Author: azeeadmin

I have good news! The infamous SS7 networks used by mobile operators to interoperate, e.g.
when you’re roaming — which were built on trust, essentially devoid of security, and permitted rampant fraud, SMS hijacking, eavesdropping, password theft, etc. — are being replaced. Slowly. But I have bad news, too! Which is: the new systems still have gaping holes.

One such was described at the Def Con hacking convention today by Dr. Silke Holtmanns of Nokia Bell Labs. She gave a fascinating-to-geeks-like me summary of how the IPX network, which connected five Scandinavian phone systems in 1991, using the SS7 protocol suite secured entirely by mutual trust, has grown into a massive global “private internet” connecting more than 2,000 companies and other entities. It is this private network-of-networks that lets you fly to another country and use your phone there, among many other services.

The quote which stood out most starkly from her slides regarding IPX was this: “Security awareness only recently started (2014).” That’s … awfully late to start thinking about security for a massive semi-secret global network with indirect access to essentially every phones, connected car, and other mobile/SIM-card enabled device on the planet. He understated grimly.

Still, better later than never, right? A new protocol, called Diameter, is slowly lurching into place, in fits and starts. (Technically the old system used two protocol suites, SS7 and Radius: Diameter is the successor to Radius, but flexible enough that it can and will absorb SS7’s functions too.) Alas, even Diameter has at least one flaw: its so-called “hop-by-hop” routing can be used by an attacker to spoof an endpoint, i.e. to pretend to be a company which they aren’t.

This, combined with the ability to harvest a unique ID number (known as the IMSI) from a phone, with a device such as a Stingray, and the ability to request a re-assessment of a phone’s quality of service and billing information at any point, ultimately means that a capable hacker could upgrade their phone service at your expense … or downgrade your service to e.g. 2G-only, while roaming, if they were feeling more malicious than greedy.

2G-only! The horror! OK, this is a lot better than the long litany of fundamental flaws to which SS7 was vulnerable, but it’s still sad. Worst of all is the list of countermeasures that Dr. Holtmanns suggested. There are long lists of things that companies and operators on the IPX network can do to fix or mitigate this vulnerability; but if you’re a user? All she can recommend is “check your bill” and “keep an eye on the news.”

This is yet another instance of what I call “the trustberg.” When you pick up your phone, because your bank texted you a one-time password, or to text something private, do you even know who you’re trusting to keep your texts and accounts unhacked? The bank itself, and Google or Apple, sure. Whatever Android app handles your texts, maybe. But it turns out this is only the tip of the trustberg.

Power generation and distribution; water and sewers; food processors and grocery trucks; industrial control systems; emergency response systems; microprocessor manufacturers; phone and satellite networks. We assume that somewhere, in some distant room, teams of competent grown-ups are taking care of these systems and making sure they’re safe — right?

Which is why coming to hacker conventions (such as infamous Def Con, from which I write this) is always such a sobering, saddening experience. Two days ago I wrote about satellite communications devices compromised worldwide … mostly because, it turns out, they relied on hard-coded, easily cracked passwords for “security.” Now I’m writing about new, improved security after a decade of catastrophic failures … and it’s still not actually secure. We can hope the even more important infrastructure I listed above is better taken care of … but the more hacker cons I go to, the harder this hope becomes.

Zain Jaffer may be gearing up for a fight to take back control of Vungle, the mobile ad company he founded.

Jaffer was removed from his role as CEO role last fall, following his arrest on charges of assault with a deadly weapon and performing a lewd act on a child.

However, a San Mateo County judge subsequently dismissed the charges. The district attorney’s office released a statement offering more context for the dismissal, saying that they did not believe there was any sexual conduct on the evening in question, and that “the injuries were the result of Mr. Jaffer being in a state of unconsciousness caused by prescription medication.”

So what’s next for Jaffer and Vungle? There are hints in a recent letter from Jaffer’s attorney John Pernick, which was sent to current Vungle CEO Rick Tallman.

TechCrunch has obtained a copy of the letter, which requests access to Vungle’s records, specifically the names and addresses of company shareholders. Pernick’s letter suggests that this could be a prelude to further action (emphasis added):

Mr. Jaffer is considering various options with respect to Vungle and his shares of Vungle. He has considered selling some portion of his Vungle shares. However, he is also considering pursuing a leadership change at Vungle through calling for a shareholders meeting for the purpose of voting on a new board of directors and/or purchasing shares of additional Vungle stock. Communicating with Vungle shareholders with respect to their interest in purchasing or selling Vungle stock or in a change in the board of directors is an entirely proper purpose for Mr. Jaffer’s request to inspect the shareholder information that will enable him to make these communciations.

When TechCrunch contacted Pernick, he confirmed the authenticity of the letter but declined to comment further. A spokesperson for Jaffer also declined to comment, and Vungle did not respond to our inquiries.

As you can see in the quote above, the letter indicates that Jaffer is considering multiple courses of action.

But if he decides to pursue a leadership change at Vungle, either by winning over existing shareholders or by purchasing a controlling stake in the company, it sounds like there are investors willing to back him — for starters, Jun Hong Heng at Crescent Cove Capital Management confirmed that his firm is working with Jaffer.

“We think Zain and Vungle have incredible potential,” Heng said in a statement. “We look forward to working with Zain and giving him the support he needs to help him regain control of his company.”

We also reached out to Anne-Marie Roussel, who recently resigned from Vungle’s board of directors. Roussel said via email that “the Vungle controversy is an interesting proxy for a much larger debate: the fuzziness surrounding ethical conduct in the tech industry.”

She added, “My personal prediction is that boards of tech companies will be held increasingly accountable for the ethics of the key decisions they make.” As for how that applies to Vungle, she said:

How does it reflect on ethical values when a CEO is dismissed based on presumption of guilt?  Don’t we live in a democracy where one of the key legal right is “presumption of innocence” (as in a defendant is innocent until proven guilty). Upholding that principle by collaborating with his defense team was what led to my resignation from Vungle’s board.

Letter to Vungle by TechCrunch on Scribd

Federacy, a member of the Y Combinator Summer 2018 class, has a mission to make bug bounty programs available to even the smallest startup.

Traditionally, bug bounty programs from players like BugCrowd and HackerOne have been geared toward larger organizations. While these certainly have their place, founders William and James Sulinski, who happen to be twins, felt there was a gap in the marketplace, where smaller organizations were being left out of what they considered to be a crucial service. They wanted to make bug bounty programs and the ability to connect without outside researchers much more accessible, so they built Federacy.

“We think that we can make the biggest impact by making the platform free to set up and incredibly simple for even the most resource-strapped startup to extract value. In doing so, we want to expand bug bounties from probably a few hundred companies currently — across BugCrowd, HackerOne, etc. — to a million or more in the long run,” William Sulinski told TechCrunch.

That’s an ambitious long-term goal, but for now, they are just getting started. In fact, the brothers only began building the platform when they arrived at Y Combinator a couple of months ago. Once they built a working product, they started by testing it on the members of their cohort, using knowledgeable friends as security researchers.

They made the service public for the first time just last week on Hacker News and report more than 120 sign-ups already. Their goal is 1,000 sign-ups by year’s end, which William claims would make them the largest bug bounty platform by count out there.

For now, they are vetting every researcher they bring on the platform. While they realize this approach probably won’t be sustainable forever, they want to control access at least for the early days while they build the platform. They plan to be especially attentive to the researchers, recognizing the value they bring to the ecosystem.

“It’s really important to treat researchers with respect and be attentive. These people are incredibly smart and valuable and are often not treated well. A big thing is just being responsive when they have a report,” Sulinski explained.

As for the future, the brothers hope to keep building out the program and developing the platform. One idea they have is getting a fee should a client build a relationship with a particular researcher and want to contract with that individual. They also plan to take a small percentage of each bounty for revenue.

Unlike more typical YC participants, the brothers are a bit older, in their mid-thirties, with more than 20 years of professional experience under their belts. Brother James was director of engineering at MoPub, a mobile ad platform that Twitter acquired for $350 million in 2013. Earlier he helped build infrastructure for drop.io, a file-sharing site that Facebook acquired in 2010. As for William, he was CEO of AccelGolf and Pistol Lake, and founding member and project lead at Shareaholic.

In spite of their broad experience, the brothers have valued the practical advice Y Combinator has provided for them and found the overall atmosphere inspiring. “It’s hard not to be in awe of the incredible things that people have built in this program,” William said.

Federacy, a member of the Y Combinator Summer 2018 class, has a mission to make bug bounty programs available to even the smallest startup.

Traditionally, bug bounty programs from players like BugCrowd and HackerOne have been geared toward larger organizations. While these certainly have their place, founders William and James Sulinski, who happen to be twins, felt there was a gap in the marketplace, where smaller organizations were being left out of what they considered to be a crucial service. They wanted to make bug bounty programs and the ability to connect without outside researchers much more accessible, so they built Federacy.

“We think that we can make the biggest impact by making the platform free to set up and incredibly simple for even the most resource-strapped startup to extract value. In doing so, we want to expand bug bounties from probably a few hundred companies currently — across BugCrowd, HackerOne, etc. — to a million or more in the long run,” William Sulinski told TechCrunch.

That’s an ambitious long-term goal, but for now, they are just getting started. In fact, the brothers only began building the platform when they arrived at Y Combinator a couple of months ago. Once they built a working product, they started by testing it on the members of their cohort, using knowledgeable friends as security researchers.

They made the service public for the first time just last week on Hacker News and report more than 120 sign-ups already. Their goal is 1,000 sign-ups by year’s end, which William claims would make them the largest bug bounty platform by count out there.

For now, they are vetting every researcher they bring on the platform. While they realize this approach probably won’t be sustainable forever, they want to control access at least for the early days while they build the platform. They plan to be especially attentive to the researchers, recognizing the value they bring to the ecosystem.

“It’s really important to treat researchers with respect and be attentive. These people are incredibly smart and valuable and are often not treated well. A big thing is just being responsive when they have a report,” Sulinski explained.

As for the future, the brothers hope to keep building out the program and developing the platform. One idea they have is getting a fee should a client build a relationship with a particular researcher and want to contract with that individual. They also plan to take a small percentage of each bounty for revenue.

Unlike more typical YC participants, the brothers are a bit older, in their mid-thirties, with more than 20 years of professional experience under their belts. Brother James was director of engineering at MoPub, a mobile ad platform that Twitter acquired for $350 million in 2013. Earlier he helped build infrastructure for drop.io, a file-sharing site that Facebook acquired in 2010. As for William, he was CEO of AccelGolf and Pistol Lake, and founding member and project lead at Shareaholic.

In spite of their broad experience, the brothers have valued the practical advice Y Combinator has provided for them and found the overall atmosphere inspiring. “It’s hard not to be in awe of the incredible things that people have built in this program,” William said.

NASA’s ambitious mission to go closer to the Sun than ever before is set to launch in the small hours between Friday and Saturday — at 3:33 AM Eastern from Kennedy Space Center in Florida, to be precise. The Parker Solar Probe, after a handful of gravity assists and preliminary orbits, will enter a stable orbit around the enormous nuclear fireball that gives us all life and sample its radiation from less than 4 million miles away. Believe me, you don’t want to get much closer than that.

If you’re up late tonight (technically tomorrow morning), you can watch the launch live on NASA’s stream.

This is the first mission named after a living researcher, in this case Eugene Parker, who in the ’50s made a number of proposals and theories about the way that stars give off energy. He’s the guy who gave us solar wind, and his research was hugely influential in the study of the sun and other stars — but it’s only now that some of his hypotheses can be tested directly. (Parker himself visited the craft during its construction, and will be at the launch. No doubt he is immensely proud and excited about this whole situation.)

“Directly” means going as close to the sun as technology allows — which leads us to the PSP’s first major innovation: its heat shield, or thermal protection system.

There’s one good thing to be said for the heat near the sun: it’s a dry heat. Because there’s no water vapor or gases in space to heat up, find some shade and you’ll be quite comfortable. So the probe is essentially carrying the most heavy-duty parasol ever created.

It’s a sort of carbon sandwich, with superheated carbon composite on the outside and a carbon foam core. All together it’s less than a foot thick, but it reduces the temperature the probe’s instruments are subjected to from 2,500 degrees Fahrenheit to 85 — actually cooler than it is in much of the U.S. right now.

The car-sized Parker will orbit the sun and constantly rotate itself so the heat shield is facing inward and blocking the brunt of the solar radiation. The instruments mostly sit behind it in a big insulated bundle.

And such instruments! There are three major experiments or instrument sets on the probe.

WISPR (Wide-Field Imager for Parker Solar Probe) is a pair of wide-field telescopes that will watch and image the structure of the corona and solar wind. This is the kind of observation we’ve made before — but never from up close. We generally are seeing these phenomena from the neighborhood of the Earth, nearly 100 million miles away. You can imagine that cutting out 90 million miles of cosmic dust, interfering radiation and other nuisances will produce an amazingly clear picture.

SWEAP (Solar Wind Electrons Alphas and Protons investigation) looks out to the side of the craft to watch the flows of electrons as they are affected by solar wind and other factors. And on the front is the Solar Probe Cup (I suspect this is a reference to the Ray Bradbury story, “Golden Apples of the Sun”), which is exposed to the full strength of the sun’s radiation; a tiny opening allows charged particles in, and by tracking how they pass through a series of charged windows, they can sort them by type and energy.

FIELDS is another that gets the full heat of the sun. Its antennas are the ones sticking out from the sides — they need to in order to directly sample the electric field surrounding the craft. A set of “fluxgate magnetometers,” clearly a made-up name, measure the magnetic field at an incredibly high rate: two million samples per second.

They’re all powered by solar panels, which seems obvious, but actually it’s a difficult proposition to keep the panels from overloading that close to the sun. They hide behind the shield and just peek out at an oblique angle, so only a fraction of the radiation hits them.

Even then, they’ll get so hot that the team needed to implement the first-ever active water cooling system on a spacecraft. Water is pumped through the cells and back behind the shield, where it is cooled by, well, space.

The probe’s mission profile is a complicated one. After escaping the clutches of the Earth, it will swing by Venus, not to get a gravity boost, but “almost like doing a little handbrake turn,” as one official described it. It slows it down and sends it closer to the sun — and it’ll do that seven more times, each time bringing it closer and closer to the sun’s surface, ultimately arriving in a stable orbit 3.83 million miles above the surface — that’s 95 percent of the way from the Earth to the sun.

On the way it will hit a top speed of 430,000 miles per hour, which will make it the fastest spacecraft ever launched.

Parker will make 24 total passes through the corona, and during these times communication with Earth may be interrupted or impractical. If a solar cell is overheating, do you want to wait 20 minutes for a decision from NASA on whether to pull it back? No. This close to the sun even a slight miscalculation results in the reduction of the probe to a cinder, so the team has imbued it with more than the usual autonomy.

It’s covered in sensors in addition to its instruments, and an onboard AI will be empowered to make decisions to rectify anomalies. That sounds worryingly like a HAL 9000 situation, but there are no humans on board to kill, so it’s probably okay.

The mission is scheduled to last seven years, after which time the fuel used to correct the craft’s orbit and orientation is expected to run out. At that point it will continue as long as it can before drift causes it to break apart and, one rather hopes, become part of the sun’s corona itself.

The Parker Solar Probe is scheduled for launch early Saturday morning, and we’ll update this post when it takes off successfully or, as is possible, is delayed until a later date in the launch window.

NASA’s ambitious mission to go closer to the Sun than ever before is set to launch in the small hours between Friday and Saturday — at 3:33 AM Eastern from Kennedy Space Center in Florida, to be precise. The Parker Solar Probe, after a handful of gravity assists and preliminary orbits, will enter a stable orbit around the enormous nuclear fireball that gives us all life and sample its radiation from less than 4 million miles away. Believe me, you don’t want to get much closer than that.

If you’re up late tonight (technically tomorrow morning), you can watch the launch live on NASA’s stream.

This is the first mission named after a living researcher, in this case Eugene Parker, who in the ’50s made a number of proposals and theories about the way that stars give off energy. He’s the guy who gave us solar wind, and his research was hugely influential in the study of the sun and other stars — but it’s only now that some of his hypotheses can be tested directly. (Parker himself visited the craft during its construction, and will be at the launch. No doubt he is immensely proud and excited about this whole situation.)

“Directly” means going as close to the sun as technology allows — which leads us to the PSP’s first major innovation: its heat shield, or thermal protection system.

There’s one good thing to be said for the heat near the sun: it’s a dry heat. Because there’s no water vapor or gases in space to heat up, find some shade and you’ll be quite comfortable. So the probe is essentially carrying the most heavy-duty parasol ever created.

It’s a sort of carbon sandwich, with superheated carbon composite on the outside and a carbon foam core. All together it’s less than a foot thick, but it reduces the temperature the probe’s instruments are subjected to from 2,500 degrees Fahrenheit to 85 — actually cooler than it is in much of the U.S. right now.

The car-sized Parker will orbit the sun and constantly rotate itself so the heat shield is facing inward and blocking the brunt of the solar radiation. The instruments mostly sit behind it in a big insulated bundle.

And such instruments! There are three major experiments or instrument sets on the probe.

WISPR (Wide-Field Imager for Parker Solar Probe) is a pair of wide-field telescopes that will watch and image the structure of the corona and solar wind. This is the kind of observation we’ve made before — but never from up close. We generally are seeing these phenomena from the neighborhood of the Earth, nearly 100 million miles away. You can imagine that cutting out 90 million miles of cosmic dust, interfering radiation and other nuisances will produce an amazingly clear picture.

SWEAP (Solar Wind Electrons Alphas and Protons investigation) looks out to the side of the craft to watch the flows of electrons as they are affected by solar wind and other factors. And on the front is the Solar Probe Cup (I suspect this is a reference to the Ray Bradbury story, “Golden Apples of the Sun”), which is exposed to the full strength of the sun’s radiation; a tiny opening allows charged particles in, and by tracking how they pass through a series of charged windows, they can sort them by type and energy.

FIELDS is another that gets the full heat of the sun. Its antennas are the ones sticking out from the sides — they need to in order to directly sample the electric field surrounding the craft. A set of “fluxgate magnetometers,” clearly a made-up name, measure the magnetic field at an incredibly high rate: two million samples per second.

They’re all powered by solar panels, which seems obvious, but actually it’s a difficult proposition to keep the panels from overloading that close to the sun. They hide behind the shield and just peek out at an oblique angle, so only a fraction of the radiation hits them.

Even then, they’ll get so hot that the team needed to implement the first-ever active water cooling system on a spacecraft. Water is pumped through the cells and back behind the shield, where it is cooled by, well, space.

The probe’s mission profile is a complicated one. After escaping the clutches of the Earth, it will swing by Venus, not to get a gravity boost, but “almost like doing a little handbrake turn,” as one official described it. It slows it down and sends it closer to the sun — and it’ll do that seven more times, each time bringing it closer and closer to the sun’s surface, ultimately arriving in a stable orbit 3.83 million miles above the surface — that’s 95 percent of the way from the Earth to the sun.

On the way it will hit a top speed of 430,000 miles per hour, which will make it the fastest spacecraft ever launched.

Parker will make 24 total passes through the corona, and during these times communication with Earth may be interrupted or impractical. If a solar cell is overheating, do you want to wait 20 minutes for a decision from NASA on whether to pull it back? No. This close to the sun even a slight miscalculation results in the reduction of the probe to a cinder, so the team has imbued it with more than the usual autonomy.

It’s covered in sensors in addition to its instruments, and an onboard AI will be empowered to make decisions to rectify anomalies. That sounds worryingly like a HAL 9000 situation, but there are no humans on board to kill, so it’s probably okay.

The mission is scheduled to last seven years, after which time the fuel used to correct the craft’s orbit and orientation is expected to run out. At that point it will continue as long as it can before drift causes it to break apart and, one rather hopes, become part of the sun’s corona itself.

The Parker Solar Probe is scheduled for launch early Saturday morning, and we’ll update this post when it takes off successfully or, as is possible, is delayed until a later date in the launch window.

Say goodbye to Twitch’s Communities. The game streaming service says it’s soon killing off this still relatively new addition to its site in favor of implementing a tagging system instead. With the changes, users will be able to filter streams by tags within a directory or across different games on the Browse page, in order to better find the sort of streams they want to watch.

The closure of Communities and addition of tags is being planned for mid-September, says Twitch.

Twitch launched Communities just last year, with the goal of better catering to users’ unique interests. For example, different types of gaming, like retro, or different activities, like speedrunning, could then have their own community. There are also communities centered around titles like Fortnite Battle Royale, PUBG, League of Legends, and others, as well as those focused on creative endeavours like music, drawing, cooking, cosplay, and more.

But the system has become less helpful as Twitch itself, the number of streamers and the number of communities grew. Today, there’s a lot of overlap between different Communities or between Communities and games, says Twitch.

This is attributable, in part, to the open nature of Communities – there are many with similar names, and no good way to tell what makes them different from one another at first glance.

“Communities were one solution for giving viewers information to help them decide what to watch, but viewers weren’t able to see that information while browsing within a directory they were interested in,” the company noted in an announcement.

It also found that Communities weren’t driving viewers to watch streams – in fact less than 3% of Twitch viewership was from users who found streams through the Communities feature. That points to a pretty broad failure of Communities serving as a discovery feature.

Twitch now hopes that the implementation of tags will make things better on that front.

The company says it will add tags to the site in mid-September, and these will be used to identify a stream across Twitch’s directory pages, the homepage, search, channel pages, and everywhere else. The main Directory pages and the Browse page will also be able to be filtered by these tags, some of which will be auto-generated.

Twitch says it will automatically add tags like game genres, and some in-game features it can auto-detect – another project it now has in the works. But most of the tags will be selected by the streamer – not user-generated, to be clear, but selected.

Streamers will be able to suggest new tags, however.

The tags will appear alongside the video thumbnail, stream title, and the game or category being streamed.

The change is one that speaks to the limitations of portal-like interfaces being used to access a large amount of information – that is, browsing to a particular section to find things you like, then scrolling through those results takes too much time. It isn’t that helpful in the long run. Tagging lets users filter information, paring down, in this case, a large number of Twitch streams to find just those you like.

That being said, not all Twitch users are happy about the changes. But some are happy about it and others are cautiously optimistic about tagging.

Twitch says tagging will first launch on the web, and the company will then listen to feedback about missing tags before launching the feature on mobile.

The mid-September launch date could change, but is the target for now.

Auxetics are materials that store energy internally rather than bulging out. In this way they can store more energy when squeezed or struck and disperse it more regularly. Historically, however, these materials have had sharp corners that could break easily with enough pressure. Now researchers at Queen Mary University of London and University of Cambridge have discovered a way to use auxetics in a more efficient and less fragile way. In this way you can create systems that store energy and release it mechanically multiple thousands of times.

“The exciting future of new materials designs is that they can start replacing devices and robots. All the smart functionality is embedded in the material, for example the repeated ability to latch onto objects the way eagles latch onto prey, and keep a vice-like grip without spending any more force or effort,” said Queen Marry University’s Dr. Stoyan Smoukov. For example, a robot using this system can close it’s hand over and object and keep it closed until its time to let go. There is no need to continue sending power to the claw or hand until it is time to open up and drop the object.

“A major problem for materials exposed to harsh conditions, such as high temperature, is their expansion. A material could now be designed so its expansion properties continuously vary to match a gradient of temperature farther and closer to a heat source. This way, it will be able to adjust itself naturally to repeated and severe changes,” said Eesha Khare, an undergrad who worked on the project.

The project used 3D printing to make small clips that grab a toothed actuator. To release the energy, you pull on the opposite sides of the object to release the teeth. While the entire thing looks quite simple the fact that this object stores energy without bulging is important. The same technology can be used to “grab” bullets as they strike armor, resulting in better durability.

Facebook is invading the blockchain, but how? Back in May, Facebook formed a cryptocurrency team to explore the possibilities, and today it removed a roadblock to revealing its secret plans.

Former head of Messenger David Marcus, who leads the Facebook Crypto team, today announced he was stepping down from the board of Coinbase, the biggest crypto startup. Marcus was formerly the president of PayPal and helped Facebook Messenger adopt chatbot commerce and peer-to-peer payments, so he was both a natural choice for Coinbase’s board and Facebook’s blockchain skunklabs.

Facebook told CoinDesk this was to avoid the appearance of a conflict of interest, which is exactly what it was. Marcus provided a statement to TechCrunch explaining he was stepping down “because of the new group I’m setting up at Facebook around blockchain,” noting that “Getting to know Brian [Armstrong, CEO of Coinbase], who’s become a friend, and the whole Coinbase leadership team and board has been an immense privilege. I’ve been thoroughly impressed by the talent and execution the team has demonstrated during my tenure, and I wish the team all the success it deserves going forward.”

Now Facebook is cleared to start publicly talking about its plans, though it hasn’t yet. “We are still in the very early stages and we are considering a number of different applications for the blockchain. But we don’t have anything else to share at this time,” a Facebook spokesperson tells me. So what could Facebook be building? I see three main consumer-facing opportunities.

3% off with FaceCoin

Facebook could build a cryptocurrency wallet with its own token that people could use to pay for things with partnered businesses or that they discover through Facebook ads. Because blockchain can make transactions free or very cheap, Facebook and its partners could sidestep the typical credit card processing fees. That would potentially allow Facebook to offer users  “3% off purchases made with FaceCoin” or a similar promotion. 

Discounts like this could draw users into Facebook’s cryptocurrency feature. It’s well-positioned to run such a scheme thanks to its extensive connections with more than six million advertisers and 65 million businesses that have Facebook Pages. The social network could eat the costs of running the program, passing the transaction fee savings on to the users, while touting partnerships with Facebook Crypto as ways to boost sales for businesses. That could in turn get clients to spend more money on Facebook ads, as the discounts would enhance conversion rates and drive sales.

One thing we know for sure is that Facebook won’t be building on the Stellar protocol. Facebook debunked a Business Insider report saying it was, telling TechCrunch it was not in talks with Stellar or planning to build on it.

P2P and micropayments

Facebook already lets you send friends money through Messenger for free, but only with a connected debit card or PayPal account. Facebook could offer cryptocurrency-based payments between friends to let a wider range of users settle debts for shared dinners or taxis through Messenger. Users might fund their Facebook Crypto wallet once with a payment, possibly with a one-time transaction fee, and then they could send and receive the tokens for free from then on. Blockchain becoming the backbone of peer-to-peer payments could further increase engagement with Messenger for its 1.3 billion users.

Meanwhile, Facebook could also potentially use cryptocurrency to let fans send micropayments to their favorite creators, like video stars and game streamers. Facebook recently debuted its own virtual (not crypto) currency, called Facebook Stars, that users can buy and send to creators, who can then cash them out for one cent each. Facebook takes an undisclosed cut, but gives to the creator the majority of what users spend on Stars.

Facebook could potentially undergird this system with cryptocurrency to alleviate transaction fees and let people tip creators smaller amounts of cash for exclusive content or just to show their appreciation. Facebook started with a minimum of $3 tips at a time so that transaction fees wouldn’t be too high of a percentage of the total purchase. A cryptocurrency solution could let users efficiently tip much smaller amounts, which could lure people toward the behavior. The more money Facebook can deliver to internet celebrities, the more popular ones it can recruit to live on its platform and the more content they’ll produce.

Facebook Connect for crypto

A top problem in the world of decentralized blockchain apps is how you bring your identity with you. Securely connecting your wallet, blockchain-based virtual goods and biographical info to new dApps can be a laborious process. Users typically have to type in long, complicated alphanumeric keys that are tough to remember and annoying to input. User experience design around identity in the blockchain space lags far behind what we’re used to with mainstream social apps like Facebook Connect, which uses a OAuth single sign-on to let you instantly join apps without creating a new username and password, or filling out a profile and uploading a photo.

Facebook could use its expertise in operating a popular identity platform to ease login to dApps. While the company has faced plenty of privacy issues and attacks on election integrity, Facebook has a strong record of not being traditionally hacked. It hasn’t suffered a massive user data breach like LinkedIn, Twitter and other social networks. Using an overtly centralized identity system to connect with decentralized apps might be counterintuitive, but Facebook could deliver the UX convenience necessary to unlock a new wave of blockchain utility.

For now it’s unclear if Facebook will end up directly competing with Coinbase in the exchange and wallet space, or if it might instead partner with the blockchain mainstay to accelerate its efforts. And on the enterprise engineering side, Facebook could build some decentralized storage infrastructure to cut its massive server bills. But with deep pockets, tons of tech talent and ubiquity amongsts social networkers and businesses, Facebook Crypto’s primary limits are its ambitions and the extent of user trust.

We’re going all out for this year’s TechCrunch Disrupt SF (September 5-7), which means more fantastic content, more of the most influential startup and tech leaders and tons of networking. As such, we are expanding our TC Include program at Disrupt SF and partnering with #BUILTBYGIRLS to host an engaging day full of interactive programming for even more students who are interested in tech and entrepreneurship. In the past we’ve worked with organizations like BUILD.org, Network for Teaching Entrepreneurship (NFTE), the Academy for Software Engineering, NYC Foundation for Computer Science Education, The Young Women’s Leadership Schools of the Bronx & Astoria, Red Hook Initiative, Mission Bit, The Urban Assembly Maker Academy and The Girls’ Network to bring small groups of students to Disrupt.

This year we are inviting up to 200 young women ages 15-22 to participate in our day-long TC Include program at Disrupt SF on Friday, September 7. Just like in past programs, students will get to have a Q&A session with a Disrupt SF speaker, go on a tour of Startup Alley with a TechCrunch staffer and have some free time to check out all of the great talks, workshops and other content that will be happening throughout Moscone West.

On top of that, #BUILTBYGIRLS is giving students an exclusive opportunity to meet and interact with several established leaders in tech through a small-scale version of WAVE, 1:1 matching platform. #BUILTBYGIRLS WAVE connects high school and college girls interested in pursuing tech careers with expert professionals working for top tech companies across the country. Advisors meet these girls monthly, sharing their career journey and expertise to give young women the exposure, skills and network they need to land their dream job.

At Disrupt, students will get a mini version of WAVE, meeting 1:1 with Silicon Valley’s top tech talent, receiving direct access to professionals who will help build upon their knowledge of the limitless opportunities for a career in tech.

To be eligible to participate as a student, you must be between ages 15-22. Anyone aged 15-17 will also be required to provide a signed permission form from your legal guardian prior to participating in the event. You do not need to be a young woman to participate in the TC Include program at Disrupt SF, but please note that the #BUILTBYGIRLS WAVE portion will only be available for young women and gender non-binary students to participate. Apply to participate as a student today.

If you are interested in possibly participating as a WAVE Advisor, you can apply here.

We hope to see you at Disrupt SF. If you have any questions, feel free to email us at include@techcrunch.com.