A security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app.
Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues.
While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.
But the exposed data wasn’t visible to anyone using the app. Rather, the bug was retrieving hidden data, including the user’s latitude and longitude and their home address, from Ring’s servers.
Another problem was that every post was tied to a unique number generated by the server that incremented by one each time a user created a new post. Although the number was hidden from view to the app user, the sequential post number made it easy to enumerate the location data from previous posts — even from users who aren’t geographically nearby.
Ring Neighbors app (left), and the data it was pulling in, including location data (right). (Image: TechCrunch)
The Neighbors app appeared to have about 4 million posts by the end of 2020.
Ring said it had fixed the issue.
“At Ring, we take customer privacy and security extremely seriously. We fixed this issue soon after we became aware of it. We have not identified any evidence of this information being accessed or used maliciously,” said Ring spokesperson Yassi Shahmiri.
Ring currently faces a class-action suit by dozens of people who say they were subjected to death threats and racial slurs after their Ring smart cameras were hacked. In response to the hacks, Ring put much of the blame on users for not using “best practices” like two-factor authentication, which makes it harder for hackers to access a user’s account with the user’s password.
The smart tech maker has also faced increasing criticism from civil rights groups and lawmakers for its cozy relationship with hundreds of U.S. police departments that have partnered with Ring for access to homeowners’ doorbell camera footage.
Alongside its other announcements at Samsung’s event today, the company introduced its new Galaxy SmartTag Bluetooth locator, a lost item beacon for Samsung owners and a competitor with Tile. Like Tile and Apple’s forthcoming AirTags, the beacon can be attached to keys, a bag, a pet’s collar or anything else you want to track. Initially, these SmartTags will use Bluetooth to communicate with a nearby Samsung device, however, the company confirmed a ultra-wideband (UWB) powered version called the SmartTag+ will arrive later this year.
The latter would allow the SmartTag to better compete with Apple’s AirTags, which are also expected to take advantage of newer iPhones’ UWB capabilities. Tile, in anticipation of this news, has already developed a UWB tracker arriving later this year, as well.
The SmartTag announced today, the Galaxy SmartTag11, will use Bluetooth and there is only one main SKU — not a range of products in different sizes or configurations. However, the tracker will be sold in two color variations: Black and Oatmeal.
The tracker works with any Galaxy device, a Samsung rep told us, as long as the device runs Android 10 or later.
Device owners can then locate the missing item with the SmartTag attached using the SmartThings Find app.
This works similar to Tile and other BLE (Bluetooth Low Energy) trackers. When the SmartTag is offline — meaning, disconnected from the Galaxy S21 or other device — it sends a BLE signal that can be detected by nearby Galaxy devices. When detected, the device will send the nearby location information to the SmartThings Fine app so you can locate the item. Samsung says the SmartThings Find user data is encrypted and securely protected, so your location and personal information is safe when you lose your device and use the app to search for it.
The app will also offer a variety of locating tools, including a “Notify me when it’s found” option, as well as “Search Nearby,” “Search,” and “Ring” tools. Like Tile, you can also use a SmartTag to locate a missing phone. In this case, you push the Galaxy SmartTag button twice to receive an alert to help locate the missing phone.
The tag can also be customized to do other things when pushed once, so you could easily turn on your lights or TV when you return home, for example.
Ahead of the announcement, regulatory documents showed the tracker as a slightly chunkier version of Tile’s trackers, powered by a C2032 cell battery, with Bluetooth connectivity.
A Samsung rep could not provide us with the official and detailed tech specs for the device ahead of its announcement today, but we’ll update if the company figures it out. Unfortunately, without the confirmed details like whether the battery is user-replaceable, for example, or what the range is, it’s difficult to make a proper comparison to the existing trackers on the market. (You can’t always go off leaks alone here, either, as they aren’t always an indication of the final product. But the regulatory filings are likely a good starting point.)
To promote adoption, Samsung is giving away the new trackers pre-orders. From Jan. 14 to Jan. 28, 2021, consumers who pre-order the Galaxy S21 Ultra will get a $200 Samsung Credit plus a free Galaxy SmartTag. That could help the devices gain a little more traction, as Samsung’s previous investments in tracking gadgets, including its 2018 LTE-based SmartThings tracking fobs, never really caught on.
Outside the pre-order promotion, the SmartTags will cost $29.99 individually and will be sold starting Jan. 29th.
This is slightly steeper than Tile’s entry-level Bluetooth tracker, the Tile Mate, which retails for $24.99.
Privacy concerns that have been driving app users to alternative chat apps like Signal and Telegram in recent weeks, since Facebook-owned WhatsApp announced a T&Cs change, appear to also be generating some uplift for end-to-end encrypted email providers.
Two Europe-based Protonmail and Tutanota have reported an uptick in sign ups in recent weeks.
Protonmail founder Andy Yen told TechCrunch it’s seen a 3x rise in sign ups for its end-to-end encrypted webmail service “in recent weeks”. While Germany’s Tutanota said usage has doubled since privacy concerns about WhatsApp’s new T&Cs sharing data with Facebook started circulating online.
“We are thrilled to see so many new users coming in. We already said in 2017 that the privacy-era has started, and we have been proven right ever since. People around the world are increasingly understanding that privacy matters and are no longer okay with fuelling the surveillance capitalism and the exploitation of their data by big tech such as Facebook. That’s why alternatives like Signal and Tutanota are constantly growing,” said Tutanota co-founder Matthias Pfau in a statement.
The fully e2e encrypted chat app Signal hasn’t disclosed how many new users it’s racked up in recent weeks but WhatsApp co-founder Brian Acton — who joined forces with Signal after he left Facebook in 2018 — told us earlier this week that usage has “exploded”.
Anecdotal reports of newbies to the app — whose tagline is “say ‘hello’ to privacy” — abound.
In my case, among the UK contacts joining what had previously been a tight clique of privacy nerds, I can report a couple of ex London neighbours, an old university acquaintance, an antique Tinder date and two former colleagues — while my India-based TC colleague, Manish Singh, showed me three full screenshots of sign-ups his Signal app had alerted him to in just “the last few days”.
Telegram, another long-standing WhatsApp chat app alternative, has also reported a huge influx of new users in recent weeks.
The platform offers end-to-end encryption as an option for one-to-one chats (via its ‘Secret Chats’ feature), although unlike Signal e2e encryption is not the default rule. Nonetheless its founder, Pavel Durov, has been a very vocal critic of how Facebook treats users and their data. And that reputation baiting looks to be paying off.
“I hear Facebook has an entire department devoted to figuring out why Telegram is so popular,” Durov wrote in his Telegram Channel on January 8, seeking to capitalize on concerns about the looming WhatsApp’s T&Cs change. “Imagine dozens of employees working on just that full-time.
“I am happy to save Facebook tens of millions of dollars and give away our secret for free: respect your users,” he added.
A few days later Durov posted again to report Telegram’s user-base had surpassed 500M monthly actives in the first week of this year — adding 25M new users “in the last 72 hours alone”.
“These new users came from across the globe — 38% from Asia, 27% from Europe, 21% from Latin America and 8% from MENA,” he went on, implying around 6% of the new sign-ups came from North America (where there have also been reports of Trump supporters turning to Telegram as an alternative channel to organize protests as mainstream social networks have closed down accounts and pages linked to threats of violence and insurrection).
“This is a significant increase compared to last year, when 1.5M new users signed up every day,” he also said, adding: “We’ve had surges of downloads before, throughout our 7-year history of protecting user privacy. But this time is different. People no longer want to exchange their privacy for free services. They no longer want to be held hostage by tech monopolies that seem to think they can get away with anything as long as their apps have a critical mass of users.”
Durov has posted another update today — saying sign ups have “only accelerated” (and welcoming a couple more heads of state to the platform).
The privacy-flavored mass migration of users to WhatsApp alternatives has pushed the Facebook-owned company to attempt a public firefight this week — over what it couches as “rumours” about the looming T&Cs changes.
We want to address some rumors and be 100% clear we continue to protect your private messages with end-to-end encryption. pic.twitter.com/6qDnzQ98MP
A Facebook spokesperson told us there are no changes to WhatsApp’s data sharing practices anywhere in the world with this update — which they said is about providing clearer, more detailed information to users on how and why the company uses their data, and also provides information about how businesses can use WhatsApp to connect with their customers.
But Facebook’s problem is it’s spent 15+ years torching user trust around privacy. And all those broken promises are coming home to roost as users fly elsewhere — searching for a platform whose business model isn’t predicated on exploiting their attention.
Whatever the specific detail of the latest WhatsApp T&Cs change, there’s no escaping the ugly truth that Facebook is an adtech giant. And it did already screw over WhatsApp users’ privacy — when it U-turned on data-sharing with Facebook just a few short years after it shelled out $19BN to line up all those extra eyeballs for its surveillance business.
That’s why e2e encryption in the hands of Mark Zuckerberg’s advertising empire simply can’t protect users’ privacy in the same way that a not-for-profit app like Signal can. And all those ‘personalized’ Facebook features — be they stickers, filters, lens or whatever — are just a distraction from the underlying truth that Facebook makes money by removing users privacy through an interconnected mesh of apps and tools that are dedicated to tracking Internet users and linking digital activity to eyeballs.
The techie obscurity that cloaked Facebook’s surveillance for years is now steadily being unpicked. And it’s clear that plenty of people don’t at all like what they see.
Following regulatory scrutiny on both sides of the pond, Google this morning announced that it has completed its acquisition of wearables pioneer, Fitbit. Google’s use of the vast amount of user health data has long been the key sticking point of regulatory concern of the deal. After all, targeted advertising continues to be at the heart of much of what the tech giant does.
As such, it’s unsurprising that both Google and Fitbit are looking to address concerns in their respective statements on the acquisition. Google, in particular is quick to insist that the deal is all about hardware – which has admittedly been a struggle in this particular vertical. Google’s efforts to compete with Apple in the fitness and wearable categories have been, at best, uneven.
Google SVP of Devices and Services Rick Osterloh notes,
This deal has always been about devices, not data, and we’ve been clear since the beginning that we will protect Fitbit users’ privacy. We worked with global regulators on an approach which safeguards consumers’ privacy expectations, including a series of binding commitments that confirm Fitbit users’ health and wellness data won’t be used for Google ads and this data will be separated from other Google ads data.
We’ll also maintain access to Android APIs that enable devices like fitness trackers and smart watches to interoperate with Android smartphones, and we’ll continue to allow Fitbit users to choose to connect to third-party services so you’ll still be able to sync your favorite health and fitness apps to your Fitbit account. These commitments will be implemented globally so that all consumers can benefit from them. We’ll also continue to work with regulators around the world so that they can be assured that we are living up to these commitments.
The trust of our users will continue to be paramount, and we will maintain strong data privacy and security protections, giving you control of your data and staying transparent about what we collect and why. Google will continue to protect Fitbit users’ privacy and has made a series of binding commitments with global regulators, confirming that Fitbit users’ health and wellness data won’t be used for Google ads and this data will be kept separate from other Google ad data. Google also affirmed it will continue to allow Fitbit users to choose to connect to third party services.
Emergency services continue to be a major force when it comes to coping with the Covid-19 health pandemic, and today a company that is building technology to help them run better is announcing a round of funding to continue expanding its business.
Carbyne — an Israeli startup that has built a cloud-based platform aimed at emergency services to help them pinpoint more complete information about the people who are calling in, and to provide additional telemedicine services to start responding faster — has picked up $25 million.
The plan will be to take the service — which was already seeing strong growth before the pandemic — to the next level in terms of the technology it is building and the markets and organizations it is serving.
“Carbyne was not founded last year: we were already pushing cloud services and video and location to 911 for quite a while and had served 250 million people before the pandemic,” said Amir Elichai, the CEO, in an interview. “But cloud solutions for emergency services went from nice to have to must have with Covid.” The company has partnerships with public health providers as well as with groups like CentralSquare and Global Medical Response (GMR), and says that in the U.S. it is on target to cover some 90% of the market.
The Series B1 is being led by Hanaco Ventures and ELSTED Capital Partners, with former CIA Director General David Petraeus, Founders Fund, FinTLV, and other past investors also participating.
The fact that this is a B1 round points to more funding on the way for the company in coming months. In any case, the $25 million is more than the company had planned to raise.
“The plan was to raise $15 million in 2020. After Covid started I decided we didn’t want to let anyone go, but we didn’t know what the situation would be. So we cut salaries instead across the board,” said Elichai. “But then we started to double revenues starting in Q2, and then in Q3 and Q4 grew 160%. It was straightforward to raise this money.”
The funding is coming on the heels of very strong growth for the company, in particular in the last year.
Carbyne’s services now cover about 400 million people, with a new implementation launching every 10 days since March of last year.
Elichai, who co-founded the company with Alex Dizengoff (CTO) and Yony Yatsun (engineering lead), said in an interview that in the last nine months, Carbyne has provided some 155 million location points to emergency medical services teams. Newer products are also growing. The services for EMS teams to provide help remotely have racked up 1.3 million minutes of video in that time, he said.
From what we understand, the funding puts Carbyne’s valuation at over $100 million. Although Elichai declined to give a specific figure, for some context, the company was valued at “around” $100 million when it last raised in 2018, a $15 million round that marked the first time that Founders Fund had invested in an Israeli startup.
The growth of the last year, and the ongoing demands on the business, point to that “over” being strong. Indeed, since its last round, the world at large, and the startup itself, have undergone some significant changes.
2018 and whatever dramas we were experiencing back then now feel like a distant, almost halcyon?, past when compared to some of the crises of the moment. One in particular, the coronavirus pandemic, has a direct connection to Carbyne.
Covid-19, the illness the results from the virus, has proven to be a pernicious and dogged ailment, often hitting people with its most dire and serious symptoms — the inability to breathe and organ failure — just when they start to think that they might be recovering. (Of course, that’s not the case for everyone, thankfully, but still it happens much too often to ignore.)
That has put a huge strain on emergency response services, from those that are fielding initial callouts, through to those making first contact with patients, and those at the hospitals bringing in and caring for the most serious cases. In many cases, those working these services have been stretched to overcapacity. The situation in many cities is nothing short of dire.
Carbyne’s technology has come into its own as a way not just to help those people do their jobs better by providing them with more data, but by becoming a means to those services channelling data back to those people calling in.
In the last couple of years, the company has undergone some significant shifts in how it delivers its services: when I covered the startup’s last funding round in 2018, for example, it provided some services directly to EMS organizations, but mainly it needed users to install an app, or provide that technology through another app, in order to work. Now, Elichai says that the company has integrated some location services from companies like Google to remove the need to use an app to connect users to its platform.
Similarly, the startup has taken a strong lead in how it collaborates with municipalities not just to provide services to make their operations more efficient, but to help offset them getting overwhelmed. A project in that vein was a recent undertaking in New Orleans, which Elichai said played a part in helping the city from really buckling under and managing the Covid-19 outbreak. More on that here:
Longer term, in countries like the US and elsewhere, there is a strong argument to be made for a lot of legacy services in 911-style emergency response finally getting the updates they have needed for years.
Specifically, earlier this month, a $1.5 trillion infrastructure bill approved in Congress earmarks $12 billion in funding for next-generation 911 deployments.
Carbyne believes that by 2023, it will be serving some 1.5 billion people, and it’s moves like this in the U.S. that point to why that might not be so far-fetched, Covid-19 or not.
X1 Card is raising a $12 million funding round. The company is building a credit card that sets limits based on your current and future income, not your credit score.
Spark Capital is leading the round with Jared Leto, Aaron Levie, Jeremy Stoppelman, Max Levchin and Ali Rowghani also participating. American Express veteran Ash Gupta is also joining the company as an advisor — he was the Chief Risk Officer of American Express.
The company says that it has attracted nearly 300,000 signups on its waitlist. I covered X1 Card back in September and it attracted a lot of readers. So that number doesn’t surprise me.
The X1 Card is a stainless steel Visa credit card with a different origin story. When you apply for a card, instead of determining your limits based on your credit score, the company wants to see your current and future income.
The startup believes the credit score system is outdated and doesn’t reflect your creditworthiness. That’s why it doesn’t use it to calculate limits. Your credit score still affects your variable APR (from 12.9% to 19.9%), but that’s it.
There are also a lot of software features that work with the credit card. For instance, you can track your subscriptions from the X1 app, you can also generate an auto-expiring virtual card for free trials that require a credit card. You also get notifications for refunds.
As for rewards, you get 2X points on all purchases. If you’re a heavy user and you spend more than $15,000 on your card per year, you’re upgraded to a new tier and earn 3X points. There’s also a viral element as you get a boosted reward level when you refer a friend — you get 4X points for a month. You can then spend your points with retail partners.
The company has promised a lot of features and now has enough cash in its bank account to deliver. Let’s see if the company can live up to the hype once the first customers get their cards. But it’s clear that the credit score system is outdated.
Blue Origin is launching its New Shepard suborbital rocket for the first time in 2021, with a liftoff planned for 9:45 AM CST (10:45 AM EST/7:45 AM PST) from its launch facility in West Texas. This is the 14th flight of New Shepard, and it includes some key testing activities for Blue Origin in preparation for its first human spaceflight missions.
The company has been flying a crew capsule on board its rocket for quite a while now, albeit empty (or rather, loaded with scientific and other cargo, rather than people). This version includes some key systems that will be used when astronauts are inside, however, including communications systems, and cabin environment regulation technologies that will make the trip for private spacefarers more comfortable and safe.
Blue Origin has had 13 previous successful New Shepard launches before, so one can reasonably expect things to go well today. But the company’s focus on that crew cabin and gathering data around systems crucial to human spaceflight is an exciting indicator that people could be on board that spacecraft sooner rather than later.
The stream above will being 30 minutes before the liftoff time, so at around 10:15 AM EST/7:15 AM PST.
Healthcare systems are always looking out for ways to save money and a startup called Lumiata has just raised $14 million to continue building out its service that aims to help them do it.
The company’s software cleans up healthcare datasets and then analyzes them to look for underwriting risks and cost savings for healthcare payors and providers.
The company said it would use the money to accelerate investment in new products and services along with sales and marketing. It expects to open new offices in Guadalajara, Mexico in 2021.
“Lumiata excels at building trusted relationships with its customers,” said Dalbir Bains, FGC Health’s chairman, president and CEO, a Lumiata customer. “They have delivered results that help us manage consumer risks for co-morbidities. Our long partnership means that we can depend on them long-term to help us manage our pharmacy business.”
Products help businesses manage underwriting and clinical costs and risks for decision support.
Cryptocurrency exchange company Gemini is acquiring Blockrize and announcing a new product today based on Blockrize’s work. Later this year, the company is launching a credit card that works like a regular credit card — but you earn bitcoin rewards based on your purchases.
The credit card will work on the Visa network and will be available in the U.S. Customers will earn up to 3% in bitcoin rewards (again, up to 3%). You'll be able to earn other crypto assets as well. Those rewards will be deposited on your Gemini account.
This isn't the first time a company is announcing a credit card with bitcoin rewards. BlockFi already announced its own card back in December. Both companies have yet to launch their cards.
As a comparison, BlockFi promises 1.5% rewards on fiat purchases. There's a $200 annual fee but you get $250 back if you spend at least $3,000 with the card in the first three months.
This new category of credit cards could be interesting for people who want to slowly acquire cryptocurrencies without going through an exchange. Similarly, some crypto enthusiasts don't want to use a debit card tied to a cryptocurrency wallet as they don't want to spend their crypto assets — HODL, as they say.
You could consider those credit cards as an alternative to credit cards that give you cashback. Sure, you don't get points that you can exchange for perks. But you get crypto assets without having to think about it.
Gemini customers can sign up to the waitlist today. Blockrize has been working on a credit card for some time. While it is now part of Gemini, people who previously signed up to Blockrize’s waitlist are still on the waitlist.
DecisionLink, an Atlanta-based company that provides software for cost-benefit analyses of business services from a customer’s perspective, has managed to woo one of Silicon Valley’s top venture firms to invest in its latest $18.5 million round of funding.
Other investors in the round included George Kurtz, the president and chief executive of CrowdStrike, and George Roberts, a partner at OpenView Venture Partners and the former executive vice president of North American sales at Oracle.
“Value Management [sic] as a practice is now a C-suite priority and increasingly considered an enterprise-critical function alongside software systems like CRM, marketing automation, and project management,” said Sameer Gandhi, Partner, Accel, in a statement. “In 2019, we invested in a SAFE round in DecisionLink because we believed in the market opportunity for scalable [value management]. Now, we have been so impressed by DecisionLink’s execution and its ability to drive this transformation on behalf of customers, that we are excited to lead its Series A round.”
Businesses are constantly looking for ways to benchmark themselves against their competitors or find new ways to better service them. Most of these strategies don’t take off, or are variations on a theme, but value management seems to have legs — especially given the accessibility of all kinds of benchmarking data points that are publicly available.
Accel-backed portfolio companies like CrowdStrike, PagerDuty, and DocuSign are using the service and so are companies like ServiceNow, Marketo, NCR, and VMWare.
These are big names in enterprise software, and the signal that their adoption of DecisionLink’s software provided must have played a role in Accel’s decision to invest.
