Year: 2019

In light of Lyft filing a lawsuit against the city of San Francisco regarding dockless, the city is holding off on its permitting process for additional dockless bike providers at least until later this week. Although Uber-owned JUMP’s pilot was set to expire today, it is now extended until 10 days after the court’s order, SFMTA spokesperson Benjamin Barnett told TechCrunch.

In June, Lyft sued the city, claiming San Francisco was in violation of its 10-year contract with Lyft that would give the company exclusive rights to operate bike-share programs. The lawsuit was in light of SF announcing it would take applications for operators seeking permits to deploy additional stationless bikes.

San Francisco, however, said the contract does not apply to dockless bike-share, but only station-based bike-share. In its lawsuit, Lyft is seeking a preliminary injunction or temporary restraining order to prevent the city from issuing permits to operators for stationless bike-share rentals.

“We opened up the stationless e-bikes permit process, but legal action by Lyft/Motivate has put that process on the hold,” Barnett said.

The court order could happen as early as July 11 and as late as October 11, Barnett said. Additionally, the SFMTA is not able to issue permits until at least five days after the order.

I’ve reached out to Lyft and will update this story if I hear back. Lyft previously told TechCrunch it did try to avoid litigation, but that the SFMTA refused to participate in its dispute process.

“We are eager to continue investing in the regional bikeshare system with the MTC and San Francisco,” a Lyft spokesperson said in a statement to TechCrunch back in June. “We need San Francisco to honor its contractual commitments to this regional program — not change the rules in the middle of the game. We are eager to quickly resolve this, so that we can deliver on our plans to bring bikes to every neighborhood in San Francisco.”

Security researchers have found a vulnerability in a networking protocol used in popular hospital anesthesia and respiratory machines, which they say if exploited could be used to maliciously tamper with the devices.

Researchers at healthcare security firm CyberMDX said that the protocol used in the GE Aestiva and GE Aespire devices can be used to send commands if they are connected to a terminal server on the hospital network. Those commands can silence alarms, alter records — and can be abused to change the composition of aspirated gases used in both the respirator and the anesthesia devices, the researchers say.

Homeland Security is expected to release an advisory later on Tuesday.

“The devices use a proprietary protocol,” said Elad Luz, CyberMDX’s head of research. “It’s pretty straightforward to figure out the commands.”

One of those commands forces the device to use an older version of the protocol — which is still present in the devices to ensure backwards compatibility, said Luz. Worse, none of the commands requires any authentication, he said.

“On every version, you can first send a command to request to change the protocol version to the earliest one, and then send a request to change gas composition,” he said.

“As long the device is ported to the network through a terminal server, anyone familiar with the communication protocol can force a revert and send a variety of illegitimate commands to the machine,” he said.

In other words, the devices are far safer if they’re not connected to the network.

CyberMDX disclosed the vulnerabilities to GE in late October 2018. GE said versions 7100 and 7900 of the Aestiva and Aespire models are affected. Both models are deployed in hospitals and medical facilities across the U.S.

GE spokesperson Amy Sarosiek told TechCrunch: “After a formal risk investigation, we have determined that this potential implementation scenario does not introduce clinical hazard or direct patient risk, and there is no vulnerability with the anesthesia device itself.”

GE said it based its assessment of no risk to patient care on international healthcare safety standards and testing maximum variation in parameter modification from the disclosed concern. “Our assessment does not lead us to believe there are patient safety issues,” the spokesperson said.

But the company declined to say how many devices are affected but that the ability modify gas composition is no longer available on systems sold after 2009.

It’s the second set of vulnerabilities in as many months released by CyberMDX. In June the research firm found vulnerabilities in a widely used medical infusion pump.

Following an extensive report about Bumble’s parent company and its billionaire founder Andrey Andreev in Forbes, the female-first dating app’s founder Whitney Wolfe Herd has issued a statement.

While Wolfe Herd says she was “mortified by the allegations” and “saddened and sickened to hear that anyone, of any gender, would ever be made to feel marginalized or mistreated in any capacity at their workplace,” the exec also detailed that “Badoo is currently conducting an investigation into the allegations, as well as compiling documentation to expose the factual inaccuracies that exist within the article.”

Wolfe Herd’s statement is provided in full at the end of the article. We’ve reached out to Forbes for comment.

The Forbes report, titled “Exclusive Investigation: Sex, Drugs, Misogyny And Sleaze At The HQ Of Bumble’s Owner” focused largely on Badoo founder Andrey Andreev and the toxic culture at his company alleged by former employees. The report alleged an early culture at Badoo that ranged from “Ketamine infused afterparties” to engineering updates named after porn stars, and a video shared internally of an employee receiving oral sex.

The allegations went beyond portraying a sexist work environment and detailed racist attitudes of the Badoo founder.

While Badoo’s popularity grew in Europe and Latin America in the early 2010s, adoption was slow in the U.S. The American user base then was mostly Latino. Andreev would complain when he saw too many dark faces on the app—he believed it lowered the value of the brand and made it look cheap, says a former employee who worked on marketing campaigns. “Andrey was always making it clear that white was better,” says the former high-ranking executive. “If someone were to arrive a little bit late to the office and they were Latino or African, he would make comments like, ‘Well, what can you expect,’ as if people who were not white were not hardworking.”

Quoted on-record was the company’s former CMO Jessica Powell who said she was fired because she didn’t fit into the company’s “patriarchal” environment. The Forbes report further detailed:

“While serving as the company’s CMO, I was told to act pretty for investors and make job candidates ‘horny’ to work for Badoo,” Jessica Powell, Badoo’s chief marketing officer from 2011 to 2012 says in an email. “I was once even asked to give a designer candidate a massage.” She says she refused to do so, adding that “female employees were routinely discussed in terms of their appearance.”

“When female staff spoke up, their concerns were ignored or minimized,” she adds, decrying a “misogynistic atmosphere.”

Wolfe Herd’s comments showcases a broader effort to distance the Bumble brand, which is closely aligned with her own personal brand, from the allegations against Badoo and its founder. It is difficult to separate Badoo and Bumble from a business perspective, as both fall beneath Andreev’s recently-created MagicLab parent company and Andreev reportedly owns 79% of Bumble.

Though Wolfe Herd’s comment strikes a conciliatory tone “I would never challenge someone’s feelings or experiences,” regarding former employees that alleged negative experiences at Badoo, the company’s billionaire majority stakeholder Andrey Andreev was more direct in his response to those quoted on-record: “There are many ways to promote a fictional book in order to attract attention, and Jessica is a very talented marketing professional,” he said in a statement to Forbes, noting that Powell had recently released a satirical novel.

Responding to Andreev’s statement on Twitter, Powell said, “We’ve all seen the way people try to cut down women who come forward, the way companies craft false narratives of bad behavior and try to make it seem like we were bad at our jobs or troublemakers and should not be listened to.”

A statement from MagicLab given to Business Insider aimed to discredit Forbes reporter Angel Au-Yeung: “We are extremely disappointed in the reckless reporting of the Forbes reporter. Not a single current employee is quoted, our fact-check corrections were largely ignored, and the journalist refused to talk to dozens of former and current employees who came forward to counter the sensationalist narrative of only a few former disgruntled employees.”

The statements from Andreev, MagicLab and Wolfe Herd utilize language that simultaneously takes responsibility for “anything that could have taken place” and portrays a desire to hear from marginalized employees — while also seeking to introduce doubts about the story and its sources.

For Bumble, the association with the alleged toxic culture and Andreev’s alleged discriminatory attitudes in this report could be dangerous to the brand largely because of the reputation Bumble has publicly built for itself as being a platform that puts female safety at the forefront.

“…I would never challenge someone’s feelings or experiences. I offered to the reporter to extend my contact info to anyone who felt their experience was negative and said I would be an ally and open ear to them. That offer still stands,” Wolfe Herd said in the statement. “As a woman who has been through dark times, please know that I am deeply sorry for anything that could have taken place that made anyone feel uncomfortable before my time building Bumble. And know that I feel personally responsible by association for the well-being of each and every team member in the group, regardless of what company or what office around the world, from the past or the present.”

Wolfe Herd’s full statement:

Firefox maker Mozilla said it will not trust certificates from surveillance maker DarkMatter, ending a months-long effort to be whitelisted by the popular browser.

Months earlier, the United Arab Emirates-based DarkMatter had asked Mozilla to formally trust its root certificates in the Firefox certificate store, a place in the browser reserved for certificate authorities that are trusted and approved to issue HTTPS certificates. Mozilla and other browser makers use this store to know which HTTPS certificates to trust, effectively allowing these certificate authorities to confirm a website’s identity and certify that data going to and from it is secure.

But a rogue or malicious certificate authority could allow the interception of encrypted internet traffic by faking or impersonating websites.

DarkMatter has a history of controversial and shady operations, including developing malware and spyware to be used in surveillance operations, as well as the alleged targeting of journalists critical of the company. Just weeks ago, Reuters reported that the Emirati company — which employs former U.S. National Security Agency hackers — targeted several media personalities and dissidents at the behest of the Arab monarchy.

But the company has a clean record as a certificate authority, putting Mozilla in a tough spot.

Either Mozilla could accept DarkMatter’s record as a certificate authority or reject it based off a perceived risk.

As it turns out, the latter won.

“Our foremost responsibility is to protect individuals who rely on Mozilla products,” said said Wayne Thayer, certification authority program manager at Mozilla, in a discussion group post on Tuesday. He added that DarkMatter poses “a significant risk to our users.”

“I believe this framing strongly supports a decision to revoke trust in DarkMatter’s intermediate certificates,” he wrote.

Thayer added that although both sides of DarkMatter’s business were taken into account, the browser maker cited a core Mozilla principle — “individuals’ security and privacy on the internet are fundamental and must not be treated as optional” — as a reason to reject the proposal.

Mozilla said it would also distrust six intermediary certificates in the meanwhile.

DarkMatter did not respond to a request for comment Tuesday.

Our 14th Annual TechCrunch Summer Party is a mere two weeks away, and we’re serving up a fresh new batch of tickets to this popular Silicon Valley tradition. Jump on this opportunity, folks, because our previous releases sold out in a flash — and these babies won’t last long, either. Buy your ticket today.

Our summer soiree takes place on July 25 at Park Chalet, San Francisco’s coastal beer garden. Picture it: A cold brew, an ocean view, tasty food and relaxed conversations with other amazing members of the early-startup tech community.

TechCrunch parties have a reputation as a place where startup magic happens. And there will be plenty of magical opportunity afoot this year as heavy-hitter VCs from Merus Capital, August Capital, Battery Ventures, Cowboy Ventures, Data Collective, General Catalyst and Uncork Capital join the party.

There’s more than one way to make magic at our summer fete. If you’re serious about catching the eye of these major VCs, consider buying a Startup Demo Package, which includes four attendee tickets.

Fun fact: Box founders Aaron Levie and Dylan Smith met one of their first investors, DFJ, at a party hosted by TechCrunch founder Michael Arrington. It’s one of our favorite success stories.

Check out the party details:

• When: July 25 from 5:30 p.m. – 9:00 p.m.
• Where: Park Chalet in San Francisco
• How much: $95
• Startup Demo Package: $2,000

No TechCrunch party is complete without a chance to win great door prizes, including TechCrunch swag, Amazon Echos and tickets to Disrupt San Francisco 2019.

Buy your ticket today and enjoy a convivial evening of connection and community in a beautiful setting. Opportunity happens, and it’s waiting for you at the TechCrunch Summer Party.

Pro Tip: If you miss out this time, sign up here and we’ll let you know when we release the next group of tickets.

Is your company interested in sponsoring or exhibiting at the TechCrunch 14th Annual Summer Party? Contact our sponsorship sales team by filling out this form.

It’s nice when people can come together and work through their differences to make it easier to watch stuff. That’s exactly what happened today, when the long-standing detente between Google and Amazon over streaming video services came to an end, with YouTube arriving on Fire TV and Prime Video making its way to Chromecast and Android TV.

Amazon’s second-generation Fire TV Stick, their Fire TV Stick 4K, the Fire TV Cube, Fire TV Stick Basic Edition and Fire TV Edition smart TVs made by partner OEMs will all get support for the official YouTube app globally starting today, and Amazon intends to extend support to even more of its hardware in future. YouTube TV and YouTube Kids will also come to Amazon Fire TV device later this year.

On the Google side, both its own Chromecast devices, as well as partners TVs and hardware that support Chromecast built-in, or that run Android TV, will gain support broadly for Prime Video. Plus, any Chromecast Ultra owners will also get access to Prime Video’s 4,000 title library normally reserved for Prime members only at no additional cost as part of the new tie-up between the two companies.

Prime has been available on some Android TV devices to date, but it’s expanding to a much broader selection of those smart TVs and streaming boxes from today.

This has been a long time coming – several years in fact, with the most recent spat between the two coming as a result of Amazon’s implementation of YouTube on the Echo Show. Then, in May, the companies announced they’d reached an agreement to put the feud behind them in the interest of consumers, which is what resulted in this cross-platform launch today.

Let the streams flow!

Starbucks’ mobile ordering app has proven wildly popular for the company, with reports indicating that it had more users than the likes of Apple Pay or Google Pay last year. The convenience is just too alluring. When you’re late for work and forgot to eat, being able to order up a drink and a sandwich with a tap or two and have it ready for pick up by the time you pass the store seems sort of like magic.

But how can smaller coffee shops compete? Building and maintaining an app of your own is a massive endeavor — and that’s before you start trying to convince customers to install yet another app.

Cloosiv is aiming to take that simplified, tap-of-a-button mobile ordering approach and make it work for local coffee shops by bringing them all to one place. It highlights the nearby coffee shops that are part of the service, presents their menus, and lets you tweak your drink to your liking before sending your order on its way. Tipping is handled through the app, and there’s a built-in rewards system to encourage people to keep coming back.

Cloosiv’s network of coffee shops isn’t huge yet; it’s up and running at just a couple of locations in San Francisco right now, and a quick glance at the in-app location map pins the nationwide total at a little shy of 200. The more that number grows, though, the more the concept makes sense. It becomes an everyone-versus-the-giant sort of thing.

As with Starbucks’ mobile ordering app, Cloosiv encourages users to pre-load money into a built-in wallet — the idea being that pre-loading means fewer credit card charges, which cuts back on processing fees for everyone. Unlike the big competition, however, users can make a one-off purchase without pre-loading the funds. There’s a 40 cent fee tacked onto those charges to cover processing, but the option is there.

I gave the app a spin in San Francisco last week, and it worked exactly as promised. I found a coffee shop (Coffee Mission) near BART, punched in my order as the train approached, and my drink was waiting for me by the time I made it out of the station.

Cloosiv’s Merchant app

As many (most?) coffee shops already have a tablet on the counter acting as the point of sales terminal, Cloosiv is focusing on integrating into what’s already in place. When an order comes in today, a sound plays as a notification banner drops down from the top of the screen; when an employee taps the banner, they’re bumped over to Cloosiv’s Merchant app where they can acknowledge orders or mark them as complete.

The next step for the company is tying all of this directly into the merchant apps that coffee shops are already using — they’re focusing on Square first, with plans to tie into things like Clover and Micros on the roadmap.

Cloosiv charges vendors a percentage of each sale, with that percentage going down as the number of orders goes up. The first 50 orders each month, for example, are charged a 12% fee; after 150 orders, that fee drops down to 8%.

Cloosiv founder Tim Griffin tells me they’ve processed over 35,000 orders so far, making up over $250,000 in revenue for the coffee shops they work with. He estimates that orders and gross volume are both growing by about 40% monthly. The company recently closed a small round with investors including Lachy Groom (previously Head of Issuing at Stripe) and Laura Behrens Wu (CEO of Shippo), and is part of Y Combinator’s Summer 2019 class.

Bosch is bringing to market a new cloud-connected software service to manage and monitor the battery life of electric vehicles.

“Bosch is connecting electric-vehicle batteries with the cloud. Its data-based services mean we can substantially improve batteries’ performance and extend their service life,” said Dr. Markus Heyn, member of the board of management of Robert Bosch GmbH, in a statement.

The new connectivity will enable companies to remotely monitor and manage battery status to reduce wear and tear on the batteries by up to 20%, according to Bosch .

By gathering real-time data from batteries on the speed at which they’re charging; the number of charge cycles they’ve undergone; stress from rapid acceleration and deceleration, and ambient temperature, Bosch can optimize recharging and prompt drivers with updates on how to extend their battery life, according to the company.

The first customer for this new cloud-connected service is the Chinese ride-hailing giant, DiDi, which will deploy a fleet of Bosch’s software enabled electric vehicles in Xiamen.

The tools are not only prescriptive, but predictive, allowing fleet operators to determine when a battery might wear out and provide optimal information on when to replace aging batteries to ensure the best performance from a vehicle, Bosch said in a statement.

“Powerful batteries with long services lives will make electromobility more viable,” said Heyn, in a statement.

Bosch sees three advantages in these insights. They’re able to reduce the aging of batteries, improve maintenace and repair times, and by managing the recharging process can ensure that batteries don’t permanently lose performance and capacity.

Fintech startup Bunq is announcing a handful of new features today, such as a way to track group expenses without creating a joint account, a web app and better Siri integration.

If you usually track vacation expenses and group expenses from your phone, chances are you’ve been using two different products — a mobile app like Splitwise to track group expenses with your friends, and a peer-to-peer payment app to settle up balances.

Bunq is essentially bundling together these two features with Slice Groups for owners of the Bunq Travel Card. Given that the Bunq app already lists all your transactions, adding transactions to a group is easier than with your average group payment tracking app.

After adding other people to your Slice Group, each person can add expenses to the group. You get a list of your most recent Bunq transactions and you can add them to a group. You can also add manual transactions in case you paid for something using cash for instance.

This is just a group accounting feature. When you add a transaction to a Slice Group, your money remains in your account. But you can see who has a positive balance and who has a negative balance.

When you settle up a group, people who owe money get a push notification. They can then tap on the notification and send money from their Bunq account to your friends’ Bunq accounts.

This feature will work particularly well for groups of people who all use the Bunq Travel Card. But it doesn’t fundamentally change how you manage your money with groups.

Bunq now has two tiers of users. Free users get a travel card with an account that they can top up. Paid users get a full-fledged bank account with banking information.

Multiple paid users can already create joint accounts with their roommates or partner. You can then associate your Bunq card with a joint account and spend money from that joint account directly.

So if you have a Bunq Travel Card, Slice Groups are for you. If you have a Bunq bank account, joint accounts are for you.

Revolut doesn’t try to reinvent the wheel either as you can only split individual card transactions with other users. It could take a while to settle all transactions after a long vacation. Revolut also lets you create Group Vaults. Those are sub-accounts to put some money aside and invite other people to contribute. But only the admin can withdraw and spend money from those vaults.

N26 has promised Shared Spaces so that you can create sub-accounts and share them with other people. But the feature isn’t live yet.

Lydia’s take on group expenses works more like Bunq’s joint accounts. You can create sub-accounts and share those accounts with other people. Everyone can then top up that account and attach a payment method, such as a payment card or a virtual card in Apple Pay or Google Pay. You can also move expenses from one sub-account to another. When you’re back from vacation, you can associate your card with your personal Lydia account again.

In addition to Slice Groups, Bunq is also launching a web interface to access your bank account. It works a bit like WhatsApp’s web app. You scan a QR code with your phone and you can then control the mobile app from a desktop web browser.

Bunq should also work better with Siri. You can now send money using your voice or change card settings. Finally, the startup has also made improvements to its business accounts with a few new features. For instance, you can now automatically put money aside to pay back VAT later down the road.