Home / Tag Archives: taylor-hatmaker

Tag Archives: taylor-hatmaker

U.S. lawmakers warn Canada to keep Huawei out of its 5G plans

In a letter addressed to Canadian Prime Minister Justin Trudeau, Senators Mark Warner and Marco Rubio make a very public case that Canada should leave Chinese tech and telecom giant Huawei out of its plans to build a next-generation mobile network. “While Canada has strong telecommunication security safeguards in place, we have serious concerns that such safeguards are inadequate given what the United States and other allies know about Huawei,” the letter states . The senators warn Canada to “reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance.” The outcry comes after the head of the Canadian Centre for Cyber Security dismissed security concerns regarding Huawei in comments last month. The Canadian Centre for Cyber Security is Canada’s designated federal agency tasked with cybersecurity. Next generation 5G networks already pose a number of unique security challenges . Lawmakers caution that by allowing companies linked to the Chinese government to build 5G infrastructure, the U.S. and its close allies (Canada, Australia, New Zealand and the U.K.) would be inviting the fox to guard the henhouse. As part of the Defense Authorization Act , passed in August, the U.S. government signed off on a law that forbids domestic agencies from using services or hardware made by Huawei and ZTE. A week later, Australia moved to block Huawei and ZTE from its own 5G buildout. Due to the open nature of intelligence sharing between the U.S. and its closest allies, the Canadian government would be able to obtain knowledge of any specific threats that substantiate the U.S. posture toward the Chinese company. “We urge your government to seek additional information from the U.S. intelligence community,” the letter implores. View this document on Scribd

Read More »

Apple removed Facebook’s Onavo from the App Store for gathering app data

If you were on the edge of your seat wondering what Facebook’s next major consumer privacy headache would be, the wait is over! The Wall Street Journal reports that Apple has deemed Facebook-owned app Onavo in violation of its App Store policies and will be giving it the boot shortly. In a statement to TechCrunch, an Apple spokesperson explained the reasoning behind its decision to pull the app: We work hard to protect user privacy and data security throughout the Apple ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used. In some ways, it’s a wonder that Onavo has lasted this long. Onavo, which Facebook bought back in 2013 , does two things. As far as regular consumers are concerned, Onavo comports itself like a VPN , offering to “keep you and your data safe” and “blocking potentially harmful websites and securing your personal information.” But Onavo’s real utility is pumping a ton of app usage data to its parent company, giving Facebook an invaluable bird’s-eye view into mobile trends by observing which apps are gaining traction and which are fizzling out. That perspective is useful both from a product standpoint, allowing Facebook to get ahead of the competition (Snapchat is a fine example), and giving it an edge for considering which competitors to acquire. That dual personality is likely part of the problem for Apple. In its descriptions, Onavo leans heavily on its promise to “protect your personal information” and the cover story of a fairly legitimate looking VPN. With no meaningful opt-in for users who want to use Onavo’s VPN services but might be hesitant about sharing data with Facebook, the app’s true intentions were buried deep in its description: “Onavo collects your mobile data traffic… Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.” By February of this year, the Onavo app had been downloaded more than 33 million times across both iOS and Android . While the app is no longer showing up in searches within Apple’s App Store, it’s still alive and well in Google’s considerably more free-wheeling app store, so Facebook will have to lean more heavily on its Android eyes and ears for now.

Read More »

10 startups that caught our eye from day 1 of YC Demo Day S18

From new wearables that detect breast cancer to creating the industrial supply chain for the meat replacement industry, the latest crop of Y Combinator companies showcased the breadth of entrepreneurial innovation that encapsulates the waning days of 2018. While the entire batch of 63 companies was impressive, a few in particular caught our eye. So take a look below at our picks for some of the hits from this year’s summer cohort of companies. Oxygen Breaking freelancers from the month-to-month boom-and-bust payment cycles that bind them, Oxygen provides working capital loans to freelancers who can go months without getting a paycheck. The company is more than willing to work with a group of borrowers who collectively make $1.4 trillion in 1099 income annually and who are locked out of loans. Oxygen offers flat-fee access to credit and free mobile banking, all while using machine learning to determine credit worthiness. Freelance workers of the world unite, indeed! Why we liked it: Opening a new market in the lending space is a multi-billion-dollar opportunity for the company that gets it right. Higia By monitoring thermal patterns inside a breast, the startup  Higia  hopes it can offer women a better, non-invasive method to detect breast cancer. The company’s wearable device, called EVA, can be placed under any sports bra, and offers a new way to fill the gaps that current screening techniques aren’t addressing — things like early breast cancer detection in women with high breast density. The company has already pre-sold 5,000 units in Mexico and will begin shipping them in the fall of 2018.

Read More »

Twitter defends its decision to keep the Alex Jones conspiracy factory around

Heavy sigh Twitter is doing that thing again. That thing where it stands by an incoherent policy choice that is only consistent with its long historical record of inconsistency. Late Tuesday, Twitter’s Jack Dorsey took to the platform to defend his company’s choice to keep manic conspiracy theorist and hatemonger Alex Jones and his Infowars empire alive and tweeting. Last week, that choice wouldn’t have turned heads, but after a kind of sudden and inexplicable sea change from all of the other major social platforms over the weekend, Twitter stands alone. To be fair, those social platforms didn’t really assert their own decisions to oust Jones — Apple led the pack, kicking him out of its Podcasts app, and the rest — Facebook, Spotify and YouTube, most notably — meekly followed suit. Prior to its new statements, Twitter justified its decision to not ban Jones first by telling journalists like us that Jones didn’t actually violate Twitter’s terms of service  because most of his abuse and hateful conduct, two violations that might get him banished, live one click away, outside the platform. The same could be said for most of the hateful drivel that came from the infamous account of the now-banned Milo Yiannopoulos. Yiannopoulos was eventually booted from Twitter for violating the platform’s periodically enforced prohibition against “the targeted abuse or harassment of others.” Jones is known for commanding a similarly hateful online loser army, though in his case they mostly spend their time harassing the parents of Sandy Hook victims rather than black actresses. Twitter’s point is that this kind of harassment needs to actually take place on its platform  to get a user kicked off, which in a world in which Twitter policy was uniformly enforced (i.e. a world in which Twitter dedicated sufficient resources to the problem) that would at least be a consistent policy. Instead of articulating that policy in a clear, decisive way, Twitter said some unnecessarily defensive things that kind of miss the point via an @jack tweetstorm and a tepid blog post  touting the company’s vague new commitment to “healthy public conversation.” If you didn’t read either, you’re not missing anything. Here’s an excerpt from the blog post: “Our policies and enforcement options evolve continuously to address emerging behaviors online and we sometimes come across instances where someone is reported for an incident that took place prior to that behavior being prohibited

Read More »

Coinbase adds instant trading, and increases daily limits

Coinbase just announced two new perks that should please regular cryptocurrency traders. Starting on Tuesday, new Coinbase users will no longer have to wait for five days to trade after signing up for the exchange. As the company explained in a blog post: … When someone makes the decision to sign up, they don’t want to wait days before they can start buying cryptocurrency. While we do support instant transfers via wire transfer and debit cards, purchases via direct debits from your bank account can take days to appear. With this update, customers will receive an immediate credit for the funds being sent from their bank account. They can then buy and sell crypto to and from their USD wallet right away, but cannot send their funds off the Coinbase platform until the funds coming from their bank have settled. With the new trading restriction lifted, Coinbase is also raising the daily purchase limit for its tier of verified users to $25,000, up from the previous $25,000 weekly limit. New users chomping at the bit to start swapping for digital currencies or current high-rollers looking to push the daily limits should note that completing Coinbase’s identity verification, which requires uploading a driver’s license for U.S. users, is a prerequisite for either new perk. “Customers who have not yet completed this process will be required to do so before having access to instant purchases, new trading limits and the ability to withdraw or send coins off-platform,” Coinbase explains in the blog post.

Read More »

Activists push back on Facebook’s decision to remove a DC protest event

A number of activists and organizers in the Washington, DC area are disputing Facebook’s decision to remove a counter-protest event for a rally organized by Jason Kessler , the white nationalist figure who planned the deadly 2017 rally in Charlottesville, Va. Facebook removed the event, “No Unite the Right 2-DC,” after discovering that one account connected to the event exhibited what Facebook calls “coordinated inauthentic behavior.” The company defines this activity as “people or organizations creating networks of accounts to mislead others about who they are, or what they’re doing.” The Facebook page at the center of the controversy was called “Resisters.” TechCrunch confirmed that the Resisters page was created by “bad actors,” as defined by the company, who coordinated fake accounts to deceive users. Facebook ultimately removed the No Unite the Right 2-DC event due to its known interaction and engagement with the Resisters page and maintains that Resisters was an illegitimate page from its inception. As the company explained in its blog post: The “Resisters” Page also created a Facebook Event for a protest on August 10 to 12 and enlisted support from real people… Inauthentic admins of the “Resisters” Page connected with admins from five legitimate Pages to co-host the event. The company also observed that a known Internet Research Agency (IRA) account joined the counter-protest event as an admin, though it only served as an admin for seven minutes. (The IRA has been assessed by the U.S. intelligence community as a content farm likely funded by a close Putin ally with ties to Russian intelligence.) On top of that, Facebook noted that an IRA account the company was aware of shared a Facebook event hosted by Resisters in 2017. Here’s where things get even more tricky. The event that Facebook deleted had been taken over by a handful of  real DC area activist groups.  These groups, including Smash Racism DC, Black Lives Matter DC, Black Lives Matter Charlottesville and other local groups , worked together under the coalition name “Shut It Down DC” and their actions and plans were not inspired by the “No Unite the Right 2” event, they just happened to cross paths.

Read More »

Facebook has found evidence of influence campaigns targeting U.S. midterms

In a newsroom post Tuesday , Facebook revealed that it has detected evidence of “coordinated inauthentic behavior” designed to influence U.S. politics on its platform. According to Facebook’s Head of Cybersecurity Policy Nathaniel Gleicher, the company first identified the activity two weeks ago. So far, the activity encompasses eight Facebook Pages, 17 profiles and seven accounts on Instagram. Facebook stated that the activity “violates our ban on coordinated inauthentic behavior” though so far is unable to attribute the activity to Russia or any other entity with an interest in influencing U.S. politics. Facebook has been in contact with Congress and law enforcement about the discovery, which suggests that social platforms should expect to again detect the kind of coordinated disinformation campaigns targeted the 2016 election around U.S. midterm elections this November. The company stated that more than 290,000 accounts followed one of the Pages it identified. The Pages in question were created starting in March 2017 and most recently in May of 2018. The most popular Pages displaying this kind of behavior were “Aztlan Warriors,” “Black Elevation,” “Mindful Being,” and “Resisters.” The other Pages had less than 10 followers each and the Instagram account did not have any followers. That does not necessarily discount other kinds of potential activity like commenting and messaging. According to Facebook, “They ran about 150 ads for approximately $11,000 on Facebook and Instagram, paid for in US and Canadian dollars” between April 2017 and June of this year.

Read More »

Google’s lead lawyer moves into a global policy role

Google is promoting its top lawyer, Kent Walker, into a global policy position, CNBC reports . Walker, Google SVP and general counsel, has already been a public voice in the company’s recent privacy tangles, but will move into a formal role as senior vice president of global affairs, overseeing Google’s policy, trust and safety, corporate philanthropy and legal teams. Last year, Walker joined Richard Salgado, Google’s Director, Law Enforcement and Information Security, to head to Capitol Hill for the first round of reckoning on big tech’s failure to mitigate political disinformation campaigns during the 2016 U.S. presidential election. Since then, Walker has commented publicly on Google’s policies around political ad transparency and extremist content on YouTube, among other policy issues facing the company. With social platforms at an ethical crossroads globally and tech chafing at its newly forced compliance with international privacy laws, any public-facing global policy role will be very much in the spotlight in 2018 and beyond. Google hired Walker away from eBay in 2006, where he served as the company’s deputy general counsel. Prior to his time at eBay (and AOL, prior to that), Walker was an assistant U.S. attorney with the Department of Justice.

Read More »

Idaho inmates hacked prison-issued tablets for $225,000 in credits

Inmates in Idaho successfully hacked the software of the prison-issued tablets to issue themselves nearly a quarter of a million dollars in credits on the devices that are often one of their only connections to the outside world. The tablets, made by prominent prison vendor JPay, give inmates the ability to use email, listen to music and transfer money, among other basic computing functions, but charge fees for some services. The Associated Press reports that Idaho prison officials discovered 364 inmates leveraging a software vulnerability to increase their JPay account balances. In Idaho, the devices are the result of a partnership between JPay and CenturyLink. The latter company confirmed the software vulnerability but declined to offer further details beyond stating that it had since been resolved. Of the 364 inmates exploiting JPay , 50 inmates were able to issue themselves credits for more than $1,000. One inmate was able to use the software flaw to self-issue a credit of almost $10,000. The company has recovered about a quarter of the total of around $225,000 so far and has suspended some functions for inmates until they reimburse the stolen credits. “This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” Idaho Department of Correction spokesperson Jeff Ray said in a statement on the JPay incident. The individuals exploiting the JPay system are incarcerated at a handful of Idaho prisons, including Idaho State Correctional Institution, Idaho State Correctional Center, South Idaho Correctional Institution, Idaho Correctional Institution-Orofino and a private Correctional Alternative Placement Plan building. On its website, JPay describes itself as a “highly trusted name in corrections because we offer a fast and secure method of sending money,” which seems up for debate given the recent turn of events.

Read More »

You can buy the NES Classic and SNES Classic on Amazon now

If you missed the first few rounds of excitement about Nintendo’s mini nostalgia machines , you’ve got another shot at paying a normal price. Nintendo’s NES and SNES Classic consoles aren’t always easy to find, but they’re now available from Amazon for $59.99 (NES Classic) and $79.99 (SNES Classic) . You can place an order for either right now, though be aware that the NES Classic won’t ship until it’s back in stock on August 12 and the SNES Classic looks like it’ll be back on August 3 — a pretty reasonable wait for a sure thing. Update: It looks like Amazon’s stock of the NES Classic may have already run out in the course of the last few minutes, though the SNES version is still available at its normal retail price of $79.99 (and let’s be real, it was the best console). They seem to be dropping in and out of availability, so try refreshing! When they were first introduced, the reimagined versions of two of the best-loved consoles of all-time arrived to feverish demand. Back in 2016, the NES Classic was difficult to hunt down, and when it hit in August 2017, the SNES followed suit, managing to even outpace interest in its own progenitor. (Naturally, scarcity is the perfect fuel for a nostalgia-powered fire.) Nintendo originally didn’t intend for either console to be restocked indefinitely, but after observing the “ unbridled enthusiasm ” of the retro gaming boxes it decided to keep them around. The consoles reappeared in May and June but sold out quickly. Even with the repeat appearances, it’s been hard to keep track of when and where the things go on sale. If you’re reading this and you’ve yet to score a one-way ticket to nostalgic 8- or 16-bit euphoria, the Amazon listings look like a sure bet — for the moment, anyhow.

Read More »

Instagram adds a status indicator dot so people know when you’re ignoring them

In a blog post today , Instagram announced a new feature: a green status dot that indicates when a user is active on the app. If you’re cruising around Instagram, you can expect to see a green dot next to the profile pics of friends who also are Instagramming right then and there. The dot will show up in the direct messaging part of the app but also on your friend’s list when you go to share a post with someone. Instagram clarifies that “You will only see status for friends who follow you or people who you have talked to in Direct,” so it’s meant to get you talking more to the people you’re already talking to. You can disable the status info in the “Activity Status” bit of the app’s Settings menu, where it’s set to “on” by default. Prior to the advent of the green dot, Instagram already displayed how long ago someone was active by including information like “Active 23m ago” or “Active Now” in grey text next to their account info where your direct messages live. For those of us who prefer a calm, less real-time experience, the fact that features like these come on by default is a bummer. Given the grey activity status text, the status dot may not seem like that much of a change. Still, it’s one opt-out design choice closer to making Instagram a compulsive real-time social media nightmare like Facebook or Facebook Messenger. The quiet, incremental rollout of features like the grey status text is often so subtle that users don’t notice it — as a daily Instagram user, I barely did. Making major shifts very gradually is the same game Facebook always plays with its products, layering slight design changes that alter user behavior until one day you wake up and aren’t using the same app you used to love, but somehow you can’t seem to stop using it. Instagram is working on a feature for in-app time management , but stuff like this negates Facebook’s broader supposed efforts to make our relationship with its attention-hungry platforms less of a compulsive tic. It’s not like users will be relieved that they can now see who is “online” in the app

Read More »

Cloudflare recruits state and local governments for free election site security program

After launching a free program to protect election systems last December, Cloudflare has an update on how things are going. The program, known as the Athenian Project , provides Cloudflare’s services for free to state and local government websites that administer elections, host voter registration or verification data or report election results. Those services include the DDoS protection the company is best known for but also its Web Application Firewall service, IP reputation database and the ability to cut off web traffic from a particular country or IP address. Cloudflare also is offering how-to videos and other documentation to explain its protections to potential clients. “In November, every state and district in the country will hold congressional elections. Election officials — and all of us — want to make sure that voter information remains secure and that websites stay online as voters seek out information on polling places and voting requirements, and anxiously refresh results pages on election night,” the company wrote in its blog. Cloudflare’s July Athenian Project update shows that more state and local governments are getting on board with the suite of free election services. Though many declined to be named, that includes the San Francisco board of elections, South Carolina’s Pickens County, North Carolina’s State Board of Elections and the state governments in Hawaii, Idaho and Rhode Island. The company notes that it has been in talks with election officials in 27 states out of 50 and Cloudflare’s protections have been implemented in 10 state election websites so far. Over the last six months, an increasing number of security companies have begun offering their services for free or at a discount to state and local election authorities. Last month, Synack announced free penetration testing for voter registration sites and voter databases. In April, Centrify offered a free eight months’ worth of its identity management software to state and local election boards. Because elections are run by states with mostly opt-in federal assistance , interest in these programs is uneven. Still, more security is better than no security. “To work as designed, citizens must trust the electoral system, its strength, integrity, and the people who protect it,” Cloudflare wrote in its blog update

Read More »

Reddit expands chat rooms to more subreddits

If you’d rather spend time chatting with strangers who share a hyper-specific interest instead of keeping up with your co-workers’ stale memes on Slack, Reddit is ready for you. The platform has quietly been working on a chat room feature for months now, and today it expands beyond its early days as a very limited closed beta. Plenty of subreddits already make use of a chat room feature, but these live outside of Reddit, usually on Slack or Discord. Given that, it makes sense for Reddit to lure those users back into the engaging on Reddit itself by offering its own chat feature. I spent a little time hanging out in the /r/bjj (brazilian jiu jitsu) chat as well as the psychedelics chat affiliated with r/weed to see how things went across the spectrum, and it was pretty chill — mostly people asking for general advice or seeking answers to specific questions. In a Reddit chat linked to the r/community_chat subreddit — the hub for the new chat feature — redditors discussed if the rooms would lead to more or less harassment and if the team should add upvotes, downvotes and karma to chat to make it more like Reddit’s normal threads. Of course, what I saw is probably a far cry from what chat will look like if and when some of its more inflammatory subreddits get their hands on the new feature. We’ve reached out to Reddit with questions about if all subreddits, even the ones hidden behind content warnings, will be offered the new chat functionality. Chat rooms are meant as a supplement to already active subreddits, not a standalone community, so it’s basically like watching a Reddit thread unfold in real time. On the Reddit blog , u/thunderemoji writes about why Reddit is optimistic that chat rooms won’t just be another trolling tool: I was initially afraid that most people would bring out the pitchforks and… unkind words. I was pleasantly surprised to find that most people are actually quite nice. The nature of real-time, direct chat seems to be especially disarming. Even when people initially lash out in frustration or to troll, I found that if you talk to them and show them you’re a regular human like them, they almost always chill out.

Read More »

Putin proposes a joint cybersecurity group with the US to investigate Russian election meddling

Over the course of Monday’s controversial Helsinki summit, Russian President Vladimir Putin pushed an agenda that would ostensibly see the U.S. and Russia working side by side as allies. The two countries make stranger bedfellows than ever as just days prior, Trump’s own Department of Justice indicted 12 Russian intelligence officials for the infamous 2016 Democratic National Committee hack. Nonetheless, the Russian president revived talks of a joint group between the U.S. and Russia dedicated to cybersecurity matters. For anyone with the security interests of the U.S. at heart, such a proposal, which Trump endorsed in a tweet one year ago, would truly be a worst-case scenario outcome of the puzzlingly cozy relationship between the two world leaders. “Once again, President Trump mentioned the issue of the so-called interference of Russia during the American elections and I had to reiterate things I said several times…,” Putin said in Helsinki. “Any specific material, if such things arise, we are ready to analyze together. For instance, we can analyze them through the joint working group on cyber security, the establishment of which we discussed during our previous contacts.” U.S. officially attributes DNC hack to Russia Putin added that Russia favors “continued cooperation in counter-terrorism and maintaining cyber security.” “The most recent example is their operational cooperation within the recently concluded World Football Cup,” Putin said. “In general, the contacts among the special services should be put to a system-wide basis should be brought to a systemic framework. I reminded President Trump about the suggestion to re-establish the working group on anti-terrorism.” Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded.. — Donald J.

Read More »

Uber is being investigated for gender discrimination in a federal probe

As Uber tries to chart a new course, it still can’t manage to outrun news that paints its corporate culture in an ugly light. As  The Wall Street Journal reports , Uber is being investigated by the Equal Employment Opportunity Commission (EEOC) for gender disparities pertaining to hiring practices and pay. The EEOC probe began in August 2017 and the commission has been interviewing employees and collecting relevant documents since. The EEOC declined to provide details to TechCrunch due to “confidentiality provisions,” adding that details of an EEOC investigation “become public only when the EEOC files a lawsuit, which is typically a last resort.” An Uber spokesperson told TechCrunch that the company has “proactively made a lot of changes in the last 18 months.” Those changes include creating and enacting a new “salary and equity structure,” reforming the way it conducts performance reviews to emphasize high-quality feedback, putting out diversity and inclusion reports and involving more employees in diversity trainings. Uber put out its first diversity and inclusion report in March 2017 and in April of this year updated those numbers , which demonstrate some movement in the right direction, albeit at a glacial pace. In the latest report, the company noted it had increased the percentage of women in its workforce from 36.1 to 38 percent, which isn’t exactly progress to write home about. With new CEO Dara Khosrowshahi, Uber is hoping to rewrite its own story, but the company continues to be embroiled in leadership turbulence, like last week’s departure of Chief People Officer Liane Hornsey after an internal investigation into race-based discrimination and last month’s departure of Chief Brand Officer Bozoma Saint John . It’s worth noting that Uber isn’t being singled out by the EEOC, which has also launched recent investigations into age discrimination at Intel and gendered pay discrepancies at Google . Still, for Uber, no news would be good news — even just for a little while.

Read More »