Daily Crunch: Facebook announces photo transfer tool

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Facebook launches a photo portability tool, starting in Ireland

Facebook says it will make it easier for users to get their photos off the social network and onto another service — a step toward addressing the concerns of lawmakers and antitrust regulators.

The company is starting off with a way for users in Ireland to move pictures into Google Photos via encrypted transfer, but it says the feature will be available worldwide in the first half of 2020 and will eventually include integrations with additional services.

2. In ’60 Minutes’ appearance, YouTube’s CEO offers a master class in moral equivalency

YouTube’s Susan Wojcicki told “60 Minutes” reporter Lesley Stahl that the company has drawn a line at taking down videos that cause “harm,” as opposed to videos that might spread merely hatred and disinformation. In response, Connie Loizos argues that the distinction is, in a word, laughable.

3. Ikea is helping to redesign simulated Mars habitats

Ikea has been working with an Earth-based research facility that is meant to mimic what a Mars habitat would be like. Originally, Ikea sent a designer to the station to seek inspiration for creating functional furniture for small apartments — but it quickly became a two-way street, which could mean the Swedish home furnishing company has a say in how future human colonists live on other planets.

4. Accel closes new $550M fund for India

This is a significant amount of capital for Accel’s efforts in the country, where it began investing 15 years ago and has deployed roughly $1 billion through all its previous funds.

5. Here’s the math behind Tesla’s dumb Cybertruck vs F-150 tow test

During the unveiling of the Cybertruck, Tesla included a butt-to-butt pull-off. Besides being a silly test, this particular demo was flawed in multiple ways, giving the Tesla a major advantage.

6. Will the future of work be ethical? Founder perspectives

Following up on Greg Epstein’s column about whether the future of work will be ethical, we’ve published a number of other perspectives on the topic — including this one, in which he speaks to Andrea Thomaz of Diligent Robotics and Prayag Narula of LeadGenius. (Extra Crunch membership required.)

7. This week’s TechCrunch podcasts

This week’s Equity looks at Cocoon, a Y Combinator-backed startup that wants to help users stay in touch with close friends. (Also: I was relieved that even though Alex Wilhelm is leaving his role at Crunchbase, he’ll be sticking around to co-host the podcast.) And we’ve got a Thanksgiving edition of Original Content that focuses on what we’re thankful for in the streaming world.


Source: Tech Crunch

CircleCI launches improved AWS support

For about a year now, continuous integration and delivery service CircleCI has offered Orbs, a way to easily reuse commands and integrations with third-party services. Unsurprisingly, some of the most popular Orbs focus on AWS, as that’s where most of the company’s developers are either testing their code or deploying it. Today, right in time for AWS’s annual re:Invent developer conference in Las Vegas, the company announced that it has now added Orb support for the AWS Serverless Application Model (SAM), which makes setting up automated CI/CD platforms for testing and deploying to AWS Lambda significantly easier.

In total, the company says, more than 11,000 organizations started using Orbs since it launched a year ago. Among the AWS-centric Orbs are those for building and updating images for the Amazon Elastic Container Services and the Elastic Container Service for Kubernetes (EKS), for example, as well as AWS CodeDeploy support, an Orb for installing and configuring the AWS command line interface, an Orb for working with the S3 storage service and more.

“We’re just seeing a momentum of more and more companies being ready to adopt [managed services like Lambda, ECS and EKS], so this became really the ideal time to do most of the work with the product team at AWS that manages their serverless ecosystem and to add in this capability to leverage that serverless application model and really have this out of the box CI/CD flow ready for users who wanted to start adding these into to Lambda,” CircleCI VP of business development Tom Trahan told me. “I think when Lambda was in its earlier days, a lot of people would use it and they would use it and not necessarily follow the same software patterns and delivery flow that they might have with their traditional software. As they put more and more into Lambda and are really putting a lot more what I would call ‘production quality code’ out there to leverage. They realize they do want to have that same software delivery capability and discipline for Lambda as well.”

Trahan stressed that he’s still talking about early adopters and companies that started out as cloud-native companies, but these days, this group includes a lot of traditional companies, as well, that are now rapidly going through their own digital transformations.


Source: Tech Crunch

Twitter launches a Privacy Center to centralize its data protection efforts

Twitter today is launching a new resource that aims to serve as the central place for everything related to the company’s efforts around privacy and data protection. The new site, the Twitter Privacy Center, will host information about Twitter’s initiatives, announcements and new privacy products, as well as other communication about security incidents. Related to these changes, Twitter is setting up a new company, Twitter International Company, to manage its service in the EU.

The company says it wanted to create a centralized resource so it would be easier to find all the information about Twitter’s work in this area. However, the impacts of Europe’s data protection regulation, GDPR, likely also spurred Twitter’s efforts on this front, along with other data laws.

For its own purposes, Twitter now needs to have a more organized approach to consumer data privacy. As a result, it makes sense to put Twitter’s work and announcements onto a consumer-facing site that’s easy to navigate and use.

The new Twitter Privacy Center splits information between what’s aimed at users and what’s for partners. On the latter front, it has dedicated pages for GDPR, CCPA (California Consumer Privacy Act) and Global DPA (Data Processing Addendum), for example.

The users’ section, meanwhile, directs visitors to Twitter’s Terms, Privacy Policy, Account Settings, Service Providers and more.

In its newly updated policies, Twitter says the entity serving the EU, or European Economic Area, is Twitter International Company, not Twitter. This change gives Twitter the ability to test features and settings and provide users with a different set of controls outside of its main product.

For example, Twitter says it may test additional opt-in or opt-out preferences, prompts or other requirements for advertisements. Some of this work may make its way back to Twitter eventually.

Twitter’s new Terms also clarify that its intellectual property license says that the content users provide may be curated, transformed and translated by Twitter.

Plus, Twitter’s Privacy Policy has been modified with clarifications around how Twitter processes data, how tweets are shared with developers and other changes.

In its announcement, Twitter spins its history a bit by saying how privacy has been its focus since the service’s creation in 2006. That’s a funny stance, given its product has been that of a public social media platform, not a private one — a sort of public SMS, in fact.

Twitter notes how users are able to be anonymous on its platform, a feature it says was built with privacy in mind. In reality, Twitter’s creation was inspired by SMS, but Twitter remained an ambiguous product for years, until its user base grew and figured out what they wanted Twitter to be. Much of what Twitter is today — even its conventions like the @ mention and the retweet — grew organically, not by design.

The company’s announcement today also states its privacy and data protection work going forward will be focused on three key areas: 1) to fix Twitter’s technical debt — meaning upgrading older systems to support their current uses; 2) to build privacy into all new products it launches; and 3) accountability.

Products now go through reviews by Twitter’s Information Security, Product and Privacy Counsel teams and its independent Office of Data Protection ahead of launch. In addition, Twitter’s Data Protection Officer, Damien Kieran, will provide to Twitter’s board of directors every quarter an independent assessment of all privacy and data protection-related work to ensure Twitter remains on track.

“It’s so common to hear tech companies say: ‘Privacy is not a privilege; it is a fundamental right’ that those words have become a cliche. People have become desensitized to hearing companies say, ‘we value your privacy,’ and are worn out from being asked to accept privacy policies that they rarely, if ever, even read,” read Twitter’s announcement about the launch of the new Twitter Privacy Center, jointly authored by both Kieran and Twitter Product Lead, Kayvon Beykpour.

“Many companies make these declarations without even showing people what actions they are taking to protect their privacy. And let’s be honest, we have room for improvement, too,” it stated.


Source: Tech Crunch

Tuft & Needle exposed thousands of customer shipping labels

Mattress and bedding giant Tuft & Needle left on an unprotected cloud server hundreds of thousands of FedEx shipping labels containing customer names, addresses and phone numbers.

More than 236,400 shipping labels were found on an Amazon Web Services (AWS) storage bucket without a password, allowing anyone who knew the easy-to-guess web address access to the customer data. Often, these AWS storage buckets are misconfigured by the owner by being set to “public” and not “private.”

The exposed labels were created between 2014 and 2017 during the company’s early years. Tuft & Needle was founded in 2012 in Arizona. But some labels were printed as recently as 2018.

It’s not known for how long the storage bucket was left open.

Two customer shipping labels of the hundreds of thousands exposed. We have redacted the shipping labels to protect the customers’ privacy. (Screenshot: TechCrunch)

U.K.-based penetration testing company Fidus Information Security found the exposed data. TechCrunch verified the data by matching names and addresses against public records.

We contacted Tuft & Needle about the data exposure on Monday. The storage bucket was quickly shut down.

“We’ve secured any potential exposure and are investigating the matter further,” said spokesperson Brooke Figlo in an email.

Tuft & Needle said it would “comply” with any applicable state data breach notification laws, but did not explicitly say if the company would inform customers of the security lapse.


Source: Tech Crunch

SoFi founder Mike Cagney’s already well-funded new startup is raising another $100 million

Figure Technologies, a nearly two-year-old, San Francisco-based fintech cofounded by Mike Cagney, the founder of the more established fintech company SoFi, is raising a whole lot of money — again.

By February of this year, Figure had already raised $120 million in equity funding from a gaggle of investors, including RPM Ventures, partners at DST Global, Ribbit Capital, DCM, DCG, Nimble Ventures, and Morgan Creek. In May, it announced that it had closed an up to $1 billion uncommitted asset-based financing facility on its own custom blockchain from Jefferies and WSFS Institutional Services.

Now, according to paperwork filed with the SEC earlier this month, it appears that Figure has closed or is about to close on $103 million in Series C funding.

Presumably, investors are interested partly in the company’s growing spate of products. While Figure started out providing home loans to older customers who aren’t earning income and have much of their wealth tied up in their homes — a fast-growing demographic — it has more recently begun to chase after a demographic that Cagney knows well through SoFi, which is younger people looking to refinance their student loans.

Figure talked recently with American Banker about the company’s interest in competing more directly with SoFi, citing the $1.4 trillion in outstanding loan debt as the primary reason it’s swooping into the space, and with the “same mousetrap” that Figure has developed to quickly process home loans, which it then securitizes and sells.

Specifically, all of Figure’s financial services business is executed entirely on its blockchain, Provenance, which further has a native token, Hash, that’s used to both access the blockchain and to memorialize off-chain exchange of fiat currency.

Cagney co-founded Figure with his wife, June Ou, who is the company’s chief operating officer. She was previously chief technology officer at SoFi, where Cagney lost his job in 2017 as CEO after a board investigation into sexual misconduct at the company.

Others of Figure’s cofounders include Alana Ackerson and Cynthia Chen. Ackerson was previously the CEO of the Thiel Foundation. Chen was most recently a venture partner with DHVC (Danhua Capital), a venture capital firm based in Palo Alto, Ca.

According to Figure’s website, it plans to introduce a money market product “soon.” Figure has also talked in the past of expanding into other lines of business, including wealth management, unsecured consumer loans, and checking accounts, all offered through partner banks.

In the meantime, SoFi has similarly been expanding beyond student loan refinancing under the leadership of current CEO Anthony Noto. Earlier this year, for example, SoFi made fractional share buying and exchange-traded funds available to its users. It also launched a mobile-first cash management account.


Source: Tech Crunch

Millions of SMS messages exposed in database security lapse

A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online.

The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. The Austin, Texas-based company says one of the advantages to its service is that recipients can also text back, allowing them to have two-way conversations with brands or businesses.

The database stored years of sent and received text messages from its customers and processed by TrueDialog. But because the database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside.

Security researchers Noam Rotem and Ran Locar found the exposed database earlier this month as part of their internet scanning efforts.

TechCrunch examined a portion of the data, which contained detailed logs of messages sent by customers who used TrueDialog’s system, including phone numbers and SMS message contents. The database contained information about university finance applications, marketing messages from businesses with discount codes, and job alerts, among other things.

But the data also contained sensitive text messages, such as two-factor codes and other security messages, which may have allowed anyone viewing the data to gain access to a person’s online accounts. Many of the messages we reviewed contained codes to access online medical services to obtain, and password reset and login codes for sites including Facebook and Google accounts.

The data also contained usernames and passwords of TrueDialog’s customers, which if used could have been used to access and impersonate their accounts.

Because some of the two-way message conversations contained a unique conversation code, it’s possible to read entire chains of conversations. One table alone had tens of millions of messages, many of which were message recipients trying to opt-out of receiving text messages.

TechCrunch contacted TrueDialog about the exposure, which promptly pulled the database offline. Despite reaching out several times, TrueDialog’s chief executive John Wright would not acknowledge the breach nor return several requests for comment. Wright also did not answer any of our questions — including whether the company would inform customers of the security lapse and if he plans to inform regulators, such as state attorneys general, per state data breach notification laws.

The company is just one of many SMS providers that have in recent months left systems — and sensitive text messages — on the internet for anyone to access. Not only that but it’s another example of why SMS text messages may be convenient but is not a secure way to communicate — particularly for sensitive data, like sending two-factor codes.

Read more:


Source: Tech Crunch

Week in Review: Apple’s rebirth as a content company has a forgettable debut

Hey everyone. Thank you for welcoming me into you inboxes yet again.

Hope you all had a wonderful Thanksgiving. After dodging your inboxes for a couple weeks as I ventured off to China for a TechCrunch event in Shenzhen, I am rested up and ready to go.

If you’re reading this on the TechCrunch site, you can get this in your inbox here, and follow my tweets here.


The big story

When Apple announced details on their three new subscription products (Apple TV+, Apple Arcade and Apple News+ — all of which are now live) back in March, the headlines that followed all described accurately how Apple’s business was increasingly shifting away from hardware towards services and how the future of the company may lie in these subscription businesses.

I largely accepted those headlines as fact, but one thing I have been thinking an awful lot about this week is how much I have loved Disney+ since signing up for an account and just how little I have thought about Apple TV+ despite signing up for both at their launches.

It’s admittedly not the fairest of comparisons, Disney has decades of classic content behind them while Apple is pushing out weekly updates to a few mostly meh TV shows. But no one was begging Apple to get into television. The company’s desires to diversify and own subscriptions that consumers have on their Apple devices certainly make sense for them, but their strategy of making that play without the help of any beloved series before them seems to have been a big miscalculation.

At TechCrunch, we write an awful lot about acquisitions worth hundreds of million, if not billions, of dollars. Some of the acquisitions that have intrigued me the most have been in the content space. Streaming networks are plunking down historic sums on series like Seinfeld, Friends and The Big Bang Theory. The buyers have differed throughout these deals, but they have never been Apple.

That’s because Apple isn’t bidding on history, they’re trying to nab directors and actors creating the series that will be the next hits. And while that sounds very Apple, it also sounds like a product that’s an awfully big gamble to the average consumer looking to try out a new streaming service. Why pick the service that’s starting from a standstill? Apple has ordered plenty of series and I have few doubts that at least one of the shows they plan to introduce is going to be a hit, but there isn’t much in the way of an early favorite yet and for subscribers that haven’t found “the one” yet, there’s very little reason to stick around.

Apple tv plus tv app 091019

Other networks with a half-dozen major series can afford a few flops because there’s a library of classics that’s filling up the dead space. Apple’s strategy is bold but is going to lead to awfully high churn among consumers that won’t be as forgiving of bad bets. This is an issue that’s sure to become less pronounced over time, but I would bet there will be quite a few consumers unsubscribing in the mean time leaving those on freebie subscriptions responsible for gauging which new shows are top notch.

Apple has also made the weird move of not housing their content inside an app so much as the Apple TV’s alternative UI inside the TV app. One one hand, this makes the lack of content less visible, but it also pushes all of the original series to the back of your mind. If you’re a Netflix user who has been subconsciously trained never to use the TV app on your Apple TV because none of their content is housed there, you’re really left forgetting about TV+ shows entirely when using the traditional app layout.

We haven’t received any super early numbers on Apple News+, Apple Arcade or Apple TV+, but none of the three appears to have made the sizable cultural splashes in their debuts that were hoped for at launch. Apple’s biggest bet of the three was undoubtedly TV+ and while their first series haven’t seemed to drop any jaws, what’s more concerning is whether the fundamentals of the service have been arranged so that unsatisfied subscribers feel any need to stick around.

Send me feedback
on Twitter @lucasmtny or email
lucas@techcrunch.com

On to the rest of the week’s news.

Image via AMY OSBORNE/AFP/Getty Images

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Facebook buys a game studio building Light saber Fruit Ninja
    One of the things I wrote about this week was Facebook buying the game studio behind one of virtual reality’s most popular titles, Beat Saber. No details on a price tag for the deal, but the buy brings the hop IP underneath Facebook’s corporate umbrella which seems poised to be eying more VR content acquisitions.
  • Twitter plans for account memorials
    Almost any time Twitter decides to make a big product change, one gets the feeling it was either snuck through or brute-forced by the CEO or another exec. That’s because there often doesn’t seem to be a lot of consideration for caveats that users seem to collectively identify almost immediately. This week was time for another one of these situations, after Twitter announced it was planning to deactivate old unused Twitter accounts en masse, something users realized was just going to lead to deactivating deceased people’s accounts and erasing what they had ever tweeted. Twitter, to their credit, decided to pause and rethink things.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Google appears to bring the hammer down on activism:
    [Google employee activist says she has been fired]

Disrupt Berlin

DISRUPT SF 530X350 V2 berlin

It’s hard to believe it’s already that time of the year again, but we just announced the agenda for Disrupt Berlin and we’ve got some all-stars making their way to the stage. I’ll be there this year, get some tickets and come say hey!

Sign up for more newsletters in your inbox (including this one) here.


Source: Tech Crunch

Black Friday sees record $7.4B in online sales, $2.9B spent using smartphones

Following swiftly on the heels of a Thanksgiving that broke records with $4.2 billion in online sales, Black Friday also hit a new high, although it just fell short of predictions. According to analytics from Adobe, consumers spent $7.4 billion online yesterday buying goods online via computers, tablets and smartphones. The figures were up by $1.2 billion on Black Friday 2018, but they actually fell short of Adobe’s prediction for the day, which was $7.5 billion.

Salesforce, meanwhile, said that its checks revealed $7.2 billion in sales (even further off the forecast).

Popular products included toys on the themes of Frozen 2, L.O.L Surprise, and Paw Patrol. Best selling video games included FIFA 20, Madden 20, and Nintendo Switch. And top electronics, meanwhile, included Apple Laptops, Airpods, and Samsung TVs.

A full $2.9 billion of Black Friday sales happened on smartphones. These conversions are growing faster than online shopping overall, so we are now approaching a tipping point where soon smartphones might outweigh web-based purchases through computers.

“With Christmas now rapidly approaching, consumers increasingly jumped on their phones rather than standing in line,” said Taylor Schreiner, Principal Analyst & Head of Adobe Digital Insights, in a statement. “Even when shoppers went to stores, they were now buying nearly 41% more online before going to the store to pick up. As such, mobile represents a growing opportunity for smaller businesses to extend the support they see from consumers buying locally in-store on Small Business Saturday to the rest of the holiday season. Small Business Saturday will accelerate sales for those retailers who can offer unique products or services that the retail giants can’t provide.”

Adobe Analytics tracks sales in real-time for 80 of the top 100 US retailers, covering 55 million SKUs and some 1 trillion transactions during the holiday sales period. Salesforce uses Commerce Cloud data and insights covering more than half a billion global shoppers across more than 30 countries.

One of the reasons we may be seeing slightly less fervent sales than the analysts had predicted is because the holiday sales season is starting earlier and earlier. Black Friday, the day after Thanksgiving when many people have days off, has for a long time been seen by retailers as the start of holiday shopping season. That has changed as retailers hope to catch more sales over a longer period of time.

As more people shop, they are also shopping for more expensive items. Adobe noted that Average Order Value was $168, a new record level yesterday for Black Friday, up 5.9% on a year ago.

Smartphone sales were up 21% over last year and those who were not buying were, as a start, browsing, with whopping 61% of all online traffic to retailers coming from smartphones, up 15.8% since last year.

As with yesterday, e-commerce “giants” with over $1 billion in sales annually were doing better than smaller sites: they had more smartphone sales, and 66% conversions on browsers on smartphones, Adobe said. They have overall also seen a 62% boost in sales this season, versus 27% for smaller retailers.

As with the Thanksgiving sales patterns — when bigger retailers also appeared to do better than their smaller counterparts — there are a couple of reasons for this. One is that the bigger sites have a wider selection of goods and can afford to take hits with deep discounts on some items, in order to lure users in to add other items to their shopping cars that are not as deeply discounted. Or, bigger online retailers can simply afford to give bigger markdowns.

The other is that the bigger stores often have more flexible delivery options. Adobe noted that those using click-and-collect orders, or buy online, pick up in store / curbside grew by 43 percent.

The story is not all rosy for big retailers, however. Edison Trends notes that some big platforms are actually seeing very mixed results this time around.

It will be interesting to see how and if patterns change for smaller retailers on Sunday, which is being dubbed “small business Sunday” to focus on buying from smaller and independent shops. Shoppers have already spent $470 million, and Adobe believes it will pass the $3 billion mark. Cyber Monday, the biggest of them all, is expected to make $9.4 billion in sales.


Source: Tech Crunch