Category: UNCATEGORIZED

Users have said they are receiving emails from Amazon containing invoices and order updates on other customers, TechCrunch has learned.

Jake Williams, founder of cybersecurity firm Rendition Infosec, raised the alarm after he received an email from Amazon addressed to another customer with their name, postal address, and their order details.

Williams said he ordered something months ago which recently became available for shipping. He checked the email headers to make sure it was a genuine message.

“I think they legitimately intended to email me a notification that my item was shipping early,” he said. “I just think they screwed something up in the system and sent the updates to the wrong people.”

He said the apparent security lapse was worrying because emails about orders sent to the wrong place is a “serious breach of trust” that can reveal private information about a customer’s life, such as sexual orientation, proclivities, or other personal information

Several other Amazon customers also said they received emails seemingly meant for other people.

“I made an order yesterday afternoon and received her email last night,” another customer who tweeted about the mishap told TechCrunch. “Luckily I’m not a malicious person but that’s a huge security issue,” she said.

Another customer tweeted out about receiving an email meant for someone else. He said he spoke to Amazon customer service who said they will investigate additional security issues.

“Hope you didn’t send my sensitive account info to someone else,” he added.

And, one other customer posted a tweet thread about the issue, saying they spoke to a supervisor about the issue who gave a “nonchalant” response, she wrote. She said the supervisor said the issue happens frequently.

A spokesperson for Amazon did not return a request for comment when we asked how many customers were affected and if the company plans on informing customers of the breach. If we hear back, we’ll update.

It’s the second security lapse in a year. In November the company emailed customers saying a “technical error” had exposed an unknown number of their email addresses. When asked about specifics, the notoriously secretive company declined to comment further.

What’s the lifeblood of any early-stage startup? Money and media coverage. Opportunities to acquire both abound at Disrupt San Francisco 2019, our flagship tech conference that takes place on October 2-4. It’s all about networking and making the right connections to make your startup dreams come true, and there’s no better networking mecca than Startup Alley.

Buy a Startup Alley Exhibitor Package and plant your early-stage startup in the path of more than 10,000 attendees, including leading technologists, investors, 400 accredited media outlets and other leading influencers. The package includes one full exhibit day and three Founder passes.

You’ll have access to three days of Disrupt programming across the Main Stage, the Extra Crunch Stage, the Showcase Stage and the Q&A Stage. You can watch Startup Battlefield, our epic pitch competition, to see who takes home the $100,000 prize. You’ll also receive invitations to VIP events, like a reception with top-tier investors and global media outlets.

You’ll have CrunchMatch at your side to make networking as easy as possible. This free, business match-making platform helps you find and connect with the people who can move your business forward. It matches people based on their mutual business interests, suggests meetings and sends out invitations (which recipients can easily accept or decline). CrunchMatch even lets you reserve dedicated meeting spaces where you can network in comfort.

And how’s this for opportunity? Every early-stage startup that exhibits in Startup Alley is eligible for a chance to win a Wild Card entry to the Startup Battlefield pitch competition. TechCrunch editors will select two standout startups as Wild Card teams to compete for $100,000 in Startup Battlefield.

It might sound like a longshot (and it is), but RecordGram earned a Wild Card spot and went on to become the Startup Battlefield champ at Disrupt NY 2017. Because dreams do come true.

Disrupt San Francisco 2019 takes place on October 2-4. Buy a demo table, exhibit in Startup Alley and network your way to greatness. Come on and show the world what you’ve got.

Is your company interested in sponsoring at Disrupt SF 2019? Contact our sponsorship sales team by filling out this form.

If you’re a New Yorker, one of the easiest ways to keep up-to-date on the latest consumer products — furniture, beauty products, mobile apps, you name it — is to hop on the subway.

Even before you board, you may find yourself walking through a station filled with colorful startup ads. And once you’re actually on the train, you may find yourself surrounded by even more of those of ads.

It felt very different when I first moved to New York in 2013, back when the only companies that seemed to buy subway ads were local colleges, law firms and sketchy-sounding surgeons. Over the next few years, I noticed that the companies I wrote about in TechCrunch were starting to show up on the subway walls.

These ads are managed by Outfront Media, which has an exclusive contract with the MTA and says it’s worked with more than 150 startups and direct-to-consumer brands since 2018.

“Startups and DTC brands, now more than ever before, are looking for ways to raise awareness and gain market share among a heavy competitor set,” said Outfront’s chief product experience officer Jason Kuperman via email. “For these brands, it is all about testing and learning, and leveraging out-of-home (OOH) [advertising] and advertising on the subway allows them to do just that.”

Kuperman added that when they launch their subway campaigns, many of these startups are unknown, so they “find value in a permanent place to advertise that people pass through every day.”

From out-of-home to in transit

John Laramie, CEO of out-of-home advertising agency Project X, agreed that there’s been a big shift over the past few years.

He and I first spoke in 2011 about startups buying billboard ads alongside Silicon Valley’s main highway, Route 101. More recently, he told me, “Fast forward to the last four years, and who cares about the 101? It’s all about the New York City subway.”

SmileDirectClub, the at-home teeth-straightening service, is on its way to becoming a public company. SmileDirectClub is seeking to raise up to $100 million in its IPO, according to its S-1 filed today. The number of shares and price range for the offering have yet to be determined.

Prior to this, SmileDirectClub reached a $3.2 billion valuation following a $380 million funding round last October. Investors from Clayton, Dubilier & Rice led the round, which featured participation from Kleiner Perkins and Spark Capital. This funding came on top of Invisalign maker Align Technology’s $46.7 million investment in SmileDirectClub in 2016, and another $12.8 million investment in 2017 to own a total of 19 percent of the company.

In 2018, SmileDirectClub’s revenues came in at $432.2 million, a significant uptick from just $147 million the year prior.

The company ships invisible aligners directly to customers, and licensed dental professionals (either orthodontists or general dentists) remotely monitor the progress of the patient. Before shipping the aligners, patients either take their dental impressions at home and send them to SmileDirectClub or visit one of the company’s “SmileShops” to be scanned in person. SmileDirectClub says it costs 60 percent less than other types of teeth-straightening treatments, with the length of treatments ranging from four to 14 months. The average treatment lasts six months.

Though, members of the American Association of Orthodontists have taken issue with SmileDirectClub, previously asserting that SmileDirectClub violates the law because its methods of allowing people to skip in-person visits and X-rays is “illegal and creates medical risks.” The organization has also filed complaints against SmileDirectClub in 36 states, alleging violations of statutes and regulations governing the practice of dentistry. Those complaints were filed with the regulatory boards that oversee dentistry practices and with the attorneys general of each state.

SmileDirectClub explicitly calls out those issues in its S-1 as potential risk factors. Here’s a key nugget:

A number of dental and orthodontic professionals believe that clear aligners are appropriate for only a limited percentage of their patients. National and state dental associations have issued statements discouraging use of orthodontics using a teledentistry platform. Increased market acceptance of our remote clear aligner treatment may depend, in part, upon the recommendations of dental and orthodontic professionals and associations, as well as other factors including effectiveness, safety, ease of use, reliability, aesthetics, and price compared to competing products.

Furthermore, our ability to conduct business in each state is dependent, in part, upon that particular state’s treatment of remote healthcare and that state dental board’s regulation of the practice of dentistry, each which are subject to changing political, regulatory, and other influences. There is a risk that state authorities may find that our contractual relationships with our doctors violate laws and regulations prohibiting the corporate practice of dentistry, which generally bar the practice of dentistry by entities. Two state dental boards have established new rules or interpreted existing rules in a manner that purports to limit or restrict our ability to conduct our business as currently conducted.

Additionally, as the S-1 notes, a national dental association recently filed a petition with the U.S. Food and Drug Administration claiming that SmileDirectClub’s manufacturing violates “prescription only” requirements. While no regulations or laws have been passed that would affect SmileDirectClub to date, it’s a possible scenario that would greatly impact the company’s core business.

Each month millions of Indians are coming online for the first time, making India the last great growth market for internet companies worldwide. But winning them presents its own challenges.

These users, most of whom live in small cities and villages in India, can’t speak English. Their interests and needs are different from those of their counterparts in large cities. When they come online, the world wide web that is predominantly focused on the English-speaking masses, suddenly seems tiny, Google executives acknowledged at a media conference last year. According to a KPMG-Google report (PDF) on Indian languages, there will be 536 million non-English speaking users using internet in India by 2021.

Many companies are increasingly adding support for more languages, and Silicon Valley giants such as Google are developing tools to populate the web with content in Indian languages.

But there is still room for others to participate. On Friday, a new startup announced it is also in the race. And it has already received the backing of Y Combinator (YC).

Lokal is a news app that wants to bring local news to hundreds of millions of users in India in their regional languages. The startup, which is currently available in the Telugu language, has already amassed more than two million users, Jani Pasha, co-founder of Lokal, told TechCrunch in an interview.

There are tens of thousands of publications in India and several news aggregators that showcase the top stories from the mainstream outlets. But very few today are focusing on local news and delivering it in a language that the masses can understand, Pasha said.

Lokal is building a network of stringers and freelance reporters who produce original reporting around the issues and current affairs of local towns and cities. The app is updated throughout the day with regional news and also includes an “information” stream that shows things like current price of vegetables, upcoming events and contact details for local doctors and police stations.

The platform has grown to cover 18 districts in South India and is slowly ramping up its operations to more corners of the country. The early signs show that people are increasingly finding Lokal useful. “In 11 of the 18 districts we cover, we already have a larger presence and reader base than other media houses,” Pasha said.

Before creating Lokal, Pasha and the other co-founder of the startup, Vipul Chaudhary, attempted to develop a news aggregator app. The app presented news events in a timeline, offering context around each development.

“We made the biggest mistake. We built the product for four to five months without ever consulting with the users. We quickly found that nobody was using it. We went back to the drawing board and started interviewing users to understand what they wanted. How they consumed news, and where they got their news from,” he said.

“One thing we learned was that most of these users in tier 2 and tier 3 India still heavily rely on newspapers. Newspapers still carry a lot of local news and they rely on stringers who produce these news pieces and source them to publications,” he added.

But newspapers have limited pages, and they are slow. So Pasha and the team tried to build a platform that addresses these two things.

Pasha tried to replicate it through distributing local news, sourced from stringers, on a WhatsApp group. “That one WhatsApp group quickly became one of many as more and more people kept joining us,” he recalls. And that led to the creation of Lokal.

Along the journey, the team found that classifieds, matrimonial ads and things like birthday wishes are still driving people to newspapers, so Lokal has brought those things to the platform.

Pasha said Lokal will expand to three more states in the coming months. It will also begin to experiment with monetization, though that is not the primary focus currently. “The plan is to eventually bring this to entire India,” he said.

A growing number of startups today are attempting to build solutions for what they call India 2 and India 3 — the users who don’t live in major cities, don’t speak English and are financially not as strong.

ShareChat, a social media platform that serves users in 15 regional languages — but not English — said recently it has raised $100 million in a round led by Twitter. The app serves more than 60 million users each month, a figure it wants to double in the next year.

Postmates has officially received the green light from the city of San Francisco to begin testing its Serve wheeled delivery robot on city streets, as first reported by the SF Chronicle and confirmed with Postmates by TechCrunch. The on-demand delivery company told us last week that it expected the issuance of the permit to come through shortly after a conditional approval, and that’s exactly what happened on Wednesday thes week.

The permit doesn’t cover the entire city – just a designated area of a number of blocks in and around Potrero Hill and the Inner Mission, but it will allow Postmates to begin testing up to three autonomous delivery robots at once, at speeds of up to 3 mph. Deliveries can only take place between 8 AM and 6:30 PM on weekdays, and a human has to be on hand within 30 feet of the vehicles while they’re operating at all times. Still, it’s a start, and green light for a city regulatory environment that has had a somewhat rocky start with some less collaborative early pilots from other companies.

Autonomous delivery bot company Marble also has a permit application pending with the city’s Public Works department, and will look to test its own four-wheeled, sensor-equipped rolling delivery bots within the city soon should it be granted similar testing approval.

Postmates first revealed Serve last December, taking a more anthropomorphic approach to the vehicle’s overall design. Like many short-distance delivery robots of its ilk, it includes a lockable cargo container and screen-based user interface for eventual autonomous deliveries to customers. The competitive field for autonomous rolling delivery bots is growing continuously, with companies like Starship Technologies, Amazon and many more throwing their hats in the ring.

For a long, long time, renewable energy proponents have considered advancements in battery technology to be the holy grail of the industry.

Advancements in energy storage has been among the hardest to achieve economically thanks to the incredibly tricky chemistry that’s involved in storing power.

Now, one company that’s launching from Y Combinator believes it has found the key to making batteries better. The company is called Holy Grail and it’s launching in the accelerator’s latest cohort.

With an executive team that initially included Nuno Pereira, David Pervan, and Martin Hansen, Holy Grail is trying to bring the techniques of the fabless semiconductor industry to the world of batteries.

The company’s founders believe that the only way to improve battery functionality is to take a systems approach to understanding how different anodes and cathodes will work together. It sounds simple, but Pereira says that the computational power hadn’t existed to take into account all of the variables that go along with introducing a new chemical to the battery mix.

“You can’t fix a battery with just a component,” Pereira says. “All of the batteries that were created and failed in the past. They create an anode, but they don’t have a chemical that works with the cathode or the electrolyte.”

For Pereira, the creation of Holy Grail is the latest step on a long road of experimentation with mechanical and chemical engineering. “As a kid I was more interested in mechanical engineering and building stuff,” he says. But as he began tinkering with cars and became fascinated with mobility, he realized that batteries were the innovation that gave the world its charge.

In 2017 Pereira founded a company called 10Xbattery, which was making high-density lithium batteries. That company, launching with what Pereira saw as a better chemistry, encapsulated the industry’s problem at large — the lack

So, with the help of a now-departed co-founder, Pereira founded Holy Grail. “He essentially told me, ‘Do you want to take a step back and see if there’s a better way to do this?'” said Pereira.

The company pitches itself as science fiction coming from the future, but it relies on a combination of what are now fairly standard (at least in the research community) tools. Holy Grail’s pitch is that it can automate much of the research and development process to create new batteries that are optimized to the specifications of end customers.

“It’s hard for a human to do the experiments that you need and to analyze multidimensional data,” says Pereira. “There are some companies that only do the machine-learning part and the computational science part and sell the results to companies. The problem is that there’s a disconnection between experimental reality and the simulations.”

Using computer modeling, chemical engineering and automated manufacturing, Holy Grail pitches a system that can get real test batteries into the hands of end customers in the mobility, electronics, and utility industries orders of magnitude more quickly than traditional research and development shops.

Currently the system that Holy Grail has built out can make 700 batteries per day. The company intends to  build a pilot plant that will make batteries for electronics and drones. For automotive and energy companies, Holy Grail says it will partner with existing battery manufacturers that can support the kind of high-throughput manufacturing big orders will require.

Think of it like bringing the fabless chip design technologies and business models to the battery industry, says Pereira.

Holy Grail already has $14 million in letters of intent with potential customers, according to Pereira and is expecting to close additional financing as it exits Y Combinator.

To date the company has been backed by the London-based early stage investment firm Deep Science Ventures, where Pereira worked as an entrepreneur in residence.

Ultimately, the company sees its technology being applied far beyond batteries as a new platform for materials science discoveries broadly. For now, though the focus is on batteries.

“For the low volume we sell direct,” says Pereira. “While on high volume production, we will implement a pilot line through the system… we are able to do the research engineering with the small ones and test the big ones. In our case when we have a cell that works, it’s not something that works in a lab it’s something that works in the final cell.”

Twitter is testing a new way to filter unwanted messages from your Direct Message inbox. Today, Twitter allows users to set their Direct Message inbox as being open to receiving messages from anyone, but this can invite a lot of unwanted messages, including abuse. While one solution is to adjust your settings so only those you follow can send your private messages, that doesn’t work for everyone. Some people — like reporters, for example — want to have an open inbox in order to have private conversations and receive tips.

This new experiment will test a filter that will move unwanted messages, including those with offensive content or spam, to a separate tab.

Instead of lumping all your messages into a single view, the Message Requests section will include the messages from people you don’t follow, and below that, you’ll find a way to access these newly filtered messages.

Users would have to click on the “Show” button to even read these, which protects them from having to face the stream of unwanted content that can pour in at times when the inbox is left open.

And even upon viewing this list of filtered messages, all the content itself isn’t immediately visible.

In the case that Twitter identifies content that’s potentially offensive, the message preview will say the message is hidden because it may contain offensive content. That way, users can decide if they want to open the message itself or just click the delete button to trash it.

The change could allow Direct Messages to become a more useful tool for those who prefer an open inbox, as well as an additional means of clamping down on online abuse.

It’s also similar to how Facebook Messenger handles requests — those from people you aren’t friends with are relocated to a separate Message Requests area. And those that are spammy or more questionable are in a hard-to-find Filtered section below that.

It’s not clear why a feature like this really requires a “test,” however — arguably, most people would want junk and abuse filtered out. And those who for some reason did not, could just toggle a setting to turn the filter off.

Instead, this feels like another example of Twitter’s slow pace when it comes to making changes to clamp down on abuse. Facebook Messenger has been filtering messages in this way since late 2017. Twitter should just launch a change like this, instead of “testing” it.

The idea of hiding — instead of entirely deleting — unwanted content is something Twitter has been testing in other areas, too. Last month, for example, it began piloting a new “Hide Replies” feature in Canada, which allows users to hide unwanted replies to their tweets so they’re not visible to everyone. The tweets aren’t deleted, but rather placed behind an extra click — similar to this Direct Message change.

Twitter is updating is Direct Message system in other ways, too.

At a press conference this week, Twitter announced several changes coming to its platform including a way to follow topics, plus a search tool for the Direct Message inbox, as well as support for iOS Live Photos as GIFs, the ability to reorder photos, and more.

Cedric Dussud, Michael Nason, Ahmed Elsamadisi and Matthew Star (pictured above, in order) spent the summer sharing a house in San Francisco, cooking meals together and building Narrator, a startup with ambitions of becoming a universal data model fit for any company.

Narrator is one of more than 100 startups graduating next week from Y Combinator, the San Francisco accelerator program. Put simply, the company provides data-science-as-a-service to its customers: fellow startups.

“We provide the equivalent of a data team for the price of an analyst,” explains Narrator co-founder and director of engineering Star. “Within the first month, our clients get an infinitely scalable data system.”

Led by chief executive officer Elsamadisi, a former senior data engineer at WeWork, the Narrator founding team is made up entirely of alums of the co-working giant. The building blocks of Narrator’s subscription-based data modeling tool were developed during Elsamadisi’s WeWork tenure, where he was tasked with making sense of the company’s disorganized trove of data.

As an early addition to WeWork’s data team, Elsamadisi spent two years bringing WeWork’s data to one place, scaling the team to 40 people and ultimately creating a functional data model the soon-to-be-public company could use to streamline operations. Then in 2017, Elsamadisi had an a-ha moment. The system he created at WeWork could be applied to any data stream, he thought.

“All companies are fundamentally the same when it comes to the kinds of data they want to understand about their business,” Narrator’s Dussud tells TechCrunch. “Every startup wants to know what’s my monthly recurring revenue, why are my customers churning or whatever the case may be. The only reason they have to go hire a data team and hire a business analyst is because the way that their data is structured is specific to that company.”

All Narrator clients use the same consistent format to absorb and manage their data, saving startups time and heaps of money.

Narrator follows a long line of Y Combinator graduates that built startups catering to other startups, as the accelerator becomes more of a SaaS incubator of sorts. PagerDuty and Docker proved that YC companies could build with a strong focus on other YC companies. Brex, a recent YC grad that issues credit cards to entrepreneurs, has leveraged the same startup-focused model for big-time success.

“Why not build a company to make something that other startups can have?” Asks Dussud. “It’s hugely valuable and only big companies have access to it. Let’s make it available to everybody.”

New York-based Narrator sees a massive opportunity ahead. Every company, after all, wants to increase revenue or decrease costs, a difficult task easier accomplished with a data-driven culture.

“If you start to imagine a world where, under the hood, the structure of the data at all companies is the same, you can now start reusing a lot of the things that in the past would actually be quite complicated,” said Star. “Right now, anytime you want to start from scratch with a new data system, you are literally starting from scratch and unfortunately reinventing the wheel. If you had a standardized system, you know, a standardized model, you could start reusing a lot of really wonderful things.”

Narrator is working with 14 clients today, each using an identical data model. Their goal is for Narrator’s structure to become the standard by which all startups do data science. In other words, Narrator hopes to become the operating system for data science.

“What’s kind of amazing is whether we’re working with a financial app … a clothing rental startup or a healthcare company, they’re all using the same data model,” said Star. “Any one of those teams, if they wanted to get the same level of analysis, they would have to hire a data analyst.”

Narrator raised $1.3 million in seed funding led by Flybridge Capital Partners prior to joining YC. Hot off the heels of the accelerator program, there’s no doubt the startup will close another round of financing soon.

Dozens of Android adware apps disguised as photo editing apps and games have been caught serving ads that would take over users’ screens as part of a fraudulent money-making scheme.

Security firm Trend Micro said it found 85 individual apps downloaded more than eight million times from the Google Play — all of which have since been removed from the app store.

More often than not adware apps will run on a user’s device and will silently serve and click ads in the background and without the user’s knowledge to generate ad revenue. But these apps were particularly brazen and sneaky, one of the researchers said.

“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”

The researchers discovered that the apps would keep a record when they were installed and sit dormant for around half-an-hour. After the delay, the app would hide its icon and create a shortcut on the user’s home screen, the security firm said. That, they say, helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the ‘uninstall’ section of the screen.

“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”

When the app unlocked, it displayed ads on the user’s home screen. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.

Worse, the ads can be remotely configured by the fraudster, allowing ads to be displayed more frequently than the default five minute intervals.

Trend Micro provided a list of the apps — including Super Selfie Camera, Cos Camera, Pop Camera, and One Stroke Line Puzzle — all of which had a million downloads each.

Users about to install the apps had a dead giveaway: most of the apps had appalling reviews, many of which had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.

Google does not typically comment on app removals beyond acknowledging their removal from Google Play.

Read more:

• New Android adware found in 200 apps on Google Play
• Sennheiser’s flawed headphone software opened PCs and Macs to HTTPS site spoofing
• Millions of Android users tricked into downloading dozens of adware apps from Google Play
• Scranos, a new rootkit malware, steals passwords and pushes YouTube clicks
• A top-tier app in Apple’s Mac App Store stole your browser history
• Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’