Hostinger said it has reset user passwords as a “precautionary measure” after it detected unauthorized access to a database containing information on millions of its customers.

The breach is said to have happened on Thursday. The company said in a blog post it received an alert that one of its servers was improperly accessed. Using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database containing customer usernames, email addresses, and scrambled passwords.

Hostinger said the API database stored about 14 million customers records. The company has more than 29 million customers on its books.

“We have restricted the vulnerable system, and such access is no longer available,” said Daugirdas Jankus, Hostinger’s chief marketing officer.

“We are in contact with the respective authorities,” said Jankus.

An email from Hostinger explaining the data breach. (Image: supplied)

News of the breach broke overnight. According to the company’s status page, affected customers have already received an email to reset their passwords.

The company said that financial data wasn’t taken in the breach, nor was customer website files or data affected.

But one customer who was affected by the breach accused the company of being potentially “misleading” about the scope of the breach.

A chat log seen by TechCrunch shows a customer support representative telling the customer it was “correct” that customers’ financial data can be retrieved by the API but that the company does “not store any payment data.” Hostinger uses multiple payment processors, the representative told the customer, but did not name them.

“They say they do not store payment details locally, but they have an API that can pull this information from the payment processor and the attacker had access to it,” the customer told TechCrunch.

We’ve reached out to Hostinger for more, but a spokesperson didn’t immediately comment when reached by TechCrunch.

Related stories:

• MoviePass exposed thousands of unencrypted customer card numbers
• StockX was hacked, exposing millions of customers’ data
• Slack resets user passwords after 2015 data breach
• Capital One breach also hit other major companies, say researchers
• An exposed password let a hacker access internal Comodo files
• Security lapse exposed weak points on Honda’s internal network

“The Red Sea Diving Resort,” a new film on Netflix, is based on the true story of Mossad agents who took over an abandoned holiday resort in Sudan to smuggle Jewish Ethiopian refugees out of the country.

As we explain in the latest episode of the Original Content podcast, the film feels like it’s made in the “Argo” mold, fashioning a political thriller out of a too-crazy-for-fiction events. But it’s not as well-made as “Argo,” while struggling with the same challenges — mixing serious and comedic tones, and balancing real-world politics with blockbuster thrills.

The balance feels particularly awkward with “Captain America” actor Chris Evans playing the Mossad agent leading the operation. He’s not bad in the role, but there’s not much substance or complexity to it, and his presence underlines the feeling that we’re watching a Hollywood fantasy.

The film also skimps on providing any broader political context. Maybe it deserves credit for not holding the audience’s hand, but as a result, all we know who the good guys are and who the bad guys. Meanwhile, none of the refugees — not even Kabede, who’s played by Michael K. Williams of “The Wire” — fully emerges a three-dimensional character.

Before our review, we discuss the apparent end of Disney and Sony’s agreement making Spider-Man part of the Marvel Cinematic Universe, news that prompted outrage and petitions from unhappy fans.

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you’d like to skip ahead, here’s how the episode breaks down:

0:00 Intro
2:25 Spider-Man news
14:37 “Red Sea Diving Resort” review
37:02 “Red Sea Diving Resort” spoiler discussion

Artificial intelligence is now being used to make decisions about lives, livelihoods, and interactions in the real world in ways that pose real risks to people.

We were all skeptics once. Not that long ago, conventional wisdom held that machine intelligence showed great promise, but it was always just a few years away. Today there is absolute faith that the future has arrived.

It’s not that surprising with cars that (sometimes and under certain conditions) drive themselves and software that beats humans at games like chess and Go. You can’t blame people for being impressed.

But board games, even complicated ones, are a far cry from the messiness and uncertainty of real-life, and autonomous cars still aren’t actually sharing the road with us (at least not without some catastrophic failures).

AI is being used in a surprising number of applications, making judgments about job performance, hiring, loans, and criminal justice among many others. Most people are not aware of the potential risks in these judgments. They should be. There is a general feeling that technology is inherently neutral — even among many of those developing AI solutions. But AI developers make decisions and choose tradeoffs that affect outcomes. Developers are embedding ethical choices within the technology but without thinking about their decisions in those terms.

These tradeoffs are usually technical and subtle, and the downstream implications are not always obvious at the point the decisions are made.

The fatal Uber accident in Tempe, Arizona, is a (not-subtle) but good illustrative example that makes it easy to see how it happens.

The autonomous vehicle system actually detected the pedestrian in time to stop but the developers had tweaked the emergency braking system in favor of not braking too much, balancing a tradeoff between jerky driving and safety. The Uber developers opted for the more commercially viable choice. Eventually autonomous driving technology will improve to a point that allows for both safety and smooth driving, but will we put autonomous cars on the road before that happens? Profit interests are pushing hard to get them on the road immediately.

Physical risks pose an obvious danger, but there has been real harm from automated decision-making systems as well. AI does, in fact, have the potential to benefit the world. Ideally, we mitigate for the downsides in order to get the benefits with minimal harm.

A significant risk is that we advance the use of AI technology at the cost of reducing individual human rights. We’re already seeing that happen. One important example is that the right to appeal judicial decisions is weakened when AI tools are involved. In many other cases, individuals don’t even know that a choice not to hire, promote, or extend a loan to them was informed by a statistical algorithm. 

Buyer Beware

Buyers of the technology are at a disadvantage when they know so much less about it than the sellers do. For the most part decision makers are not equipped to evaluate intelligent systems. In economic terms, there is an information asymmetry that puts AI developers in a more powerful position over those who might use it. (Side note: the subjects of AI decisions generally have no power at all.) The nature of AI is that you simply trust (or not) the decisions it makes. You can’t ask technology why it decided something or if it considered other alternatives or suggest hypotheticals to explore variations on the question you asked. Given the current trust in technology, vendors’ promises about a cheaper and faster way to get the job done can be very enticing.

So far, we as a society have not had a way to assess the value of algorithms against the costs they impose on society. There has been very little public discussion even when government entities decide to adopt new AI solutions. Worse than that, information about the data used for training the system plus its weighting schemes, model selection, and other choices vendors make while developing the software are deemed trade secrets and therefore not available for discussion.

Image via Getty Images / sorbetto

The Yale Journal of Law and Technology published a paper by Robert Brauneis and Ellen P. Goodman where they describe their efforts to test the transparency around government adoption of data analytics tools for predictive algorithms. They filed forty-two open records requests to various public agencies about their use of decision-making support tools.

Their “specific goal was to assess whether open records processes would enable citizens to discover what policy judgments these algorithms embody and to evaluate their utility and fairness”. Nearly all of the agencies involved were either unwilling or unable to provide information that could lead to an understanding of how the algorithms worked to decide citizens’ fates. Government record-keeping was one of the biggest problems, but companies’ aggressive trade secret and confidentiality claims were also a significant factor.

Using data-driven risk assessment tools can be useful especially in cases identifying low-risk individuals who can benefit from reduced prison sentences. Reduced or waived sentences alleviate stresses on the prison system and benefit the individuals, their families, and communities as well. Despite the possible upsides, if these tools interfere with Constitutional rights to due process, they are not worth the risk.

All of us have the right to question the accuracy and relevance of information used in judicial proceedings and in many other situations as well. Unfortunately for the citizens of Wisconsin, the argument that a company’s profit interest outweighs a defendant’s right to due process was affirmed by that state’s supreme court in 2016.

Fairness is in the Eye of the Beholder

Of course, human judgment is biased too. Indeed, professional cultures have had to evolve to address it. Judges for example, strive to separate their prejudices from their judgments, and there are processes to challenge the fairness of judicial decisions.

In the United States, the 1968 Fair Housing Act was passed to ensure that real-estate professionals conduct their business without discriminating against clients. Technology companies do not have such a culture. Recent news has shown just the opposite. For individual AI developers, the focus is on getting the algorithms correct with high accuracy for whatever definition of accuracy they assume in their modeling.

I recently listened to a podcast where the conversation wondered whether talk about bias in AI wasn’t holding machines to a different standard than humans—seeming to suggest that machines were being put at a disadvantage in some imagined competition with humans.

As true technology believers, the host and guest eventually concluded that once AI researchers have solved the machine bias problem, we’ll have a new, even better standard for humans to live up to, and at that point the machines can teach humans how to avoid bias. The implication is that there is an objective answer out there, and while we humans have struggled to find it, the machines can show us the way. The truth is that in many cases there are contradictory notions about what it means to be fair.

A handful of research papers have come out in the past couple of years that tackle the question of fairness from a statistical and mathematical point-of-view. One of the papers, for example, formalizes some basic criteria to determine if a decision is fair.

In their formalization, in most situations, differing ideas about what it means to be fair are not just different but actually incompatible. A single objective solution that can be called fair simply doesn’t exist, making it impossible for statistically trained machines to answer these questions. Considered in this light, a conversation about machines giving human beings lessons in fairness sounds more like theater of the absurd than a purported thoughtful conversation about the issues involved.

Image courtesy of TechCrunch/Bryce Durbin

When there are questions of bias, a discussion is necessary. What it means to be fair in contexts like criminal sentencing, granting loans, job and college opportunities, for example, have not been settled and unfortunately contain political elements. We’re being asked to join in an illusion that artificial intelligence can somehow de-politicize these issues. The fact is, the technology embodies a particular stance, but we don’t know what it is.

Technologists with their heads down focused on algorithms are determining important structural issues and making policy choices. This removes the collective conversation and cuts off input from other points-of-view. Sociologists, historians, political scientists, and above all stakeholders within the community would have a lot to contribute to the debate. Applying AI for these tricky problems paints a veneer of science that tries to dole out apolitical solutions to difficult questions. 

Who Will Watch the (AI) Watchers?

One major driver of the current trend to adopt AI solutions is that the negative externalities from the use of AI are not borne by the companies developing it. Typically, we address this situation with government regulation. Industrial pollution, for example, is restricted because it creates a future cost to society. We also use regulation to protect individuals in situations where they may come to harm.

Both of these potential negative consequences exist in our current uses of AI. For self-driving cars, there are already regulatory bodies involved, so we can expect a public dialog about when and in what ways AI driven vehicles can be used. What about the other uses of AI? Currently, except for some action by New York City, there is exactly zero regulation around the use of AI. The most basic assurances of algorithmic accountability are not guaranteed for either users of technology or the subjects of automated decision making.

Image via Getty Images / nadia_bormotova

Unfortunately, we can’t leave it to companies to police themselves. Facebook’s slogan, “Move fast and break things” has been retired, but the mindset and the culture persist throughout Silicon Valley. An attitude of doing what you think is best and apologizing later continues to dominate.

This has apparently been effective when building systems to upsell consumers or connect riders with drivers. It becomes completely unacceptable when you make decisions affecting people’s lives. Even if well-intentioned, the researchers and developers writing the code don’t have the training or, at the risk of offending some wonderful colleagues, the inclination to think about these issues.

I’ve seen firsthand too many researchers who demonstrate a surprising nonchalance about the human impact. I recently attended an innovation conference just outside of Silicon Valley. One of the presentations included a doctored video of a very famous person delivering a speech that never actually took place. The manipulation of the video was completely imperceptible.

When the researcher was asked about the implications of deceptive technology, she was dismissive of the question. Her answer was essentially, “I make the technology and then leave those questions to the social scientists to work out.” This is just one of the worst examples I’ve seen from many researchers who don’t have these issues on their radars. I suppose that requiring computer scientists to double major in moral philosophy isn’t practical, but the lack of concern is striking.

Recently we learned that Amazon abandoned an in-house technology that they had been testing to select the best resumes from among their applicants. Amazon discovered that the system they created developed a preference for male candidates, in effect, penalizing women who applied. In this case, Amazon was sufficiently motivated to ensure their own technology was working as effectively as possible, but will other companies be as vigilant?

As a matter of fact, Reuters reports that other companies are blithely moving ahead with AI for hiring. A third-party vendor selling such technology actually has no incentive to test that it’s not biased unless customers demand it, and as I mentioned, decision makers are mostly not in a position to have that conversation. Again, human bias plays a part in hiring too. But companies can and should deal with that.

With machine learning, they can’t be sure what discriminatory features the system might learn. Absent the market forces, unless companies are compelled to be transparent about the development and their use of opaque technology in domains where fairness matters, it’s not going to happen.

Accountability and transparency are paramount to safely using AI in real-world applications. Regulations could require access to basic information about the technology. Since no solution is completely accurate, the regulation should allow adopters to understand the effects of errors. Are errors relatively minor or major? Uber’s use of AI killed a pedestrian. How bad is the worst-case scenario in other applications? How are algorithms trained? What data was used for training and how was it assessed to determine its fitness for the intended purpose? Does it truly represent the people under consideration? Does it contain biases? Only by having access to this kind of information can stakeholders make informed decisions about appropriate risks and tradeoffs.

At this point, we might have to face the fact that our current uses of AI are getting ahead of its capabilities and that using it safely requires a lot more thought than it’s getting now.

Cryptocurrencies are a religion as much as they are a technology. They almost have to be, given their adherents’ gargantuan ambition of fundamentally changing how the world works. This means they attract charlatans, lunatics, frauds, and false prophets, and furious battles are waged over doctrinal hairspliitting; but it also means they inspire intransigent beliefs which can, and do, unify many thousands of wildly different people across continents and time zones.

This occurred to me while I was rereading Gibbon’s Decline and Fall, as one does, and in particular its depictions of the early days of the Christian faith:

But whatever difference of opinion might subsist between the Orthodox [church], the Ebionites, and the Gnostics, concerning the divinity or the obligation of the Mosaic law, they were all equally animated by the same exclusive zeal; and by the same abhorrence for idolatry ..,. the established religions of Paganism were seen by the primitive Christians in a much more odious and formidable light. It was the universal sentiment both of the church and of heretics, that the daemons were the authors, the patrons, and the objects of idolatry.

For Orthodox church, Ebionites, and Gnostics, you can read perhaps, “Bitcoin maximalists”, “Blockchain not bitcoin,” and “Ethereum maximalists.” They disagree bitterly, but one view they all share is a disdain verging and frequently exceeding contempt for fiat currencies, untokenized assets, and most other aspects of money and finance as they are currently constructed. Instead they share a deep belief in the superiority, and inevitable supremacy, very different world.

The superstitious observances of public or private rites were carelessly practised, from education and habit, by the followers of the established religion. But as often as they occurred, they afforded the Christians an opportunity of declaring and confirming their zealous opposition. By these frequent protestations their attachment to the faith was continually fortified; and in proportion to the increase of zeal, they combated with the more ardor and success in the holy war, which they had undertaken against the empire of the demons.

I think few will disagree that, similarly, many cryptocurrency devotees seek out and seize every “opportunity of declaring and confirming their zealous opposition” to government money, central banks, rival maximalists, and other features of the monetary, financial, and/or centralized status quo.

The careless Polytheist, assailed by new and unexpected terrors, against which neither his priests nor his philosophers could afford him any certain protection, was very frequently terrified and subdued by the menace of eternal tortures. His fears might assist the progress of his faith and reason; and if he could once persuade himself to suspect that the Christian religion might possibly be true, it became an easy task to convince him that it was the safest and most prudent party that he could possibly embrace.

Similarly I don’t think it’s controversial to note that prophecies of the hyperinflation and collapse of national currencies, the downfall of central banks and fractional reserve banking in general, etc., are not unheard of among some of the … edgier … cryptocurrency people. One might even refer to the notion of “preaching the gospel” of deflationary, censorship-resistant cryptocurrency, sometimes in the hopes of scaring everyone who hears this doomsaying into buying some Bitcoin as a hedge.

Of course the religious parallels do not end with Gibbon. Cryptocurrencies were given to us not by a known, living, breathing, flawed human being, but by a pseudonymous verging-on-mythical quasi-demigod. (Cf eg “Satoshi’s Vision.”) Mythically speaking, that’s easily analogized to Prometheus granting humanity fire, or Moses bringing the stone tablets down from Mount Sinai. They have real and false prophets. There’s even a “Bitcoin Jesus.” And all promise a better world tomorrow, while demanding sacrifices and inconveniences today.

My tongue is obviously in cheek here — but I’m not entirely unserious. Of course all money is ultimately backed by faith (cf “full faith and credit.”) But this is I think unquestionably more true of cryptocurrencies, especially because, a decade on from their creation, they have failed — so far! — to transform the world to a degree anything like their proclaimed potential.

Bitcoin itself is apparently going from strength to strength, as can be seen in its increasing dominance of total cryptocurrency market capitalization, but it’s still beyond tiny compared to the rest of the financial world. Its total trading volume as I write this is roughly ~$15 billion per day, which admittedly sounds like a lot, but compared to the $5.1 trillion a day for the forex market as a whole, it’s roughly one-quarter of one percent.

More importantly, Bitcoin continues to technically iterate (although I’ve grown skeptical about Lightning, which it seems to me will always suffer from all the end-user inconveniences of prepaid credit cards, with few balancing advantages) and has hovered near or above $10,000 in value for months now. But the uncertainties and investigations regarding Tether remain a threatening cloud on its horizon.

As for other cryptocurrencies, though — well, these are complex times.

Ethereum, the best-known and perhaps most interesting, has gone from a wave of DAO excitement shortly after its launch, which faltered, to a wave of ICO madness and “fat protocol” DApps (decentralized applications), which also faltered, to the latest wave and watchword, “DeFi” aka decentralized finance. This essentially aims to reinvent all of Wall Street and the City of London on the blockchain(s), in the long term.

Meanwhile, the technical underpinnings that would allow Ethereum to scale to Wall Street size, known as “Ethereum 2.0,” remain more notional than real. I’m a big fan of Ethereum (my own pet crypto project is built on it) and I don’t think DeFi is doomed to failure … but under the circumstances I can understand skepticism creeping in among those who are not true believers.

There are plenty of other technically interesting cryptocurrency initiatives: from privacy coins such as ZCash, Monero, and Grin, to the use of Tezos by Brazil’s fifth largest bank for security tokens (again, DeFi), to the growth and stabilization of Cosmos’s “internet of blockchains,” to Blockstack’s total-app-installs graph beginning to look a little more exponential than linear, albeit with still-tiny y-axis numbers.

However, I think it’s also fair to say that now that cryptocurrencies are no longer new, unknown, and fascinating, interest among both individuals and enterprises who are not true believers has waned considerably. The cultural whiplash one experiences when transitioning from a conference full of people convinced they are building a new technology that will transform the fundamental order of the world, to outsiders (even technical outsiders) remarking “oh, is that still a thing?” is increasingly sharp.

That was probably true of the Christians after they ceased to be new and interesting, though, and in the end the Christians conquered the most powerful empire in the world from within. I am definitely not prophesying the same outcome here. I continue to think cryptocurrencies will remain a financial alternative, albeit a very significant and important one, used only by a few percent of people.

But I am saying that seeming increasingly distant from the external consensus reality, being driven by intransigent and sometimes bewildering faith as much as rational analysis, and ongoing associations with a cloud of crazy scandal and hangers-on snake-oil salespeople — all of which would be catastrophic signs for, say, a traditional new startup — can actually be indicators of the strength, not weakness, of a strange new religion. Something to bear in mind as we move into the second decade of cryptocurrencies.

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about Snap’s bizarre decision to keep pursuing hardware without really changing their overarching strategy.

The big story

Google isn’t so sweet these days.

The company’s beloved naming scheme of alphabetizing sugary things dies with Android Pie. The company announced this week that they’re dumping the dessert scheme for a much more boring option. The new Android will be Android 10.

Google has been one of those companies that has always liked to keep its quirkiness at the forefront of its brand. Multi-colored logos and bikes and hats with spinners and Nooglers and nap pods might have been the fringe elements of a Google employee’s first week on the job, but that’s what the company’s branding still evoked for a lot of people. The company’s more whimsical elements have realistically always been removed from the real world of its business interests, but at this point, the company may only be able to take away from the quirkiness of its brand, Google is just something different now.

Rebrands always grab attention, and the companies always make broad, sweeping statements about the deep meaning about what the new logo or font or name mean to the mission of the product at hand. With Android 10, Google says that their chief concern was promoting the universality of the operating system’s branding.

[W]e’ve heard feedback over the years that the names weren’t always understood by everyone in the global community. For example, L and R are not distinguishable when spoken in some languages.

So when some people heard us say Android Lollipop out loud, it wasn’t intuitively clear that it referred to the version after KitKat. It’s even harder for new Android users, who are unfamiliar with the naming convention, to understand if their phone is running the latest version. We also know that pies are not a dessert in some places, and that marshmallows, while delicious, are not a popular treat in many parts of the world.

There’s certainly room to question whether this decision has more to do with the fact that there aren’t too many desserts starting with the letter Q that immediately come to mind, or that Google marketing has decided to sanitize the Android brand with a corporate wash.

Send me feedback
on Twitter @lucasmtny or email
lucas@techcrunch.com

On to the rest of the week’s news.

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

• Apple’s credit card goes wide
  The Apple Card might be the prettiest credit card in the wild, but as the iPhone-aligned credit card starts shipping to customers, we’ll find out soon whether its extra features are enough to take down more popular millennial cards. Read more about it here.
• Overstock’s CEO resigns amid bizarre “deep state” revelations 
  Libertarian tech CEOs are often a special kind of eccentric, but Overstock’s Patrick Byrne set a new bar for strange with his revelation that he had gotten sucked into a Trump-Russia scandal under the guise of helping unearth Hillary Clinton’s secrets. I don’t really understand it, and it seems he understood even less, but it cost him his job. Read more here.
• Now, even the scooters are autonomous
  Segway seems to believe that it’s revolutionized the world of transportation a few times now, but its latest product is just a bit over-teched. The Segway Kickscooter T60 adds autonomous driving capabilities to the city electric scooter, but it doesn’t use them quite the way you might think. Read more here.

Photo By Bill Clark/CQ Roll Call

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

1. States looking to take on tech giants themselves:
   [States to launch antitrust investigation into big tech companies, reports say]
2. Facebook keeps learning more about how much it knew about CA:
   [Facebook really doesn’t want you to read these emails]
3. Not really a gaffe, but just embarrassing for Apple Card:
   [Apple warns against storing Apple Card near leather or denim]

Our premium subscription service had another week of interesting deep dives. My colleagues and I made our way to Y Combinator Demo Days this week where we screened the 160+ startups pitching and picked some favorites from both days..

The best 11 startups from YC Demo Days (Day 1)

“Eighty-four startups presented (read the full run-through of every company plus some early analysis here) and after chatting with investors, batch founders and of course, debating amongst ourselves, we’ve nailed down the 11 most promising startups to present during Day 1…”

The top 12 startups from YC Demo Days (Day 2)

“After two days of founders tirelessly pitching, we’ve reached the end of YC’s Summer 2019 Demo Days. TechCrunch witnessed more than 160 on-the-record startup pitches coming out of Y Combinator, spanning healthcare, B2B services, augmented reality and life-extending. Here are our favorites from Day 2…”

Here are some of our other top reads this week for premium subscribers. This week, we published a some analysis on the latest YC class and also dug deep into the perks new employees get at some top companies.

• YC is doubling down in these investments in its latest batch
• How Dropbox, Nike, Salesforce, MailChimp, Google and Pepsi welcome their new hires

Sign up for more newsletters in your inbox (including this one) here.

It’s hard at times not to feel sorry for CEO Dara Khosrowshahi, given all that he inherited when he became the ride-share giant’s top boss back in April 2017. Among his many to-do items: take public a money-losing company whose private-market valuation had already soared past what many thought it was worth, clean-up the organization’s win-at-all-costs image, and win over employees who clearly remained loyal to Uber cofounder Travis Kalanick, an inimitable figure who Khosrowshahi was hired to replace.

Things are undoubtedly about to get worse, given the upcoming publication of a tell-all book about Uber authored by New York Times reporter Mike Isaac, which comes out in less than two weeks. In just one excerpt published yesterday by the newspaper, Isaac outlines how Uber misled customers into paying $1 more per ride by telling them Uber would use the proceeds to fund an “industry-leading background check process, regular motor vehicle checks, driver safety education, development of safety features in the app, and insurance.”

The campaign was hugely successful, according to Isaac, who reports that it brought in nearly half a billion dollars for Uber. Alas, according to employees who worked on the project, the fee was devised primarily to add $1 of pure margin to each trip.

Om Malik, a former tech journalist turned venture capitalist, published a tongue-in-cheek tweet yesterday after reading the excerpt, writing, “Apology from @dkhos coming any minute — we are different now.”

Malik was close. Instead of an apology, Uber today sent riders an email titled, somewhat ominously, “Your phone number stays hidden in the app.” The friendly reminders continues on to tell customers that their “phone number stays hidden when you call or text your driver through the app,” that “[p]ickup and dropoff locations are not visible in a driver’s trip history,” and that “for additional privacy, if you don’t want to share your exact address, request a ride to or from the nearest cross streets instead.”

The email was clearly meant to reassure riders, some of whom might be absorbing negative press about Uber and wondering if it cares about them at all. But not everyone follows Uber as closely as industry watchers in Silicon Valley, and either way, what the email mostly accomplishes is to remind customers that riding in an Uber involves a bit of risk.

Stressing that the company is “committed to safety” is the debating equivalent of a so-called negative pregnant, wherein a denial implies its affirmative opposite. It’s Uber shooting itself in the foot.

It would have been more on point — too much so, perhaps — for Uber to email riders that when it talks about safety, it means business (and not the kind where it swindles its own customers).

Either way, it underscores the tricky terrain Uber is left to navigate right now. Though campaigns like Uber’s so-called “safe rides fee” was orchestrated under the leadership of Kalanick — who did whatever it took to scale the company — it’s Khosrowshahi’s problem now.

So is the fact that the company’s shares have been sinking since its IPO in early May; that Uber’s cost-cutting measures will be scrutinized at every turn (outsiders especially relished the company’s decision to save on employees’ work anniversaries by cutting out helium balloons in favor of stickers); and that Uber appears to be losing the battle, city by city, against labor activists and its own drivers who want to push up the minimum wage paid to drivers.

And those are just three of many daunting challenges that Khosrowshahi has been tasked with figuring out  (think food delivery, self-driving technologies, foreign and domestic opponents). No doubt Isaac’s book will highlight plenty of others.

How Uber handles the inevitable wave of bad publicity that comes with it remains to be seen. We don’t expect Khosrowshahi to come out swinging; that’s not his style. But we also hope the company doesn’t take to emailing riders directly. It’s great if Uber is taking customer safety more seriously than it might have under Kalanick’s leadership, but reaching out to tell riders how to remain safe from their Uber drivers isn’t the way to do it, especially without acknowledging in any way why it’s suddenly so eager to have the conversation.

Editor’s note

Due to bad travel logistics (thanks SFO), I wasn’t able to get the mid-week edition of the Extra Crunch roundup newsletter out. Sorry about that. Instead, here is everything we published this week on Extra Crunch in one fell swoop — and my, we covered a lot of ground. Hope you enjoy some great weekend reading.

Y Combinator Demo Day Coverage-a-palooza

Much like the equinoxes that synchronize Earth’s calendar, Y Combinator’s biannual demo days are a key fixture of the Silicon Valley calendar. This year was no different, with 166 companies presenting from the summer batch (and occasionally from previous batches if they chose to delay their presentation).

We had a full squad on site not only covering the 84 companies from day one and 82 companies from day two, but our team also put their collective heads together to identify the top companies from each set exclusively for Extra Crunch members.

The 11 best startups from Y Combinator’s S19 Demo Day 1

Read our favorite 11 startups from day one, which included:

PopSQL provides collaborative SQL query editing. You can store SQL queries you run regularly, grouping them into folders that can be kept private or shared amongst your team. Version history tracks changes so it can be reverted if/when something breaks. It currently has more than 100 paying companies, and is making $13K per month. It plans to build a marketplace for apps that run on top of your company’s database.

Why it’s one of our favorites: SQL database queries can be a nightmare, especially if they’re not something you’re used to dealing with every day. PopSQL lets you hammer on queries collaboratively until they’re working exactly as you want — then you can save them for future use and share them amongst your team members. And when you’ve spent the last 45 minutes trying to figure out why your query isn’t working only for a team mate to fix it in thirty seconds, you can use version control to see exactly what they changed. PopSQL says its product has already found customers in companies like Instacart, Redfin, and DoorDash.

Our 12 favorite startups from Y Combinator’s S19 Demo Day 2

Read our favorite 12 startups from day two, which included:

Business Score is helping companies automate background checks on other businesses. The startup is looking to stamp out tired manual processes that largely mean picking up the phone and scouring documents. The single API taps data sources across the web to build out real-time profiles that can help customers scan businesses in an effort to prevent fraud, qualify leads and onboard new clients.

Why it’s one of our favorites: Though it’s yet another startup in the batch catering to other startups, we thought Business Score stood out. The company integrates with thousands of data providers to help companies verify other startups and enterprises they are considering doing business with, using a system they’ve dubbed “the business passport.” There’s an opportunity here to create a tool essential to company-building across industry.

YC is doubling down on these investment theses in its most recent batch

Finally, amidst all the zany craziness of watching 166 companies present over two days (there should be a YC company for unmelting your brain), our venture capital reporter Kate Clark stepped back to assess what all the various companies in the batch indicated about the accelerator’s strategy these days.

YC knows its sweet spot: enterprise SaaS. One might go as far as to say it’s transitioning into a full-on SaaS incubator. Why? Because one of the greatest advantages of going through YC is the network of alumni companies you can tap into. Many successful B2B companies have emerged from the program, raised boat loads of venture capital funding and rocketed to the moon (hello Stripe, Brex, Gusto and Atrium). With that in mind, YC is doubling down on its resources for startups that sell products to other startups, which brings us to our first piece of news.

YC chief executive officer Michael Seibel and president Geoff Ralston announced this week that the accelerator has implemented something called CTO and HR demo days. In short, CTO and HR demo days are an opportunity for B2B startups to pitch their products to YC alum companies’ CTO and/or head of HR. Seibel and Ralston said 60 CTOs attended the event, as well as 30 HR heads. In total, 42 startups presented and we’re guessing a bunch of those companies booked a few customers.

You can tell a lot about a service by what it prioritizes on its home screen. With the new Disney + service the focus is initially organized by fan base, with different silos for the company’s various studios and the fans that follow them.

As the company gets the service off the ground — and casts about for content to stuff it with — curation is increasingly important. Over the course of my conversation with the Ricky Strauss, who’s overseeing Disney’s streaming service, “quality over quantity” was the mantra.

I spent some time reviewing the app and its features at the D23 expo and it seems the emphasis of quality over quantity in content didn’t necessarily extend to the app itself. The user interface and controls — at least on the AppleTV version that was used in my demonstration — were a little clunky.

While there’s going to be a rich content library of old and new titles — Disney, Pixar, Marvel and Star Wars classics and a mix of Fox content (chiefly “The Simpsons”) featured prominently on the home screen — other content is going to be a little bit more difficult to find.

Navigation over to the sidebar is required to find the new Disney+ original series (including the acquisitions like the “Diary of a Female President” series that Disney ordered earlier in the year. And don’t even bother trying to find any media from Hulu — or Hulu itself.  There are no plans to integrate any Hulu content or Fox properties that now fall under the auspices of Disney or its underlying studios (that includes the mutant corner of the Marvel Comics world that now fall under Disney’s purview after the Fox deal).

Family friendly fare for Disney means that the service (as previously reported) won’t have any media that would warrant a rating above PG-13. There won’t be a whiff of anything remotely as bloody or graphic as “Deadpool” on Disney’s streams.

While there aren’t a number of robust parental controls (since the content is designed to be more family friendly than the average streaming service) there is a kids’ mode designed for ages seven and below.

In the kids mode shows are organized by character, because that’s the way children (many of whom are pre-literate) relate to the medium. The screen for kids is also brighter and in kids accounts, the autoplay feature is turned off (the default for the streaming services is that autoplay is on for adults).

Initially the service will be available in several languages at launch through subtitles and dubbing with plans to be as inclusive as possible when the service rolls out in each of the countries it will be operating in. And eventually Disney wants the streaming service to be available everywhere.

The $7-a-month price tag will enable families to get four simultaneous streams, all the videos will be in 4K, UHD and HDR with an ability for a family to set up seven different user profiles. As CNet noted, this is in sharp contrast to Netflix, which only allows for five profiles and enables simultaneous streaming only at a higher price point.

Given the broader functionality, it’d be more apt to compare Disney+ to Netflix’s premium $15.99 per month service, rather than its basic $8.99 price point. Disney+’s content library and family friendly pitch also make it a compelling offering for families with young children.

Each profile can be designated with the Disney avatar of your choice. The service also won’t be dropping its original episodes all at once, preferring to serialize the entertainment — more like a traditional network.

For Disney, which owns Marvel, LucasFilm, as well as its own catalog of live action and animated shows through the now 36-year-old Disney Channel, and the film libraries of Pixar and the Walt Disney Co. the successful launch of Disney+ is nothing less than the future of the company.

At D23, the company’s fan service expo, that was incredibly apparent.

The VW electric ID Buggy concept is delightful and bright, stout and smiling. It’s a vehicle fit for the sunshine and sand dunes, or perhaps a less committing slow roll along the beach.

And so my first drive in a prototype of the all-electric buggy — along the coast near Spanish Bay in Monterey, Calif., — was tinged with sadness. After all, the ID Buggy is just a concept. It’s not meant for this world. At least not right now.

There is still a chance that the ID Buggy will make it to production. VW is already in talks with “at least one company” to bring the buggy into production, TechCrunch confirmed.

The global debut of the ID Buggy concept at the 89th Geneva International Motor Show in March was meant to showcase VW’s electric future and demonstrate the versatility of its modular electric drive toolkit chassis, or MEB. The MEB, which was introduced in 2016, is a flexible modular system — really a matrix of common parts — for producing electric vehicles that VW says make it more efficient and cost-effective.

The first vehicles to use this MEB platform will be under the ID brand, although this platform can and will be used for electric vehicles under other VW Group brands such as Skoda and Seat. (The MEB won’t be used by VW brands Audi or Porsche, which are developing their own platform for electric vehicles.)

VW has shown off several ID concepts. Some of these, like the ID Crozz and ID Buzz are going into production. A production version of the Crozz is coming to the U.S. at the end of 2020. Others, like this buggy, are not currently on the production track.

Driving the ID Buggy Drive

The ID Buggy is simple, and that’s exactly what it should be. No clutter or whiz-bang creature comforts. Instead, this leisure vehicle inspired by the 1960s era Meyers Manx has no roof or doors — although a tarpaulin can be stretched between the windscreen frame and the Targa bar as a sun sail or light weather protection. Without doors, the driver climbs in, and with relative ease, depending on one’s general fitness and flexibility.

The ID Buggy towers over its inspiration — the iconic Meyers Manx buggy that became popular among the California beach-and-surf culture of the 1960s.

The ID Buggy was also a quieter, smoother ride than the Meyers Manx. I also spent some time in a classic bright red buggy with a four-speed manual transmission and gas engine that might have been a touch carbureted. While the Manx roared as I shifted into first and peeled away, the electric ID Buggy was silent and smooth as it rolled out of the sandy parking lot.

The main detail inside the ID Buggy is the lack of features and do-dads. The hexagonal steering wheel, shown above, isn’t littered with toggles; there are just a couple of controls on the crossbar. A small integrated stock to the right side of the steering wheel allows the driver to move the vehicle into drive, reverse and park. A digital instrument cluster provides the basic information like speed.

Even the brake and accelerator pedals continue this stripped-down design story. 

The dashboard and the passenger area are just as void of features. This lack of “stuff” is more about function than form, although the matte green and textured grey blue at the bottom does make a visual statement. The ID Buggy is meant to be driven in the elements, rain or shine. And so designers made the interior waterproof.

Under the ID Buggy’s body is where the good stuff lives.

The rear-wheel drive buggy is outfitted with an electric motor that produces 201 horsepower and a maximum torque of 228 pound-feet. It has a 62-kilowatt-hour battery that can travel 155 miles (under the WLTP standard) on a single charge. There is not an EPA estimate for the range. It can accelerate from a standstill to 62 miles per hour in 7.2 seconds.

Unfortunately, this prototype had a kill-the-thrill speed limiter on it, scuttling my plans for a zippy ride along the coast.

Still, the ID Buggy offered a fun and easy, breezy ride. It handled the curves of the roads with ease and its wide body and higher rear end provided a sense of security even while driving amid other much larger passenger cars.

Building the ID Buggy

It’s unclear what company, or companies, are in talks to produce the buggy. VW wouldn’t give names; not even the ocean breeze and cloudless sky or the endless supercar eye candy were enough to loosen the lips of VW employees during Monterey Car Week.

It’s possible that this unnamed company is e.Go Mobile. VW announced in March that e.Go Mobile would be its first external partner to use its MEB electric platform to launch other EVs in addition to Volkswagen’s model range. A dedicated vehicle project is already being planned, VW said at the time.

A VW spokesperson told TechCrunch there’s no decision about which car will be produced under this partnership with e.Go Mobile. It could be the buggy; it could also be some other vehicle.

And then there’s Ford. Earlier this year, the two automakers announced a partnership that includes Ford producing electric cars based on the MEB developed by Volkswagen.

The VW folks on the ground in Monterey did express hope that a third party does build the buggy, or a modified version of it. As one spokesperson later told TechCrunch, “As the drive in Monterey showed, the Buggy is a great ambassador for Volkswagen and for e-mobility. I am sure it would find a lot of customers.”

In the end, the ID Buggy is a sleek cruiser rather than a beach bomber like the 1960s original. It successfully demonstrates the versatility around VW’s electric platform. After all, Volkswagen foresees critical parts in the ID Buggy used to power multiple consumer electric vehicles in the near future. And it’s a fair assumption the ID Buggy’s production cousins will have a bit more gadgets, including silly things like doors.

Hello and welcome back to Startups Weekly, a weekend newsletter that dives into the week’s noteworthy startups and venture capital news. Before I jump into today’s topic, let’s catch up a bit. Last week, I wrote about the flurry of IPO filings. Before that, I noted the differences between raising cash from angels vs. traditional venture capitalists.

Remember, you can send me tips, suggestions and feedback to kate.clark@techcrunch.com or on Twitter @KateClarkTweets. If you don’t subscribe to Startups Weekly yet, you can do that here.

What’s new

Venture capitalists look for companies poised to disrupt markets untouched by innovative technology. Believe it or not, a very small percentage of jewelry shopping is done online, which means there’s a big opportunity — for the right team — to bring jewelry buyers and sellers to the 21st century.

Enter Pietra, a new startup that’s just raised $4 million in a round led by Andreessen Horowitz’s Andrew Chen (Substack & Hipcamp investor). Robert Downey Jr.’s VC fund Downey Ventures and Will Smith’s fund Dreamers Fund also participated, as did Hollywood manager Scooter Braun, Michael Ovitz and supermodel Joan Smalls.

I spoke to the founding team, which includes Uber alum Ronak Trivedi and Ashley Bryan, who hails from fashion e-commerce site Moda Operandi. The pair bring a healthy mix of technology and fashion expertise to the mix. Trivedi tells TechCrunch he’s drawn on his Uber experience to recruit engineers from top tech companies and to advocate for fast growth. Meanwhile, Bryan has leveraged her fashion industry connections to establish relationships with luxury designers.

 “Fashion is typically really under-resourced in terms of tech,” Bryan tells TechCrunch. “[The fashion industry] is great at the creativity part but it’s tough, especially with jewelry because you really have to put up a lot of capital.”

Pietra’s plan is to create a high-end marketplace for consumers to connect with jewelry designers. To do this, the team has adopted the standard marketplace approach, taking a 30% marketplace fee from sellers, as well as a 7% fee from buyers commissioning jewelry on the platform.

“Whether you do custom jewelry or engagement jewelry or you do jewelry for celebrities like Drake, you can come on Pietra and connect with a global marketplace,” says Trivedi.

The jewelry market is expected to be worth more than $250 billion by 2020, according to McKinsey research. And where there’s a billion-dollar market, there are VCs. 

“Even though gemstones and jewelry have been at the center of art, commerce, and culture since the dawn of human civilization — going from stone jewelry created 40,000 years ago in Africa to the trade routes between East and West to Fifth Avenue in New York to the Instagram feed on your phone — the technology for discovering, designing, and purchasing jewelry online hasn’t evolved much at all,” writes a16z’s Chen, who overlapped with Trivedi during his Uber tenure.

Pietra completed its official launch this week. It has 100 designers on the platform and counting, along with what the founders say is a lengthy waitlist.

In other news

This week I published a long feature on the state of seed investing in the Bay Area. The TL;DR? Mega-funds are increasingly battling seed-stage investors for access to the hottest companies. As a result, seed investors are getting a little more creative about how they source deals. It’s a dog-eat-dog world out there and everyone wants a stake in The Next Big Thing. Read the story here.

Demo Day

Y Combinator graduated another batch of 200 companies this week. We were there both days, taking notes on each and every company. To make things easy on you, I’ve put together the ultimate YC reading list:

• All 84 startups from Y Combinator’s Demo Day 1
• All 82 startups from Y Combinator’s Demo Day 2
• The 11 best startups from YC’s Demo Day 1 (Extra Crunch membership required.)
• Our 12 favorite startups from Y Combinator’s S19 Demo Day 2 (Extra Crunch membership required.)
• YC’s Michael Seibel on building startups and early-stage deal-making
• YC is doubling down on these investment theses in its latest batch

Here’s a look at some of the profiles we’ve written on the S19 companies:

• Fresh out of YC, Tandem lands millions from a16z
• Stoic is a journaling app with a focus on understanding your feelings
• Narrator wants to become the operating system for data science
• This startup is building a weed breathalyzer for cops 
• Lokal wants to bring local news to 900M Indians in their regional languages
• Holy Grail is using machine learning to build better batteries
• YC’s latest bet is building a cyberpunk anime MMO
• Rent the Backyard wants to build a studio apartment in your yard
• Shiru is developing a protein replacement for food additives
• Lumineye helps first responders identify people through walls
• GradJoy is a fintech startup to help you knock out your student loans
• Traces AI is creating a less invasive alternative to facial recognition tracking

Listen

We recorded two great episodes of Equity, TechCrunch’s venture capital podcast, this week. The first was with YC CEO Michael Seibel, in which he speaks to trends at the seed stage of investing, changes at the accelerator program, including its move to San Francisco and more. You can listen to that one here. Plus, we had on Unusual Ventures co-founder and partner John Vrionis, who talked to us about direct listings versus IPOs and the future of DoorDash and Airbnb. You can listen to that one here.

Tips for B2B startups

Contributors Tyler Elliston and Kevin Barry share advice for B2B companies: “Over the years, we’ve seen a lot of B2B companies apply ineffective demand generation strategies to their startup. If you’re a B2B founder trying to grow your business, this guide is for you. Rule #1: B2B is not B2C. We are often dealing with considered purchases, multiple stakeholders, long decision cycles, and massive LTVs. These unique attributes matter when developing a growth strategy. We’ll share B2B best practices we’ve employed while working with awesome B2B companies like Zenefits, Crunchbase, Segment, OnDeck, Yelp, Kabbage, Farmers Business Network, and many more.” Read the full story here. (Extra Crunch membership required.)