Author: azeeadmin

Senator Mark Warner has issued a stern reprimand to Facebook over today’s revelation that 50 million users had their access token stolen by a hacker. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users” Warner writes. As I’ve said before – the era of the Wild West in social media is over.”

The breach saw sophisticated hackers combine three Facebook bugs in its video uploader, user profile, and “view as” privacy feature to generate and steal the access tokens that allow users to stay logged into Facebook between sessions. These could be used to take over user accounts and take actions on their behalf. Facebook reset the access tokens of the 50 million users impacted and another 40 million who’d had their accounts viewed through the “view as” tool this year, which means they’ll have to log back into Facebook but won’t need to change their password.

The bugs stem from code pushed back in July, but Facebook only discovered the issue Tuesday afternoon as the hackers tried to scale up the attack to steal more tokens. Facebook patched the issue last night and this morning announced it was investigating, though it currently doesn’t have enough information to determine the source of the attack.. It’s already notifed the FBI, as well as the Irish Data Protection office since the breach has GDPR implications. On a call with reporters, CEO Mark Zuckerberg repeatedly called the problem “serious”. But beyond recounting the steps Facebook is taking to address this breach, he didn’t have a good answer for why users should still trust Facebook with their data.

Always quick to pounce on privacy issues, Warner has become one of the strongeest Democratic critics of the social network. He’s seemingly inherited the position of tech watchdog from former-Senator Al Franken.

The full statement can be found below:

STATEMENT OF U.S. SEN. MARK R. WARNER

~ On Facebook hack ~ 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the announcement by Facebook that it discovered a security issue affecting almost 50 million accounts:

“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened.

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”

To kick start the debate around social media legislation, Sen. Warner in July released a white paper containing a suite of potential policy proposals for the regulation of social media.

Remember phone reveals? Once upon a time, companies were able to save a little for the event. These days, however, we nearly always know exactly what we’re getting ourselves into. Due to be announced next month, the second iteration of Razer’s gaming-centric handset is no different.

Bits and pieces of the forthcoming phone have already surfaced, but today’s latest leaks give us the clearest picture thus far. From an aesthetic standpoint, not a lot has changed. From the front, new Razer Phone 2 looks virtually identical to last year’s model, retaining the boxy design.

The back of the handset has been tweaked a bit, with a shifted logo, now in a neon green, in keeping with the rest of Razer’s products. The company appears to have borrowed the Chroma lighting effects here, meaning that the logo should light up when in use. The rear-facing camera has shifted down a bit, as well.

Beyond this, we don’t know a ton about the phone — but have no fear, there’s still time. The handset is set for an official launch on October 10, which leaves us with a week and a half left to leak.

Blok.Party, the company that built the upcoming PlayTable game console, announced today it raised $10 million in new funding. It’s also unveiling a big content partnership, where Blok.Party will create its own version of the popular board game Settlers of Catan.

I first wrote about Blok.Party and PlayTable earlier this year, when co-founder and CEO Jimmy Chen first laid out his vision to use blockchain technology to build a console that can recognize real-world objects (like figurines and cards), creating a hybrid between tabletop and video gaming.

The idea may have sounded a little abstract at the time, but it got a lot clearer when Chen dropped by the TechCrunch New York office to play a couple rounds of Catan with me.

I’ll admit that I hadn’t played in a while, but it was clear from the start that PlayTable saved us some setup time — instead of putting all the pieces of the physical board together, you play on a digital representation of the board. Most of the pieces are digitized too, and we used and traded our cards using smartphones. But there is a physical “robber” piece, because Chen said this allows the robber’s movement to remain “a very visceral experience … that a digital version can’t ever capture.”

It may not be too long before you get to try this out for yourself, at least if you’re among the 10,000 pre-orders Blok.Party has received so far. Chen said the company will start shipping its first devices this fall.

He added that Catan, like many of the other games built for PlayTable, will be priced at around $20.

“For us, it’s not about trying to compete based on price,” Chen said. “We’re trying to compete based on experience.”

The new funding comes from crypto fund JRR Capital and other investors. Chen said the company will use the money to continue scaling the product, including further software development and building out the library of games.

At the same time, he emphasized that although Blok.Party is manufacturing the initial devices, his vision is to achieve real scale through partnerships with hardware manufacturers, who will build their own PlayTable consoles. Apparently, some of those discussions are already underway.

“Our strategy is to always have [our own] hardware program running to continually do research,” Chen said. “What I’ve discovered is that keeping a hardware program running is not that expensive. The expensive part is when you try to scale the program.”

Facebook has said 50 million user accounts may be at risk after hackers exploited a security vulnerability on the site.

The company said in a blog post Friday that it discovered the bug earlier in the week. The bug is part of the site’s “View As” feature that lets a user see their profile as someone else. Facebook has switched off the “View As” feature in the meantime while it investigates the bug further.

The bug allowed hackers to obtain account access tokens, which are used to keep users logged in when they enter their username and password. Stolen tokens can allow hackers to break into accounts.

Facebook said that it’s reset access tokens of all users affected, as well as an additional 40 million accounts out of an abundance of caution. That means some 90 million users will have been logged out of their account — either on their phone or computer — in the past day.

Facebook also said that users will be notified of the security incident once they log back in through a notification in their News Feed.

“We have yet to determine whether these accounts were misused or any information accessed,” said Guy Rosen, Facebook’s vice president of product management. “We also don’t know who’s behind these attacks or where they’re based.”

Rosen said that Facebook spotted the attack because the hackers were automating their attack on a “large scale.”

Chief executive Mark Zuckerberg said in a call with reporters that the company doesn’t know if any accounts have been improperly accessed, though he said that the attackers tried to access account information by querying its developer APIs, which Facebook locked down last night.

“So far our initial investigation has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts,” Zuckerberg told reporters. “But this, of course, may change as we learn more. The attackers used our APIs to access profile information fields like name, gender hometown, etc. But we do not yet know if any private information was accessed that way,” he said. 

Facebook has contacted law enforcement, the blog post said. Specifically, the FBI is investigating, the company clarified on the call. Because users in Europe are also affected, the company said it has informed data protection authorities in Ireland — where the company’s European headquarters are located.

“If we find more affected accounts, we will immediately reset their access tokens,” said Rosen. “This is a breach of trust and we take this very seriously.”

“I’m glad that we that we found this and that we were able to fix the vulnerability and secure accounts,” Zuckerberg said. “But it definitely is an issue that this happened in the first place. And I think this underscores the attacks that that our community and our service face, and the need to keep on investing heavily in security and being more proactive about protecting our community. And we’re certainly committed to doing that,” he added.

The attacks on Facebook have forced the company to rethink its overall development process. It has gone from a “move fast and break things” mentality to one of a slower and more cautious approach.

The company also noted this year, it’s going from 10,000 to 20,000 people working on safety and security.

The social network has 2.2 billion monthly active users as of its second quarter earnings.

Facebook has been without a chief security officer since the departure of Alex Stamos in August. The social network retired the position after Stamos left.

“Slack is down.” It’s a headline we have had blaring at TechCrunch on numerous occasions (mostly because we actually get work done when not distracted by a constant waterfall of GIFs). But Slack is not alone — issues with uptime and reliability plague modern web services, from Alexa to WhatsApp to Apple Maps.

As any software engineer can atest, web application development is extraordinarily complicated. Databases, storage services, and business logic all need to work together perfectly so that users can buy their goods or watch their films.

But what happens when one piece of that application breaks down? Today, a small outage in one AWS availability zone could cascade and knock an entire service offline, as we have seen repeatedly. Today’s developer tools are decent at spotting bugs and other logic errors, but they don’t investigate applications systematically to ask how they can respond to various crises.

That’s where Gremlin comes in. The service, founded by CEO Kolton Andrus, who designed Netflix’s failure injection service and worked with CTO Matthew Fornaciari while at Amazon, is designed to throw a monkey wrench into any application, simulating faults like storage errors, database congestion, and sudden spikes in latency. It’s tagline is “break things on purpose” (something of a rift of Facebook’s “move fast and break things”).

Resiliency is clearly on investors’ minds, since the startup announced this morning at its Chaos Conf in SF that it has raised a $18 million Series B round led by Redpoint partner Tomasz Tunguz. That’s a follow-up to a $7.5 million series A led by Index Ventures partner Mike Volpi, which was announced less than a year ago.

In addition to announcing the funding today, the company unveiled its “Application Level Fault Injection” system — a mouthful of a name, but a feature that will help DevOps engineers test systems at the application level, including most importantly serverless environments.

Andrus said in a note to TechCrunch that “This past year has been a whirlwind. We spent a lot of time educating everyone from engineers to CIOs about chaos engineering and building up the community.” He said the new funding will be used to further build out Gremlin’s engineering team.

As I wrote about in-depth a few months ago, Gremlin is pioneering a field of software development dubbed “chaos engineering.” Rather than using formal verification to test whether code is accurate and performant, chaos engineers throw deliberate and systematic errors at an application in an attempt to simulate various types of failure and find brittle parts of software programs.

That sounds easy on the surface, but extremely complicated in practice: you want to simulate an outage without actually creating an outage on a mission-critical system. Netflix wants to test whether losing a database will cause video to stop playing, without physically pulling the plug on a database and seeing if your movie is still on the TV.

Gremlin’s platform provides something of a sandbox for engineers to slowly ramp up errors, and then more importantly, ramp down errors if a breakage is detected. So a DevOps engineer can add a few milliseconds of latency to a program and see how it responds, and then add a few more.

With the rise of serverless services like AWS Lambda, the complexity around applications gets even more challenging. Now, applications aren’t just on a single instance, but individual functions could be scattered across multiple instances and potentially multiple data centers. That can save developer time and reduce costs, but it also exponentially increases the risk of something going wrong and harming an application’s reliability.

Gremlin’s new ALFI feature is designed to allow more fine-grain tuning of attacks, so that DevOps engineers can target just particular aspects of an application living in a serverless environment. It’s inspired by Andrus’ work at Netflix around Failure Injection Testing, which was a sort of successor to the company’s earlier Chaos Monkey tools.

Gremlin’s ALFI feature allows developers to simulate more fine-grained failures.

It’s these sorts of features that partly intrigued Tunguz at Redpoint, who is well-known for his thoughts on SaaS. He said in a note to TechCrunch that “In the modern cloud era — where systems are distributed, containerized, and highly ephemeral — it’s become nearly impossible to have a complete understanding of system behavior without doing the kind of proactive testing Gremlin offers.”

Gremlin’s work is to not just sell a service, but to reshape how developers think about building and testing applications. Perhaps someday all of our web services will be reliable – and then how will we get work done?

Spotify has ended a test that required its family plan subscribers to verify their location, or risk losing accessing to its music streaming service. According to recent reports, the company sent out emails to its “Premium for Family” customers that asked them to confirm their locations using GPS. The idea here is that some customers may have been sharing Family Plans, even though they’re not related, as a means of paying less for Spotify by splitting the plan’s support for multiple users. And Spotify wanted to bust them.

Spiegel Online and Quartz first reported this news on Thursday.

Of course, as these reports pointed out, asking users to confirm a GPS location is a poor means of verification. Families often have members who live or work outside the home — they may live abroad, have divorced or separated parents, have kids in college, travel for work or any other number of reasons.

But technically, these sorts of situations are prohibited by Spotify’s family plan terms — the rules require all members to share a physical address. That rule hadn’t really been as strictly enforced before, so many didn’t realize they had broken it when they added members who don’t live at home.

Customers were also uncomfortable with how Spotify wanted to verify their location — instead of entering a mailing address for the main account, for instance, they were asked for their exact (GPS) location.

The emails also threatened that failure to verify the account this way could cause them to lose access to the service.

Family plans are often abused by those who use them as a loophole for paying full price. For example, a few years ago, Amazon decided to cut down on Prime members sharing their benefits, because they found these were being broadly shared outside immediate families. In its case, it limited sharing to two adults who could both authorize and use the payment cards on file, and allowed them to create other, more limited profiles for the kids.

Spotify could have done something similar. It could have asked Family Plan adult subscribers to re-enter their payment card information to confirm their account, or it could have designated select slots for child members with a different set of privileges to make sharing less appealing.

Maybe it will now reconsider how verification works, given the customer backlash.

We understand the verification emails were only a small-scale test of a new system, not something Spotify is rolling out to all users. The emails were sent out in only four of Spotify’s markets, including the U.S.

And the test only ran for a short time before Spotify shut it down.

Reached for comment, a Spotify spokesperson confirmed this, saying:

“Spotify is currently testing improvements to the user experience of Premium for Family with small user groups in select markets. We are always testing new products and experiences at Spotify, but have no further news to share regarding this particular feature test at this time.”

Holy smokes, TC Sessions: AR/VR 2018 is less than a month away, and it’s going to be an epic, day-long event. But listen up tech fans, the following reality is neither augmented nor virtual: our $99 early-bird ticket price — a 50 percent savings — ends today. If you want to join us in Los Angeles on October 18 at the lowest possible price, buy your ticket here today.

We’re also offering a special discount to students. You can buy your $45 ticket right here.

Looking to save even more money? Simply tweet your attendance through our ticketing platform, and you’ll save an extra 25 percent — for early-bird tickets — and 15 percent for student tickets.

What can you expect at TC Sessions: AR/VR 2018? An excellent question! We partnered with UCLA’s Anderson Venture Accelerator for a program-packed day featuring some of the world’s brightest minds in AR/VR. You’ll have ample opportunity for hands-on demos, deep-dive conversations, in-depth workshops — and time to network with influential, ground-breaking leaders in all realities augmented and virtual.

Here’s just a quick sampling of our speakers: Parham Aarabi, founder and CEO of ModiFace; Adam Arrigo, co-founder and CEO of TheWaveVR; and Cyan Banister, a partner at Founders Fund.

We have great presentations on tap, too. Hear Ashley Crowder (VNTANA), Shawn Frayne (Looking Glass Factory) and Brett Jones (Lightform) talk about using holograms to replace expensive headsets.

AR and VR — it’s not all fun and games. Derek Belch (STRIVR), Clorama Dorvilias (DebiasVR) and Morgan Mercer (Vantage Point) will talk about ways business can use the technologies to train employees.

Greg Castle (Anorak Ventures) and Peter Rojas (Betaworks) will discuss how early-stage investors have changed their approach to funding new talent and suggest ways founders can grab their attention.

That’s just a taste of what industry leaders, content creators and game changers will present. Take a gander at the full agenda.

Join us October 18 in Los Angeles at TechCrunch Sessions: AR/VR for an incredible gathering of the augmented and virtual reality community. Our early-bird pricing ends today, so get real and buy your ticket today.

Google’s in a tough spot with Wear OS. It’s been four and half years since the operating system arrived as Android Wear, and while plenty of manufacturers have tried their hand at devices, the operating system has failed to make a large dent on the smart watch category. Apple continues to dominate the space, while top competitors Samsung and Fitbit have opted to go in-house with their operating systems.

In February, Android Wear got a modest 2.0 update, and the following month, the operating system got a full on rebrand. “We’re now Wear OS by Google, a wearables operating system for everyone,” the company said at the time. Even with all of that movement over the past year, Wear OS is still in need of an upgrade. By a number of early accounts, the 2.1 update, which is starting to roll out to user, is a strong step in that direction.

This latest version brings new swipe gestures, prioritizing notifications, settings, Google Fit and Assistant. Those last two are also getting some key upgrades, helping bring the company’s health and AI offerings up to speed with the competition.

While the smartwatch play has appeared fairly stagnant at times, it’s important to remember as Android celebrates its 10th anniversary, that the smartphone OS wasn’t exactly a rousing success out of the gate. In the meantime, Apple, Fitbit and the like have proven that smartwatches do have some staying power, and once again analysts are bullish on the category.

Earlier this month, meanwhile, Qualcomm reaffirmed its commitment to Wear OS by showcasing its chip architecture promising extended battery life. It seems as if enough players are involved and hopeful in Wear OS to keep it going, but there’s still a lot of work to be done if it’s going to break out of the looming shadow of the Apple Watch.

Back in July, TechCrunch held a sold-out event focusing on Blockchain and we want to see those startups at Disrupt this year! On 29-30 November thousands of attendees will descend on Berlin, and what better way to get your blockchain business in front of them than to exhibit in Startup Alley?

Oh wait, we know a better way — apply to be a TechCrunch Top Pick and exhibit at Disrupt Berlin for FREE! Our highly discerning editors will review every application and choose up to five of the absolute best early-stage blockchain startups. Each TC Top Pick receives one free Startup Alley Exhibitor Package along with prime real estate in Startup Alley where they can strut their stuff in front of influential technologists and investors, potential collaborators and customers. It’s an opportunity you can’t afford to miss, so don’t wait — apply before the 28 September deadline.

Here’s what you get with a Startup Alley Exhibitor Package:

• One-day exhibit space
• Three Disrupt Berlin Founder Passes
• Access to CrunchMatch (our free investor-to-startup matching platform)
• Access to the Disrupt press list
• A chance to be selected as one of the Startup Battlefield Wild Card companies (and you might even compete in our $50,000 startup-pitch competition)

You’ll also have the opportunity to hear some of Europe’s blockchain movers and shakers speak from the Main Stage. People like Vinay Gupta, founder of Mattererum and Kaidi Ruusalepp, founder and CEO of Funderbeam.

Disrupt Berlin 2018 takes place on 29-30 November. If you want a shot at being one of the blockchain TC Top Picks and exhibiting for free in Startup Alley, then apply here before 28 Sept. We can’t wait to see you in Berlin!

In the second quarter, the adoption of smart speakers – like Amazon Echo and Google Home devices – grew to 24% in the U.S., up from 22% the prior quarter, according to new data from Nielsen, released this week. The measurement firm took a look at how consumers were using their speakers, when, as well as how many were buying multiple devices.

The firm found that 4 out of 10 smart speaker owners have more than one device – a sizable percentage that points to consumers finding enough value in their first device to add more throughout the home.

The living room is the most popular location for smart speaker placement (63%), followed by the bedroom (35%), and then the kitchen (28%).

This is not surprising, given that the primary use case for the devices is music streaming, with 90% of smart speaker owners saying that stream music at least once per week.

Searching for real-time information like weather or traffic, followed by searches for historical facts were the next most popular activities, at 81% and 75%, respectively. News was tied for fourth place, with 68% listening in a typical week.

68% also said they chatted with their assistant for fun and used alarms and timers.

That so many people are chatting with their smart assistants, like Alexa and Google Assistant, in a more playful capacity is worth noting here. It’s not enough for these voice platforms to be good and finding and retrieving information and taking actions, they have to do that with some personality, too. Amazon has even gone so far as to give Alexa her own opinions on things like pets, beer, movies, colors, and more, which change from time to time.

Smart speakers are also acting as a bit of an extension of our mobile devices, the report said. Nielsen found that consumers were syncing data from their phones to the voice-based devices for things like audio streaming (53%) and shopping apps (52%), and more. This latter figure seems to indicate that many are, in fact, using their smart devices for shopping-related activities, despite earlier reports that downplayed shopping’s connection with smart speaker devices.

A recent report from The Information, citing leaked Amazon data, claimed that consumers were not making purchases through Echo devices. However, it seems that consumers are taking a first step towards purchase – list making – through Alexa. When the sale later goes through, however, it’s on the web, mobile web, or in the native app, not directly from the speaker. Whether or not that’s actually impacting sales, or just offering consumers a different way to create their purchase reminders, still remains to be seen. But there is a connection between the devices and the shopping app, this data shows.

Consumers were also found to use their smart speakers more often on weekends, and in the afternoons increasing as it got later in the evening, the survey said.

Also notable is that consumer sentiment towards their smart speakers is highly positive.

75% said they’d like to learn how to do more with the devices, and 72% said they would recommend them or purchase them as a gift for family and friends.

The data in the report comes from a new Nielsen consumer tracking survey called MediaTech Trender, which aims to understand consumer sentiment and behavior around emerging technologies, like smart speakers, VR, and other platforms. This particular survey was conducted among 2,000 U.S. consumers, and will continue to be done on a quarterly basis.