Year: 2018

iZettle, the startup out of Sweden that has been referred to as the Square of Europe, is today making a move that underscores its bigger strategy to build on its traction with small businesses in mobile payments, to expand into an ever-wider range of financial services to fill out its $950 million valuation.

The company is launching a new e-commerce platform, where customers can build online inventory and check-out experiences either to complement the physical sales they are already making with iZettle itself, or as a standalone service as new customers to the company.

The service is rolling out in Sweden and the U.K. first, with plans to extend to the rest of iZettle’s footprint in Europe and Latin America over the coming months.

The idea is to provide a set of tools build and run shops quickly and easily for the same kinds of small businesses and sole traders that already use iZettle, or “Shopify simplified,” as iZettle’s founder and CEO Jacob DeGeer describes it.

Pricing follows the same basic format as that of the company’s core mobile payments service. In the case of the UK, for example, DeGeer says iZettle takes a 1.75 percent fee for each transaction on its mobile payments, and the e-commerce product will come in at £29 per month plus 2.5 percent on each transaction. (Rates might vary depending on the market in question.)

iZettle moving into e-commerce is not exactly a revolutionary idea. Square has been offering a Stripe-style online component to businesses since 2016, and of course companies like Shopify and Stripe and many others are also providing similar services.

DeGeer says that iZettle’s service is differentiated and better because it follows on from iZettle’s belief that there have not been enough attention given to building products specifically for the small business person. “It’s a segment that is traditionally underserved,” he said. The same had been the case in card payments, where sole traders and small businesses were regularly not accepting cards simply because the cost of doing so was too high for them, a problem solved by turning ordinary smartphones and tablets into point of sale terminals with the help of a dongle.

The same ethos appears to be applying here: for those who are already iZettle customers and running sales through the company’s platform, DeGeer said that they can bring their sales online with one click, and then all sales across both offline and online will be viewable in a single database. And why would customers add the online component? It’s potentially a way to, for example, facilitate online ordering ahead for a cafe, or for a jewellery vendor from a market or small shop to develop a web-based store — offerings that in the past would have been too costly or complicated for small businesses to create and integrate.

For now, iZettle isn’t providing much in the way of fulfilment to its customers — one of the more compelling aspects of having a company like Amazon run and fulfil your online shops and subsequent distribution of goods — but DeGeer said that it “would listen” to what customers request, and potentially consider this down the line.

Make no mistake: Fresh battle lines are being drawn in the clash between data-mining tech giants and Internet users over people’s right to control their personal information and protect their privacy.

An update to European Union data protection rules next month — called the General Data Protection Regulation — is the catalyst for this next chapter in the global story of tech vs privacy.

A fairytale ending would remove that ugly ‘vs’ and replace it with an enlightened ‘+’. But there’s no doubt it will be a battle to get there — requiring legal challenges and fresh case law to be set down — as an old guard of dominant tech platforms marshal their extensive resources to try to hold onto the power and wealth gained through years of riding roughshod over data protection law.

Payback is coming though. Balance is being reset. And the implications of not regulating what tech giants can do with people’s data has arguably never been clearer.

The exciting opportunity for startups is to skate to where the puck is going — by thinking beyond exploitative legacy business models that amount to embarrassing blackboxes whose CEOs dare not publicly admit what the systems really do — and come up with new ways of operating and monetizing services that don’t rely on selling the lie that people don’t care about privacy.

More than just small print

Right now the EU’s General Data Protection Regulation can take credit for a whole lot of spilt ink as tech industry small print is reworded en masse. Did you just receive a T&C update notification about a company’s digital service? Chances are it’s related to the incoming standard.

The regulation is generally intended to strengthen Internet users’ control over their personal information, as we’ve explained before. But its focus on transparency — making sure people know how and why data will flow if they choose to click ‘I agree’ — combined with supersized fines for major data violations represents something of an existential threat to ad tech processes that rely on pervasive background harvesting of users’ personal data to be siphoned biofuel for their vast, proprietary microtargeting engines.

This is why Facebook is not going gentle into a data processing goodnight.

Indeed, it’s seizing on GDPR as a PR opportunity — shamelessly stamping its brand on the regulatory changes it lobbied so hard against, including by taking out full page print ads in newspapers…

This is of course another high gloss plank in the company’s PR strategy to try to convince users to trust it — and thus to keep giving it their data. Because — and only because — GDPR gives consumers more opportunity to lock down access to their information and close the shutters against countless prying eyes.

But the pressing question for Facebook — and one that will also test the mettle of the new data protection standard — is whether or not the company is doing enough to comply with the new rules.

One important point re: Facebook and GDPR is that the standard applies globally, i.e. for all Facebook users whose data is processed by its international entity, Facebook Ireland (and thus within the EU); but not necessarily universally — with Facebook users in North America not legally falling under the scope of the regulation.

Users in North America will only benefit if Facebook chooses to apply the same standard everywhere. (And on that point the company has stayed exceedingly fuzzy.)

It has claimed it won’t give US and Canadian users second tier status vs the rest of the world where their privacy is concerned — saying they’re getting the same “settings and controls” — but unless or until US lawmakers spill some ink of their own there’s nothing but an embarrassing PR message to regulate what Facebook chooses to do with Americans’ data. It’s the data protection principles, stupid.

Zuckerberg was asked by US lawmakers last week what kind of regulation he would and wouldn’t like to see laid upon Internet companies — and he made a point of arguing for privacy carve outs to avoid falling behind, of all things, competitors in China.

Which is an incredibly chilling response when you consider how few rights — including human rights — Chinese citizens have. And how data-mining digital technologies are being systematically used to expand Chinese state surveillance and control.

The ugly underlying truth of Facebook’s business is that it also relies on surveillance to function. People’s lives are its product.

That’s why Zuckerberg couldn’t tell US lawmakers to hurry up and draft their own GDPR. He’s the CEO saddled with trying to sell an anti-privacy, anti-transparency position — just as policymakers are waking up to what that really means.

Plus ça change?

Facebook has announced a series of updates to its policies and platform in recent months, which it’s said are coming to all users (albeit in ‘phases’). The problem is that most of what it’s proposing to achieve GDPR compliance is simply not adequate.

Coincidentally many of these changes have been announced amid a major data mishandling scandal for Facebook, in which it’s been revealed that data on up to 87M users was passed to a political consultancy without their knowledge or consent.

It’s this scandal that led Zuckerberg to be perched on a booster cushion in full public view for two days last week, dodging awkward questions from US lawmakers about how his advertising business functions.

He could not tell Congress there wouldn’t be other such data misuse skeletons in its closet. Indeed the company has said it expects it will uncover additional leaks as it conducts a historical audit of apps on its platform that had access to “a large amount of data”. (How large is large, one wonders… )

But whether Facebook’s business having enabled — in just one example — the clandestine psychological profiling of millions of Americans for political campaign purposes ends up being the final, final straw that catalyzes US lawmakers to agree their own version of GDPR is still tbc.

Any new law will certainly take time to formulate and pass. In the meanwhile GDPR is it.

The most substantive GDPR-related change announced by Facebook to date is the shuttering of a feature called Partner Categories — in which it allowed the linking of its own information holdings on people with data held by external brokers, including (for example) information about people’s offline activities.

Evidently finding a way to close down the legal liabilities and/or engineer consent from users to that degree of murky privacy intrusion — involving pools of aggregated personal data gathered by goodness knows who, how, where or when — was a bridge too far for the company’s army of legal and policy staffers.

Other notable changes it has so far made public include consolidating settings onto a single screen vs the confusing nightmare Facebook has historically required users to navigate just to control what’s going on with their data (remember the company got a 2011 FTC sanction for “deceptive” privacy practices); rewording its T&Cs to make it more clear what information it’s collecting for what specific purpose; and — most recently — revealing a new consent review process whereby it will be asking all users (starting with EU users) whether they consent to specific uses of their data (such as processing for facial recognition purposes).

As my TC colleague Josh Constine wrote earlier in a critical post dissecting the flaws of Facebook’s approach to consent review, the company is — at very least — not complying with the spirit of GDPR’s law.

Indeed, Facebook appears pathologically incapable of abandoning its long-standing modus operandi of socially engineering consent from users (doubtless fed via its own self-reinforced A/B testing ad expertise). “It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes,” was his summary of the process.

But, as we’ve pointed out before, concealment is not consent.

To get into a few specifics, pre-ticked boxes — which is essentially what Facebook is deploying here, with a big blue “accept and continue” button designed to grab your attention as it’s juxtaposed against an anemic “manage data settings” option (which if you even manage to see it and read it sounds like a lot of tedious hard work) — aren’t going to constitute valid consent under GDPR.

Nor is this what ‘privacy by default’ looks like — another staple principle of the regulation. On the contrary, Facebook is pushing people to do the opposite: Give it more of their personal information — and fuzzing why it’s asking by bundling a range of usage intentions.

The company is risking a lot here.

In simple terms, seeking consent from users in a way that’s not fair because it’s manipulative means consent is not being freely given. Under GDPR, it won’t be consent at all. So Facebook appears to be seeing how close to the wind it can fly to test how regulators will respond.

Safe to say, EU lawmakers and NGOs are watching.

“Yes, they will be taken to court”

“Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment,” runs one key portion of GDPR.

Now compare that with: “People can choose to not be on Facebook if they want” — which was Facebook’s deputy chief privacy officer, Rob Sherman’s, paper-thin defense to reporters for the lack of an overall opt out for users to its targeted advertising.

Data protection experts who TechCrunch spoke to suggest Facebook is failing to comply with, not just the spirit, but the letter of the law here. Some were exceeding blunt on this point.

“I am less impressed,” said law professor Mireille Hildebrandt discussing how Facebook is railroading users into consenting to its targeted advertising. “It seems they have announced that they will still require consent for targeted advertising and refuse the service if one does not agree. This violates [GDPR] art. 7.4 jo recital 43. So, yes, they will be taken to court.”

“Zuckerberg appears to view the combination of signing up to T&Cs and setting privacy options as ‘consent’,” adds cyber security professor Eerke Boiten. “I doubt this is explicit or granular enough for the personal data processing that FB do. The default settings for the privacy settings certainly do not currently provide for ‘privacy by default’ (GDPR Art 25).

“I also doubt whether FB Custom Audiences work correctly with consent. FB finds out and retains a small bit of personal info through this process (that an email address they know is known to an advertiser), and they aim to shift the data protection legal justification on that to the advertisers. Do they really then not use this info for future profiling?”

That looming tweak to the legal justification of Facebook’s Custom Audiences feature — a product which lets advertisers upload contact lists in a hashed form to find any matches among its own user-base (so those people can be targeted with ads on Facebook’s platform) — also looks problematical.

Here the company seems to be intending to try to claim a change in the legal basis, pushed out via new terms in which it instructs advertisers to agree they are the data controller (and it is merely a data processor). And thereby seek to foist a greater share of the responsibility for obtaining consent to processing user data onto its customers.

However such legal determinations are simply not a matter of contract terms. They are based on the fact of who is making decisions about how data is processed. And in this case — as other experts have pointed out — Facebook would be classed as a joint controller with any advertisers that upload personal data. The company can’t use a T&Cs change to opt out of that.

Wishful thinking is not a reliable approach to legal compliance.

Fear and manipulation of highly sensitive data

Over many years of privacy-hostile operation, Facebook has shown it has a major appetite for even very sensitive data. And GDPR does not appear to have blunted that.

Let’s not forget, facial recognition was a platform feature that got turned off in the EU, thanks to regulatory intervention. Yet here Facebook is now trying to use GDPR as a route to process this sensitive biometric data for international users after all — by pushing individual users to consent to it by dangling a few ‘feature perks’ at the moment of consent.

Veteran data protection and privacy consultant, Pat Walshe, is unimpressed.

“The sensitive data tool appears to be another data grab,” he tells us, reviewing Facebook’s latest clutch of ‘GDPR changes’. “Note the subtlety. It merges ‘control of sharing’ such data with FB’s use of the data “to personalise features and products”. From the info available that isn’t sufficient to amount to consent for such sensitive data and nor is it clear folks can understand the broader implications of agreeing.

“Does it mean ads will appear in Instagram? WhatsApp etc? The default is also set to ‘accept’ rather than ‘review and consider’. This is really sensitive data we’re talking about.”

“The face recognition suggestions are woeful,” he continues. “The second image — is using an example… to manipulate and stoke fear — “we can’t protect you”.

“Also, the choices and defaults are not compatible with [GDPR] Article 25 on data protection by design and default nor Recital 32… If I say no to facial recognition it’s unclear if other users can continue to tag me.”

Of course it goes without saying that Facebook users will keep uploading group photos, not just selfies. What’s less clear is whether Facebook will be processing the faces of other people in those shots who have not given (and/or never even had the opportunity to give) consent to its facial recognition feature.

People who might not even be users of its product.

But if it does that it will be breaking the law. Yet Facebook does indeed profile non-users — despite Zuckerberg’s claims to Congress not to know about its shadow profiles. So the risk is clear.

It can’t give non-users “settings and controls” not to have their data processed. So it’s already compromised their privacy — because it never gained consent in the first place.

New Mexico Representative Ben Lujan made this point to Zuckerberg’s face last week and ended the exchange with a call to action: “So you’re directing people that don’t even have a Facebook page to sign up for a Facebook page to access their data… We’ve got to change that.”

WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

But nothing in the measures Facebook has revealed so far, as its ‘compliance response’ to GDPR, suggest it intends to pro-actively change that.

Walshe also critically flags how — again, at the point of consent — Facebook’s review process deploys examples of the social aspects of its platform (such as how it can use people’s information to “suggest groups or other features or products”) as a tactic for manipulating people to agree to share religious affiliation data, for example.

“The social aspect is not separate to but bound up in advertising,” he notes, adding that the language also suggests Facebook uses the data.

Again, this whiffs a whole lot more than smells like GDPR compliance.

“I don’t believe FB has done enough,” adds Walshe, giving a view on Facebook’s GDPR preparedness ahead of the May 25 deadline for the framework’s application — as Zuckerberg’s Congress briefing notes suggested the company itself believes it has. (Or maybe it just didn’t want to admit to Congress that U.S. Facebook users will get lower privacy standards vs users elsewhere.)

“In fact I know they have not done enough. Their business model is skewed against privacy — privacy gets in the way of advertising and so profit. That’s why Facebook has variously suggested people may have to pay if they want an ad free model & so ‘pay for privacy’.”

“On transparency, there is a long way to go,” adds Boiten. “Friend suggestions, profiling for advertising, use of data gathered from like buttons and web pixels (also completely missing from “all your Facebook data”), and the newsfeed algorithm itself are completely opaque.”

“What matters most is whether FB’s processing decisions will be GDPR compliant, not what exact controls are given to FB members,” he concludes.

US lawmakers also pumped Zuckerberg on how much of the information his company harvests on people who have a Facebook account is revealed to them when they ask for it — via its ‘Download your data’ tool.

His answers on this appeared to intentionally misconstrue what was being asked — presumably in a bid to mask the ugly reality of the true scope and depth of the surveillance apparatus he commands. (Sometimes with a few special ‘CEO privacy privileges’ thrown in — like being able to selectively retract just his own historical Facebook messages from conversations, ahead of bringing the feature to anyone else.)

‘Download your Data’ is clearly partial and self-serving — and thus it also looks very far from being GDPR compliant.

Not even half the story

Facebook is not even complying with the spirit of current EU data protection law on data downloads. Subject Access Requests give individuals the right to request not just the information they have voluntarily uploaded to a service, but also personal data the company holds about them; Including giving a description of the personal data; the reasons it is being processed; and whether it will be given to any other organizations or people.

Facebook not only does not include people’s browsing history in the info it provides when you ask to download your data — which, incidentally, its own cookies policy confirms it tracks (via things like social plug-ins and tracking pixels on millions of popular websites etc etc) — it also does not include a complete list of advertisers on its platform that have your information.

Instead, after a wait, it serves up an eight-week snapshot. But even this two month view can still stretch to hundreds of advertisers per individual.

If Facebook gave users a comprehensive list of advertisers’ access to their information the number of third party companies would clearly stretch into the thousands. (In some cases thousands might even be a conservative estimate.)

There’s plenty of other information harvested from users that Facebook also intentionally fails to divulge via ‘Download your data’. And — to be clear — this isn’t a new problem either. The company has a very long history of blocking these type of requests.

In the EU it currently invokes a exception in Irish law to circumvent more fulsome compliance — which, even setting GDPR aside, raises some interesting competition law questions, as Paul-Olivier Dehaye told the UK parliament last month.

“All your Facebook data” isn’t a complete solution,” agrees Boiten. “It misses the info Facebook uses for auto-completing searches; it misses much of the information they use for suggesting friends; and I find it hard to believe that it contains the full profiling information.”

“Ads Topics” looks rather random and undigested, and doesn’t include the clear categories available to advertisers,” he further notes.

Facebook wouldn’t comment publicly about this when we asked. But it maintains its approach towards data downloads is GDPR compliant — and says it’s reviewed what it offers via with regulators to get feedback.

Earlier this week it also put out a wordy blog post attempting to diffuse this line of attack by pointing the finger of blame at the rest of the tech industry — saying, essentially, that a whole bunch of other tech giants are at it too.

Which is not much of a moral defense even if the company believes its lawyers can sway judges with it. (Ultimately I wouldn’t fancy its chances; the EU’s top court has a robust record of defending fundamental rights.)

Think of the children…

What its blog post didn’t say — yet again — was anything about how all the non-users it nonetheless tracks around the web are able to have any kind of control over its surveillance of them.

And remember, some Facebook non-users will be children.

So yes, Facebook is inevitably tracking kids’ data without parental consent. Under GDPR that’s a majorly big no-no.

TC’s Constine had a scathing assessment of even the on-platform system that Facebook has devised in response to GDPR’s requirements on parental consent for processing the data of users who are between the ages of 13 and 15.

“Users merely select one of their Facebook friends or enter an email address, and that person is asked to give consent for their ‘child’ to share sensitive info,” he observed. “But Facebook blindly trusts that they’ve actually selected their parent or guardian… [Facebook’s] Sherman says Facebook is “not seeking to collect additional information” to verify parental consent, so it seems Facebook is happy to let teens easily bypass the checkup.”

So again, the company is being shown doing the minimum possible — in what might be construed as a cynical attempt to check another compliance box and carry on its data-sucking business as usual.

Given that intransigence it really will be up to the courts to bring the enforcement stick. Change, as ever, is a process — and hard won.

Hildebrandt is at least hopeful that a genuine reworking of Internet business models is on the way, though — albeit not overnight. And not without a fight.

“In the coming years the landscape of all this silly microtargeting will change, business models will be reinvented and this may benefit both the advertisers, consumers and citizens,” she tells us. “It will hopefully stave off the current market failure and the uprooting of democratic processes… Though nobody can predict the future, it will require hard work.”

SpaceX has successfully brought NASA’s new exoplanet-hunting telescope to high Earth orbit, from which, after one more burn, the satellite will be deployed. From there, it will get a gravity assist from the moon and enter a wide orbit, beginning its mission. Meanwhile, back on the surface, the Falcon 9’s first stage landed successfully on the drone ship Of Course I Still Love You.

This is the 8th launch this year, and the 24th time SpaceX has landed a Falcon 9 first stage — that is, the part of the rocket that accelerates it out of the atmosphere. Although the plan is eventually to catch the falling fairing in a “giant catcher’s mitt,” as Elon Musk once described it, the boat-borne mitt is currently in the Pacific Ocean and this launch was over the Atlantic.

The rocket shortly after landing on Of Course I Still Love You. The ship’s feed cut out when the rocket landed.

This rocket, after being inspected and refurbished, of course, is planned to be reused for the next ISS resupply mission SpaceX is performing, in June. Soon this generation of Falcon 9s will be exhausted, though: starting soon, SpaceX will be launching its 5th generation of Falcon 9’s (“Block 5”), which have a variety of improvements to improve their reusability past the two or three times previous ones could be used.

The launch went nominally, but there’s a second burn planned to get TESS into the proper trajectory that will happen in about 35 minutes; I’ll update the post once that takes place.

In the ongoing race to build the best and smartest applications that tap into the advances of artificial intelligence, a startup out of London has raised a large round of funding to double down on solving persistent problems in areas like healthcare and energy . BenevolventAI announced today that it has raised $115 million to continue developing its core “AI brain” as well as different arms of the company that are using it specifically to break new ground in drug development and more.

This venture round values the company at $2.1 billion post-money, its founder and executive chairman Ken Mulvaney confirmed to TechCrunch. Investors in this round include previous backer Woodford Investment Management, and while Mulvaney said the company was not disclosing the names of any other investors, he added it was a mix of family offices and some strategic backers, with a majority coming from the US, but would not specify any more. Notably, Benevolent.AI does not have any backing from more traditional VCs, which more generally have been doubling down on investments in AI startups. Founded in 2013, the company has now raised over $200 million to date.

The core of Benevolent.AI’s business is focused around what Mulvaney describes as a “brain” built by a team of scientists — some of whom are disclosed, and some of whom are not for competitive reasons, Mulvaney said: there are 155 people working at the startup in all, with 300 projected by the end of this year. The brain has been created to ingest and compute billions of data points in specific areas such as health and material science, to help scientists better determine combinations that might finally solve persistently difficult problems in fields like medicine.

The crux of the issue in a field like drug development, for example, is that even as scientists identify the many permutations and strains of, say, a particular kind of cancer, each of these strains can mutate, and that is before you consider that each mutation might behave completely differently depending on which person develops the mutation.

This is precisely the kind of issue that AI which is massive computational power and “learning” from previous computations, can help address. (And Benevolvent.AI is not the only one taking this approach. Specifically in Cancer, others include Grail and Paige.AI.)

But even with the speed that AI brings to the table, it’s a very long, long game for Benevolent.AI. The division of Benevolent.AI that is focused on drugs, called Benevolent Bio, currently has two drugs in more advanced stages of development, Mulvaney said, although neither of those happen to be in the area of cancer. A Parkinson’s drug is currently in Phase 2B clinical trials, after years of work.

And an ALS medication currently in development — which Mulvaney says will aim to significantly extend the prospects for those who have been diagnosed with ALS — is about five years away from trials. It’s worth the effort to try, though: the best ALS medications on the market today at best only add about three month’s to a patient’s life expectancy.

Some of the long period of development is because with drugs, there large regulatory framework a company has to go through. “But we benefit from that,” Mulvaney said, “because it means you can actually then offer something in the market.” (Blood tests a la Theranos are very different in terms of regulatory requirements, he said.)

In part because of that long cycle, and also because Benevolent.AI has spotted an adjacent opportunity, the company has more recently also been extending applications from its “brain” to other adjacent areas that also tap into chemistry and biology, such as material science.

One area Mulvaney said is of particular interest is to see if Benevolent can create materials that can both withstand extreme heat — to allow engines to work at higher rates without risks — as well as chemicals that could essentially create the next generation of efficient batteries that could provide more power in smaller formats for longer periods.

“There has been little development beyond a lithium ion battery,” he noted, which may be fine for the Teslas of the world today. “But there is not enough lithium on this planet for us all to go electric, and there is not nearly enough energy density there unless you have thousands of batteries working together. We need other technology to provide more energy donation. That tech doesn’t exist yet because chemically it’s very difficult to do that.” And that spells opportunity for Benevolvent.AI.

Other areas where the startup hopes to move into over the coming months and years include agriculture, veterinary science, and other categories that sit alongside those Benevolent.AI is already tapping.

The unfettered internet is too often used for malicious purposes and is frequently woefully inaccurate. Social media — especially Facebook — has failed miserably at protecting user privacy and blocking miscreants from sowing discord.

That’s why CEO Mark Zuckerberg was just forced to testify about user privacy before both houses of Congress. And now governmental regulation of Facebook and other social media appears to be a fait accompli.

At this key juncture, the crucial question is whether regulation — in concert with Facebook’s promises to aggressively mitigate its weaknesses — will correct the privacy abuses and continue to fulfill Facebook’s goal of giving people the power to build transparent communities, bringing the world closer together?

The answer is maybe.

What has not been said is that Facebook must embrace data science methodologies initially created in the bowels of the federal government to help protect its two billion users. Simultaneously, Facebook must still enable advertisers — its sole source of revenue — to get the user data required to justify their expenditures.

Specifically, Facebook must promulgate and embrace what is known in high-level security circles as homomorphic encryption (HE), often considered the “Holy Grail” of cryptography, and data provenance (DP). HE would enable Facebook, for example, to generate aggregated reports about its user psychographic profiles so that advertisers could still accurately target groups of prospective customers without knowing their actual identities.

Meanwhile, data provenance — the process of tracing and recording true identities and the origins of data and its movement between databases — could unearth the true identities of Russian perpetrators and other malefactors, or at least identify unknown provenance, adding much-needed transparency in cyberspace.

Both methodologies are extraordinarily complex. IBM and Microsoft, in addition to the National Security Agency, have been working on HE for years, but the technology has suffered from significant performance challenges. Progress is being made, however. IBM, for example, has been granted a patent on a particular HE method — a strong hint it’s seeking a practical solution — and last month proudly announced that its rewritten HE encryption library now works up to 75 times faster. Maryland-based ENVEIL, a startup staffed by the former NSA HE team, has broken the performance barriers required to produce a commercially viable version of HE, benchmarking millions of times faster than IBM in tested use cases.

How homomorphic encryption would help Facebook

HE is a technique used to operate on and draw useful conclusions from encrypted data without decrypting it, simultaneously protecting the source of the information. It is useful to Facebook because its massive inventory of personally identifiable information is the foundation of the economics underlying its business model. The more comprehensive the data sets about individuals, the more precisely advertising can be targeted.

HE could keep Facebook information safe from hackers and inappropriate disclosure, but still extract the essence of what the data tells advertisers. It would convert encrypted data into strings of numbers, do math with these strings, then decrypt the results to get the same answer it would if the data wasn’t encrypted at all.

A particularly promising sign for HE emerged last year, when Google revealed a new marketing measurement tool that relies on this technology to allow advertisers to see whether their online ads result in in-store purchases.

Unearthing this information requires analyzing data sets belonging to separate organizations, notwithstanding the fact that these organizations pledge to protect the privacy and personal information of the data subjects. HE skirts this by generating aggregated, non-specific reports about the comparisons between these data sets.

In pilot tests, HE enabled Google to successfully analyze encrypted data about who clicked on an advertisement in combination with another encrypted multi-company data set that recorded credit card purchase records. With this data in hand, Google was able to provide reports to advertisers summarizing the relationship between the two databases to conclude, for example, that five percent of the people who clicked on an ad wound up purchasing in a store.

Data provenance

Data provenance has a markedly different core principle. It’s based on the fact that digital information is atomized into 1s and 0s with no intrinsic truth. The dual digits exist only to disseminate information, whether accurate or widely fabricated. A well-crafted lie can easily be indistinguishable from the truth and distributed across the internet. What counts is the source of these 1s and 0s. In short, is it legitimate? What is the history of the 1s and 0s?

The art market, as an example, deploys DP to combat fakes and forgeries of the world’s greatest paintings, drawings and sculptures. It uses DP techniques to create a verifiable, chain-of-custody for each piece of the artwork, preserving the integrity of the market.

Much the same thing can be done in the online world. For example, a Facebook post referencing a formal statement by a politician, with an accompanying photo, would have provenance records directly linking the post to the politician’s press release and even the specifics of the photographer’s camera. The goal — again — is ensuring that data content is legitimate.

Companies such as Walmart, Kroger, British-based Tesco and Swedish-based H&M, an international clothing retailer, are using or experimenting with new technologies to provide provenance data to the marketplace.

Let’s hope that Facebook and its social media brethren begin studying HE and DP thoroughly and implement it as soon as feasible. Other strong measures — such as the upcoming implementation of the European Union’s General Data Protection Regulation, which will use a big stick to secure personally identifiable information — essentially should be cloned in the U.S. What is best, however, are multiple avenues to enhance user privacy and security, while hopefully preventing breaches in the first place. Nothing less than the long-term viability of social media giants is at stake.

It’s almost time for SpaceX to launch NASA’s TESS, a space telescope that will search for exoplants across nearly the entire night sky. The launch has been delayed more than once already: originally scheduled for March 20, it slipped to April 16 (Monday), then some minor issues pushed it to today — at 3:51 PM Pacific time, to be precise. You can watch the launch live below.

TESS, which stands for Transiting Exoplanet Survey Satellite, is basically a giant wide-angle camera (four of them, actually) that will snap pictures of the night sky from a wide, eccentric and never before tried orbit.

The technique it will use is fundamentally the same as that employed by NASA’s long-running and highly successful Kepler mission. When distant plants pass between us and their star, it causes a momentary decrease in that star’s brightness. TESS will monitor thousands of stars simultaneously for such “transits,” watching a single section of sky for a month straight before moving on to another.

By two years, it will have imaged 85 percent of the sky — hundreds of times the area Kepler observed, and on completely different stars: brighter ones that should yield more data.

TESS, which is about the size of a small car, will launch on top of a SpaceX Falcon 9 rocket. SpaceX will attempt to recover the first stage of the rocket by having it land on a drone ship, and the nose cone will, hopefully, get a gentle parachute-assisted splashdown in the Atlantic, where it too can be retrieved.

The feed below should go live 15 minutes before launch, or at about 3:35.

Jeff Bezos is understandably all sorts of self-congratulatory in the annual shareholder letter Amazon released today. The note is full of all smanner of large numbers, including, perhaps most notably, 100 million. Amazon has exceeded that number of Prime subscribers globally, 13 years after the service launched as a free shipping offering.

It’s no surprise, really. In spite of some recent price hikes, the company keeps layering incentives on top of the plan. The list now includes access to video, music, Kindle books and a six month subscription to the Bezos-owned Washington Post. From the looks of it, the company will also be adding Whole Foods deals to the pile in the very near future. Oh, the joys of conglomeration. 

According to Bezos, Amazon shipped north of five billion items with Prime globally in 2017. India, one of the most recent countries to get Prime, is also the largest growing market for Amazon at the moment, adding “members in […] in its first year than any previous geography in Amazon’s history,” according to the letter. The company has been pumping investments into the country of late, launching its music service there in February, along with a “lite” version of its Android web browser, just this week.

Girlboss, the juggernaut business and lifestyle brand launched by serial entrepreneur Sophia Amoruso (the founder of Nasty Gal), has launched a fresh redesign of its website as the company looks to evolve beyond publishing.

While publishing will remain a central component of the business that Girlboss is building, Amoruso says that the brand encompasses much more than a content play.

“We’re beginning with editorial content and our conferences and what looks like a publishing business, but the future will look like us incorporating our users in a much different capacity,” Amoruso says.

In a blog post about the site redesign, the company’s new chief operating officer and editor in chief, walks through the functional changes that the company wanted for its web and mobile face.

It’s fast.

First and foremost, this experience should be fast. We only used system fonts. We don’t have any weird pop-ups or doodads to slow down the load time or to distract you from the reason why you’re actually here: the content.

It’s intuitive (sort of).

We built this thing to be mobile first. That means you swipe from category to category and scroll endlessly—even on desktop. It might feel a little weird at first, but only 10% of you are on desktop to begin with, so let’s call a spade a spade.

It’s fun.

There’s a lot of color here. Each category is noted with a different color (work is green, money is a coral-ish pink, wellness is yellow, etc), and you see those colors play in different ways on category pages, in related content, on article pages, and more. Those are visual cues that tell you where you are—and they’re also supposed to feel fun and immersive. We’re trying not to take ourselves too seriously here at Girlboss. We talk about serious things, but we hope to inject a bit of wit and humor into everything we do. And all of this color-soaked goodness should reflect that.

It’s useful.

This is a big one. We know that some people may never wander over to our website (although, you’re obviously not one of them), and we’re totally fine with that. We strive to inspire and delight and inform people where they are—whether that’s on email, on social, through podcasts, or IRL at our Rallies. But if you are visiting our website, we want you to walk away feeling like you got something meaningful out of the experience of spending time with us. We want to make things that open your eyes to new ways of thinking, and that offer you life and work and money advice that legitimately helps you advance and grow and save and evolve. That’s what this site is built to do—to make it easy to find the tools and tips and insights we’re offering up, while being transparent about how much time you might need to spend with a story or podcast or video to get what you need out of it.

Beyond the purely functional and aesthetic aspects of the redesign, Gandhi hints that there’s a larger sense of purpose and mission to the company’s choices as well… and an indication of how Girlboss will evolve.

“At Girlboss, when we think about the big picture, we want to help make change. We want to create opportunity and knock down the obstacles that stand in your way. We want to call out tokenism and create spaces where many women can thrive—and help each other make progress and advance,” Ghandi writes.

Girlboss in this new incarnation seems to be as much of a networking and social engagement site as it is a publisher. This new model fits squarely within the new notion of what brands can mean and the role they can play.

“It’s important for us to keep evolving and casting a line to build a social-first environment,”says Amoruso. With the new site, and an executive team built out on the back of $3.1 million in financing from Lightspeed Venture Partners, Gary Vaynerchuk, Atom Factory, and Slow Ventures, it looks like they’ve succeeded.

One of the biggest headaches for freelance writers is the need to send an invoice for their work, then wait (and wait, and wait) for payment.

Matt Saincome, founder of the punk-themed satirical news site The Hard Times, knows this, which is why he’s launching a new payment product called OutVoice.

Saincome said he started out as a freelancer himself, and he recalled that after his first assignment he had to repeatedly ask an editor to get paid. When the check finally arrived, he tried to deposit it, only to find that it bounced, leaving him with a $35 fee — way more than the $12 that he was supposedly making.

Obviously, this is a problem for freelancers, but Saincome said that when he became an editor, he realized that it was a problem for editors too. And when he became a publisher, he realized, “Wait, this is a horrible problem for everyone.”

Sure, there may be some publishers who fully intend to rip off their writers, but for many others, it’s more an issue of not making the time to deal with all the invoices and send out the checks. And if they let this slip too badly, they may end up chasing away some of their most talented writers.

OutVoice is designed to streamline all that. For starters, it helps onboard freelancers by automatically presenting them with the forms and contracts they need to fill out. Then it integrates with WordPress and Drupal (with other CMS integrations planned), so that when an editor is publishing a story, they can select a contributor and a payment amount on the same screen. Once they hit publish, the freelancer gets paid — no invoice needed, no delays.

The product supports other kinds of working arrangements, too. If a publisher doesn’t pay freelancers on a per-article basis, but instead does it by the hour, the week or the month, they can still make payments through the OutVoice website.

In our initial interview, I pointed out that some freelancers actually publish their stories themselves. Then Saincome emailed me to say that his team added a feature to take care of that, too — a freelancer can enter their own payment information as they publish, then the editor or publisher can approve the payment with a click. (Finally, someone takes my product advice!)

Saincome said the music site Consequence of Sound plans to test the system, and it’s already being used by The Hard Times itself. Just to be clear, however, OutVoice is separate from The Hard Times — it’s a new company that Saincome is founding with Issa Diao, a developer who led the band Good Clean Fun.

Picture this. You’re driving down the street and Google Maps tells you to turn right at the Burger King, instead of telling you to turn right on [insert street name you’ve never heard of]. Well, Google is starting to do this.

I noticed this while I was in a Lyft in Washington, D.C., but I failed to remember it until TC’s sister publication, Engadget, reported it the other day. Anyway, the idea is that Google Maps is highlighting some landmarks and other points of interest (fast food restaurants) to help with guidance.

TechCrunch/MRD

Other people have noticed, too.

Highlighting landmarks seems to be one method of Google’s experimentation with improving navigation and guidance for people.