Year: 2020

Many have been understandably concerned that, amid corporate bailouts, a $1,200 check won’t be enough to survive several more weeks of lockdown. But the stimulus check is, at very least, better than nothing, particularly for the more than 22 million Americans have filed jobless claims in the last month alone.

But actually getting the check is easier said than done. There have been a number of roadblocks for many Americans. Many students are ineligible. Same goes for many elderly and disabled people. Immigrants without a social security number, too. There have been a variety of delays, as well, including the President’s unprecedented mandate that his signature appear on paper check.

For millions of Americans, a “glitch” will further delay matters. The deposit, planned for yesterday, was delayed for “several million” people who used popular services like H&R Block, Jackson Hewitt and TurboTax to file their taxes last year, according to The Washington Post. The issue? The IRS didn’t have their direct deposit information on file.

Those checking their stimulus status via the IRS’s “Get My Payment” tool this week were greeted with a perplexing “Payment Status Not Available” message. No additional information was provided.

The IRS says it’s currently working to resolve the issues that have led to the delay.

Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive, and reviled companies in the tech startup scene.

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it, and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.

But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac, and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.

The repository also exposed Clearview’s Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company’s private messages and communications.

Clearview has been dogged by privacy concerns since it was forced out of stealth following a profile in The New York Times, but its technology has gone largely untested and the accuracy of its facial recognition tech unproven. Clearview claims it only allows law enforcement to use its technology, but reports show that the startup courted users from private businesses like Macy’s, Walmart and the NBA. But this latest security lapse is likely to invite greater scrutiny of the company’s security and privacy practices.

When reached for comment, Clearview founder Hoan Ton-That claimed his company “experienced a constant stream of cyber intrusion attempts, and have been investing heavily in augmenting our security.”

“We have set up a bug bounty program with HackerOne whereby computer security researchers can be rewarded for finding flaws in Clearview AI’s systems,” said Ton-That. “SpiderSilk, a firm that was not a part of our bug bounty program, found a flaw in Clearview AI and reached out to us. This flaw did not expose any personally identifiable information, search history or biometric identifiers,” he said.

Ton-That accused the research firm of extortion, but emails between Clearview and SpiderSilk paint a different picture.

Hussein, who has previously reported security issues at several startups, including MoviePass, Remine and Blind, said he reported the exposure to Clearview but declined to accept a bounty, which he said if signed would have barred him from publicly disclosing the security lapse.

It’s not uncommon for companies to use bug bounty terms and conditions or non-disclosure agreements to prevent the disclosure of security lapses once they are fixed. But experts told TechCrunch that researchers are not obligated to accept a bounty or agree to disclosure rules.

Ton-That said that Clearview has “done a full forensic audit of the host to confirm no other unauthorized access occurred.” He also confirmed that the secret keys have been changed and no longer work.

Hussein’s findings offer a rare glimpse into the operations of the secretive company. One screenshot shared by Hussein showed code and apps referencing the company’s Insight Camera, which Ton-That described as a “prototype” camera, since discontinued.

According to BuzzFeed News, one of the firms that tested the cameras is New York City real estate firm Rudin Management, which trialled use of a camera to two of its city residential buildings.

Hussein said that he found some 70,000 videos in one of Clearview’s cloud storage buckets, taken from a camera installed at face-height in the lobby of a residential building. The videos show residents entering and leaving the building.

Ton-That explained that, “as part of prototyping a security camera product we collected some raw video strictly for debugging purposes, with the permission of the building management.”

TechCrunch could not ascertain from which building the videos were taken. A representative from Rudin Management did not return our emails.

Clearview has come under intense scrutiny since its January debut. It’s also attracted the attention of hackers.

In February, Clearview admitted to customers that a list of its customers was stolen in a data breach — though, it claimed its servers were “never accessed.” Clearview also left several of its cloud storage buckets containing its Android app unprotected.

Vermont’s attorney general’s office has already opened an investigation into the company for allegedly violating consumer protection laws, and police departments have been told to stop using Clearview, including in New Jersey and San Diego. Several tech companies, including Facebook, Twitter, and YouTube.

In an interview with CBS News in February, Ton-That defended his company’s practices. “If it’s public and it’s out there and could be inside Google’s search engine, it can be inside ours as well,” he said.

Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive, and reviled companies in the tech startup scene.

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it, and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.

But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac, and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.

The repository also exposed Clearview’s Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company’s private messages and communications.

Clearview has been dogged by privacy concerns since it was forced out of stealth following a profile in The New York Times, but its technology has gone largely untested and the accuracy of its facial recognition tech unproven. Clearview claims it only allows law enforcement to use its technology, but reports show that the startup courted users from private businesses like Macy’s, Walmart and the NBA. But this latest security lapse is likely to invite greater scrutiny of the company’s security and privacy practices.

When reached for comment, Clearview founder Hoan Ton-That claimed his company “experienced a constant stream of cyber intrusion attempts, and have been investing heavily in augmenting our security.”

“We have set up a bug bounty program with HackerOne whereby computer security researchers can be rewarded for finding flaws in Clearview AI’s systems,” said Ton-That. “SpiderSilk, a firm that was not a part of our bug bounty program, found a flaw in Clearview AI and reached out to us. This flaw did not expose any personally identifiable information, search history or biometric identifiers,” he said.

Ton-That accused the research firm of extortion, but emails between Clearview and SpiderSilk paint a different picture.

Hussein, who has previously reported security issues at several startups, including MoviePass, Remine and Blind, said he reported the exposure to Clearview but declined to accept a bounty, which he said if signed would have barred him from publicly disclosing the security lapse.

It’s not uncommon for companies to use bug bounty terms and conditions or non-disclosure agreements to prevent the disclosure of security lapses once they are fixed. But experts told TechCrunch that researchers are not obligated to accept a bounty or agree to disclosure rules.

Ton-That said that Clearview has “done a full forensic audit of the host to confirm no other unauthorized access occurred.” He also confirmed that the secret keys have been changed and no longer work.

Hussein’s findings offer a rare glimpse into the operations of the secretive company. One screenshot shared by Hussein showed code and apps referencing the company’s Insight Camera, which Ton-That described as a “prototype” camera, since discontinued.

According to BuzzFeed News, one of the firms that tested the cameras is New York City real estate firm Rudin Management, which trialled use of a camera to two of its city residential buildings.

Hussein said that he found some 70,000 videos in one of Clearview’s cloud storage buckets, taken from a camera installed at face-height in the lobby of a residential building. The videos show residents entering and leaving the building.

Ton-That explained that, “as part of prototyping a security camera product we collected some raw video strictly for debugging purposes, with the permission of the building management.”

TechCrunch could not ascertain from which building the videos were taken. A representative from Rudin Management did not return our emails.

Clearview has come under intense scrutiny since its January debut. It’s also attracted the attention of hackers.

In February, Clearview admitted to customers that a list of its customers was stolen in a data breach — though, it claimed its servers were “never accessed.” Clearview also left several of its cloud storage buckets containing its Android app unprotected.

Vermont’s attorney general’s office has already opened an investigation into the company for allegedly violating consumer protection laws, and police departments have been told to stop using Clearview, including in New Jersey and San Diego. Several tech companies, including Facebook, Twitter, and YouTube.

In an interview with CBS News in February, Ton-That defended his company’s practices. “If it’s public and it’s out there and could be inside Google’s search engine, it can be inside ours as well,” he said.

Despite what companies have said about providing personal protective equipment to gig workers, some workers say they are struggling to get masks, gloves and other items from companies like Target-owned Shipt, Uber, Lyft and Instacart.

“PPE is still a huge issue for us,” Shipt shopper and organizer Willy Solis told TechCrunch. “We have dozens of reports across the country where shoppers have gone to pick up their equipment to be told it’s only for employees. On top of that, Target’s Twitter account essentially said that much.”

Earlier this month, Shipt workers staged a walk-off in protest of Shipt’s treatment of workers amid the COVID-19 pandemic. Around that time, Shipt said it would provide all shoppers with gloves and a mask within the next two weeks. Those shoppers, Shipt said, would be able to pick them up at their nearest Target stores. Shipt said it also would allow its most active shoppers to claim a free kit that included gloves and hand sanitizer. But some shoppers report struggling to pick up the PPE at Target and through the Shipt app.

Shipt declined to comment for this story but pointed us to both Shipt’s and Target’s respective announcements.

Over in Los Angeles, some Uber and Lyft drivers say the rideshare companies have yet to provide them with face masks and other protective equipment. This is in light of LA Mayor Eric Garcetti’s Worker Protection Order, which requires companies to provide essential workers with PPE.

“As an Uber driver, I’m incredibly vulnerable to infection,” Uber driver Deborah Garcia said in a statement. “I transport dozens of passengers every day, and many are the doctors and nurses dealing with coronavirus cases up close. Uber and Lyft love to talk about drivers as heroes on the frontlines, but what does it say about these companies that they’d rather brainstorm clever hashtags than use even a small slice of their billions to keep drivers like me safe? It’s infuriating, and it’s time for our elected officials to take action.”

Uber says it’s begun distributing masks to active drivers and delivery workers throughout the nation, initially focused on New York City and Los Angeles. Active drivers and delivery people in Los Angeles who have requested masks should receive them in the mail by the end of this week, according to Uber.

“This is a long term commitment,” an Uber spokesperson told TechCrunch. “We have ordered tens of millions of masks for drivers around the world and expect another major shipment to the US very soon.”

Uber says it has also started shipping around 30,000 bottles of disinfectant. Lyft, in response to claims that the company is not providing PPE, says what drivers are saying is not true.

“In light of the latest CDC guidance on cloth face coverings, we’ve ordered face masks for drivers at no cost to them,” a Lyft spokesperson told TechCrunch. “We have been making them available to drivers, prioritizing regions where additional guidance about face coverings has been given. This includes LA, where we’ve already begun handing out thousands of face coverings to drivers.”

Lyft began distributing masks last Saturday, and distributed some more this past Monday and Wednesday. Lyft plans to distribute more on Friday. So far, Lyft says it has been able to hand out thousands of masks.

There are also reports that Instacart shoppers are having difficulty obtaining hand sanitizer and reusable face masks, according to The Hill. Instacart says it has been providing shoppers with hand sanitizer since last week and began shipping thousands of kits with face masks, sanitizer and thermometers this past Monday.

Nationwide, there is an understanding that gig workers delivering food and groceries, and providing rides to people during the pandemic are essential. As more cities begin to implement rules requiring people to wear masks upon entering grocery stores, companies will be forced to step up their production and delivery of personal protective equipment to workers.

Energy demand has fallen globally. Oil prices are plummeting. Everywhere in the energy world things look fairly grim, but keeping the lights on and electrons moving remains critical to keeping even the hobbled economies of the world humming.

That’s why startups like Amperon, which use data analysis to provide predictive tools for energy retailers and grid operators, are still relevant — and still raising money.

The company raised $2 million in a round that closed in February before the pandemic hit US shores. And the service, according to co-founder Abe Stanway, is still vital.

“We tell them how much electricity their customers are going to use on a short term and long term basis,” Stanway said of the company’s service. “When these exogenous shocks and black swan events occur we get much more valuable because you need this machine learning in order to understand how the grid is going to behave.”

The value proposition was clear to investors like Blackhorn Ventures, which led the round, and other backers including Garuda Ventures, Intelis Capital, Powerhouse Ventures, SK Ventures, and V1.VC.

“Amperon builds real time operational grid intelligence tools via smart meters and AI for utilities, energy retailers, grid operators, and institutional traders,” said Emily Kirsch, Powerhouse founder and chief executive. “Amperon’s iterative demand forecasting is able to account for never-before-seen grid volatility resulting from a global pandemic, climate disasters, or an increasingly complex grid.”

Amperon is working with four major geographies including Australia’s two major grid regions and the ERCOT regional transmission organization responsible for Texas and PJM, which manages the mid-Atlantic’s electricity grid.

Stanway said the new money would be used to expand the company’s reach across more grid operators in the U.S.

While Amperon’s technology is incredibly useful for utilities and grid operators during times of crisis, it can help save money in normal times too. Long term utility planners typically over-budget their energy needs by 1 percent every year, which adds up to billions of dollars spent on unnecessary additional generation capacity, according to Amperon.

Lower spending means reduced electricity prices for consumers. Another issue that Amperon says it can help energy providers address is the increasing complexity of grid management. Renewable energy generation adds variability to the grid that utilities and grid operators have yet to effectively manage, the company said.

 

On his personal Facebook account, Mark Zuckerberg offered an update on the company’s roadmap for bringing employees back to work in the wake of the coronavirus pandemic.

In the post, he acknowledged that while it might be possible for a small portion of “critical employees” unable to do their work remotely to return sooner, the majority of Facebook’s workforce will be required to continue working from home through “at least” the end of May. The selection of employees Facebook will prioritize for the swiftest return includes content reviewers who scan the platform for things like terrorism and self-harm as well as engineers who work with complex hardware.”…Overall, we don’t expect to have everyone back in our offices for some time,” Zuckerberg wrote.

On a call in the early days of the U.S. response to the virus, Zuckerberg noted that users could expect more false positives in platform moderation with Facebook’s army of at least 15,000 content reviewers sent home. Facebook said it was leaning more heavily on AI moderation to compensate for the lack of human oversight on the platform, a strategy that Twitter and YouTube turned to in the midst of the crisis as well.

Human moderators engage in some of the the social network’s most sensitive work, flagging terrorist activity, suicidal posts, child exploitation and other forms of content with potential legal and psychological consequences.

In his post, Zuckerberg noted that even as additional teams return to the office, employees from populations vulnerable to the virus, those without childcare or anyone with other circumstances that might make their situation difficult can work remotely through the summer months.

Zuckerberg also announced that his company would cancel any in-person events of 50 or more people through June of 2021 and planned to make some of them virtual instead. Facebook will also extend its ban on business travel through this June as the company evaluates the situation.

“… We’re slowing our plans to return to the office in order to prioritize helping the rest of our community and local economy to get back up and running first,” Zuckerberg said.

“We also know that when society does eventually start re-opening, it will have to open slowly in staggered waves to make sure that the people who are returning to work can do so safely and that we minimize the possibility of future outbreaks.”

Online grocery delivery company Instacart is launching a prescription delivery service through a partnership with Costco as demand for online delivery continues to rise amid the COVID-19 pandemic.

The company said Thursday the delivery service is now available from nearly 200 Costco locations in Arizona, California, Delaware, Florida, Illinois, New York, Washington and Washington D.C. The service, which was initially piloted at several locations in Southern California and Washington, will expand nationally in the coming months, the company said.

Customers who use the online prescription service will receive a text message from their Costco pharmacy when their prescription is ready. The text will include a link with the option to schedule their prescription for delivery. Once the customer clicks the link, they will be redirected to Costco’s site. From here, customers can confirm their prescription and continue to add groceries and household goods to their Instacart Costco delivery order. The orders are delivered to customers in a sealed, tamper-proof bag to ensure customer safety and privacy.

Instacart is also offering contactless delivery for most medications. Instacart shoppers are able to scan a customer’s ID for verification without a signature on qualifying prescription orders. Customers are also able to schedule delivery up to one week in advance under the new service.

The new service was driven by demand in the wake of COVID-19, Instacart president Nilam Ganenthiran.

“For many people, we know that part of their grocery shopping experience goes beyond fresh produce, meat, seafood and pantry staples, and also includes getting much-needed medications,” said Ganenthiran.

Instacart has seen demand for its grocery service skyrocket as the COVID-19 pandemic spread. The company’s total order volume last week was 400% higher than the same week last year. Customers are spending more as well. The average customer basket size — meaning the total amount a customer spends on their order on Instacart — is more than 25% month-over-month, according to the company.

The increase in demand has prompted Instacart to expand its reach by adding nearly 150 new stores to its marketplace since March 1. It’s also adding workers to keep up with the increase in customers.

Instacart  announced April 10 that it doubled its “Care” team, from 1,200 agents to 3,000 agents. These employees answer questions about how Instacart works as well as respond to delivery issues and other mishaps with orders.

The hiring news followed a strike in March organized by Instacart shoppers who demanded personal protective equipment, hazard pay, default tips and extended sick pay.

While it quickly became clear that the tech and developer conference held during the spring would need to be cancelled due to COVID-19, tech companies are beginning to pull the plug on events taking place later in 2020.

Today, Facebook announced that it would be shelving the in-person component of its virtual reality-focused Oculus Connect 7 conference due to COVID-19 concerns and would be focusing on a digital format. Facebook hadn’t announced dates for the event, the conference is typically held in late September or early October.

“In light of the evolving public health risks related to COVID-19, we’ve decided to shift Oculus Connect 7 to a digital format later this year,” a company blogpost read. “This was a tough decision to make, but we need to prioritize the health and safety of our developer partners, employees, and everyone involved in OC7.”

Earlier this week, California governor Gavin Newsom said it was “unlikely” that sporting events with fans in attendance would return this summer. While the major tech giants had already cancelled the in-person components of their spring and summer developer conferences, this cancellation calls into question how realistic timelines are for tech events that have been rescheduled from spring to the fall.

Conferences have long been critical to the indie games industry with small studios often using the gatherings to form relationships with publishers. With many of the virtual reality industry’s major events shuttering over the past couple years as hype has waned, Oculus Connect has remained a critical event in the VR community.

As with the cancelation of F8, Facebook says they are making a $500,000 donation that “will prioritize organizations serving local San Jose residents.”

Verizon makes a move into videoconferencing, Jeff Bezos discusses a plan to test Amazon employees for COVID-19 and Apple is reportedly working on new over-ear headphones. Here’s your Daily Crunch for April 16, 2020.

1. Verizon is buying b2b videoconferencing firm BlueJeans

TechCrunch’s parent company is buying veteran videoconferencing platform BlueJeans Network — shelling out less than $500 million on the acquisition, according to the Wall Street Journal. (A Verizon spokeswoman confirmed that the price-tag is sub-$500 million but did not provide a more exact figure.)

“Customers will benefit from a BlueJeans enterprise-grade video experience on Verizon’s high-performance global networks,” the company said in a statement. “In addition, the platform will be deeply integrated into Verizon’s 5G product roadmap, providing secure and real-time engagement solutions for high growth areas such as telemedicine, distance learning and field service work.”

2. Bezos details Amazon’s COVID-19 testing plans in shareholder letter

Jeff Bezos dropped Amazon’s annual shareholder letter today, which includes more information on the Amazon-built testing labs that were announced last week. Bezos said the company is considering “regular testing of all Amazonians, including those showing no symptoms.”

3. Apple said to be working on modular, high-end, noise-cancelling over-ear headphones

Bloomberg reports that Apple is developing its own competitors to popular over-ear noise-cancelling headphones like those made by Bose and Sony, but with similar technology to that used in the AirPod and AirPod Pro lines.

4. Unicorn layoffs keep piling up as the economy gets worse

Yesterday, news broke that a trio of well-known, heavily-backed unicorns — Carta, Zume and Opendoor — were cutting staff.

5. Punitive liquidation preferences return to VC — don’t do it

VC Pascal Levensohn says that several of his current portfolio companies have recently proposed “emergency bridge” convertible note financings of between $5 million and $15 million, each featuring a painful feature for non-participants. (Extra Crunch membership required.)

6. DoD Inspector General report finds everything was basically hunky-dory with JEDI cloud contract bid

While controversy has dogged the $10 billion, decade-long JEDI contract since its earliest days, a report by the Department of Defense’s Inspector General’s Office concluded that the contract procurement process was fair and legal.

7. Google Play adds a ‘Teacher Approved’ section to its app store

All apps found in this section are vetted by a panel of reviewers, including more than 200 teachers across the U.S., and meet Google’s existing requirements (around government regulation and advertising) for its “Designed for Families” program.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Apple is adding a new Battery Health Management feature to the latest version of macOS Catalina. The arrival of 10.15.5 will bring the new feature, which is designed to increase the overall lifespan of MacBook batteries by reducing the maximum charge in certain instances.

Rather than focusing on things like specific app usage, the feature determines battery health based on charging patterns and temperature history. That means if you’re the kind of users who constantly has their laptop plugged in during use (as a majority of us currently do, thanks to stay at home orders), you may be the prime target.

The feature is designed to primarily operate in the background, though users will be able to toggle it on and off in the Energy Saver Preferences under settings. It’s designed have a limited impact on device charging time. No word on how it will ultimately impact the battery’s lifespan. System performance, on the other hand, should be unaffected.

The feature is rolling out as part of the developer seed today and will be included in the final version of 10.15.5. It’s compatible with all MacBook models sporting Thunderbolt 3.