Year: 2018

Microsoft, Facebook and Cloudflare are among a group of technology firms that have signed a joint pledge committing publicly not to assist offensive government cyberattacks.

The pledge also commits them to work together to enhance security awareness and the resilience of the global tech ecosystem.

The four top-line principles the firms are agreeing to are [ALL CAPS theirs]:

• 1. WE WILL PROTECT ALL OF OUR USERS AND CUSTOMERS EVERYWHERE.
• 2. WE WILL OPPOSE CYBERATTACKS ON INNOCENT CITIZENS AND ENTERPRISES FROM ANYWHERE.
• 3. WE WILL HELP EMPOWER USERS, CUSTOMERS AND DEVELOPERS TO STRENGTHEN CYBERSECURITY PROTECTION.
• 4. WE WILL PARTNER WITH EACH OTHER AND WITH LIKEMINDED GROUPS TO ENHANCE CYBERSECURITY.

You can read the full Cybersecurity Tech Accord here.

So far 34 companies have signed up to the initiative, which was announced on the eve of the RSA Conference in San Francisco, including ARM, Cloudflare, Facebook, Github, LinkedIn, Microsoft and Telefonica.

In a blog post announcing the initiative Microsoft’s Brad Smith writes that it’s hopeful more will soon follow.

“Protecting our online environment is in everyone’s interest,” says Smith. “The companies that are part of the Cybersecurity Tech Accord promise to defend and advance technology’s benefits for society. And we commit to act responsibly, to protect and empower our users and customers, and help create a safer and more secure online world.”

Notably not on the list are big tech’s other major guns: Amazon, Apple and Google — nor indeed most major mobile carriers (TC’s parent Oath’s parent Verizon is not yet a signee, for example).

And, well, tech giants are often the most visible commercial entities bowing to political pressure to comply with ‘regulations’ that do the opposite of enhance the security of their users living under certain regimes — merely to ensure continued market access for themselves.

But the accord raises more nuanced questions than who has not (yet) spilt ink on it.

What does ‘protect’ mean in this cybersecurity context? Are the companies which have signed up to the accord committing to protect their users from government mass surveillance programs, for example?

What about the problem of exploits being stockpiled by intelligence agencies — which might later leak and wreak havoc on innocent web users — as was apparently the case with the Wannacrypt malware.

Will the undersigned companies fight against (their own and other) governments doing that — in order to reduce security risks for all Internet users?

“We will strive to protect all our users and customers from cyberattacks — whether an individual, organization or government — irrespective of their technical acumen, culture or location, or the motives of the attacker, whether criminal or geopolitical,” sure sounds great in principle.

In practice this stuff gets very muddy and murky, very fast.

Perhaps the best element here is the commitment between the firms to work together for the greater security cause — including “to improve technical collaboration, coordinated vulnerability disclosure, and threat sharing, as well as to minimize the levels of malicious code being introduced into cyberspace”.

That at least may bear some tangible fruit.

Other security issues are far too tightly bound up with geopolitics for even a number of well-intentioned technology firms to be able to do much to shift the needle.

As fast-growing companies — or, dare I say, ‘scale-ups’ — add new headcount, the pace at which they are able to on-board new hires doesn’t always keep up. In fact, I’m told it is not unheard of for new employees to turn up on day one apparently unexpected, and to be passed from pillar to post as they attempt to get set up and be shown all of the things you need to be shown to actually start a new role.

Enter Personably, the London startup founded in late 2016 by Katerina Pascoulis and Lewis Blackwood, after the former Crowdcube and GoCardless employees spotted an opportunity to use software to streamline and in some instances automate aspects of the on-boarding process. Bootstrapped until now, the company is disclosing that it recently raised £500,000 in seed funding.

The round was led by GFC, the venture arm of e-commerce behemoth and company builder Rocket Internet’s GFC — which knows more than a thing or two about the teething problems scaling companies have — along with a number of angel investors. The latter includes Matt Robinson, co-founder of GoCardless and Nested (which I’m told are both early customers of Personably), and Caroline Sage, founder at Kea Consultants.

“Right now, on boarding people into fast growing companies is incredibly time-consuming,” Pascoulis tells me. “If you don’t onboard that person properly you’re losing out on the first 6 months of their time at the company. They’ll take longer to get up to speed which is expensive for the company and a poor experience for the individual, especially if they then leave sooner because of it”.

In researching the viability of a solution like Personably, Pascoulis says everyone her and Blackwood spoke to had their own story about something that had gone wrong in their first week that had stuck with them. “What Personably does to solve this is automating away a lot of those manual tasks that need to happen when someone starts,” she says. “Things as simple as sending welcome emails right up to automatically scheduling everything that new starter needs to attend.”

When a company is relatively small, these types of on-boarding tasks and the organisation around it tend to fall to one or two people and happens at a hiring pace that makes it manageable. However, if a company hits hyper-growth mode or simply becomes a much larger organisation with many more moving parts, the on-boarding process itself also needs to scale.

“When you’re hiring one person every couple of months it’s something you can handle. But when you’re hiring one or more people a week, you’re spending a lot of time doing these tasks that should just be handled automatically. We give teams that time back,” says Pascoulis.

As an example, imagine scheduling weeks of training across a company, involving lots of different team members. This might typically be handled through a combination of spreadsheets, email and task manager, but with Personably can be done with a single click and tracked all in one interface.

Meanwhile, the business model is typical SaaS. Companies pay a monthly subscription fee to use the product, and the pricing varies based on the volume of hires a company is making.

Pascoulis cites competitors as newer HR systems like CharlieHR and HiBob that have on-boarding features, but, she argues, don’t scale as well. There’s also traditional enterprise products like Workday that handle on-boarding on an enterprise level.

Susan Fowler, the former Uber engineer whose blog post about sexual harassment and troubling internal workings led to the departure of CEO Travis Kalanick, is backing new legislation that aims to give victims of sexual harassment and other workplace discrimination the freedom to seek legal action, and to do it publicly.

Fowler is lending her support to bill AB-3080 — proposed by California Assemblywoman Lorena Gonzalez Fletcher, the California Labor Federation, and the Economic Policy Institute — which would forbid employers from the practice of forced arbitration in response to discrimination complaints.

The proposed legislation tackles a worrying norm in which companies, including throughout tech, mandate that employees air any grievances before a private, third-party arbitrator who is typically paid for by the company itself.

The hearings happen in secret, with non-disclosure clauses preventing the claimant from talking about the details or filing a class-action lawsuit, and they are on the rise. The percentage of nonunion, private-sector employees covered by mandatory-arbitration clauses has more than doubled since the early 2000s, according to a study last year by the Economic Policy Institute, a think tank in Washington, D.C.

Though the issue has come up periodically in Silicon Valley — venture firm Kleiner Perkins tried to force former employee Ellen Pao into arbitration when she sued the firm for gender discrimination — it hasn’t received widespread attention “for the same reason that it hasn’t gotten much attention from people who work in other industries,” says Fowler via email. “They don’t realize that it affects them, and they don’t realize how widespread and sinister the problem really is.”

Fowler says that she was “one of those people” for most of her life, knowing nothing about forced arbitration until she experienced what she describes as illegal treatment at Uber, after which she says she discovered that she “had no way to get justice.”

Now that she knows about forced arbitration, she says, “I’m hell-bent on bringing attention to it and doing everything I can to prevent what happened to me at Uber from happening to anyone else.”

The proposed legislation isn’t the first of its kind. A 2015 bill banning mandatory arbitration agreements as a condition of employment wended its way all the way to California Governor Jerry Brown’s desk. Faced with stiff opposition from the California Chamber of Commerce, which labeled it a “job killer,” Brown vetoed the bill.

Caitlin Vega, legislative director of the California Labor Federation, an organization that works with 1,200 labor unions across the state, is hoping the timing is better for AB-3080 given the #MeToo movement and the awareness it has raised around sexual discrimination and harassment in particular.

Vega also says the bill differs from its predecessor in ways that may make it more palatable to Governor Brown. For example, gone is language that required that any waiver of any legal right by an employee must be knowing and voluntary, in writing, and may not be an express condition of employment.

This time, the focus is more narrowly on ensuring that people not be forced to agree to potential arbitration as a condition of their employment and that employers be prohibited from “threatening, retaliating or discriminating against, or terminating any applicant for employment or prospective employment or any employee because of the refusal to consent to the waiver of any right, forum, or procedure for a violation of specific statutes governing employment.”

Either way, proponents — including Fowler — hope far more attention will be paid to the bill’s benefits instead of to the perceived benefits to corporations in continuing to use arbitration agreements widely.

“The dominant view is that it helps manage long-term legal risk, ensuring that companies won’t become embroiled in costly, drawn-out lawsuits,” Fowler wrote in a recent op-ed for the New York Times. Yet “the examples of Uber and IBM show that the opposite is true: Forced arbitration leads to long-term operating risk. Forcing legal disputes about discrimination, harassment and retaliation to go through secret arbitration proceedings hides the behavior and allows it to become culturally entrenched,” she added.

Fowler has said that she believes instead that a choice between optional arbitration and a public lawsuit would be the ideal solution for dealing with discrimination.

That was the case for her time at Uber, which had a clause in her employment contract that prevented her from going public with what had happened. The company did take steps after Fowler went public with her story — including hiring Eric Holder to conduct a company-wide investigation (which Uber said included firing people). Kalanick also later resigned after a wave of controversies made his position untenable. By then, however, the company’s reputation to outsiders was shattered.

Fowler is determined to bring about change. Last year, she filed an amicus brief in three high court cases, asking the Supreme Court to consider that class and collective action bans in workplace arbitration agreements violate federal labor laws.

She appears to be far from done with this issue, too. “Arbitration agreements are present in nearly every employment agreement,” she tells TechCrunch. “If you have a job, chances are you’ve unwittingly signed away your constitutional right to sue your employer if you ever experience illegal treatment like harassment, retaliation, or discrimination.

“You probably didn’t realize that you signed away this right because the language used in forced arbitration agreements is thick with legalese so heavy you need a law degree to understand what it all means.” Most important to know, she says: given the near ubiquity of arbitration agreements right now, “you probably signed away your right to sue before you even started your job.”

The new legislation is being announced formally today, Wednesday. After a period of public review, it will then head into committee hearings. If all goes as Fletcher hopes, the bill will then go to the Assembly floor, then the Senate floor, before heading to Governor Brown by late summer.

Ford is launching an on-demand transportation service for non-emergency medical needs. The idea is to better help patients get to their doctor appointments. Ford is initially launching this in partnership with Beaumont Health in Michigan to serve more than 200 facilities.

Called GoRide, the fleet has 15 transit vans to accommodate people with varying needs. By the end of the year, Ford plans to have 60 vans, all driven by trained professionals, as part of GoRide’s services. The GoRide fleet can accommodate people with wheelchairs, thanks to flexible seats that can flip up and a wheelchair lift.

“There’s no excuse for the fact that so many people have trouble simply making it to their medical appointments,” Ford Mobility Business Group VP Marion Harris said in a press release. “By merging our expertise in vehicles, technology and human-centered design, we’ve created a high-touch, patient-focused service that truly understands and is tailored to patients and their needs. Our service is focused on multiple social determinants of health, and delivers the quality of care and on-time certainty that medical facilities need in order to increase throughput and reduce wait times.”

In March, Lyft committed to cut the problem of health care transportation in half by 2020. Lyft provides API access to partners like Allscripts, Blue Cross Blue Shield and Ascension to integrate the ride-hailing service into its health platforms and electronic health records services.

Meanwhile, people seem to be moving toward on-demand platforms for trips to the emergency room, as well. Last December, a study reported ambulance use has gone down about 7 percent nationwide since the rise of Uber.

Though, neither Uber or Lyft are particularly accessible to people with mobility disabilities. In March, Disability Rights Advocates, on behalf of the Independent Living Resource Center and two people who use wheelchairs, filed a class-action lawsuit today against Lyft. The plaintiffs allege the ride-hailing company discriminates against people who use wheelchairs by not making available wheelchair-accessible cars in the San Francisco Bay Area. Uber also faces a number of lawsuits pertaining to the lack of services it offers to people with mobility disabilities.

In Ford’s pilot program with Beaumont Health, GoRide was on schedule 92 percent of the time in regards to pick-ups and drop-offs. The average wait time for on-demand pick-ups for those needing wheelchair transport was between 10 to 30 minutes.

In a statement, Beaumont Health’s Paul E. LaCasse said, “This is precisely what we needed to improve access to medical care at Beaumont’s facilities for our patients who are elderly, in wheelchairs or have mobility challenges.”

Amazon is making a push to globalize its e-commerce service after it added a new international shipping feature to reach more than 100 countries.

The core Amazon service itself is still limited to a handful of countries — primarily the U.S., Western Europe, the Middle East, Australia and Singapore — but the new feature at least makes its mobile apps usable for those who live in other countries and want to buy items.

Now, by switching to this new international shipping mode, customers in markets where Amazon doesn’t have a local presence, can see products that can be shipped to their location. The app will also calculate additions such as shipping and handling costs and import fees.

Unfortunately, since this isn’t a full international launch, the actual selection of products and those additional charges — in particular the dread ‘import tax’ segment — hasn’t changed. Amazon is just made things clearer for international audiences, who previously had to scroll through products using a different Amazon country website (e.g. the U.S.) to find items that ship overseas.

That was very tedious and hardly worth the effort. Now, the service will show products that Amazon can deliver to a user’s location.

A small details perhaps, but it is a major step because the entire service suddenly becomes usable in over 100 countries, although the product range is limited and prices are subject to those aforementioned additional costs. For me, based in Thailand, those fees added some 75 percent to the price of some products, which, coupled with a wait for delivery, makes Amazon less attractive. But that’s offset by free delivery on large orders, although the total spend that qualifies for that appears to differ based on location.

In true Amazon fashion, it isn’t saying exactly how many markets this international service reaches — other than “over a hundred countries” — but it did claim it has 45 million products that ship globally from U.S.-based sellers. The international service itself supports five languages — English, Spanish, Simplified Chinese, German and Brazilian Portuguese — with payment possible in 25 different currencies.

This new international product follows other global pushes for Amazon, which have included launching its Prime video streaming service in 200 countries, outing an international version of its Fire TV stick, and pushing its Echo smart speakers and Prime music service into 28 new countries.

International customers still don’t get anything like the full benefit of Amazon — which is the Prime package that gives e-commerce perks alongside free video and music streaming — but it is clear that Amazon is figuring out how it can begin to connect to a meaningful chunk of the global audience without needing to launch in every country. This international service might even help it identify markets with high demand for future local expansion.

Hopefully, the next step is to increase the volume of products that ship overseas and cut down on those international costs for customers.

“We are always innovating on behalf of our customers, and with today’s launch, we are making the shopping experience on mobile devices even better and more convenient for our customers who live outside the U.S.,” Samir Kumar, VP of Amazon Exports and Expansion, said in a statement. “Customers have been asking for a way to easily find and shop only for products available to be shipped to them.”

Russia blocking access to Telegram after the messaging app refused to give it access to encrypted messages has picked up an unintended casualty: we’re now up to over 15 million IP addresses from Amazon and Google getting shut down by the regulators in the process, taking various other (non-Telegram) services down with it.

Telegram’s CEO Pavel Durov earlier today said that its reach in the country has yet to see an impact from the ban 24 hours on, with VPNs, proxies and third-party cloud services stepping in to pick up the slack for its roughly 14 million users in the country, and third parties refusing to buckle under requests from Roskomnadzor, the regulator, to remove the app from its stores and servers.

“Thank you for your support and loyalty, Russian users of Telegram. Thank you, Apple, Google, Amazon, Microsoft — for not taking part in political censorship,” Durov noted.

But Telegram’s Russia crisis is not the first time that an app banned by the Russian government has had to rely on third-party support to navigate its position with users. A recent precedent involving a much smaller communications app sheds some light on how all of this works. And ironically, its own run-in may have been the reason for why the government moved so quickly to block so many IP addresses around Telegram’s, affecting more than just the app itself.

A little over a year ago, the walkie-talkie app Zello received a notice from the Russian regulator Roskomnadzor. Zello was informed that it would be banned unless it started to host records of the conversations that were taking place on the app on Russian servers — in compliance with a hosting requirement that Russia put in place for ISPs back in 2014 as part of its efforts to tighten its control of digital information in the name of national security.

You might remember the name Zello from its bump of attention when a wave of people hit by Hurricane Harvey in Texas used it to communicate with each other when voice services went down or became too clumsy to use, but mobile internet connections stayed up. “Voice is how we most naturally communicate, and push-to-talk and radio-style communication is instant, no dialling or waiting,” said Zello CEO Bill Moore. “It can be with one person or large groups and build relationships and to solve problems.”

The startup itself is based out of Austin, Texas and has around 120 million registered users, with around four million monthly active users.

Moore — who had in the past also founded and run another Texas startup, TuneIn — said in an interview this week that Zello’s run-in with Russia started about a year ago, when the regulator started to block the application in Spring 2017, after Zello refused to cooperate with the hosting requirement, both on grounds of cost and principle.

(Cost: because it’s a small startup. And principle: because Zello is built in a way where messages are stored locally, both for direct messages and those sent in more widely-distributed channels, the feature that Moore believes might have been “why Zello annoyed Russia,” because protestors used these channels to coordinate activities.”)

Instead of buckling and leaving Russia, Zello decided to use to some software it had written years before, when the app had been issued with a block in Venezuela after it ran afoul of the government there — software “that let us change IP addresses for our service,” as Moore describes it. The change in IP addresses essentially meant that as Zello was shut down in one place, it was able to hop to another, using services from either AWS or Google Cloud.

Moore said that Zello — which originally hosted its service on IBM’s cloud before the ban — used its IP hopping tactic for nearly a year, moving first across IP addresses on Amazon and then hopping to Google Cloud when Amazon got too hot. By the time Zello started using Google Cloud, the government was well on to Zello’s ways, and it took only about 10 days before Google asked Zello to stop, Zello’s CTO and founder Alexey Gavrilov added.

“About a month ago, the press in Russia began to report that Roskomnadzor was threatening to block millions of addresses if that’s what it took to get Zello [to retreat]. That was when Amazon said, ‘you need to stop changing IP addresses,'” Gavrilov said. “We tried to get Amazon to reconsider, making the case that by asking us to stop, it is are really acting the same way that ISPs do that are controlled by Russia. Zello is not damaging, but Russia is by blocking. It’s not wise to go along with that threat.”

His argument echoes what Durov has been saying in defense of Telegram, although it didn’t appear to wash for the smaller app. “We lost that debate,” Gavrilov said.

Moore and Gavrilov say they believe Telegram may be using a similar kind of approach to move around Amazon- and Google-based IP addresses (I’ve tried to contact Durov to ask about this but have not had a reply; Google and Amazon also have not replied to my emails). However, now, with the Russian authorities well aware of the tactic, it simply decided to block large swathes of IPs to act more quickly, rather than negotiate with cloud companies to pick out which IP addresses were actually being used.

Partly because of the size of the service in question, and partly because of the blanket blocking, the difference between the IP addresses being blocked varied from just over 2,000 for Zello to more than 15 million by the time Telegram attempted its own IP hops.

Zello still believes that it was not in the wrong in its own encounters with the Russian government, although its appeals to Amazon and Google, and eventually Apple and others who host the app on their stores, ultimately didn’t wash.

“We believe that Zello doesn’t violate Russian law because originally the hosting requirement was written for ISPs, and Zello is not an ISP,” Moore said. “We cooperate with law enforcement on a consistent basis and do what we can under the law.” But like Telegram, Zello takes the view that the medium should not be attacked because of how it is used. “Terrorists drink water, but I don’t think we should outlaw water, either,” is how Moore describes his stance.

Since about two weeks ago, the only way that people in Russia can use Zello is by way of VPN proxies. Zello has a fairly even distribution of its several millon monthly active users across several countries, including the U.S., Mexico, Brazil, and Hong Kong. Russia had been one of its top markets until this happened, but the cost to Zello has been about half of its active users in the country, which now stand at 200,000.

“We don’t like to think about how we’ve lost half our users there,” Gavrilov said. “We like to think about how many we’ve managed to keep.”

Zello has always been ad-free and free to use by regular consumers. Moore said that the company is profitable, making its revenues through a premium tier for businesses to have their own private channels. So far, Zello is completely bootstrapped, although Moore said that it is likely it will want to raise money eventually to grow its consumer business.

Neither CTO nor CEO think that Russian bans impact the company’s wider business.

“In my opinion, incidents like these only help companies like Telegram and Zello on the global market,” Gavrilov (a native of Russia) said. “Realistically, Russia is a small share of the Telegram user base, and standing up to the demands in Russia just communicates to everyone else that you can trust these people. That only makes it more valuable.”

Facebook is about to start pushing European users to speed through giving consent for its new GDPR privacy law compliance changes. They ask users review how Facebook uses data around the web to target you with ads, sensitive profile info they share, and facial recognition But with a design the encourages rapidly hitting the “Agree” button, a lack of granular controls, a laughably cheatable parental consent request for teens, and an aesthetic overhaul of Download Your Information that doesn’t make it any easier to switch social networks, Facebook shows it’s still hungry for your data.

The new privacy change and terms of service consent flow will appear starting this week to European users, though they’ll be able to dismiss it for now, at least until the May 25th GDPR compliance deadline Facebook vowed to uphold in Europe. Meanwhile, Facebook says it will roll out the changes and consent flow globally over the coming weeks and months, though with some slight regional differences. And finally, all teens worldwide that share sensitive info will have to go through the weak new parental consent flow.

Facebook brought a group of reporters to the new Building 23 at its Menlo Park headquarters to preview the changes. But feedback was heavily critical as journalists grilled Facebook’s deput chief privacy officer Rob Sherman. Questions centered around how Facebook makes accepting the updates much easier than review or changing them, but Sherman stuck to talking points about how important it was to give users choice and information.

“Trust is really important and it’s clear that we have a lot of work to do to regain the trust of people on our service” he said, giving us deja vu about Mark Zuckerberg’s testimonies before congress. “We know that people won’t becomfortable using facebook if they don’t feel that their information is protected.”

Trouble At Each Step Of Facebook’s Privacy Consent Flow

There are a ton of small changes so we’ll lay out each with our criticisms.

Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. But with just an ‘X’ up top to back out, it’s already training users to speed through by hitting that big blue button at the bottom.

—

Sensitive Info

First up is control of your sensitive profile information, specifically your sexual preference, religious views, and political views. As you’ll see at each step, you can either hit the pretty blue “Accept And Continue” button regardless of whether you’ve scrolled through the information. But if you hit the ugly grey “Manage Settings” button, you have to go through an interstitial where Facebook makes it’s argument trying to deter you from moving the info before letting you make and save your choice. It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes.

Facebook doesn’t let advertisers target you based on this sensitive info, which is good. The only exception is that in the US, political views alongside political Pages and Events you interact with inform your overarching personality categories that can be targeted with ads. But your only option here is either to remove any info you’ve shared in these categories so friends can’t see it, or allow Facebook to use it to personalize the site. There’s no option to keep this stuff on your profile but not let Facebook use it.

—

Facial Recognition

The Face Recognition step won’t actually give users in the European Union a choice, as the government has banned the feature. But everyone else will get to choose whether to leave their existing setting, which defaults to on, or turn off the feature. Here the lack of granularity is concerning. Users might want to see warnings about possible impersonators using their face in their profile pics, but not be suggested as someone to tag in their friends’ photos. Unfortunately, it’s all or nothing. While Facebook is right to make it simple to turn on or off completely, granular controls that unfold for those that want them would be much more empowering.

—

Data Collection Across The Web

A major concern that’s arisen in the wake of Zuckerberg’s testimonies is how Facebook uses data collected about you from around the web to target users with ads and optimize its service. While Facebook deputer chief privacy officer Rob Sherman echoed Zuckerberg in saying that users tell the company they prefer relevant ads, and that this data can help thwart hackers and scrapers, many users are unsettled by the offsite collection practices. Here, Facebook lets you block it from targeting you wih ads based on data about your browsing behavior on sites that show its Like and share buttons, conversion Pixel, or Audience Network ads. Here the issue is that there’s no way to stop Facebook from using that data from personalizing your News Feed or optimizing other parts of its service.

—

New Terms Of Service

Facebook recently rewrote its Terms Of Service and Data Use Policy to be more explicit and easy to read. It didn’t make any significant changes other than noting the policy now applies to its subsidiaries like Instagram, WhatsApp, and Oculus. That’s all clearly explained here, which is nice. But the fact that the button to reject the new Terms Of Service isn’t even a button, it’s a tiny ‘see your options’ hyperlink shows how badly Facebook wants to avoid you closing your account. When Facebook’s product designer for the GDPR flow was asked if she thought this hyperlink was the best way to present the alternative to the big ‘I Accept’ button, she disingenuously said yes, eliciting scoffs from the room of reporters. It seems obvious that Facebook is trying to minimize the visibility of the path to account deletion rather than making it an obvious course of action if you don’t agree to its terms.

I requested Facebook actually show us what was on the other side of the that tine ‘see my options’ link and this is what we got. First, Facebook doesn’t mention its temporary deactivation option, just the scary permanent delete option. Facebook recommends downloading your data before deleting your account, which you should. But the fact that you’ll have to wait (often a few hours) before you can download your data could push users to delay deletion and perhaps never resume. And only if you keep scrolling do you get to another tiny “I’m ready to delete my account” hyperlink instead of a real button.

—

Parental Consent

GDPR also implements new regulation about how teens are treated, specifically users between the ages of 13 (the minimum age required to sign up for Facebook) and 15. If users in this age range have shared their religious views, political views, or sexual preference, Facebook requires them to either remove it or get parental consent to keep it. But the system for attaining and verifying that parental consent is a joke.

Users merely select one of their Facebook friends or enter an email address, and that person is asked to give consent for their ‘child’ to share sensitive info. But Facebook blindly trusts that they’ve actually selected their parent or guardian, even though it has a feature for users to designate who their family is, and the kid could put anyone in the email field, including an alternate address they control. Sherman says Facebook is “not seeking to collect additional information” to verify parental consent, so it seems Facebook is happy to let teens easily bypass the checkup.

—

Privacy Shortcuts

To keep all users abreast of their privacy settings, Facebook has redesigned its Privacy Shortcuts in a colorful format that sticks out from the rest of the site. No complaints here.

—

Download Your Information

Facebook has completely redesigned its Download Your Information tool after keeping it basically the same for the past 8 years. You can now view your content and data in different categories without downloading it, which alongside the new privacy shortcuts is perhaps the only unequivocally positive and unproblematic change amidst today’s announcements.

And Facebook now lets you select certain categories of data, date ranges, JSON or HTML format, and image quality to download. That could make it quicker and easier if you just need a copy of a certain type of content but don’t need to export all your photos and videos for example. Thankfully, Facebook says you’ll be able to now export your media in a higher resolution than the old tool allowed.

But the big problem here was the subject of my feature piece about Facebook’s lack of data portability. The Download Your Information tool is supposed to let you take your data and go to a different social network. But it only exports your social graph aka your friends as a text list of names. There are no links, usernames, or other unique identifiers unless friends opt into let you export their email or phone number, so good luck finding the right John Smith on another app. The new version of Download Your Information works exactly the same, rather than offering any interoperable format that would let you find your friends elsewhere.

A Higher Standard

Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. Sure, privacy is boring to a lot of people. Too little info and they feel confused and scared. Too many choices and screens and they feel overwhelmed and annoyed. Facebook struck the right balance in some places here. But the subtly pushy designs seem intended to push people away from changing their defaults in ways that could hamper Facebook’s mission and business.

Making the choices even in visible weight, rather than burying the ways to make changes in grayed-out buttons and tiny links, would have been more fair. And it would have shown that Facebook has faith in the value it provides, such that users would stick around and leave features enabled if they truly wanted to.

When questioned about this, Sherman pointed the finger at other tech companies, saying he thought Facebook was more upfront with users. Asked to clarify if he thought Facebook’s approach was “better”, he said “I think that’s right”. But Facebook isn’t being judged by the industry standard because it’s not a standard company. It’s built its purpose and its business on top of our private data, and touted itself as a boon to the world. But when asked to clear a higher bar for privacy, Facebook delved into design tricks to keep from losing our data

Funding Societies, a peer-to-peer lending platform in Southeast Asia, said today that it has raised a $25 million Series B led by Softbank Ventures Korea, the Japanese tech conglomerate’s early-stage venture capital unit. The round included returning investors Sequoia India, which led the Singapore-based startup’s Series A two years ago, Golden Gate Ventures and Alpha JWC Ventures, as well as new backers Qualgro and LINE Ventures.

Funding Societies also said it has raised credit lines from banks and financial institutions to lend to small- to medium-sized businesses. Founded in 2015 by Kelvin Teo and Reynold Wijaya, the startup’s name represents its “vision of financial inclusion in Southeast Asia.”

Its Series B was oversubscribed, says Funding Societies, which operates in Singapore, Indonesia, where it is called Modalku, and Malaysia.

When it announced its $7.5 million Series A in August 2016, Funding Societies had disbursed $8.7 million Singaporean dollars, a number that has since grown to $145 million SGD, chief executive officer Teo tells TechCrunch. Since its launch, the startup has increased its lender base to more than 60,000 and now claims a default rate of less than 1.5%, down from about 2% to 3% two years ago, thanks to improvements in its underwriting model.

In a press statement, Softbank Ventures Korea partner and managing director Sean Lee said the firm “has been actively investing across Southeast Asia. SME digital lending across Southeast Asia is where we saw huge growth potential. Among many players, we were most impressed with Funding Societies for what it has achieved in a short period of time and its potential to continue to become the number one player.”

Though Teo says Funding Societies is “always exploring other markets, there is still tons of work we need to do in our current three markets.” Despite its considerable growth over the past three years, the startup’s mantra is “slow and steady,” a phrase Teo repeated often during our interview.

“One of the key things we highlight is that it’s more important for us to grow slowly and steadily instead of fast and recklessly, because it’s a trust-based industry,” says Teo.

“We need to give out loans and be able to collect them back, so we focus on learning the market, understanding the market and solving key pain points instead of giving out a bunch of loans to chalk up high numbers and attract VCs.”

For example, though the platform may offer personal loans in the future, Teo said it currently only lends to SMEs because “we believe that we are strategically better suited to serving small businesses and, in terms of our company’s values, we think that serving SMEs is an expansionary effort. Consumer financing, in our personal view, is more consumptive finance. It doesn’t help grow economies.”

Many of the SMEs the company serves are very small. Some of its Indonesian borrowers, for example, make annual revenue of about $5,000 USD per year.

“Many of these borrowers are seeking their first business loan and do not have other sources of financing. A lot of financial institutions take a collateral underwriting approach and a lot of budding businesses would not be able to secure financing that way,” says Teo.

“But we also see some of them come to us as a form of top-up. They already have a bank loan, but it is insufficient for them, so they come to us because they are limited by the size of their collateral. Also, we are able to process financing faster than traditional institutions.”

Funding Societies was created to give SMEs, many of which had previously relied mostly on friends and family loans, access to more means of financing. The company points to a recent study by Ernst & Young, UOB and Dun & Bradstreet that says 65.2% of SMEs in Southeast Asia do not have easy access to traditional business financing, even though most are open to other options, including peer-to-peer lending platforms.

The company says it was the first online peer-to-peer lending platform in Malaysia and that based on third-party data, it is now the leading SME lending platform there, as well as one of Singapore’s three largest peer-to-peer lending platforms. It also holds sizable market share in Indonesia.

Though its platform uses algorithms for initial application screening, a significant portion of work, depending on loan size, is still done by Funding Societies’ employees, who have grown in number from 70 in 2016 to 165 now (Teo says the company is currently hiring in earnest and willing to pay relocation costs for promising talent). Almost all applicants talk directly to someone from the company. Micro-loans, which range in size from $500 USD to $40,000 USD, usually take about two business hours to approve and disburse, while applicants for larger loans may have to wait a few days to about a week.

“We’ve debated and discussed internally a lot if we leave too much money on the table, because our default rate is lower than certain banks in the markets we are serving, but given that we are still at a relatively nascent stage in the lending market and have no control over financial crises, it is more important to stay prudent than to grow recklessly,” says Teo.

This methodical approach is also important when entering new markets. Though many outside observers take the umbrella term “Southeast Asia” a little too literally, ignoring cultural differences between each country, Teo says it is still a fragmented market, so financial service companies need to localize carefully. When Funding Societies enters a new market, it can probably port about 50% of its tech and business model from its previous market, but the other half has to be built from ground up to account for economic and cultural differences, he adds.

“SME financing is a very localized business. With sufficient capital you can win the market and it’s really driven by subsidies and strong marketing,” Teo says. “But for SMEs, you really, really need to understand the local market.”

The Coinbase hiring spree continues. In the last week and a half, the company has picked up a new CTO, a new VP of communications, a global head of inclusion and now a new CFO. In a blog post today, the company announced the addition of Alesia Haas, who joins the team from New York-based alternative asset management firm Oz Management. Previously she held roles with Merrill Lynch and General Electric.

“I’m incredibly excited to have Alesia join Coinbase as our new CFO. She brings deep financial services experience to our growing company,” Coinbase CEO Brian Armstrong said of the hire.

“As a fintech company, finance is core to everything that we do. We plan to continue bringing the best and brightest from both finance and technology companies to help create an open financial system for the world.”

Coinbase’s other very recent hires:

• Balaji Srinivasan, Chief Technology Officer (April 16). Srinivasan joins through the company’s acquisition of Earn.com where he served as CEO.
• Rachael Horwitz, Vice President of Communications (April 9). Horowitz was a partner at Spark Capital.
• Tariq Meyers, new Coinbase Global Head of Belonging & Inclusion, formerly the head of diversity and inclusion at Lyft.

But that’s not all for Coinbase’s recent staff-up. The company also recently brought on board: Emilie Choi, Vice President of Corporate and Business Development, Tina Bhatnagar, Vice President of Operations and Technology and Eric Scro, Vice President of Finance. In a blog post, the company noted that it was “working quickly to expand our executive team” during the current period of extreme growth. While it’s certain that the company is undergoing some major growth, it’s also girding for potential regulation.

Earlier in April, Coinbase reportedly approached the SEC about the possibility of registering as a licensed brokerage firm and electronic trading venue. Such a move would allow Coinbase to invite coins currently under scrutiny for looking like securities into its elite ranks. If that comes to pass, the company could see a major expansion beyond the four coins (Bitcoin, Bitcoin Cash, Ethereum, Litecoin) that trade on the platform now, particularly a move toward bringing ERC20 tokens into the fold as the company signaled it would in late March.

Disclosure: The author holds a small position in some cryptocurrencies. Regrettably, it is not enough for a Lambo.

All of the procrastinating Pollys and Peters who waited til the last minute to file their taxes can breathe a sigh of relief. Thanks to today’s outage of direct payment systems at the Internal Revenue Service, folks are getting another day to get those taxes in.

The IRS is now saying that people can submit taxes through the end of the day on Wednesday, April 18, 2018.

“This is the busiest tax day of the year, and the IRS apologizes for the inconvenience this system issue caused for taxpayers,” said Acting IRS Commissioner David Kautter. “The IRS appreciates everyone’s patience during this period. The extra time will help taxpayers affected by this situation.”

Here’s the IRS statement:

The Internal Revenue Service announced today that it is providing taxpayers an additional day to file and pay their taxes following system issues that surfaced early on the April 17 tax deadline. Individuals and businesses with a filing or payment due date of April 17 will now have until midnight on Wednesday, April 18. Taxpayers do not need to do anything to receive this extra time.

The IRS encountered system issues Tuesday morning. Throughout the system outage, taxpayers were still able to file their tax returns electronically through their software providers and Free File. Taxpayers using paper to file and pay their taxes at the deadline were not affected by the system issue.

“This is the busiest tax day of the year, and the IRS apologizes for the inconvenience this system issue caused for taxpayers,” said Acting IRS Commissioner David Kautter. “The IRS appreciates everyone’s patience during this period. The extra time will help taxpayers affected by this situation.”

The IRS advised taxpayers to continue to file their taxes as normal Tuesday evening – whether electronically or on paper. Automatic six-month extensions are available to taxpayers who need additional time to file can visit https://www.irs.gov/forms-pubs/extension-of-time-to-file-your-tax-return.

While death and taxes may be life’s only certainties, the deadlines (at last for taxes) have become less certain thanks to buggy software.

As we reported earlier, the IRS doesn’t think anything nefarious was behind today’s outage of the site that specifically handles pay transfers from checking or savings accounts.