Author: azeeadmin

Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools.

In a blog post today the company reveals another tranche of Kremlin-linked fake activity — saying it’s removed a total of 471 Facebook pages and accounts, as well as 41 Instagram accounts, which were being used to spread propaganda in regions where Putin’s regime has sharp geopolitical interests.

In its latest reveal of “coordinated inauthentic behavior” — aka the euphemism Facebook uses for disinformation campaigns that rely on its tools to generate a veneer of authenticity and plausibility in order to pump out masses of sharable political propaganda — the company says it identified two operations, both originating in Russia, and both using similar tactics without any apparent direct links between the two networks.

One operation was targeting Ukraine specifically, while the other was active in a number of countries in the Baltics, Central Asia, the Caucasus, and Central and Eastern Europe.

“We’re taking down these Pages and accounts based on their behavior, not the content they post,” writes Facebook’s Nathaniel Gleicher, head of cybersecurity policy. “In these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.”

Sputnik link

Discussing the Russian disinformation op targeting multiple countries, Gleicher says Facebook found what looked like innocuous or general interest pages to be linked to employees of Kremlin propaganda outlet Sputnik, with some of the pages encouraging protest movements and pushing other Putin lines.

“The Page administrators and account owners primarily represented themselves as independent news Pages or general interest Pages on topics like weather, travel, sports, economics, or politicians in Romania, Latvia, Estonia, Lithuania, Armenia, Azerbaijan, Georgia, Tajikistan, Uzbekistan, Kazakhstan, Moldova, Russia, and Kyrgyzstan,” he writes. “Despite their misrepresentations of their identities, we found that these Pages and accounts were linked to employees of Sputnik, a news agency based in Moscow, and that some of the Pages frequently posted about topics like anti-NATO sentiment, protest movements, and anti-corruption.”

Facebook has included some sample posts from the removed accounts in the blog which show a mixture of imagery being deployed — from a photo of a rock concert, to shots of historic buildings and a snowy scene, to obviously militaristic and political protest imagery.

In all Facebook says it removed 289 Pages and 75 Facebook accounts associated with this Russian disop; adding that around 790,000 accounts followed one or more of the removed Pages.

It also reveals that it received around $135,000 for ads run by the Russian operators (specifying this was paid for in euros, rubles, and U.S. dollars).

“The first ad ran in October 2013, and the most recent ad ran in January 2019,” it notes, adding: “We have not completed a review of the organic content coming from these accounts.”

These Kremlin-linked Pages also hosted around 190 events — with the first scheduled for August 2015, according to Facebook, and the most recent scheduled for January 2019. “Up to 1,200 people expressed interest in at least one of these events. We cannot confirm whether any of these events actually occurred,” it further notes.

Facebook adds that open source reporting and work by partners which investigate disinformation helped identify the network.

It also says it has shared information about the investigation with U.S. law enforcement, the U.S. Congress, other technology companies, and policymakers in impacted countries.

Ukraine tip-off

In the case of the Ukraine-targeted Russian disop, Facebook says it removed a total of 107 Facebook Pages, Groups, and accounts, and 41 Instagram accounts, specifying that it was acting on an initial tip off from U.S. law enforcement.

In all it says around 180,000 Facebook accounts were following one or more of the removed pages. While the fake Instagram accounts were being followed by more than 55,000 accounts.  

Again Facebook received money from the disinformation purveyors, saying it took in around $25,000 in ad spending on Facebook and Instagram in this case — all paid for in rubles this time — with the first ad running in January 2018, and the most recent in December 2018. (Again it says it has not completed a review of content the accounts were generating.)

“The individuals behind these accounts primarily represented themselves as Ukrainian, and they operated a variety of fake accounts while sharing local Ukrainian news stories on a variety of topics, such as weather, protests, NATO, and health conditions at schools,” writes Gleicher. “We identified some technical overlap with Russia-based activity we saw prior to the US midterm elections, including behavior that shared characteristics with previous Internet Research Agency (IRA) activity.”

In the Ukraine case it says it found no Events being hosted by the pages.

“Our security efforts are ongoing to help us stay a step ahead and uncover this kind of abuse, particularly in light of important political moments and elections in Europe this year,” adds Gleicher. “We are committed to making improvements and building stronger partnerships around the world to more effectively detect and stop this activity.”

A month ago Facebook also revealed it had removed another batch of politically motivated fake accounts. In that case the network behind the pages had been working to spread misinformation in Bangladesh 10 days before the country’s general elections.

This week it also emerged the company is extending some of its nascent election security measures by bringing in requirements for political advertisers to more international markets ahead of major elections in the coming months, such as checks that a political advertiser is located in the country.

However in other countries which also have big votes looming this year Facebook has yet to announced any measures to combat politically charged fakes.

The era that saw China’s mobile payments providers making handsome interest returns on client money has officially ended.

Starting this week, non-bank payments companies must place 100 percent of their customer deposit funds under centralized, interest-free accounts as Beijing moves to rein in financial risks. In the past, third-party payments firms were allowed to hold pre-paid sums from buyers for a short period of time before transferring the money to merchants. This layout allowed companies like Alibaba’s payments affiliate Ant Financial and Tencent to earn interest by depositing customer money into bank accounts.

Exactly how much money Ant and Tencent derived from these deposits is unclear. Both companies declined to comment on the policy’s revenue implications but said they have complied with the rules and finished transferring all customer reserve funds to a centralized clearing system.

Here are some numbers to help grasp the scale of the lucrative practice. The central bank gave a two-year window for all payments firms to complete the transition as it gradually raised the reserve funds ratio, which climbed to 85 percent in November. By then, total customer funds deposited by non-bank payments companies into central custodians hit 1.24 trillion yuan ($180 billion), while another estimated 260 billion yuan was yet to come under regulated control, shows data published by the People’s Bank of China.

Collectively, the giants account for more than 90 percent of China’s third-party mobile payments and 34 percent of all third-party, internet-based payments (which include both PC and mobile transactions), according to research firm Analysys.

While the regulatory control surely has measurable revenue implication on payments firms, some experts point to another adverse consequence. “Now that payments companies are no longer putting deposits into their [partnering] banks, they lose bargaining power with these banks that charge commissions for handling their mobile payments,” an employee from a major payments firm told TechCrunch on the condition of anonymity.

Tencent doesn’t break down how much it makes from payments but the unit has grown rapidly over the past years while its major income source — video games — took a hit last year. Meanwhile Ant Financial has been diversifying its business to go beyond financial services. It has earnestly marketed itself as a “technology” company by opening its proprietary technologies to a growing list of traditional institutions like banks and insurance companies. Reuters reported earlier that technology services will make up 65 percent of Ant’s revenue in about four years, up from an estimated 34 percent in 2017.

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise.

The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter handle and the access tokens. These access tokens keep you logged in to the website on your phone and your computer without having to re-type your password every time or entering your two-factor authentication code.

But if stolen, most sites can’t differentiate between a token used by the account owner, or a hacker who stole the token.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the vulnerability and shared details with TechCrunch.

In order to test the bug, Robert found 539 websites using the vulnerable code by searching PublicWWW, a website source code search engine. He then wrote a proof-of-concept script that scraped the publicly available code from the affected websites, collecting access tokens on more than than 400 linked Twitter accounts.

Using the obtained access tokens, Robert tested their permissions by directing those accounts to ‘favorite’ a tweet of his choosing over a hundred times. This confirmed that the exposed account keys had “read/write” access — effectively giving him, or a malicious hacker, complete control over the Twitter accounts.

Among the vulnerable accounts included a couple of verified Twitter users and several accounts with tens of thousands of followers, a Florida sheriff’s office, a casino in Oklahoma, an outdoor music venue in Cincinnati, and more.

Robert told Twitter on December 1 of the vulnerability in the third-part plugin, prompting the social media giant to revoke the keys, rendering the accounts safe again. Twitter also emailed the affected users of the security lapse of the WordPress plugin, but did not comment on the record when reached.

Twitter did its part — what little it could do when the security issue is out of its hands. Any WordPress user still using the plugin should remove it immediately, change their Twitter password, and ensure that the app is removed from Twitter’s connected apps to invalidate the token.

Design Chemical, a Bangkok-based software house that developed the buggy plugin, did not return a request for comment when contacted prior to publication.

On its website, it says the seven-year plugin has been downloaded more than 53,000 times. The plugin, last updated in 2013, still gets dozens of downloads each day.

MITRE assigned the vulnerability CVE-2018-20555. It’s the second bug Robert has disclosed in as many days.

Coinbase is continuing its push to suck up talent after the $8 billion-valued crypto business snapped up Blockspring, a San Francisco-based startup that enables developers to collect and process data from APIs.

The undisclosed deal was announced by Blockspring on its blog, and confirmed to TechCrunch by a Coinbase representative. Coinbase declined to comment further.

Blockspring started out as a serverless data business, but it pivoted into a service that lets companies use API data. That includes purposes such as building list and repositories for recruitment, marketing sales, reporting and more. Pricing starts from $29 per month and Blockspring claims to work with “thousands” of companies.

That startup graduated Y Combinator and, according to Crunchbase, it had raised $3.5 million from investors that include SV Angel and A16z, both of which are Coinbase investors. Those common investors are likely a key reason for the deal, which appears to be a talent acquisition. The Blockspring team will join Coinbase, but it will continue to offer its existing products “for current and new customers as they always have.”

“Joining Coinbase was a no-brainer for a number reasons including its commitment to establishing an open financial system and the strength of its engineering team, led by Tim Wagner (formerly of AWS Lambda). Making the technical simple and accessible is what we’ve always been about at Blockspring. And now we’ll get to push these goals forward along with the talented folks at Coinbase to make something greater than we could on our own,” wrote CEO Paul Katsen.

Coinbase raised $300 million last October to take it to $525 million raised to date from investors. While it may not be a huge one, the Blockspring deal looks to be its eleventh acquisition, according to data from Crunchbase. Most of those have been talent grabs, but its more substantial pieces of M&A have included the $120 million-plus deal for Earn.com, which installed Balaji Srinivasan as the company’s first CTO, the acquisition of highly-rated blockchain browser Cipher, and the purchase of securities dealer Keystone Capital, which boosted its move into security tokens.

In addition to buying up companies, Coinbase also makes investments via its early-stage focused Coinbase Ventures fund.

Personio, the German HR and recruiting platform, has raised $40 million in a Series B funding. Leading the round is London-based Index Ventures, with participation from existing investors Northzone and Rocket Internet’s Global Founders.

Founded in 2015, Munich-based Personio has set out to build a “HR operating system” for small and medium-sized companies (SMEs) ranging from 10 and 2,000 employees. The cloud-based software is designed to power all of a company’s HR and recruiting processes, either via the product’s own core functionality or through its ability to integrate with third-party software.

“We believe in the benefit of a holistic HR solution that covers the entire employee life-cycle, while its functionalities need to adapt to individual customer requirements and processes,” Personio co-founder and CEO Hanno Renner tells me.

“That being said, we distinguish between the bread-and-butter HR activities which every company needs to do (e.g. recruiting, on boarding, time off management, payroll etc.) and those that are either industry-specific or rather nice-to-haves”.

Examples of the latter include hardware-based time tracking, and employee engagement, respectively. “We focus our efforts on providing a best-in-class experience for what we consider bread-and-butter HR,” adds Renner. “For more specific requirements, we let our customers choose from a growing number of integrated vertical solutions based on their needs. Data will be synced so Personio acts as the system of record for all HR information and information only needs to be entered once”.

In addition to “out of the box” third-party software integrations, Personio’s claim to offer a HR operating system is backed up by the company’s open API, which is designed to cover various use cases where accessing data that is stored in Personio can add further value to customers. This includes building something as simple as a Slack bot using Personio data, to connecting Personio to a company’s data-warehouse or deeper integrations with internal systems.

More broadly, Renner says this holistic approach, coupled with Personio’s workflow automation that aims to cut down on time wasted on repetitive tasks, is not only resonating with HR managers and recruiters who typically use the product for several hours per day, but is also finding use with managers, executives and other employees. The end result is that HR and recruitment processes can become much more distributed across a company.

To that end, Personio says its Series B funding will be used to help the company attempt to become Europe’s leading provider of human resources software for SMEs. It boasts more than 1,000 clients in 35 countries, seeing over 150,000 employees and several hundred thousand applicants currently being managed within Personio.

“We believe that now is the right timing to actively expand into further regions and the funding as well as Index expertise will certainly help making that move successful,” adds the Personio CEO. “Apart from that, we consider ourselves a product-driven company and hence want to continue to strongly invest into building the best product for our customers which will mean significantly growing our product & engineering team and potentially even opening a new office to facilitate hiring”.

Fintech startup Flutterwave has partnered with Visa to launch a consumer payment product for Africa called GetBarter.

The app based offering is aimed at facilitating personal and small merchant payments within countries and across Africa’s national borders. Existing Visa card holders can send and receive funds at home or internationally on GetBarter.

The product also lets non card-holders (those with accounts or mobile wallets on other platforms) create a virtual Visa card to link to the app.  A Visa spokesperson confirmed the product partnership.

GetBarter allows Flutterwave—which has scaled as a payment gateway for big companies through its Rave product—to pivot to African consumers and traders.

“Rave is B2B, this is more B2B2C since we’re reaching the consumers of our customers,” Flutterwave CEO Olugbenga Agboola—aka GB—told TechCrunch.

The app also creates a network for clients on multiple financial platforms, such as Kenyan mobile money service M-Pesa, to make transfers across payment products, national borders, and to shop online.

“The target market is pretty much everyone who has a payment need in Africa. That includes the entire customer base of M-Pesa, the entire bank customer base in Nigeria, mobile money and bank customers in Ghana—pretty much the entire continent,” Agboola said.

Flutterwave and Visa will focus on building a GetBarter user base across mobile money and bank clients in Kenya, Ghana, and South Africa, with plans to grow across the continent and reach those off the financial grid.

“In phase one we’ll pursue those who are banked. In phase-two we’ll continue toward those who are unbanked who will be able to use agents to work with GetBarter,” Agboola said.

Flutterwave and Visa will generate revenue through fees from financial institutions on cards created and on fees per transaction. A GetBarter charge for a payment in Nigeria is roughly 40 Naira, or 11 cents, according to Agboola.

With this week’s launch users can download the app for Apple and Android devices and for use on WhatsApp and USSD.

Founded in 2016, Flutterwave has positioned itself as a global B2B payments solutions platform for companies in Africa to pay other companies on the continent and abroad. It allows clients to tap its APIs and work with Flutterwave developers to customize payments applications. Existing customers include Uber, Facebook, Booking.com, and African e-commerce unicorn Jumia.com.

Flutterwave has processed 100 million transactions worth $2.6 billion since inception, according to company data.

The company has raised $20 million from investors including Greycroft, Green Visor Capital, Mastercard, and Visa.

In 2018, Flutterwave was one of several African fintech companies to announce significant VC investment and cross-border expansion—see Paga, Yoco, Cellulant, Mines.ie, and  Jumo.

Flutterwave added operations in Uganda in June and raised a $10 million Series A round in October that saw former Visa CEO Joe Saunders join its board of directors.

The company also plugged into ledger activity in 2018, becoming a payment processing partner to the Ripple and Stellar blockchain networks.

Flutterwave hasn’t yet released revenue or profitability info, according to CEO Olugbenga Agboola.

Headquartered in San Francisco, with its largest operations center in Nigeria, the startup plans to add operations centers to South Africa and Cameroon, which will also become new markets for GetBarter.

Ola, the ride-hailing service battling Uber in India, is introducing credit services to its users as it moves closer to a major new funding round.

Today the company took the wraps off Ola Money Postpaid, a service that builds on Ola’s existing payment service — which can be used to pay rides and also third-party services — but offering a credit facility without additional charges. Essentially, the postpaid service lets passengers accumulate rides on Ola and then pay for 15-days of charges in one go, in the same way that we pay for electricity or a phone bill once a month.

Ola said it has trialed the service with 10 percent of its 150 million users and seen a 90 percent repeat rate from those guinea pigs. Testing over, it plans to roll the service out to all users over “the coming months.” While doing that, it said it will increase the billing cycle to 30-days — so you pay for a month of Ola — and bring support for the postpaid service to third-parties.

The latter makes sense as it may boost Ola Money, Ola’s payment service that was given a standalone app in 2015 with a view to being used to pay bills, food and more. Ola hasn’t said much about the service, and we don’t know how well it fairs against competitors like Paytm, Flipkart’s PhonePe or Google Pay, formerly known as Tez.

More broadly, Ola Money Postpaid looks to be an effort to wean users off of cash payments. Cash is still a popular medium in India — to the point that Uber, the great advocate of seamless paying, added it a few years ago — and Ola Money has helped get some users into cashless, but not all have done. The postpaid service, then, appears to be a halfway house between the two.

The key quote from Ola is this one from Nitin Gupta, who is CEO of Ola Financial Services:

“Ola is dedicated to supporting the Government’s vision of a cashless economy and we are committed to being a major force in India’s rapidly growing digital payments market. We will continue to invest in innovative solutions that promote the digital economy across India while extending the benefits of this first of its kind Postpaid offering to more Indians,” he said.

Ola is the midst of a raising a new round that’s likely to be in excess of $1 billion, sources have told TechCrunch, and already investors are contributing. Last week, regulatory filings showed that existing investor Steadview Capital injected $75 million towards the round in a deal that values Ola at around $6 billion. SoftBank, Temasek and others are expected to join.

The company operates across more than 100 locations in India, and its service include ride-hailing, payments and food deliveries. Ola recently invested in an electric scooter startup, and it branched overseas with launches in Australia, New Zealand and the U.K. last year.

At a time when tech companies are being blamed for creating housing shortages in cities across the country, Microsoft told the Seattle Times it will make a $500 million pledge, its largest ever, to create affordable housing around Seattle. The company is currently in the middle of a multi-billion dollar expansion of its Redmond, Washington campus.

Microsoft’s pledge comes half a year after Seattle City Council failed to pass a “head tax” that would have required companies making more than $200 million a year to pay $275 per employee in taxes. The money would have been used to address housing issues and homelessness, but council members blamed the repeal of the new tax ordinance on Amazon, which said it would stop construction on a new building if it passed. Amazon is based in Seattle, but also planning new headquarters in Arlington, Virginia and Long Island City, New York.

In an interview with the Seattle Times, Microsoft president and chief legal officer Brad Smith said the housing pledge grew out of conversations the company began having with Challenge Seattle, an alliance formed by 18 businesses to address civic issues in the area, last summer. Most of the funds will be used to increase housing for low- to middle-income workers across the Puget Sound region.

“At some level we as a region are going to need to either say there are certain areas where we’re comfortable having more people live, or we just want to permanently force the people who are going to teach our kids in schools, and put out the fires in our houses, and keep us alive in the hospital, to spend four hours every day getting to and from work,” Smith told the newspaper. “That is not, in our view, the best outcome for the community.”

Smith added that he hopes the pledge will help create “tens of thousands of units.” In addition to being the largest pledge ever made by Microsoft, which holds $135 billion in cash reserves and short-term investments, the company says it is one of the largest housing contributions ever by a private corporation.

The money will be used in three ways: $225 million will be loaned at below-market interest rates to developers building units for households making between $62,000 to $124,000 a year; $250 million will be used for market-rate loans to support the construction of affordable housing for people making up to 60 percent of the local median income, or about $48,150 for a two-person household; and the rest of the money, $25 million, will be donated to services for low-income and homeless people. Loans will be made over a period of three years and any profit will be put back in the fund.

Microsoft’s affordable housing initiative is partially modeled after Housing Trust Silicon Valley, which provides loans for affordable housing and services for the homeless in the Bay Area.

Amazon’s AWS cloud computing service today launched Backup, a new tool that makes it easier for developers on the platform to back up their data from various AWS services and their on-premises apps. Out of the box, the service, which is now available to all developers, lets you set up backup policies for services like Amazon EBS volumes, RDS databases, DynamoDB tables, EFS file systems and AWS Storage Gateway volumes. Support for more services is planned, too. To back up on-premises data, businesses can use the AWS Storage Gateway.

The service allows users to define their various backup policies and retention periods, including the ability to move backups to cold storage (for EFS data) or delete them completely after a certain time. By default, the data is stored in Amazon S3 buckets.

Most of the supported services, except for EFS file systems, already feature the ability to create snapshots. Backup essentially automates that process and creates rules around it, so it’s no surprise that the pricing for Backup is the same as for using those snapshot features (with the exception of the file system backup, which will have a per-GB charge). It’s worth noting that you’ll also pay a per-GB fee for restoring data from EFS file systems and DynamoDB backups.

Currently, Backup’s scope is limited to a given AWS region, but the company says that it plans to offer cross-region functionality later this year.

“As the cloud has become the default choice for customers of all sizes, it has attracted two distinct types of builders,” writes Bill Vass, AWS’s VP of Storage, Automation, and Management Services. “Some are tinkerers who want to tweak and fine-tune the full range of AWS services into a desired architecture, and other builders are drawn to the same breadth and depth of functionality in AWS, but are willing to trade some of the service granularity to start at a higher abstraction layer, so they can build even faster. We designed AWS Backup for this second type of builder who has told us that they want one place to go for backups versus having to do it across multiple, individual services.”

Early adopters of AWS Backup are State Street Corporation, Smile Brands and Rackspace, though this is surely a service that will attract its fair share of users as it makes the life of admins quite a bit easier. AWS does have quite a few backup and storage partners, though, who may not be all that excited to see AWS jump into this market, too, though they often offer a wider range of functionality — including cross-region and offsite backups — than AWS’s service.