Category: UNCATEGORIZED

The FTC has reached a settlement with Flo, a period- and fertility tracking app with 100M+ users, over allegations it shared users’ health data with third party app analytics and marketing services like Facebook despite promising to keep users’ sensitive health data private.

Flo must obtain an independent review of its privacy practices and obtain app users’ consent before sharing their health information, under the terms of the proposed settlement.

The action follows a 2019 reports in the Wall Street Journal which conducted an analysis of a number of apps’ data sharing activity.

It found the fertility tracking app had informed Facebook of in-app activity — such as when a user was having their period or had informed it of an intention to get pregnant despite. It did not find any way for Flo users to prevent their health information from being sent to Facebook.

In the announcement of a proposed settlement today, the FTC said press coverage of Flo sharing users data with third party app analytics and marketing firms including Facebook and Google had led to hundreds of complaints.

The app only stopped leaking users’ health data following the negative press coverage, it added.

Under the FTC settlement terms, Flo is prohibited from misrepresenting the purposes for which it (or entities to whom it discloses data) collect, maintain, use, or disclose the data; how much consumers can control these data uses; its compliance with any privacy, security, or compliance program; and how it collects, maintains, uses, discloses, deletes, or protects users’ personal information. 

Flo must also notify affected users about the disclosure of their personal information and instruct any third party that received users’ health information to destroy that data.

The app maker has been contacted for comment.

No financial penalty is being levied but the FTC’s proposed settlement is noteworthy as it’s the first time the US regulator has ordered notice of a privacy action.

“Apps that collect, use, and share sensitive health information can provide valuable services but consumers need to be able to trust these apps. We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection, in a statement.

While the settlement received unanimous backing from five commissioners, two — Rohit Chopra and Rebecca Kelly Slaughter — have issued a joint dissent statement in which they highlight the lack of a finding of a breach of a US’ health breach notification rule which they argue should have applied in this case.

“In our view, the FTC should have charged Flo with violating the Health Breach Notification Rule. Under the rule, Flo was obligated to notify its users after it allegedly shared their health information with Facebook, Google, and others without their authorization. Flo did not do so, making the company liable under the rule,” they write.

“The Health Breach Notification Rule was first issued more than a decade ago, but the explosion in connected health apps make its requirements more important than ever. While we would prefer to see substantive limits on firms’ ability to collect and monetize our personal information, the rule at least ensures that services like Flo need to come clean when they experience privacy or security breaches. Over time, this may induce firms to take greater care in collecting and monetizing our most sensitive information,” they add.

Flo is by no means the only period tracking app to have attracted attention for leaking user data in recent years.

A report last year by the Norwegian Consumer Council found fertility/period tracker apps Clue and MyDays unexpectedly sharing data with adtech giants Facebook and Google, for example.

That report also found similarly non-transparent data leaking going on across a range of apps, including dating, religious, make-up and kids apps — suggesting widespread breaches of regional data processing laws which require that for consent to be valid users must be properly informed and given a genuine free choice. Although app makers have so far faced little enforcement for analytics/marketing-related data leaking in the region.

In the US regulatory action around apps hinges on misleading claims — whether about privacy (in Flo’s case) or in relation to the purposes of data processing, as in a separate settlement the FTC put out earlier this week related to cloud storage app Ever.

Researchers have created a machine learning system that they claim can determine a person’s political party, with reasonable accuracy, based only on their face. The study, from a group that also showed that sexual preference can seemingly be inferred this way, candidly addresses and carefully avoids the pitfalls of “modern phrenology,” leading to the uncomfortable conclusion that our appearance may express more personal information that we think.

The study, which appeared this week in the Nature journal Scientific Reports, was conducted by Stanford University’s Michal Kosinski. Kosinski made headlines in 2017 with work that found that a person’s sexual preference could be predicted from facial data.

The study drew criticism not so much for its methods but for the very idea that something that’s notionally non-physical could be detected this way. But Kosinski’s work, as he explained then and afterwards, was done specifically to challenge those assumptions and was as surprising and disturbing to him as it was to others. The idea was not to build a kind of AI gaydar — quite the opposite, in fact. As the team wrote at the time, it was necessary to publish in order to warn others that such a thing may be built by people whose interests went beyond the academic:

We were really disturbed by these results and spent much time considering whether they should be made public at all. We did not want to enable the very risks that we are warning against. The ability to control when and to whom to reveal one’s sexual orientation is crucial not only for one’s well-being, but also for one’s safety.

We felt that there is an urgent need to make policymakers and LGBTQ communities aware of the risks that they are facing. We did not create a privacy-invading tool, but rather showed that basic and widely used methods pose serious privacy threats.

Similar warnings may be sounded here, for while political affiliation at least in the U.S. (and at least at present) is not as sensitive or personal an element as sexual preference, it is still sensitive and personal. A week hardly passes without reading of some political or religious “dissident” or another being arrested or killed. If oppressive regimes could obtain what passes for probable cause by saying “the algorithm flagged you as a possible extremist,” instead of for example intercepting messages, it makes this sort of practice that much easier and more scalable.

The algorithm itself is not some hyper-advanced technology. Kosinski’s paper describes a fairly ordinary process of feeding a machine learning system images of more than a million faces, collected from dating sites in the U.S., Canada, and the U.K., as well as American Facebook users. The people whose faces were used identified as politically conservative or liberal as part of the site’s questionnaire.

The algorithm was based on open-source facial recognition software, and after basic processing to crop to just the face (that way no background items creep in as factors), the faces are reduced to 2,048 scores representing various features — as with other face recognition algorithms these aren’t necessary intuitive thinks like “eyebrow color” and “nose type” but more computer-native concepts.

The system was given political affiliation data sourced from the people themselves, and with this it diligently began to study the differences between the facial stats of people identifying as conservatives and those identifying as liberal. Because it turns out, there are differences.

Of course it’s not as simple as “conservatives have bushier eyebrows” or “liberals frown more.” Nor does it come down to demographics, which would make things too easy and simple. After all, if political party identification correlates with both age and skin color, that makes for a simple prediction algorithm right there. But although the software mechanisms used by Kosinski are quite standard, he was careful to cover his bases in order that this study, like the last one, can’t be dismissed as pseudoscience.

The most obvious way of addressing this is by having the system make guesses as to the political party of people of the same age, gender, and ethnicity. The test involved being presented with two faces, one of each party, and guessing which was which. Obviously chance accuracy is 50 percent. Humans aren’t very good at this task, performing only slightly above chance, about 55 percent accurate.

The algorithm managed to reach as high as 71 percent accurate when predicting political party between two like individuals, and 73 percent when presented with two individuals of any age, ethnicity, or gender (but still guaranteed to be one conservative, one liberal).

Getting three out of four may not seem like a triumph for modern AI, but considering people can barely do better than a coin flip, there seems to be something worth considering here. Kosinski has been careful to cover other bases as well; this doesn’t appear to be a statistical anomaly or exaggeration of an isolated result.

The idea that your political party may be written on your face is an unnerving one, for while one’s political leanings are far from the most private of info, it’s also something that is very reasonably thought of as being intangible. People may choose to express their political beliefs with a hat, pin, or t-shirt, but one generally considers one’s face to be nonpartisan.

If you’re wondering which facial features in particular are revealing, unfortunately the system is unable to report that. In a sort of para-study, Kosinski isolated a couple dozen facial features (facial hair, directness of gaze, various emotions) and tested whether those were good predictors of politics, but none led to more than a small increase in accuracy over chance or human expertise.

“Head orientation and emotional expression stood out: Liberals tended to face the camera more directly, were more likely to express surprise, and less likely to express disgust,” Kosinski wrote in author’s notes for the paper. But what they added left more than 10 percentage points of accuracy not accounted for: “That indicates that the facial recognition algorithm found many other features revealing political orientation.”

The knee-jerk defense of “this can’t be true – phrenology was snake oil” doesn’t hold much water here. It’s scary to think it’s true, but it doesn’t help us to deny what could be a very important truth, since it could be used against people very easily.

As with the sexual orientation research, the point here is not to create a perfect detector for this information, but to show that it can be done in order that people begin to consider the dangers that creates. If for example an oppressive theocratic regime wanted to crack down on either non-straight people or those with a certain political leaning, this sort of technology gives them a plausible technological method to do so “objectively.” And what’s more, it can be done with very little work or contact with the target, unlike digging through their social media history or analyzing their purchases (also very revealing).

We have already heard of China deploying facial recognition software to find members of the embattled Uyghur religious minority. And in our own country this sort of AI is trusted by authorities as well — it’s not hard to imagine police using the “latest technology” to, for instance, classify faces at a protest, saying “these 10 were determined by the system as being the most liberal,” or what have you.

The idea that a couple researchers using open-source software and a medium-sized database of faces (for a government, this is trivial to assemble in the unlikely possibility they do not have one already) could do so anywhere in the world, for any purpose, is chilling.

“Don’t shoot the messenger,” said Kosinski. “In my work, I am warning against widely used facial recognition algorithms. Worryingly, those AI physiognomists are now being used to judge people’s intimate traits – scholars, policymakers, and citizens should take notice.”

Researchers have created a machine learning system that they claim can determine a person’s political party, with reasonable accuracy, based only on their face. The study, from a group that also showed that sexual preference can seemingly be inferred this way, candidly addresses and carefully avoids the pitfalls of “modern phrenology,” leading to the uncomfortable conclusion that our appearance may express more personal information that we think.

The study, which appeared this week in the Nature journal Scientific Reports, was conducted by Stanford University’s Michal Kosinski. Kosinski made headlines in 2017 with work that found that a person’s sexual preference could be predicted from facial data.

The study drew criticism not so much for its methods but for the very idea that something that’s notionally non-physical could be detected this way. But Kosinski’s work, as he explained then and afterwards, was done specifically to challenge those assumptions and was as surprising and disturbing to him as it was to others. The idea was not to build a kind of AI gaydar — quite the opposite, in fact. As the team wrote at the time, it was necessary to publish in order to warn others that such a thing may be built by people whose interests went beyond the academic:

We were really disturbed by these results and spent much time considering whether they should be made public at all. We did not want to enable the very risks that we are warning against. The ability to control when and to whom to reveal one’s sexual orientation is crucial not only for one’s well-being, but also for one’s safety.

We felt that there is an urgent need to make policymakers and LGBTQ communities aware of the risks that they are facing. We did not create a privacy-invading tool, but rather showed that basic and widely used methods pose serious privacy threats.

Similar warnings may be sounded here, for while political affiliation at least in the U.S. (and at least at present) is not as sensitive or personal an element as sexual preference, it is still sensitive and personal. A week hardly passes without reading of some political or religious “dissident” or another being arrested or killed. If oppressive regimes could obtain what passes for probable cause by saying “the algorithm flagged you as a possible extremist,” instead of for example intercepting messages, it makes this sort of practice that much easier and more scalable.

The algorithm itself is not some hyper-advanced technology. Kosinski’s paper describes a fairly ordinary process of feeding a machine learning system images of more than a million faces, collected from dating sites in the U.S., Canada, and the U.K., as well as American Facebook users. The people whose faces were used identified as politically conservative or liberal as part of the site’s questionnaire.

The algorithm was based on open-source facial recognition software, and after basic processing to crop to just the face (that way no background items creep in as factors), the faces are reduced to 2,048 scores representing various features — as with other face recognition algorithms these aren’t necessary intuitive thinks like “eyebrow color” and “nose type” but more computer-native concepts.

The system was given political affiliation data sourced from the people themselves, and with this it diligently began to study the differences between the facial stats of people identifying as conservatives and those identifying as liberal. Because it turns out, there are differences.

Of course it’s not as simple as “conservatives have bushier eyebrows” or “liberals frown more.” Nor does it come down to demographics, which would make things too easy and simple. After all, if political party identification correlates with both age and skin color, that makes for a simple prediction algorithm right there. But although the software mechanisms used by Kosinski are quite standard, he was careful to cover his bases in order that this study, like the last one, can’t be dismissed as pseudoscience.

The most obvious way of addressing this is by having the system make guesses as to the political party of people of the same age, gender, and ethnicity. The test involved being presented with two faces, one of each party, and guessing which was which. Obviously chance accuracy is 50 percent. Humans aren’t very good at this task, performing only slightly above chance, about 55 percent accurate.

The algorithm managed to reach as high as 71 percent accurate when predicting political party between two like individuals, and 73 percent when presented with two individuals of any age, ethnicity, or gender (but still guaranteed to be one conservative, one liberal).

Getting three out of four may not seem like a triumph for modern AI, but considering people can barely do better than a coin flip, there seems to be something worth considering here. Kosinski has been careful to cover other bases as well; this doesn’t appear to be a statistical anomaly or exaggeration of an isolated result.

The idea that your political party may be written on your face is an unnerving one, for while one’s political leanings are far from the most private of info, it’s also something that is very reasonably thought of as being intangible. People may choose to express their political beliefs with a hat, pin, or t-shirt, but one generally considers one’s face to be nonpartisan.

If you’re wondering which facial features in particular are revealing, unfortunately the system is unable to report that. In a sort of para-study, Kosinski isolated a couple dozen facial features (facial hair, directness of gaze, various emotions) and tested whether those were good predictors of politics, but none led to more than a small increase in accuracy over chance or human expertise.

“Head orientation and emotional expression stood out: Liberals tended to face the camera more directly, were more likely to express surprise, and less likely to express disgust,” Kosinski wrote in author’s notes for the paper. But what they added left more than 10 percentage points of accuracy not accounted for: “That indicates that the facial recognition algorithm found many other features revealing political orientation.”

The knee-jerk defense of “this can’t be true – phrenology was snake oil” doesn’t hold much water here. It’s scary to think it’s true, but it doesn’t help us to deny what could be a very important truth, since it could be used against people very easily.

As with the sexual orientation research, the point here is not to create a perfect detector for this information, but to show that it can be done in order that people begin to consider the dangers that creates. If for example an oppressive theocratic regime wanted to crack down on either non-straight people or those with a certain political leaning, this sort of technology gives them a plausible technological method to do so “objectively.” And what’s more, it can be done with very little work or contact with the target, unlike digging through their social media history or analyzing their purchases (also very revealing).

We have already heard of China deploying facial recognition software to find members of the embattled Uyghur religious minority. And in our own country this sort of AI is trusted by authorities as well — it’s not hard to imagine police using the “latest technology” to, for instance, classify faces at a protest, saying “these 10 were determined by the system as being the most liberal,” or what have you.

The idea that a couple researchers using open-source software and a medium-sized database of faces (for a government, this is trivial to assemble in the unlikely possibility they do not have one already) could do so anywhere in the world, for any purpose, is chilling.

“Don’t shoot the messenger,” said Kosinski. “In my work, I am warning against widely used facial recognition algorithms. Worryingly, those AI physiognomists are now being used to judge people’s intimate traits – scholars, policymakers, and citizens should take notice.”

Airbnb won’t be hosting anyone in Washington DC during the week of the Presidential Inauguration, the company said in a statement.

Brian Chesky took to Twitter to confirm the company’s move on Wednesday even as lawmakers in the nation’s Capitol were moving ahead with a historic vote to impeach President Donald Trump for a second time.

The move to make the blanket ban and effectively shutter Airbnb’s in and around DC ahead of the Inauguration came after the company had committed to review guest bookings in an attempt to ensure that no one associated with last week’s riot at the Capitol used the service to return during the lead up to the Inauguration.

After launching in October, Tradeswell is announcing today that it has raised $15.5 million in Series A funding.

Co-founder and CEO Paul Palmieri previously led digital ad company Millennial Media (now owned by TechCrunch’s parent company Verizon Media), and he said the e-commerce market today is similar to the online ad market when he was leading Millennial — ready for more optimization and automation.

Tradeswell focuses on six components of e-commerce businesses — marketing, retail, inventory, logistics, forecasting, lifetime value and financials — with the key goal of allowing those businesses to improve their net margins, rather than simply driving more clicks or purchases. The platform can fully automate some processes, such as buying online ads.

To illustrate what it can accomplish, Tradeswell pointed to the work it did with a personal care brand on Amazon Prime Day, with total sales doubling versus the previous Prime Day and profits increasing 67%.

The startup has now raised a total of $18.8 million. The Series A was led by SignalFire, which also led Tradeswell’s seed round, while Construct Capital, Allen & Company and The Emerson Group also participated.

“With the explosion of ecommerce over the past year, Tradeswell is perfectly positioned to help brands manage the complexity of online sales across an ever-increasing number of platforms and marketplaces,” said SignalFire founder and CEO Chris Farmer in a statement. “Paul and his team bring together a unique blend of experience in data, marketing and logistics to address the challenges of today and a rapidly evolving market in the years ahead with a central command center to optimize profitable growth.”

Palmieri said the new funding will allow Tradeswell to continue investing in the product, which will also mean building more integrations so that more types of data become “more liquid,” which in turn means that the platform can “make much more real-time decisions.”

When Tradeswell launched publicly last fall, it already had 100 customers, and Palmieri told me that number has subsequently grown past 150. Nor does he expect the consumer shift in e-commerce to disappear once the pandemic ends.

“Some of it probably goes back to the way it was, some of it stays online,” he said. “I do think it’s important to point out there’s something in the middle — that something is this notion of high convenience, that is semi-brick-and-mortar with [elements of e-commerce], whether that’s mobile ordering or something like an Instacart.”

Naturally, he sees Tradeswell as the key platform to help businesses navigate that shift.

 

After launching in October, Tradeswell is announcing today that it has raised $15.5 million in Series A funding.

Co-founder and CEO Paul Palmieri previously led digital ad company Millennial Media (now owned by TechCrunch’s parent company Verizon Media), and he said the e-commerce market today is similar to the online ad market when he was leading Millennial — ready for more optimization and automation.

Tradeswell focuses on six components of e-commerce businesses — marketing, retail, inventory, logistics, forecasting, lifetime value and financials — with the key goal of allowing those businesses to improve their net margins, rather than simply driving more clicks or purchases. The platform can fully automate some processes, such as buying online ads.

To illustrate what it can accomplish, Tradeswell pointed to the work it did with a personal care brand on Amazon Prime Day, with total sales doubling versus the previous Prime Day and profits increasing 67%.

The startup has now raised a total of $18.8 million. The Series A was led by SignalFire, which also led Tradeswell’s seed round, while Construct Capital, Allen & Company and The Emerson Group also participated.

“With the explosion of ecommerce over the past year, Tradeswell is perfectly positioned to help brands manage the complexity of online sales across an ever-increasing number of platforms and marketplaces,” said SignalFire founder and CEO Chris Farmer in a statement. “Paul and his team bring together a unique blend of experience in data, marketing and logistics to address the challenges of today and a rapidly evolving market in the years ahead with a central command center to optimize profitable growth.”

Palmieri said the new funding will allow Tradeswell to continue investing in the product, which will also mean building more integrations so that more types of data become “more liquid,” which in turn means that the platform can “make much more real-time decisions.”

When Tradeswell launched publicly last fall, it already had 100 customers, and Palmieri told me that number has subsequently grown past 150. Nor does he expect the consumer shift in e-commerce to disappear once the pandemic ends.

“Some of it probably goes back to the way it was, some of it stays online,” he said. “I do think it’s important to point out there’s something in the middle — that something is this notion of high convenience, that is semi-brick-and-mortar with [elements of e-commerce], whether that’s mobile ordering or something like an Instacart.”

Naturally, he sees Tradeswell as the key platform to help businesses navigate that shift.

 

GoPro may have started out at the intersection of capability and affordability in the action cam space, but since then it has increasingly leaned towards use by professionals or deployment by businesses. The latest features, announced at CES, underline that priority, making the cameras simpler and more automated for rentals and hands-free operation.

If you’ve got a Hero 7, 8, or 9 Black, or Max, you should be able to download the latest GoPro Labs firmware, which adds the following convenient features.

Motion and USB power triggers: Set the camera to start and stop recording either when power flows to it (in a dash cam situation, for instance) or when in motion (for a bike or ski helmet perhaps). Motion detection is also improved and now works in all video modes.

The cameras can already perform various tasks upon scanning QR codes, but here’s a new one: you can use a QR code to tell a device to connect to a specific wi-fi network and start streaming. It’s faster than using the app for when you need a quick deployment.

An obvious one for tourism is the “one button mode,” which as you might expect limits the controls to starting and stopping video capture. Great both for the less tech-savvy on vacation who can’t handle more than one button’s worth of controls, and also for rental joints tired of their cameras coming back with weird custom settings after an overly tech-savvy customer tweaks them.

There are a few other improvements, which you can check out at the press release.

GoPro may have started out at the intersection of capability and affordability in the action cam space, but since then it has increasingly leaned towards use by professionals or deployment by businesses. The latest features, announced at CES, underline that priority, making the cameras simpler and more automated for rentals and hands-free operation.

If you’ve got a Hero 7, 8, or 9 Black, or Max, you should be able to download the latest GoPro Labs firmware, which adds the following convenient features.

Motion and USB power triggers: Set the camera to start and stop recording either when power flows to it (in a dash cam situation, for instance) or when in motion (for a bike or ski helmet perhaps). Motion detection is also improved and now works in all video modes.

The cameras can already perform various tasks upon scanning QR codes, but here’s a new one: you can use a QR code to tell a device to connect to a specific wi-fi network and start streaming. It’s faster than using the app for when you need a quick deployment.

An obvious one for tourism is the “one button mode,” which as you might expect limits the controls to starting and stopping video capture. Great both for the less tech-savvy on vacation who can’t handle more than one button’s worth of controls, and also for rental joints tired of their cameras coming back with weird custom settings after an overly tech-savvy customer tweaks them.

There are a few other improvements, which you can check out at the press release.

Drata, a startup that helps businesses get their SOC 2 compliance, today announced that it has raised a $3.2 million seed round led by Cowboy Ventures and that it is coming out of stealth. Other investors include Leaders Fund, SV Angel and a group of angel investors.

Like similar services, Drata helps businesses automate a lot of the evidence collection as they prepare for a SOC 2 audit. The focus of the service is obviously on running tests against the SOC 2 framework to help businesses prepare for their audit (and to prepare the right materials for the auditor). To do so, it features integrations with a lot of standard online business tools and cloud services to regularly pull in data. One nifty feature is that it also lets you step through all of the various sections of the SOC 2 criteria to check your current readiness for an audit.

At the end of the day, tools like Drata are meant to get you through an audit, but at the same time, the idea here is also to give you a better idea of your own security posture. For that, Drata offers continuous control monitoring, as well as tools to track if your employees have turned on all the right controls on their work computers, for example. Since companies have to regularly renew their certification, too, Drata can help them to continuously collect all of the data for their renewal, something that previously often involved boring — and quickly forgotten — manual tasks like taking screenshots of various settings every month or so.

Drata co-founder and CEO Adam Markowitz worked on the space shuttle engines after graduating from college and then launched his own startup, Portfolium, after that program ended. Portfolium, which helped students showcase their work in the form of — you guessed it — a portfolio, eventually sold to Infrastructure in 2019, where Markowitz stayed on until he launched Drata last June, together with a group of former Portfolium founders and engineers. Besides Markowitz, the co-founders include CTO Daniel Marashlian and CRO Troy Markowitz. It was the team’s experience seeing companies go through the audit process, which has traditionally been a drawn-out and manual process, that led them to look at building their own solution.

The company already managed to sign up a number of customers ahead of its official launch. These include Spot by NetApp, Accel Robotics, Abnormal Security, Chameleon and Vareto. As Markowitz told me, even though Drata already had customers who were using the service to prepare for their audits, the team wanted to remain in stealth mode until it had used its own tool to go through its own audit. With that out of the way, and Drata receiving its SOC 2 certification, it’s now ready to come out of stealth.

As the number of companies that need to go through these kinds of audits increases, it’s maybe no surprise that we’re also seeing a growing number of companies that aim to automate much of this process. With that, unsurprisingly, the number of VC investments in this space also continues to increase. In recent months, Secureframe and Strike Graph announced their own funding rounds, for example.

Openbase founder Lior Grossman started his company the way that many founders do — to solve a problem he was having. In this case, it was finding the right open source components to build his software. He decided to build something to solve the problem, and Openbase was born.

Today, the company announced a $3.65 million seed round led by Zeev Ventures with participation from Y Combinator and 20 individual tech industry investors. Openbase was a member of the YC 2020 cohort.

Grossman says that being part of YC helped him meet investors, especially on Demo Day when hundreds of investors listened in. “I would say that being part of YC definitely gave us a higher profile, and exposed us to some investors that I didn’t know before. It definitely opened doors for us,” he said.

As developers build modern software, they often use open source components to help build the application, and Openbase helps them find the best one for their purposes. “Openbase basically helps developers choose from among millions of open source packages,” Grossman told me.

The database includes 1.5 million JavaScript packages today with support for additional languages including Python and Go in beta. The way it works is that users search for a package based on their requirements and get a set of results. From there, they can compare components and judge them based on user reviews and other detailed insights.

Grossman found that his idea began resonating with developers shortly after he launched in 2019. In fact, he reports that he went from zero to half a million users in the first year without any marketing beyond word of mouth. That’s when he decided to apply to Y Combinator and got into the Summer 2020 class.

The database is free for developers and that has helped build the user base so quickly. Eventually he hopes to monetize by allowing certain companies to promote their packages on the system. He says that these will be clearly marked and that the plan is to have only one promoted package per category. What’s more, they will retain all their user reviews and other associated data, regardless of whether it’s being promoted or not.

Grossman started the company on his own, but has added 5 employees with plans to hire more people this year to keep growing the startup. As an immigrant founder, he is sensitive to diversity and sees building a diverse company as a key goal. “I built this company as an immigrant myself […] and I want to build an inclusive culture with people from different backgrounds because I think that will produce the best environment to foster innovation,” he explained.

So far the company has been fully remote, but the plan is to open an office post-pandemic. He says he sees a highly flexible approach to work though with people spending some days in the office and some at home. “I think for our culture this hybrid approach will work. Whenever we expand further I obviously imagine having more offices and not only our office in San Francisco.”