Author: azeeadmin

Facebook is launching some of its self-styled ‘election security’ initiatives into more markets in the coming months ahead of several major votes in countries around the world.

In an interview with Reuters the social networking giant confirmed it’s launching checks on political adverts on its platform in Nigeria, Ukraine and the European Union, reiterating too that ad transparency measures will launch in India ahead of its general election.

Although it still hasn’t confirmed how it will respond in other countries with looming votes this year, including Australia, Indonesia, Israel and the Philippines.

Concern about election interference in the era of mass social media has stepped up sharply since revelations about the volume of disinformation targeted at the 2016 U.S. presidential election (and amplified by Facebook et al).

More than two years later Facebook’s approach to election security remains ad hoc, with different policy and transparency components being launched in different markets — as it says it’s still in a learning mode.

It also claims its variable approach reflects local laws and conversations with governments and civil society groups. Although it says it’s also hoping to have a set of tools that applies to advertisers globally by the end of June.

“Our goal was to get to a global solution. And so, until we can get to that in June, we had to look at the different elections and what we think we can do,” Facebook’s director of global politics and outreach, Katie Harbath told Reuters.

Many markets where Facebook’s platform operates also still have no limits on who can buy and target political ads, as too do many smaller elections, such as local elections.

Even as the checks and balances the company does offer in other markets remain partial and far from perfect. For instance Facebook does not always offer meaningful checks on issue-based political advertising because, in some markets, it narrowly draws the definition as related to parties and candidates only, thereby limiting the effectiveness of the policy.

(And plenty of Kremlin propaganda targeted at the 2016 US presidential election was focused on weaponizing issues to whip up social divisions, for example, such as by playing up racial tensions, rather than promoting or attacking particular candidates.)

Facebook told Reuters it’s launching an authorization process for political advertisers in Nigeria today, ahead of a presidential election on February 16, which requires those running political ads to be located in the country.

It said the same policy will apply to Ukraine next month, ahead of elections on March 31.

Facebook also reiterated that election security measures are incoming ahead of India’s general election last month. From next month it will launch a searchable online library for election ads in India which votes for parliament this spring. The ads will be held in the library for seven years.

It has already launched searchable political ad archives in the U.S., Brazil and the U.K. But again its narrow definition of what constitutes a political ad limits the scope of the transparency measure in the U.K., for example. (Whereas in the U.S. the archive can include ads about much debated issues such as immigration and climate change.)

The Indian archive will contain contact information for some ad buyers or official regulatory certificates, according to Reuters.

While, in the case of individuals buying political ads, Facebook said it would ensure their listed name matches government-issued identity documents.

The European Union, which goes to the polls in May to elect MEPs for the European Parliament, will also get a version of the Indian authorization and transparency system ahead of that vote.

The European Commission has stepped up pressure on tech platforms over election security, announcing a package of measures last month intended to combat democracy-denting disinformation which included pressing platforms to increase transparency around political ads and purge fake accounts.

The EC also said it would be monitoring platforms’ efforts — warning that it wants to see “real progress”, not more “excuses” and “foot-dragging”.

We contacted Facebook for further comment on its international election security efforts but at the time of writing it said it had nothing more to add.

While we will continue to see a lot of consolidation among smaller startups in the area of financial technology, or fintech, there are also some much bigger combinations at play to help tap into economies of scale against current and future competition. Today, Fiserv announced that it would acquire First Data — respectively giants in financial services and e-commerce payments — in a deal worth $22 billion.

It is a merger, but Fiserv will be getting the upper hand in the deal: its CEO Jeffery Yabuki will become CEO of the combined entity, while First Data’s CEO Frank Bisignano will become president and COO.

This will be an all-stock transaction. Specifically, First Data shareholders will get a fixed exchange ratio of 0.303 Fiserv shares for each share of First Data common stock, “for an equity value of $22 billion.” Fiserv said the price it’s paying is a premium of 29 percent to the five-day volume weighted average price as of yesterday’s closing. After the close of the deal, Fiserv shareholders will own 57.5 percent of the combined company, while First Data shareholders will own 42.5 percent.

The merger underscores the general trend of consolidating different parts of the financial services ecosystem, providing a one-stop-shop to clients, and building more integrated services overall.

Traditional banks and the services that they provide to users — from savings accounts to credit and loan services to remittance and money transfer services and payments — have been disrupted in the last 10-15 years with the emergence of a host of startups that are taking them on with faster, more agile solutions based on cloud architectures, apps, catchy marketing, AI and machine learning to improve responsiveness and overall user experience, as well as undercut some of the rates that banks provide.

Up and coming names include PayPal (which you might argue is no longer disruptive in this sense), Stripe, Square, TransferWise, Ant Financial (a frenemy of sorts) and more. Other tech companies like Amazon and Apple also are throwing their weight in terms of “owning” customers’ financial expenditures.

Fiserv, which is now 35 years old, has actually played a part in trying to help banks combat that bigger trend, for example it once built its own smartphone-based card reader to compete with Square’s that it intended to sell to banks to take on the smaller firm.

First Data, meanwhile, has been mainly swimming in its own lane, acting as a consolidator of interesting fintech startups like Clover, Perka, Gyft, Blue Pay, Spree and more. It went public in 2015 and says that its tech is active across 6 million physical businesses and 4,000 financial institutions in over 100 countries, and that it processes some 3,000 transactions per second and $2.4 trillion per year.

Now, they will be combining their respective work into more integrated offerings. As examples the companies give, it will merge First Data’s digital merchant account enrollment capabilities can be integrated into Fiserv’s digital banking solutions that serve thousands of financial institutions.

They said they will also be investing $500 million over the next five years on new tech in areas like merchant solutions, digital services, risk management, and payments.

“Through this transformative combination, we expect to redefine the manner in which people and institutions move money and information,” said Jeffery Yabuki, President and Chief Executive Officer of Fiserv in a statement. “We admire First Data for its excellence in merchant acquiring and global issuing services, and the tremendous progress they have made under Frank’s leadership. We expect this combination to catalyze and support an enhanced value proposition for our collective clients and their customers.”

“I have long admired what Fiserv has achieved over the years, and I look forward to working with the talented associates of both companies as we set a higher standard of innovation and service in the industry,” said First Data Chairman and CEO Frank Bisignano in a statement. “Our goal at First Data has always been to provide our clients with the most comprehensive suite of innovative, highly-differentiated solutions and services, and I am excited by the significant value that the combination with Fiserv creates for all stakeholders.”

While this is about creating products to better compete against the rest of the financial services field, it’s also about saving money at the two companies themselves. Fiserv and First Data say that they expect $900 million in run-rate cost savings and $500 million or more in revenue synergies.

The companies said they expect the deal to close in the second half of 2019.

Verizon Wireless is now offering free access to Apple Music. The music streaming service is available on select Verizon Wireless plans starting on January 17, 2019. Previously, Verizon and Apple offered a free 6-month trial to the streaming service.

This comes as Apple is clearly looking for partners to help extend the reach of Apple’s services. Just last week, at CES 2019, multiple consumer electronic companies announced compatibility and support for several of Apple’s services including Airplay 2, HomeKit and iTunes video streaming services. This Verizon partnership further demonstrates Apple’s willingness to piggyback on another company to reach new users.

Verizon Wireless is America’s largest wireless carriers though it’s unclear how many users will have access to this service. The free Apple Music offer is only available to Verizon subscribers on select plans. Starting January 17, Apple Music will be included in Beyond Unlimited and Above Unlimited plans. For other users, a six-month trial is still available.

Wireless carriers have long looked to offering outside services to its subscribers to prop up their offerings. T-Mobile offers free Netflix and limited access to GoGo. Sprint gives subscribers free Hulu and Tidal. Sprint lets users on some plans pick from free HBO, Cinemax, Showtime or other services. Verizon is the first to offer free Apple Music.

Disclosure: TechCrunch is a Verizon Media company.

A slew of banks are coming together to back a new roll-up strategy for the Los Angeles-based mobile gaming studio, Jam City and giving the company $145 million in new funding to carry that out.

There’s no word on whether the new money is in equity or debt, but what is certain is that JPMorgan Chase Bank, Bank of America Merrill Lynch and syndicate partners including Silicon Valley Bank, SunTrust Bank and CIT Bank are all involved in the deal.

“In a global mobile games market that is consolidating, Jam City could not be more proud to be working with JPMorgan, Bank of America Merrill Lynch, Silicon Valley Bank, SunTrust Bank and CIT Group to strategically support the financing of our acquisition and growth plans,” said Chris DeWolfe, co-founder and CEO of Jam City. “This $145 million in new financing empowers Jam City to further our position as a global industry consolidator. As we grow our global business, we are honored to be working alongside such prestigious advisers who share Jam City’s mission of delivering joy to people everywhere through unique and deeply engaging mobile games.”

The new money comes after a few years of speculation on whether Jam City would be the next big Los Angeles-based startup company to file for an initial public offering. It also follows a new agreement with Disney to develop mobile games based on intellectual property coming from all corners of the mouse house — a sweet cache of intellectual property ranging from Pixar, to Marvel, to traditional Disney characters.

Jam City is coming off of a strong year of company growth. The Harry Potter: Hogwarts Mystery game which launched last year, became the company’s fastest title to hit $100 million in revenue

Tesla today is launching a new home charging station designed for the modern home. The new Wall Connector is the auto maker’s first home charging solution that can be plugged into a wall outlet rather than being hardwired into the home’s electrical system. This charger can plug directly into a NEMA 14-50 plug — the most common high-voltage plug in the US.

This is a departure from Tesla’s previous strategy but one that makes sense. This Wall Connector allows home owners to install a high-voltage charging system in a home without an electrician. Just plug it in.

The new Wall Connector offers a faster recharge time than the Gen 2 Mobile Connector that also offers a NEMA 14-50 plug. The new offering provides up to 40 amps to most Tesla vehicles while the Gen 2 Mobile Connector caps at 32 amps. Even still, Tesla’s hardwired Wall Connector recharges even quicker. Tesla is clearly looking to the new product to live in between its previous two chargers: It’s quicker and offers a cleaner look than the mobile connector, though slower but with a lower overall cost than the hardwired solution.

At $500 the new charger is inline with other home EV power solutions. It comes with a 24-foot cable and is only available in silver.

With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who says the bug is now fixed.

Researchers at Check Point say the three vulnerabilities chained together could have affected any of its 200 million players. The flaws, if exploited, would have stolen the account access token set on the gamer’s device once they’ve entered their password.

Once stolen, that token could be used to impersonate the gamer and log in as if they were the account holder, without needing their password.

The researchers say that the flaw lies in how Epic Games, the maker of Fortnite, handles login requests. Researchers said they could send any user a crafted link that appears to come from Epic Games’ own domain and steal an access token needed to break into an account.

Check Point’s Oded Vanunu explains how the bug works. (Image: supplied)

“It’s important to remember that the URL is coming from an Epic Games domain, so it’s transparent to the user and any security filter will not suspect anything,” said Oded Vanunu, Check Point’s head of products vulnerability research, in an email to TechCrunch.

Here’s how it works: the user clicks on a link, which points to an epicgames.com subdomain, which the hacker embeds a link to malicious code on their own server by exploiting a cross-site weakness in the subdomain. Once the malicious script loads, unbeknownst to the Fortnite player, it steals their account token and sends it back to the hacker.

“If the victim user is not logged into the game, he or she would have to login first,” said Vanunu. “Once that person is logged in, the account can be stolen.”

Epic Games has since fixed the vulnerability.

“We were made aware of the vulnerabilities and they were soon addressed,” said Nick Chester, a spokesperson for Epic Games. “We thank Check Point for bringing this to our attention.”

“As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others,” he said.

When asked, Epic Games would not say if user data or accounts were compromised as a result of this vulnerability.

What do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite'” — an IoT project smart speaker topper made by two designers, Bjørn Karmann and Tore Knudsen.

The Raspberry Pi-powered, fungus-inspired blob’s mission is to whisper sweet nonsense into Alexa’s (or Google Home’s) always-on ear so it can’t accidentally snoop on your home.

Project Alias from Bjørn Karmann on Vimeo.

Alias will only stop feeding noise into its host’s speakers when it hears its own wake command — which can be whatever you like.

The middleman IoT device has its own local neural network, allowing its owner to christen it with a name (or sound) of their choosing via a training interface in a companion app.

The open source TensorFlow library was used for building the name training component.

So instead of having to say “Alexa” or “Ok Google” to talk to a commercial smart speaker — and thus being stuck parroting a big tech brand name in your own home, not to mention being saddled with a device that’s always vulnerable to vocal pranks (and worse: accidental wiretapping) — you get to control what the wake word is, thereby taking back a modicum of control over a natively privacy-hostile technology.

This means you could rename Alexa “Bezosallseeingeye”, or refer to your Google Home as “Carelesswhispers”. Whatever floats your boat.

Once Alias hears its custom wake command it will stop feeding noise into the host speaker — enabling the underlying smart assistant to hear and respond to commands as normal.

“We looked at how cordyceps fungus and viruses can appropriate and control insects to fulfill their own agendas and were inspired to create our own parasite for smart home systems,” explain Karmann and Knudsen in a write up of the project here. “Therefore we started Project Alias to demonstrate how maker-culture can be used to redefine our relationship with smart home technologies, by delegating more power from the designers to the end users of the products.”

Alias offers a glimpse of a richly creative custom future for IoT, as the means of producing custom but still powerful connected technology products becomes more affordable and accessible.

And so also perhaps a partial answer to IoT’s privacy problem, for those who don’t want to abstain entirely. (Albeit, on the security front, more custom and controllable IoT does increase the hackable surface area — so that’s another element to bear in mind; more custom controls for greater privacy does not necessarily mesh with robust device security.)

If you’re hankering after your own Alexa disrupting blob-topper, the pair have uploaded a build guide to Instructables and put the source code on GitHub. So fill yer boots.

Project Alias is of course not a solution to the underlying tracking problem of smart assistants — which harvest insights gleaned from voice commands to further flesh out interest profiles of users, including for ad targeting purposes.

That would require either proper privacy regulation or, er, a new kind of software virus that infiltrates the host system and prevents it from accessing user data. And — unlike this creative physical IoT add-on — that kind of tech would not be at all legal.

Why is one of the most popular Android apps running a hidden web server in the background?

ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it is: a simple file explorer that lets you browse through your Android phone or tablet’s file system for files, data, documents and more.

But behind the scenes, the app is running a slimmed-down web server on the device. In doing so, it opens up the entire Android device to a whole host of attacks — including data theft.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the exposed port last week, and disclosed his findings in several tweets on Wednesday. Prior to tweeting, he showed TechCrunch how the exposed port could be used to silently exfiltrate data from the device.

“All connected devices on the local network can get [data] installed on the device,” he said.

Using a simple script he wrote, Robert demonstrated how he could pull pictures, videos, and app names — or even grab a file from the memory card — from another device on the same network. The script even allows an attacker to remotely launch an app on the victim’s device.

He sent over his script for us to test, and we verified his findings using a spare Android phone. Robert said app versions 4.1.9.5.2 and below have the open port.

“It’s clearly not good,” he said.

A script, developed by security researcher , to obtain data on the same network as an Android device running ES File Explorer. (Image: supplied)

We contacted the makers of ES File Explorer but did not hear back prior to publication. If that changes, we’ll update.

The obvious caveat is that the chances of exploitation are slim, given that this isn’t an attack that anyone on the internet can perform. Any would-be attacker has to be on the same network as the victim. Typically that would mean the same Wi-Fi network. But that also means that any malicious app on any device on the network that knows how to exploit the vulnerability could pull data from a device running ES File Explorer and send it along to another server, so long as it has network permissions.

Of the reasonable explanations, some have suggested that it’s used to stream video to other apps using the HTTP protocol. Others who historically found the same exposed port found it alarming. The app even says it allows you to “manage files on your phone from your computer… when this feature is enabled.”

But most probably don’t realize that the open port leaves them exposed from the moment that they open the app.

London-headquartered BeMyEye has made another acquisition, its third in a little over three years. This time the retail execution monitoring service is purchasing Russian crowdsourcing and image recognition provider Streetbee.

The acquisition will see BeMyEye launch “Perfect Shelf,” which will use image recognition technology to lower the cost for consumer goods companies wanting to get “objective and actionable” in-store insights. These will typically include share of shelf and planogram compliance (the specific placement of products on a store shelf).

More broadly, BeMyEye offers a platform to enable companies and brands to crowdsource various in-store data. This can include checking availability (i.e. stock levels) of a particular product, how prominently an item is displayed, or whether or not it is being marketed or sold in the way retailers and staff have been instructed.

Tasks are sent out to paid members of the public via the BeMyEye app, which could include taking a photo and ‘checking in’ using geolocation as proof that it has been carried out, with the results anonymised and passed on to BeMyEye’s clients. One way to think about the proposition is as a much more scalable version of employing ‘secret shoppers’.

Augmenting these human data gatherers with image recognition technology can speed up data processing and, presumably, make a proposition like BeMyEye even more scalable.

Luca Pagano, CEO of BeMyEye, comments: “Field forces should not be burdened with data collection tasks, instead they should be empowered with action orientated in-store insights so they can focus 100 percent on selling and taking remedial action when and where it is needed. Perfect Shelf enables consumer goods companies to adopt a lean go-to-market strategy, progressively eliminating waste and enhancing field performance at a time when they are under huge pressure to find growth and demonstrate a positive ROI on their field force investments”.

The acquisition also extends BeMyEye’s reach to Russia and the CIS countries. With existing coverage in Europe, the combined companies claim aggregate crowd of more than 1.5 Million data gatherers, which will enable consumer goods companies to get a consistent view of in-store performance in 21 countries.

Meanwhile, BeMyEye isn’t disclosing the exact terms of the acquisition, although I understand it is an all-stock deal. The entire Streetbee business is being acquired, including the 50-person team, IP and technology. As part of this, the Streetbee founders will be joining BeMyEye in senior roles: Andrey Elisev is joining as CMO, Kirill Nepomnyashchiy is joing as VP Sales Russia and CIS, and Vladimir Lyzo is joining as Head of Image Recognition Development.

This news comes after BeMyEye’s acquisition of its largest French competitor, LocalEyes, in 2016, and U.K. operator Task360 in 2017.

French startup Doctolib announced back in September that it would open up telemedicine appointments on its platform in 2019. The company is taking advantage of recent legal changes that finally make telemedicine legal in France.

Doctolib is a marketplace matching patients with health practitioners — 70,000 practitioners and 1,400 medical institutions use it in France and Germany. Each health professional pays €109 per month to access the service ($124).

By replacing your calendar with Doctolib, you save a ton of time. You no longer have to pick up the phone constantly and say when you’re available and not available. Everything stays in sync between the public website and your calendar.

And now, all practitioners can go beyond face-to-face appointments. If they start accepting telemedicine appointments, patients will be able to book a remote appointment. The company has been testing the new service with 500 practitioners.

After configuring the service, patients can start a video chat when it’s time to talk with their doctor. Once the call is done, patients pay on Doctolib’s website. They can then access prescriptions in their user accounts.

Doctolib won’t take a cut on each transaction. The startup is selling this services as an add-on instead. Practitioners can choose to pay €79 per month ($90) on top of their standard Doctolib plan to start accepting remote appointments.

This is a great way to boost the company’s bottom line and also a seamless experience for everyone involved. Practitioners can accept video calls from Doctolib’s interface and patients don’t have to use another service.

Those appointments comply with France’s national healthcare system. Patients get reimbursed just like a normal appointment. But there are some legal restrictions.

In particular, you can’t book a remote appointment and get reimbursed if the doctor doesn’t know you already. So Doctolib only lets you book remote appointments with practitioners you’ve physically seen over the last 12 months. But that feature could still be particularly useful to renew your prescription and other minor medical stuff.