Year: 2020

A new flaw in Intel chips threatens to allow attackers to not just view privileged information passing through the system but potentially also insert new data. The flaw isn’t something the average user has to worry about, but it is a sign of the times as far as the shape of threats to our information’s security.

You may be familiar with Meltdown, Spectre, and Heartbleed — this one has a decidedly less catchy name: Load Value Injection, or LVI. It was discovered independently by BitDefender and by a multi-university group led by Jo Van Bulck.

The exact technical details (as documented here) of the flaw aren’t anything the average user would understand or be able to fix themselves. But here’s what you should know: LVI is part of a general category of flaws that have to do with a technique found on all modern chips called “speculative execution.”

Speculative execution is a bit like, if someone started writing a math problem on a chalkboard rather slowly, you decided to preemptively solve the problem in each of the 10 ways it could possibly be solved. That way, when the teacher finishes writing the problem, you have the answer ready, and simply discard the others.

Recently this process has been shown to be less than secure in that by carefully poking and prodding at the chip’s deepest levels of code, you can get it to cough up data that would normally be highly protected and encrypted. But while Meltdown and Spectre were about forcing that leakage, LVI takes it a step further, letting the attacker place new values into the process so that it comes out the way they like it. What’s more, this takes place inside the “SGX Enclave,” intended to be an impregnable sub-system that can be trusted to be secure.

The name isn’t so catchy, but it does have a cool logo.

These processes are so deep within the computer’s many layers of code and execution that it’s impossible to say what they can and can’t be used for. It’s safest to assume that, with an issue this fundamental — letting an attacker substitute certain secure values with their own — that the entire thing is compromised.

There are mitigations, of course, but they can severely affect the performance of the chip. Nevertheless, they must be put in place on any exposed chip with this flaw — and that’s pretty much any modern Intel chip that came out before last year.

Intel itself is very much aware of the issue and in fact published a 30-page technical summary of LVI and the various specific attacks it enables. It is careful to note at the outset, however, that this is not the sort of thing that gets deployed at large:

“Due to the numerous, complex requirements that must be satisfied to implement the LVI method successfully, LVI is not a practical exploit in real-world environments,” the paper reads.

And that’s why you don’t need to worry about it. The simple truth is you’re probably not an ideal target for this attack. It’s not easy to pull off, and as an individual your data is better got at either via traditional means (phishing and the like) or by collecting it in bulk at the datacenter level. So what’s important is not you updating your PC as soon as possible, but the companies that own and run millions of servers doing so.

Even then, however, it may be that systems with no public exposure are more or less incapable of being accessed by attackers, and even if they were, they might not handle any data that’s worth getting hold of. So ultimately it’s up to these companies to decide their priorities, and after that it’s up to chipmakers like Intel to design future chips and architectures without flaws like LVI and the others built in. Of course that’s rather hard to do given the complexity of those systems, but there it is.

You can learn more about LVI at the site set up to document it. Or you can just watch the ridiculous “teaser” the research team that identified the flaw put together below:

Credit Sesame is getting into digital banking. The credit and loans company, first launched at TechCrunch Disrupt in 2010, has since grown to 15 million registered users and, in 2016, achieved profitability. To date, its focus has been on helping consumer achieve financial health by taking steps to consolidate debt and raise their credit score. Now, it’s expanding to include digital banking, but with the goal of using its better understanding of its banking customers’ finances to better personalize its credit improvement recommendations.

The new service, Sesame Cash, has many features found in other challenger banking apps, like a general lack of fees, real-time notifications, an early payday option, free access to a sizable ATM network, in-app debit card management, and more. Specifically, Credit Sesame says it won’t charge monthly fees, overdraft fees, and it provides free access to over 55,000 ATMs and a no-fee debit card from MasterCard.

However, the banking app also serves a secondary purpose beyond its plan to take on traditional banks. Because the company has insights into users’ finances and repayment abilities, it will be able to offer personalized recommendations including those for relevant credit products from its hundreds of financial institution partners.

Other features also differentiate Sesame Cash from rival challenger banks, including built-in access to view your daily credit score and a system that rewards consumers with cash incentives — up to $100 per month — for credit score improvements. The banking app includes $1 million in credit and identity theft protection, as well.

In the months following its launch, the company is planning to introduce a smart bill pay service that manages cash to improve credit and lower interest rates on credit balances, plus an auto-savings feature that works by rounding up transactions, a rewards program for everyday purchases, and other smart budgeting tools.

“Through the use of advanced machine learning and AI, we’ve helped millions of consumers improve and manage their credit. However, we identified the disconnect between consumers’ cash and credit—how much cash you have, and how and when you use your cash has an impact on your credit health,” said Adrian Nazari, Credit Sesame Founder and CEO, in a statement. “With Sesame Cash, we are now bridging that gap and unlocking a whole new set of benefits and capabilities in a new product category. This underscores our mission and commitment to innovation and financial inclusion, and the importance we place in working with partners who share the same ethos,” he added.

Credit Sesame today caters to consumers interested in better their credit. The company says 61% of its members see credit score improvements within their first 6 months, and 50% see scores improve by more than 10 points during that time. 20% see their score improve by more than 50 points during the first 6 months.

But one challenge Credit Sesame faces is that after consumers reach their goals, credit-wise, they may become less engaged with the Credit Sesame platform. The new banking app changes that, by allowing the company to maintain a relationship with customers over time.

Credit Sesame is a smaller version of Credit Karma, which was recently acquired by Intuit for $7 billion. Since then, it has been rumored to be another potential acquisition target for Intuit, if it didn’t proceed to go public. The banking service would make Credit Sesame more attractive to a potential acquirer, if that’s the case, as it would offer something Credit Karma did not.

The company says Sesame Cash bank accounts are held with Community Federal Savings Bank, Member FDIC.

The banking service will initially be made available to existing customers, before becoming available to the general public. The Credit Sesame mobile app is a free download for iPhone and Android.

Yesterday, TechCrunch broke the news that Sequoia, one of the best-known venture capital firms in the market today, had “parted ways with [Finix] over a purported conflict of interest and, almost more shockingly, handed back its board seat, its information rights, its shares and its full investment.”

Sequoia led the $35 million round into the payments infrastructure player, as I’d covered for TechCrunch a little over a month ago, and that is the source of conflict.

Sequoia also happens to be an investor in Stripe, a company worth around $35 billion. The firm led its Series A back in 2012, according to Crunchbase; therefore, Sequoia is not only a longtime Stripe associate, but a major shareholder as well.

You can see why, if Finix and Stripe are competing, Sequoia made a mistake. Before the Vision Fund era, it was considered not only stupid to fund competing companies (why pay for your own competition?), but, to some degree, unethical. Investors and founders love to talk up their long-term partnerships. The inverse of such a relationship is paying someone else to beat up your other portfolio company.

And as it turns out, we can learn more about the dynamics of this relationship from our interview with Finix CEO Richie Serna. Amidst our discussion about Finix’s business model, how the company thinks about itself, and who its products are best for, Serna also talked about Stripe (he had nice things to say) and how its approach to payments is distinct from Stripe’s own.

With that interview in hand, let’s find out if there’s enough space between the two startups to absolve Sequoia of its faux pas.

The insurance industry depends on data to support a number of functions the average person in the street is usually completely unaware of such as “informed risk selection”, underwriting and claims management. Like many industries, it would like to automate much of this but it’s just not that simple.

Synthesized is a UK startup that tries to reduce friction on preparing all the data that’s needed, to enable insurers to share data safely, complying with regulations. The more that happens, the more innovation can happen, such as insuring for a low-carbon economy, something which will become increasingly important.

It’s now raised $2.8m in a new round of funding co-led by Cambridge-based IQ Capital and Mundi Ventures, with participation from Seedcamp, Pretiosum Ventures, and a number of finance and technology executives in the UK. Financing from the round will be used to double the number of its employees in London, and build out its sales and product teams.

Cofounder Nicolai Baldin said: “Synthesized substantially reduces the time to develop and comprehensively test data-driven projects and as a result empowers engineers to build better products and services for end-users. With the new funding from IQ Capital and Mundi Ventures, Synthesized is well-positioned to facilitate its business operations to turbocharge development processes across many sectors, such as finance, insurance and healthcare.”

Ed Stacey, managing partner at IQ Capital said: “Responsible organizations are waking up to the need to ensure that their deployed machine learning systems are fair and unbiased, as well as being robust and accurate. Synthesized’s ability to create multiple, balanced data sets in a flexible way gives organizations and their customers the confidence they need in deployed production systems, while also greatly speeding up the development process. Javier Santiso, CEO and Founder of Alma Mundi Ventures, said that “The prospects for Synthesized are bright and we see the impact of synthetic data permeating almost every industry.”

Synthesized competes in various ways with product from Gretel AI, Snorkel, Tonic AI, Hazy and Mostly AI.

The insurance industry depends on data to support a number of functions the average person in the street is usually completely unaware of such as “informed risk selection”, underwriting and claims management. Like many industries, it would like to automate much of this but it’s just not that simple.

Synthesized is a UK startup that tries to reduce friction on preparing all the data that’s needed, to enable insurers to share data safely, complying with regulations. The more that happens, the more innovation can happen, such as insuring for a low-carbon economy, something which will become increasingly important.

It’s now raised $2.8m in a new round of funding co-led by Cambridge-based IQ Capital and Mundi Ventures, with participation from Seedcamp, Pretiosum Ventures, and a number of finance and technology executives in the UK. Financing from the round will be used to double the number of its employees in London, and build out its sales and product teams.

Cofounder Nicolai Baldin said: “Synthesized substantially reduces the time to develop and comprehensively test data-driven projects and as a result empowers engineers to build better products and services for end-users. With the new funding from IQ Capital and Mundi Ventures, Synthesized is well-positioned to facilitate its business operations to turbocharge development processes across many sectors, such as finance, insurance and healthcare.”

Ed Stacey, managing partner at IQ Capital said: “Responsible organizations are waking up to the need to ensure that their deployed machine learning systems are fair and unbiased, as well as being robust and accurate. Synthesized’s ability to create multiple, balanced data sets in a flexible way gives organizations and their customers the confidence they need in deployed production systems, while also greatly speeding up the development process. Javier Santiso, CEO and Founder of Alma Mundi Ventures, said that “The prospects for Synthesized are bright and we see the impact of synthetic data permeating almost every industry.”

Synthesized competes in various ways with product from Gretel AI, Snorkel, Tonic AI, Hazy and Mostly AI.

Docker had an existential crisis last year when, in a matter of months, CEO Steve Singh stepped down, the company sold its enterprise business to Mirantis and long-time executive Scott Johnston took over as CEO. It was a lot to process.

The organization that remained decided to regroup as a developer tools company, and today the new entity officially begins its journey.

Johnston recounted what happened at the end of last year as Docker moved on from the enterprise business and returned to its developer roots.

“In November, we separated the enterprise business, which was very much focused on operations, CXOs and a direct sales model, and we sold that business to Mirantis,” Johnston told TechCrunch. “At that point, we decided to focus the remaining business back on developers, which was really Docker’s purpose back in 2013 and 2014.”

What Docker has in its favor is that it’s the company that popularized the idea of containerizing software. It is hoping to build on that expertise and brand recognition with the newly configured company. To that end, it’s aiming to reduce some of the growing complexity around building, shipping and running cloud native applications.

Docker has decided to focus on three areas in particular. The first is to deal with the growing volume of containers. Johnston says that, in the early days, the container was almost magical. But today, applications consist of dozens or even hundreds of containers, creating a layer of complexity that Johnston believes tools like Docker App, Docker Compose and third-party partner integration can help solve.

The next piece is managing the tool chain itself as companies move through a continuous delivery cycle and work with Git repositories like GitHub and BitBucket. He sees a market that has fragmented and created tool silos around the different pieces of the chain as developers move the application from source to the cloud. Docker offers Docker Desktop and Docker Hub along with partnerships with the Git repositories to help developers manage their tool chain.

Finally, Docker wants to help companies better manage open source, including licensing, updates and patches.

While the company has taken its focus off of enterprise in favor of aiming squarely at developers and developer teams, Johnston says that the company may find its way back to the enterprise again at some point—but with a SaaS approach this time. For now, the company will cater to the developer community and hope to build from there.

Docker had problems commercializing its technology prior to this as the container technology moved away from the container itself, which became a commodity of sorts, and moved towards management with Kubernetes.

Now the company is hoping to reinvent itself once again and rise from the chaos of last year to become a go-to, cloud-native developer tool vendor. Whether this approach can work is still unclear, but Johnston sees this as the way forward. Time will tell if the strategy is successful or not.

Docker had an existential crisis last year when, in a matter of months, CEO Steve Singh stepped down, the company sold its enterprise business to Mirantis and long-time executive Scott Johnston took over as CEO. It was a lot to process.

The organization that remained decided to regroup as a developer tools company, and today the new entity officially begins its journey.

Johnston recounted what happened at the end of last year as Docker moved on from the enterprise business and returned to its developer roots.

“In November, we separated the enterprise business, which was very much focused on operations, CXOs and a direct sales model, and we sold that business to Mirantis,” Johnston told TechCrunch. “At that point, we decided to focus the remaining business back on developers, which was really Docker’s purpose back in 2013 and 2014.”

What Docker has in its favor is that it’s the company that popularized the idea of containerizing software. It is hoping to build on that expertise and brand recognition with the newly configured company. To that end, it’s aiming to reduce some of the growing complexity around building, shipping and running cloud native applications.

Docker has decided to focus on three areas in particular. The first is to deal with the growing volume of containers. Johnston says that, in the early days, the container was almost magical. But today, applications consist of dozens or even hundreds of containers, creating a layer of complexity that Johnston believes tools like Docker App, Docker Compose and third-party partner integration can help solve.

The next piece is managing the tool chain itself as companies move through a continuous delivery cycle and work with Git repositories like GitHub and BitBucket. He sees a market that has fragmented and created tool silos around the different pieces of the chain as developers move the application from source to the cloud. Docker offers Docker Desktop and Docker Hub along with partnerships with the Git repositories to help developers manage their tool chain.

Finally, Docker wants to help companies better manage open source, including licensing, updates and patches.

While the company has taken its focus off of enterprise in favor of aiming squarely at developers and developer teams, Johnston says that the company may find its way back to the enterprise again at some point—but with a SaaS approach this time. For now, the company will cater to the developer community and hope to build from there.

Docker had problems commercializing its technology prior to this as the container technology moved away from the container itself, which became a commodity of sorts, and moved towards management with Kubernetes.

Now the company is hoping to reinvent itself once again and rise from the chaos of last year to become a go-to, cloud-native developer tool vendor. Whether this approach can work is still unclear, but Johnston sees this as the way forward. Time will tell if the strategy is successful or not.

Graphite is part of a new wave of growth marketing consultancies launched by former product leaders at successful startups. With a specialization in SEO, and a client list that has included Masterclass, Thumbtack, Honey, Personal Capital, and more, its goal is to help make the difference for an ambitious company with product-market fit.

As founder Ethan Smith relates below, the remote-first team also has a vision to change the relationship between growth marketers and companies. Rather than being treated as relatively interchangeable employees who provide similar incremental value, growth marketers can be the main difference for a company that has a few rounds of funding and big unrealized dreams. So, why settle for a small piece of a big cap table? “In order to maximize the impact we can have on the world,” says founder Ethan Smith diplomatically, “we should work with many companies rather than only one.”

Graphite’s growth-stage focus

One of the most important metrics we look at is retention and whether a company has product market fit. Companies that are pre-product market fit should not focus on growth, they should focus on getting their product right. Once the product has fit, they’re ready to grow. We usually work with companies post Series B up to public companies because we believe we can create the most impact.

Why SEO?

SEO is one of our core foci, and it is shocking how little supply there is of SEO talent relative to the size of this channel. For many companies, SEO is not only the largest channel of growth, it is larger than all other channels combined.

Below, you’ll find the rest of the founder reviews, the full interview, and more details about how it works. This profile is part of our ongoing series covering startup growth marketing agencies with whom founders love to work, based on this survey and our own research. The survey is open indefinitely, so please fill it out if you haven’t already. 

Facebook is continuing to open up access to a data porting tool it launched in Ireland in December. The tool lets users of its network transfer photos and videos they have stored on its servers directly to another photo storage service, such as Google Photos, via encrypted transfer.

A Facebook spokesman confirmed to TechCrunch that access to the transfer tool is being rolled out today to the UK, the rest of the European Union and additional countries in Latin America and Africa.

Late last month Facebook also opened up access to multiple markets in APAC and LatAm, per the spokesman. The tech giant has previously said the tool will be available worldwide in the first half of 2020.

The setting to “transfer a copy of your photos and videos” is accessed via the Your Facebook Information settings menu.

The tool is based on code developed via Facebook’s participation in the Data Transfer Project (DTP) — a collaborative effort starting in 2018 and backed by the likes of Apple, Facebook, Google, Microsoft and Twitter — who committed to build a common framework using open source code for connecting any two online service providers in order to support “seamless, direct, user initiated portability of data between the two platforms”.

In recent years the dominance of tech giants has led to an increase in competition complaints — garnering the attention of policymakers and regulators.

In the EU, for instance, competition regulators are now eyeing the data practices of tech giants including Amazon, Facebook and Google. While, in the US, tech giants including Google, Facebook, Amazon, Apple and Microsoft are also facing antitrust scrutiny. And as more questions are being asked about antitrust big tech has been under pressure to respond — hence the collective push on portability.

Last September Facebook also released a white paper laying out its thinking on data portability which seeks to frame it as a challenge to privacy — in what looks like an attempt to lobby for a regulatory moat to limit portability of the personal data mountain it’s amassed on users.

At the same time, the release of a portability tool gives Facebook something to point regulators to when they come calling — even as the tools only allows users to port a very small portion of the personal data the service holds on them. Such tools are also only likely to be sought out by the minority of more tech savvy users.

Facebook’s transfer tool also currently only supports direct transfer to Google’s cloud storage — greasing a pipe for users to pass a copy of their facial biometrics from one tech giant to another.

We checked, and from our location in the EU, Google Photos is the only direct destination offered via Facebook’s drop-down menu thus far:

However the spokesman implied wider utility could be coming — saying the DTP project updated adapters for photos APIs from Smugmug (which owns Flickr); and added new integrations for music streaming service Deezer; decentralized social network Mastodon; and Tim Berners-Lee’s decentralization project Solid.

Though it’s not clear why there’s no option offered as yet within Facebook to port direct to any of these other services. Presumably additional development work is still required by the third party to implement the direct data transfer.  (We’ve asked Facebook for more on this and will update if we get a response.)

The aim of the DTP is to develop a standardized version to make it easier for others to join without having to “recreate the wheel every time they want to build portability tools”, as the spokesman put it, adding: “We built this tool with the support of current DTP partners, and hope that even more companies and partners will join us in the future.”

He also emphasized that the code is open source and claimed it’s “fairly straightforward” for a company that wishes to plug its service into the framework especially if they already have  a public API.

“They just need to write a DTP adapter against that public API,” he suggested.

“Now that the tool has launched, we look forward to working with even more experts and companies – especially startups and new platforms looking to provide an on-ramp for this type of service,” the spokesman added.

The apartment rental market in the US will be worth $174.1 billion this year, and today a startup that’s built a platform to help it along by connecting renters with rentals is announcing a round of funding to fuel its growth. Zumper, which provides listings of available rental properties and services (such as rent payments) to help manage landlords’ rental businesses, has raised $60 million, money that CEO and co-founder Anthemos Georgiades said it plans to use to continue both expanding its footprint in the US (its primary market today), as well as to continue building out its platform and the data science behind it, as well as more tools for users of its two-sided marketplace.

This Series D is being led by new backer e.ventures — the VC that originally started out as BV Ventures, the strategic VC arm of publishing giant Bertelsmann — and includes participation from a number of existing investors. Zumper has raised $150 million to date from backers that include Andreessen Horowitz, Axel Springer, the Blackstone Group, Breyer Capital, CrunchFund, Dawn Capital, Goodwater Capital, Greycroft, Greylock, Kleiner Perkins, NEA, Stereo Capital, Foxhaven Asset Management, and others.

The company is not disclosing its valuation but we understand that it is more than double the valuation Zumper had in its previous round. For context, that was a $46 million Series C round in 2018 that was made at over $200 million but under $300 million, putting Zumper’s current valuation at between $400 million and $600 million.

Zumper doesn’t disclose financials but says that it’s been seeing 100% growth year-on-year for its revenues and is on track to have some 80 million people using its platform in 2020, with 13 million visitors per month, typically looking for one-year leases. And within its B2B rental big data play, some 1 million listings are analysed monthly.

The startup’s growth is coming at a pivotal time in the property market.

On one hand, Zumper competes against the likes of other fast-growing startups like Compass, as well as giants like Zillow and more recently Costar. The latter have shaped up to be key consolidators, acquiring smaller outfits to get better economies of scale. But at the same time, we have seen a fair amount of stress in the industry — the oversupply of inventory in the market has put pressure on prices, and some of the biggest and most established players have been hit hard trying to modernise their businesses. As one example, RentPath — the owner of Rent.com, Apartments.com and many others — recently filed for Chapter 11, and it’s currently in the middle of an acquisition process with Costar, which is picking it up for $588 million. “Everyone is falling by the wayside,” Georgiades said.

Beyond market trends, there are also consumer trends, with those who are traditional renters looking to buy property, or those who continue renting exploring shorter leases or home shares as ways of saving money and looking for better deals. Zumper notes that some 66% of renters today in the US live in a co-living situation.

Within those wider developments, Zumper — which Georgiades describes as the largest privately-backed rentals platform — has been working on building a modern platform that provides more than just a simple place to discover what’s available in the market.

“We want to add lease signing and more financial offerings for landlords,” Georgiades said, noting that insurance is one area that it is also exploring. “The idea is to build in more peace of mind for our customers, not just more software.”

And it’s doing so by delivering a key demographic that everyone wants to target: millennial users. 

“Zumper is the single best source for younger millennials to find apartments,” he said, noting that one in four Americans will use Zumper this year to search for an apartment. A typical user, he added, is “more mobile,” and averages at 28 years old, and its user base skews female.

Working to serve that demographic and its changing tastes for where and how to put down roots, Zumper has partnerships in place with the likes of Airbnb and Facebook to target different parts of the market. Georgiades said that he does not view either as a competitor, but nor are there plans to expand these relationships at the moment (and he would not comment on whether Airbnb or Facebook has ever tried to acquire Zumper).

“We see ourselves as the Airbnb of one-year leases,” he said. “We start where Airbnb ends.” While today there seems to be a way on Zumper to search for rooms, it doesn’t seem to be optimised for that kind of search, so that is another area where you could see the startup growing.

“Zumper’s progress so far is striking, and it has quickly become the leading independent company focused on the rental market,” said Mathias Schilling Co-Founder & Managing Partner with e.ventures, in a statement. “We believe that Zumper is well positioned because of its focus on providing an exceptional product for renters and great value for landlords and multi-family properties.”