Author: azeeadmin

Spin, the electric scooter company recently bought by Ford, still won’t be able to operate in San Francisco. Well, at least for now. This comes after Spin appealed the San Francisco Municipal Transportation Agency’s decision regarding electric scooter permits in the city. A neutral officer, James Doyle, has since denied Spin’s appeal.

“The SFMTA is pleased the hearing officer validated our permitting process, which above all, prioritized the public interest,” SFMTA Communications Manager Ben Jose said in a statement to TechCrunch. “The SFMTA developed a fair, thoughtful and transparent permit program. Permits were awarded to the companies with the best applications that demonstrated a commitment to operating a safe, equitable and accountable service.”

There is, however, a silver lining for Spin. The hearing officer recommends the SFMTA consider having Spin participate in the second half of the one-year pilot program. That’s because “Spin appears to be an experienced and capable operator, and because allowing additional operators will enhance the probability of success of the powered e-scooter share program in San Francisco,” Doyle wrote in his decision.

Citing Section 916 of the electric scooter program, which states that after the initial six-month period, the SFMTA may evaluate those with permits and reassess compliance, Doyle says that provides a “natural juncture” in the program. After the first six months of the program, the SFMTA can potentially increase the number of scooters from the current max of 625 to 2,500. This juncture, Doyle said, should be able to accommodate the addition of other operators.

“We were heartened by the Hearing Officer’s strong recommendation that Spin be granted a permit by the SFMTA at the six-month mark of the pilot,” a Spin spokesperson told TechCrunch via email. “While it’s disappointing that Spin can’t immediately serve our hometown, we appreciate the Hearing Officer’s acknowledgment of our experience and capabilities, and we look forward to working with the SFMTA to serve more San Franciscans with an alternative mobility mode and hire locally from the community.”

Currently, Skip and Scoot are the only two companies permitted to operate electric scooters in SF. Since deploying their respective fleets in October, both have experienced some growing pains — mostly pertaining to theft and vandalism. That has led both Scoot and Skip to add locks to their fleets.

Moving forward, it’s unclear if the SFMTA will take the recommendation, but Jose said, “The SFMTA will be consulting with the City Attorney’s Office to determine next steps as we near the second half of the pilot.

In response to TechCrunch’s investigation of Facebook paying teens and adults to install a VPN that lets it analyze all their phone’s traffic, Senator Mark Warner (D-VA) has sent a letter to Mark Zuckerberg. It admonishes Facebook for not spelling out exactly what data the Facebook Research app was collecting or giving users adequate information necessary to determine if they should accept payment in exchange for selling their privacy. Following our report, Apple banned Facebook’s Research app from iOS and shut down its internal employee-only workplace apps too as punishment, causing mayhem in Facebook’s office.

Warner wrote to Zuckerberg, “In both the case of Onavo and the Facebook Research project, I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection. Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me,”

Warner is working on writing new laws to govern data collection initiatives like Facebook Research. He asks Zuckerberg, “Will you commit to supporting legislation requiring individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users?”

Meanwhile, Senator Richard Blumenthal (D-CT) provided TechCrunch with a fiery statement regarding our investigation. He calls Facebook anti-competitive, which could fuel calls to regulate or break up Facebook, says the FTC must address the issue, and that he’s planning to work with congress to safeguard teens’ privacy:

“Wiretapping teens is not research, and it should never be permissible. This is yet another astonishing example of Facebook’s complete disregard for data privacy and eagerness to engage in anti-competitive behavior. Instead of learning its lesson when it was caught spying on consumers using the supposedly ‘private’ Onavo VPN app, Facebook rebranded the intrusive app and circumvented Apple’s attempts to protect iPhone users. Facebook continues to demonstrate its eagerness to look over everyone’s shoulder and watch everything they do in order to make money. 

Mark Zuckerberg’s empty promises are not enough. The FTC needs to step up to the plate, and the Onavo app should be part of its investigation. I will also be writing to Apple and Google on Facebook’s egregious behavior, and working in Congress to make sure that teens are protected from Big Tech’s privacy intrusions.”

Facebook isn’t the only one paying users to analyze all their phone data. TechCrunch found that Google had a similar program called Screenwise Meter. Though it was more upfront about it, Google also appears to have violated Apple’s employee-only Enterprise Certificate rules. We may be seeing the start to an industry-wide crack down on market research surveillance apps that dangle gift cards in front of users to get them to give up a massive amount of privacy.

Warner’s full letter to Zuckerberg can be found below:

Dear Mr. Zuckerberg: 

I write to express concerns about allegations of Facebook’s latest efforts to monitor user activity. On January 29th, TechCrunch revealed that under the auspices of partnerships with beta testing firms, Facebook had begun paying users aged 13 to 35 to install an enterprise certificate, allowing Facebook to intercept all internet traffic to and from user devices.  According to subsequent reporting by TechCrunch, Facebook relied on intermediaries that often “did not disclose Facebook’s involvement until users had begun the signup process.” Moreover, the advertisements used to recruit participants and the “Project Disclosure” make no mention of Facebook or the commercial purposes to which this data was allegedly put.

This arrangement comes in the wake of revelations that Facebook had previously engaged in similar efforts through a virtual private network (VPN) app, Onavo, that it owned and operated. According to a series of articles by the Wall Street Journal, Facebook used Onavo to scout emerging competitors by monitoring user activity – acquiring competitors in order to neutralize them as competitive threats, and in cases when that did not work, monitor usage patterns to inform Facebook’s own efforts to copy the features and innovations driving adoption of competitors’ apps.  In 2017, my staff contacted Facebook with questions about how Facebook was promoting Onavo through its Facebook app – in particular, framing the app as a VPN that would “protect” users while omitting any reference to the main purpose of the app: allowing Facebook to gather market data on competitors.

Revelations in 2017 and 2018 prompted Apple to remove Onavo from its App Store in 2018 after concluding that the app violated its terms of service prohibitions on monitoring activity of other apps on a user’s device, as well as a requirement to make clear what user data will be collected and how it will be used. In both the case of Onavo and the Facebook Research project, I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection.

Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me. As you recall, I wrote the Federal Trade Commission in 2014 in the wake of revelations that Facebook had undertaken a behavioral experiment on hundreds of thousands of users, without obtaining their informed consent. In submitted questions to your Chief Operating Officer, Sheryl Sandberg, I once again raised these concerns, asking if Facebook provided for “individualized, informed consent” in all research projects with human subjects – and whether users had the ability to opt out of such research. In response, we learned that Facebook does not rely on individualized, informed consent (noting that users consent under the terms of the general Data Policy) and that users have no opportunity to opt out of being enrolled in research studies of their activity.  In large part for this reason, I am working on legislation to require individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users. 

Fair, robust competition serves as an impetus for innovation, product differentiation, and wider consumer choice. For these reasons, I request that you respond to the following questions: 

1.      Do you think any user reasonably understood that they were giving Facebook root device access through the enterprise certificate? What specific steps did you take to ensure that users were properly informed of this access? 

2.      Do you think any user reasonably understood that Facebook was using this data for commercial purposes, including to track competitors?

3.      Will you release all participants from the confidentiality agreements Facebook made them sign?

4.      As you know, I have begun working on legislation that would require large platforms such as Facebook to provide users, on a continual basis, with an estimate of the overall value of their data to the service provider. In this instance, Facebook seems to have developed valuations for at least some uses of the data that was collected (such as market research). This further emphasizes the need for users to understand fully what data is collected by Facebook, the full range of ways in which it is used, and how much it is worth to the company. Will you commit to supporting this legislation and exploring methods for valuing user data holistically?

5.      Will you commit to supporting legislation requiring individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users?

I look forward to receiving your responses within the next two weeks. If you should have any questions or concerns, please contact my office at 202-224-2023.

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called internet of things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. They may not need to do much, but they still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud, and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture, or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security, or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home, or other standards. This may give users a false sense that they are in some way accredited, inspected, or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire or at least a short waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Making sure that the devices and of course your router are password protected, and take common sense measures like changing that password regularly.

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called internet of things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. They may not need to do much, but they still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud, and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture, or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security, or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home, or other standards. This may give users a false sense that they are in some way accredited, inspected, or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire or at least a short waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Making sure that the devices and of course your router are password protected, and take common sense measures like changing that password regularly.

If you just tried to turn on your Xbox One and were met with nothing but a black screen: you’re not alone.

A particularly bad outage in Xbox Live’s core services is causing the console to get stuck at boot. Microsoft is aware of the outage, and says they’ve “identified the cause”.

The issue seems to be impacting enough users that even Microsoft’s server status page is having a hard time staying up.

Xbox Live outages happen from time to time, but it’s quite unusual for said outages to keep the entire console from booting. In most cases, the console would just boot and then fail to access online services. This has lead many to assume that their console, itself, had somehow broken — but, at least hopefully, they’ll boot right up once Microsoft untangles this mess of an outage.

Some users who are on wired connections report that their consoles boot up after the ethernet cable is unplugged. Others on wireless connections say turning off their routers (so the Xbox doesn’t try to connect to Live over WiFi) let them boot up.

Many reports say that factory resetting does not help, so don’t trouble yourself with that.

Update: Microsoft’s Mike Ybarra blames the issue on a “deployment error” (meaning they went to push some new code, and something broke along the way), and says rebooting your console “in a few minutes” should fix it.

If you just tried to turn on your Xbox One and were met with nothing but a black screen: you’re not alone.

A particularly bad outage in Xbox Live’s core services is causing the console to get stuck at boot. Microsoft is aware of the outage, and says they’ve “identified the cause”.

The issue seems to be impacting enough users that even Microsoft’s server status page is having a hard time staying up.

Xbox Live outages happen from time to time, but it’s quite unusual for said outages to keep the entire console from booting. In most cases, the console would just boot and then fail to access online services. This has lead many to assume that their console, itself, had somehow broken — but, at least hopefully, they’ll boot right up once Microsoft untangles this mess of an outage.

Some users who are on wired connections report that their consoles boot up after the ethernet cable is unplugged. Others on wireless connections say turning off their routers (so the Xbox doesn’t try to connect to Live over WiFi) let them boot up.

Many reports say that factory resetting does not help, so don’t trouble yourself with that.

Update: Microsoft’s Mike Ybarra blames the issue on a “deployment error” (meaning they went to push some new code, and something broke along the way), and says rebooting your console “in a few minutes” should fix it.

Turns out training a robotic arm to play Jenga is a surprisingly complex task. There are, so to speak, a lot of moving parts. Researchers at MIT are putting a modified ABB IRB 120 to work with the familiar tabletop game, utilizing a soft gripper, force-sensing wrist joint and external camera to design a bot that can remove a block without toppling the tower.

The robot was trained with 300 attempts, rather than the thousands it would traditionally take, learning to cluster different attempts into groups as a kind of short hand similar to how human teach themselves. With each attempt, the robot pushing against the block, testing for tactile feedback to determine whether it’s a safe bet.

“Unlike in more purely cognitive tasks or games such as chess or Go, playing the game of Jenga also requires mastery of physical skills such as probing, pushing, pulling, placing, and aligning pieces. It requires interactive perception and manipulation, where you have to go and touch the tower to learn how and when to move blocks,” says MIT assistant professor Alberto Rodriguez. “This is very difficult to simulate, so the robot has to learn in the real world, by interacting with the real Jenga tower. The key challenge is to learn from a relatively small number of experiments by exploiting common sense about objects and physics.”

The robot has gotten pretty good at making attempts, but the team is quick to note that it’s not quite ready to take on experienced players. Among other things, the robot isn’t able to determine strategic blocks that can sabotage the tower’s strength for upcoming turns. 

Rigetti Computing, one of the leading startups in the quantum computing space, today announced the public beta of its Quantum Cloud Services (QCS) platform. With this, developers can get access to Rigetti’s quantum processors, as well as all the classical computing resources necessary to build and test quantum algorithms on this hybrid platform.

Beta users will get $5,000 in credits toward running their programs on the platform. The platform itself consists of classical computing resources (you still need those as the quantum chips are essentially specialized co-processors) and Rigetti’s quantum chips, including two of its latest Aspen quantum processors. In order to run your algorithms on those chips, you’ll have to book time using the service’s online booking system.

The core of the user experience, though, is Rigetti’s Quantum Machine Image, which features all of the company’s tools for building quantum algorithms, including its Forest SDK and a simulator for testing code. That image then runs on a regular server in Rigetti’s cloud, but it’s tightly coupled with the company’s quantum computing resources.

Developers also get access to the first set of quantum applications written by various Rigetti Partners like Zapata Computing, a company that specialized in algorithms for quantum computing. Those applications range from a tool for compressing quantum data to QuantumFreeze to some basic machine learning applications. There’s also a game where you help a penguin navigate a frozen lake that’s pocketed with holes. You can either make classical moves or split the penguin into a superposition of states. Why not, I guess.

It looks like Facebook is not the only one abusing Apple’s system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch has learned.

In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate. That’s the same type of policy violation that led Apple to shut down Facebook’s similar Research VPN iOS app, which had the knock-on effect of also disabling usage of Facebook’s legitimate employee-only apps — which run on the same Facebook Enterprise Certificate — and making Facebook look very iffy in the process.

First launched in 2012, Screenwise lets users earn gift cards for sideloading an Enterprise Certificate-based VPN app that allows Google to monitor and analyze their traffic and data. Google has rebranded the program as part of the Cross Media Panel and Google Opinion Rewards programs that reward users for installing tracking systems on their mobile phone, PC web browser, router, and TV.

Originally, Screenwise was open to users as young as 13, just like Facebook’s Research app that’s now been shut down on iOS but remains on Android.

Now, according to the site’s Panelist Eligibility rules, Google requires the primary users of its Opinion Rewards to be 18 or older, but still allows secondary panelists as young as 13 in the same household to join the program and have their devices tracked, as demonstrated in this video here (which was created in August of last year, underscoring that the program is still active):

Unlike Facebook, Google is much more upfront about how its research data collection programs work, what’s collected, and that it’s directly involved. It also gives users the option of “guest mode” for when they don’t want traffic monitored, or someone younger than 13 is using the device.

Putting the not-insignificant issues of privacy aside — in short, many people lured by financial rewards may not fully take in what it means to have a company fully monitoring all your screen-based activity — and the implications of what extent tech businesses are willing to go to to amass more data about users to get an edge on competitors, Google Screenwise Meter for iOS appears to violate Apple’s policy.

This states, in essence, that the Enterprise Certificate program for distributing apps without the App Store or Apple’s oversight is only for internal employee-only apps.

Google walks users through how to install the Enterprise Certificate and VPN on their phone. Developers seeking to do external testing on iOS are supposed to use the TestFlight system that sees apps reviewed and limits their distribution to 10,000 people.

We have reached out both to Apple and Google for a comment on why this app is either the same, or different to the app Facebook had been distributing.

If Apple considers this a violation of its Enterprise Certificate policy, it could shut down Screenwise’s ability to run on iOS. And if it truly wanted to punish Google like it did Facebook, it could invalidate the certifications for all of Google’s legitimate apps that run using the same certificate.

That could throw a wrench into Google’s product development and daily work flow that could be more damaging than just removing one way it gathers competitive intelligence.

We’ll update this post as we learn more.

Free TV and movie streaming service Tubi is preparing to double down on content acquisitions this year, the company announced this morning. The service today offers over 12,000 movies and TV series, totalling 40,000 hours of content. All of this can be streamed for free as the content is paid for not via customer subscriptions, but rather by advertising. Now the company is preparing to invest over $100 million to expand its library this year, after hitting profitability in Q4 2018, and tackle new markets.

Founded in 2014, Tubi has benefitted from the trend towards cord cutting, as well as the increasing number of younger consumers who never opt to pay for cable or satellite TV in the first place – sometimes called the “cord nevers.”

The company claims that its viewership increased by over 4.3 times from December 2017 to December 2018, which allowed it to hit the profitability milestone. In the fourth quarter alone, it saw more revenue than in all of 2017 combined, it also noted. And it grew revenues by 180 percent-plus in 2018.

On the advertising front, the company says it ran campaigns from over 1,000 advertisers in 2018, including those from the majority of the top CPG and automotive companies.

However, several aspects of Tubi’s business aren’t being disclosed alongside today’s news – only the highlights. What the company won’t say is how many monthly active users it has, how many hours they watch, or how many ad impressions take place across its platform. These sorts of metrics are critical to measuring success in ad-supported video.

Along with its plans to grow its library, Tubi is preparing to expand outside the U.S. and Canada, with the first market launching this quarter.

To help fund its growth and content acquisitions, Tubi closed on $25 million in debt financing from Silicon Valley Bank in December.

These plans come at a time when Tubi’s business model has been seeing increased competition.

For example, Roku entered ad-supported programming with its own The Roku Channel launch in fall 2017, and said earlier this month it now has 27 million user accounts. Of course, Roku doesn’t break that down by how many use its platform for other services, versus those who specifically launch Roku’s own free content – but that is its ad-supported channel’s potential reach.

In addition to Roku, Tubi competes against Walmart’s ad-supported video on Vudu; Amazon-owned IMDb’s new service Freedive; Viacom’s latest acquisition, Pluto TV; Sinclair’s local broadcaster-focused service Stirr; and soon, Plex. Comcast will also launch a free streaming service for its pay TV customers in 2020.

Tubi, like many of these services, believes in its potential as consumers tire of being nickeled and dimed for video subscriptions.

“In 2018 we at Tubi saw tremendous growth as consumers, fatigued by SVOD subscriptions and services, sought alternative entertainment choices,” said Farhad Massoudi, CEO of Tubi, in a statement. “We will continue to use profits to make bigger bets on content, enhance the viewing experience, and continue to press ahead into new grounds in what is our core advantage: technology and data,” he added.

In reality, however, Tubi competes for attention among a growing streaming market, which includes those paid subscription video offerings. Today’s consumers are building out customized bundles that make sense for them – a little Netflix and HBO perhaps, fleshed out with some free content through services like Tubi, for example.

Tubi’s advantage, of course, is that it doesn’t have to spend the billions on content and originals that subscription video services like Netflix do to win users. Instead, it relies on titles that have mainstream appeal, but may not be winning any awards – like older movies, kids shows, B-flicks, horror films, and reality TV.

At the end of the day, however, Tubi won’t necessarily gain from people tiring of subscription video, but from the growing influx of cord cutters who are searching for older or niche content not included in subscription libraries -or who just want to watch a free movie.