Year: 2019

The personal details belonging to more than 202 million job seekers in China, including information like phone numbers, email addresses, driver licenses and salary expectations, were freely available to anyone who knew where to look for as long as three years due to an insecure database.

That’s according to findings published by security researcher Bob Diachenko who located an open and unprotected MongoDB instance in late December which contained 202,730,434 “very detailed” records. The database was indexed in data search engines Binary Edge and Shodan, and was freely visible without a password or login. It was only made private after Diachenko released information about its existence on Twitter.

Diachenko, who is director of cyber risk research at Hacken, wasn’t able to match the database with a specific service, but he did locate a three-year-old GitHub repository for an app that included “identical structural patterns as those used in the exposed resumes.” Again, ownership is not clear at this point although the records do seem to contain data that was scraped from Chinese classifieds, including the Craigslist-like 58.com.

A 58.com spokesperson denied that the records were its creation. They instead claimed that their service had been the victim of scraping from a third-party.

“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape[d] data from many CV websites,” a spokesperson told Diachenko.

TechCrunch contacted 58.com but we have not yet received a response.

While the database has now been secured, it was potentially vulnerable for up to three years and there’s already evidence that it had been regularly accessed. Although, again, it isn’t clear who by.

“It’s worth noting that MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko wrote.

There’s plenty of mystery here — it isn’t clear whether 58.com was behind the hole, or if it is a rival service or a scraper — but what is more certain is that the vulnerability is one of the largest of its kind to be found in China.

The world’s highest-valued artificial intelligence startup SenseTime has set foot in Japan. The Beijing-based firm announced on Friday that it just opened a self-driving facility in Joso, a historic city 50 kilometers away from Tokyo where it plans to conduct R&D and road test driverless vehicles.

The initiative follows its agreement with Japanese auto giant Honda in 2017 to jointly work on autonomous driving technology. SenseTime, which is backed by Alibaba and last valued at more than $4.5 billion, is best known for object recognition technologies that have been deployed in China widely across retail, healthcare and public security. Bloomberg reported this week that the AI upstart is raising $2 billion in fresh funding,

Four-year-old SenseTime isn’t the only Chinese AI company finding opportunities in Japan. China’s biggest search engine provider Baidu is also bringing autonomous vehicles to its neighboring country, a move made possible through a partnership with SoftBank’s smart bus project SB Drive and Chinese automaker King Long.

Japan has in recent years made a big investment push in AI and autonomous driving, which could help it cope with an aging and declining workfoce. The government aims to put driverless cars on Tokyo’s public roads by 2020 when the Olympics takes place. The capital city said it already successfully trialled autonomous taxis last August.

SenseTime’s test park, which is situated near Japan’s famed innovation hub Tsukuba Science City, will be open to local residents who could check out the vehicles slated to transport them in a few years.

“We are glad to have the company setting up an R&D center for autonomous driving in our city,” said Mayor of Joso Takeshi Kandatsu in a statement. “I believe autonomous driving vehicles will bring not only revolutionary changes to our traffic system, but also solutions to regional traffic problems. With the help of SenseTime, I look forward to seeing autonomous cars running on the roads of Joso. We will give full support to make it happen.”

Improbable is taking a daring step after announcing earlier today that Unity had revoked its license to operate on the popular game development engine.

The UK-based cloud gaming startup has inked a late-night press release with Unity rival Epic Games, which operates the Unreal Engine and is the creator of Fortnite, establishing a $25 million fund designed to help game developers move to “more open engines.”

An incoming blog post penned by Epic Games CEO Tim Sweeney and Improbable CEO Herman Narula reads, in part:

To assist developers who are left in limbo by the new engine and service incompatibilities that were introduced today, Epic Games and Improbable are together establishing a US $25,000,000 combined fund to help developers transition to more open engines, services, and ecosystems. This funding will come from a variety of sources including Unreal Dev Grants, Improbable developer assistance funds, and Epic Games store funding.

This is pretty bold on Improbable’s part and seems to suggest that Unity didn’t give them a call after Improbable published a blog post that signed off with, “You [Unity] are an incredibly important company and one bad day doesn’t take away from all you’ve given us. Let’s fix this for our community, you know our number.”

Unity, for its part, claims that they gave Improbable ample notice that they were in violation of their Terms of Service and that the two had been deep in a “partnership” agreement that obviously fell short. The termination of Improbable’s Unity license essentially cut them off from a huge portion of indie developers who build their stuff on Unity.

Epic Games CEO Tim Sweeney was quick to jump on the news earlier today, rebuking Unity’s actions.

“Epic Games’ partnership with Improbable, and the integration of Improbable’s cloud-based development platform SpatialOS, is based on shared values, and a shared belief in how companies should work together to support mutual customers in a straightforward, no-surprises way,” the blog post reads.

In a way this is a positive development for Improbable, suggesting that Epic Games is committed to sticking with the startup, but at the same time, one wonders how Unity and Improbable’s relationship managed to sour so quickly based on what’s been said publicly today.

That’s not the kind of headline one expects to write going into the week. But here we are. Universal Space’s analog Pong table is a mindblower in a whole unexpected way. The tabletop machine goes more retro than retro by bring pong into the real world through the magic of magnets (some day, perhaps, we’ll discover how they work).

There’s a square “ball” and a pair of rectangular paddles on either side, moved back and forth by spinning a wheel. Like the classic game, spinning faster and hitting corners puts a little English on it, as they say in billiards. Players score by striking the opposite side the ball. From there, you tap an orange arcade button to fire it back.

It’s really a thing to behold — even more so in single player mode, where the machine controls the other panel. You’ve got easy, medium and hard options for that. I’d start off slow, because there’s a bit of a noticeable lag that takes some getting used to.

It’s a neat parlor trick, and one that will almost certainly get party guests excited. It’ll cost you, though — $3,000 to be precise. The arcade model is an additional $1,500. It’s a lot to pay for what feels like a kind of one trick pony. Like the original Pong, it’s hard to imagine it holding one’s attention long enough to justify the price.

Samsung’s look but don’t touch policy left many wondering precisely how committed the company is to its new robots. On the other hand, the company was more than happy to let me take the GEMS (Gait Enhancing and Motivation System) spin.

The line includes a trio of wearable exoskeletons, the A (ankle), H (hip) and K (knee). Each serve a different set of needs and muscles, but ultimately provide the same functions: walking assistant and resistance for helping wearers improve strength and balance.

Samsung’s far from the first to tackle the market, of course. There are a number of companies with exoskeleton solutions aimed at walking support/rehabilitation and/or field assistance for physically demanding jobs. Rewalk, Ekso and SuitX have all introduced compelling solutions, and a number of automotive companies have also invested in the space.

At this stage, it’s hard to say precisely what Samsung can offer that others can’t, though certainly the company’s got plenty of money, know how and super smart employees. As with the robots, if it truly commits and invests, if could produce some really remarkable work in this space.

Having taken the hip system for a bit of a spin Samsung’s booth, I can at least say that the assistive and resistance modes do work. A rep described the resistance as feeling something akin to walking under water, and I’m hard pressed to come up with a better analogy. The assistive mode is a bit hard to pick up on at first, but is much more noticeable when walking up stairs after trying out the other mode.

Like the robots, it’s hard to know how these products will ultimately fit into the broader portfolio of a company best know for smartphones, TVs and chips. Hopefully we won’t have to wait until the next CES to find out.

A pair of highly-funded gaming unicorns are publicly skirmishing and the deal could have major repercussions for game developers.

Today, UK-based cloud gaming startup Improbable, announced that Unity, a hugely popular game development engine, had terminated their license, effectively shutting them out from one of their top customer sources. If permanent, the license termination would be a significant blow to Improbable, which enables studios to host large online multiplayer games across multiple servers. The gaming startup has raised more than $600 million from top investors like Softbank, Andreessen Horowitz and Horizons Ventures.

Just how many Improbable customers utilize Unity as their game engine of choice through the SpatialOS GDK is unknown, but the two platforms do share some similarities in appeal among small teams looking to innovate. “Unity is a popular engine and that popularity extends to the people using our [game development kit],” an Improbable spokesperson told TechCrunch. Improbable’s SpatialOS platform also runs on the Unreal Engine and CryEngine and can be designed to work with custom engines.

So, how’d this happen?

The way Improbable told it this morning, Unity changed their Terms of Service last month and then, without warning, pulled the rug out from under them. That’s not how Unity sees it though, the company penned a terse blog post in response, alleging that Improbable was well aware that they were in violation of the ToS.

“More than a year ago, we told Improbable in person that they were in violation of our Terms of Service or EULA. Six months ago, we informed Improbable about the violation in writing. Recent actions did not come as a surprise to Improbable; in fact, they’ve known about this for many months,” the post reads.

Unity developers using SpatialOS spent the day complaining about the move and wondering whether their projects in development would have to be completely reshaped. While the folks at Improbable also seemed unsure about this detail, Unity clarified in its blog post that SpatialOS projects that were live and in production would still be supported.

Unity’s Terms of Service isn’t exactly the most lucid reading material, but the section in question titled Streaming and Cloud Gaming Restrictions seems to lay out a fairly clear rebuke of what Improbable does.

You may not directly or indirectly distribute the Unity Software, including the runtime portion of the Unity Software (the “Unity Runtime”), or your Project Content (if it incorporates the Unity Runtime) by means of streaming or broadcasting so that any portion of the Unity Software is primarily executed on or simulated by the cloud or a remote server and transmitted over the Internet or other network to end user devices without a separate license or authorization from Unity.

The vagueness of the language does seem to give Unity broad discretion to wield the hammer.

The question, then, is why Improbable seems to have been targeted. Asked for comment, a Unity spokesperson referred us to their blog post. The answer probably lies in the “partnership” that both Unity and Improbable elude they were in the process of reaching, i.e. Unity likely wanted Improbable to pay up if they were going to be hosting the Unity Runtime on Improbable servers, but the two couldn’t come to an agreement.

Epic Games CEO Tim Sweeney, whose company operates the rival Unreal Engine, seemed to rebuke Unity on Twitter, suggesting that engines need to be more transparent in the governing rules they establish.

Regardless, it now appears that Improbable realizes they may have pissed off the wrong powerful partner.

In a much more contrite blog post published later this afternoon, the team wrote, in part:

We apologize that this event we instigated has created so much uncertainty, confusion and pain for so many developers who really do not deserve this…

As a platform company, we believe humility and introspection are critical responses to the suffering of your community, however it comes about. We invite every company involved in today’s discourse to do a little of that.

We also invite Unity to participate in this broader thinking with us, whatever the outcome of our misunderstanding. You are an incredibly important company and one bad day doesn’t take away from all you’ve given us. Let’s fix this for our community, you know our number.

It sounds like Improbable became well aware throughout the course of the day that they are going to have be the ones to compromise here.

Amazon -owned smart doorbell maker Ring is facing claims that might give some smart home enthusiasts pause. Recent reports from The Intercept and The Information have accused the company of mishandling videos collected by its line of smart home devices, failing to inform users that their videos would be reviewed by humans and failing to protect the sensitive video footage itself with encryption.

In 2016, Ring moved some of its R&D operations to Ukraine as a cost saving move. According to the Intercept’s sources, that team had “unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world.” That group was also privy to a database that would allow anyone with access the ability to conduct a simple search to find videos linked to any Ring owner. At this time, the video files were unencrypted due to the “sense that encryption would make the company less valuable” expressed by leadership at the company.

At the same time the Ukraine team was allowed this access, Ring “executives and engineers” in the U.S. were allowed “unfiltered, round-the-clock live feeds from some customer cameras” even if that access was completely unnecessary for their work.

Ring reportedly leaned on its team in Ukraine, known as Ring Labs, to fill in the gaps for its troubled AI efforts. Those employees would comb through videos and manually tag objects in order to train software to one day be able to perform the recognition tasks. The videos included video from outside houses as well as video inside of them.

The company objected to the Intercept’s characterization of the situation, claiming that the training material was culled from public videos via a Ring app called Neighbors, a neighborhood watch app. It’s not clear that participants in the Neighbors app are aware that their videos are being reviewed manually by Ring’s “data operators” in Ukraine.

Ring provided the following statement to TechCrunch:

“We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.

We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.”

While it sounds like Ring may not have taken user privacy very seriously in the past, that attitude appears to have shifted upon the company’s acquisition by Amazon last year. The Information describes that scenario in reporting from December:

“After a visit by Amazon representatives to the Ukraine office in May, Amazon moved to restrict access to sensitive customer information, former employees said, requiring a digital key that could only be used from within the Kiev office.

But employees quickly found ways around the restriction. “We had to apply and get access. The Ukraine office wasn’t comfortable with this, so we found a workaround,” a former Kiev employee said. “Workers could then access the system from any computer, at home or anywhere.”

It’s impossible to know if Amazon is running a tight ship with Ring’s sensitive user data now, but it’s yet another reason to consider the privacy risks posed by smart home devices, particularly surveillance ones. Setting up an at-home panopticon might feel more secure, but know you might not be the only one keeping a watchful eye on your home.

Having established itself as a top streaming service with now over 200 million users, Spotify this year is preparing to focus more of its attention on podcasts. The company plans bring its personalization technology to podcasts in order to make better recommendations, update its app’s interface so people can access podcasts more easily, and broker more exclusives with podcast creators. It’s also getting into the business of selling ads within podcasts, as a means of generating revenue from this increasingly popular form of audio programming.

In fact, Spotify has already begun to dabble in podcast ad sales, ahead of this larger push.

Spotify, we’ve learned, has been selling its own advertisements in its original podcasts since mid-2018 year, including in programs like Spotify Original “Amy Schumer Presents: 3 Girls, 1 Keith,” “The Joe Budden Podcast,” “Dissect,” “Showstopper,” and others. With more exclusives planned for the year ahead, the portion of Spotify’s ad business focused on podcasts will also grow.

The company appears to be taking a different approach to working with podcasters than it does with it comes to working with music artists.

Today, Spotify gives artists tools that help share their work and be discovered – it invested in distribution platform DistroKid, for example, and now lets artists submit tracks for playlist consideration. With podcasters, however, Spotify wants to either bring their voices in-house, or at least exclusively license their content.

“Over the last year, we become very focused on building out a great podcast universe,” said Head of Spotify Studios Courtney Holt, speaking at the Consumer Electronics Show (CES) in Las Vegas this week. “The first step was to make sure that we’ve got the world’s best podcasts on Spotify, and integrated the experience into the service in a way that allowed people to build habits and behavior there,” he said.

“What we started to see is that the types of podcasts that really were working on Spotify were ones where they were really authentic voices…so we just decided to invest more in those types of voices,” Holt added.

Spotify’s collection of originals has been steadily growing over the past year. Last August, for example, Spotify nabbed an exclusive deal with the “Joe Budden” podcast, which is aimed at hip-hop and rap culture fans, and launched its first branded podcast, “Ebb & Flow,” focused on hip-hop and R&B. Its full original lineup today also includes “Dissect,” Amy Schumer’s “3 Girls, 1 Keith,” “Mogul,” “The Rewind with Guy Raz,” “Showstopper,” “Unpacked,” “Crimetown” (Its first season was wide, second season is exclusive to Spotify), “UnderCover,” and “El Chapo: El Jefe y su Juicio.”

At CES, Spotify announced the addition of one more –  journalist Jemele Hill is coming Spotify with an exclusive podcast called “Unbothered,” which will feature high-profile guests in sports, music, politics, culture, and more.

In growing its collection of originals, the company found that podcasters who joined Spotify exclusively were actually able to grow their audience, despite leaving other distribution platforms.

For example, the Joe Budden podcast had its highest streaming day ever after joining Spotify.

This has led Spotify to believe that influencers in the podcast community will be able to bring their community with them when they become a Spotify exclusive, and then further grow their listener base by tapping into Spotify’s larger music user base and, soon, an improved recommendation system.

There are other perks for Spotify, too – when users come to Spotify and begin to listen to podcasts, they often then spend more time engaged with the app, it found.

“People who consume podcasts on Spotify are consuming more of Spotify – including music,” said Holt. “So we found that in increasing our [podcast] catalog and spending more time to make the user experience better, it wasn’t taking away from music, it was enhancing the overall time spent on the platform,” he noted.

While chasing exclusive deals to bring more original podcasts to Spotify will be a big initiative this year, Spotify will continue to offer its recently launched podcasts submission feature to everyone else.

With this sort of basic infrastructure in place, Spotify now wants to help users discover new podcasts and improve the listening experience.

One aspect of this will involve pointing listeners to other podcast content they may like.

For instance, Spotify could point Joe Budden fans to other podcasts about hip-hop and rap. It will also leverage its multi-year partnership with Samsung to allow listeners pick up where they left off in an episode as they move between different devices. And it will turn its personalization and recommendation technology to podcasts – including the ads in the podcasts themselves.

“Think about what we’ve done around music – the more understand you around the music you stream, the more we can personalize the ad experience. Now we can take that to podcasts,” said Brian Benedik, VP and Global Head of Advertising Sales at Spotify, when asked about the potential for Spotify selling ads in podcasts.

The company has been testing the waters with its own podcast ad sales since mid 2018, Benedik said. The sales are handled in-house by Spotify’s ad sales team for the time being.

Benedik had also appeared on a panel this week at CES, where he talked about the value of contextual advertising – meaning, ads that can be personalized to the user based on factors like mood, behavior and moments. This data could be appealing to podcast advertisers, as well.

But to scale its efforts around podcast ads, Spotify will need to invest in digital ad insertion technology. Benedik told us Spotify is currently deciding whether that’s something it wants to build in-house or acquire outright.

Spotify’s rival Pandora went the latter route. It closed on the acquisition of adtech company Adswizz in May 2018, then introduced capabilities for shorter, more personalized ads in August. By November, Pandora announced it was bringing its Genome technology to podcasts, which allowed for a recommendation system.

Now Spotify aims to catch up.

The addition of podcasts has reoriented Spotify’s focus as company, Holt said.

“We’re an audio company. We’re trying to be the world’s best audio service,” he told the audience at CES. “It’s a pure play for us. We’re seeing increased engagement; there’s great commercial opportunities from podcasting that we’ve never seen on the platform…And, obviously, exclusives are to give us something that makes the platform truly unique – to have people come to Spotify for something you can’t get anywhere else is the sort of cherry on top of that entire strategy,” Holt said.

Image credits: Spotify

A funny thing happened at Samsung’s CES press conference. After the PC news, 8K TVs and Bixby-sporting washing machines, the company announced “one more thing,” handing over a few brief moments to announce a robotics division, three new consumer and retail robots and a wearable exoskeleton.

It was a pretty massive reveal in an extremely short space, and, quite frankly, raised far more questions than it answered. Within the broader context of a press conference, it’s often difficult to determine where the hype ends and the serious commitment to a new category begins.

This goes double for a company like Samsung, which has been taking extra care in recent months to demonstrate its commitment to the future, as the mobile industry undergoes its first major slowdown since the birth of the smartphone. It follows a similar play by LG, which has offered a glimpse into its own robotics plans for back to back years, including allowing a ‘bot to copilot this year’s keynote.

We all walked away from the press conference unsure of what to make of it all, with little more to show for things than a brief onstage demo. Naturally, I jumped at the opportunity to spend some quality time with the new robots behind the scenes the following day. There were some caveats, however.

First, the company insisted we watch a kind of in-person orientation, wherein a trio of miced up spokespeople walked us through the new robots. There’s Bot Care, a healthcare robot designed to assist with elder care, which features medication reminders, health briefings and the ability to check vitals with a finger scan. There are also yoga lessons and an emergency system that will dial 911 if a user falls.

There’s also Bot Air, an adorable little trash can-style robot that zooms around monitoring air quality and cleaning it accordingly. Bot Retail rounds out the bunch, with a touchscreen for ordering and trays in the rear for delivering food and other purchases.

The other major caveat was look, but don’t touch. You can get as close as you want, but you can’t interact with the robot beyond that.

The demos were impressive. The robots’ motions are extremely lifelike, with subtle touches that imbue on each a sense of personality rarely seen outside of movie robots like Wall-E. The response time was quick and they showed a wide range of genuinely useful tasks. If the robots are capable of performing as well in person as they do in these brief, choreographed demos, Samsung may have truly cracked the code of personal care and retail robotics.

That, of course, is a big if. Samsung wouldn’t answer the question of how much these demos are being orchestrated behind the scenes, but given how closely the company kept to the script, one suspects we’re largely looking at approximations of how such a human/robot interaction could ultimately play out somewhere down the road. And a Samsung spokesperson I spoke to admitted that everything is very early stages.

Really, it looks to be more akin to a proof of concept. Like, hey, we’re Samsung. We have a lot of money, incredibly smart people and know how to build components better than just about anyone. This is what it would look like if we went all-in on robotics. The company also wouldn’t answer questions regarding how seriously they’re ultimately taking robotics as a category.

You can’t expect to succeed in building incredibly complex AI/robotics/healthcare systems by simply dipping your toe in the water. I would love to see Samsung all-in on this. These sorts of things have the potential to profoundly impact the way we interact with technology, and Samsung is one of a few companies in a prime position to successfully explore this category. But doing so is going to require a true commitment of time, money and human resources.

Postmates, one of the earlier entrants to the billion-dollar food delivery wars, has raised an additional $100 million in equity funding at a $1.85 billion valuation, as first reported by Recode and confirmed to TechCrunch by Postmates. The round comes four months after the eight-year-old startup drove home a $300 million investment that finally knocked it into “unicorn” territory.

New investor BlackRock has joined the funding round alongside Tiger Global, which served as the lead investor of Postmates’ September financing. Led by co-founder and chief executive officer Bastian Lehmann, the company has garnered a total of $681 million in venture capital funding from investors, including Spark Capital, Founders Fund, Uncork Capital and Slow Ventures.

In line with several other tech unicorns, Postmates has begun prep for an initial public offering that could come this year, including tapping JPMorgan to advise the float. As Recode pointed out, the $100 million capital infusion was probably less of a necessary funding event but rather an opportunity for existing investors to liquidate stock ahead of an exit.

Postmates, which completes 3.5 million deliveries per month, reportedly expected to record $400 million in revenue in 2018 on food sales of $1.2 billion. The company has not confirmed that figure nor disclosed any other 2018 revenue numbers. The company currently operates in more than 500 cities, recently tacking on another 100 markets to reach an additional 50 million customers.

It will be interesting to see how Wall Street responds to a Postmates public listing. Though it was an early player in what has become an extremely crowded market, Postmates never emerged as the leader in food delivery. Now, with supergiants like Uber dominating via Uber Eats and SoftBank funneling loads of capital into Postmates competitor DoorDash, it shouldn’t count on an oversubscribed IPO.