Category: UNCATEGORIZED

Hyp3r, an apparently trusted marketing partner of Facebook and Instagram, has been secretly collecting and storing location and other data on millions of users, against the policies of the social networks, Business Insider reported today. It’s hard to see how it could do this for years without intervention by the platforms except if the latter were either ignorant or complicit.

After BI informed Instagram, the company confirmed that Hyp3r (styled HYP3R) had violated its policies and has now been removed from the platform. In a statement to TechCrunch, a Facebook spokesperson confirmed the report, saying:

HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.

The company started several years ago as a platform via which advertisers could target users attending a given event, like a baseball game or concert. It used Instagram’s official API to hoover up data originally, the kind of data-gathering that has been happening for years by unsavory firms in tech, most infamously Cambridge Analytica.

The idea of getting an ad because you’re at a ball game isn’t so scary, but if the company maintains a persistent record not just of your exact locations, but objects in your photos and types of places you visit, in order to combine that with other demographics and build a detailed shadow profile… well, that’s a little scary. And so Hyp3r’s business model evolved.

Unfortunately, the API was severely restricted in early 2018, limiting Hyp3r’s access to location and user data. Although we heard reports that this led to layoffs at the company around the time, the company seems to have survived (and raised millions shortly afterwards) not by adapting its business model, but by sneaking around the apparently quite minimal barriers Instagram put in place to prevent location data from being scraped.

Some of this was done by taking advantage of Instagram’s Location pages, which would serve up public accounts visiting them to anyone who asked, logged in or not. (This was one of the features turned off today by Instagram.)

According to BI’s report, Hyp3r built tools to circumvent limitations on both location collection and saving of personal accounts’ stories — content meant to disappear after 24 hours. If a user posted anything at one of thousands of locations and regions monitored by Hyp3r, their data would be sucked up and added to their shadow profile.

To be clear, it only collected information from public stories and accounts. Naturally these people opted out of a certain amount of privacy by choosing a public account, but as the Cambridge Analytica case and others have shown, no one expects or should have to expect that their data is being secretly and systematically assembled into a personal profile by a company they’ve never heard of.

Facebook and Instagram, however, had definitely heard of Hyp3r. In fact, Hyp3r could until today be found in the official Facebook Marketing Partners directory, a curated list of companies it recommends for various tasks and services that advertisers might need.

And Hyp3r has been quite clear about what it is doing, though not about the methods by which it is doing it. It wasn’t a secret that the company was building profiles based around tracking locations and brands — that was presumably what Facebook listed it for. It was only when this report surfaced that Hyp3r had its Facebook Marketing Partner privileges rescinded.

It’s unclear how Hyp3r could exist as a privileged member of Facebook’s stable of recommended companies and simultaneously be in such blatant violation of its policies. If these partners receive even cursory reviews of their products and methods, wouldn’t it have been obvious to any informed auditor that there was no legitimate source for the location and other data that Hyp3r was collecting? Wouldn’t it have been obvious that it was engaging in Automated Data Collection, which is specifically prohibited without Facebook’s permission?

I’ve asked Facebook for more detail on how and when its Marketing Partners are reviewed, and how this seemingly fundamental violation of the prohibition against automated data collection could have gone undetected for so long.

Another day, another Salesforce acquisition. Just days after closing the hefty $15.7 billion Tableau deal, the company opened its wallet again, this time announcing it has bought field service software company ClickSoftware for a tidy $1.35 billion.

This one is designed to beef up the company’s field service offering under the Service Cloud umbrella. In its June earnings report, the company reported that Service Cloud crossed the $1 billion revenue threshold for the first time. This acquisition is designed to keep those numbers growing.

“Our acquisition of ClickSoftware will not only accelerate the growth of Service Cloud, but drive further innovation with Field Service Lightning to better meet the needs of our customers,” Bill Patterson, EVP and GM of Salesforce Service Cloud said in a statement announcing the deal.

ClickSoftware is actually older than Salesforce having been founded in 1997. The company went public in 2000, and remained listed until it went private again in 2015 in a deal with private equity company Francisco Partners, which bought it for $438 million. Francisco did alright for itself, holding onto the company for four years before more than doubling its money.

The deal is expected to close in the Fall and is subject to the normal regulatory approval process.

Big companies today may want to look and feel like startups, but when it comes to the way they approach buying new enterprise solutions, especially from new entrants. But from the standpoint of a true startup, closing deals with just a few big customers is critical to success. At our much anticipated inaugural TechCrunch Sessions: Enterprise event in San Francisco on September 5, Okta’s Monty Gray, SAP’s DJ Paoni, VMware’s Sanjay Poonen, and Sapphire Venture’s Shruti Tournatory will discuss ways for startups to adapt their strategies to gain more enterprise customers (p.s. early-bird tickets end in 48 hours – book yours here).

This session is sponsored by SAP, the lead sponsor for the event.

Monty Gray is Okta’s Senior Vice President and head of Corporate Development. In this role, he is responsible for driving the company’s growth initiatives, including mergers and acquisitions. That role gives him a unique vantage point of the enterprise startup ecosystem, all from the perspective of an organization that went through the process of learning how to sell to enterprises itself. Prior to joining Okta, Gray served as the Senior Vice President of Corporate Development at SAP.

Sanjay Poonen joined VMware in August 2013, and is responsible for worldwide sales, services, alliances, marketing and communications. Prior to SAP, Poonen held executive roles at Symantec, VERITAS and Informatica, and he began his career as a software engineer at Microsoft, followed by Apple.

SAP’s DJ Paoni has been working in the enterprise technology industry for over two decades. As president of SAP North America, DJ Paoni is responsible for the strategy, day-to-day operations, and overall customer success in the United States and Canada.

These three industry executives will be joined on stage by Sapphire Venture’s Shruti Tournatory, who will provide the venture capitalist’s perspective. She joined Sapphire Ventures in 2014 and leads the firm’s CXO platform, a network of Fortune CIOs, CTOs, and digital executives. She got her start in the industry as an analyst for IDC, before joining SAP and leading product for its business travel solution.

Grab your early-bird tickets today before we sell out. Early-bird sales end after this Friday, so book yours now and save $100 on tickets before prices increase. If you’re an early-stage enterprise startup you can grab a startup demo table for just $2K here. Each table comes with 4 tickets and a great location for you to showcase your company to investors and new customers.

We were hoping for at least one surprise during today’s big event. At the end of Unpacked, Samsung debuted the Galaxy Book S, a thin and light system created in tandem with Microsoft and Qualcomm.

The laptop runs Windows 10 on a Qualcomm mobile chip. Among other things, the chip gives the device some crazy long battery life — 23 hours on a charge, according to the company’s office number. The Book S features a single USB-C port on either side, and the small chip means you can fill it up it using the same charger as the Note 10. It’s clear now why the company was so proactive about adding more Windows compatibility for the Note 10.

The company even invited Microsoft CEO Satya Nadella on stage to discuss the growing partnerships between the two companies, which clearly has Apple firmly in its sights.

The laptop is coming in September, starting at $999. More information on specs and the like coming between now and than, though I wouldn’t expect too much from this device in terms of computing power. If anything, it’s probably something more akin to a premium Chromebook — a market Microsoft has been attempting to take on from a variety of angles.

Samsung has, too, of course. And perhaps this will prove a fruitful partnership for both parties.

 

The new Note’s 3D scanning feature got what may well have been the loudest applause line of today’s big Samsung event. It’s an impressive feature for sure, but it’s the kind with little real world value at the moment — and it’s only available on the pricier Note 10+. Understandable on the latter, at least.

After all, Samsung need some ways to distinguish the more expensive unit. Aside from size and pricing, the 10+ also features a time of flight sensor missing on the standard Note. That brings an extra level of depth sensing. For now, uses for the feature are pretty limit. Take AR Doodle — that’s available on both versions of the device.

3D scanning is an impressive differentiator, and the demo rightfully got some cheers as Samsung employ walked a circle around a stuffed beaver toy named “Billy” (I dunno, man). The phone did a solid job capturing the image in 3D and pulled it out of its background. From there, a users can sync its movements to their own and animate it, AR/Animoji-style.

[gallery ids="1865885,1865884,1865883,1865881,1865871,1865870,1865869"]

Again, a neat demo, but pretty limited real world use for most of us. Though that’s pretty standard for these sorts of features. It’s as much about showing that the company is thinking about AR and offering the hardware to do it. Making it truly useful, however, will be in the hands of developers.

In its second quarterly earnings release as a public company, Lyft showed it still isn’t afraid to lose money as long as that means surging revenues.

The company’s stock price jumped nearly 11 percent after-hours (following a 2.7% bump in its share price before the earnings dropped). The company beat on revenue with $867 million for the quarter, compared with $505 million in Q2 of last year, but Lyft also had net losses of $644 million for Q2 compared to $179 million in the same period of 2018. The company pinned their adjusted net loss (which accounts for amortization of intangible assets and stock-based compensation expenses among other expenses) even lower at $197 million versus $177 million in 2018 Q2.

The losses measure in the hundreds of millions but they still represent a substantial quarter-over-quarter decrease, all while pumping up revenues to their highest yet. Last quarter, the company earned $776 million in revenues but lost $1.14 billion.

What made Wall Street more happy than the individual quarter’s results was Lyft’s optimism for Q3 as well as the full-year 2019. The company updated its outlook for both.

“We remain focused on reshaping transportation and we are pleased with the continued improvement in market conditions. This environment along with our execution is translating to strong revenue growth and sales and marketing efficiencies. As a result of this positive momentum, we anticipate 2019 losses to be better than previously expected and we are pleased to have updated our outlook,” a statement attributed to Lyft CEO Logan Green reads.

Lyft hasn’t had the most pleasant debut since it IPO’d in March; as of market open, the stock was down more than 30% from its all-time-high though that percentage will shrink significantly if this after-hours surge holds.

Breaking

Security is empty, meaningless theater — or, at least, that’s the lesson taught to most employees of most large companies. Security is your password expiring every few months, your inability to access crucial services if you’re new or a contractor, a salty message from a team you’ve never met explaining that your new initiative is not permitted, a transparently convenient excuse when someone doesn’t want to admit their real reason. Security is bullshit.

I can cite more examples from my own career as a consultancy CTO than I care to think about. The household-name company whose security team explained that cloud services were inherently insecure, until they day they decided to switch to AWS and began to explain how local servers were inherently insecure. The household-name companies who deluged us with detailed security questionnaires regarding the security of our servers, but whose assessment protocols were then unable to comprehend our “uh, everything’s in the cloud with GitHub and GSuite etc., we have no servers of our own” responses without hour-long handholding calls.

Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.

Instead, he argued, security has to change its culture, which is far more important than strategy, which in turn is far more important than tactics. Instead of security becoming a faraway flaming hoop to jump through, teams should become responsible for their own security. Furthermore, security engineers should write code to help those teams. Fuzzing is great, but as he put it, “the next level is making fuzzy easy for software developers, because there are way more of them than there are of us.”

Most importantly — and most revolutionary — he argued that instead of defaulting to saying “no” all the time, and throwing up as many obstacles as possible, security people should always start with “yes, and here’s how we can help.” The fact this is so different from today’s practice that it actually sounds comical says a lot, none of it good.

The sad truth is that still, today, in the real world of enterprise software, security as most employees and vendors encounter it tends to be at least as performatively useless as the “take off your shoes & take out your liquids” security theater of American airports. The horror stories are legion. You have your own, I’m sure. Who doesn’t?

A couple more: Once a movie studio who wanted us to do some minor web-development work, for ancillary web sites with no real connection to their intellectual property, told us we would not be able to do anything unless our (primarily remote) workforce had continuous keycard access to, and closed-circuit camera coverage of, every computer which might work on these sites … then intimated that what they really needed was just for those boxes to be checked, not for any of that to actually happen.

Another time, a big company insisted that we become SOC-2 compliant — SOC-2 being a standard birthed not in tech but in accounting, and seemingly primarily designed to provide full employment for accountants rather than, you know, meaningful security standards and processes — without caring which, if any, of SOC-2’s five “trust services” we were talking about; they just needed to tick the “SOC-2 compliant” box on their list of vendors.

It doesn’t have to be this way. Security people could be contributors, rather than gatekeepers. And if they were, everyone would find it easier, more rewarding, and more intuitive to contribute to security. Siloed security bureaucracies aren’t just slow and frustrating; in the long run they are inherently a more fundamental threat to the security of the companies infested by them than any exterior hacker or even APT ever could be. It’s long past time we all learned that lesson.

The first Note was a spectacle. It wasn’t just the reintroduction of the stylus. In 2011, the idea of a 5.3 inch phone was laughable. Around the same time, Steve Jobs famously mocked a push toward 4-inch-plus phones, telling a press conference, “no one’s going to buy that.”

With the average phone size hovering about 5.5 inches these days, Samsung clearly won that round. Of course, the push has been helped considerably by an ever-improving screen-to-body ratio. Jobs’ concerns about not being able to get one’s hand around a device no longer apply to a majority of these handset.

Today in Brooklyn, Samsung is pushing things even further, with the introduction of a new subset of Galaxy Note devices. The Note 10+ is a 6.8 inch device. Among other things, the introduction of a new model differentiates the line slightly from Samsung’s other flagship line. The earlier arrival of an S Plus model meant that the S Pen was essentially the only distinguishing factor here.

https://techcrunch.com/2019/08/07/this-is-samsungs-galaxy-note-10-and-10/

Having spent some time with both Note 10 models, I can say I’m impressed with what the company has managed to do from a design perspective. The 10+ impressively has roughly the same footprint as the 6.4 inch Note 9, making carrying around such a massive device that much less absurd.

What’s really interesting here, however, is that the company took the rare action of actually shrinking down the standard Note from 6.4 to 6.3 inches. Weird, right? Yeah, well, these are weird times, friend.

The thinking behind the smaller screen was apparently to make the device more accessible to first time buyers. That seems a bit silly when talking about a literal fraction of an inch, but the improved screen-to-body ratio makes it that much smaller.

Here are the main distinctions between the two models:

• Note 10: Display 6.3-inch FHD+ AMOLED, 2280×1080 (401ppi); Note 10+: 6.8-inch Quad HD+ AMOLED 040×1440 (498ppi)
• Note 10: 3,500mAh battery; Note 10+: 4,300mAh battery
• Note 10: 8GB RAM, 256GB storage; Note 10+: 12GB RAM, 256GB storage (with 512GB option)
• The Note 10+ also has an additional TOF sensor on the rear camera array for depth sensing and an optional 5G model
• Note 10: Starts at $949 ; Note 10+: Starts at $1,100

Next month marks three years since Apple unceremoniously murdered the headphone jack. Courage. The company was roundly mocked for the its own hype, and the interviewing product cycles have been marked by several companies proudly showcasing their staunch refusal to cave.

None were more vocal about clinging to the 3.5mm jack than Samsung. And the company certainly deserves kudos for turning the once ubiquitous port into a distinguishing feature. Like I said a couple of weeks ago, if nothing else, Samsung ought to get a bit of credit for the continuing high quality of the headphones it bundles in with its flagships. It’s been an Apple blindspot, while Samsung has cancelled with comfortable, quality, AKG-branded headphones.

Never forgot were you were at 4PM ET on August 7, 2019. That’s when the torch carrier finally extinguished the flame at the tail end of the dongle decade. The Note 10 is here and the headphone jack is gone.

https://techcrunch.com/2019/08/07/this-is-samsungs-galaxy-note-10-and-10/

You already know the whys. Apple discussed them three years ago. So did Google after quickly reversing its own foot dragging on the Pixel line. But Samsung has had well over three years to prepare for this inevitable moment. The company knew there were would be a little egg on its face after a few years of talking up the port. But when you’ve been through a Galaxy Fold relaunch and two Note recalls, this is a veritable cakewalk.

Samsung’s primary driver here is the same as everyone else: space. The Note 10 and Note 10+ are big phones with big batteries (3,500mAh and 4,300mAh, respectively). For reasons that are clear for anyone who’s been following the line for some time, the company hit pause on the battery race for a while there, focusing instead on safety issues.

With that particular crisis well in the past now, however, battery life is once again central — as it should be. In order to make more room for mAhs, the company dropped the port and picked up the dongle. The tipping point, it says, came when its internal metrics showed that a majority of users on its flagship devices (the S and Note lines) moved to bluetooth streaming. The company says the number is now in excess of 70 percent of users.

I’ll be honest, that surprises me a bit, even now that bluetooth headphones are far cheaper and more plentiful than just three years ago. And no doubt the number changes fairly dramatically when you start talking about entry- and mid-tier devices. The company wouldn’t come out and say it, but it seems this dramatic shift also marks the end of the jack for S series devices, when the S11 starts shipping next year.

As for the dongle, turns out it won’t ship in box. That’ll cost you extra. But the good news is that the Note will ship with a USB-C version of its excellent (by free in-box standards) AKG headphones. Also, Samsung is one of eight million or so companies currently making bluetooth headphones.

And theirs are actually pretty good, turns out.

Eight years later, the Galaxy Note is undeniable. The original device, unveiled at IFA 2011, seemed unfathomably massive for a handset — all 5.3 inches of it. Nearly a decade and hundreds of millions of handsets later, the line has transformed the way we think about mobile devices.

Sure the stylus hasn’t become a mainstream element on handsets outside of Note devices, but much the rest of the industry has come around to Samsung’s way of thinking about big screens and productivity. Even foot-dragging Apple ultimately gave in. These days, the average screen size hovers about the 5.5-inch mark.

With the battle of screen sizes long since won, Samsung has an entirely different battle on its hands. With the smartphone market plateauing — and even receding — for the first time ever, companies have a difficult task on their hands. How can they make continually compelling offerings every six months?

The truth is that companies have painted themselves into a corner. Smartphones have gotten so good that users don’t need to upgrade nearly as frequently. The good ones have also gotten extremely expensive, regularly starting north of $1,000. Between the S and Note series, Samsung has moved to a six-month release cycle, with the respective phones being used to funnel new features to both lines every half a year. In the process, the company has blurred the lines between the two, with the S Pen remaining the one true differentiator between devices.

With the introduction of the Note 10 and Note 10+, however, Samsung is attempting to broaden the appeal of its secondary flagship. Like the S line, the Note has been split into two distinct devices (well, three, when you factor in 5G — more on that later). The standard Note 10 marks a rare step down in screen size — though only slightly.

The base-level Note downgrades from 6.4 to 6.3 inches. Why? Samsung believes a move to a slightly smaller form factor makes the device that much more accessible. It’s a small concession, a literal fraction of an inch. But when you consider the fact that the newly introduced Note 10+ has roughly the same footprint as the Note 9, you begin to realize how much more compact the Note 10 is.

That’s one thing Samsung has progressively gotten better at, year in, year out. The screen to body ratio on the new Notes is impressive. I’ve read a fair amount of critical hindsight recently about how the first Note was received as being “too large.” The fact of the matter is that it was massive, even by today’s standard. Sure, 5.3-inch is nothing in terms of screen size in 2019, but back then that required a lot more phone.

You’ve likely seen plenty of renders of the device before now — and they’ve basically all proven to be true. It’s a nice-looking phone. Samsung’s leaned in further on the curves, leaving little to no bezel on the thing. The cutout camera on the S10+ has been ditched in favor of a single small hole punch floating in the center (Samsung tells me it’s ditched the dual-selfies in favor of improving the single one via software, machine learning and the like).

Also notably missing is the headphone jack. After years of mocking Apple and its ilk, the company’s inevitably eating a bit of crow on this one. The tipping point is two-fold. First, big batteries are back, at 3,500mAh on the 10 and 4,300mAh on the 10+. For reasons you know but we won’t get into here, Samsung put the larger battery on hold for a bit, in favor of additional safety precautions.

https://techcrunch.com/2019/08/07/the-headphone-jack-dies-not-with-a-bang-but-a-note/

The other big factor is the Bluetooth tipping point. The company says a majority of flagship owners are now listening to music through a wireless connection (anecdotally around 70+%). Obviously that figure drops when dealing with less expensive handsets — people buying mid- and low-tier devices are still less inclined to shell out for Bluetooth headphones. Expect Samsung to blow through this bit of news pretty quickly at today’s event.

To help ease the shift, Samsung is including a pair of USB-C AKG headphones in the box. No dongle in-box, though. That’ll cost you.

Also gone is the standalone Bixby button. Instead, the power button summons Bixby with a long press. You can still remap that function, as well. Samsung is still pumping money into its smart assistant, but has generally acknowledged the lukewarm presence.

But enough of what we’re missing, right?

The back of the device (which sports some lovely new prism color schemes) sports a triple-camera area. There’s a 16 megapixel ultra wide, 12 megapixel standard wide angle and 12 megapixel telephoto. The 10+, meanwhile, brings a time of flight sensor, for added depth detection. It’s one of a small handful of distinctions between the models, including screen and battery size.

The TOF sensor brings a 3D scanner feature to the camera, so users can scan an object and turn it into a moveable render. Honestly, that one still feels pretty niche. The company adds that there are some additional potential AR features there, though those will be in the hands of developers.

Zoom-In Mic is a cool addition to video, which uses the mic array to direct sound recordings to the spot where you’ve focused the camera. That will be a cool one to test out when we get more time with the phone in the near future. Night Mode, meanwhile, has been added to the 10 megapixel front-facing camera for all of those low-light selfies.

AR Doodle is one of the neater camera software add-ons, letting users scribble on spots in space with the S Pen or add images and masks to faces. Move the phone around the room and they maintain their position. Add that one to the fun-but-not-particularly-useful list of AR applications.

The S Pen itself has shifted to a more solid unibody design. Samsung has also added the ability to create custom gestures with the input device On the software front the main addition is better handwriting recognition. I tried it out and it did a pretty solid job with my horrible chicken scratch.

DeX continues to be a a key piece of the puzzle for Amazon. Here that includes new drag and drop capabilities between the Note and a connected Mac or PC. The company says the feature is much improved over past attempts at Android/desktop functionality. Honestly, the DeX branding is getting a bit cloudy at this point — that’s only made more murky by the addition of a non-DeX Link to Windows feature that brings notifications and messages straight to a connected Windows 10 PC.

That’s more of a minor branding quibble, though.

Inside you’re getting the Qualcomm Snapdragon 855 (not plus, mind), coupled with 8GB of RAM on the 10 and 12GB on the 10+. Both versions feature a base 256GB of storage (no microSD), while the 10+ also has a 512GB version.

As usual, nothing too major to complain about here. The Note 10 feels like a pretty small upgrade in the grand scheme of things. The biggest news this time out is the addition of a second, XL size.

Pre-orders open tomorrow, August 8th for both. They’ll be in stores on the 23rd. The 10 starts at $950 and the 10+ starts at $1,100. Pre-order deals include accessories like the Charging Duo pad and Galaxy Watch Active.

There’s a 5G version of the Note 10+ available, as well, at the same time. That’s going to be a Verizon exclusive at launch, however, with pricing still TBD.