Month: June 2019

Facebook shut down its Research and Onavo programs after TechCrunch exposed how the company paid teenagers for root access to their phones to gain market data on competitors. Now Facebook is relaunching its paid market research program, but this time with principles — namely transparency, fair compensation, and safety. The goal? To find out what other competing apps and features Facebook should buy, copy, or ignore.

Today Facebook releases its “Study From Facebook” app for Android only. Some adults 18+ in the US and India will be recruited by ads on and off Facebook to willingly sign up to let Facebook collect extra data from them exchange for a monthly payment. They’ll be warned that Facebook will gather what apps are on their phone, how much time they spend using those apps, the app activity names of features they use in other apps, plus their country, device, and network type.

Facebook promises it won’t snoop on user IDs, passwords, or any of participants’ content including photos, videos, or messages. It won’t sell participants info to third parties, use it target ads, or add it to their account or the behavior profiles the company keeps on each user. Yet while Facebook writes that “transparency” is a major part of “Approaching market research in a responsible way”, it refuses to tell us how much participants will be paid.

“Study From Facebook” could give the company critical insights for shaping its product roadmap. If it learns everyone is using screensharing social network Squad, maybe it will add its own screensharing feature. If it finds group video chat app Houseparty is on the decline, it might not worry about cloning that functionality. Or if it finds Snapchat’s Discover mobile TV shows are retaining users for a ton of time, it might amp up teen marketing of Facebook Watch.

The launch shows Facebook’s boldness despite the threat of anti-trust regulation focusing on how it’s supressed competition through its acquisitions and copying. Democrat presidential candidates could use Study From Facebook as a talking point, noting how the company’s huge profits earned from its social network domination afford it a way to buy private user data to entrench its lead.

How Study From Facebook Works

Unlike Onavo or Facebook Research, users can’t freely sign up for Study. They have to be recruited through ads Facebook will show on its own app and others to both 18+ Facebook users and non-users in the US and India. That should keep out grifters and make sure the studies stay representative of Facebook’s user base. Eventually Facebook plans to extend the program to other countries.

If users click through the ad, they’ll be brought to Facebook’s research operations partner Applause’s website that clearly identifies Facebook’s involvement, unlike Facebook Research that hid that fact until users were fully registered.. There they’ll be explained how the Study app is opt-in, what data they’ll give up in exchange for what compensation, and that they can opt-out at any time. They’ll need to confirm their age, have a PayPal account that are only supposed to be available to users 18 and over, and Facebook will cross-check the age to make sure it matches the person’s Facebook profile if they have one. They won’t have to sign and NDA like with the Facebook Research program.

Anyone can download the Study From Facebook app from Google Play, but only those who’ve been approved through Applause will be able to log in and unlock the app. It will again explain what Facebook will collect, and ask for data permissions. The app will send periodic notifications to users reminding them they’re selling their data to Facebook and offering them an opt-out. Study From Facebook will use standard Google-approved APIs and won’t use a VPN, SSL bumping, root access, enterprise certificates, or permission profiles you install on your device like the Research Program that ruffled feathers.

At 15 years old, Facebook is at risk of losing touch with what the next generation wants out of their phones. Rather than trying to guess based on their activity on its own app, it’s putting its huge wallet to work so it can pay for edge on the competition.

In a talk at the Uber Elevate summit in Washington, DC today, US Department of Transportation Secretary Elaine Chao shared a total overall figure for ongoing testing of autonomous vehicles on U.S roads: Over 1,400 self-driving cars, trucks and other vehicles are currently in testing by over 80 companies across 36 US states, plus DC itself.

This puts some sense of overall scale to the work being done to test and develop self-driving car tech in the US. For context, note that in California, one of the first states to have implemented AV testing on public roads, currently has 62 companies registered to perform testing – which represents a significant chunk of that 80+ figure provided by Secretary Chao.

Chao also shared that there are over 1.59 million registered drones currently in the U.S., of which more than 372,000 are classified as commercial, wth over 136,000 registered commercial drone operators also on the books. That represents a net new job category, Chao noted.

The secretary also later emphasized that the DoT over which she provides and the current administration aims to be “tech natural, and not command and control” and that the department is not “in the business of picking winners and losers,” something she said the assembled audience of mostly private-sector attendants would be “so pleased to hear.

Under Chao, the DoT has introduced and continues to overhaul guidelines, rules and programs that favor and unblock industry and commercial access to autonomous driving, drone operation and spacecraft launch capabilities. Recently, Chao has come under fire for potential conflict of interest related to use of her position.

Mozilla’s Firefox is getting a new logo that is meant to reflect that the brand now stands for more than a browser.

With products like its password manager Lockwise, private file sharing service Send and security tools like Firefox Monitor, Mozilla has greatly expanded the brand. That’s a challenge no branding expert can refuse, so it’s no surprise the organization went on a quest for new logos and an update to its iconic Firefox brand.

In its announcement, Mozilla talks a lot about how the brand system rests on ideas like ‘it’s a radical act to be optimistic about the future of the internet’ and ‘we make transparency and a global perspective integral to our brand, speaking many languages and striving to reflect all vantage points.’

The result of this exercise is an updated Firefox logo that takes the fox out of the equation and basically only leaves the tail. To confuse things, though, that’s the brand for the overall Firefox brand — the browser itself still features a stylized fox wrapped around a ball.

That’s been the overall evolution of the brand in recent years anyway, so it’s not all that radical a change. Other Mozilla products use the same color palette, yet with a different system of shapes and a new typeface.

“As a living brand, Firefox will never be done,” Mozilla writes today. “It will continue to evolve as we change and the world changes around us.”

What’s probably more important, though, is that the Firefox browser tech continues to evolve in step with its competitors. After a long slog, Firefox is finally a competitive browser again. The last time this happened, Mozilla lost focus by trying to build a mobile operating system and lots of other side-projects. This time around, it seems to have a clearer mission that centers around privacy, so hopefully, it’ll be able to avoid the pitfalls of branching out well beyond the browser.

A legal challenge to the UK’s controversial mass surveillance regime has revealed shocking failures by the main state intelligence agency, which has broad powers to hack computers and phones and intercept digital communications, in handling people’s information.

The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament.

Today Liberty has put more meat on the bones of the finding of serious legal breaches in how MI5 handles personal data, culled from newly released (but redacted) documents that it says describe the “undoubtedly unlawful” conduct of the UK’s main security service which has been retaining innocent people’s data for years.

The series of 10 documents and letters from MI5 and the Investigatory Powers Commissioner’s Office (IPCO), the body charged with overseeing the intelligence agencies’ use of surveillance powers, show that the spy agency has failed to meet its legal duties for as long as the IPA has been law, according to Liberty.

The controversial surveillance legislation passed into UK law in November 2016 — enshrining a system of mass surveillance of digital communications which includes a provision that logs of all Internet users’ browsing activity be retained for a full year, accessible to a wide range of government agencies (not just law enforcement and/or spy agencies).

The law also allows the intelligence agencies to maintain large databases of personal information on UK citizens, even if they are not under suspicion of any crime. And sanctions state hacking of devices, networks and services, including bulk hacking on foreign soil. It also gives U.K. authorities the power to require a company to remove encryption, or limit the rollout of end-to-end encryption on a future service.

The IPA has faced a series of legal challenges since making it onto the statute books, and the government has been forced to amend certain aspects of it on court order — including beefing up restrictions on access to web activity data. Other challenges to the controversial surveillance regime, including Liberty’s, remain ongoing.

The newly released court documents include damning comments on MI5’s handling of data by the IPCO — which writes that: “Without seeking to be emotive, I consider that MI5’s use of warranted data… is currently, in effect, in ‘special measures’ and the historical lack of compliance… is of such gravity that IPCO will need to be satisfied to a greater degree than usual that it is ‘fit for purpose'”.”

Liberty also says MI5 knew for three years of failures to maintain key safeguards — such as the timely destruction of material, and the protection of legally privileged material — before informing the IPCO.

Yet a key government sales pitch for passing the legislation was the claim of a ‘world class’ double-lock authorization and oversight regime to ensure the claimed safeguards on intelligence agencies powers to intercept and retain data.

So the latest revelations stemming from Liberty’s legal challenge represent a major embarrassment for the government.

“It is of course paramount that UK intelligence agencies demonstrate full compliance with the law,” the home secretary wrote in the statement last month, before adding his own political spin: “In that context, the interchange between the Commissioner and MI5 on this issue demonstrates that the world leading system of oversight established by the Act is working as it should.”

Liberty comes to the opposite conclusion on that point — emphasizing that warrants for bulk surveillance were issued by senior judges “on the understanding that MI5’s data handling obligations under the IPA were being met — when they were not”.

“The Commissioner has pointed out that warrants would not have been issued if breaches were known,” it goes on. “The Commissioner states that “it is impossible to sensibly reconcile the explanation of the handling of arrangements the Judicial Commissioners [senior judges] were given in briefings…with what MI5 knew over a protracted period of time was happening.”

So, basically, it’s saying that MI5 — having at best misled judges, whose sole job it is to oversee its legal access to data, about its systematic failures to lawfully handle data — has rather made a sham of the entire ‘world class’ oversight regime.

Liberty also flags what it calls “a remarkable admission to the Commissioner” — made by MI5’s deputy director general — who it says acknowledges that personal data collected by MI5 is being stored in “ungoverned spaces”. It adds that the MI5 legal team claims there is “a high likelihood [of material] being discovered when it should have been deleted, in a disclosure exercise leading to substantial legal or oversight failure”.

“Ungoverned spaces” is not a phrase that made it into Javid’s statement last month on MI5’s “compliance risks”.

But the home secretary did acknowledge: “A report of the Investigatory Powers Commissioner’s Office suggests that MI5 may not have had sufficient assurance of compliance with these safeguards within one of its technology environments.”

Javid also said he had set up “an independent review to consider and report back to me on what lessons can be learned for the future”. Though it’s unclear whether that report will be made public. 

We reached out to the Home Office for comment on the latest revelations from Liberty’s litigation. But a spokesman just pointed us to Javid’s prior statement. 

In a statement, Liberty’s lawyer, Megan Goulding, said: “These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so. This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history.

“It is unacceptable that the public is only learning now about these serious breaches after the Government has been forced into revealing them in the course of Liberty’s legal challenge. In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the Government’s surveillance regime.

“And, despite a light being shone on this deplorable violation of our rights, the Government is still trying to keep us in the dark over further examples of MI5 seriously breaching the law.”

Bad news: Radiohead was hacked.

Last week, a hacker stole the band’s lead singer Thom Yorke’s private minidisk archive from the band’s third album and subsequent major worldwide hit, OK Computer. The hacker demanded for $150,000 or they’d release it.

Stuck between a ransom and a hard place, Radiohead released the tapes themselves.

The recordings were “never intended for public consumption” and “only tangentially interesting,” the band said in a post on Facebook. But “instead of complaining – much – or ignoring it, we’re releasing all 18 hours on Bandcamp” in aid of Extinction Rebellion, a climate change group.

Until the end of the month, the stolen recordings will be available for £18 ($23).

There is, though, a lesson to be learned. Holding files for ransom is more common today than ever thanks to ransomware. The event isn’t too dissimilar from a ransomware event. Pay the ransom or lose your files — or worse, have them spread all over the internet. That’s a business’ worst nightmare. We’ve seen ransomware destroy the computer networks of some of the largest companies around the world, like Arizona Beverages, Norsk Hydro, and shipping giant Maersk. Ransomware is now a multi-billion dollar business, and it’s growing.

But in any ransom-type situation, the FBI has long told victims of ransomware to never pay. Security experts agree. Simply put, you run the risk of losing your files even if they pay the demand.

ProPublica recently found that even some of the largest ransomware recovery companies are quietly paying the ransom — and passing on the costs to the victim — with mixed results. In many cases, paying the demand failed to recover the files.

If there’s one lesson from the Radiohead hack, never pay the ransom. Better yet, plan for the worst and have a backup just in case.

Bad news: Radiohead was hacked.

Last week, a hacker stole the band’s lead singer Thom Yorke’s private minidisk archive from the band’s third album and subsequent major worldwide hit, OK Computer. The hacker demanded for $150,000 or they’d release it.

Stuck between a ransom and a hard place, Radiohead released the tapes themselves.

The recordings were “never intended for public consumption” and “only tangentially interesting,” the band said in a post on Facebook. But “instead of complaining – much – or ignoring it, we’re releasing all 18 hours on Bandcamp” in aid of Extinction Rebellion, a climate change group.

Until the end of the month, the stolen recordings will be available for £18 ($23).

There is, though, a lesson to be learned. Holding files for ransom is more common today than ever thanks to ransomware. The event isn’t too dissimilar from a ransomware event. Pay the ransom or lose your files — or worse, have them spread all over the internet. That’s a business’ worst nightmare. We’ve seen ransomware destroy the computer networks of some of the largest companies around the world, like Arizona Beverages, Norsk Hydro, and shipping giant Maersk. Ransomware is now a multi-billion dollar business, and it’s growing.

But in any ransom-type situation, the FBI has long told victims of ransomware to never pay. Security experts agree. Simply put, you run the risk of losing your files even if they pay the demand.

ProPublica recently found that even some of the largest ransomware recovery companies are quietly paying the ransom — and passing on the costs to the victim — with mixed results. In many cases, paying the demand failed to recover the files.

If there’s one lesson from the Radiohead hack, never pay the ransom. Better yet, plan for the worst and have a backup just in case.

“You’re probably asking, ‘what is a gaming browser?’ ” Opera PM Maciek Kocemba says in the opening of the Opera GX introduction video. Fair enough. My first thought when the Norwegian browser company mentioned the concept to me was something akin Google Stadia, with remote game streaming.

Turns out a gaming browser — in this instance at least — is more about providing a custom browser for PC gamers, rather than a browser that does the heavy lifting for gaming itself. Instead, the system is more interest in minimizing system requirements as gamers game.

The browser’s central feature is the GX Control panel, which lets users determine how much of the system’s CPU and RAM are allotted to the browser. The idea being that gamers can, say, stream content from Twitch while playing, without slowing their computer to a crawl.

“Running a game might require a lot of effort from your machine. Even more so if you are streaming while you play,” says Kocemba in a release tied to today’s E3 announcement. “Before Opera GX, gamers often shut down their browsers in order to not slow down their gaming experience. We came up with the GX Control feature to make people’s games run more smoothly without requiring them to compromise on what they do on the Web.”

The other big piece here is Twitch integration, letting users log in to the service directly from the bowser sidebar. They’ll also get notifications when streamers they follow go live. There are various other touches through out, including “sounds and animation inspired by gaming consoles” and other customizable design features.

You probably think this is all all pretty gimmicky, and honestly, you’re not really wrong. Those who are interested can check out early access to browser at E3 this week.

It’s been just over a year since Microsoft bought GitHub for $7.5 billion, but the company has grown in that time, and today it announced that it has hired former Bitnami COO and cofounder, Erica Brescia to be its COO.

Brescia handled COO duties at Bitnami from its founding in 2011 until it was sold to VMware last month. In a case of good timing, GitHub was looking to fill its COO role and after speaking to CEO Nat Friedman, she believed it was going to be a good fit. The GitHub mission to provide a place for developers to contribute to various projects fits in well with what she was doing at Bitnami, which provided a way to deliver software to developers in the form of packages such as containers or Kubernetes Helm charts.

She sees that experience of building a company, of digging in and taking on whatever roles the situation required, translating well as she takes over as COO at a company that is growing as quickly as GitHub. “I was really shocked to see how quickly GitHub is still growing, and I think bringing that kind of founder mentality, understanding where the challenges are and working with a team to come up with solutions, is something that’s going to translate really well and help the company to successfully scale,” Brescia told TechCrunch.

She admits that it’s going to be a different kind of challenge working with a company she didn’t help build, but she sees a lot of similarities that will help her as she moves into this new position. Right after selling a company, she obviously didn’t have to take a job right away, but this one was particularly compelling to her, too much so to leave on the table.

“I think there were a number of different directions that I could have gone coming out of Bitnami, and GitHub was really exciting to me because of the scale of the opportunity and the fact that it’s so focused on developers and helping developers around the world, both open source and enterprise, collaborate on the software that really powers the world moving forward,” she said.

She says as COO at a growing company, it will fall on her to find more efficient ways to run things as the company continues to scale. “When you have a company that’s growing that quickly, there are inevitably things that probably could be done more efficiently at the scale, and so one of the first things that I plan on spending time in on is just understanding from the team is where the pain points are, and what can we do to help the organization run like a more well oiled machine.”

Goodwill and mobile marketplace app OfferUp have announced a new partnership focused on bringing Goodwill’s secondhand inventory to the millions of OfferUp shoppers, for both local pickup and delivery. The deal sees over 100 Goodwill stores listing their inventory in OfferUp in New York, New Jersey, San Francisco, San Mateo and Marin Counties, South Florida, Greater Detroit, San Antonio, and Central and Southern Indiana.

The move brings Goodwill’s pre-owned inventory to a modern mobile e-commerce platform, allowing staff to track sales, and view the real-time flow of products, payments, and data in one interface.

However, it’s not the first time Goodwill has gone online. The organization today runs its own e-commerce site, ShopGoodwill.com, and many of its local stores have a presence on eBay.

Via OfferUp, mobile users will now be able to browse their Goodwill’s local inventory in the app alongside other sellers’ content. New items will be uploaded regularly, and listed under the regional Goodwill handles so customers know they’re buying from Goodwill as opposed to an individual seller. These handles will feature a “Verified Business” badge, as well, and the profiles will include helpful information like the store hours, address, and an “about us” section.

The partnership is powered by OfferUp’s new API, currently in beta testing, and Upright Labs’ Lister software, which handles the inventory uploads to OfferUp.

Goodwill will be responsible for managing its listings, including the product images, shipping, order management, financial reporting, and auditing. It’s largely using OfferUp as another sales channel, instead of relying largely on foot traffic to its brick-and-mortar locations.

Like any other OfferUp user, Goodwill doesn’t have a financial relationship with the mobile marketplace.

If a customer buys a Goodwill item, they can go to their local store and pay with cash with no fee. However, if they choose to have the item shipped, OfferUp charges a 9.9% fee to cover shipping and handling across the 48 contiguous U.S. states. This is the same fee any other seller would pay on OfferUp.

The individual Goodwill stores can choose whether or not to offer shipping, the company also says. Some may opt to ship smaller items, like tech, games, or jewelry, but only allow for local pickup if it’s a larger item, like furniture.

The two organizations had already been testing the system ahead of today’s formal announcement about availability. Though early, several Goodwill locations are reporting positive outcomes.

“We started to list furniture and other items from our stores on OfferUp in January, and the early results have been great. The majority of the items we post on OfferUp sell within 72 hours, and some have sold in as quickly as 10 minutes after being listed on the app,” said Jay Lytle, Vice President and Chief Information Officer, Goodwill of Central & Southern Indiana. “The exposure of our high-quality donations to so many new customers, coupled with the feedback and engagement we’ve experienced on OfferUp, has been tremendous for us,” he added.

“Potential shoppers were unaware of the great inventory that our local stores have for sale,” said Goodwill South Florida CEO David Landsberg, in a related statement. “OfferUp allows us to showcase large, pickup only inventory and increase foot traffic to stores. This also translates into new donors, and helps us fulfill our mission of training and employing people with disabilities and other barriers to work here in South Florida.”

OfferUp says it forged the deals with the individual stores in the supported regions, not at a national level, because Goodwill stores operate independently and because employee bandwidth and resources vary by store.

“Every store is looking to increase foot traffic, along with sales, and the leaders we’ve worked with manage multiple stores in heavily-trafficked markets,” an OfferUp spokesperson explains. “With the OfferUp API and Upright Lab’s Listing Tool, employees can take a picture using a mobile device and instantly upload to OfferUp, so it’s improved the flow of receiving and selling their items,” they added.

 

Uber is partnering with mobile network operator AT&T on the always-on connectivity it’ll require for its aerial transportation service network. The on-demand mobility company announced the team-up at its annual ‘Elevate’ summit, which brings together a number of key players working towards making affordable, accessible in-city aerial transit a reality.

Uber said that it’s already working with AT&T on the network it’ll use for Uber Copter, the Manhattan-to-JFK helicopter-based service that it’s launching in New York in July. The service is promising connection with ground transportation at both ends, and it’s also anticipating travel times and working backwards to provide transportation on-demand as needed to get passengers to their destination at the time they request. So, for instance, Uber Copter customers could say they need to be at JFK by 5 PM and the app will figure out when they need to get a car to get to the heliport to make that work.

This is just the first step in a broader-ranging partnership Uber Elevate Head of Product Nikhil Goel described that will eventually scale to cover all of its needs for Uber Air, the service it aims to provide that will provide on-demand short-distance air travel within cities, with a targeted launch timeframe of 2023. Goal noted that this will also include leveraging AT&T’s 5G network as it rolls out, which should provide exactly the kind of high-bandwidth, always-on reliability needed for this kind of aerial and ground-based integrated transportation network.