the trustworthiness of its products.

Switzerland will also host one of the dedicated Transparency Centers the company said last year that it would be opening as part of the wider program aimed at securing customer trust.

It expects the Swiss center to open this year, although the shifting of core infrastructure processes won’t be completed until Q4 2019. (It says on account of the complexity of redesigning infrastructure that’s been operating for ~20 years — estimating the cost of the project to be $12M.)

Within the Transparency Center, which Kaspersky will operate itself, the source code of its products and software updates will be available for review by “responsible stakeholders” — from the public and private sector.

It adds that the details of review processes — including how governments will be able to review code — are “currently under discussion” and will be made public “as soon as they are available”.

And providing government review in a way that does not risk further undermining customer trust may also provide a tricky balancing act for Kaspersky, given multi-directional geopolitical sensibilities, so the devil will be in the policy detail vis-a-vis “trusted” partners and whether the processes it deploys can reassure all of its customers all of the time.

“Trusted partners will have access to the company’s code, software updates and threat detection rules, among other things,” it writes, saying the Center will provide these third parties with: “Access to secure software development documentation; Access to the source code of any publicly released product; Access to threat detection rule databases; Access to the source code of cloud services responsible for receiving and storing the data of customers based in Europe, North America, Australia, Japan, South Korea and Singapore; Access to software tools used for the creation of a product (the build scripts), threat detection rule databases and cloud services”; along with “technical consultations on code and technologies”.

It is still intending to open two additional centers, one in North America and one in Asia, but precise locations have not yet been announced.

On supervision and review Kaspersky also says that it’s hoping to work with partners to establish an independent, non-profit organization for the purpose of producing professional technical reviews of the trustworthiness of the security products of multiple members — including but not limited to Kaspersky Lab itself.

Which would certainly go further to bolster trust. Though it has nothing firm to share about this plan as yet.

“Since transparency and trust are becoming universal requirements across the cybersecurity industry, Kaspersky Lab supports the creation of a new, non-profit organization to take on this responsibility, not just for the company, but for other partners and members who wish to join,” it writes on this.

Next month it’s hosting an online summit to discuss “the growing need for transparency, collaboration and trust” within the cybersecurity industry.

Commenting in a statement, CEO Eugene Kaspersky, added: “In a rapidly changing industry such as ours we have to adapt to the evolving needs of our clients, stakeholders and partners. Transparency is one such need, and that is why we’ve decided to redesign our infrastructure and move our data processing facilities to Switzerland. We believe such action will become a global trend for cybersecurity, and that a policy of trust will catch on across the industry as a key basic requirement.”

Beth Seidenberg joined Kleiner Perkins 13 years ago to focus on life sciences for the storied venture firm. Now, according to a Recode report, she’s heading off to start her own life sciences venture fund in L.A. where she lives.

We’ve reached out to Kleiner and we’re awaiting more information. But the firm seemed to confirm the move to the outlet, reportedly noting that Seidenberg will continue to be a partner in Kleiner’s existing funds and stating that Kleiner remains committed to life sciences.

While the move is interesting from a firm perspective — Kleiner has undergone one transition after another over the last half dozen years, parting ways with at least 10 investors, including Trae Vassallo, Mike Abbott, Chi-Hua Chien, Matt Murphy, and Aileen Lee — it’s perhaps even more interesting as part of an ongoing change to the broader industry.

Whereas a decade or so ago, one held on to his or her role inside a venture fund by their fingernails if they had to, that’s no longer the case. While there are still a handful of firms that it would undoubtedly be hard to leave, it’s become easier for many VCs to abandon situations that no longer work for them for one reason or another. The reason: the volume of money flowing to the venture industry, along with platforms that help to amplify new brands, have made it easier than ever for someone with a track record to launch a venture firm of their own.

An almost surprising number of people to do so have worked formerly for Kleiner, which has yet to recover fully from a bruising battle with one of its former investors, Ellen Pao, after she famously sued the firm for gender discrimination in court.

Lee, for example, spent 13 years with Kleiner before leaving in 2012 to start her own seed-stage venture firm, Cowboy Ventures, and becoming one of the highest-profile women in the venture industry. Chien spent nearly seven years with Kleiner before spinning up his own firm in 2014 called Goodwater Capital; it’s already raising its third fund, shows an SEC filing.

Meanwhile, Trae Vassallo took the wraps off her own fund — cofounded with former General Catalyst partner Neil Sequeira — last year. Called Defy Ventures, it closed on $151 million for its debut effort.

While we don’t know yet why Seidenberg decided to leave Kleiner, we suspect she won’t have much trouble raising her own new fund, either. Life sciences investing has been soaring in recent years, thanks in part to advances in machine learning. More, by Seidenberg’s own telling, she has incubated eight companies at Kleiner and became the founding CEO of two of them. 

An all-cash deal of one of her cancer drug bets, Armo BIoSciences — which Eli Lily said just last week that it’s buying for $1.6 billion — should probably help, too.

 

AnyDesk, a startup that offers remote desktop software powered by a bespoke video codec, has scored €6.5 million in Series A funding. Leading the round is EQT Ventures, with participation from angel investors, including Chris Hitchen, and previous backer Andreas Burike.

The Stuttgart, Germany-based company says it will use the injection of cash for further development of the AnyDesk product and to grow the technical and commercial teams.

“AnyDesk’s mission can be summarised as overcoming distances,” co-founder and CEO Philipp Weiser tells TechCrunch. “Today, people need to work with their teams and content just as quickly and effectively when working remotely as they do when in the office. Legacy remote desktop offerings do not enable this — they are complicated, frustrating and slow. At best, you can do a presentation or help a colleague install a printer. Some ideas are born out of frustration and we decided to re-engineer the remote desktop for today’s workplace”.

To that end, as well as modern-day apps for Windows, MacOS, various flavours of Linux/Unix, Android and iOS, the AnyDesk team has created a proprietary video codec called “DeskRT” that has been engineered especially for graphical user interfaces. It transmits 60 frames per seconds and prioritises low latency.

As a result, the startup says users generally experience high quality video and sound, and image transmission that is fast and fluid enough to forget that you are using a different computer. That’s because, unlike traditional screen sharing, AnyDesk is built for collaboration.

“We created AnyDesk so that anyone, anywhere can get their work done,” says Weiser. “More than 50 million users worldwide have downloaded AnyDesk. We have more than 7,000 business customers, including Spidercam, Amedes and Sun Chemical”.

There is a free version of AnyDesk for personal use, and various professional tiers, all the way up to large enterprise use.

Meanwhile, the AnyDesk co-founder concedes that there a number of other players in the rather crowded remote desktop software space. They include LogMeIn, TeamViewer, Splashtop, and Citrix GoTo. However, he claims AnyDesk is better than current offerings as the startup has approached the remote desktop from a “software-design focused angle” and created an architecture and a custom video codec specifically for the purpose of low latency transmission.

“Some competing products use expensive hardware for this, but this is not the case with AnyDesk. We’ve achieved superior performance in a software-only solution. This means AnyDesk provides people with the experience they’ve come to expect when consuming content. When you view a website or video on your devices, chances are you don’t think about the web browser or media player working in the background. You are focused on the content. AnyDesk works in the same way, running behind-the-scenes so you can be productive, creative and get on with your work”.

As an aside, EQT Ventures is talking up the way it discovered AnyDesk, namely via the VC firm’s “Motherbrain” AI platform. The software claims to scan the tech startup ecosystem online for specific signals related to a company’s performance. Based on these digital footprints, it then flags the most promising companies and surfaces the relevant structured and unstructured data to the EQT Ventures team.

Of course, this sort of approach isn’t unique to EQT — most VC firms of a certain size use data tracking as part of their deal discovery and evaluation, and newer VCs such as InReach Ventures and Fly Ventures make a virtue of this — but it is perhaps noteworthy nonetheless.

There’s probably an important gap in attention being paid at internet companies to young kids that are good targets for parental controls and older ones who are having to learn to use the internet in a responsible way on their own.

Today, Facebook is releasing a new Youth Portal that offers some guidance to teens on how to navigate the service, how to stay secure, while also helping them understand how their data is used. Facebook says that that they began showing tips for teens in the newsfeed earlier this month related to some of these topics.

While many of the sections in the portal are devoted to basic topics like how to unfriend or block someone, a bit of the information is structured in more of a journalistic format focused on helping Gen Z users start their internet usage off on the right foot in a way that older generations haven’t.

In a “Guiding Principles” section, the tips are structured after oft-quoted real world advice:

Think (for 5 seconds) before you speak

Before you post publicly, pause and ask yourself, “Would I feel comfortable reading this out loud to my parents and grandparents?” There will always be people at your school who are social media oversharers (and adults in your life who are, too). Resist the urge, ignore their noise and save the juicy details for your close friends only.

One of the more useful things it does is organize information related to Facebook’s data policy in a more accessible way that admittedly may not answer every single question but also doesn’t overwhelm young users who may just be looking for the basics. It generally aims to address stuff like what data Facebook collects and how they use that information.

At the end of the day, it’s just an information page. The Youth Portal won’t directly curb how Facebook approach cyber-bullying or abuse, but the hub does organize a lot of information that pops up on the site while you’re using it into a single place where someone can just blaze through it in a single go.

More importantly it’s just a nice resource for Facebook to refer younger users to when there’s an issue that’s more likely to get looked at then the Terms of Service-style help pages that generally hold this information.

The Youth Portal goes live today in 60 languages.

In reaction to criticism around the use of Messenger in some countries worldwide, particularly Myanmar, Facebook has introduced new tools that it allow users of the app to report conversations that violate its community standards.

A new tab inside the Messenger app lets users flag messages under a range of categories that include harassment, hate speech and suicide. The claim is then escalated for review, Facebook said, after which it can be addressed. Previously, Messenger users could only flag inappropriate content via the web-based app or Facebook itself, that’s clearly insufficient for a service with over a billion users, many of whom are mobile-only.

Facebook said the review team covers 50 languages. It has been widely criticised for its small team of Burmese language reviews, most of which is based in Ireland — with a six-hour time gap — although it has pledged to staff up on Burmese experts.

In April, six organizations teamed up to write a letter to Facebook CEO Mark Zuckerberg after he claimed in an interview that Facebook’s “systems” were able to detect and prevent hate speech in Myanmar, a country where racial tensions simmer and Facebook is considered de facto internet.

Zuckerberg’s claim was incorrect, and he referred an incident last September which saw chain letters on Messenger inflame tensions. Buddhist community figures received messages warning of a planned Muslim attack, while those in the Muslim community got messages claiming there was imminent violence planned by militant Buddhist groups.

Instead, local organizations stepped in to defuse the situation when they were made aware of it. Facebook’s AI or systems did nothing.

While Zuckerberg later apologized to the Myanmar-based organizations “for not being sufficiently clear about the important role that your organizations play in helping us understand and respond to Myanmar-related issues,” the group went on the offensive again stating that Facebook actions are “nowhere near enough to ensure that Myanmar users are provided with the same standards of care as users in the U.S. or Europe.”

The changes to Messenger are a start, but Facebook has a lot more to do if it is to live up to its responsibility in Myanmar, but also other countries such as Vietnam, Sri Lanka, India and beyond where there are concerns that its platforms are not adequately policed.

Indeed, a recent UN Fact-Finding Mission concluded that social media has played a “determining role” in the Myanmar crisis, with Facebook identified as the chief actor. The issue was also raised in a Senate hearing with Zuckerberg last month.

French startup Welcome to the Jungle is raising a funding round of $8.4 million (€7 million) from XAnge, Bpifrance and Kima Ventures, as well as existing investors Jean-Paul Guisset and Michael Benabou.

Welcome to the Jungle is taking a different approach to job recruitment. The startup isn’t going to find employees for you. Instead, Welcome to the Jungle wants to give you the tools and exposure to get enough inbound applications.

The company started by profiling hundreds of tech companies in Paris. Instead of creating a giant Excel spreadsheet, Welcome to the Jungle works with a video crew, photographers and a writing staff to produce high quality content about your company. Think about it as glossy paper articles with Condé Nast-like production budget.

All of this is pricy. Companies pay for these profiles and get their own page on Welcome to the Jungle’s website. In addition to that, Welcome to the Jungle also produces quarterly magazines for a hundred universities and a thick paper magazine once per year.

And it’s true that Welcome to the Jungle has covered a ton of companies in Paris. When you think about a company name, chances are you can find a profile on Welcome to the Jungle.

Overall, a thousand companies partnered with Welcome to the Jungle. The website now attracts 600,000 unique visitors every month. For engineers, you can now filter depending on your skill set and your technical stack.

In addition to that, the startup has been slowly ramping up its software-as-a-service recruitment platform called Welcome Kit. Imagine somebody reads about your company in Welcome to the Jungle’s magazine and then ends up on a poorly designed job page.

Welcome Kit replaces the “Jobs” link in your website’s footer. The platform lets you list positions, create application forms and track candidates. Basic features are free and you can pay for additional features and branding options.

With today’s funding round, it’s time to look further. The company now wants to expand to another country, which could be Spain. It’s going to be a slow expansion as Welcome to the Jungle needs to put together a local team in each country to create content.

Seattle’s city council voted unanimously to approve a new tax on the largest employers in the city, despite strong opposition by Amazon and other affected companies. The tax, on companies with more than $20 million in receipts, will amount to about $275 per employee and is intended for use in improving conditions for the city’s homeless.

The original proposal was nearly twice that, but was amended as a compromise measure after local businesses protested. Amazon was the most visible of them, making the dramatic public threat of suspending construction of one of its many skyscrapers in the city and repurposing another.

While the idea that a company would simply abandon a multi-million-dollar investment halfway isn’t really credible, changes to its scheduling, budget and usage plan would certainly affect local contractors — which is why many of the latter showed up to oppose the tax on Amazon’s behalf. A heated confrontation occurred between opponents and proponents gathered in front of Amazon’s Spheres earlier this month.

The idea of laborers lobbying in favor of Amazon, which is frequently decried as an extremely labor-unfriendly company, seems odd, but in this case at least the train of thought is clear. It should also be mentioned that Amazon has worked to ease the plight of Seattle homeless with a planned shelter at the base of one of its buildings and other contributions.

Zillow and Expedia also voiced concerns, alongside many other local businesses, in an open letter. “We oppose this approach, because of the message it sends to every business: if you are investing in growth, if you create too many jobs in Seattle, you will be punished,” the letter reads in part.

Although opposition seems to have succeeded in reducing the tax burden, it did little to convince the council that the tax itself was unsound, as today’s vote indicates.

“This progressive revenue stream balances the needs of our small business community, while ensuring we have the funding we need to provide critical housing and health services,” said Councilmember Teresa Mosqueda in a statement accompanying the vote. GeekWire was at the meeting and has some other interesting quotes from both sides.

The modified tax should generate some $50 million, much of which will be dedicated to “deeply affordable” housing in the city to be made available to people below the poverty line, with some going to emergency shelters and other social services. Around $11 million of that will come from Amazon. This would significantly increase (in fact, nearly double based on some estimates) existing spending along these lines.

The tax would last for five years, after which it would have to be reauthorized.

Amazon, for its part, seems to have abandoned its immediate threats for new, more vague ones. In a statement from VP Drew Herdener provided to TechCrunch, it said:

We are disappointed by today’s City Council decision to introduce a tax on jobs. While we have resumed construction planning for Block 18, we remain very apprehensive about the future created by the council’s hostile approach and rhetoric toward larger businesses, which forces us to question our growth here.

A dataset of over 3 million Facebook users and a variety of their personal details collected by Cambridge researchers was available for anyone to download for some four years, New Scientist reports. It’s likely only one of many places where such huge sets of personal data collected during a period of permissive Facebook access terms have been obtainable.

The data were collected as part of a personality test, myPersonality, which according to its own wiki (now taken down) was operational from 2007 to 2012, but new data was added as late as August of 2016. It started as a side project by the Cambridge Psychometrics Centre’s David Stillwell (now deputy director there), but graduated to a more organized research effort later. The project “has close academic links,” the site explains, “however, it is a standalone business.” (Presumably for liability purposes; the group never charged for access to the data.)

Though “Cambridge” is in the name, there’s no real connection to Cambridge Analytica, just a very tenuous one through Aleksandr Kogan, of which below.

Like other quiz apps, it requested consent to access the user’s profile (friends’ data was not collected), which combined with responses to questionnaires produced a rich dataset with entries for millions of users. Data collected included demographics, status updates, some profile pictures, likes, and lots more, but not private messages or data from friends.

Exactly how many users are affected is a bit difficult to say: the wiki claims the database holds 6 million test results from 4 million profiles (hence the headline), though only 3.1 million sets of personality scores are in the set and far less data points are available on certain metrics such as employer or school. At any rate the total number is on that order, though the same data is not available for every user.

Although the data is stripped of identifying information such as the user’s actual name, the volume and breadth of it makes the set susceptible to de-anonymization, for lack of a better term. (I should add there is no evidence that this has actually occurred; simple anonymizing processes on rich data sets are just fundamentally more vulnerable to this kind of reassembly effort.)

This dataset was available via a wiki to credentialed academics who had to agree to the team’s own terms of service. It was used by hundreds of researchers from dozens of institutions and companies for numerous papers and projects, including some from Google, Microsoft, Yahoo, and even Facebook itself. (I’ve asked the latter about this rather curious occurrence.)

This in itself is in violation of Facebook’s terms of service, which ostensibly prohibited the distribution of such data to third parties. As we’ve seen over the last year or so, however, it appears to have exerted almost no effort at all in enforcing this policy, as hundreds (potentially thousands) of apps were plainly and seemingly proudly violating the terms by sharing datasets gleaned from Facebook users.

In the case of myPersonality, the data was supposed to be distributed only to actual researchers; Stillwell and his collaborator at the time Michal Kosinski personally vetted applications, which had to list the data they needed and why, as this sample application shows:

I am a full-time faculty member. [IF YOU ARE A STUDENT PLEASE HAVE YOU SUPERVISOR
REQUEST ACCESS TO THE DATA FOR YOU.] I read and agree with the myPersonality
Database Terms of Use. [SERIOUSLY, PLEASE DO READ IT.] I will take responsibility
for the use of the data by any students in my research group.

I am planning to use the following variables:
* [LIST THE VARIABLES YOU INTEND TO
* USE AND TELL US HOW
* YOU PLAN TO ANALYZE THEM.]

One lecturer, however, published their credentials on Github in order to allow their students to use the data. Those credentials were available to anyone searching for access to the myPersonality database for, as New Scientist estimates, about four years.

This seems to demonstrate the laxity with which Facebook was policing the data it supposedly guarded. Once that data left company premises, there was no way for the company to control it in the first place, but the fact that a set of millions of entries was being sent to any academic who asked, and anyone who had a publicly listed username and password, suggests it wasn’t even trying.

A Facebook researcher actually requested the data in violation of his own company’s policies. I’m not sure what to conclude from that other than that the company was utterly uninterested in securing sets like this and far more concerned with providing against any future liability. After all, if the app was in violation, Facebook can simply suspend it — as the company did last month, by the way — and lay the whole burden on the violator.

“We suspended the myPersonality app almost a month ago because we believe that it may have violated Facebook’s policies,” said Facebook’s VP of product partnerships, Ime Archibong, in a statement. “We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”

In a statement provided to TechCrunch, David Stillwell defended the myPersonality project’s data collection and distribution.

“myPersonality collaborators have published more than 100 social science research papers on important topics that advance our understanding of the growing use and impact of social networks,” he said. “We believe that academic research benefits from properly controlled sharing of anonymised data among the research community.”

In a separate email, Michal Kosinski also emphasized the importance of the published research based on their dataset. Here’s a recent example looking into how people assess their own personalities versus how those who know them do, and how a computer trained to do so performs.

“Facebook has been aware of and has encouraged our research since at least 2011,” the statement continued. It’s hard to square this with Facebook’s allegation that the project was suspended for policy violations based on the language of its redistribution terms, which is how a company spokesperson explained it to me. The likely explanation is that Facebook never looked closely until this type of profile data sharing became unpopular, and usage and distribution among academics came under closer scrutiny.

Stillwell said (and the Centre has specifically explained) that Aleksandr Kogan was not in fact associated with the project; he was, however, one of the collaborators who received access to the data like those at other institutions. He apparently certified that he did not use this data in his SCL and Cambridge Analytica dealings.

The statement also says that the newest data is 6 years old, which seems substantially accurate from what I can tell except for a set of nearly 800K users’ data regarding the 2015 rainbow profile picture filter campaign, added in August 2016. That doesn’t change much but I thought it worth noting.

Facebook has suspended hundreds of apps and services and is investigating thousands more after it became clear in the Cambridge Analytica case that data collected from its users for one purpose was being redeployed for all sorts of purposes by actors nefarious and otherwise. One is a separate endeavor from the Cambridge Psychometrics Centre called Apply Magic Sauce; I asked the researchers about the connection between it and myPersonality data.

The takeaway from the small sample of these suspensions and collection methods that have been made public suggest that during its most permissive period (up until 2014 or so) Facebook allowed the data of countless users (the totals will only increase) to escape its authority, and that data is still out there, totally out of the company’s control and being used by anyone for just about anything.

Researchers working with user data provided with consent aren’t the enemy, but the total inability of Facebook (and to a certain extent the researchers themselves) to exert any kind of meaningful control over that data is indicative of grave missteps in digital privacy.

Ultimately it seems that Facebook should be the one taking responsibility for this massive oversight, but as Mark Zuckerberg’s performance in the capitol emphasized, it’s not really clear what taking responsibility looks like other than an appearance of contrition and promises to do better.

I’ve spent a good chunk of my life piecing together various LEGO projects… but even the craziest stuff I’ve built pales in comparison to this. It’s a fully functioning pinball machine built entirely out of official LEGO parts, from the obstacles on the playfield, to the electronic brains behind the curtain, to the steel ball itself.

Creator Bre Burns calls her masterpiece “Benny’s Space Adventure,” theming the machine around LEGO’s classic ‘lil blue space man. It’s made up of more than 15,000 LEGO bricks, multiple Mindstorms NXT brains working in unison, steel castor balls borrowed from a Mindstorms kit, plus lights and motors repurposed from a bunch of other sets. Bre initially set out to build the project for exhibition at the LEGO fan conference BrickCon in October of last year, and it’s just grown and grown ever since.

Bre told the LEGO-enthusiast site Brothers Brick that she’s spent somewhere between 200 and 300 hours so far on this project. Want to know more? They’ve got a great breakdown of the entire project right over here.