Author: folgado

Cratejoy, a startup that runs a marketplace for subscription businesses and helps founders launch and scale their own subscription box services, has laid off 18 members of its 43-person team.

The company’s co-founder and chief executive officer Amir Elaguizy confirmed the lay-offs to TechCrunch. He says the cuts are part of a restructuring effort to keep costs in line and that subscribers and merchants will not be impacted.

The startup has raised a total of $10 million to date from investors, including Charles River Ventures, SV Angel, Andreessen Horowitz, Maverick Capital, Start Fund and ACE Venture Fund. Cratejoy completed the Y Combinator accelerator program in the summer of 2013 alongside DoorDash, Le Tote and Bloom That, which itself recently hit pause on its on-demand flower service.

Source: Tech Crunch

Apollo, a sales engagement startup boasting a database of more than 200 million contact records, has been hacked.

The YC Combinator-backed company, formerly known as ZenProspect, helps salespeople connect with prospective customers. Using its massive prospect database of 200 million contacts at 10 million companies, Apollo matches sellers with potential buyers.

Apollo said that the bulk of the stolen data was from its prospect database.

Bjoern Zinssmeister, co-founder of Templarbit, which posts details of data breaches on its Breachroom page, obtained a copy of the email sent to affected customers and forwarded it to TechCrunch.

The email said that company said the breach was discovered weeks after system upgrades in July.

“We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information,” said the email to customers. “Some client-imported data was also accessed without authorization,” the company said, but did not say what kind of data that included.

Apollo’s database contains publicly available data, including names, job titles, employers, social media handles, phone numbers and email addresses. It doesn’t include Social Security numbers, financial data or email addresses and passwords, Apollo said.

Although the company’s chief executive Tim Zheng said that the company had contacted customers in line with its “values of transparency,” Zheng declined to answer TechCrunch’s questions — including what data was taken and how many customers were affected.

“The investigation is still ongoing,” said Zheng in an email. He added that the “only statement that we’re making to press at this time is the customer communication” sent to affected users.

Zheng also refused to say if the company has informed state authorities of the breach. A spokesperson for the California attorney general did not immediately comment on whether Apollo has notified the state about the breach.

Apollo may also face action from European authorities under GDPR.

The data breach may not pose an immediate security risk to users such as if usernames and passwords are stolen, but exposed contact information can have a long-term effect on user security, such as making it easier for attackers to send targeted phishing emails.

Even if the stolen data isn’t considered that sensitive, the breach adds to a growing pile of companies hoarding vast amounts of data but failing to keep it safe.

Source: Tech Crunch

Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company’s graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? If not, don’t worry — you’ll get your turn being failed by Facebook . It’s incapable of keeping its users safe.

Facebook has proven over and over again that it prioritizes its own product agenda over the safety and privacy of its users. And even if it didn’t, the nature and scale of its operations make it nearly impossible to avoid major data breaches that expose highly personal data.

For one thing, the network has grown so large that its surface area is impossible to secure completely. That was certainly demonstrated Friday when it turned out that a feature rollout had let hackers essentially log in as millions of users and do who knows what. For more than a year.

This breach wasn’t a worst case scenario exactly, but it was close. To Facebook it would not have appeared that an account was behaving oddly — the hacker’s activity would have looked exactly like normal user activity. You wouldn’t have been notified via two-factor authentication, since it would be piggybacking on an existing login. Install some apps? Change some security settings? Export your personal data? All things a hacker could have done, and may very well have.

This happened because Facebook is so big and complicated that even the best software engineers in the world, many of whom do in fact work there, could not reasonably design and code well enough to avoid unforeseen consequences like the bugs in question.

I realize that sounds a bit hand-wavy, and I don’t mean simply that “tech is hard.” I mean that realistically speaking, Facebook has too many moving parts for the mere humans that run it to do so infallibly. It’s testament to their expertise that so few breaches have occurred; the big ones like Cambridge Analytica were failures of judgment, not code.

A failure is not just inevitable but highly incentivized in the hacking community. Facebook is by far the largest and most valuable collection of personal data in history. That makes it a natural target, and while it is far from an easy mark, these aren’t script kiddies trying to find sloppy scripts in their free time.

Facebook itself said that the bugs discovered Friday weren’t simple; it was a coordinated, sophisticated process to piece them together and produce the vulnerability. The people who did this were experts, and it seems likely that they have reaped enormous rewards for their work.

The consequences of failure are also huge. All your eggs are in the same basket. A single problem like this one could expose all the data you put on the platform, and potentially everything your friends make visible to you as well. Not only that, but even a tiny error, a highly specific combination of minor flaws in the code, will affect astronomical numbers of people.

Of course, a bit of social engineering or a badly configured website elsewhere could get someone your login and password as well. This wouldn’t be Facebook’s error, exactly, but it is a simple fact that because of the way Facebook has been designed — a centralized repository of all the personal data it can coax out of its users — a minor error could result in a total loss of privacy.

I’m not saying other social platforms could do much better. I’m saying this is just another situation in which Facebook has no way to keep you safe.

And if your data doesn’t get taken, Facebook will find a way to give it away. Because it’s the only thing of value that they have; the only thing anyone will pay for.

The Cambridge Analytica scandal, while it was the most visible, was only one of probably hundreds of operations that leveraged lax access controls into enormous data sets scraped with Facebook’s implicit permission. It was their job to keep that data safe, and they gave it to anyone who asked.

It’s worth noting here that not only does it only take one failure along the line to expose all your data, but failures beyond the first are in a way redundant. All that personal information you’ve put online can’t be magically sucked back in. In a situation where, for example, your credit card has been skimmed and duplicated, the risk of abuse is real, but it ends as soon as you get a new card. For personal data, once it’s out there, that’s it. Your privacy is irreversibly damaged. Facebook can’t change that.

Well, that’s not exactly right. It could, for example, sandbox all data older than three months and require verification to access it. That would limit breach damage considerably. It could also limit its advertising profiles to data from that period, so it isn’t building a sort of shadow profile of you based on analysis of years of data. It could even opt not to read everything you write and instead let you self-report categories for advertising. That would solve a lot of privacy issues right there. It won’t, though. No money in that.

One more thing Facebook can’t protect you from is the content on Facebook itself. The spam, bots, hate, echo chambers — all that is baked on in. The 20,000-strong moderation team they’ve put on the task is almost certainly totally inadequate, and of course the complexity of the global stage and all its cultures and laws ensures that there will always be conflict and unhappiness on this subject. At the very best it can remove the worst of it after it’s already been posted or streamed.

Again, it’s not really Facebook’s fault exactly that there are people abusing its platform. People are the worst, after all. But Facebook can’t save you from them. It can’t prevent the new category of harm that it has created.

What can you do about it? Nothing. It’s out of your hands. Even if you were to quit Facebook right now, your personal data may already have been leaked and no amount of quitting will stop it from propagating online forever. If it hasn’t already, it’s probably just a matter of time. There’s nothing you, or Facebook, can do about it. The sooner we, and Facebook, accept this as the new normal, the sooner we can get to work taking real measures toward our security and privacy.

Source: Tech Crunch

Former Facebook VP of News Feed and recently appointed Instagram VP of Product Adam Mosseri has been named the new head of Instagram following the resignation of Instagram’s founders Kevin Systrom and Mike Krieger last week.. “We are thrilled to hand over the reins to a product leader with a strong design background and a focus on craft and simplicity — as well as a deep understanding of the importance of community” the founders wrote. “These are the values and principles that have been essential to us at Instagram since the day we started, and we’re excited for Adam to carry them forward.”

Systrom will recruit a new executive team including heads of product, operations, and engineering to replace himself, Instagram COO Marne Levine who went back to lead Facebook partnerships last month, and engineering leader James Everingham who moved to Facebook’s blockchain team in May before finishing at Instagram in July. Instagram’s product director Robby Stein is a strong candidate for the product head decision, as he’s been overseeing Stories, feed, Live, direct messaging, camera and profile.

Instagram’s founders announced last week that they were leaving the Facebook corporation after sources told TechCrunch the pair had dealt with dwindling autonomy from Facebook and rising tensions with its CEO Mark Zuckerberg. The smiling photo above seems meant to show peace has been restored to Instaland, and counter the increasing perception that Facebook breaks its promises to acquired founders. TechCrunch has previously reported Mosseri was first in line for the role according to sources, and The Information later wrote that some inside the company saw him as a lock.

Mosseri’s experience dealing with the unintended consequences of the News Feed such as fake news in the wake of the 2016 election could help him predict how Instagram’s growth will affect culture, politics, and user well-being. Over the years of interviewing him, Mosseri has always come across as sharp, serious, and empathetic. He comes across as a true believer that Facebook and its family of apps can make a positive impact in the world, but congniscent of the hard work and complex choices required to keep them from being misused.

Born and raised in New York, Mosseri started his own design consultancy while attending NYU’s Gallatin School Of Interdisciplinary Study to learn about media and information design. Mosseri joined Facebook in 2008 after briefly working at a startup called TokBox. Tasked with helping Facebook embrace mobile as design director, he’s since become part of Zuckerberg’s inner circle of friends and lieutenants. Mosseri later moved into product management and oversaw Facebook’s News Feed, turn it into the world’s most popular social technology and the driver of billions in profit from advertising. However, amidst his successes, Mosseri also oversaw Facebook Home, the flopped mobile operating system, and the was the officer on duty when fake news and Russian election attackers proliferated.

After going on parental leave this year, Mosseri returned to take over the role of Instagram VP of Product Kevin Weil as he move to Facebook’s blockchain team. A source tells TechCrunch he was well-received and productive since joining Instagram, and has gotten along well with Systrom. Mosseri now lives in San Francisco, close enough to work from both Instagram’s city office and South Bay headquarters. He’ll report to Facebook’s chief product officer Chris Cox as he did at Facebook. Cox wrote “Kevin and Mike, we will never fill your shoes. But we will work hard to uphold the craft, simplicity, elegance, and the incredible community of Instagram: both the team and the product you’ve built.”

“The impact of their work over the past eight years has been incredible. They built a product people love that brings joy and connection to so many lives” Mosseri wrote about Instagram’s founders in an…Instagram post. I’m humbled and excited about the opportunity to now lead the Instagram team. I want to thank them for trusting me to carry forward the values that they have established. I will do my best to make them, the team, and the Instagram community proud.”

Mosseri will be tasked with balancing the needs of Instagram such as headcount, engineering resources, and growth with the priorities of its parent company Facebook, such as cross-promotion to Instagram’s younger audience and revenue to contribute to the corporation’s earnings reports. Some see Mosseri as more sympathetic to Facebook’s desire than Instagram’s founders, given his long-stint at the parent company and his close relationship with Zuckerberg. Interestingly, Zuckerberg wasn’t mentioned or pictured in the transition announcement and hasn’t posted anything congratulating Mosseri as is common in Facebook’s employee culture. Zuckerberg may be seeking to reduce the appearance that he’s playing puppet master and instead does actually let Instagram run independently.

The question now is whether users will end up seeing more notifications and shortcuts linking back to Facebook, or more ads in the Stories and feed. Instagram hasn’t highlighted the ability to syndicate your Stories to Facebook, which could be boon for that parallel product. Instagram Stories now has 400 million daily users compared to Facebook Stories and Messenger Stories’ combined 150 million users. Tying them more closely could seem more content flow into Facebook, but it might also make users second guess whether what they’re sharing is appropriate for all of their Facebook friends, which might include family or professional colleagues.

Mosseri’s most pressing responsibility will be reassurring users that the culture of Instagram and its app won’t be assimilated into Facebook now that he’s running things instead of the founders. He’ll also need to snap into action to protect Instagram from being used as a pawn for election interference in the run-up to the 2018 US mid-terms. While he’ll never have the same mandate and faith from employees that the founders did, Mosseri is the experienced leader Instagram needs to grapple with its scaled-up influence.

Source: Tech Crunch

We cared about Cambridge Analytica because it could have helped elect Trump. We ignored LocationSmart because even the though the company was selling and exposing the real-time GPS coordinates of our phones, it was never clear exactly if or how that data was misused.

This idea, that privacy issues are abstract concepts for most people until they become security or ideological problems, is important to understanding Facebook’s massive breach revealed this week. 

The social network’s engineering was sloppy, allowing three bugs to be combined to steal the access tokens of 50 million people. In pursuit of rapid growth at affordable efficiency, Facebook failed to protect its users. This assessment doesn’t discount that. Facebook screwed up big time.

But despite the potential that those access tokens could have let the attackers take over user accounts, act as them, and scrape their personal info, it’s unclear how much users really care. That’s because for now, Facebook and it’s watchdogs aren’t sure exactly what data was stolen or how it was wrongly used.

The Hack That Broke The Camel’s Back?

This could all change tomorrow. If Facebook discovers the hack was perpetrated by a foreign government to interfere with elections, by criminals to bypass identity theft security checkpoints and steal people’s bank accounts or social media profiles, or to target individuals for physical harm, out will come the pitchforks and torches. 

Given a sufficiently scary application for the data, the breach could finish the job of destroying Facebook’s brand. If users start clearing their profile data, reducing their feed browsing, and ceasing to share, the breach could have significant financial and network effect consequences for Facebook. After years of scandals, this could be the hack that’s broke the camel’s back.

Yet in the absence of that evil utilization of the hacked data, the breach could fade into the background for users. Similar to the tension-filled departures of the founders of Facebook’s acquisitions Instagram and WhatsApp, the brunt of the backlash may not come from the public.

The hack could hasten regulation of social media. Senator Warner called on Congress to “step up” following the hack. He’s previously advocated for privacy laws similar to Europe’s GDPR. That includes data portability and interoperability rules that could make it easier to switch social networks. That threat of people moving to competing apps could succeed in compelling Facebook to treat user privacy and security better.

The FTC or European Union could hand down significant fines to Facebook for the breach. But given it earns billions in profit per quarter, those fees would have to be historically massive be a serious penalty for Facebook.

One of the biggest questions about the attack is whether the tokens were used to access other services like Airbnb or Spotify that rely on Facebook Login. The breach could steer potential partners away from building atop Facebook’s identity platform. But at least you don’t have to worry about changing all your passwords. Unlike hacks that steal usernames and passwords, the lasting danger of the Facebook breach is limited. The access tokens have already been invalidated, whereas password reuse can lead people to have their other apps hacked long after the initial breach.

Desensitized

If government investigators, journalists, or anti-Facebook activists want to make the company pay for its negligence, they’ll need to connect it to some concrete threat to how we live or what we believe.

For now, without a nefarious application of the breached data, this scandal could blend into the rest of Facebook’s troubles. Every week, sometimes multiple times a week, Facebook has some headline grabbing problem. Over time, those are adding up to deter usage of Facebook and spur more users to delete it. But without an independent general purpose social network they can easily switch to, many users have endured Facebook’s stumbles in exchange for the connective utility it provides. 

As breaches become more common, the public may be desensitized. At worst, we could become complacent. Corporations should be held accountable for privacy failures even when the damage done is vague. But between Equifax, Yahoo, and the cell phone companies, we’re growing accustomed to letting out a deep sigh with maybe some expletives, and moving on with our lives. The ones we’ll remember will be those where the danger metastasized from the digital world into our offline lives.

[Featured image via Getty]

Source: Tech Crunch

French startup Klaxit connects drivers with riders so that you don’t have to take your car to work every day. And the company recently announced a new feature with the help of Uber. If your driver cancels your ride home, Klaxit will book an Uber for you.

Klaxit is a ride-sharing startup that focuses on one thing — commuting to work. And this problem is more complicated than you might think. You can’t just go to work with the same person every day because you don’t always go to work at the same time. Similarly, sometimes your driver has to leave work early, leaving you at the office with no alternative.

As a driver, you want to take the quickest route to work. So you want to be matched with riders who are exactly on the way to work.

Klaxit currently handles 300,000 rides per day. In particular, the company has partnered with 150 companies, including big French companies such as BNP Paribas, Veolia, Vinci and Sodexo.

Klaxit can be particularly useful for companies with large office buildings outside of big cities. Promoting Klaxit instantly fosters supply and demand from and to this office. But you don’t have to work for one of those companies to use Klaxit.

Local governments can also financially support Klaxit to improve traffic conditions and mobility for users who don’t have a car or a driver’s license. “Subsidizing rides on Klaxit is 8 to 10 times cheaper than building a bus line,” co-founder and CEO Julien Honnart told me.

One of the biggest concerns as a rider is that you’re going to be stuck at work in the evening. Klaxit is now asking its users to request a ride with two other drivers. If they both decline your request, Klaxit will book you an Uber ride to go back home.

You don’t have to pay the Uber ride and then get reimbursed, Klaxit pays Uber directly. You don’t need an Uber account either as Klaxit is using Uber for Business. MAIF is the insurance company behind this insurance feature, and also one of Klaxit’s investors. This is a neat feature to convince new users that they can trust Klaxit.

Klaxit competes with other French startups on this market, such as Karos and BlaBlaCar’s BlaBlaLines.

Source: Tech Crunch

French startup Ownpage has recently released a new product called Relike. Relike is one of the easiest ways to get started with email newsletters. You enter the web address of your Facebook page and that’s about it.

The company automatically pulls your most recent posts from your Facebook page and lets you set up an emailing campaign in a few clicks. You can either automatically pick your most popular Facebook posts or manually select a few posts.

Just like any emailing service, you can choose between multiple templates, decide the day of the week and time of the day, import a database of email addresses and more. If you’ve used Mailchimp in the past, you’ll feel right at home.

But the idea isn’t to compete directly with newsletter services. Many social media managers, media organizations, small companies, nonprofits and sports teams already have a Facebook page but aren’t doing anything on the email front.

Relike is free if you send less than 2,000 emails per month and don’t need advanced features. If you want to get open rates, click-through rates and other features, you’ll need to pay €5 per month and €0.50 every time you send 1,000 emails.

The company’s other product Ownpage is a bit different. Ownpage has been working with media organizations to optimize their email newsletters. The company is tracking reading habits on a news site and sending personalized email newsletters.

This way, readers will get tailored news and will more likely come back to your site. Many big French news sites use Ownpage for their newsletters, such as Les Echos, L’Express, 20 Minutes, BFM TV, Le Parisien, etc.

Ownpage founder and CEO Stéphane Cambon told me that Relike was the obvious second act. Using browsing data for customized newsletters is one thing, but many talented social media managers know how to contextualize stories and maximize clicks (even if it means clickbait, sure).

The startup was looking at a way to get this data, and ended up creating Relike, which could appeal to customers beyond news organizations. For now, both products will stick around. In the future, the company plans to add Twitter and Instagram integrations as well as better signup flows for newsletter subscribers.

Source: Tech Crunch

I looked at the TIOBE index today, as I do every so often, as most of the software pros I know do every so often. It purports to measure the popularity of the world’s programming languages, and its popularity-over-time chart tells a simple story: Java and C are, and have been since time immemorial, by some distance the co-kings of language.

But wait. Not so fast. The rival “PYPL Index” (PopularitY of Programming Languages) says that Python and Java are co-kings, and C (which is lumped in with C++, surprisingly) is way down the list. What’s going on here?

What’s going on is that the two indexes have very different methodologies … although what their methodologies have in common is both are very questionable, if the objective is to measure the popularity of programming languages. TIOBE measures the sheer quantity of search engine hits. PYPL measures how often language tutorials are Googled.

Both are bad measures. We can expect the availability of online resources to be an extremely lagging indicator; a once-dominant dead language would probably still have millions of relict web pages devoted to it, zombie sites and blog posts unread for years. And the frequency of tutorial searches will be very heavily biased towards languages taught en masse to students. That’s not a meaningful measure of which languages are actually in use by practitioners.

There are lots of weird anomalies when you look harder at the numbers. According to TIOBE, last C went from its all-time lowest rating to Programming Language Of The Year in five months. I can buy that C has had a resurgence in embedded systems. But I can also easily envision this being an artifact of a highly imperfect measure.

The more flagrant anomaly, though, in both of those measures, is the relative performance of Objective-C and Swift, the two languages used to write native iOS apps. I can certainly believe that, combined, they have recently seen a decline in the face of the popularity of cross-platform alternatives such as Xamarin and React Native. But I have a lot of trouble believing that, after four years of Apple pushing Swift — to my mind, an objectively far superior language — Objective-C is still more popular / widely used. In my day job I deal with a lot of iOS/tvOS/watchOS apps, and interview a lot of iOS developers. It’s extremely rare to find someone who hasn’t already moved from Objective-C to Swift.

But hey, anecdotes are not data, right? If the only available measures conflict with my own personal experience, I should probably conclude that the latter is tainted by selection bias. And I’d be perfectly willing to do that …

… except there is another measure of programming language popularity out there. I’m referring to GitHub’s annual reports of the fifteen most popular programming languages on its platform. Those numbers are basically a perfect match for my own experience … and they are way disjoint from the claims of both both TIOBE and PYPL.

According to GitHub’s 2016 and 2017 reports, the world’s most popular programming language, by a considerable distance, is Javascript. Python is second. Java is third, and Ruby a close fourth. This is in stark contrast to TIOBE, which has Java and C, then a big gap, then Python and C++ (Javascript is eighth) — and also to PYPL, which claims the order is: Python and Java, a huge gap, then Javascript and PHP.

Obviously the GitHub numbers are not representative of the entire field either; their sample size is very large, but only considers open-source projects. But I note that GitHub is the only measure which counts Swift as more popular than Objective-C. That makes it a lot more convincing, to me … but its open-source selection bias means it’s still far from definitive.

These statistics do actually matter, beyond being an entertaining curiosity and/or snapshot of the industry. Languages aren’t all-important, but they’re not irrelevant either. People determine what languages to study, and sometimes even what jobs to seek and accept, based on their popularity and their (related) projected future value. So it’s a little upsetting that these three measures are so starkly, radically different. Sadly, though, we seem to still be stuck with tea leaves rather than hard numbers.

Source: Tech Crunch