Hello friends, and welcome back to Week in Review.
Last week, we dove into the truly bizarre machinations of the NFT market. This week, we’re talking about something that’s a little bit more impactful on the current state of the web — Apple’s NeuralHash kerfuffle.
In the past month, Apple did something it generally has done an exceptional job avoiding — the company made what seemed to be an entirely unforced error.
In early August — seemingly out of nowhere** — the company announced that by the end of the year they would be rolling out a technology called NeuralHash that actively scanned the libraries of all iCloud Photos users, seeking out image hashes that matched known images of child sexual abuse material (CSAM). For obvious reasons, the on-device scanning could not be opted out of.
This announcement was not coordinated with other major consumer tech giants, Apple pushed forward on the announcement alone.
Researchers and advocacy groups had almost unilaterally negative feedback for the effort, raising concerns that this could create new abuse channels for actors like governments to detect on-device information that they regarded as objectionable. As my colleague Zach noted in a recent story, “The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology.”
(The announcement also reportedly generated some controversy inside of Apple.)
The issue — of course — wasn’t that Apple was looking at find ways that prevented the proliferation of CSAM while making as few device security concessions as possible. The issue was that Apple was unilaterally making a massive choice that would affect billions of customers (while likely pushing competitors towards similar solutions), and was doing so without external public input about possible ramifications or necessary safeguards.
A long story short, over the past month researchers discovered Apple’s NeuralHash wasn’t as air tight as hoped and the company announced Friday that it was delaying the rollout “to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”
Having spent several years in the tech media, I will say that the only reason to release news on a Friday morning ahead of a long weekend is to ensure that the announcement is read and seen by as few people as possible, and it’s clear why they’d want that. It’s a major embarrassment for Apple, and as with any delayed rollout like this, it’s a sign that their internal teams weren’t adequately prepared and lacked the ideological diversity to gauge the scope of the issue that they were tackling. This isn’t really a dig at Apple’s team building this so much as it’s a dig on Apple trying to solve a problem like this inside the Apple Park vacuum while adhering to its annual iOS release schedule.
Image Credits: Bryce Durbin / TechCrunch /
Apple is increasingly looking to make privacy a key selling point for the iOS ecosystem, and as a result of this productization, has pushed development of privacy-centric features towards the same secrecy its surface-level design changes command. In June, Apple announced iCloud+ and raised some eyebrows when they shared that certain new privacy-centric features would only be available to iPhone users who paid for additional subscription services.
You obviously can’t tap public opinion for every product update, but perhaps wide-ranging and trail-blazing security and privacy features should be treated a bit differently than the average product update. Apple’s lack of engagement with research and advocacy groups on NeuralHash was pretty egregious and certainly raises some questions about whether the company fully respects how the choices they make for iOS affect the broader internet.
Delaying the feature’s rollout is a good thing, but let’s all hope they take that time to reflect more broadly as well.
** Though the announcement was a surprise to many, Apple’s development of this feature wasn’t coming completely out of nowhere. Those at the top of Apple likely felt that the winds of global tech regulation might be shifting towards outright bans of some methods of encryption in some of its biggest markets.
Back in October of 2020, then United States AG Bill Barr joined representatives from the UK, New Zealand, Australia, Canada, India and Japan in signing a letter raising major concerns about how implementations of encryption tech posed “significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.” The letter effectively called on tech industry companies to get creative in how they tackled this problem.
Here are the TechCrunch news stories that especially caught my eye this week:
LinkedIn kills Stories
You may be shocked to hear that LinkedIn even had a Stories-like product on their platform, but if you did already know that they were testing Stories, you likely won’t be so surprised to hear that the test didn’t pan out too well. The company announced this week that they’ll be suspending the feature at the end of the month. RIP.
FAA grounds Virgin Galactic over questions about Branson flight
While all appeared to go swimmingly for Richard Branson’s trip to space last month, the FAA has some questions regarding why the flight seemed to unexpectedly veer so far off the cleared route. The FAA is preventing the company from further launches until they find out what the deal is.
Apple buys a classical music streaming service
While Spotify makes news every month or two for spending a massive amount acquiring a popular podcast, Apple seems to have eyes on a different market for Apple Music, announcing this week that they’re bringing the classical music streaming service Primephonic onto the Apple Music team.
TikTok parent company buys a VR startup
It isn’t a huge secret that ByteDance and Facebook have been trying to copy each other’s success at times, but many probably weren’t expecting TikTok’s parent company to wander into the virtual reality game. The Chinese company bought the startup Pico which makes consumer VR headsets for China and enterprise VR products for North American customers.
Twitter tests an anti-abuse ‘Safety Mode’
The same features that make Twitter an incredibly cool product for some users can also make the experience awful for others, a realization that Twitter has seemingly been very slow to make. Their latest solution is more individual user controls, which Twitter is testing out with a new “safety mode” which pairs algorithmic intelligence with new user inputs.
Some of my favorite reads from our Extra Crunch subscription service this week:
Our favorite startups from YC’s Demo Day, Part 1
“Y Combinator kicked off its fourth-ever virtual Demo Day today, revealing the first half of its nearly 400-company batch. The presentation, YC’s biggest yet, offers a snapshot into where innovation is heading, from not-so-simple seaweed to a Clearco for creators….”
“…Yesterday, the TechCrunch team covered the first half of this batch, as well as the startups with one-minute pitches that stood out to us. We even podcasted about it! Today, we’re doing it all over again. Here’s our full list of all startups that presented on the record today, and below, you’ll find our votes for the best Y Combinator pitches of Day Two. The ones that, as people who sift through a few hundred pitches a day, made us go ‘oh wait, what’s this?’
All the reasons why you should launch a credit card
“… if your company somehow hasn’t yet found its way to launch a debit or credit card, we have good news: It’s easier than ever to do so and there’s actual money to be made. Just know that if you do, you’ve got plenty of competition and that actual customer usage will probably depend on how sticky your service is and how valuable the rewards are that you offer to your most active users….”
In recent years, the private sector has been spurning proprietary software in favor of open source software and development approaches. For good reason: The open source avenue saves money and development time by using freely available components instead of writing new code, enables new applications to be deployed quickly and eliminates vendor lock-in.
The federal government has been slower to embrace open source, however. Efforts to change are complicated by the fact that many agencies employ large legacy IT infrastructure and systems to serve millions of people and are responsible for a plethora of sensitive data. Washington spends tens of billions every year on IT, but with each agency essentially acting as its own enterprise, decision-making is far more decentralized than it would be at, say, a large bank.
While the government has made a number of moves in a more open direction in recent years, the story of open source in federal IT has often seemed more about potential than reality.
But there are several indications that this is changing and that the government is reaching its own open source adoption tipping point. The costs of producing modern applications to serve increasingly digital-savvy citizens keep rising, and agencies are budget constrained to find ways to improve service while saving taxpayer dollars.
Sheer economics dictate an increased role for open source, as do a variety of other benefits. Because its source code is publicly available, open source software encourages continuous review by others outside the initial development team to promote increased software reliability and security, and code can be easily shared for reuse by other agencies.
Here are five signs I see that the U.S. government is increasingly rallying around open source.
Two initiatives have gone a long way toward helping agencies advance their open source journeys.
18F, a team within the General Services Administration that acts as consultancy to help other agencies build digital services, is an ardent open source backer. Its work has included developing a new application for accessing Federal Election Commission data, as well as software that has allowed the GSA to improve its contractor hiring process.
18F — short for GSA headquarters’ address of 1800 F St. — reflects the same grassroots ethos that helped spur open source’s emergence and momentum in the private sector. “The code we create belongs to the public as a part of the public domain,” the group says on its website.
Five years ago this August, the Obama administration introduced a new Federal Source Code Policy that called on every agency to adopt an open source approach, create a source code inventory, and publish at least 20% of written code as open source. The administration also launched Code.gov, giving agencies a place to locate open source solutions that other departments are already using.
The results have been mixed, however. Most agencies are now consistent with the federal policy’s goal, though many still have work to do in implementation, according to Code.gov’s tracker. And a report by a Code.gov staffer found that some agencies were embracing open source more than others.
Still, Code.gov says the growth of open source in the federal government has gone farther than initially estimated.
The American Rescue Plan, a $1.9 trillion pandemic relief bill that President Biden signed in early March 2021, contained $9 billion for the GSA’s Technology Modernization Fund, which finances new federal technology projects. In January, the White House said upgrading federal IT infrastructure and addressing recent breaches such as the SolarWinds hack was “an urgent national security issue that cannot wait.”
It’s fair to assume open source software will form the foundation of many of these efforts, because White House technology director David Recordon is a long-time open source advocate and once led Facebook’s open source projects.
Federal IT employees who spent much of their careers working on legacy systems are starting to retire, and their successors are younger people who came of age in an open source world and are comfortable with it.
About 81% of private sector hiring managers surveyed by the Linux Foundation said hiring open source talent is a priority and that they’re more likely than ever to seek out professionals with certifications. You can be sure the public sector is increasingly mirroring this trend as it recognizes a need for talent to support open source’s growing foothold.
By partnering with the right commercial open source vendor, agencies can drive down infrastructure costs and more efficiently manage their applications. For example, vendors have made great strides in addressing security requirements laid out by policies such as the Federal Security Security Modernization Act (FISMA), Federal Information Processing Standards (FIPS) and the Federal Risk and Authorization Management Program (FedRamp), making it easy to deal with compliance.
In addition, some vendors offer powerful infrastructure automation tools and generous support packages, so federal agencies don’t have to go it alone as they accelerate their open source strategies. Linux distributions like Ubuntu provide a consistent developer experience from laptop/workstation to the cloud, and at the edge, for public clouds, containers, and physical and virtual infrastructure.
This makes application development a well-supported activity that includes 24/7 phone and web support, which provides access to world-class enterprise support teams through web portals, knowledge bases or via phone.
Whether it’s accommodating more employees working from home or meeting higher citizen demand for online services, COVID-19 has forced large swaths of the federal government to up their digital game. Open source allows legacy applications to be moved to the cloud, new applications to be developed more quickly, and IT infrastructures to adapt to rapidly changing demands.
As these signs show, the federal government continues to move rapidly from talk to action in adopting open source.
Who wins? Everyone!
Less than a year after raising its $6 million seed funding round, Tel Aviv and Sunnyvale-based startup Build.security is being acquired by Elastic. Financial terms of the deal are not being publicly disclosed at this time. The deal is expected to close in Elastic’s Q2 FY22, ending Oct. 31, 2021.
In an email to TechCrunch, Ash Kulkarni, chief product officer at Elastic, said that once the acquisition closes, the build.security technical team will continue as a unit in the Elastic Security organization. Kulkarni added that the acquisition will also become the foundation for a growing Elastic presence in Israel, with Amit Kanfer, co-founder and CEO of build.security set to become the site lead for the region.
Build.security is focused on security policy management for applications. A core element of the company’s technology approach is the Open Policy Agent (OPA) open source project, which is part of the Cloud Native Computing Foundation (CNCF), which is also home to Kubernetes. OPA was originally started by startup Styra, which itself has raised $40 million in funding to help build out policy management and authorization technology. Part of OPA is the Rego query language which is used to structure security and authorization configuration policies.
“We see policy as a fundamental cornerstone of security,” Kulkarni said. “OPA and Rego provide an open, standards-based way to define, manage, and enforce policies everywhere.”
Kulkarni noted that security policy technology is complementary to Elastic’s efforts in security and observability. He added that Elastic sees potential for using OPA and the technology that build.security has built on top of OPA to power deployment time, and in the future, build-time security for cloud-native environments.
YL Venture partner John Brennan who helped to lead the seed round of build.security sees the acquisition as being a good fit for both companies, as they are both creating solutions for developers that are based on open source technologies.
“This move by a market leader like Elastic validates the need for transformation in the authorization space,” Brennan said. “This partnership will accelerate build.security’s shift left vision of efficiently embedding access protection from the start, rather than trying to bolt it on after the fact or, worse, ignoring it completely.”
Elastic is known for its Elastic Stack, which provides Elasticsearch search capability, Logstash log monitoring and Kibana data visualization. In recent years the company has expanded into the security space, acquiring Endgame Security in 2019 for $234 million. On Aug. 3, Elastic announced its Limitless XDR capabilities which brings together endpoint security with security information and event management (SIEM).
With its new acquisition, Kulkarni said the goal is to go even deeper into security moving toward cloud security enforcement. He explained that after the acquisition closes and as the technology is integrated, users will be able to leverage the Elastic Stack to visualize and manage compliance policies and policy decisions at scale. An initial use-case for the build.security technology will be developing a Kubernetes security and compliance product based on OPA.
Luis Mario Garcia grew up in Mexico making deliveries for the grocery stores in his neighborhood. After honing his startup skills in San Francisco, he returned to Mexico with the idea of building a software company.
That’s when he met his co-founder Javier Gonzalez and the pair started Orchata in 2020, a mobile app enabling consumers to get groceries delivered in 15 minutes, with no substitutes and at supermarket prices. Products delivered include fresh fruit, beverages, bread, medicine and household essentials, Garcia told TechCrunch.
Orchata does this by operating a network of micro fulfillment centers — it is already operating in two cities — with technology for efficient picking and hyperfast delivery.
Online food delivery sales in Latin America are projected to reach $9.8 billion by 2024, with the global pandemic driving demand for faster delivery, according to Statista. Garcia sees three different waves in this market: the first one being traditional supermarkets, where you can spend hours, which led to the second wave of food delivery companies, including some big players in the region — for example Rappi in Colombia, which in July raised $500 million in Series F funding at a $5.25 billion valuation in a round led by T. Rowe Price, and Cornershop in Chile, which was acquired by Uber in 2019.
However, Garcia said many of these services still take more than an hour from order to doorstep and may require phone calls if an item is not available. He wants to be part of a third wave — software that is integrated with inventory and delivery that is super fast, and no substitutions.
“This is similar to what is going on around the world, but there is a huge opportunity to bring convenience, to be the Gopuff for Latin America, and we want to build it first in the region,” Garcia said.
The Monterrey-based company was part of Y Combinator’s summer 2020 cohort and on Friday announced a $4 million seed round from a group of investors, including Y Combinator, JAM Fund, FJ Labs, Venture Friends, Investo and Foundation Capital, and angel investors Ross Lipson, Mike Hennessey, Brian Requarth and Javier Mata.
Jonathan Lewy, co-founder of Grin Scooters and founder of Investo, is also an investor in Rappi. He said Garcia was building a product for the end user, with the key being the building of the infrastructure and inventory. Lewy believes Garcia understands how quick delivery should be done and that it is not just about offering a mobile app, but building the technology behind it.
Meanwhile, Justin Mateen, general partner at JAM Fund, and co-founder of Tinder and an early-stage investor, met Garcia over a year ago and was one of the company’s first investors. He said Garcia’s and Gonzalez’s initial idea for the model of grocery stores was still not solving the problem, but then they pivoted to doing fulfillment and inventory themselves.
“He fits the mold of what I look for in a founder, and he is the type of founder that doesn’t give up,” Mateen said. “Luis finally agreed to let me double down on my investment. The model makes sense now, he is on to something and it is now going to be about execution of capital as he scales.”
Both Mateen and Lewy agree that there will be similar apps coming because food delivery is such a large market, but that Orchata has a clear advantage of owning the customer experience from beginning to end.
Having only launched four months ago, Orchata is already processing thousands of orders and is seeing 100% monthly growth. The new funding will enable Orchata to expand into three new cities in Mexico. Garcia is also eyeing Colombia, Brazil, Peru and Chile for future expansion.
The company is also targeting multiple use cases, including someone noticing a forgotten item while cooking to consumers shopping for the week or teenagers needing food for a party.
“We are going to be super convenient to customers, and we think every use case for food delivery will be this way in the future,” Garcia said. “We will eventually introduce our own brands and foods with the goal of being that app that is there anytime you need it.”
I worked at Google for six years. Internally, you have no choice — you must use Kubernetes if you are deploying microservices and containers (it’s actually not called Kubernetes inside of Google; it’s called Borg). But what was once solely an internal project at Google has since been open-sourced and has become one of the most talked about technologies in software development and operations.
For good reason. One person with a laptop can now accomplish what used to take a large team of engineers. At times, Kubernetes can feel like a superpower, but with all of the benefits of scalability and agility comes immense complexity. The truth is, very few software developers truly understand how Kubernetes works under the hood.
I like to use the analogy of a watch. From the user’s perspective, it’s very straightforward until it breaks. To actually fix a broken watch requires expertise most people simply do not have — and I promise you, Kubernetes is much more complex than your watch.
How are most teams solving this problem? The truth is, many of them aren’t. They often adopt Kubernetes as part of their digital transformation only to find out it’s much more complex than they expected. Then they have to hire more engineers and experts to manage it, which in a way defeats its purpose.
Where you see containers, you see Kubernetes to help with orchestration. According to Datadog’s most recent report about container adoption, nearly 90% of all containers are orchestrated.
All of this means there is a great opportunity for DevOps startups to come in and address the different pain points within the Kubernetes ecosystem. This technology isn’t going anywhere, so any platform or tooling that helps make it more secure, simple to use and easy to troubleshoot will be well appreciated by the software development community.
In that sense, there’s never been a better time for VCs to invest in this ecosystem. It’s my belief that Kubernetes is becoming the new Linux: 96.4% of the top million web servers’ operating systems are Linux. Similarly, Kubernetes is trending to become the de facto operating system for modern, cloud-native applications. It is already the most popular open-source project within the Cloud Native Computing Foundation (CNCF), with 91% of respondents using it — a steady increase from 78% in 2019 and 58% in 2018.
While the technology is proven and adoption is skyrocketing, there are still some fundamental challenges that will undoubtedly be solved by third-party solutions. Let’s go deeper and look at five reasons why we’ll see a surge of startups in this space.
Docker revolutionized how developers build and ship applications. Container technology has made it easier to move applications and workloads between clouds. It also provides as much resource isolation as a traditional hypervisor, but with considerable opportunities to improve agility, efficiency and speed.
The deal, the terms of which were not disclosed, is the latest cybersecurity acquisition by Microsoft, which just last week announced that it’s buying threat intelligence startup RiskIQ. The firm also recently acquired IoT security startups CyberX and Refirm Labs as it moved to beef up its security portfolio. Security is big business for Microsoft, which made more than $10 billion in security-related revenue in 2020 — a 40% increase from the year prior.
CloudKnox, which was founded in 2015 and emerged from stealth two years later, helps organizations to enforce least-privilege principles to reduce risk and help prevent security breaches. The startup had raised $22.8 million prior to the acquisition, with backing from ClearSky, Sorenson Ventures, Dell Technologies Capital, and Foundation Capital.
The company’s activity-based authorization service will equip Azure Active Directory customers with “granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions,” according to a blog post by Joy Chik, corporate vice president of identity at Microsoft.
Chik said that while organizations were reaping the benefits of cloud adoption, particularly as they embrace flexible working models, they often struggled to assess, prevent and enforce privileged access across hybrid and multi-cloud environments.
“CloudKnox offers complete visibility into privileged access,” Chik said. “It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. This strengthens our comprehensive approach to cloud security.”
In addition to Azure Active Directory, Microsoft also plans to integrate CloudKnox with its other cloud security services including 365 Defender, Azure Defender, and Azure Sentinel.
Commenting on the deal, Balaji Parimi, CloudKnox founder and CEO, said: “By joining Microsoft, we can unlock new synergies and make it easier for our mutual customers to protect their multi-cloud and hybrid environments and strengthen their security posture.”
Welcome to the city survey of Bielefeld, Germany, part of our ongoing survey into European cities. If you’d like your city featured, just fill in this form and add your city name. Once we have enough entries from a city, we will put your city on TechCrunch!
According to local media reports, Bielefeld’s has experienced a tech boom in recent years, with accelerators like the local Founders Foundation (backed by the Bertelsmann Foundation) and Garage 33 (at the University of Paderborn) attracting a new wave of young company founders to the East Westphalia-Lippe region.
Notable startups to emerge include Semalytix, Valuedesk, Zahnarzt-Helden, StudyHelp, PartWorks and AMendate.
Unfortunately, Bielefeld suffers from the same ailment the rest of Germany is subject to: Most startups gravitate to Berlin, followed by Munich, then Hamburg (according to an initiative from UnternehmerTUM in Munich).
However, as Business Punk magazine found earlier this year, the Ostwestfalen-Lippe region in northern North Rhine-Westphalia is home to some of Germany’s biggest companies. That means startups aiding large organizations to digitize post-pandemic have ready access to some of Germany’s largest companies and institutions.
Our survey respondents pointed out that the region is strong in sectors such as B2B because of the many old-school B2B companies in the manufacturing area. There is fairly ready access to many large family offices such as Dr. Oetker, Miele, CLAAS, Schüco and Bertelsmann, so there is a lot of capital available.
Help TechCrunch find the best growth marketers for startups.
Provide a recommendation in this quick survey and we’ll share the results with everybody.
“The region has a good momentum for startups in general, [largely] because of Founders Foundation. At the same time, them being the only institutional driver leads to a certain monoculture,” said one.
Deep tech technologies are a feature of the ecosystem, but there are “almost no B2C or direct-to-consumer” startups, said another respondent.
Commenting on the investment scene in the city, survey respondents said investors have “strong bonds to the industry and Mittelstand.” However, another commented that there are “only very few local investors with NRW or OWL focus like EnjoyVenture (Technologiefonds OWL), but not much more.”
That said, companies get decent attention from “national” investors, and Founders Foundation has really boosted the scene in the region. Angels are also becoming more active, and “there is a strong business angel community in Bielefeld who have been really supportive of the new startup scene.”
Which sectors is Bielefeld’s tech ecosystem strong in? What are you most excited by? What does it lack?
We are strong in the cryptotrading ecosystem. We are most excited by the adoption of Bitcoin as a financial asset by corporates and institutions as well as the ongoing network effect and adoption by the masses. We need to add support for DeFi trading venues alongside the centralized exchanges we already support.
Which are the most interesting startups in your city?
Semalytix, Zahnarzt-Helden, Coindex and Valuedesk.
What is the tech investment scene like in Bielefeld? What’s their focus?
Since Founders Foundation started in Bielefeld in 2016 the startup scene has exploded. We joined the first accelerator and since then 24 startups have been founded and come through its programs. There is a strong business angel community in Bielefeld that has been really supportive of the new startup scene.
With the shift to remote working, do you think will people stay in Bielefeld, move out, or will people move in?
We switched completely to home office once the pandemic got underway. For us, it has worked really well and we now have three employees who work outside of Bielefeld. Everything is more flexible now.
Who are the key startup people in your city (e.g., investors, founders, lawyers, designers, etc.)?
Sebastian Borek (CEO of the Founders Foundation), Eduard R. Doerrenberg (managing director, Dr. Wolff Group).
Where do you think Bielefeld’s tech scene will be in five years?
As Bielefeld is in the heart of the German “Mittelstand”, there are huge opportunities for tech startups to help these large industries take a leap forward with technical solutions using AI, blockchain and other technologies. The city is well served by Bielefeld University, which turns out highly qualified CS graduates every year. Especially with the superb backing of the Founders Foundation, the startup ecosystem in Bielefeld has a bright future.
Which sectors is Bielefeld’s tech ecosystem strong in? What are you most excited by? What does it lack?
B2B, deep tech technologies.