Year: 2019

A YC startup called GBatteries has come out of stealth with a bold claim: they can recharge an electric car as quickly as it takes to full up a tank of gas.

Created by aerospace engineer Kostya Khomutov, electrical engineers Alex Tkachenko and Nick Sherstyuk, and CCO Tim Sherstyuk, the company is funded by the likes of Airbus Ventures, Initialized Capital, Plug and Play, and SV Angel.

The system uses AI to optimize the charging systems in electric cars.

“Most companies are focused on developing new chemistries or materials (ex. Enevate, Storedot) to improve charging speed of batteries. Developing new materials is difficult, and scaling up production to the needs of automotive companies requires billions of $,” said Khomutov. “Our technology is a combination of software algorithms (AI) and electronics, that works with off-the-shelf Li-ion batteries that have already been validated, tested, and produced by battery manufacturers. Nothing else needs to change.”

The team makes some bold claims. The product allows users to charge a 60kWh EV battery pack with 119 miles of range in 15 minutes as compared to 15 miles in 15 minutes today. “The technology works with off-the-shelf lithium ion batteries and existing fast charge infrastructure by integrating via a patented self-contained adapter on a car charge port,” writes the team. They demonstrated their product at CES this year.

Most charging systems depend on fairly primitive systems for topping up batteries. Various factors – including temperature – can slow down or stop a charge. GBatteries manages this by setting a very specific charging model that “slows down” and “speeds up” the charge as necessary. This allows the charge to go much faster under the right conditions.

The company bloomed out of frustration.

“We’ve always tinkered with stuff together since before I was even a teenager, and over time had created a burgeoning hardware lab in our basement,” said Sherstyuk. “While I was studying Chemistry at Carleton University in Ottawa, we’d often debate and discuss why batteries in our phones got so bad so rapidly – you’d buy a phone, and a year later it would almost be unusable because the battery degraded so badly.”

“This sparked us to see if we can solve the problem by somehow extending the cycle life of batteries and achieve better performance, so that we’d have something that lasts. We spent a few weeks in our basement lab wiring together a simple control system along with an algorithm to charge a few battery cells, and after 6 months of testing and iterations we started seeing a noticeable difference between batteries charged conventionally, and ones using our algorithm. A year and a half later of constant iterations and development, we applied and were accepted in 2014 into YC.”

While it’s not clear when this technology will hit commercial vehicles, it could be the breakthrough we all need to start replacing our gas cars with something a little more environmentally-friendly.

While the DoD is in the process of reviewing the $10 billion JEDI cloud contract RFPs (assuming the work continues during the government shutdown), Microsoft continues to build up its federal government security bona fides, regardless.

Today the company announced it has achieved the highest level of federal government clearance for the Outlook mobile app, allowing US Government Community Cloud (GCC) High and Department of Defense employees to use the mobile app. This is on top of FedRamp compliance, the company achieved last year.

“To meet the high level of government security and compliance requirements, we updated the Outlook mobile architecture so that it establishes a direct connection between the Outlook mobile app and the compliant Exchange Online backend services using a native Microsoft sync technology and removes middle tier services,” the company wrote in a blog post announcing the update.

The update will allows these highly security-conscious employees to access some of the more recent updates to Outlook Mobile such as the ability to add a comment when canceling an event.

This is in line with government security updates the company made last year. While none of these changes are specifically designed to help win the $10 billion JEDI cloud contract, they certainly help make a case for Microsoft from a technology standpoint

As Microsoft corporate vice president for Azure, Julia White stated in a blog post last year, which we covered, “Moving forward, we are simplifying our approach to regulatory compliance for federal agencies, so that our government customers can gain access to innovation more rapidly,” White wrote at the time. The Outlook Mobile release is clearly in line with that.

Today’s announcement comes after the Pentagon announced just last week that it has awarded Microsoft a separate large contract for $1.7 billion. This involves providing Microsoft Enterprise Services for the Department of Defense (DoD), Coast Guard and the intelligence community, according to a statement from DoD.

All of this comes ahead of decision on the massive $10 billion, winner-take-all cloud contract. Final RFPs were submitted in October and the DoD is expected to make a decision in April. The process has not been without controversy with Oracle and IBM submitting a formal protests even before the RFP deadline — and more recently, Oracle filing a lawsuit alleging the contract terms violate federal procurement laws. Oracle has been particularly concerned that the contract was designed to favor Amazon, a point the DoD has repeatedly denied.

Home trade-in platform Knock has brought in a $400 million investment to accelerate a national expansion and double its 100-person headcount.

Foundry Group has led the Series B funding round in New York-based Knock, with participation from Company Ventures and existing investors RRE Ventures, Corazon Capital, WTI and FJ Labs . Knock co-founder and chief executive officer Sean Black declined to disclose the startup’s valuation.

Founded in 2015, Knock helps its customers find a new home, then buys it for them outright in cash. That way home-buyers — who are often in the process of selling an old home and purchasing a new home at the same time — are able to move into their new home before listing their old one. Knock doesn’t purchase your old home but it does help with repairs in hopes of getting its customers the most value out of the sale. Ultimately, Knock receives a 3 percent commission from both the buyer and the seller of the original home.

“We are trying to make it as easy to trade in your house as it is to trade in your car,” Black told TechCrunch.

Knock is led by founding team members of Trulia, a platform for real estate listings, including Black and co-founder and chief operating officer Jamie Glenn. The pair wanted to build an end-to-end market place where people could trade in their homes at a reduced cost, with less stress and uncertainty.

“Good luck finding anyone who’s bought or sold a home and said they had a great experience doing it,” Black said. “It’s something people just hate and dread. We can make it better and faster and transparent and stress-free.”

The investment in Knock comes amid consistent year-over-year growth in venture capital deals for real estate technology companies. According to PitchBook, deal count in the sector has been increasing since 2010, with 351 deals closing in 2018 — a record for the space. Capital invested looks to be leveling out, with $5 billion funneled into global real estate tech startups in 2017 and $4.65 billion invested last year.

“We are at that part of the evolution cycle of the internet; the low-hanging fruit has been taken,” Black explained. “[Real estate] is so inefficient. Mostly consumers have no idea what is going on. They have no sense of control or empowerment. I just think it’s ripe for disruption.”

SoftBank is responsible for the largest deals in the space as an investor in Knock’s biggest competitors. The Vision Fund has deployed capital to both Compass and Opendoor in rounds that valued the companies at $4.4 billion and north of $2 billion, respectively. Katerra, a construction tech startup also backed by the Vision Fund, is said to be raising an additional $700 million from the prolific Japanese investor at a more than $4 billion valuation, per a recent report from The Information.

Knock previously raised a $32 million Series A in January 2017 in a round led by RRE Ventures, and is currently active in Atlanta, Charlotte, Raleigh-Durham, Dallas and Fort Worth.

Roku has just made a bad decision with regard to its growing advertising business by associating its brand with the toxic conspiracy theorist, Alex Jones. As Digiday first reported this morning, Roku has chosen to add the Infowars live show hosted by Jones to the Roku platform as a supported channel, much to the disgust of customers now hammering the company on its social media platforms.

The company, apparently, is opting for the “we’re a neutral platform” defense in the matter, despite the fact that most major platforms have backed away from this stance with regard to Jones.

Apple, Facebook, Spotify, YouTube, Twitter, Periscope, Stitcher, Pinterest, LinkedIn, and even YouPorn have removed Infowars from their respective platforms.

The decision to allow the channel comes at a time when Jones and Infowars are in the headlines again because of a recent update in the legal battle between the Sandy Hook families and the Infowars program. The families are suing the conspiracy theorist for spreading the false claim that the school shooting was an elaborate hoax, and that Infowars peddled these stories to stoke fear and sell more products like survivalist gear and gun paraphernalia, The New York Times reports.

A judge has ordered Infowars to turn over internal documents to the families that relate to its business plan or marketing strategies, the shooting itself, crisis actors, or mass shootings in general.

Roku’s decision to allow the channel at all is a poor one not only in terms of taking a moral stance on complicated matters (if you’re of the mindset that’s something companies should do) – it seems to go against Roku’s own policy that bans content which is “unlawful, incites illegal activities or violates third-party rights.”

This is the same general premise that saw Infowars banned everywhere else.

Because of Jones’ claims, the Sandy Hook families have received death threats and have been continually harassed, even offline. Jones has also promoted other theories that led to violence, like Pizzagate.

Roku’s position, seemingly, is that the channel hasn’t done any bad stuff yet on its platform, never mind its past.

Many Roku customers on social media are threatening to boycott. A search for terms including “roku,” “boycott,” and others related to the news are picking up speed on Twitter, the #boycottroku hashtag has just now re-appeared, as well. (It was used previously by customers protesting the NRA channel.)

Given Amazon Fire TV and Roku’s tight race and Roku’s hunt for ad revenue through newer initiatives like its Roku Channel, a boycott could have material impact. (It looks like Amazon picked the right day to launch its updated Fire TV Stick with the new Alexa remote. At $40, it’s not going to be hard for consumers to switch streamers, if it comes to that.)

Roku has become one of the top streaming media device makers in the U.S. and globally, recently having reached nearly 24 million registered users. Digiday notes that it’s projected to generate $293 million in advertising in 2018, per eMarketer, putting it just behind Hulu.

Apparently, Roku believes it can distance itself from the content it hosts on its platform.

That’s not a good look for advertisers, however, many who won’t want their brand appearing anywhere near Infowars. And because Roku runs ads right on its homescreen, that means advertisers’ content can actually sit directly beside the Infowars channel icon, if not in the program itself. It may also make advertisers hesitant to work with Roku on other initiatives because it shows a lack of understanding over how to manage brand safety, and because they fear a consumer backlash.

Roku’s full statement is below:

Our streaming platform allows our customers to choose from thousands of entertainment, news and special interest channels, representing a wide range of topics and viewpoints. Customers choose and control which channels they download or watch, and parents can set a pin to prevent channels from being downloaded. While the vast majority of all streaming on our platform is mainstream entertainment, voices on all sides of an issue or cause are free to operate a channel. We do not curate or censor based on viewpoint.

We are not promoting or being paid to distribute InfoWars. We do not have a commercial relationship with the InfoWars.

While open to many voices, we have policies that prohibit the publication of content that is unlawful, incites illegal activities or violates third-party rights, among other things. If we determine a channel violates these policies, it will be removed. To our knowledge, InfoWars is not currently in violation of these content policies.

Getaround is getting around the courthouse. One of the car-sharing startup’s early investors, Geoffrey Shmigelsky, is suing the company, alleging fraud and unfair conduct.

“Our client supported Getaround and Mr. Zaid from the very start, only to be swindled out of $1.785 million that went straight into the pockets of Mr. Zaid’s family and friends, as we allege,” Gaw | Poe LLP Partner Samuel Song said in a statement. “Our client deserved better than this from a person he had supported and trusted for years, and we’ll do what it takes to get what rightfully belongs to him.”

Getaround, however, says “these claims are totally unfounded and we’re looking to get the case dismissed,” Getaround Director of Marketing Communications Jacqueline Tanzella told TechCrunch over the phone.

Specifically, the lawsuit alleges Getaround executives tricked Shmigelsky into selling his shares to their friends and family for $1.79 million less “than what they knew they were worth.” Early last year, investors became interested in purchasing Shmigelsky’s shares, the lawsuit states. But because Getaround is still a private company with scarce public financial information, “they struggled to value Plaintiff’s shares.” That’s when Shmigelsky said he asked Getaround CEO Sam Zaid for the information.

The lawsuit alleges:

Mr. Zaid saw an opportunity and agreed to help. Getaround had a contractual right of refusal to purchase any shares Plaintiff tried to sell, under the same terms and conditions of any sales agreement that Plaintiff entered into with a prospective buyer. Thus, Mr. Zaid was in a position to provide information designed to drive down the value of Plaintiff’s shares, and if Plaintiff agreed to a transaction at a lower price, Mr. Zaid could cause Getaround to exercise its right of first refusal to buy Plaintiff’s shares at a large discount off its true value. Moreover, since Getaround also had the right to assign its right of first refusal to whoever it wanted, Mr. Zaid could cause Getaround to exercise its right to purchase Plaintiff’s shares (at a discounted price) and then gift that opportunity to Mr. Zaid’s friends and family.

Based on the information Zaid and Getaround CFO Adam Kosmicki provided him, Shmigelsky alleges he sold 300,000 shares at $1.80 per share. He also alleges Zaid and Kosmicki concealed the information that Getaround was on the verge of closing an $18 million funding round priced at $7.75 per share. After allegedly invoking its right of refusal, Getaround bought back Shmigelsky’s shares at $1.80 per share.

But since those deals were not yet finalized and still in discussions, Tanzella said, “we were legally bound not to disclose anything that wasn’t complete and to fruition.”

Getaround then allegedly allowed Zaid and Getaround CTO Elliot Kroo’s family and friends to buy those shares for $540,000. Had that stake been valued at $7.75 per share, Shmigelsky would’ve made $2.33 million.

“It’s a really unfortunate situation,” Tanzella said. “I know the team did the best they could.”

Getaround also pointed out that the company helped facilitate the sale of Shmigelsky’s shares on the secondary market five times.

“This complaint seems to be driven by seller’s remorse,” Tanzella said.

Shmigelsky seeks no less than $1.79 million for compensatory and special damages. Getaround, however, does “plan on having this fully dismissed in court,” Tanzella said.

You can read the full complaint below.

AWS has been on a mini shopping spree since the first of the year. First it picked off Israeli disaster recovery startup CloudEndure last week. This week, it was TSO Logic, a Vancouver startup that helps companies make the most efficient use of cloud resources.

The companies did not share the purchase price.

Amazon confirmed the purchase by email and referred to the statement on the TSO Logic website from CEO Aaron Rallo. “We are very pleased to share the news that TSO Logic will be joining the AWS family,” Rallo wrote in the statement.

The company takes data about workloads and applications and helps customers find the most efficient place to run them by measuring requirements like resource needs against cost to find the right balance at any given time.

They can even balance workloads between public and private clouds, which could come in handy with Amazon’s new Outposts product, announced in November at AWS re:Invent, that enables companies to run AWS workloads on-prem, as well as in the cloud.

TSO Logic is part of a growing body of startups who use data to find ways to optimize cloud workloads, sometimes even using spot instances to move workloads to cheaper cloud options to save customers money.

As companies move increasing numbers of workloads to the cloud, it becomes more difficult to understand, manage and control costs. Tools like TSO Logic are designed to help customers  make more efficient use of cloud resources.

Microsoft bought Cloudyn, a startup that provides a similar service, in 2017. As the large cloud infrastructure vendors jockey for position, these types of services offerings should become more commonplace, and it’s far easier for companies like Microsoft and Amazon to simply open up the checkbook than it is to build it themselves.

An Amazon spokesperson indicated that the company will remain in place in Vancouver and all of the TSO Logic employees have been offered positions with Amazon.

Instagram has been earning money from businesses flooding its social network with spam notifications. Instagram hypocritically continues to sell ad space to services that charge clients for fake followers or that automatically follow/unfollow other people to get them to follow the client back. This is despite Instagram reiterating a ban on these businesses in November and threatening the accounts of people who employ them.

A TechCrunch investigation initially found 17 services selling fake followers or automated notification spam for luring in followers that were openly advertising on Instagram despite blatantly violating the network’s policies. This demonstrates Instagram’s failure to adequately police its app and ad platform. That neglect led to users being distracted by notifications for follows and Likes generated by bots or fake accounts. Instagram raked in revenue from these services while they diluted the quality of Instagram notifications and wasted people’s time.

In response to our investigation, Instagram tells me it’s removed all ads as well as disabled all the Facebook Pages and Instagram accounts of the services we reported were violating its policies. Pages and accounts that themselves weren’t in violation but whose ads were have been banned from advertising on Facebook and Instagram. However, a day later TechCrunch still found ads from two of these services on Instagram, and discovered five more companies paying to promote policy-violating follower growth services.

This raises a big question about whether Instagram properly protects its community from spammers. Why would it take a journalist’s investigation to remove these ads and businesses that brazenly broke Instagram’s rules when the company is supposed to have technical and human moderation systems in place? The Facebook-owned app’s quest to “move fast” to grow its user base and business seems to have raced beyond what its watchdogs could safeguard.

Hunting Spammers

I first began this investigation a month ago after being pestered with Instagram Stories ads by a service called GramGorilla. The slicked-back hipster salesmen boasted how many followers he gained with the service and that I could pay to do the same. The ads linked to the website of a division of Krends Marketing where for $46 to $126 per month, it promised to score me 1000 to 2500 Instagram followers.

Some apps like this sell followers directly, though these are typically fake accounts. They might boost your follower count (unless they’re detected and terminated) but won’t actually engage with your content or help your business, and end up dragging down your metrics so Instagram shows your posts to fewer people. But I discovered that GramGorilla/Krends and the majority of apps selling Instagram audience growth do something even worse.

You give these scammy businesses your Instagram username and password, plus some relevant topics or demographics, and they automatically follow and unfollow, like, and comment on strangers’ Instagram profiles. The goal is to generate notifications those strangers will see in hopes that they’ll get curious or want to reciprocate and so therefore follow you back. By triggering enough of this notification spam, they trick enough strangers to follow you to justify the monthly subscription fee.

That pissed me off. Facebook, Instagram, and other social networks send enough real notifications as is, growth hacking their way to more engagement, ad views, and daily user counts. But at least they have to weigh the risk of annoying you so much that you turn off notifications all together. Services that sell followers don’t care if they pollute Instagram and ruin your experience as long as they make money. They’re classic villains in the ‘tragedy of the commons’ of our attention.

This led me to start cataloging these spam company ads, and I was startled by how many different ones I saw. Soon, Instagram’s ad targeting and retargeting algorithms were backfiring, purposefully feeding me ads for similar companies that also violated Instagram’s policies.

The 17 services selling followers or spam that I originally indexed were Krends Marketing / GramGorilla, SocialUpgrade, MagicSocial, EZ-Grow, Xplod Social, Macurex, GoGrowthly, Instashop / IG Shops, TrendBee, JW Social Media Marketing, YR Charisma, Instagrocery, SocialSensational, SocialFuse, WeGrowSocial, IGWildfire, and GramFlare. TrendBee and GramFlare were found to still be running Instagram ads after the platform said they’ve been banned from doing so. Upon further investigation after Instagram’s supposed crackdown, I discovered five more services sell prohibited growth services: FireSocial, InstaMason/IWentMissing, NexStore2019, InstaGrow, and Servantify.

Knowingly Poisoning The Well

I wanted to find out if these companies were aware that they violate Instagram’s policies and how they justify generating spam. Most hide their contact info and merely provide a customer support email, but eventually I was able to get on the phone with some of the founders.

“What we’re doing is obviously against their terms of service” said GoGrowthly’s co-founder who refused to provide their name. “We’re going in and piggybacking off their free platform and not giving them any of the revenue. Instagram doesn’t like us at all. We utilize private proxies depending on clients’ geographic location. That’s sort of our trick to reduce any sort of liability” so clients’ accounts don’t get shut down, they said. “It’s a careful line that we tread with Instagram. Similar to SEO companies and Google, Google wants the best results for customers and customers want the best results for them. There’s a delicate dance” said Macurex founder Gun Hudson.

EZ-Grow’s co-founder Elon refused to give his last name on the record, but told me “[Clients] always need something new. At first it was follows and likes. Now we even watch Stories for them. Every new feature that Instagram has we take advantage of it to make more visibility for our clients.” He says EZ-Grow spends $500 per day on Instagram ads, which are its core strategy for finding new customers. SocialFuse founder Alexander Heit says his company spends a couple hundred dollars per day on Instagram and Facebook ads, and was worried when Instagram reiterated its ban on his kind of service in November, but says “We thought that we were definitely going to get shut down but nothing has changed on our end.”

Several of the founders tried to defend their notification spam services by saying that at least they weren’t selling fake followers. Lacking any self-awareness, Macurex’s Hudson said “If it’s done the wrong way it can ruin the user experience. There are all sorts of marketers who will market in untasteful or spammy ways. Instagram needs to keep a check on that.” GoGrowthly’s founder actually told me “We’re actually doing good for the community by generating those targeted interactions.” WeGrowSocial’s co-founder Brandon also refused to give his last name, but was willing to rat out his competitor SocialSensational for selling followers.

Only EZ-Grow’s Elon seemed to have a moment of clarity. “Because the targeting goes to the right people . . . and it’s something they would like, it’s not spam” he said before his epiphany. “People can also look at it as spam, maybe.”

Instagram Finally Shuts Down The Spammers

In response to our findings, an Instagram spokesperson provided this lengthy statement confirming it’s shut down the ads and accounts of the violators we discovered, claiming that it works hard to fight spam, and admitting it needs to do better:

“Nobody likes receiving spammy follows, likes and comments. It’s really important to us that the interactions people have on Instagram are genuine, and we’re working hard to keep the community free from spammy behavior. Services that offer to boost an account’s popularity via inauthentic likes, comments and followers, as well as ads that promote these services, aren’t allowed on Instagram. We’ve taken action on the services raised in this article, including removing violating ads, disabling Pages and accounts, and stopping Pages from placing further ads. We have various systems in place that help us catch and remove these types of ads before anyone sees them, but given the number of ads uploaded to our platform every day, there are times when some still manage to slip through. We know we have more to do in this area and we’re committed to improving.”

Instagram tells me it uses machine learning tools to identify accounts that pay third-party apps to boost their popularity and claims to remove inauthentic engagement before it reaches the recipient of the notifications. By nullifying the results of these services, Instagram believes users will have less incentive to use them. It uses automated systems to evaluate the images, captions, and landing pages of all its ads before they run, and sends some to human moderators. It claims this lets it catch most policy-violating ads, and that users can report those it misses.

But these ads and their associated accounts were filled with terms like “get followers”, “boost your Instagram followers”, “real followers”, “grow your engagement”, “get verified”, “engagement automation”, and other terms tightly linked to policy-violating services. That casts doubt on just how hard Instagram was working on this problem. It may have simply relied on cheap and scalable technical approaches to catching services with spam bots or fake accounts instead of properly screening ads or employing sufficient numbers of human moderators to police the network.

That misplaced dependence on AI and other tech solutions appears to be a trend in the industry. When I recently reported that child sexual abuse imagery was easy to find on WhatsApp and Microsoft Bing, both seemed to be understaffing the human moderation team that could have hunted down this illegal content with common sense where complex algorithms failed. As with Instagram, these products have highly profitable parent companies who can afford to pour more dollars in policy enforcement.

Kicking these services off Instagram is an important step, but the company must be more proactive. Social networks and self-serve ad networks have been treated as efficient cash cows for too long. The profits from these products should be reinvested in policing them. Otherwise, crooks will happily fleece users for our money and attention.

To learn more about the future of Instagram, check out this article’s author Josh Constine’s SXSW 2019 keynote with Instagram co-founders Kevin Systrom and Mike Krieger — their first talk together since leaving the company.

An unprotected server storing millions of call logs and text messages was left open for months before they were found by a security researcher.

If you thought you’d heard this story before, you’re not wrong. Back in November, another telecoms company, Voxox, exposed a database containing millions of text messages — including password resets and two-factor codes.

This time around, it’s a different company: Voipo, a Lake Forest, Calif. communications provider, exposed tens of gigabytes worth of customer data.

Security researcher Justin Paine found the exposed database last week, and reached out to the company’s chief technology officer. Yet, the database was pulled offline before Paine even told him where to look.

Voipo is a voice-over-internet provider, providing residential and business phone line services that they can control themselves in the cloud. The company’s backend routes calls and processes text messages for its users. But because one of the backend ElasticSearch databases wasn’t protected with a password, anyone could look in and see streams of real-time call logs and text messages sent back and forth.

It’s one of the largest data breaches of the year — so far — totaling close to seven million call logs, six million text messages and other internal documents containing unencrypted passwords that if used could have allowed an attacker to gain deep access to the company’s systems.

TechCrunch reviewed some of the data, and found web addresses in the logs pointed directly to customer login pages. (We didn’t use the credentials, as doing so would be unlawful.)

Paine said, and noted in his write-up, that the database was exposed since June 2018, and contains call and message logs dating back to May 2015. He told TechCrunch that the logs were updated daily and went up to January 8 — the day the database was pulled offline. Many of the files contained highly detailed call records of who called whom, the time and date and more.

Some of the numbers in the call logs were scrubbed, Paine said, but the text message logs contained the numbers of both the sender and the recipient, and the contents of the message itself.

Similar to the Voxox breach last year, Paine said that any intercepted text messages containing two-factor codes or password reset links could have then “allowed the attacker to bypass two-factor on the user’s account,” he said in his write-up. (Another good reason why you should to upgrade to app-based authentication.)

But Paine didn’t extensively search the records, mindful of customers’ privacy.

The logs also contained credentials that permitted access to Voipo’s provider of E911 services, which allows emergency services to know a person’s pre-registered location based on their phone number. Worse, he said, E911 services could have been disabled, rendering those customers unable to use the service in an emergency.

Another file contained a list of network appliance devices with usernames and passwords in plaintext. A cursory review showed that the files and logs contained a meticulously detailed and invasive insight into a person or company’s business, who they’re talking to and often for what reason.

Yet, none of the data was encrypted.

In an email, Voipo chief executive Timothy Dick confirmed the data exposure, adding that this was “a development server and not part of our production network.” Paine disputes this, given the specifics and amount of the data exposed in the database. TechCrunch also has no reason to believe that the data is not real customer data.

Dick said in an email to TechCrunch: “Almost immediately after he reached out to let us know the dev server was exposed, we took it offline and investigated and corrected the issue.” He added: “At this time though, we have not found any evidence in logs or on our network to indicate that a data breach occurred.”

Despite asking several times, Dick did not say how the company concluded that nobody else accessed the data.

Dick also said: “All of our systems are behind firewalls and similar and don’t even allow external connections except from internal servers so even if hostnames were listed, it would not be possible to connect and our logs do not show any connections.” (When we checked, many of the internal systems with IP or web addresses we checked loaded — even though we were outside of the alleged firewall.)

However, in an email to Paine, Dick conceded that some of the data on the server “does appear to be valid.”

Dick didn’t commit to notify the authorities of the exposure under state data breach notification laws.

“We will continue to investigate and if we do find any evidence of a breach or anything in our logs that indicate one, we will of course take appropriate actions to address it [and] make notifications,” he said.

---

Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

CM Group, the organization behind email-centric services like Campaign Monitor and Emma, today announced that it has acquired marketing automation firm Sailthru and the email personalization service Liveclicker. The group did not disclose the acquisition price but noted that the acquisition would bring in about $60 million in additional revenue and 540 new customers, including Bloomberg and Samsung. Both of these acquisitions quietly closed in 2018.

Compared to Sailthru, which had raised a total of about $250 million in venture funding before the acquisition, Liveclicker is a relatively small company that was bootstrapped and never raised any outside funding. Still, Liveclicker managed to attract customers like AT&T, Quicken Loans and TJX Companies by offering them the ability to personalize their email messages and tailor them to their customers.

Sailthru’s product portfolio is also quite a bit broader and includes similar email marketing tools, but also services to personalize mobile and web experiences, as well as tools to predict churn and make other retail-focused predictions.

“Sailthru and Liveclicker are extraordinary technologies capable of solving important marketing problems, and we will be making additional investments in the businesses to further accelerate their growth,” writes Wellford Dillard, CEO of CM Group. “Bringing these brands together makes it possible for us to provide marketers with the ideal solution for their needs as they navigate the complex and rapidly changing environments in which they operate.”

With this acquisition, the CM Group now has 500 employees and 300,000 customers.

When the government seized classified-ads site Backpage, forcing it to shut down in April, it became a lot harder to find and locate potential victims of sex trafficking. While it was symbolically good that the site, whose CEO later pled guilty to charges of sex trafficking, shut down, it created a significant technical challenge for law enforcement and the organizations trying to help prevent sex-trafficking, Google Senior Software Engineer Sam Ainsley told TechCrunch.

“Once Backpage was gone, you were looking at an ecosystem in which all of those previously more centralized advertisements [for those being sex trafficked] are being redistributed on much more websites,” Ainsley said.

Ainsley got involved with this work through Google.org’s new fellowship program, which embeds Google engineers inside non-profit organizations on a full-time basis for six months. She did this work at Thorn, a non-profit organization founded by Ashton Kutcher that seeks to protect children from sexual abuse and trafficking. Thorn was the first non-profit to host Google Fellows.

When Backpage was up-and-running, Thorn had been indexing the advertisements and then providing them to law enforcement in order to facilitate the recovery of victims. That task became harder once Backpage shut down. While working at Thorn, Ainsley and four other Google engineers set out to help make this information more easily available to law enforcement.

“The goal of this project was to create actual profiles of victims so that this information could be as accessible as possible,” Ainsley said. “That you could actually understand that victim’s history and where they might be at any given period of time; what are the cities they’ve been in over time; What are the various phone numbers they’ve used over time? How that has their appearance changed? This is all incredibly important because, in this space, that is the strategy. It’s to change things as quickly as possible to evade being found. So it’s really about taking a holistic approach and a personal approach.”

Google machine learning engineers were able to take the massive number of ads and try to understand which advertisements belonged to one individual, and then formulate that one person’s history, Ainsley said. As a data visualization expert, Ainsley’s part was to visualize all of that information in a way that is accessible to law enforcement.

“At this point in time we have built a prototype that we’re really excited about,” Ainsley said. “So we’re really optimistic about where this can go.”

Although her fellowship is over, Ainsley said she’s going to stay on working with the Thorn team one day a week because she wants to see the work taken all the way into the field.

“That’s the dream and I want to be available as much as I possibly can to assist in that effort,” Ainsley said.

Thorn CEO Julie Cordua told TechCrunch it was a successful product, noting it “was an exploration we’ve been wanting to do for quite a while.”

In addition to working with law enforcement around sex trafficking, Thorn tackles child pornography, livestream abuse and grooming. The organization also works to activate companies in the private sector to identify and remove child porn.

Thorn recently launched Safer, a tool for small to medium-sized businesses to identify child pornography on their platforms. Currently, Imgur, Roblox and Flickr are participating in the beta program.

“Larger companies have good systems in place but when you don’t have the capacity to build out risks teams, then this type of bad content starts to flourish,” Cordua said. “That’s what we’re trying to solve for.”

Thorn was the first partner for the Google.org fellowship, but there are two active fellowships at the Family Independence Initiative and Goodwill, which started in November. Before selecting an organization to work with, Google.org examines the potential for impact and ability of the organization to continue the work once the Google engineer leaves.

“And we want to look for an area where there’s a really complex challenge where technology is the solution, or at least is a solution that can really help move the needle,” Google.org Product Manager and Head of Technical Team Jen Carter told TechCrunch.

And for Google, it’s a good retention strategy. Ainsley, for example, said the opportunity came at the right time because she had actually been considering leaving the company.

“I had been at this crossroads in my career as an engineer, where I was feeling pretty siloed in terms of the impact that my work was having,” Ainsley said. “I loved the work I was doing from a technical aspect — I always have — but I was considering potentially even exploring different career options because it was unclear to me how, through programming, I could have a direct impact on people’s lives. And that was something that I really wanted. And when this program was posted, it was right around that time.”

Cordua agrees, noting that it could be a good retention strategy for companies. It’s also a model that she thinks should be replicated by other tech companies.

“Our goal is to get more companies to think about this for their engineering teams,” Cordua said. “It’s an opportunity to build engineering teams that have empathy and understanding of tech’s social impact on both negative and positive things. Tech can do amazing things. Let’s channel it toward these social issues.”