Category: UNCATEGORIZED

Nearly 60% of the over 700,000 jobs lost in the first wave of pandemic layoffs were jobs held by women, according to data from the Institute for Women’s Policy Research. But women in search of a new job often have different requirements for employers, compared with their male counterparts. Beyond the usual concerns around hours, salaries, and benefits, women often want to know about a company’s culture, policies around work-life balance, child care, mentorship, growth opportunities and other factors. That’s where InHerSight’s new mobile app for women job seekers aims to help.

The InHerSight platform, first launched in 2015, is something of a Glassdoor for women job seekers. Here, women anonymously rate their workplaces, which allows the company to collect data on 16 key metrics that often matter more to working women.

This includes flexible work hours, maternity and adoptive leave, child care, availability of lactation rooms, salary satisfaction, mentoring, management opportunities for women, and female representation in leadership positions.

Women can then use this database to research companies and find jobs that better support their own career goals — as well as avoid those that do not.

To date, the company says women have anonymously rated over 100,000 companies on its platform. Last year, it matched users to over 3 million open positions and now expects this number to grow significantly due to the current unemployment levels.

The new InHerSight mobile app will do more than offer job matches, however. It’s a more comprehensive experience.

When logged in with a free, anonymous account, women can set their goal for job seeking. This can be something as simple as “Get Hired,” or a more nuanced condition, like “Find Balance.” They then input career and job search data like experience, job title, company culture, and benefit “must-haves.”

InHerSight will curate the experience from there to cater to the user’s particular needs.

On the app’s home feed, job seekers will gain access to articles, podcasts, music, stats and other tidbits curated based on their personal interests and goals. This content will refresh daily, InHerSight says.

Women can also anonymously take polls and ask questions in the InHerSight community, which is also accessible through the app.

And based on the criteria provided, the app will send users up to 10 new job matches per day for companies that are hiring.

“We’re excited to provide women with such a tailored job search tool and resource for navigating their careers,” said InHerSight co-founder and CEO Ursula Mead, about the app’s launch. “We believe strongly at InHerSight that every woman’s career path is different, and we want to give them the power and insight they need to pursue jobs at companies they love.”

Despite the massive unemployment caused by the COVID-19 pandemic, some employers are still hiring. The tech giants in particular continue to be talent-hungry, even as smaller startups trim staff and freeze hiring. Others in e-commerce, including Walmart, Amazon and grocery delivery providers like Instacart, are rapidly expanding their workforce.

InHerSight, however, doesn’t really focus on finding your next gig, but rather the next step in your career. To date, its platform has been used by employers including government agencies and household names like Amazon, Google, Coca-Cola, Walmart, and Microsoft.

The N.C. Triangle-area company is backed by $5 million from investors including Motley Fool Ventures, GrowthX, and Carolina Angel Network, among others. Its customers are the employers looking to recruit female talent. Though InHerSight didn’t provide specifics, it claims high retention about its customer base due to its ability to prequalify their job offers for women across key aspects of company culture.

“Our hope is that women using the app after being laid off or while furloughed can jumpstart their search using the tools we’ve provided,” said Mead, of the new app. “Of course, we want women who need jobs to find them as fast as possible, but we also want to return to them that sense of control over their careers,” she added.

The new InHerSight app is available as a free download on iOS and Android.

With COVID-19 infections climbing in the U.S., officials are desperate for ways to track and control the spread, especially with limited testing available.

Google and Apple announced a joint effort last Friday to create a voluntary anonymous contact tracing network enabled by Android and iOS that would monitor the spread of infections by keeping track of people who are infected and those with whom they come into contact. People would download mobile apps from public health officials that would notify them if they had come into close proximity with infected people who also are using the network. The system would use Bluetooth Low Energy (BLE) transmissions, rather than GPS, so the location would not be tracked, and the tracking data would be stored on the phone and not in a centralized database — all of which will help maintain the privacy of participants.

However, there are numerous other COVID-19 mitigation efforts that are not as privacy-friendly because they employ location tracking and, most likely, central data storage.

Google announced it will release “Community Mobility Reports” that show trends over time by geography based on anonymized aggregated data from phones of people who have turned on the Location History setting. Facebook and other companies are providing to epidemiologists from around the world anonymized, aggregated data from mobile phones as part of the COVID-19 Mobility Data Network.

And the Centers for Disease Control (CDC) is tracking the anonymized movements of American citizens based on location data from mobile advertising companies. While privacy advocates consider these sort of tracking mechanisms to be invasive and unsettling, this data does help to reveal the public spaces still drawing crowds and guide subsequent policy decisions, but it raises concerns.

While I applaud government efforts to more effectively stop the spread of infections, there needs to be specific conditions and limitations on how this data is used, or we as a nation will face serious consequences. The government must mobilize to combat this invisible enemy, but we must also have parameters for how data is protected and used. Specifically, we need five guarantees.

Temporality

The PATRIOT Act, passed just six weeks after 9/11, gave the government unprecedented power to spy on American citizens. This may have made sense at the time, but the government continues to vacuum up millions of phone calls and text messages to this day. If companies like Google and Facebook are willing to share data with the government, there needs to be a clear and defined period as to the time span of the sharing and the retention period of that shared data.

Civil liberties

Following the September 11th attacks, law enforcement departments like the NYPD conducted illegal surveillance activities of the local Muslim population. That program has been compared to the Japanese-American internment camps of World War II and the FBI’s surveillance of African Americans who opposed segregation in the civil rights movement.

We must not allow this current pandemic to become another example of civil liberties falling by the wayside. The data being shared to protect us now cannot be used for surveillance or discrimination tactics, now or in the future.

Transparency

Any company that shares sensitive data with the government, such as location data, must be required to provide timely and fulsome transparency reports that are easy for the public to interpret.

Limited use and purpose specification

The OECD’s Fair Information Practice Principles (FIPPs) state that personal data should not be used for any purpose beyond the specified purpose of the data processing activity. We’ve witnessed numerous media exposés and regulatory actions against companies sharing location data for secondary purposes. In this case, location data collected and used to limit the spread of the virus should only be used for that specific purpose.

Data security

The government’s well-meaning intentions to protect citizens does not automatically mean it will secure their sensitive data. If anything, there will likely be an uptick in cybercrime during the pandemic. The government owes it to its citizens to ensure the appropriate administrative, technical and physical safeguards are in place.

As U.S. officials explore their options, it’s unclear what lessons from history or types of data protections, if any, are actually being discussed. We can only go on what we’ve heard from news reports: Palantir, the data mining company that uses War on Terror tools to track Americans, is in talks with the CDC to do data collection related to disease tracking.

Facial recognition company Clearview AI, which has been harshly criticized for selling its software to law enforcement, private companies and authoritarian regimes, is talking to state agencies about using its data-driven insights to track infections. Unacast has been giving local counties social-distancing grades based on citizens’ location data.

Let freedom ring

The U.S. does need to find a practical path forward. There are actually several different types of location data collected, used and shared by a variety of different commercial entities — so it would be best to first determine which data is most valuable and who are the key  partners. Doctors, researchers, academics, ethicists and legal experts should be actively included in conversations with these tech companies.

In addition, privacy preserving techniques must be used when sharing location data. The Apple-Google joint effort is the latest; others include Private Kit: Safe Paths and MIT’s SafeTrace platform, which also allow users to voluntarily share data through means that are anonymized, decentralized and encrypted.

The challenge here is that it’s difficult to actually guarantee that anonymized data (data that has no chance of identifying a person) is truly anonymous, without being subject to additional contractual, technical and administrative controls. And platforms that rely on users voluntarily submitting their location and health status could end up with a low adoption rate, leading to skewed and inaccurate results.

Should it then be left up to our government to mandate all American citizens with a smartphone share their location data in the name of public health? Whatever happens, now, more than ever, it’s imperative that our local, state and federal authorities take into account the various data sharing proposals in a manner that puts the American citizen first.

In a message posted to its internal communications channel earlier this week, the massive startup accelerator Y Combinator said it will change the terms of its own PPP (the YC pro rata investment program) and investing in companies raising seed and Series A rounds on a case-by-case basis.

The company began a policy of investing in every seed and Series A round for its portfolio companies back in 2015.

Since then, it has taken a 7% stake in every company which raised a priced seed and Series A round, investing in over 300 Y Combinator companies over nearly 500 rounds.

Under its new policy, the accelerator is reducing its investment size from 7 percent to 4 percent and is only investing on a case-by-case basis going forward.

The reason for the change is that the number of companies in its portfolio has gotten too large for it to invest and some of the limited partners who back the accelerator’s operations are balking at making commitments to the pro rata investment program.

“We have significantly exceeded the funds we raised for pro ratas, and the investors who support YC do not have the appetite to fund the pro rata program at the same scale,” the accelerator wrote in a post seen by TechCrunch . “In addition, processing hundreds of follow-on rounds per year has created significant operational complexities for YC that we did not anticipate. Said simply, investing in every round for every YC company requires more capital than we want to raise and manage. We always tell startups to stay small and manage their budgets carefully. In this instance, we failed to follow our own advice.”

For entrepreneurs who take investments from the accelerator, the change is pretty significant. On the accelerator’s internal messaging board they worried about the potential optics of having the accelerator not make a follow-on commitment.

YC addressed those concerns by saying it would not make an investment decision until a company had already received an initial term sheet from a lead investor.

The new changes will take effect on May 8, 2020, the investor said.

“In the future, we will no longer invest automatically in every priced seed and Series A/B round. Instead, we will exercise pro rata rights on a case-by-case basis, like other investors on your cap table,” the accelerator wrote. “We’ve heard your feedback that YC’s pro rata allocation is bigger than what some of you would prefer. So for those investments we do make, we will reduce the size of our pro rata and simplify its calculation to be a flat 4% participation right in each priced round. To calculate the size of YC’s pro rata investment in your round, simply multiply the amount of capital you are raising by 4%. If our ownership right before the round is less than 4%, we will cap our investment in the round at our then-current ownership. Our intention is not to have a super pro-rata right.”

Even with the reduced investment size, YC said it would only make investments in roughly one-third of its portfolio.

“The YC Continuity team will manage these investment decisions and will work very hard to inform you within a day or two of receiving your materials,” the accelerator wrote. “We will honor any pending pro rata investments for term sheets signed before May 8. But we wanted to communicate this message broadly so that founders can plan accordingly.”

Starting tomorrow 777 supermarkets in California, Illinois, Indiana, and Iowa, and Nevada will begin stocking the Impossible Foods plant-based meat substitute.

Fueling the increased distribution and a push to expand its product suite and geographic footprint domestically and internationally is a $500 million round of funding the company closed in March.

Some of that money is supporting the company’s debut at stores like Albertsons, Jewel-Osco, Pavilions, Safeway and Vons.

In all, the company said it would be on nearly 1,000 grocery stores by tomorrow. That includes all Albertsons, Vons, Pavilions and Gelson’s Markets in Southern California; all Safeway stores in Northern California and Nevada; Jewel-Osco stores in Chicago, eastern Iowa and northwest Indiana; Wegmans stores on the East Coast and Fairway markets in and around New York.

Since its debut in September, the company said it was the number one item sold at the locations it was available on the East and West coasts.

The company’s 12-ounce packages are sold for somewhere between $8.99 and $9.99 and it plans to soon introduce the Impossible Burger at even more stores nationwide.

“We’ve always planned on a dramatic surge in retail for 2020 — but with more and more Americans’ eating at home, we’ve received requests from retailers and consumers alike,” said Impossible Foods’ President Dennis Woodside, in a statement. “Our existing retail partners have achieved record sales of Impossible Burger in recent weeks, and we are moving as quickly as possible to expand with retailers nationwide.”

Even as the company announced its expansion, it made moves to assuage any consumer concerns over the processes in place at its manufacturing facilities.

Impossible Foods said it had instituted mandatory work from home policies for all of its employees who can telecommute; restricted visitors to its facilities and those operated by co-manufacturers; banned all work-related travel; and implemented new sanitizing and disinfection procedures at its workplaces.

“Our No. 1 priority is the safety of our employees, customers and consumers,” Woodside said. “And we recognize our responsibility for the welfare of our community, including the entire San Francisco Bay Area, our global supplier and customer network, millions of customers, and billions of people who are relying on food manufacturers to produce supplies in times of need.”

The company said it was proceeding with its research and development initiatives; accelerating the ramp of its production facilities; and moving to broadly commercialize its Impossible Sausage and Impossible Pork products.

Impossible Foods has raised $1.3 billion from investors including Mirae Asset Global Investments, Khosla Ventures, Horizons Ventures, and Temasek.

Savvy, a healthcare cooperative, has just raised an undisclosed amount of funding from Indie.vc.

Established as a cooperative that shares profits with its users, Savvy connects patients with healthcare companies and other providers looking to better serve people through products and services. Patients can take paid gigs that include tasks like interviews, focus groups and user testing.

Savvy is set up as a multi-stakeholder cooperative. Those stakeholders are divided into four classes: patients, Savvy employees, founders and investors. Up until now, Savvy has been entirely bootstrapped and sustained by its revenue, Savvy CEO Jen Horonjeff told TechCrunch via email.

“But as more and more companies are seeing that patient insights are critical to help their healthcare solutions find product-market fit, we need to scale up our operations to meet the demand,” she said. “This financing will allow us to expand our offerings, support more companies and, in turn, improve the lives of countless more patients.”

Cooperatives can oftentimes face trouble raising venture funding. That’s because their business models don’t generally align with the incentives of traditional venture capitalists, Horonjeff previously told me.

“I have to say a lot of investors are, first of all, not curious,” she said. “And those that are curious — and we’ve gone down the path with people like that — think we’re this cool new thing, but just don’t understand how it’s going to jive with the rest of their fund. So there aren’t great mechanisms in place to kind of bridge the gap between what people know and what the new economy could look like.”

For Indie.vc, which already takes a non-traditional approach to venture capital, co-ops fit into the firm’s vision. Indie.vc, which aims to be the last investment its founders need to take, is geared toward startups with founders who value preserving nationality and ownership.

As Indie.vc founder Bryce Roberts said in a statement, “Savvy represents everything we’d like to see in the future of impact business — shared ownership, diverse perspectives, and aligned incentives, tackling one of the largest industries on the planet.”

Media software maker Plex has released two new projects today from its internal R&D group, Plex Labs. One is an updated take on the classic Winamp player it calls Plexamp, and another is a dedicated app for Plex server administration. The projects are meant to appeal largely to Plex power users who take full advantage of Plex’s software suite, which has grown over time from being only a home media solution to a one-stop shop for everything from live TV to streaming audio.

The first of the new apps, Plexamp, is actually a revamp of the first Plex Labs project to ever be released. In December 2017, Plex introduced its own music player, whose name Plexamp was a nod to the lost-lost Winamp player it aimed to replace. The project, like others from Plex Labs, was built by Plex employees in their spare time.

The goal with the original Plexamp was to offer a small desktop player that could handle any music format. The app let you use media keys for playing, pausing and skipping tracks and it worked offline when the Plex server ran on your laptop. It also offered visualizations to accompany your music that pulled from the album art.

While the original app ran on Mac or Windows, the new release works across five platforms, now including iOS, Android and Linux.

The app itself has been completely redone, as well — rewritten from scratch, in fact. And it’s tied into to Plex’s subscription service, Plex Pass — meaning you’ll need to be a paying customer in order to use it.

The company explains the original version of Plexamp had issues around portability and licensing; it didn’t have an easy way to add functionality; and it was built with React, which tied it to the web.

To create the new Plexamp (version 3.0), Plex built an audio player library called TREBLE on top of a low-level commercial audio engine. TREBLE has been shipping in Plex’s commercial applications, but this release brings it to Plexamp. The addition helped make the app portable across almost all desktop and mobile platforms, as was it being rewritten in React Native.

The new app provides features Plex Pass music listeners want, like gapless playback, high-quality resampling, Sweet Fades (Plex’s ‘smart’ alternative to crossfades) soft transitions, and pre-caching. Plex also added a few more effects, including one for voice boosting spoken word audio and another for silence compression.

But the app really sells itself to longtime Plex users, as Plexamp lets you go back to see your own “top personal charts” for what you’ve listened to the most in years past. (Sort of like a Plex version of Apple Music’s Replay playlists).

Plexamp 3.0 also introduces a feature that lets you build your own mixes by picking a set of artists. Plus it offers a more expansive list of stations, supports offline listening, and improves its search functionality. The new Recent Searches area, for example, will save your search results from across servers, as well as TIDAL and podcasts. And a new Recent Plays feature shows you the music you consciously chose to play, again including across all servers and TIDAL.

There are some little touches, too, that show the personal care that went into the app’s design — like the way Plexamp uses album art and a process called “UltraBlur” to give each artist and alum page its own look. Or how there are options for light and dark — and lighter and darker — themes.

The other big new release from Plex Labs is the new Plex Dash app.

This mobile and tablet app lets you keep a close eye on your personal media server, including a way to see all playbacks even across multiple servers, plus other administrative features.

With Plex Dash, you can edit your artwork, scan for new media, fix incorrect matches, check on server resource usage, tweak library settings, and view server logs live.

Plex suggests you run on the iPad you have mounted in the wall — like in your fancy media room I guess — but for us poorer folks, it runs on your smartphone too.

It’s a power user tool, but one that will be welcomed for those fully immersed in a Plex-run home media setup. (And also a good way to respond to criticism that Plex is too focused today on its streaming and TV options, and not its core home media software customer base.)

Plex Dash also requires a Plex Pass subscription and runs on iOS and Android.

The apps launched today are notable as they’re the first to arrive from Plex Labs since the original release of Plexamp in 2017 and because they require a subscription in order to work.

Plex at the end of 2019 said it had 15 million registered households using its service. Though the service is profitable, only a small percentage paid subscribers. New apps with extra features, then, could convince more Plex users to subscribe.

There’s a potential climate-related crisis brewing in the beer industry and Province Brands has just raised $1.6 million for its technology that purports to be a solution.

The Canadian company, which has developed a way to make beer from any plant material, is pitching itself as a solution to the increasing shortages of barley and other grains caused by global climate change.

It’s a pivot for the brand. When it launched the company was taking its technology to cannabis brands as a way to brew beer made from bud. But when the bottom started falling out of the cannabis market, Province Brands switched the pitch to the broader brewery business.

“The cannabis industry was overvalued from an equities perspective for years,” says Province Brandsco-founder Dooma Wendschuh. “Starting in mid-2019 we started to see that crash… This is an industry that is very capital intensive… it requires a tremendous amount of investment to set up these facilities.”

As the market became less about the puff puff and more about the pass, Province decided to reach out to its investor base and raise a Canadian $2.2 million convertible note.

“We didn’t want investors to take a bath on it if that could be avoided,” says Wendschuh.

Province Brands’ last funding was its Series B in 2019 when the Company raised CAD $5 million at a CAD $70 million pre-money valuation, the company said in a statement. 

“Closing this round quickly highlights the attractiveness of Province Brands’ technology, IP, and market opportunities,” said Dooma Wendschuh, Co-Founder of Province Brands.  

The money which came from previous institutional and angel investors will be used to continue marketing its technology more broadly to brewers impacted by rising prices for beer staples like barley and to launch its own branded hemp lager into the market.

The company’s Cambridge Bay Canadian Hemp Lager, will be the first beer brewed from hemp, according to a statement from Province Brands. Made of only hemp, hops, water, and yeast, the beverage contains no THC, CBD, or phytocannabinoids and can legally be sold wherever alcohol is sold, the company said. 

“The technology we created to brew beer from cannabis would allow us to brew beer from any non-starch plant material,” Wendschuh said. “This could be transformative for beer companies where the price of barley has gone through the roof.”

In some cases barley is too expensive for large scale beer production, Wendschuh noted. 

“Funds raised will help us complete Phase 1 construction of our 123,000-square-foot brewing facility and will enable us to receive additional licensing from Health Canada,” said Province Brands’ Co-Founder Jennifer Thomas.  The company received its research and development license from Health Canada in late 2019. 

Province Brands is already working with some bigger name liquor companies on making beer substitutes from their feedstocks. In one case, the company is working with an undisclosed tequila manufacturer on a beer made from agave.

Province Brands’ last funding was its Series B in 2019 when the Company raised CAD $5 million at a CAD $70 million pre-money valuation.  

It is notable that the transaction closed in less than two months at a time when capital markets have been challenging.   “Closing this round quickly highlights the attractiveness of Province Brands’ technology, IP, and market opportunities,” said Dooma Wendschuh, Co-Founder of Province Brands.  

Many have been understandably concerned that, amid corporate bailouts, a $1,200 check won’t be enough to survive several more weeks of lockdown. But the stimulus check is, at very least, better than nothing, particularly for the more than 22 million Americans have filed jobless claims in the last month alone.

But actually getting the check is easier said than done. There have been a number of roadblocks for many Americans. Many students are ineligible. Same goes for many elderly and disabled people. Immigrants without a social security number, too. There have been a variety of delays, as well, including the President’s unprecedented mandate that his signature appear on paper check.

For millions of Americans, a “glitch” will further delay matters. The deposit, planned for yesterday, was delayed for “several million” people who used popular services like H&R Block, Jackson Hewitt and TurboTax to file their taxes last year, according to The Washington Post. The issue? The IRS didn’t have their direct deposit information on file.

Those checking their stimulus status via the IRS’s “Get My Payment” tool this week were greeted with a perplexing “Payment Status Not Available” message. No additional information was provided.

The IRS says it’s currently working to resolve the issues that have led to the delay.

Many have been understandably concerned that, amid corporate bailouts, a $1,200 check won’t be enough to survive several more weeks of lockdown. But the stimulus check is, at very least, better than nothing, particularly for the more than 22 million Americans have filed jobless claims in the last month alone.

But actually getting the check is easier said than done. There have been a number of roadblocks for many Americans. Many students are ineligible. Same goes for many elderly and disabled people. Immigrants without a social security number, too. There have been a variety of delays, as well, including the President’s unprecedented mandate that his signature appear on paper check.

For millions of Americans, a “glitch” will further delay matters. The deposit, planned for yesterday, was delayed for “several million” people who used popular services like H&R Block, Jackson Hewitt and TurboTax to file their taxes last year, according to The Washington Post. The issue? The IRS didn’t have their direct deposit information on file.

Those checking their stimulus status via the IRS’s “Get My Payment” tool this week were greeted with a perplexing “Payment Status Not Available” message. No additional information was provided.

The IRS says it’s currently working to resolve the issues that have led to the delay.

Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive, and reviled companies in the tech startup scene.

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it, and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.

But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac, and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.

The repository also exposed Clearview’s Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company’s private messages and communications.

Clearview has been dogged by privacy concerns since it was forced out of stealth following a profile in The New York Times, but its technology has gone largely untested and the accuracy of its facial recognition tech unproven. Clearview claims it only allows law enforcement to use its technology, but reports show that the startup courted users from private businesses like Macy’s, Walmart and the NBA. But this latest security lapse is likely to invite greater scrutiny of the company’s security and privacy practices.

When reached for comment, Clearview founder Hoan Ton-That claimed his company “experienced a constant stream of cyber intrusion attempts, and have been investing heavily in augmenting our security.”

“We have set up a bug bounty program with HackerOne whereby computer security researchers can be rewarded for finding flaws in Clearview AI’s systems,” said Ton-That. “SpiderSilk, a firm that was not a part of our bug bounty program, found a flaw in Clearview AI and reached out to us. This flaw did not expose any personally identifiable information, search history or biometric identifiers,” he said.

Clearview AI’s app for iOS did not need a log-in, according to Hussein. He took several screenshots to show how the app works. In this example, Hussein used a photo of Mark Zuckerberg.

Ton-That accused the research firm of extortion, but emails between Clearview and SpiderSilk paint a different picture.

Hussein, who has previously reported security issues at several startups, including MoviePass, Remine and Blind, said he reported the exposure to Clearview but declined to accept a bounty, which he said if signed would have barred him from publicly disclosing the security lapse.

It’s not uncommon for companies to use bug bounty terms and conditions or non-disclosure agreements to prevent the disclosure of security lapses once they are fixed. But experts told TechCrunch that researchers are not obligated to accept a bounty or agree to disclosure rules.

Ton-That said that Clearview has “done a full forensic audit of the host to confirm no other unauthorized access occurred.” He also confirmed that the secret keys have been changed and no longer work.

Hussein’s findings offer a rare glimpse into the operations of the secretive company. One screenshot shared by Hussein showed code and apps referencing the company’s Insight Camera, which Ton-That described as a “prototype” camera, since discontinued.

A screenshot of Clearview AI’s app for macOS. It connects to Clearview’s database through an API. The app also references Clearview’s former prototype camera hardware, Insight Camera.

According to BuzzFeed News, one of the firms that tested the cameras is New York City real estate firm Rudin Management, which trialled use of a camera to two of its city residential buildings.

Hussein said that he found some 70,000 videos in one of Clearview’s cloud storage buckets, taken from a camera installed at face-height in the lobby of a residential building. The videos show residents entering and leaving the building.

Ton-That explained that, “as part of prototyping a security camera product we collected some raw video strictly for debugging purposes, with the permission of the building management.”

TechCrunch could not ascertain from which building the videos were taken. A representative from Rudin Management did not return our emails.

One of the videos from a camera in a lobby of a residential building, recording residents (blurred by TechCrunch) as they pass by.

Clearview has come under intense scrutiny since its January debut. It’s also attracted the attention of hackers.

In February, Clearview admitted to customers that a list of its customers was stolen in a data breach — though, it claimed its servers were “never accessed.” Clearview also left several of its cloud storage buckets containing its Android app unprotected.

Vermont’s attorney general’s office has already opened an investigation into the company for allegedly violating consumer protection laws, and police departments have been told to stop using Clearview, including in New Jersey and San Diego. Several tech companies, including Facebook, Twitter, and YouTube.

In an interview with CBS News in February, Ton-That defended his company’s practices. “If it’s public and it’s out there and could be inside Google’s search engine, it can be inside ours as well,” he said.