FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Today — April 22nd 2021Your RSS feeds

Window Snyder’s new startup Thistle Technologies raises $2.5M seed to secure IoT devices

By Zack Whittaker

The Internet of Things has a security problem. The past decade has seen wave after wave of new internet-connected devices, from sensors through to webcams and smart home tech, often manufactured in bulk but with little — if any — consideration to security. Worse, many device manufacturers make no effort to fix security flaws, while others simply leave out the software update mechanisms needed to deliver patches altogether.

That sets up an entire swath of insecure and unpatchable devices to fail, and destined to be thrown out when they break down or are invariably hacked.

Security veteran Window Snyder thinks there is a better way. Her new startup, Thistle Technologies, is backed with $2.5 million in seed funding from True Ventures with the goal of helping IoT manufacturers reliably and securely deliver software updates to their devices.

Snyder founded Thistle last year, and named it after the flowering plant with sharp prickles designed to deter animals from eating them. “It’s a defense mechanism,” Snyder told TechCrunch, a name that’s fitting for a defensive technology company. The startup aims to help device manufacturers without the personnel or resources to integrate update mechanisms into their device’s software in order to receive security updates and better defend against security threats.

“We’re building the means so that they don’t have to do it themselves. They want to spend the time building customer-facing features anyway,” said Snyder. Prior to founding Thistle, Snyder worked in senior cybersecurity positions at Apple, Intel, and Microsoft, and also served as chief security officer at Mozilla, Square, and Fastly.

Thistle lands on the security scene at a time when IoT needs it most. Botnet operators are known to scan the internet for devices with weak default passwords and hijack their internet connections to pummel victims with floods of internet traffic, knocking entire websites and networks offline. In 2016, a record-breaking distributed denial-of-service attack launched by the Mirai botnet on internet infrastructure giant Dyn knocked some of the biggest websites — Shopify, SoundCloud, Spotify, Twitter — offline for hours. Mirai had ensnared thousands of IoT devices into its network at the time of the attack.

Other malicious hackers target IoT devices as a way to get a foot into a victim’s network, allowing them to launch attacks or plant malware from the inside.

Since device manufacturers have done little to solve their security problems among themselves, lawmakers are looking at legislating to curb some of the more egregious security mistakes made by default manufacturers, like using default — and often unchangeable — passwords and selling devices with no way to deliver security updates.

California paved the way after passing an IoT security law in 2018, with the U.K. following shortly after in 2019. The U.S. has no federal law governing basic IoT security standards.

Snyder said the push to introduce IoT cybersecurity laws could be “an easy way for folks to get into compliance” without having to hire fleets of security engineers. Having an update mechanism in place also helps to keeps the IoT devices around for longer — potentially for years longer — simply by being able to push fixes and new features.

“To build the infrastructure that’s going to allow you to continue to make those devices resilient and deliver new functionality through software, that’s an incredible opportunity for these device manufacturers. And so I’m building a security infrastructure company to support that security needs,” she said.

With the seed round in the bank, Snyder said the company is focused on hiring device and back-end engineers, product managers, and building new partnerships with device manufacturers.

Phil Black, co-founder of True Ventures — Thistle’s seed round investor — described the company as “an astute and natural next step in security technologies.” He added: “Window has so many of the qualities we look for in founders. She has deep domain expertise, is highly respected within the security community, and she’s driven by a deep passion to evolve her industry.”

Forget the piggy bank, Till Financial’s kids’ spend management app gets Gates’ backing

By Mary Ann Azevedo

Today’s children and teens want more power and control over their spending.

And while there are a number of financial services and apps out there aimed at helping this demographic save and invest money (Greenlight being among the most popular and well-known), one startup is coming at the space from another angle: helping younger people also better manage their spend.

Till Financial describes itself as a collaborative family financial tool that aims to empower kids to become smarter spenders. The New York-based company’s banking platform is designed to encourage “open and honest” discussions between parents and their kids. And it has just raised $5 million to help it advance on that goal.

A slew of investors put money in the round, including Elysian Park Ventures, Melinda Gates’ venture fund Pivotal Ventures with Magnify Ventures, Afore Capital, Luge Capital, Alpine Meridian Ventures, The Gramercy Fund, SM Ventures (the family office of the founders/CEOs of Stadium Goods) and Lightspeed Venture Partners’ Scout Fund. Also participating were angel investors such as the founders of fintech Petal, the founders of alcohol marketplace Drizly, the president of Transactis, and the president of 1800Flowers.

Part of Till’s goal is to help kids “learn by doing” and gain confidence in spending decisions. It arms them with a bank account, digital and physical debit card and goal-based savings. For example, say a teen wants to buy an iPad, they can set up an account that they can save toward that iPad and give family members (such as grandparents, for example) the opportunity to pitch in the same amount, or more. They can also set up recurring payments for things like Netflix or Spotify subscriptions so they can get a taste of what it’s like to pay regular bills.

“Parents and the current banking options miss the point when they just focus on savings. We need to first prepare kids to be Smarter Spenders, supported by savings and investing,” said Taylor Burton, who founded the company with Tom Pincince. “On Till, kids learn to spend with intention and purpose, while parents gain confidence and trust based on transparency and accountability.”

To Pincince, the market is clearly underserved.

“The legacy banks really don’t care about this young person and the early digital players are really missing the mark,” he said. 

And despite the plethora of apps targeting the demographic, Pincince believes there’s plenty of room for the right players.

“The reality is you’re talking about a swath of kids under the age of 18 and over the age of eight that is the single largest unbanked population,” he said. “We’re not fighting to be the top of your son’s wallet. We’re fighting to be the first product into that wallet.”

Indeed, it’s a big market — the average middle-class family in the U.S. spends $284,570 per child by the time they turn 18.

The platform is free to all families and, early on, attracted the attention of Peggy Mangot, operating partner/COO of PayPal Ventures. She invested personally in Till in its pre-seed rounds. Prior to PayPal, Mangot ran development of Greenhouse, Well Fargo’s fee-free mobile banking app that aimed to help younger users build responsible spending habits.

Mangot has three kids and recalls that when they were shopping online, she’d give them her credit card. Or, if they were going to the corner store or meeting with friends, she’d give them cash.

“But that way, the money is meaningless to them. They didn’t really know how to understand what things cost and there was no sense of ownership,” she said. “It was just me handing over cash or a card.”

What attracted her the most about Till, Mangot said, was the team’s approach to treat younger people “with respect and agency.”

She also believes that by helping children and teens understand important financial lessons at a younger age, the world will ultimately be full of more responsible adults.

“By putting these tools in the hands of these young people early, they’ll have years and years of experience before they’re more independent and have to manage their paycheck and bills,” Mangot told TechCrunch. “Once you have mass adoption, it’s going to create a much more financially literate, confident and in control set of young adults than we’ve ever had.”

Besides making money on interchange fees, Till aims to earn revenue by partnering with merchants to offer rewards to users. It also plans to earn referral fees by referring the teens to other financial institutions when they get older and have different needs.

“It’s not our intention to be your son or daughter’s forever bank. It’s our intention to be the first bank,” Pincince said. “So, they hit the age of maturity, we’re actually giving them a high-five off of our platform and introducing them to maybe their first college loan or their first credit card.”

Will Budweiser brew eggs and will Post cereal make meat?

By Jonathan Shieber

Corporations are quickly waking up to the market potential of alternative proteins with the nation’s biggest consumer brands continuing to make investments and create partnerships with startup companies helping consumers transition to healthier and more environmentally sustainable diets.

As Earth Week draws to a close (thankfully) new partnerships announced over the past week show the potential for new technologies to transform old businesses.

Yesterday the New York-based ZX Ventures, the investment and innovation arm of AB InBev, said that it would be partnering with Clara Foods, a developer of protein production technologies including (but not limited to), brewing egg substitutes. That’s right, the makers of Budweiser are hatching a scheme to make other kinds of liquids that are less potable and more poachable.

In that case, the yolk would definitely be on you, future consumer.

“Since day one, Clara has been on a mission to accelerate the world’s transition to animal-free protein, starting with the egg. More than one trillion eggs are consumed globally every year and corporate commitments for cage-free aren’t enough,” said Arturo Elizondo, the chief executive and co-founder of Clara Foods. “We’re thrilled to be partnering with the world’s largest fermentation company to work together to enable a kinder, greener, and more delicious future. This partnership is a major step towards realizing our vision.”

Graph showing the increasing size of investments into alternative proteins in 2020. From 2019 to 2020 investments in alternative proteins soared from just over $1 billion to $3 billion led by investments in plant protein products. Image Credit: Good Food Institute

There are market-driven reasons for the partnership. Demand for high quality proteins is expected to jump up to 98% by 2050, according to research cited by the two companies.

“Meeting the increased demand for food requires breakthrough solutions built on collaboration and innovation that spans several industry domains – both old and new. The ancient and natural process of fermentation can be further harnessed to help meet future demands in our global food system,” said Patrick O’Riordan, founder & CEO at BioBrew, ZX Ventures’ new business line trying to apply large-scale fermentation and downstream processing expertise beyond beer. “We look forward to exploring the development of highly-functional, animal-free egg proteins with Clara Foods in a scalable, sustainable and economically viable manner.”

Meanwhile, there’s a meeting of the minds happening in St. Louis where cereal giant Post is investing in Hungry Planet, a startup making meat a range of meat replacements.

Formed from the same Seventh Day Adventist focus on plant-based diet and health as a core of spirituality that launched the Kellogg’s cereal empire, Post has long been a rival to the corn flake king with its grape nuts cereal and other grain-based breakfast offerings.

Now the company has led a $25 million investment in Hungry Planet, which aims to provide meat-based replacements for crab cakes, lamb burgers, chicken, pork, and beef. Additional investors included the Singapore-based environmentally sustainable holding company, Trirec.

Alternative proteins are a big business. Last year, companies developing technologies and businesses to commercialize alternative sources of protein raised over $3 billion, according to the industry tracker, the Good Food Institute.

“Over the past year, the alternative protein industry has demonstrated not only resilience but acceleration, raising significantly more investment capital in 2020 than in prior years,” said GFI director of corporate engagement Caroline Bushnell, in a statement. “These capital infusions and the funding still to come will facilitate much-needed R&D and capacity building to enable these companies to scale and reach more consumers with delicious, affordable, and accessible alternative protein products.”

It’s all part of a push to provide more plant-based alternatives to animal proteins in a bid to halt planetary deforestation and reduce the greenhouse gas emissions associated with animal husbandry.

“Humanity needs solutions that match the scale and urgency of our problems,” said Elizondo. “

Before yesterdayYour RSS feeds

Uber hit with default ‘robo-firing’ ruling after another EU labor rights GDPR challenge

By Natasha Lomas

Labor activists challenging Uber over what they allege are ‘robo-firings’ of drivers in Europe have trumpeted winning a default judgement in the Netherlands — where the Court of Amsterdam ordered the ride-hailing giant to reinstate six drivers who the litigants claim were unfairly terminated “by algorithmic means”.

The court also ordered Uber to pay the fired drivers compensation.

The challenge references Article 22 of the European Union’s General Data Protection Regulation (GDPR) — which provides protects for individuals against purely automated decisions with a legal or significant impact.

The activists say this is the first time a court has ordered the overturning of an automated decision to dismiss workers from employment.

However the judgement, which was issued on February 24, was issued by default — and Uber says it was not aware of the case until last week, claiming that was why it did not contest it (nor, indeed, comply with the order).

It had until March 29 to do so, per the litigants, who are being supported by the App Drivers & Couriers Union (ADCU) and Worker Info Exchange (WIE).

Uber argues the default judgement was not correctly served and says it is now making an application to set the default ruling aside and have its case heard “on the basis that the correct procedure was not followed”.

It envisages the hearing taking place within four weeks of its Dutch entity, Uber BV, being made aware of the judgement — which it says occurred on April 8.

“Uber only became aware of this default judgement last week, due to representatives for the ADCU not following proper legal procedure,” an Uber spokesperson told TechCrunch.

A spokesperson for WIE denied that correct procedure was not followed but welcomed the opportunity for Uber to respond to questions over how its driver ID systems operate in court, adding: “They [Uber] are out of time. But we’d be happy to see them in court. They will need to show meaningful human intervention and provide transparency.”

Uber pointed to a separate judgement by the Amsterdam Court last month — which rejected another ADCU- and WIE-backed challenge to Uber’s anti-fraud systems, with the court accepting its explanation that algorithmic tools are mere aids to human ‘anti-fraud’ teams who it said take all decisions on terminations.

“With no knowledge of the case, the Court handed down a default judgement in our absence, which was automatic and not considered. Only weeks later, the very same Court found comprehensively in Uber’s favour on similar issues in a separate case. We will now contest this judgement,” Uber’s spokesperson added.

However WIE said this default judgement ‘robo-firing’ challenge specifically targets Uber’s Hybrid Real Time ID System — a system that incorporates facial recognition checks and which labor activists recently found mis-identifying drivers in a number of instances.

It also pointed to a separate development this week in the UK where it said the City of London Magistrates Court ordered the city’s transport regulator, TfL, to reinstate the licence of one of the drivers revoked after Uber routinely notified it of a dismissal (also triggered by Uber’s real time ID system, per WIE).

Reached for comment on that, a TfL spokesperson said: “The safety of the travelling public is our top priority and where we are notified of cases of driver identity fraud, we take immediate licensing action so that passenger safety is not compromised. We always require the evidence behind an operator’s decision to dismiss a driver and review it along with any other relevant information as part of any decision to revoke a licence. All drivers have the right to appeal a decision to remove a licence through the Magistrates’ Court.”

The regulator has been applying pressure to Uber since 2017 when it took the (shocking to Uber) decision to revoke the company’s licence to operate — citing safety and corporate governance concerns.

Since then Uber has been able to continue to operate in the UK capital but the company remains under pressure to comply with a laundry list of requirements set by TfL as it tries to regain a full operator licence.

Commenting on the default Dutch judgement on the Uber driver terminations in a statement, James Farrar, director of WIE, accused gig platforms of “hiding management control in algorithms”.

“For the Uber drivers robbed of their jobs and livelihoods this has been a dystopian nightmare come true,” he said. “They were publicly accused of ‘fraudulent activity’ on the back of poorly governed use of bad technology. This case is a wake-up call for lawmakers about the abuse of surveillance technology now proliferating in the gig economy. In the aftermath of the recent UK Supreme Court ruling on worker rights gig economy platforms are hiding management control in algorithms. This is misclassification 2.0.”

In another supporting statement, Yaseen Aslam, president of the ADCU, added: “I am deeply concerned about the complicit role Transport for London has played in this catastrophe. They have encouraged Uber to introduce surveillance technology as a price for keeping their operator’s license and the result has been devastating for a TfL licensed workforce that is 94% BAME. The Mayor of London must step in and guarantee the rights and freedoms of Uber drivers licensed under his administration.”  

When pressed on the driver termination challenge being specifically targeted at its Hybrid Real-Time ID system, Uber declined to comment in greater detail — claiming the case is “now a live court case again”.

But its spokesman suggested it will seek to apply the same defence against the earlier ‘robo-firing’ charge — when it argued its anti-fraud systems do not equate to automated decision making under EU law because “meaningful human involvement [is] involved in decisions of this nature”.

 

FBI launches operation to remove backdoors from hacked Microsoft Exchange servers

By Zack Whittaker

A court in Houston has authorized an FBI operation to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers in the United States, months after hackers used four previously undiscovered vulnerabilities to attack thousands of networks.

The Justice Department announced the operation on Tuesday, which it described as “successful.”

In March, Microsoft discovered a new China state-sponsored hacking group — Hafnium — targeting Exchange servers run from company networks. The four vulnerabilities when chained together allowed the hackers to break into a vulnerable Exchange server and steal its contents. Microsoft fixed the vulnerabilities but the patches did not close the backdoors from the servers that had already been breached. Within days, other hacking groups began hitting vulnerable servers with the same flaws to deploy ransomware.

The number of infected servers dropped as patches were applied. But hundreds of Exchange servers remained vulnerable because the backdoors are difficult to find and eliminate, the Justice Department said in a statement.

“This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks,” the statement said. “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).”

The FBI said it’s attempting to inform owners via email of servers from which it removed the backdoors.

Assistant attorney general John C. Demers said the operation “demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions.”

The Justice Department also said the operation only removed the backdoors, but did not patch the vulnerabilities exploited by the hackers to begin with or remove any malware left behind.

It’s believed this is the first known case of the FBI effectively cleaning up private networks following a cyberattack. In 2016, the Supreme Court moved to allow U.S. judges to issue search and seizure warrants outside of their district. Critics opposed the move at the time, fearing the FBI could ask a friendly court to authorized cyber-operations for anywhere in the world.

Other countries, like France, have used similar powers before to hijack a botnet and remotely shutting it down.

Neither the FBI nor the Justice Department commented by press time.

Clim8 raises $8M from 7pc Ventures, launches climate-focused investing app for retail investors

By Mike Butcher

Ethical investing remains something of a confusing maze, with a great deal of ‘greenwashing’ going on. A new UK startup is hoping to fix that with the launch of its new app and platform for retail investors.

Clim8 Invest has raised $8 million from 7pc Ventures (early backers of Oculus, acquired by Facebook),  British Business Bank Future Fund and a numbers of technology entrepreneurs and executives including Marcus Exall (Monese), Marcus Mosen (N26),  Paul Willmott (Lego Digital, McKinsey), Doug Scott (Redbrain), Matt Wilkins (Thought Machine), Andrew Cocker (Skyscanner), Steve Thomson (Redbrain), Monica Kalia (Neyber, Goldman Sachs), Doug Monro (Adzuna), Erik Nygard (Limejump).

Consumers will be able to invest in companies and supply chains that are focused on tackling climate change. It will be competing with similar startups in the space such as London-based Tickr (backed by $3m from Ada Ventures), Helios in Paris, and Yova in Zurich.

Duncan Grierson, CEO of Clim8 said in a statement: “We are launching at an exciting time for sustainable investing. 2020 was an exceptional year for environmentally-focused investment offerings, as investors looked harder at climate-related opportunities. Sustainable investments have continued to outperform markets since the beginning of the Covid-19 Crisis and we believe this will continue.”

Grierson has 20 years of experience in the green space and was a winner of the EY Entrepreneur of Year Cleantech award.

The startup will take advantage of new, higher EU rules around the disclosure requirements for sustainable investment funds. Users can choose between either stocks and shares ISAs (up to £20k) or a taxable general investment account.

Austin’s newest unicorn: The Zebra raises $150M after doubling revenue in 2020

By Mary Ann Azevedo

The Zebra, an Austin-based company that operates an insurance comparison site, has raised $150 million in a Series D round that propels it into unicorn territory.

Both the round size and valuation are a substantial bump from the $38.5 million Series C that Austin-based The Zebra raised in February of 2020. (The company would not disclose its valuation at that time, saying now only that its new valuation of over $1 billion is a “nice step up.”)

The Zebra also would not disclose the name of the firm that led its Series D round, but sources familiar with the deal said it was London-based Hedosophia. Existing backers Weatherford Capital and Accel also participated in the funding event.

The round size also is bigger than all of The Zebra’s prior rounds combined, bringing the company’s total raised to $261.5 million since its 2012 inception. Previous backers also include Silverton Partners, Ballast Point Ventures, Daher Capital, Floodgate Fund, The Zebra CEO Keith Melnick, KDT and others. 

According to Melnick, the round was all primary, and included no debt or secondary.

The Zebra started out as a site for people looking for auto insurance via its real-time quote comparison tool. The company partners with the top 10 auto insurance carriers in the U.S. Over time, it’s also “naturally” evolved to offer homeowners insurance with the goal of eventually branching out into renters and life insurance. It recently launched a dedicated home and auto bundled product, although much of its recent growth still revolves around its core auto offering, according to Melnick.

Like many other financial services companies, The Zebra has benefited from the big consumer shift to digital services since the beginning of the COVID-19 pandemic.

And we know this because the company is one of the few that are refreshingly open about their financials. The Zebra doubled its net revenue in 2020 to $79 million compared to $37 million in 2019, according to Melnick, who is former president of travel metasearch engine Kayak. March marked the company’s highest-performing month ever, he said, with revenue totaling $12.5 million — putting the company on track to achieve an annual run rate of $150 million this year. For some context, that’s up from $8 million in September of 2020 and $6 million in May of 2020.

Also, its revenue per applicant has grown at a clip of 100% year over year, according to Melnick. And The Zebra has increased its headcount to over 325, compared to about 200 in early 2020.

“We’ve definitely improved our relationships with carriers and seen more carrier participation as they continue to embrace our model,” Melnick said. “And we’ve leaned more into brand marketing efforts.”

The Zebra CEO Keith Melnick. Image courtesy of The Zebra

The company was even profitable for a couple of months last year, somewhat “unintentionally,” according to Melnick.

“We’re not highly unprofitable or burning through money like crazy,” he told TechCrunch. “This new raise wasn’t to fund operations. It’s more about accelerating growth and some of our product plans. We’re pulling forward things that were planned for later in time. We still had a nice chunk of money sitting on our balance sheet.”

The company also plans to use its new capital to do more hiring and focus strongly on continuing to build The Zebra’s brand, according to Melnick. Some of the things the company is planning include a national advertising campaign and adding tools and information so it can serve as an “insurance advisor,” and not just a site that refers people to carriers. It’s also planning to create more “personalized experiences and results” via machine learning.

“We are accelerating our efforts to make The Zebra a household name,” Melnick said. “And we want a deeper connection with our users.” It also aims to be there for a consumer through their lifecycle — as they move from being renters to homeowners, for example.

And while an IPO is not out of the question, he emphasizes that it’s not the company’s main objective at this time.

“I definitely try not to get locked on to a particular exit strategy. I just want to make sure we continue to build the best company we can. And then, I think the exit will make itself apparent,” Melnick said. “I’m not blind and am very aware that public market valuations are strong right now and that may be the right decision for us, but for now, that’s not the ultimate goal for me.”

To the CEO, there’s still plenty of runway.

“This is a big milestone, but I do feel like for us that this is just the beginning,” he said. “We’ve just scratched the surface of it.”

Early investor Mark Cuban believes the company is at an inflection point.

” ‘Startup’ isn’t the right word anymore,” he said in a written statement. “The Zebra is a full fledged tech company that is taking on – and solving – some of the biggest challenges in the $638B insurance industry.”

Accel Partner John Locke said the firm has tripled down on its investment in The Zebra because of its confidence in not only what the company is doing but also its potential.

“In an increasingly noisy insurance landscape that includes insurtechs and traditional carriers, giving consumers the ability to compare everything in one place is is more and more valuable,” he told TechCrunch. “I think The Zebra has really seized the mantle of becoming the go-to site for people to compare insurance and then that’s showing up in the numbers, referral traffic and fundraise interest.”

Nigerian fintech Appzone raises $10M for expansion and proprietary technology

By Tage Kene-Okafor

Africa’s fintech space has gained proper attention over the past few years in investments but it is not news that startups still battle with offering high-quality products. However, they seem to be doing quite well compared with traditional banks that face challenges like legacy cost structures and a major lack of operational efficiency.

Appzone is a fintech software provider. It is one of the few companies that builds proprietary solutions for these financial institutions and their banking and payments services. Today, the company is announcing that it has closed $10 million in Series A investment.

Typically, African financial institutions rely on using foreign technology solutions to solve their problems. But issues around pricing, flexibility to innovate, and a lack of local tech support always come up. This is where Appzone has found its sweet spot. The company based in Lagos, Nigeria, was founded by Emeka Emetarom, Obi Emetarom, and Wale Onawunmi in 2008.

Appzone clearly plays a different game from other African fintechs. One clear differentiator is that the company functions as an enabler (at payment rails and the core infrastructure) within banking and payments.

It commenced as a services firm to provide commercial banks with custom software development services. In 2011, the company launched its first core banking product targeting microfinance institutions. The following year, Appzone launched its first product (branchless banking) for commercial banks. It went live with its mobile and internet banking service in 2016 and launched an instant card issuance product in 2017. In 2020, the company launched services catered to end-to-end automation of lending operations for banks and blockchain switching.

“We started Appzone with the intention to build out innovative local solutions for banking and payments on the continent,” CEO Obi Emetarom told TechCrunch. “The focus was to leverage our ability as an enabler to create proprietary technology for both segments.”

Appzone

Image Credits: Appzone

Appzone platforms are used by 18 commercial banks and over 450 microfinance banks in Africa. Together, they amass a yearly transaction value and yearly loan disbursement of $2 billion and $300million.

Since its inception, the Google for Startups Accelerator alumnus claims to have led Africa’s fintech sector in some global firsts from the continent. First, the company says it created the world’s first decentralised payment processing network. Second, the first core banking and omnichannel software on the cloud. Third, the first multi-bank direct debit service based on single global mandates.

Emetarom likes to describe Appzone as a fintech product ecosystem with an emphasis on proprietary technology. So far, we’ve touched on two layers of this ecosystem—the digital core banking service providing software that runs financial institutions’ entire operations and interbank processing, which integrates these institutions into a decentralized network powered by blockchain.

Coinciding with this investment is the introduction and scaling of a third layer that focuses on end-user applications. Appzone, having built both banking and fintech layers, wants to connect individuals and businesses to their services. This is where most new-age fintech startups operate, and although Appzone is coming late to the party, it has a bit of an edge, the CEO believes.

“Most of these companies operating in end-user applications have to depend on services from core banking and interbank processing to be able to get their own offerings out there. For us, I think we have an advantage in terms of costs and flexibility because we are already operating in both layers,” Emeratom said in relation to what he thinks of competition.

The company is coming out to blitz scale its products and services after working in stealth mode for more than a decade. One way it wants to carry this out will be to take its pan-African expansion sternly even though a large part of its 450 clients are based in Nigeria. Other countries with a presence include the Democratic Republic of Congo, Ghana, Gambia, Guinea, Tanzania, and Senegal. Before now, Appzone lacked the resources to push into these markets aggressively even though they showed promise. But having closed its Series A, the plan is to drive growth in these countries and expand across more African countries.

Another means Appzone plans to achieve scale is by growing its engineering team — a department it takes pride in. These engineers make up half of Appzone’s 150 employees and there are plans to double down on this number. Like most Nigerian startups these days, Appzone is big on senior engineers. Still, while it might present a problem to other companies, Emetarom says the company has no issue training promising junior talent to grow in expertise.

“Our proprietary tech allows us to innovate at a fraction of a cost, and they are built by essentially the best local talent available. Because those systems are really complex and the level of innovation required is on another level, we literally seek out the to 1% of talent in Nigeria,” he remarked.We know that even though the expertise isn’t there, we can accelerate acquiring that expertise when we train the very best talents. The more we train our engineers, the faster they grow in terms of expertise, and they will be able to deliver at the same level of world-class quality we expect.

Appzone

Obi Emetarom (Co-founder and CEO, Appzone)

Back to the round, a noteworthy event is that most investors who took part are based in Nigeria despite its size. CardinalStone Capital Advisers, a Lagos-based investment firm, led the Series A investment. Other investors based in the country include V8 Capital, Constant Capital, and Itanna Capital Ventures. New York-based but Africa-focused firm Lateral Investment Partners also participated.

Before now, Appzone closed a $2 million from South African Business Connexion (BCX) in 2014. Four years later, it raised $2.5 million in convertible debt and bought back shares from BCX in the process. But overall, the company says it has raised $15 million in equity funding.

Speaking on the investment, Yomi Jemibewon, the co-founder and managing director of Cardinal Stone Capital Advisers, said the firm’s investment in Appzone is further proof of Africa’s potential as the future hub of world-class technology.

“Appzone is building a disruptive fintech ecosystem that will be the backbone of Africa’s finance industry with products across payments, infrastructure and software as a service. The impact of Appzone’s work is multifold — the company’s products deepen financial inclusion across the continent whilst providing best-fit and low-cost solutions to financial institutions. Its emphasis on premium talent also helps stem brain drain, rewarding Africa’s best brains with best in class employment opportunities,” he added.

Appzone’s funding continues the fast-paced investment activities witnessed by Africa’s fintech space after a slow January. In the last two months, more than eight fintech startups have secured million-dollar rounds. This includes very large rounds by South African digital bank TymeBank ($109 million) in February and African payments company, Flutterwave ($170 million) in March.

Facebook takes down 16,000 groups trading fake reviews after another poke by UK’s CMA

By Natasha Lomas

Facebook has removed 16,000 groups that were trading fake reviews on its platform after another intervention by the UK’s Competition and Markets Authority (CMA), the regulator said today.

The CMA has been leaning on tech giants to prevent their platforms being used as thriving marketplaces for selling fake reviews since it began investigating the issue in 2018 — pressuring both eBay and Facebook to act against fake review sellers back in 2019.

The two companies pledged to do more to tackle the insidious trade last year, after coming under further pressure from the regulator — which found that Facebook-owned Instagram was also a thriving hub of fake review trades.

The latest intervention by the CMA looks considerably more substantial than last year’s action — when Facebook removed a mere 188 groups and disabled 24 user accounts. Although it’s not clear how many accounts the tech giant has banned and/or suspended this time it has removed orders of magnitude more groups. (We’ve asked.)

Facebook was contacted with questions but it did not answer what we asked directly, sending us this statement instead:

“We have engaged extensively with the CMA to address this issue. Fraudulent and deceptive activity is not allowed on our platforms, including offering or trading fake reviews. Our safety and security teams are continually working to help prevent these practices.”

Since the CMA has been raising the issue of fake review trading, Facebook has been repeatedly criticised for not doing enough to clean up its platforms, plural.

Today the regulator said the social media giant has made further changes to the systems it uses for “identifying, removing and preventing the trading of fake and/or misleading reviews on its platforms to ensure it is fulfilling its previous commitments”.

It’s not clear why it’s taken Facebook well over a year — and a number of high profile interventions — to dial up action against the trade in fake reviews. But the company suggested that the resources it has available to tackle the problem had been strained as a result of the COVID-19 pandemic and associated impacts, such as home working. (Facebook’s full year revenue increased in 2020 but so too did its expenses.)

According to the CMA changes Facebook has made to its system for combating traders of fake reviews include:

  • suspending or banning users who are repeatedly creating Facebook groups and Instagram profiles that promote, encourage or facilitate fake and misleading reviews
  • introducing new automated processes that will improve the detection and removal of this content
  • making it harder for people to use Facebook’s search tools to find fake and misleading review groups and profiles on Facebook and Instagram
  • putting in place dedicated processes to make sure that these changes continue to work effectively and stop the problems from reappearing

Again it’s not clear why Facebook would not have already been suspending or banning repeat offenders — at least, not if it was actually taking good faith action to genuinely quash the problem, rather than seeing if it could get away with doing the bare minimum.

Commenting in a statement, Andrea Coscelli, chief executive of the CMA, essentially makes that point, saying: “Facebook has a duty to do all it can to stop the trading of such content on its platforms. After we intervened again, the company made significant changes — but it is disappointing it has taken them over a year to fix these issues.”

“We will continue to keep a close eye on Facebook, including its Instagram business. Should we find it is failing to honour its commitments, we will not hesitate to take further action,” Coscelli added.

A quick search on Facebook’s platform for UK groups trading in fake reviews appears to return fewer obviously dubious results than when we’ve checked in on this problem in 2019 and 2020. Although the results that were returned included a number of private groups so it was not immediately possible to verify what content is being solicited from members.

We did also find a number of Facebook groups offering Amazon reviews intended for other European markets, such as France and Spain (and in one public group aimed at Amazon Spain we found someone offering a “fee” via PayPal for a review; see below screengrab) — suggesting Facebook isn’t applying the same level of attention to tackling fake reviews that are being traded by users in markets where it’s faced fewer regulatory pokes than it has in the UK.

Screengrab: TechCrunch

Education nonprofit Edraak ignored a student data leak for two months

By Zack Whittaker

Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake.

The non-profit, founded by Jordan’s Queen Rania and headquartered in the kingdom’s capital, was set up in 2013 to promote education across the Arab region. The organization works with several partners, including the British Council and edX, a consortium set up by Harvard, Stanford, and MIT.

In February, researchers at U.K. cybersecurity firm TurgenSec found one of Edraak’s cloud storage servers containing at least tens of thousands of students’ data, including spreadsheets with students’ names, email addresses, gender, birth year, country of nationality, and some class grades.

TurgenSec, which runs Breaches.UK, a site for disclosing security incidents, alerted Edraak to the security lapse. A week later, their email was acknowledged by the organization but the data continued to spill. Emails seen by TechCrunch show the researchers tried to alert others who worked at the organization via LinkedIn requests, and its partners, including the British Council.

Two months passed and the server remained open. At its request, TechCrunch contacted Edraak, which closed the servers a few hours later.

In an email this week, Edraak chief executive Sherif Halawa told TechCrunch that the storage server was “meant to be publicly accessible, and to host public course content assets, such as course images, videos, and educational files,” but that “student data is never intentionally placed in this bucket.”

“Due to an unfortunate configuration bug, however, some academic data and student information exports were accidentally placed in the bucket,” Halawa confirmed.

“Unfortunately our initial scan did not locate the misplaced data that made it there accidentally. We attributed the elements in the Breaches.UK email to regular student uploads. We have now located these misplaced reports today and addressed the issue,” Halawa said.

The server is now closed off to public access.

It’s not clear why Edraak ignored the researchers’ initial email, which disclosed the location of the unprotected server, or why the organization’s response was not to ask for more details. When reached, British Council spokesperson Catherine Bowden said the organization received an email from TurgenSec but mistook it for a phishing email.

Edraak’s CEO Halawa said that the organization had already begun notifying affected students about the incident, and put out a blog post on Thursday.

Last year, TurgenSec found an unencrypted customer database belonging to U.K. internet provider Virgin Media that was left online by mistake, containing records linking some customers to adult and explicit websites.

More from TechCrunch:


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

Private chef parties at home startup Yhangry raises $1.5M seed from VC angels and Ollie Locke

By Mike Butcher

There’s an “uber for everything” these days and now there are “Ubers for personal chefs”. Just take a look at PopTop or 100 Pleats for instance. Now in London, there is Yhangry (which brands itself as the appropriately shouty YHANGRY). This is a “private chef parties at home” website, and no doubt an app at some point. The startup has now raised a $1.5 million seed round from a number of notable UK angels which also includes a few UK VCs for good measure, as well as ‘Made In Chelsea’ TV star Ollie Locke.

Founders Heinin Zhang and Siddhi Mittal created the startup before the pandemic, which lets people order a made-to-measure dinner party online. Although it trundled along until Covid, it had to pivot into virtual chef classes during lockdowns last year and this. The company is now poised to take advantage of London’s unlocking, which will see legal outdoor and indoor dining return.

The startup also speaks to the decentralization of experiences going on in the wake of the pandemic. In 2019 we were working out in gyms and going to restaurants. In 2021 we are working out at home and bringing the restaurant to us.

Normally booking private dinner parties involves a lot of hassle. The idea here is that Yhangry makes the whole affair as easy to order as an Uber Eats or Deliveroo.

Investors in the Seed round include Carmen Rico (Blossom Capital), Eileen Burbidge (Passion Capital), Orson Stadler (Antler) and Martin Mignot (Index Ventures), Made In Chelsea star Ollie Locke, plus fellow tech founders including Jack Tang (Urban), Adnan Ebrahim (MindLabs), Alex Fitzgerald (Cuckoo Internet), Georgina Kirby (Vinehealth) and Deepali Nangia (Alma Angels). Yhangry’s statement said all the investors are also keen customers. I bet they are.

Co-founder Mittal said in a statement: “By making private chef experiences more accessible and affordable, our customers regularly tell us they are finally able to catch up with friends at home… 70% of our customers have never had a private chef before and for them, the freedom and flexibility to curate their own evening is priceless.”

Yhangry now has 130 chefs on its books. Chefs have to pass a cooking trial and adhere to Covid rules. The funding will be used to double the size of the startup’s team.

The menus start at £17pp for six people. The price of the booking covers everything, including the cost of the fresh ingredients, but customers can add extras, such as wine etc. Since its launch in December 2019, the firm says it has served more than 7,000 Londoners.

Yhangry says it will enter key European markets, such as Paris, Berlin, Lisbon and Barcelona.

How will Yhangry survive post-Covid, with restaurants/bars opening up again?

Mittal said: “When restaurants were open between our launch and March 2020, we saw demand because people want to be able to spend time with their friends in a relaxed setting, and aren’t limited to the two-hour slot you get in a restaurant. Once places start to open up again, we believe Yhangry will follow this trend of at-home dining and socializing – not to mention for people who are not ready yet to go out to a busy pub or restaurant.”

Egypt’s Paymob closes $18.5M Series A to expand payments services across MENA

By Tage Kene-Okafor

While Nigeria and Kenya have been at the forefront of African fintech innovation, activities in Egypt are beginning to shape up nicely. Right now, Egypt is home to a burgeoning fintech startup ecosystem, and today, one of its biggest players, Paymob announced that it has completed an $18.5 million Series A round.

In July 2020, Paymob raised $3.5 million as its first tranche of Series A investment. An additional $15 million was raised from the same investors led by Dubai-based VC firm Global Ventures. Other investors include Egyptian investment fund A15 and Dutch development bank FMO.

The total raise of $18.5 million is the largest Series A round in Egypt yet and one of the largest equity rounds in North Africa.

“We are delighted to lead this momentous fintech fundraise in the region. Paymob has a perfect combination of high-quality technology, product customers increasingly cannot do without, and an outstanding management team, “Basil Moftah, general partner at Global Ventures, said of the investment.Their market opportunity is also huge; Egypt’s transformation to a cashless society is being enabled by the unique products Paymob has built.” 

Paymob was founded in 2015 by Alain El Hajj, Islam Shawky, and Mostafa El Menessy. The platform helps online and offline merchants to accept payments from their customers via several products and solutions. It offers a payment gateway that merchants can plugin into their sites or mobile application using its APIs. For offline merchants, Paymob has a POS solution where they can receive in-store card payments.

The company also has a payment links feature where merchants share links with their customers to receive payments that are received using mobile wallets. And according to the company, 85% of mobile wallets transactions carried out in Egypt is processed by its infrastructure. It also claims to be the largest payment facilitator in the country.

Asides from Egypt, Paymob is also present in Kenya, Pakistan, and Palestine. CEO Shawky says the company has plans to expand into more Sub-Saharan African countries. However, that will come after focusing on the Gulf Cooperation Council (GCC) to gain a large market share.

Regional expansion (with an imminent entry into Saudi Arabia this year) is one of Paymob’s objectives following this raise. Per a statement released by the company, it will also use the investments to expand its merchant network, meet increasing demand, and improve product offerings.

The pandemic presented one of the best opportunities for fintechs all over the world to achieve massive growth. For Paymob, it claims to have grown its monthly revenue over 5x last year. The company also recorded a total payment volume of more than $5 billion from over 35,000 local and international merchants like Swvl, LG, Breadfast, and Tradeline

This growth allowed the fintech company to raise the second tranche of investment after closing just $3.5 million initially. Shawky told TechCrunch that the deal materialized after the company’s investors and management witnessed an “unprecedented growth” driven by the pandemic “in addition to the new initiatives launched by regulators, which encouraged them to increase their investment to meet our increasing demand

As earlier iterated, fintech is on the rise in Egypt with startups like Moneyfellows, NowPay, Raseedi, Flick providing lending, payments, wealth and personal finance management services, etc.

The Egyptian fintech ecosystem also got a major boost when incumbent fintech Fawry became a publicly-traded unicorn for the first time. Since launching in 2007, Fawry has been the largest online payment platform in the country and offers a variety of services ranging from mobile wallet to banking services. Will Fawry’s longstanding presence pose a challenge to Paymob’s quest to become a dominant fintech as well? Shawky doesn’t think so.

“Paymob’s major competitor is cash. With only a small percentage of the economy operating in digital forms, we believe the opportunity of truly transforming cash into digital is yet to be unlocked,” he said.

That said, the raise follows the launch of two funds — Algebra Ventures and Sawari Ventures in what can be described as an exciting week for startups and VCs in the country.

TrueLayer raises $70M for its open banking platform

By Steve O'Hear

TrueLayer, the London startup that offers a developer-friendly platform for companies, including other fintechs, to utilise open banking, is disclosing $70 million in new funding.

The Series D round is led by new investor Addition. Existing investors, including Anthemis Group, Connect Ventures, Mouro Capital, Northzone and Temasek, also participated. New investors include Visionaries Club, Zack Kanter (CEO Stedi), Daniel Graf (ex-Uber, Google, Twitter) and David Avgi (ex-CEO SafeCharge, CEO UniPaaS).

TrueLayer says the Series D brings the total investment to date to $142 million. The injection of capital will be used to continue scaling its open banking network, which brings together payments, financial data and identity to enable companies to build new products that improve “how we spend, save, and transact online”.

This will include further development of premium open banking-based services that go beyond simply accessing open banking APIs and will enable more innovation across financial services, including embedded finance and payments more generally.

To do this, and to support what it says is growing demand, TrueLayer is expanding its engineering, product and commercial teams. In the past 12 months, the fintech has expanded its services across 12 European markets.

Over the years, TrueLayer CEO and co-founder Francesco Simoneschi and I have often pontificated on what open banking’s killer use case or use cases may turn out to be. We may finally have our answer: payments.

That’s because one aspect of open banking is payment initiation, which lets an authorised third party initiate the transfer of money out of your bank account on your behalf as an alternative to card payments, which were never built with online payments in mind.

“We believe open banking payments will become the default way to pay online, replacing other payment methods in the next five years,” says Simoneschi. “Open banking is digitally native and mobile-first, moving money at a fraction of the cost, securely and conveniently, while also delivering a vastly better consumer experience”.

The past year has also exposed some of the problems with existing payments methods, as people have turned to digital channels to manage every aspect of their lives. “The problem is cards,” says the TrueLayer CEO, “which weren’t designed for online and have been retrofitted into current online payment flows. Newer digital approaches such as Google Pay or Apple Pay paper over those cracks but don’t change the fundamentals”.

Simoneschi says the company has seen the use of its payments API grow rapidly as more consumers embrace instant bank payments. Volumes grew by 600x over the last year, driven by more and more companies adopting open banking payments, including the likes of Revolut, Trading 212, Freetrade and Nutmeg.

“We typically see that 1 in 3 customers choose the open banking payment option after trying it once,” he notes, revealing that for some clients, closer to 70% of their customers are using open banking as the primary payment method.

“There are a number of reasons why it makes sense for customers. For one, they don’t need to remember card details. Instead, they authenticate with their face or fingerprint on their mobile device, instantly and securely. Plus, they’ll never need to update stored details if their card is lost, stolen or expires”.

Open banking payments as a checkout option benefits merchants too, argues Simoneschi. “These payments typically convert 20% better than cards (and up to 40% with our flows) and have success rates higher than 95%, equating to millions or hundreds of millions in recovered revenue at the end of the year,” adds the TrueLayer co-founder.

How founders can avoid blind spots and make better decisions with EchoVC’s Eghosa Omoigui

By Kirsten Korosec

Building and maintaining a successful startup requires founders to see the entire playing field. Without that clear view, founders risk missteps when it comes to hiring, raising funds, launching a product or making an acquisition.

Essentially, any big decision can end in disaster if a founder loses perspective or lacks self- and situational awareness.

Eghosa Omoigui, the founder and managing general partner of EchoVC Partners, a seed and early-stage venture capital firm that serves underrepresented founders and underserved markets, has helped entrepreneurs navigate the first steps of starting a company and laying the right foundation early on.

Omoigui, who was previously director of consumer internet and semantic technologies at Intel Capital, advocates for founders to develop their own All-22 tape — a tool used by professional football coaches that allows the viewer to see all 22 players on the field at the same time. It improves a coach’s line of sight and, most importantly, helps avoid missing a critical motion or player.

The concept of this tool can — and should — be applied in the startup world as well, Omoigui said during the virtual TC Early Stage event.

Omoigui explained what it means to have an All-22 tape and the steps founders should take to develop a skill set that will allow them to see and understand the playbook from all sides.


The big picture

Before getting into the steps, it’s important to understand what the aim is. The upshot? For founders to have the best and most complete view of their company, team, investors, product and competitors.

For founders, that means being able to zoom out and see each of their employees’ points of view and being inclusive. Without an All-22 tape, founders can mistakenly spend too much on engineering while ignoring the product rollout strategy or forget to communicate with employees outside of their bubble of interest. A company can become fragmented as more blind spots emerge, which can ultimately lead to oversights that damage its reputation, operations or even its ability to raise money from investors.

For operators and investors, what we see is usually very driven by where we stand, or where we sit. And what you have to discover really is: How can I get much better views? And the best view is always the plan view, you’re looking from the top down, you’re watching the movement, and you have line of sight, you know, that’s essentially 360 degrees. (Timestamp: 3:40)


Situational and self-awareness

Hiro Capital puts $2.3M into team sports tracking platform PlayerData — as does Sir Terry Leahy

By Mike Butcher

Hiro Capital has gradually been making a name for itself as an investor in the area know as ‘Digital Sports’ or DSports for shorts. It’s now led a $2.3m funding round in PlayerData. While the round might sound small, the area it’s going into is large and growing. Also investing in the round is Sir Terry Leahy, previously the CEO of Tesco, the largest British retailer.

Edinburgh, UK-based PlayerData uses wearable technology and software tracking to give grass-roots and professional sports teams feedback on their training. It can, for instance, allow coaches to replay key moments from a game, even modeling different outcomes based on player positioning.

This is Hiro Capital’s 4th DSports and ‘connected fitness’ investment, and it joins Zwift, FitXR and NURVV. Hiro has also invested in eight games startups in the UK, USA and Europe, as befits the heritage of cofounder and partner Ian Livingstone, OBE,CBE, who is the former chairman of Tomb Raider publisher Eidos plc and all-round gaming pioneer.

PlayerData says it has captured more than 10,000 team sessions across UK soccer and rugby, and logged over 50 million meters of play. It also has strong network effects, it says. Every time a new team encounters one using Playerdata’s platform, it generates 5 more clubs as users.

Roy Hotrabhvanon is cofounder and CEO of PlayerData, and is a former international-level archer. He’s joined by Hayden Ball, cofounder and CTO, a firmware and cloud infrastructure expert.

In a statement Hotrabhvanon said: “Our mission is to bring fine-grained data and insight to clubs across team sports, helping them supercharge their game-making, improve player performance, and avoid injury… Our ultimate goal is to implement cutting-edge insights from pioneering wearables that are applicable to any team in any discipline at any level.”

Cherry Freeman, co-founding Partner at Hiro says: “PlayerData ticks all of our key boxes: a huge TAM with over 3m grass-roots clubs; a deep moat built on shared player data, machine learning and highly actionable predictive algorithms; compelling customer network effects; and a really impressive yet humble founding team.”

The PlayerData news forms part of a wider growth in digital sports, which includes such breakout names as Peloton, Tonal, Mirror, as well as Hiro’s portfolio investment, Zwift. With the pandemic putting an emphasison both home workouts and general health, the fascination with digital measurement of performance now has a growing grip on the sector.

Speaking to TechCrunch, Freeman added: “We think there are something like 3 million teams that are potential customers for PlayerData. Obviously the number of runners is enormous, and they only need to get a small slice of that market to have a very, very large business. At the end of the day everyone, everyone works out, even if you just go for a walk, so the target market’s huge and they started with running but their technology is applicable to a whole raft of other sports.”

Apple shares more details about its imminent App Tracking Transparency feature

By Anthony Ha

Apple is sharing more details today about its upcoming App Tracking Transparency feature, which will allow users to control, on an app-by-app level, whether their data is shared for ad-targeting purposes.

In a sense, anyone using the current version of iOS can see App Tracking Transparency in action, since iOS already includes a Tracking menu in the Privacy settings, and some apps have already started asking users for permission to track them.

But when iOS 14.5 (currently in developer beta) is released to the general public sometime in early spring, Apple will actually start enforcing its new rules, meaning that iPhone users will probably start seeing a lot more requests. Those requests will appear at various points during the usage of an app, but they’ll all carry a standardized message asking whether the app can “track your activity across other companies’ apps and websites,” followed by a customized explanation from the developer.

Once an app has asked for this permission, it will also show up in the Tracking menu, where users can toggle app tracking on and off at any time. They can also enable app tracking across all apps or opt out of these requests entirely with a single toggle.

One point worth emphasizing — something already stated on Apple’s developer website but not entirely clear in media reports (including our own)— is that these rules aren’t limited to the IDFA identifier. Yes, IDFA is what Apple controls directly, but a company spokesperson said that when a user opts out of tracking, Apple will also expect developers to stop using any other identifiers (such as hashed email addresses) to track users for ad targeting purposes, and not to share that information with data brokers.

This does not, however, stop developers from tracking users across multiple apps if all those apps are operated by a single company.

The Apple spokesperson also said that Apple’s own apps will abide by these rules — you won’t see any requests from Apple, however, since it doesn’t track users across third-party apps for ad targeting purposes. (As previously noted, there’s a separate Personalized Ads option that determines whether Apple can use its own first-party data to target ads.)

Facebook has been particularly vocal in criticizing the change, arguing that this will hurt small businesses who use targeting to run effective ad campaigns, and that the change benefits Apple’s bottom line.

Apple has pushed back against criticism in privacy-focused speeches, as well as in a report called A Day in the Life of Your Data, which lays out how users are actually tracked and targeted. In fact, the report has just been updated with more information about ad auctions, ad attribution and Apple’s own advertising products.

UK’s Digital Markets Unit starts work on pro-competition reforms

By Natasha Lomas

A new UK public body that will be tasked with helping regulate the most powerful companies in the digital sector to ensure competition thrives online and consumers of digital services have more choice and control over their data has launched today.

The Digital Markets Unit (DMU), which was announced in November last year — following a number of market reviews and studies examining concerns about the concentration of digital market power — does not yet have statutory powers itself but the government has said it will consult on the design of the new “pro-competition regime” this year and legislate to put the DMU on a statutory footing as soon as parliamentary time allows.

Concerns about the market power of adtech giants Facebook and Google are key drivers for the regulatory development.

💻 Our new Digital Markets Unit, launched today, will help make sure tech giants can’t exploit their market dominance to crowd out competition and stifle innovation online.

Find out more: https://t.co/PCBCYwuA3o pic.twitter.com/Ybvn81uuBK

— Competition & Markets Authority (@CMAgovUK) April 7, 2021

As a first job, the unit will look at how codes of conduct could work to govern the relationship between digital platforms and third parties such as small businesses which rely on them to advertise or use their services to reach customers — to feed into future digital legislation.

The role of powerful intermediary online gatekeepers is also being targeted by lawmakers in the European Union who proposed legislation at the end of last year which similarly aims to create a regulatory framework that can ensure fair dealing between platform giants and the smaller entities which do business under their terms.

The UK government said today that the DMU will take a sector neutral approach in examining the role of platforms across a range of digital markets, with a view to promoting competition.

The unit has been asked to work with the comms watchdog Ofcom, which the government named last year as its pick for regulating social media platforms under planned legislation due to be introduced this year (aka, the Online Safety Bill as it’s now called).

While that forthcoming legislation is intended to regulate a very wide range of online harms which may affect consumers — from bullying and hate speech to child sexual exploitation and other speech-related issues (raising plenty of controversy, and specific concerns about associated implications for privacy and security) — the focus for the DMU is on business impacts and consumer controls which may also have implications for competition in digital markets.

As part of its first work program, the government said the secretary of state for digital has asked the DMU to work with Ofcom to look specifically at how a code would govern the relationships between platforms and content providers such as news publishers — “including to ensure they are as fair and reasonable as possible”, as its press release puts it.

This suggests the DMU will be taking a considered look at recent legislation passed in Australia — which makes it mandatory for platforms to negotiate with news publishers to pay for reuse of their content.

Earlier this year, the head of the UK’s Competition and Markets Authority (CMA), which the DMU will sit within, told the BBC that Australia’s approach of having a backstop of mandatory arbitration if commercial negotiations between tech giants and publishers fail is a “sensible” approach.

The DMU will also work closely with the CMA’s enforcement division — which currently has a number of open investigations into tech giants, including considering complaints against Apple and Google; and an in-depth probe of Facebook’s Giphy acquisition.

Other UK regulators the government says the DMU will work closely with include the data protection watchdog (the ICO) and the Financial Conduct Authority.

It also said the unit will also coordinate with international partners, given digital competition is an issue that’s naturally globally in nature — adding that it’s already discussing its approach through bilateral engagement and as part of its G7 presidency.

“The Digital Secretary will host a meeting of digital and tech ministers in April as he seeks to build consensus for coordination on better information sharing and joining up regulatory and policy approaches,” it added.

The DMU will be led by Will Hayter, who takes up an interim head post in early May following a stint at the Cabinet Office working on Brexit transition policy. Prior to that he worked for several years at the CMU and also Ofcom, among other roles in regulatory policy.

 

Avant doubles down on digital banking with Zero Financial acquisition

By Mary Ann Azevedo

Avant, an online lender that has raised over $600 million in equity, announced today that it has acquired Zero Financial and its neobank brand, Level, to further its mission of becoming a digital bank for the masses.

Founded in 2012, Chicago-based Avant started out primarily as an online lender targeting “underserved consumers,” but is evolving into digital banking with this acquisition. The company notched gross revenue of $265 million in 2020 and has raised capital over the years from backers such as General Atlantic and Tiger Global Management.

“Our path has always been to become the premier digital bank for the everyday American,” Avant CEO James Paris told TechCrunch. “The massive transition to digital over the last 12 months made the timing right to expand our offerings.” 

The acquisition of Zero Financial and its neobank, Level (plus its banking app assets), will give Avant the ability to offer “a full ecosystem of banking and credit product offerings” through one fully digital platform, according to Paris. Those offerings include deposits, personal loans, credit cards and auto loans.

Financial terms of the deal weren’t disclosed other than the fact that the acquisition was completed with a combination of cash and stock.

Founded in 2016, San Francisco-based Zero Financial has raised $147 million in debt and equity, according to Crunchbase. New Enterprise Associates (NEA) led its $20 million Series A in May of 2019.

Level was unveiled to the public in February of 2020, created by the same California-based team that founded the “debit-style” credit card offering Zero, according to this FintechFutures piece. The challenger bank was created to target millennials dissatisfied with the incumbent banking options.

Zero Financial co-founder and CEO Bryce Galen said that Avant shared his company’s mission “to challenge the status quo by bringing innovative financial services products to consumers who might otherwise be unable to access them.”

Avant, notes Paris, uses thousands of AI-driven data points to determine credit risk. With this acquisition, that lens will be expanded with data, such as a deposit customer’s cash flow, how they manage their finances and whether they pay their bills on time. 

“This will allow us to make credit decisions faster and deliver personalized options to help underbanked consumers gain financial freedom, at any and every stage of their financial journey,” Paris told TechCrunch. “It will also build long-term engagement and loyalty and help grow our reach beyond the 1.5 million customers we’ve served to date.”  

Like a growing number of fintechs, Avant operates under the premise that a person’s ability to get credit shouldn’t be dictated by a credit score alone.

“A significant amount of Americans have poor, bad or no credit at all. For these people, accessing credit isn’t exactly easy and often comes with extra fees,” Paris said. That’s why, he added, Avant has focused on providing options for such consumers with “transparent, rewards-driven products.”

Level’s branchless, all-digital platform offers things such as cashback rewards on debit card purchases, a “competitive APY” on deposits, early access to paychecks and no hidden fees, all of which are especially beneficial for consumers on the path to financial freedom, according to Paris.

Since its inception in 2012, Avant has connected more than 1.5 million consumers to $7.5 billion in loans and 400,000 credit cards. The company launched its credit card in 2017 and over the past two years alone, it has grown its number of credit card users by 170%.

Answers being sought from Facebook over latest data breach

By Natasha Lomas

Facebook’s lead data protection regulator in the European Union is seeking answers from the tech giant over a major data breach reported on over the weekend.

The breach was reported on by Business Insider on Saturday which said personal data (including email addresses and mobile phone numbers) of more than 500M Facebook accounts had been posted to a low level hacking forum — making the personal information on hundreds of millions of Facebook users’ accounts freely available.

“The exposed data includes the personal information of over 533M Facebook users from 106 countries, including over 32M records on users in the US, 11M on users in the UK, and 6M on users in India,” Business Insider said, noting that the dump includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and some email addresses.

Facebook responded to the report of the data dump by saying it related to a vulnerability in its platform it had “found and fixed” in August 2019 — dubbing the info “old data” which it also claimed had been reported on in 2019. However as security experts were quick to point out, most people don’t change their mobile phone number often — so Facebook’s trigger reaction to downplay the breach looks like an ill-thought through attempt to deflect blame.

It’s also not clear whether all the data is all ‘old’, as Facebook’s initial response suggests.

This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. https://t.co/mPCttLkjzE

— Liz Bourgeois (@Liz_Shepherd) April 3, 2021

There’s plenty of reasons for Facebook to try to downplay yet another data scandal. Not least because, under European Union data protection rules, there are stiff penalties for companies that fail to promptly report significant breaches to relevant authorities. And indeed for breaches themselves — as the bloc’s General Data Protection Regulation (GDPR) bakes in an expectation of security by design and default.

By pushing the claim that the leaked data is “old” Facebook may be hoping to peddle the idea that it predates the GDPR coming into application (in May 2018).

However the Irish Data Protection Commission (DPC), Facebook’s lead data supervisor in the EU, told TechCrunch that it’s not abundantly clear whether that’s the case at this point.

“The newly published dataset seems to comprise the original 2018 (pre-GDPR) dataset and combined with additional records, which may be from a later period,” the DPC’s deputy commissioner, Graham Doyle said in a statement.

“A significant number of the users are EU users. Much of the data appears to been data scraped some time ago from Facebook public profiles,” he also said.

“Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality. Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR.”

Doyle said the regulator sought to establish “the full facts” about the breach from Facebook over the weekend and is “continuing to do so” — making it clear that there’s an ongoing lack of clarity on the issue, despite the breach itself being claimed as “old” by Facebook.

The DPC also made it clear that it did not receive any proactive communication from Facebook on the issue — despite the GDPR putting the onus on companies to proactively inform regulators about significant data protection issues. Rather the regulator had to approach Facebook — using a number of channels to try to obtain answers from the tech giant.

Through this approach the DPC said it learnt Facebook believes the information was scraped prior to the changes it made to its platform in 2018 and 2019 in light of vulnerabilities identified in the wake of the Cambridge Analytica data misuse scandal.

A huge database of Facebook phone numbers was found unprotected online back in September 2019.

Facebook had also earlier admitted to a vulnerability with a search tool it offered — revealing in April 2018 that somewhere between 1BN and 2BN users had had their public Facebook information scraped via a feature which allowed people to look up users by inputting a phone number or email — which is one potential source for the cache of personal data.

Last year Facebook also filed a lawsuit against two companies it accused of engaging in an international data scraping operation.

But the fallout from its poor security design choices continue to dog Facebook years after its ‘fix’.

More importantly, the fallout from the massive personal data spill continues to affect Facebook users whose information is now being openly offered for download on the Internet — opening them up to the risk of spam and phishing attacks and other forms of social engineering (such as for attempted identity theft).

There are still more questions than answers about how this “old” cache of Facebook data came to be published online for free on a hacker forum.

The DPC said it was told by Facebook that “the data at issue appears to have been collated by third parties and potentially stems from multiple sources”.

The company also claimed the matter “requires extensive investigation to establish its provenance with a level of confidence sufficient to provide your Office and our users with additional information” — which is a long way of suggesting that Facebook has no idea either.

“Facebook assures the DPC it is giving highest priority to providing firm answers to the DPC,” Doyle also said. “A percentage of the records released on the hacker website contain phone numbers and email address of users.

“Risks arise for users who may be spammed for marketing purposes but equally users need to be vigilant in relation to any services they use that require authentication using a person’s phone number or email address in case third parties are attempting to gain access.”

“The DPC will communicate further facts as it receives information from Facebook,” he added.

At the time of writing Facebook had not responded to a request for comment about the breach.

Facebook users who are concerned whether their information is in the dump can run a search for their phone number or email address via the data breach advice site, haveibeenpwned.

According to haveibeenpwned’s Troy Hunt, this latest Facebook data dump contains far more mobile phone numbers than email addresses.

He writes that he was sent the data a few weeks ago — initially getting 370M records and later “the larger corpus which is now in very broad circulation”.

“A lot of it is the same, but a lot of it is also different,” Hunt also notes, adding: “There is not one clear source of this data.”

 

UK’s antitrust watchdog takes a closer look at Facebook-Giphy

By Natasha Lomas

Potential threats to the free flow of GIFs continue to trouble the UK’s competition watchdog.

Facebook’s $400M purchase of Giphy, announced last year, is now facing an in-depth probe by the CMA after the regulator found the acquisition raises competition concerns related to digital advertising. It now has until September 15 to investigate and report.

The watchdog took a first look at the deal last summer. It kept on looking into 2021. And then last week the CMA laid out its concerns — saying the (already completed) Facebook-Giphy acquisition could further reduce competition in the digital advertising market where the former is already a kingpin player (with over 50% share of the display advertising market).

The regulator said it had found evidence that, prior to the acquisition, Giphy had planned to expand its own digital advertising partnerships to other countries, including the UK.

“If Giphy and Facebook remain merged, Giphy could have less incentive to expand its digital advertising, leading to a loss of potential competition in this market,” it wrote a week ago.

The CMA also said it was worried a Facebook-owned Giphy could harm social media rivals were the tech giant were to squeeze the supply of animated pixels to others — or require rivals to sign up to worse terms (such as forcing them to hand over user data which it might then use to further fuel its ad targeting engines, gaining yet more market power).

On March 25 the companies were given five days by the regulator to address its concerns — by offering legally binding proposals intended to allay concerns.

An in-depth ‘phase 2’ investigation could have been avoided if concessions were offered which were acceptable to the regulator but that is evidently not the case as the CMA has announced the phase 2 referral today. And given the announcement has come just five working days after the last notification it appears no concessions were offered.

We’ve reached out to Facebook and the CMA for comment.

A Facebook spokesperson said: “We will continue to fully cooperate with the CMA’s investigation. This merger is good for competition and in the interests of everyone in the UK who uses Giphy and our services — from developers to service providers to content creators.”

While Facebook has already completed its acquisition of Giphy, the CMA’s investigation continues to put a freeze on its ability to integrate Giphy more deeply into its wider business empire.

Albeit, given Facebook’s dominant position in the digital advertising space, its business need to move fast via product innovation is a lot less pressing than years past — when it was building its market dominance free from regulatory intervention.

In recent years, the CMA has been paying close mind to the digital ad market. Back in 2019 it reported report substantial concerns over the power of the adtech duopoly, Google and Facebook. Although in its final report it said it would wait for the government to legislate, rather than make an intervention to address market power imbalances itself.

The UK is now in the process of setting up a pro-competition regulator with a dedicated focus on big tech — in response to concerns about the ‘winner takes all’ dynamics seen in digital markets. This incoming Digital Market Unit will oversee a “pro-competition” regime for Internet platforms that will see fresh compliance requirements in the coming years.

In the meanwhile, the CMA continues to scrutinize tech deals and strategic changes — including recently opening a probe of Google’s plan to depreciate support for third party cookies in Chrome after complaints from other industry players.

In January it also announced it was taking a look at Uber’s plan to acquire Autocab. However on Monday it cleared that deal, finding only “limited indirect” competition between the pair, and not finding evidence to indicate Autocab was likely to become a significant and more direct competitor to Uber in the future.

The regulator also considered whether Autocab and Uber could seek to put Autocab’s taxi company customers that compete against Uber at a disadvantage by reducing the quality of the booking and dispatch software sold to them, or by forcing them to pass data to Uber. But its phase 1 probe found other credible software suppliers and referral networks that the CMA said these taxi companies could switch to if Uber were to act in such a way — leading to it to clear the deal.

❌