Category: UNCATEGORIZED

Twitter today updated its Developer Policy to clarify rules around data usage, including in academic research, as well as its position on bots, among other things. The policy has also been entirely rewritten in an effort to simplify the language used and make it more conversational, Twitter says. The new policy has been shortened from eight sections to four, and the accompanying Twitter Developer Agreement has been updated to align with the Policy changes, as well.

One of the more notable updates to the new policy is a change to the rules to better support non-commercial research.

Twitter data is used to study topics like spam, abuse, and other areas related to conversation health, the company noted, and it wants these efforts to continue. The revised policy now allows the use of the Twitter API for academic research purposes. In addition, Twitter is simplifying its rules around the redistribution of Twitter data to aid researchers. Now, researchers will be able to share an unlimited number of Tweet IDs and/or User IDs, if they’re doing so on behalf of an academic institution and for the sole purpose of non-commercial research, such as peer review, says Twitter.

The company is also revising rules to clarify how developers are to proceed when the use cases for Twitter data change. In the new policy, developers are informed that they must notify the company of any “substantive” modification to their use case and receive approval before using Twitter content for that purpose. Not doing so will result in suspension and termination of their API and data access, Twitter warns.

The policy additionally outlines when and where “off-Twitter matching” is permitted, meaning when a Twitter account is being associated with a profile built using other data. Either the developer will need to obtain opt-in consent from the user in question, or they can only proceed if the information was provided by the person or is based on publicly available data.

The above changes are focused on ensuring Twitter data is accessible when being used for something of merit, like academic research, and that it’s protected from more questionable use cases.

Finally, the revamped policy clarifies that not all bots are bad. Some even enhance the Twitter experience, the company says, or provide useful information. As examples of good bots, Twitter pointed to the fun account @everycolorbot and informative @earthquakesSF.

Twitter identifies a bot as any account where behaviors like “creating, publishing, and interacting with Tweets or Direct Messages are automated in some way through our API.”

Going forward, developers must specify if they’re operating a bot account, what the account is, and who is behind it. This way, explains Twitter, “it’s easier for everyone on Twitter to know what’s a bot – and what’s not.”

Of course, those operating bots for more nefarious purposes — like spreading propaganda or disinformation — will likely just ignore this policy and hope not to be found. This particular change follows the recent finding that a quarter of all tweets about climate change were coming from bots posting messages of climate change denialism. In addition, it was recently discovered that Trump supporters and QAnon conspiracists were using an app called Power10 to turn their Twitter accounts into bots.

Twitter says since it introduced a new developer review process in July 2018, it’s reviewed over a million developer applications and approved 75%. It also suspended over 144,000 apps from bad actors in the last six months and revamped its developer application to be easier to use. It’s now working on the next generation of the Twitter API and is continuing to explore new products, including through its testing program, Twitter Developer Labs.

“Dear Sophie” is an advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

“Dear Sophie” columns are accessible for Extra Crunch subscribers; use promo code ALCORN to purchase a one or two-year subscription for 50% off.

Dear Sophie:

I work at a startup and my company is sponsoring me for an EB-2 NIW green card because they didn’t want to deal with PERM. I have some unique skills and am helping create a new technology that will support Americans and create jobs.

We just got hit with a massive Request for Evidence. I’m supposed to marry my American fiancé next month, but I really wanted to immigrate based on my own accomplishments. What should I do?

Marrying in the Marina

Dear Marrying,

I get it. We can strive so hard to achieve everything based on our merit and accomplishments, but for tech professionals who are used to success, it can be frustrating when we’re forced to depend on our employer or our beloved for our future. The startup ecosystem rewards fierce independence, and it can feel uncomfortable to ask others for support.

Two video startups are making dueling legal claims against the other.

The Wall Street Journal broke the news yesterday that interactive video company Eko is accusing Quibi of infringing on its patented technology.

At around the same time, The Hollywood Reporter noted  that Quibi (which is launching its short-form mobile video service next month) has filed a complaint in California federal court claiming that Eko has engaged in “a campaign of threats and harassment.”

At the heart of the dispute is Quibi’s Turnstyle technology, which allows viewers to seamlessly switch between landscape- and portrait-mode viewing.

Both companies seem to agree that Eko CEO Yoni Bloch met with Jeffrey Katzenberg in March 2017 (before Katzenberg had even founded Quibi) about a possible investment in Eko, and that there was at least one follow-up meeting between Quibi and Eko employees in 2019.

Eko claims that it provided Quibi employees — both while they were working at Quibi and before then, when they were previously at Snap — with details and code behind its technology. Then, after Katzenberg and Quibi CEO Meg Whitman showed off Turnstyle at CES this year, Eko sent a letter to Quibi claiming that the feature infringed on its intellectual property. (According to the Journal’s story, Eko’s lawyers have sent a letter to Quibi but have not filed a lawsuit.)

“Our Turnstyle technology was developed internally at Quibi by our talented engineers and we have, in fact, received a patent for it,” Quibi said in a statement. “These claims have absolutely no merit and we will vigorously defend ourselves against them in court.”

Meanwhile, in a statement, Eko described Quibi’s technology as “a near-identical copy of its own,” and said the company’s legal motion is “nothing more than a PR stunt”:

It is telling that Quibi filed the motion only after learning the Wall Street Journal was going to publish an article exposing allegations of Quibi’s theft of Eko’s technology … Eko will take the legal actions necessary to defend its intellectual property and looks forward to demonstrating its patent rights to the court.

You can read Quibi’s full complaint below.

Quibi complaint by TechCrunch on Scribd

Criteo faces a privacy investigation, an e-discovery startup raises $62 million and hackers hack other hackers. Here’s your Daily Crunch for March 10, 2020.

1. Adtech giant Criteo is being investigated by France’s data watchdog

Criteo is under investigation by the French data protection watchdog, the CNIL, following a complaint filed by privacy rights campaign group Privacy International.

Back in November 2018, a few months after GDPR (Europe’s updated data protection framework) came into force, Privacy International filed complaints against a number of companies operating in the space — including Criteo. A subsequent investigation by the rights group found adtech trackers on mental health websites sharing sensitive user data for ad targeting purposes.

2. Everlaw announces $62M Series C to continue modernizing legal discovery

Everlaw is bringing modern data management, visualization and machine learning to e-discovery, the process in which legal entities review large amounts of evidence to build a case. CapitalG (Alphabet’s growth equity investment fund) and Menlo Ventures led the round.

3. Hackers are targeting other hackers by infecting their tools with malware

Cybereason’s Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools and injecting a powerful remote-access trojan. When the tools are opened, the hackers gain full access to the target’s computer.

4. Amazon creates $5M relief fund to aid small businesses in Seattle impacted by coronavirus outbreak

The fund will provide cash grants to local small businesses in need during the novel coronavirus outbreak. The money will be directed toward small businesses with fewer than 50 employees or less than $7 million in annual revenue, and with a physical presence within a few blocks of Regrade and South Lake Union office buildings.

5. Stitch Fix’s sharp decline signals high growth hurdles for tech-enabled startups

Shares of Stitch Fix, a digitally-enabled “styling service,” are off sharply this morning after its earnings failed to excite public market investors. The firm, worth over $29 per share as recently as February, opened today worth just $14.75 per share. (Extra Crunch membership required.)

6. Facebook Stories tests cross-posting to its pet, Instagram

Facebook’s latest colonization of Instagram has begun — the social network is testing the option to cross-post Stories to Instagram, instead of just vice-versa.

7. Sequoia is giving away $21M to a payments startup it recently funded as it walks away from deal

Sequoia Capital has, for the first time in its history, parted ways with a newly funded company (Finix) over a purported conflict of interest and, almost more shockingly, handed back its board seat, its information rights, its shares and its full investment.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Monograph, a startup working on cloud-based software that makes project and cost management easier for architects, announced today that it has raised $1.9 million in seed funding. The round was led by Homebrew Ventures and Parade Ventures, with participation from Designer Fund, Hustle VC and angel investors.

The San Francisco-based startup was founded last year by Robert Yuen, Alex Dixon and Moe Amaya. Each has experience in architecture, design and software development, making them well positioned to create a management platform tailored for architects.

Monograph was designed to be easy to use, with an emphasis on the onboarding process so firms are encouraged to switch from traditional project management methods, like spreadsheets, to the software. The startup says hundreds of architects, ranging from solo practitioners to firms with more than 60 people, have already signed up. Monograph has been used to help manage over $125 million in projects, ranging in size from bathroom and kitchen remodeling to building large hotels.

[gallery ids="1956919,1956918,1956917"]

Before Monograph, the three were partners in an agency called Dixon and Moe, working as UI/UX consultants for tech startups and architecture firms.

“Monograph really grew out of the agency as a product we saw solving problems that we saw in our day to day lives as architectural designers, and also in our everyday lives with our friends,” Yuen told TechCrunch. “That’s the loss in the transparency of information between how much time you are spending on work, how projects are going, who is working on it. There is really no accurate way to manage a project and they are growing in complexity each year.”

Like other tech companies in the architecture space, including PlanGrid, Procore and UpCodes, Monograph is designed to streamline aspects of the design and building process, while making it easier for teams to collaborate.

Monograph is currently designed for use by architects and consultants, and includes tools to assign milestones, manage project timelines, and for timesheets, billing and invoicing. Data is then used for cost and progress analytics, like MoneyGantt, a feature for budget forecasting.

Yuen says that no matter a project’s size, each team includes architects, designers and engineers. By the end of the year, the company plans to start releasing new versions of Monograph that can be used by structural, electrical and mechanical engineers, and other licensed professionals.

The company’s funding will be used to hire for its software engineering and customer support teams.

In press statement, Homebrew partner Satya Patel said “Monograph offers transformative organization and project management software that is changing the way architects and designers work so that they can deliver better client service, manage costs and earn more profit. We look forward to seeing the company’s continued growth and innovation in a market that has been waiting for modern solutions.”

Augmented Reality technology did not, it turned out, light the touch paper on a booming new industry. What we got instead was a few cute applications on smartphones and devices like Microsoft’s Hololens, which has seen pretty limited success.

Where AR has proved that it may have a future is in industry, allowing workers to look at plans whilst they assemble something, for instance.

A new UK startup hopes to nudge that future on further with a radical new technology which, although it resembles the Hololens, is in fact a highly accurate helmet-mounted screen which enables construction workers to place beams or bricks in exactly the right locations, thus introducing significant savings in time normally lost due to mistakes.

To further boost its efforts, XYZ Reality has closed a £5 million Series A funding round, led by Amadeus Capital Partners and Hoxton Ventures, with participation from Adara Ventures and J Coffey Construction. The company will build out its AR cloud and software platform and build its team to serve the EU market and expand to US and Asia.

The idea behind it is highly innovative. A dedicated helmet with an attached visor projects a highly accurate hologram — based on laser positioning — in front of the wearer’s face, allowing them to place objects precisely according to plans projected in front of their eyes.

The company claims its HoloSite headset is the “world’s first engineering-grade Augmented Reality device,” that allows construction workers to view Building Information Models on-site to a 5-millimeter accuracy.

The problem it’s solving is an age-old one. In today’s construction industry buildings are designed in 3D and then converted into 2D drawings. But tradespeople are asked to interpret those 2D drawings and turn them into 3D buildings within construction “tolerances”. This process creates inefficiencies that mean up to 80% of the construction being “out-of-tolerance”. It’s estimated that 7-11% of project costs are wasted this way and, of course, in mega-projects like huge bridges, this amounts to an average of over $100 million.

Founder, CEO and builder David Mitchell, who has spent his career in the construction industry, says: “Works are currently validated after the fact through laser scanning. But 80% of the time the construction fails to meet acceptable tolerances. With HoloSite, we can prevent errors happening in the first place.”

Mitchell came up with the idea of eliminating 2D designs after the 2008 recession devastated the industry.

I tried out the headset for myself and found that I could complete a basic assembly of bricks according to the plans projected in front of my eyes with a reasonable degree of accuracy, from scratch.

XYZ says it was possible to build a bathroom in two hours using the headset, versus a day without it, using the technology.

The hope is that that as this technology improves, any tradesperson would be able to work on a construction site with less need for training in 2D plans, but still with a high degree of accuracy.

The project is not without risk. Daqri, which built enterprise-grade AR headsets for construction, shuttered its HQ last year. Earlier, Osterhout Design Group unloaded its AR glasses patents after acquisition talks with Magic Leap, Facebook and others stalled. Meta, an AR headset startup that raised $73 million from VCs, including Tencent, also sold its assets earlier this year after the company ran out of cash.

But Amadeus is bullish. Nick Kingsbury, Partner, Amadeus Capital Partners said: “Construction is a sector that’s ripe for radical innovation. This technology has the potential to revolutionize how the construction industry sets out and validates its work, reducing costs and the chance of project slippage from mistakes.”

Postmates said that it will be creating a fund to cover the costs for doctor appointments and medical expenses related to the COVID-19 outbreak for its delivery fleet and for merchants, Postmates will waive commission fees for stores in impacted markets.

The goal, the company said, is to give small business owners access to on-demand delivery at no additional cost. Postmates said it would launch the initiatives this week.

As the company noted, over half of Americans are unable to afford a $400 unexpected expense, so the Postmates Fleet Relief Fund will allow its couriers to take proactive preventive health. The company said the new policy builds on steps it has already taken like issuing guidance from CDC to its fleet, and the creation of the new non-contact dropoff option inside the app.

Postmates couriers who have made at least one delivery in states where cases of COVID-19 have been identified will ben eligible for credits from the emergency relief fund, which can be deposited towards the Postmates health savings vehicle (which is powered by Starship), the company said.

Any Postmate courier who doesn’t have a health account but is interested in the emergency relief credit, can sign up for the health savings vehicle and become eligible for the stipend to cover expenses, irrespective of diagnosis or quarantine. Interested couriers can sign up on the company’s website.

The company is also waiving commission fees for companies that want to sign up with the service for a “pilot program”.

The pilot program is only for businesses that are not currently on the platform and are operating out of San Francisco.

Like other technology companies in the Bay area and beyond, the Postmates program is a mix of social good (and aligns with other big tech companies’ initiatives) and an attempt to grab additional customers and market share in the time of a crisis.

The company’s move is also a little less risky given that the government is weighing options to compensate hourly workers for health expenses related to the coronavirus and bailouts for small businesses impacted by the ways in which state and local governments attempt to mitigate the spread of th edisease.

“Nationally, one in four private sector employees lack access to any sick leave at all. While our ongoing campaigns in California, New York, New Jersey, and Illinois seek to modernize 20th century laws to fit 21st century work for independent workers, now is the time to put aside the politics of the gig economy and work with all stakeholders to develop creative and meaningful emergency support for frontline workers who may be exposed — it’s the right thing to do,” said Vikrum Aiyer, Vice President of Public Policy for Postmates. “We know that two thirds of the individuals that carry out deliveries through the Postmates app have health care, but we want to make sure anyone can afford preventative expenses.”

We tried something new at last week’s TC Sessions: Robotics + AI. For the first time ever, we incorporated a pitch-off into the event. With a site as embedded in the startup world, it made sense to find a way to give some stage time to some early-stage startups.

On Monday night, I was joined by Aaron Jacobson (NEA), Jennifer Roberts (Grit Ventures) and Sunil Nagaraj (Ubiquity VC) to judge pitches from eight robotics and AI startups in front of a packed house at TechCrunch’s San Francisco HQ. Having also helped to whittle down the initial list, I’m happy to say it was an extremely solid list of competitors across the board.

We ultimately got the list down to four companies that showcased onstage at our Berkeley event the following day. The winning four companies were impressive not only from the standpoint of the products they were pitching, but also from the broad range of potential technologies they represented.

Two were primarily focused on robotics hardware and two were more interested in AI technologies. Their solutions ran the gamut from agricultural robotics to camera imagining to service center tire changes to helping improve customer interactions at fast-food drive-throughs. I feel pretty confident we’ll be hearing more from all of them in the coming months and years.

Quick note here: Due to time constrains, the pitches were brief. That’s the case for both the finals and those who appeared onstage. In the case of the latter, each company was given four minutes to make its case to an auditorium full of founders, students and investors. There was no Q&A segment that time out, but it should give you a pretty good idea of what each startup brings to the table.

Burro was the first up. Formerly known as Augean Robotics (good name change, IMO), the company offers an interesting take on the booming agricultural robotics category. Rather than focusing on robots that will replace human workers outright, the company has created a semi-autonomous robotic cart that saves pickers a long trip.

The wheeled robot is trained by following farmhands on their initial trip. After that, it works on its own. After being loaded with produce like table grapes, using on-board sensors and machine learning it delivers its payload to its destination without damaging it in the process.

Blink.AI arguably has the most immediate wide-ranging potential of the bunch. The company uses AI software to enhance imaging for stills, video and sensing. The company offered a compelling demo wherein its machine learning algorithms were employed for everything from minimizing snowfall in a video to improving conditions for self-driving vehicles.

Robotire is something we actually wrote about a week prior, when the company came out of stealth on our site, ahead of its Y Combinator pitch. TL;DR: The robot is capable of changing four tires in about 10 minutes. The company is currently in the process of rolling it out in select shops around the country.

Like Blink, Valyant AI is exploring a wide range of applications with its smart assist. The first one is an unexpected place: drive-throughs. The startup’s demo didn’t go exactly as planned onstage (it happens), but its founder was able to demonstrate it the night before. According to Valyant, operating the drive-through is one of the least desirable positions in the fast-food hierarchy.

A new flaw in Intel chips threatens to allow attackers to not just view privileged information passing through the system but potentially also insert new data. The flaw isn’t something the average user has to worry about, but it is a sign of the times as far as the shape of threats to our information’s security.

You may be familiar with Meltdown, Spectre, and Heartbleed — this one has a decidedly less catchy name: Load Value Injection, or LVI. It was discovered independently by BitDefender and by a multi-university group led by Jo Van Bulck.

The exact technical details (as documented here) of the flaw aren’t anything the average user would understand or be able to fix themselves. But here’s what you should know: LVI is part of a general category of flaws that have to do with a technique found on all modern chips called “speculative execution.”

Speculative execution is a bit like, if someone started writing a math problem on a chalkboard rather slowly, you decided to preemptively solve the problem in each of the 10 ways it could possibly be solved. That way, when the teacher finishes writing the problem, you have the answer ready, and simply discard the others.

Recently this process has been shown to be less than secure in that by carefully poking and prodding at the chip’s deepest levels of code, you can get it to cough up data that would normally be highly protected and encrypted. But while Meltdown and Spectre were about forcing that leakage, LVI takes it a step further, letting the attacker place new values into the process so that it comes out the way they like it. What’s more, this takes place inside the “SGX Enclave,” intended to be an impregnable sub-system that can be trusted to be secure.

The name isn’t so catchy, but it does have a cool logo.

These processes are so deep within the computer’s many layers of code and execution that it’s impossible to say what they can and can’t be used for. It’s safest to assume that, with an issue this fundamental — letting an attacker substitute certain secure values with their own — that the entire thing is compromised.

There are mitigations, of course, but they can severely affect the performance of the chip. Nevertheless, they must be put in place on any exposed chip with this flaw — and that’s pretty much any modern Intel chip that came out before last year.

Intel itself is very much aware of the issue and in fact published a 30-page technical summary of LVI and the various specific attacks it enables. It is careful to note at the outset, however, that this is not the sort of thing that gets deployed at large:

“Due to the numerous, complex requirements that must be satisfied to implement the LVI method successfully, LVI is not a practical exploit in real-world environments,” the paper reads.

And that’s why you don’t need to worry about it. The simple truth is you’re probably not an ideal target for this attack. It’s not easy to pull off, and as an individual your data is better got at either via traditional means (phishing and the like) or by collecting it in bulk at the datacenter level. So what’s important is not you updating your PC as soon as possible, but the companies that own and run millions of servers doing so.

Even then, however, it may be that systems with no public exposure are more or less incapable of being accessed by attackers, and even if they were, they might not handle any data that’s worth getting hold of. So ultimately it’s up to these companies to decide their priorities, and after that it’s up to chipmakers like Intel to design future chips and architectures without flaws like LVI and the others built in. Of course that’s rather hard to do given the complexity of those systems, but there it is.

You can learn more about LVI at the site set up to document it. Or you can just watch the ridiculous “teaser” the research team that identified the flaw put together below:

Credit Sesame is getting into digital banking. The credit and loans company, first launched at TechCrunch Disrupt in 2010, has since grown to 15 million registered users and, in 2016, achieved profitability. To date, its focus has been on helping consumer achieve financial health by taking steps to consolidate debt and raise their credit score. Now, it’s expanding to include digital banking, but with the goal of using its better understanding of its banking customers’ finances to better personalize its credit improvement recommendations.

The new service, Sesame Cash, has many features found in other challenger banking apps, like a general lack of fees, real-time notifications, an early payday option, free access to a sizable ATM network, in-app debit card management, and more. Specifically, Credit Sesame says it won’t charge monthly fees, overdraft fees, and it provides free access to over 55,000 ATMs and a no-fee debit card from MasterCard.

However, the banking app also serves a secondary purpose beyond its plan to take on traditional banks. Because the company has insights into users’ finances and repayment abilities, it will be able to offer personalized recommendations including those for relevant credit products from its hundreds of financial institution partners.

Other features also differentiate Sesame Cash from rival challenger banks, including built-in access to view your daily credit score and a system that rewards consumers with cash incentives — up to $100 per month — for credit score improvements. The banking app includes $1 million in credit and identity theft protection, as well.

In the months following its launch, the company is planning to introduce a smart bill pay service that manages cash to improve credit and lower interest rates on credit balances, plus an auto-savings feature that works by rounding up transactions, a rewards program for everyday purchases, and other smart budgeting tools.

“Through the use of advanced machine learning and AI, we’ve helped millions of consumers improve and manage their credit. However, we identified the disconnect between consumers’ cash and credit—how much cash you have, and how and when you use your cash has an impact on your credit health,” said Adrian Nazari, Credit Sesame Founder and CEO, in a statement. “With Sesame Cash, we are now bridging that gap and unlocking a whole new set of benefits and capabilities in a new product category. This underscores our mission and commitment to innovation and financial inclusion, and the importance we place in working with partners who share the same ethos,” he added.

Credit Sesame today caters to consumers interested in better their credit. The company says 61% of its members see credit score improvements within their first 6 months, and 50% see scores improve by more than 10 points during that time. 20% see their score improve by more than 50 points during the first 6 months.

But one challenge Credit Sesame faces is that after consumers reach their goals, credit-wise, they may become less engaged with the Credit Sesame platform. The new banking app changes that, by allowing the company to maintain a relationship with customers over time.

Credit Sesame is a smaller version of Credit Karma, which was recently acquired by Intuit for $7 billion. Since then, it has been rumored to be another potential acquisition target for Intuit, if it didn’t proceed to go public. The banking service would make Credit Sesame more attractive to a potential acquirer, if that’s the case, as it would offer something Credit Karma did not.

The company says Sesame Cash bank accounts are held with Community Federal Savings Bank, Member FDIC.

The banking service will initially be made available to existing customers, before becoming available to the general public. The Credit Sesame mobile app is a free download for iPhone and Android.