FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

What3Words sends legal threat to a security researcher for sharing an open-source alternative

By Zack Whittaker

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violate its copyright.

Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from a law firm representing What3Words, requesting that he delete tweets related to the open source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies of the software, and to delete any copies of the software he had in his possession.

The letter gave him until May 7 to agree, after which What3Words would “waive any entitlement it may have to pursue related claims against you,” a thinly-veiled threat of legal action.

“This is not a battle worth fighting,” he said in a tweet. Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn’t. He has also asked the law firm twice for links to the tweets they want deleting but has not heard back. “Depending on the tweet, I may or may not comply. Depends on its content,” he said.

The legal threat sent to Aaron Toponce. (Image: supplied)

U.K.-based What3Words divides the entire world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is easier to share on the phone in an emergency than having to find and read out their precise geographic coordinates.

But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially causing confusion about a person’s true whereabouts. In a later write-up, Tierney said What3Words was not adequate for use in safety-critical cases.

It’s not the only downside. Critics have long argued that What3Words’ proprietary geocoding technology, which it bills as “life-saving,” makes it harder to examine it for problems or security vulnerabilities.

Concerns about its lack of openness in part led to the creation of the WhatFreeWords. A copy of the project’s website, which does not contain the code itself, said the open-source alternative was developed by reverse-engineering What3Words. “Once we found out how it worked, we coded implementations for it for JavaScript and Go,” the website said. “To ensure that we did not violate the What3Words company’s copyright, we did not include any of their code, and we only included the bare minimum data required for interoperability.”

But the project’s website was nevertheless subjected to a copyright takedown request filed by What3Words’ counsel. Even tweets that pointed to cached or backup copies of the code were removed by Twitter at the lawyers’ requests.

Toponce — a security researcher on the side — contributed to Tierney’s research, who was tweeting out his findings as he went. Toponce said that he offered to share a copy of the WhatFreeWord code with other researchers to help Tierney with his ongoing research into What3Words. Toponce told TechCrunch that receiving the legal threat may have been a combination of offering to share the code and also finding problems with What3Words.

In its letter to Toponce, What3Words argues that WhatFreeWords contains its intellectual property and that the company “cannot permit the dissemination” of the software.

Regardless, several websites still retain copies of the code and are easily searchable through Google, and TechCrunch has seen several tweets linking to the WhatFreeWords code since Toponce went public with the legal threat. Tierney, who did not use WhatFreeWords as part of his research, said in a tweet that What3Words’ reaction was “totally unreasonable given the ease with which you can find versions online.”

We asked What3Words if the company could point to a case where a judicial court has asserted that WhatFreeWords has violated its copyright. What3Words spokesperson Miriam Frank did not respond to multiple requests for comment.

Erase All Kittens raises $1M Seed round for Mario-style game which teaches girls to code

By Mike Butcher

Erase All Kittens (EAK) is an EdTech startup that created a ‘Mario-style’ web-based game designed for kids aged 8-12. However, the game has a twist: it places an emphasis on inspiring girls to code (since let’s face it, most coding tools are created by men). After reaching 160,000 players in over 100 countries, it’s now raised a $1M Seed funding led by Twinkl Educational Publishing, with participation from first investor Christian Reyntjens of the A Black Square family office, alongside angel investors, including one of the founders of Shazam.

While the existing EAK game is free, a new game launched in July will be paid for, further boosting the product’s business model.

EAK says its research shows that some 55% of its players are girls, and 95% want to learn more about coding after playing its game. EAK is currently being used in over 3,000 schools, mostly in the UK and US, and its traction increased by 500% during the lockdowns associated with the pandemic.

It’s Erase All Kittens’ contention that coding education tools for children have been largely built by men and so naturally appeal more to boys. With most teaching repetitive coding, in a very rigid, instructional way, it tends to appeal more to boys than girls, says EAK.

The female-founded team has a platform for changing the perception that kids, especially girls, have of coding. After R&D of two years, it came up with a game designed to teach kids and girls as young as 8 skills such as HTML, CSS, and Javascript in a highly gamified, story-driven gameplay. Kids get to chat with characters on their journey, for example, a serial entrepreneur unicorn mermaid called Tarquin Glitterquiff.

“Players edit the code that governs the game environment, building and fixing levels as they play in order to save kittens in a fantasy internet universe,” said cofounder Dee Saigal, co-founder, CEO and creative director. Saigal is joined by co-founder Leonie Van Der Linde; CTO Rex Van Der Spuy; Senior Games Developer Jeremy Keen; and 2D Games Artist Mikhail Malkin.

The existing game teaches HTML skills and how to create URLs, and the new game (released in July this year) will teach HTML, CSS, and Javascript skills – bridging the huge gap between kids learning the concepts and being able to create on the web like developers.

Said Saigal: “We’re designing a coding game that girls genuinely love – one that places a huge emphasis on creativity. Girls can see instant results as they code, there are different ways to progress through the game, and learning is seamlessly blended with storytelling.”

Saigal said: “When I was younger I wanted to be a games designer. I loved coming up with ideas for games but coding had always seemed like an impossible task. We weren’t taught coding at school, and I couldn’t see anyone who looked like me making games, so I didn’t think it was something I could do.”

“Whilst researching our target audience, we found that one of the biggest obstacles for girls still begins with gender stereotypes from an early age. By the time girls reach school, this snowballs into a lack of confidence in STEM skills and lower expectations from teachers, which in turn can lead to lower performance—a gap that only widens as girls get older.”

EAK’s competitors include Code Kingdoms, Swift Playgrounds and CodeCombat. But Saigal says these games tend to appeal far more to boys than to girls.

The new game (see below) will be sold to schools and parents, globally. EAK will also be carrying out a one-for-one scheme, where for every school account purchased, one will be donated to underserved schools via partnerships with tech companies, educational organizations, and NGOs.

Jonathan Seaton, Co-founder and CEO at Twinkl and Director of TwinklHive, said: “We’re really excited to partner with Erase All Kittens, as a digital company Twinkl recognizes the importance of preparing children to succeed in the digital age and we believe through this partnership we can really make a difference.”

“The team is particularly excited about helping further Erase All Kitten’s mission to empower girls and give them the same opportunities to learn to code and build their own digital creations. Ensuring that all children have equal access to opportunities to learn is at the heart of Twinkl’s vision and a key motivation in the development of this partnership for both organizations.”

Erase All Kittens

Erase All Kittens

Erase All Kittens says it is addressing the global skills gap, where the gender gap is increasingly widening. According to PWC, just 24% of the tech workforce is female and women make up just 12% of all engineers, while only 3% of female students in the UK list tech as their first career choice.

Research by Childwise found that 90% of girls give up on coding after first trying it, and if they lose interest in STEM subject by the age of 11, they never recover from that. This is a huge and growing problem for the tech industry and for investors.

TikTok to open a ‘Transparency’ Center in Europe to take content and security questions

By Natasha Lomas

TikTok will open a center in Europe where outside experts will be shown information on how it approaches content moderation and recommendation, as well as platform security and user privacy, it announced today.

The European Transparency and Accountability Centre (TAC) follows the opening of a U.S. center last year — and is similarly being billed as part of its “commitment to transparency”.

Soon after announcing its U.S. TAC, TikTok also created a content advisory council in the market — and went on to replicate the advisory body structure in Europe this March, with a different mix of experts.

It’s now fully replicating the U.S. approach with a dedicated European TAC.

To-date, TikTok said more than 70 experts and policymakers have taken part in a virtual U.S. tour, where they’ve been able to learn operational details and pose questions about its safety and security practices.

The short-form video social media site has faced growing scrutiny over its content policies and ownership structure in recent years, as its popularity has surged.

Concerns in the U.S. have largely centered on the risk of censorship and the security of user data, given the platform is owned by a Chinese tech giant and subject to Internet data laws defined by the Chinese Communist Party.

While, in Europe, lawmakers, regulators and civil society have been raising a broader mix of concerns — including around issues of child safety and data privacy.

In one notable development earlier this year, the Italian data protection regulator made an emergency intervention after the death of a local girl who had reportedly been taking part in a content challenge on the platform. TikTok agreed to recheck the age of all users on its platform in Italy as a result.

TikTok said the European TAC will start operating virtually, owing to the ongoing COVID-19 pandemic. But the plan is to open a physical center in Ireland — where it bases its regional HQ — in 2022.

EU lawmakers have recently proposed a swathe of updates to digital legislation that look set to dial up emphasis on the accountability of AI systems — including content recommendation engines.

A draft AI regulation presented by the Commission last week also proposes an outright ban on subliminal uses of AI technology to manipulate people’s behavior in a way that could be harmful to them or others. So content recommender engines that, for example, nudge users into harming themselves by suggestively promoting pro-suicide content or risky challenges may fall under the prohibition. (The draft law suggests fines of up to 6% of global annual turnover for breaching prohibitions.)

It’s certainly interesting to note TikTok also specifies that its European TAC will offer detailed insight into its recommendation technology.

“The Centre will provide an opportunity for experts, academics and policymakers to see first-hand the work TikTok teams put into making the platform a positive and secure experience for the TikTok community,” the company writes in a press release, adding that visiting experts will also get insights into how it uses technology “to keep TikTok’s community safe”; how trained content review teams make decisions about content based on its Community Guidelines; and “the way human reviewers supplement moderation efforts using technology to help catch potential violations of our policies”.

Another component of the EU’s draft AI regulation sets a requirement for human oversight of high risk applications of artificial intelligence. Although it’s not clear whether a social media platform would fall under that specific obligation, given the current set of categories in the draft regulation.

However the AI regulation is just one piece of the Commission’s platform-focused rule-making.

Late last year it also proposed broader updates to rules for digital services, under the DSA and DMA, which will place due diligence obligations on platforms — and also require larger platforms to explain any algorithmic rankings and hierarchies they generate. And TikTok is very likely to fall under that requirement.

The UK — which is now outside the bloc, post-Brexit — is also working on its own Online Safety regulation, due to present this year. So in the coming years there will be multiple content-focused regulatory regimes for platforms like TikTok to comply with in Europe. And opening your algorithms to outside experts may be hard requirement, not soft PR.

Commenting on the launch of its European TAC in a statement, Cormac Keenan, TikTok’s head of trust and safety, said: With more than 100 million users across Europe, we recognise our responsibility to gain the trust of our community and the broader public. Our Transparency and Accountability Centre is the next step in our journey to help people better understand the teams, processes, and technology we have to help keep TikTok a place for joy, creativity, and fun. We know there’s lots more to do and we’re excited about proactively addressing the challenges that lie ahead. I’m looking forward to welcoming experts from around Europe and hearing their candid feedback on ways we can further improve our systems.”

 

8 investors, founders and execs predict cybersecurity, fintech will take Belfast by storm

By Mike Butcher

Things have been looking up for Belfast since the end of the Troubles. The city has undergone infrastructure improvements over the past two decades, tourism has boomed thanks to attractions such as the shipyard where the RMS Titanic was built and Game of Thrones shooting locations, and employment has risen steadily in the city since 2016, according to Northen Ireland’s Department for the Economy. The city also has the famed Queen’s University and low living costs to count in its favor, and gentrification is starting to take place, which shows things are looking up for Northern Ireland’s capital.

And as far as the local startup scene goes, the U.K.’s Tech Nation found in 2018 that about 26% of Belfast’s workforce was employed in tech, and it is among cities in the country with the highest growth potential for 2021.

With that in mind, we reached out to founders, investors and executives in the city to get an inside look at the state of the current tech startup ecosystem. According to the survey, the city is strong in sectors such as fintech, agritech, hospitality tech, emerging tech, cybersecurity, SaaS and medtech. Ignite NI emerged as an important native incubator and accelerator.

Interesting startups that our respondents mentioned include: CropSafe, SideQuest, Aflo, Material Evolution, Cloudsmith, LegitFit, Continually, Gratsi, 54 North Design, Animal Manager, Kairos Sports Tech, Budibase, Incisiv, Automated Intelligence, loyalBe, Konvi, Lane 44, Teamfeepay.com, Axial3D, Neurovalens, Payhere, and Civic Dollars.


Use discount code BELFAST to save 25% off an annual or two-year Extra Crunch membership.
This offer is only available to readers in the U.K. and Europe, and expires on May 31, 2021.


The tech investment scene was characterized as being strong in software and life sciences, but sometimes too conservative or risk-averse. However, this seems to be changing for the better, and foreign direct investment (FDI) is an important growth factor for the ecosystem.

Although there remains uncertainty around how Brexit will affect Northern Ireland, one executive said, “If we play our cards right, we can capitalize on it. Being positioned both in the EU and U.K. markets gives us advantages that we would be foolish to waste.”

One of the founders foresees more private capital flowing into Belfast as global investors realize that “the combination of great local universities and very strong FDI has attracted some brilliant engineers.” The low cost of living is also encouraging for talent to stay put in the city, which makes for a tech scene that’s poised to take off, this founder added.

Here’s who we spoke to:

 

Cormac Quinn, founder & CEO, loyalBe

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
We’re strong in cybersecurity and (to an arguably lesser extent) fintech. I’m excited by the droves of new startups being created here in all sorts of sectors — traditionally, Belfast hasn’t had a lot of tech startups, but I can see that changing right before my eyes, which is very exciting. I always anticipated having to leave Belfast for the U.S. to be able to start a tech company, but I’m glad this is no longer a requirement or even the standard any more.

Which are the most interesting startups in your city?
There are a few that stand out: Cloudsmith (devtools), LegitFit (scheduling), Continually (chatbots/marketing), and Automated Intelligence (data management). This is certainly not an exhaustive list of interesting startups, just a few that come to mind.

What are the tech investors like in Belfast? What’s their focus?
Investors here can be somewhat conservative and slightly traditional. If you’re raising investment north of £1 million, you would likely need to look outside the jurisdiction. There also just isn’t enough private capital at the moment, which is a shame, as Belfast has some fantastic talent combined with a very low cost of living, which means investor money tends to go further (no crazy rents, reasonable salaries, etc.). It feels we’re at the beginning of a cycle in Belfast, however — I expect to see many more local exits over the coming years, which will likely lead to new private capital inflows.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
I understand the city was growing pre-pandemic, and I believe this trend will continue once life returns to a semi-normal state. For a long time, Belfast was a city people didn’t want to live in due to historical issues, but that has been slowly changing. New developments are popping up all over the city, from student accommodation to hotels and nice apartments. 15-20 years ago, Belfast had hardly any of this.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Chris McClelland, MD of Ignite NI: He’s a mentor on the city’s top accelerator program. Co-founded BrewBot.
Ian Browne, COO of Ignite NI: Entrepreneur and another mentor to startups in the city.
Mark Dowds: Venture partner at Anthemis, co-founder at Ormeau Baths (in my opinion it’s the city’s best co-working space).

Where do you see your city’s tech scene in five years?
We’re in uncertain times due to Brexit, but I think if we play our cards right, we can capitalize on it. Being positioned both in the EU and U.K. markets gives us advantages that we would be foolish to waste. I do think we will see more private capital flowing into Belfast as global investors realize that the combination of great local universities and very strong FDI has attracted some brilliant engineers. Combine that with the fact that cost of living remains quite low, which means their capital can go much further (rather than going to landlords) and you have a tech scene that’s poised for take-off.

Can you recommend any companies that should appear in our global Startup Battlefield competition?
Cloudsmith.

Susan Kelly, CEO, Respiratory Analytics

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
Cybersecurity, fintech, digital — strong medtech — needs building. Great incubator and accelerator in Ignite, but needs expansion to the Northwest where deprivation and poor infrastructure need to be addressed. Public funding supports are good, but too fragmented and hard to access.

Which are the most interesting startups in your city?
CropSafe, SideQuest, Aflo (my startup!), Material Evolution.

What are the tech investors like in Belfast? What’s their focus?
Too conservative, “stale, pale, male”, and risk-averse. But changing for the better, slowly. Legal’s far too costly. Needs to shift to a more U.S. type model. Too few women on the scene. Focus on software, which is great, but too risk-averse in hardware. Needs more experienced angel investors. Halo Business Angel Network feels staid.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
Huge shift back to Belfast and Northern Ireland in general as a result of COVID.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Ignite NI is driving the startup scene via Propel (Pre-Accelerator) and the Accelerator — doing an amazing job. Clarendon, Techstart, various angels, and Catalyst. Big Motive is a key design engine.

Where do you see your city’s tech scene in five years?
With more support from Invest NI, the whole of Northern Ireland can be an innovation hub linked to Ireland via the startup ecosystem.

Can you recommend any companies that should appear in our global Startup Battlefield competition?
CropSafe.

Ryan Crown, co-founder, Hill Street Hatch

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
We’re strong in the tech industry. We’re excited by changing how we launch hospitality ventures. Belfast is weak in investment and investors.

Which are the most interesting startups in your city?
Payhere, Civic Dollars, and Konvi.

What are the tech investors like in Belfast? What’s their focus?
We’re lacking proper investors in Northern Ireland.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
The cost of living and quality of life is fantastic in Northern Ireland/Belfast. COVID-19 will see a huge influx of people moving from expensive cities such as London, Manchester, or Dublin and relocating to Belfast.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Chris McClelland.

Where do you see your city’s tech scene in five years?
Booming.

Fearghal Campbell, founder, Pitchbooking

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
Cybersecurity, SaaS, sportstech. Most excited by a range of early-stage tech companies — [there has been] an explosion in pre-seed and seed level companies over the past two to three years. Weaker at scaling up; relative lack of indigenous scale-up companies. Large number of foreign direct investment from U.S.-based companies into the city.

Which are the most interesting startups in your city?
In the sportstech sector, teamfeepay.com are growing fast. loyalBe are a seed-stage fintech company with big plans for reinventing retail loyalty programs that we always keep an eye on. Later-stage companies like medtech mainstays Axial3D and Neurovalens are doing great things too!

What are the tech investors like in Belfast? What’s their focus?
We have a mix of angel and institutional investors in Belfast. Hard to say a specific focus on a particular industry, but there are a couple of sectors that are strong in the city given the focus of the local universities. Medtech and cybersecurity both feature heavily in the startup scene.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
Belfast benefits from a relatively low cost of living in relation to the rest of the U.K., meaning that we are seeing an increase in startups moving here from other major cities. The support for early-stage startups has also contributed to this influx. As a city, we are well set up for moving to a hybrid way of working. You can traverse across the center of the city in 15 mins on foot, which means popping into a city center office isn’t a big undertaking.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Invest NI – Government support agency.
Ignite NI – Seed-stage accelerator program.
UlsterBank Accelerator – Early-stage accelerator program.
Aurient Investments – Angel investment group with a diverse investment portfolio.

Where do you see your city’s tech scene in five years?
I believe we will see the strongest seed-stage companies from 2017-2020 becoming established companies within our tech scene to match the influx of FDI companies from further afield.

Jack Spargo, co-founder & CEO, Gratsi

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
Strong in: Fintech, agritech, hospitality tech, and emerging tech.
Most excited by: support (financial, mentoring, etc.) is available and the cost to build and grow is low.
Weakest in: geographical barriers to rest of UK and EU.

Which are the most interesting startups in your city?
loyalBe, Konvi, and Lane 44.

What are the tech investors like in Belfast? What’s their focus?
Great — good support and intros facilitated by accelerators such as Ignite NI, Catalyst, Techstart, Ormeau Baths, etc.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
More likely to move in: low cost of living and well set up for being remote already.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Chris McClelland and Ian Browne of Ignite NI; Mark Dowds of anthemis, and Cormac Quinn of loyalBe.

Where do you see your city’s tech scene in five years?
Stronger: a tech hub for the UK and the EU.

Brendan Digney, founder, Machine Eye Technology

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
Agritech and Constuction tech are industries with huge potential, particularly in Ireland and Northern Ireland, where there are traditional strengths and the opportunity to influence based upon use of AI and data.

Which are the most interesting startups in your city?
Kairos Sports Tech, Budibase, Incisiv, and Automated Intelligence.

What are the tech investors like in Belfast? What’s their focus?
There are a number of VCs/funds that are generally linked to each other and Invest NI. INI is a big support and funder. Catalyst are a not-for-profit support who are possibly the most valuable in the whole system. Investment focus is generally around software and life sciences, although other funds are around. Strong focus on foreign and inward businesses.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
[People will] move out to rural areas within an hour’s drive of the city.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Catalyst, Ormeau Baths, and Raise Ventures.

Where do you see your city’s tech scene in five years?
Significant growth in the scene, with an expansion into more later-stage businesses.

Toyah Warnock, co-founder, Lane 44

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
Belfast is a growing hub of fantastic businesses and funding opportunities.

Which are the most interesting startups in your city?
Gratsi, 54 North Design, and Animal Manager.

What are the tech investors like in Belfast? What’s their focus?
SaaS.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
Belfast is inexpensive to live in. Many people will be moving in.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Ormeau Baths.

Where do you see your city’s tech scene in five years?
It will grow rapidly. Belfast is going through a period of gentrification.

Can you recommend any companies that should appear in our global Startup Battlefield competition?
Lane 44, Animal Manager, and Gratsi.

Alan Carson, CEO, Cloudsmith

Which sectors is your tech ecosystem strong in? What are you most excited by? What does it lack?
Strong in security, fintech, and medtech. Excited about devtools.

Which are the most interesting startups in your city?
Cloudsmith and Axial3D.

What are the tech investors like in Belfast? What’s their focus?
Small investor scene, but with an ambitious founder scene. Medtech and security are popular.

With the shift to remote working, do you think people will stay in Belfast? Will they move out? Will others move in?
No idea. Probably a bit of both.

Who are the key startup people in your city (e.g. Investors, founders, lawyers, designers)?
Techstart Ventures, Ignite NI, Catalyst, Clarendon Co-Fund, Denis Murphy, Colm McGoldrick, and Alastair Bell.

Where do you see your city’s tech scene in five years?
Bigger and better than ever.

Can you recommend any companies that should appear in our global Startup Battlefield competition?
VideoFirst.

Window Snyder’s new startup Thistle Technologies raises $2.5M seed to secure IoT devices

By Zack Whittaker

The Internet of Things has a security problem. The past decade has seen wave after wave of new internet-connected devices, from sensors through to webcams and smart home tech, often manufactured in bulk but with little — if any — consideration to security. Worse, many device manufacturers make no effort to fix security flaws, while others simply leave out the software update mechanisms needed to deliver patches altogether.

That sets up an entire swath of insecure and unpatchable devices to fail, and destined to be thrown out when they break down or are invariably hacked.

Security veteran Window Snyder thinks there is a better way. Her new startup, Thistle Technologies, is backed with $2.5 million in seed funding from True Ventures with the goal of helping IoT manufacturers reliably and securely deliver software updates to their devices.

Snyder founded Thistle last year, and named it after the flowering plant with sharp prickles designed to deter animals from eating them. “It’s a defense mechanism,” Snyder told TechCrunch, a name that’s fitting for a defensive technology company. The startup aims to help device manufacturers without the personnel or resources to integrate update mechanisms into their device’s software in order to receive security updates and better defend against security threats.

“We’re building the means so that they don’t have to do it themselves. They want to spend the time building customer-facing features anyway,” said Snyder. Prior to founding Thistle, Snyder worked in senior cybersecurity positions at Apple, Intel, and Microsoft, and also served as chief security officer at Mozilla, Square, and Fastly.

Thistle lands on the security scene at a time when IoT needs it most. Botnet operators are known to scan the internet for devices with weak default passwords and hijack their internet connections to pummel victims with floods of internet traffic, knocking entire websites and networks offline. In 2016, a record-breaking distributed denial-of-service attack launched by the Mirai botnet on internet infrastructure giant Dyn knocked some of the biggest websites — Shopify, SoundCloud, Spotify, Twitter — offline for hours. Mirai had ensnared thousands of IoT devices into its network at the time of the attack.

Other malicious hackers target IoT devices as a way to get a foot into a victim’s network, allowing them to launch attacks or plant malware from the inside.

Since device manufacturers have done little to solve their security problems among themselves, lawmakers are looking at legislating to curb some of the more egregious security mistakes made by default manufacturers, like using default — and often unchangeable — passwords and selling devices with no way to deliver security updates.

California paved the way after passing an IoT security law in 2018, with the U.K. following shortly after in 2019. The U.S. has no federal law governing basic IoT security standards.

Snyder said the push to introduce IoT cybersecurity laws could be “an easy way for folks to get into compliance” without having to hire fleets of security engineers. Having an update mechanism in place also helps to keeps the IoT devices around for longer — potentially for years longer — simply by being able to push fixes and new features.

“To build the infrastructure that’s going to allow you to continue to make those devices resilient and deliver new functionality through software, that’s an incredible opportunity for these device manufacturers. And so I’m building a security infrastructure company to support that security needs,” she said.

With the seed round in the bank, Snyder said the company is focused on hiring device and back-end engineers, product managers, and building new partnerships with device manufacturers.

Phil Black, co-founder of True Ventures — Thistle’s seed round investor — described the company as “an astute and natural next step in security technologies.” He added: “Window has so many of the qualities we look for in founders. She has deep domain expertise, is highly respected within the security community, and she’s driven by a deep passion to evolve her industry.”

Uber hit with default ‘robo-firing’ ruling after another EU labor rights GDPR challenge

By Natasha Lomas

Labor activists challenging Uber over what they allege are ‘robo-firings’ of drivers in Europe have trumpeted winning a default judgement in the Netherlands — where the Court of Amsterdam ordered the ride-hailing giant to reinstate six drivers who the litigants claim were unfairly terminated “by algorithmic means”.

The court also ordered Uber to pay the fired drivers compensation.

The challenge references Article 22 of the European Union’s General Data Protection Regulation (GDPR) — which provides protects for individuals against purely automated decisions with a legal or significant impact.

The activists say this is the first time a court has ordered the overturning of an automated decision to dismiss workers from employment.

However the judgement, which was issued on February 24, was issued by default — and Uber says it was not aware of the case until last week, claiming that was why it did not contest it (nor, indeed, comply with the order).

It had until March 29 to do so, per the litigants, who are being supported by the App Drivers & Couriers Union (ADCU) and Worker Info Exchange (WIE).

Uber argues the default judgement was not correctly served and says it is now making an application to set the default ruling aside and have its case heard “on the basis that the correct procedure was not followed”.

It envisages the hearing taking place within four weeks of its Dutch entity, Uber BV, being made aware of the judgement — which it says occurred on April 8.

“Uber only became aware of this default judgement last week, due to representatives for the ADCU not following proper legal procedure,” an Uber spokesperson told TechCrunch.

A spokesperson for WIE denied that correct procedure was not followed but welcomed the opportunity for Uber to respond to questions over how its driver ID systems operate in court, adding: “They [Uber] are out of time. But we’d be happy to see them in court. They will need to show meaningful human intervention and provide transparency.”

Uber pointed to a separate judgement by the Amsterdam Court last month — which rejected another ADCU- and WIE-backed challenge to Uber’s anti-fraud systems, with the court accepting its explanation that algorithmic tools are mere aids to human ‘anti-fraud’ teams who it said take all decisions on terminations.

“With no knowledge of the case, the Court handed down a default judgement in our absence, which was automatic and not considered. Only weeks later, the very same Court found comprehensively in Uber’s favour on similar issues in a separate case. We will now contest this judgement,” Uber’s spokesperson added.

However WIE said this default judgement ‘robo-firing’ challenge specifically targets Uber’s Hybrid Real Time ID System — a system that incorporates facial recognition checks and which labor activists recently found mis-identifying drivers in a number of instances.

It also pointed to a separate development this week in the UK where it said the City of London Magistrates Court ordered the city’s transport regulator, TfL, to reinstate the licence of one of the drivers revoked after Uber routinely notified it of a dismissal (also triggered by Uber’s real time ID system, per WIE).

Reached for comment on that, a TfL spokesperson said: “The safety of the travelling public is our top priority and where we are notified of cases of driver identity fraud, we take immediate licensing action so that passenger safety is not compromised. We always require the evidence behind an operator’s decision to dismiss a driver and review it along with any other relevant information as part of any decision to revoke a licence. All drivers have the right to appeal a decision to remove a licence through the Magistrates’ Court.”

The regulator has been applying pressure to Uber since 2017 when it took the (shocking to Uber) decision to revoke the company’s licence to operate — citing safety and corporate governance concerns.

Since then Uber has been able to continue to operate in the UK capital but the company remains under pressure to comply with a laundry list of requirements set by TfL as it tries to regain a full operator licence.

Commenting on the default Dutch judgement on the Uber driver terminations in a statement, James Farrar, director of WIE, accused gig platforms of “hiding management control in algorithms”.

“For the Uber drivers robbed of their jobs and livelihoods this has been a dystopian nightmare come true,” he said. “They were publicly accused of ‘fraudulent activity’ on the back of poorly governed use of bad technology. This case is a wake-up call for lawmakers about the abuse of surveillance technology now proliferating in the gig economy. In the aftermath of the recent UK Supreme Court ruling on worker rights gig economy platforms are hiding management control in algorithms. This is misclassification 2.0.”

In another supporting statement, Yaseen Aslam, president of the ADCU, added: “I am deeply concerned about the complicit role Transport for London has played in this catastrophe. They have encouraged Uber to introduce surveillance technology as a price for keeping their operator’s license and the result has been devastating for a TfL licensed workforce that is 94% BAME. The Mayor of London must step in and guarantee the rights and freedoms of Uber drivers licensed under his administration.”  

When pressed on the driver termination challenge being specifically targeted at its Hybrid Real-Time ID system, Uber declined to comment in greater detail — claiming the case is “now a live court case again”.

But its spokesman suggested it will seek to apply the same defence against the earlier ‘robo-firing’ charge — when it argued its anti-fraud systems do not equate to automated decision making under EU law because “meaningful human involvement [is] involved in decisions of this nature”.

 

Clim8 raises $8M from 7pc Ventures, launches climate-focused investing app for retail investors

By Mike Butcher

Ethical investing remains something of a confusing maze, with a great deal of ‘greenwashing’ going on. A new UK startup is hoping to fix that with the launch of its new app and platform for retail investors.

Clim8 Invest has raised $8 million from 7pc Ventures (early backers of Oculus, acquired by Facebook),  British Business Bank Future Fund and a numbers of technology entrepreneurs and executives including Marcus Exall (Monese), Marcus Mosen (N26),  Paul Willmott (Lego Digital, McKinsey), Doug Scott (Redbrain), Matt Wilkins (Thought Machine), Andrew Cocker (Skyscanner), Steve Thomson (Redbrain), Monica Kalia (Neyber, Goldman Sachs), Doug Monro (Adzuna), Erik Nygard (Limejump).

Consumers will be able to invest in companies and supply chains that are focused on tackling climate change. It will be competing with similar startups in the space such as London-based Tickr (backed by $3m from Ada Ventures), Helios in Paris, and Yova in Zurich.

Duncan Grierson, CEO of Clim8 said in a statement: “We are launching at an exciting time for sustainable investing. 2020 was an exceptional year for environmentally-focused investment offerings, as investors looked harder at climate-related opportunities. Sustainable investments have continued to outperform markets since the beginning of the Covid-19 Crisis and we believe this will continue.”

Grierson has 20 years of experience in the green space and was a winner of the EY Entrepreneur of Year Cleantech award.

The startup will take advantage of new, higher EU rules around the disclosure requirements for sustainable investment funds. Users can choose between either stocks and shares ISAs (up to £20k) or a taxable general investment account.

Austin’s newest unicorn: The Zebra raises $150M after doubling revenue in 2020

By Mary Ann Azevedo

The Zebra, an Austin-based company that operates an insurance comparison site, has raised $150 million in a Series D round that propels it into unicorn territory.

Both the round size and valuation are a substantial bump from the $38.5 million Series C that Austin-based The Zebra raised in February of 2020. (The company would not disclose its valuation at that time, saying now only that its new valuation of over $1 billion is a “nice step up.”)

The Zebra also would not disclose the name of the firm that led its Series D round, but sources familiar with the deal said it was London-based Hedosophia. Existing backers Weatherford Capital and Accel also participated in the funding event.

The round size also is bigger than all of The Zebra’s prior rounds combined, bringing the company’s total raised to $261.5 million since its 2012 inception. Previous backers also include Silverton Partners, Ballast Point Ventures, Daher Capital, Floodgate Fund, The Zebra CEO Keith Melnick, KDT and others. 

According to Melnick, the round was all primary, and included no debt or secondary.

The Zebra started out as a site for people looking for auto insurance via its real-time quote comparison tool. The company partners with the top 10 auto insurance carriers in the U.S. Over time, it’s also “naturally” evolved to offer homeowners insurance with the goal of eventually branching out into renters and life insurance. It recently launched a dedicated home and auto bundled product, although much of its recent growth still revolves around its core auto offering, according to Melnick.

Like many other financial services companies, The Zebra has benefited from the big consumer shift to digital services since the beginning of the COVID-19 pandemic.

And we know this because the company is one of the few that are refreshingly open about their financials. The Zebra doubled its net revenue in 2020 to $79 million compared to $37 million in 2019, according to Melnick, who is former president of travel metasearch engine Kayak. March marked the company’s highest-performing month ever, he said, with revenue totaling $12.5 million — putting the company on track to achieve an annual run rate of $150 million this year. For some context, that’s up from $8 million in September of 2020 and $6 million in May of 2020.

Also, its revenue per applicant has grown at a clip of 100% year over year, according to Melnick. And The Zebra has increased its headcount to over 325, compared to about 200 in early 2020.

“We’ve definitely improved our relationships with carriers and seen more carrier participation as they continue to embrace our model,” Melnick said. “And we’ve leaned more into brand marketing efforts.”

The Zebra CEO Keith Melnick. Image courtesy of The Zebra

The company was even profitable for a couple of months last year, somewhat “unintentionally,” according to Melnick.

“We’re not highly unprofitable or burning through money like crazy,” he told TechCrunch. “This new raise wasn’t to fund operations. It’s more about accelerating growth and some of our product plans. We’re pulling forward things that were planned for later in time. We still had a nice chunk of money sitting on our balance sheet.”

The company also plans to use its new capital to do more hiring and focus strongly on continuing to build The Zebra’s brand, according to Melnick. Some of the things the company is planning include a national advertising campaign and adding tools and information so it can serve as an “insurance advisor,” and not just a site that refers people to carriers. It’s also planning to create more “personalized experiences and results” via machine learning.

“We are accelerating our efforts to make The Zebra a household name,” Melnick said. “And we want a deeper connection with our users.” It also aims to be there for a consumer through their lifecycle — as they move from being renters to homeowners, for example.

And while an IPO is not out of the question, he emphasizes that it’s not the company’s main objective at this time.

“I definitely try not to get locked on to a particular exit strategy. I just want to make sure we continue to build the best company we can. And then, I think the exit will make itself apparent,” Melnick said. “I’m not blind and am very aware that public market valuations are strong right now and that may be the right decision for us, but for now, that’s not the ultimate goal for me.”

To the CEO, there’s still plenty of runway.

“This is a big milestone, but I do feel like for us that this is just the beginning,” he said. “We’ve just scratched the surface of it.”

Early investor Mark Cuban believes the company is at an inflection point.

” ‘Startup’ isn’t the right word anymore,” he said in a written statement. “The Zebra is a full fledged tech company that is taking on – and solving – some of the biggest challenges in the $638B insurance industry.”

Accel Partner John Locke said the firm has tripled down on its investment in The Zebra because of its confidence in not only what the company is doing but also its potential.

“In an increasingly noisy insurance landscape that includes insurtechs and traditional carriers, giving consumers the ability to compare everything in one place is is more and more valuable,” he told TechCrunch. “I think The Zebra has really seized the mantle of becoming the go-to site for people to compare insurance and then that’s showing up in the numbers, referral traffic and fundraise interest.”

Facebook takes down 16,000 groups trading fake reviews after another poke by UK’s CMA

By Natasha Lomas

Facebook has removed 16,000 groups that were trading fake reviews on its platform after another intervention by the UK’s Competition and Markets Authority (CMA), the regulator said today.

The CMA has been leaning on tech giants to prevent their platforms being used as thriving marketplaces for selling fake reviews since it began investigating the issue in 2018 — pressuring both eBay and Facebook to act against fake review sellers back in 2019.

The two companies pledged to do more to tackle the insidious trade last year, after coming under further pressure from the regulator — which found that Facebook-owned Instagram was also a thriving hub of fake review trades.

The latest intervention by the CMA looks considerably more substantial than last year’s action — when Facebook removed a mere 188 groups and disabled 24 user accounts. Although it’s not clear how many accounts the tech giant has banned and/or suspended this time it has removed orders of magnitude more groups. (We’ve asked.)

Facebook was contacted with questions but it did not answer what we asked directly, sending us this statement instead:

“We have engaged extensively with the CMA to address this issue. Fraudulent and deceptive activity is not allowed on our platforms, including offering or trading fake reviews. Our safety and security teams are continually working to help prevent these practices.”

Since the CMA has been raising the issue of fake review trading, Facebook has been repeatedly criticised for not doing enough to clean up its platforms, plural.

Today the regulator said the social media giant has made further changes to the systems it uses for “identifying, removing and preventing the trading of fake and/or misleading reviews on its platforms to ensure it is fulfilling its previous commitments”.

It’s not clear why it’s taken Facebook well over a year — and a number of high profile interventions — to dial up action against the trade in fake reviews. But the company suggested that the resources it has available to tackle the problem had been strained as a result of the COVID-19 pandemic and associated impacts, such as home working. (Facebook’s full year revenue increased in 2020 but so too did its expenses.)

According to the CMA changes Facebook has made to its system for combating traders of fake reviews include:

  • suspending or banning users who are repeatedly creating Facebook groups and Instagram profiles that promote, encourage or facilitate fake and misleading reviews
  • introducing new automated processes that will improve the detection and removal of this content
  • making it harder for people to use Facebook’s search tools to find fake and misleading review groups and profiles on Facebook and Instagram
  • putting in place dedicated processes to make sure that these changes continue to work effectively and stop the problems from reappearing

Again it’s not clear why Facebook would not have already been suspending or banning repeat offenders — at least, not if it was actually taking good faith action to genuinely quash the problem, rather than seeing if it could get away with doing the bare minimum.

Commenting in a statement, Andrea Coscelli, chief executive of the CMA, essentially makes that point, saying: “Facebook has a duty to do all it can to stop the trading of such content on its platforms. After we intervened again, the company made significant changes — but it is disappointing it has taken them over a year to fix these issues.”

“We will continue to keep a close eye on Facebook, including its Instagram business. Should we find it is failing to honour its commitments, we will not hesitate to take further action,” Coscelli added.

A quick search on Facebook’s platform for UK groups trading in fake reviews appears to return fewer obviously dubious results than when we’ve checked in on this problem in 2019 and 2020. Although the results that were returned included a number of private groups so it was not immediately possible to verify what content is being solicited from members.

We did also find a number of Facebook groups offering Amazon reviews intended for other European markets, such as France and Spain (and in one public group aimed at Amazon Spain we found someone offering a “fee” via PayPal for a review; see below screengrab) — suggesting Facebook isn’t applying the same level of attention to tackling fake reviews that are being traded by users in markets where it’s faced fewer regulatory pokes than it has in the UK.

Screengrab: TechCrunch

Education nonprofit Edraak ignored a student data leak for two months

By Zack Whittaker

Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake.

The non-profit, founded by Jordan’s Queen Rania and headquartered in the kingdom’s capital, was set up in 2013 to promote education across the Arab region. The organization works with several partners, including the British Council and edX, a consortium set up by Harvard, Stanford, and MIT.

In February, researchers at U.K. cybersecurity firm TurgenSec found one of Edraak’s cloud storage servers containing at least tens of thousands of students’ data, including spreadsheets with students’ names, email addresses, gender, birth year, country of nationality, and some class grades.

TurgenSec, which runs Breaches.UK, a site for disclosing security incidents, alerted Edraak to the security lapse. A week later, their email was acknowledged by the organization but the data continued to spill. Emails seen by TechCrunch show the researchers tried to alert others who worked at the organization via LinkedIn requests, and its partners, including the British Council.

Two months passed and the server remained open. At its request, TechCrunch contacted Edraak, which closed the servers a few hours later.

In an email this week, Edraak chief executive Sherif Halawa told TechCrunch that the storage server was “meant to be publicly accessible, and to host public course content assets, such as course images, videos, and educational files,” but that “student data is never intentionally placed in this bucket.”

“Due to an unfortunate configuration bug, however, some academic data and student information exports were accidentally placed in the bucket,” Halawa confirmed.

“Unfortunately our initial scan did not locate the misplaced data that made it there accidentally. We attributed the elements in the Breaches.UK email to regular student uploads. We have now located these misplaced reports today and addressed the issue,” Halawa said.

The server is now closed off to public access.

It’s not clear why Edraak ignored the researchers’ initial email, which disclosed the location of the unprotected server, or why the organization’s response was not to ask for more details. When reached, British Council spokesperson Catherine Bowden said the organization received an email from TurgenSec but mistook it for a phishing email.

Edraak’s CEO Halawa said that the organization had already begun notifying affected students about the incident, and put out a blog post on Thursday.

Last year, TurgenSec found an unencrypted customer database belonging to U.K. internet provider Virgin Media that was left online by mistake, containing records linking some customers to adult and explicit websites.

More from TechCrunch:


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

Private chef parties at home startup Yhangry raises $1.5M seed from VC angels and Ollie Locke

By Mike Butcher

There’s an “uber for everything” these days and now there are “Ubers for personal chefs”. Just take a look at PopTop or 100 Pleats for instance. Now in London, there is Yhangry (which brands itself as the appropriately shouty YHANGRY). This is a “private chef parties at home” website, and no doubt an app at some point. The startup has now raised a $1.5 million seed round from a number of notable UK angels which also includes a few UK VCs for good measure, as well as ‘Made In Chelsea’ TV star Ollie Locke.

Founders Heinin Zhang and Siddhi Mittal created the startup before the pandemic, which lets people order a made-to-measure dinner party online. Although it trundled along until Covid, it had to pivot into virtual chef classes during lockdowns last year and this. The company is now poised to take advantage of London’s unlocking, which will see legal outdoor and indoor dining return.

The startup also speaks to the decentralization of experiences going on in the wake of the pandemic. In 2019 we were working out in gyms and going to restaurants. In 2021 we are working out at home and bringing the restaurant to us.

Normally booking private dinner parties involves a lot of hassle. The idea here is that Yhangry makes the whole affair as easy to order as an Uber Eats or Deliveroo.

Investors in the Seed round include Carmen Rico (Blossom Capital), Eileen Burbidge (Passion Capital), Orson Stadler (Antler) and Martin Mignot (Index Ventures), Made In Chelsea star Ollie Locke, plus fellow tech founders including Jack Tang (Urban), Adnan Ebrahim (MindLabs), Alex Fitzgerald (Cuckoo Internet), Georgina Kirby (Vinehealth) and Deepali Nangia (Alma Angels). Yhangry’s statement said all the investors are also keen customers. I bet they are.

Co-founder Mittal said in a statement: “By making private chef experiences more accessible and affordable, our customers regularly tell us they are finally able to catch up with friends at home… 70% of our customers have never had a private chef before and for them, the freedom and flexibility to curate their own evening is priceless.”

Yhangry now has 130 chefs on its books. Chefs have to pass a cooking trial and adhere to Covid rules. The funding will be used to double the size of the startup’s team.

The menus start at £17pp for six people. The price of the booking covers everything, including the cost of the fresh ingredients, but customers can add extras, such as wine etc. Since its launch in December 2019, the firm says it has served more than 7,000 Londoners.

Yhangry says it will enter key European markets, such as Paris, Berlin, Lisbon and Barcelona.

How will Yhangry survive post-Covid, with restaurants/bars opening up again?

Mittal said: “When restaurants were open between our launch and March 2020, we saw demand because people want to be able to spend time with their friends in a relaxed setting, and aren’t limited to the two-hour slot you get in a restaurant. Once places start to open up again, we believe Yhangry will follow this trend of at-home dining and socializing – not to mention for people who are not ready yet to go out to a busy pub or restaurant.”

Hiro Capital puts $2.3M into team sports tracking platform PlayerData — as does Sir Terry Leahy

By Mike Butcher

Hiro Capital has gradually been making a name for itself as an investor in the area know as ‘Digital Sports’ or DSports for shorts. It’s now led a $2.3m funding round in PlayerData. While the round might sound small, the area it’s going into is large and growing. Also investing in the round is Sir Terry Leahy, previously the CEO of Tesco, the largest British retailer.

Edinburgh, UK-based PlayerData uses wearable technology and software tracking to give grass-roots and professional sports teams feedback on their training. It can, for instance, allow coaches to replay key moments from a game, even modeling different outcomes based on player positioning.

This is Hiro Capital’s 4th DSports and ‘connected fitness’ investment, and it joins Zwift, FitXR and NURVV. Hiro has also invested in eight games startups in the UK, USA and Europe, as befits the heritage of cofounder and partner Ian Livingstone, OBE,CBE, who is the former chairman of Tomb Raider publisher Eidos plc and all-round gaming pioneer.

PlayerData says it has captured more than 10,000 team sessions across UK soccer and rugby, and logged over 50 million meters of play. It also has strong network effects, it says. Every time a new team encounters one using Playerdata’s platform, it generates 5 more clubs as users.

Roy Hotrabhvanon is cofounder and CEO of PlayerData, and is a former international-level archer. He’s joined by Hayden Ball, cofounder and CTO, a firmware and cloud infrastructure expert.

In a statement Hotrabhvanon said: “Our mission is to bring fine-grained data and insight to clubs across team sports, helping them supercharge their game-making, improve player performance, and avoid injury… Our ultimate goal is to implement cutting-edge insights from pioneering wearables that are applicable to any team in any discipline at any level.”

Cherry Freeman, co-founding Partner at Hiro says: “PlayerData ticks all of our key boxes: a huge TAM with over 3m grass-roots clubs; a deep moat built on shared player data, machine learning and highly actionable predictive algorithms; compelling customer network effects; and a really impressive yet humble founding team.”

The PlayerData news forms part of a wider growth in digital sports, which includes such breakout names as Peloton, Tonal, Mirror, as well as Hiro’s portfolio investment, Zwift. With the pandemic putting an emphasison both home workouts and general health, the fascination with digital measurement of performance now has a growing grip on the sector.

Speaking to TechCrunch, Freeman added: “We think there are something like 3 million teams that are potential customers for PlayerData. Obviously the number of runners is enormous, and they only need to get a small slice of that market to have a very, very large business. At the end of the day everyone, everyone works out, even if you just go for a walk, so the target market’s huge and they started with running but their technology is applicable to a whole raft of other sports.”

UK’s Digital Markets Unit starts work on pro-competition reforms

By Natasha Lomas

A new UK public body that will be tasked with helping regulate the most powerful companies in the digital sector to ensure competition thrives online and consumers of digital services have more choice and control over their data has launched today.

The Digital Markets Unit (DMU), which was announced in November last year — following a number of market reviews and studies examining concerns about the concentration of digital market power — does not yet have statutory powers itself but the government has said it will consult on the design of the new “pro-competition regime” this year and legislate to put the DMU on a statutory footing as soon as parliamentary time allows.

Concerns about the market power of adtech giants Facebook and Google are key drivers for the regulatory development.

💻 Our new Digital Markets Unit, launched today, will help make sure tech giants can’t exploit their market dominance to crowd out competition and stifle innovation online.

Find out more: https://t.co/PCBCYwuA3o pic.twitter.com/Ybvn81uuBK

— Competition & Markets Authority (@CMAgovUK) April 7, 2021

As a first job, the unit will look at how codes of conduct could work to govern the relationship between digital platforms and third parties such as small businesses which rely on them to advertise or use their services to reach customers — to feed into future digital legislation.

The role of powerful intermediary online gatekeepers is also being targeted by lawmakers in the European Union who proposed legislation at the end of last year which similarly aims to create a regulatory framework that can ensure fair dealing between platform giants and the smaller entities which do business under their terms.

The UK government said today that the DMU will take a sector neutral approach in examining the role of platforms across a range of digital markets, with a view to promoting competition.

The unit has been asked to work with the comms watchdog Ofcom, which the government named last year as its pick for regulating social media platforms under planned legislation due to be introduced this year (aka, the Online Safety Bill as it’s now called).

While that forthcoming legislation is intended to regulate a very wide range of online harms which may affect consumers — from bullying and hate speech to child sexual exploitation and other speech-related issues (raising plenty of controversy, and specific concerns about associated implications for privacy and security) — the focus for the DMU is on business impacts and consumer controls which may also have implications for competition in digital markets.

As part of its first work program, the government said the secretary of state for digital has asked the DMU to work with Ofcom to look specifically at how a code would govern the relationships between platforms and content providers such as news publishers — “including to ensure they are as fair and reasonable as possible”, as its press release puts it.

This suggests the DMU will be taking a considered look at recent legislation passed in Australia — which makes it mandatory for platforms to negotiate with news publishers to pay for reuse of their content.

Earlier this year, the head of the UK’s Competition and Markets Authority (CMA), which the DMU will sit within, told the BBC that Australia’s approach of having a backstop of mandatory arbitration if commercial negotiations between tech giants and publishers fail is a “sensible” approach.

The DMU will also work closely with the CMA’s enforcement division — which currently has a number of open investigations into tech giants, including considering complaints against Apple and Google; and an in-depth probe of Facebook’s Giphy acquisition.

Other UK regulators the government says the DMU will work closely with include the data protection watchdog (the ICO) and the Financial Conduct Authority.

It also said the unit will also coordinate with international partners, given digital competition is an issue that’s naturally globally in nature — adding that it’s already discussing its approach through bilateral engagement and as part of its G7 presidency.

“The Digital Secretary will host a meeting of digital and tech ministers in April as he seeks to build consensus for coordination on better information sharing and joining up regulatory and policy approaches,” it added.

The DMU will be led by Will Hayter, who takes up an interim head post in early May following a stint at the Cabinet Office working on Brexit transition policy. Prior to that he worked for several years at the CMU and also Ofcom, among other roles in regulatory policy.

 

Answers being sought from Facebook over latest data breach

By Natasha Lomas

Facebook’s lead data protection regulator in the European Union is seeking answers from the tech giant over a major data breach reported on over the weekend.

The breach was reported on by Business Insider on Saturday which said personal data (including email addresses and mobile phone numbers) of more than 500M Facebook accounts had been posted to a low level hacking forum — making the personal information on hundreds of millions of Facebook users’ accounts freely available.

“The exposed data includes the personal information of over 533M Facebook users from 106 countries, including over 32M records on users in the US, 11M on users in the UK, and 6M on users in India,” Business Insider said, noting that the dump includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and some email addresses.

Facebook responded to the report of the data dump by saying it related to a vulnerability in its platform it had “found and fixed” in August 2019 — dubbing the info “old data” which it also claimed had been reported on in 2019. However as security experts were quick to point out, most people don’t change their mobile phone number often — so Facebook’s trigger reaction to downplay the breach looks like an ill-thought through attempt to deflect blame.

It’s also not clear whether all the data is all ‘old’, as Facebook’s initial response suggests.

This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. https://t.co/mPCttLkjzE

— Liz Bourgeois (@Liz_Shepherd) April 3, 2021

There’s plenty of reasons for Facebook to try to downplay yet another data scandal. Not least because, under European Union data protection rules, there are stiff penalties for companies that fail to promptly report significant breaches to relevant authorities. And indeed for breaches themselves — as the bloc’s General Data Protection Regulation (GDPR) bakes in an expectation of security by design and default.

By pushing the claim that the leaked data is “old” Facebook may be hoping to peddle the idea that it predates the GDPR coming into application (in May 2018).

However the Irish Data Protection Commission (DPC), Facebook’s lead data supervisor in the EU, told TechCrunch that it’s not abundantly clear whether that’s the case at this point.

“The newly published dataset seems to comprise the original 2018 (pre-GDPR) dataset and combined with additional records, which may be from a later period,” the DPC’s deputy commissioner, Graham Doyle said in a statement.

“A significant number of the users are EU users. Much of the data appears to been data scraped some time ago from Facebook public profiles,” he also said.

“Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality. Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR.”

Doyle said the regulator sought to establish “the full facts” about the breach from Facebook over the weekend and is “continuing to do so” — making it clear that there’s an ongoing lack of clarity on the issue, despite the breach itself being claimed as “old” by Facebook.

The DPC also made it clear that it did not receive any proactive communication from Facebook on the issue — despite the GDPR putting the onus on companies to proactively inform regulators about significant data protection issues. Rather the regulator had to approach Facebook — using a number of channels to try to obtain answers from the tech giant.

Through this approach the DPC said it learnt Facebook believes the information was scraped prior to the changes it made to its platform in 2018 and 2019 in light of vulnerabilities identified in the wake of the Cambridge Analytica data misuse scandal.

A huge database of Facebook phone numbers was found unprotected online back in September 2019.

Facebook had also earlier admitted to a vulnerability with a search tool it offered — revealing in April 2018 that somewhere between 1BN and 2BN users had had their public Facebook information scraped via a feature which allowed people to look up users by inputting a phone number or email — which is one potential source for the cache of personal data.

Last year Facebook also filed a lawsuit against two companies it accused of engaging in an international data scraping operation.

But the fallout from its poor security design choices continue to dog Facebook years after its ‘fix’.

More importantly, the fallout from the massive personal data spill continues to affect Facebook users whose information is now being openly offered for download on the Internet — opening them up to the risk of spam and phishing attacks and other forms of social engineering (such as for attempted identity theft).

There are still more questions than answers about how this “old” cache of Facebook data came to be published online for free on a hacker forum.

The DPC said it was told by Facebook that “the data at issue appears to have been collated by third parties and potentially stems from multiple sources”.

The company also claimed the matter “requires extensive investigation to establish its provenance with a level of confidence sufficient to provide your Office and our users with additional information” — which is a long way of suggesting that Facebook has no idea either.

“Facebook assures the DPC it is giving highest priority to providing firm answers to the DPC,” Doyle also said. “A percentage of the records released on the hacker website contain phone numbers and email address of users.

“Risks arise for users who may be spammed for marketing purposes but equally users need to be vigilant in relation to any services they use that require authentication using a person’s phone number or email address in case third parties are attempting to gain access.”

“The DPC will communicate further facts as it receives information from Facebook,” he added.

At the time of writing Facebook had not responded to a request for comment about the breach.

Facebook users who are concerned whether their information is in the dump can run a search for their phone number or email address via the data breach advice site, haveibeenpwned.

According to haveibeenpwned’s Troy Hunt, this latest Facebook data dump contains far more mobile phone numbers than email addresses.

He writes that he was sent the data a few weeks ago — initially getting 370M records and later “the larger corpus which is now in very broad circulation”.

“A lot of it is the same, but a lot of it is also different,” Hunt also notes, adding: “There is not one clear source of this data.”

 

UK’s antitrust watchdog takes a closer look at Facebook-Giphy

By Natasha Lomas

Potential threats to the free flow of GIFs continue to trouble the UK’s competition watchdog.

Facebook’s $400M purchase of Giphy, announced last year, is now facing an in-depth probe by the CMA after the regulator found the acquisition raises competition concerns related to digital advertising. It now has until September 15 to investigate and report.

The watchdog took a first look at the deal last summer. It kept on looking into 2021. And then last week the CMA laid out its concerns — saying the (already completed) Facebook-Giphy acquisition could further reduce competition in the digital advertising market where the former is already a kingpin player (with over 50% share of the display advertising market).

The regulator said it had found evidence that, prior to the acquisition, Giphy had planned to expand its own digital advertising partnerships to other countries, including the UK.

“If Giphy and Facebook remain merged, Giphy could have less incentive to expand its digital advertising, leading to a loss of potential competition in this market,” it wrote a week ago.

The CMA also said it was worried a Facebook-owned Giphy could harm social media rivals were the tech giant were to squeeze the supply of animated pixels to others — or require rivals to sign up to worse terms (such as forcing them to hand over user data which it might then use to further fuel its ad targeting engines, gaining yet more market power).

On March 25 the companies were given five days by the regulator to address its concerns — by offering legally binding proposals intended to allay concerns.

An in-depth ‘phase 2’ investigation could have been avoided if concessions were offered which were acceptable to the regulator but that is evidently not the case as the CMA has announced the phase 2 referral today. And given the announcement has come just five working days after the last notification it appears no concessions were offered.

We’ve reached out to Facebook and the CMA for comment.

A Facebook spokesperson said: “We will continue to fully cooperate with the CMA’s investigation. This merger is good for competition and in the interests of everyone in the UK who uses Giphy and our services — from developers to service providers to content creators.”

While Facebook has already completed its acquisition of Giphy, the CMA’s investigation continues to put a freeze on its ability to integrate Giphy more deeply into its wider business empire.

Albeit, given Facebook’s dominant position in the digital advertising space, its business need to move fast via product innovation is a lot less pressing than years past — when it was building its market dominance free from regulatory intervention.

In recent years, the CMA has been paying close mind to the digital ad market. Back in 2019 it reported report substantial concerns over the power of the adtech duopoly, Google and Facebook. Although in its final report it said it would wait for the government to legislate, rather than make an intervention to address market power imbalances itself.

The UK is now in the process of setting up a pro-competition regulator with a dedicated focus on big tech — in response to concerns about the ‘winner takes all’ dynamics seen in digital markets. This incoming Digital Market Unit will oversee a “pro-competition” regime for Internet platforms that will see fresh compliance requirements in the coming years.

In the meanwhile, the CMA continues to scrutinize tech deals and strategic changes — including recently opening a probe of Google’s plan to depreciate support for third party cookies in Chrome after complaints from other industry players.

In January it also announced it was taking a look at Uber’s plan to acquire Autocab. However on Monday it cleared that deal, finding only “limited indirect” competition between the pair, and not finding evidence to indicate Autocab was likely to become a significant and more direct competitor to Uber in the future.

The regulator also considered whether Autocab and Uber could seek to put Autocab’s taxi company customers that compete against Uber at a disadvantage by reducing the quality of the booking and dispatch software sold to them, or by forcing them to pass data to Uber. But its phase 1 probe found other credible software suppliers and referral networks that the CMA said these taxi companies could switch to if Uber were to act in such a way — leading to it to clear the deal.

Facebook gets a C – Startup rates the ‘ethics’ of social media platforms, targets asset managers

By Mike Butcher

By now you’ve probably heard of ESG (Environmental, Social, Governance) ratings for companies, or ratings for their carbon footprint. Well, now a UK company has come up with a way of rating the ‘ethics’ social media companies. 
  
EthicsGrade is an ESG ratings agency, focusing on AI governance. Headed up Charles Radclyffe, the former head of AI at Fidelity, it uses AI-driven models to create a more complete picture of the ESG of organizations, harnessing Natural Language Processing to automate the analysis of huge data sets. This includes tracking controversial topics, and public statements.

Frustrated with the green-washing of some ‘environmental’ stocks, Radclyffe realized that the AI governance of social media companies was not being properly considered, despite presenting an enormous risk to investors in the wake of such scandals as the manipulation of Facebook by companies such as Cambridge Analytica during the US Election and the UK’s Brexit referendum.

EthicsGrade Industry Summary Scorecard – Social Media

The idea is that these ratings are used by companies to better see where they should improve. But the twist is that asset managers can also see where the risks of AI might lie.

Speaking to TechCrunch he said: “While at Fidelity I got a reputation within the firm for being the go-to person, for my colleagues in the investment team, who wanted to understand the risks within the technology firms that we were investing in. After being asked a number of times about some dodgy facial recognition company or a social media platform, I realized there was actually a massive absence of data around this stuff as opposed to anecdotal evidence.”

He says that when he left Fidelity he decided EthicsGrade would out to cover not just ESGs but also AI ethics for platforms that are driven by algorithms.

He told me: “We’ve built a model to analyze technology governance. We’ve covered 20 industries. So most of what we’ve published so far has been non-tech companies because these are risks that are inherent in many other industries, other than simply social media or big tech. But over the next couple of weeks, we’re going live with our data on things which are directly related to tech, starting with social media.”

Essentially, what they are doing is a big parallel with what is being done in the ESG space.

“The question we want to be able to answer is how does Tik Tok compare against Twitter or Wechat as against WhatsApp. And what we’ve essentially found is that things like GDPR have done a lot of good in terms of raising the bar on questions like data privacy and data governance. But in a lot of the other areas that we cover, such as ethical risk or a firm’s approach to public policy, are indeed technical questions about risk management,” says Radclyffe.

But, of course, they are effectively rating algorithms. Are the ratings they are giving the social platforms themselves derived from algorithms? EthicsGrade says they are training their own AI through NLP as they go so that they can automate what is currently very human analysts centric, just as ‘sustainalytics’ et al did years ago in the environmental arena.

So how are they coming up with these ratings? EthicsGrade says are evaluating “the extent to which organizations implement transparent and democratic values, ensure informed consent and risk management protocols, and establish a positive environment for error and improvement.” And this is all achieved, they say, all through publicly available data – policy, website, lobbying etc. In simple terms, they rate the governance of the AI not necessarily the algorithms themselves but what checks and balances are in place to ensure that the outcomes and inputs are ethical and managed.

“Our goal really is to target asset owners and asset managers,” says Radclyffe. “So if you look at any of these firms like, let’s say Twitter, 29% of Twitter is owned by five organizations: it’s Vanguard, Morgan Stanley, Blackrock, State Street and ClearBridge. If you look at the ownership structure of Facebook or Microsoft, it’s the same firms: Fidelity, Vanguard and BlackRock. And so really we only need to win a couple of hearts and minds, we just need to convince the asset owners and the asset managers that questions like the ones journalists have been asking for years are pertinent and relevant to their portfolios and that’s really how we’re planning to make our impact.”

Asked if they look at content of things like Tweets, he said no: “We don’t look at content. What we concern ourselves is how they govern their technology, and where we can find evidence of that. So what we do is we write to each firm with our rating, with our assessment of them. We make it very clear that it’s based on publicly available data. And then we invite them to complete a survey. Essentially, that survey helps us validate data of these firms. Microsoft is the only one that’s completed the survey.”

Ideally, firms will “verify the information, that they’ve got a particular process in place to make sure that things are well-managed and their algorithms don’t become discriminatory.”

In an age increasingly driven by algorithms, it will be interesting to see if this idea of rating them for risk takes off, especially amongst asset managers.

Google promises better 3D maps

By Frederic Lardinois

Google is announcing a handful of major updates to Google Maps today that range from bringing its Live View AR directions indoors to adding weather data to its maps, but the most tantalizing news — which in typical Google fashion doesn’t have an ETA just yet — is that Google plans to bring a vastly improved 3D layer to Google maps.

Using photogrammetry, the same technology that also allows Microsoft’s Flight Simulator to render large swaths of the world in detail, Google is also building a model of the world for its Maps service.

“We’re going to continue to improve that technology that helps us fuse together the billions of aerials, StreetView and satellite images that we have to really help us move from that flat 2D map to a more accurate 3D model than we’ve ever had. And be able to do that more quickly. And to bring more detail to it than we’ve ever been able to do before,” Dane Glasgow, Google’s VP for Geo Product Experience, said in a press event ahead of today’s announcement. He noted that this 3D layer will allow the company to visualize all its data in new and interesting ways.

Image Credits: Google

How exactly this will play out in reality remains to be seen, but Glasgow showed off a new 3D route preview, for example, with all of the typically mapping data overlayed on top of the 3D map.

Glasgow also noted that this technology will allow Google to parse out small features like stoplights and building addresses, which in turn will result in better directions.

“We also think that the 3D imagery will allow us to visualize a lot of new information and data overlaid on top, you know, everything from helpful information like traffic or accidents, transit delays, crowdedness — there’s lots of potential here to bring new information,” he explained.

Image Credits: Google

As for the more immediate future, Google announced a handful of new features today that are all going to roll out in the coming months. Indoor Live View is the flashiest of these. Google’s existing AR Live View walking directions currently only work outdoors, but thanks to some advances in its technology to recognize where exactly you are (even without a good GPS signal), the company is now able to bring this indoors. This feature is already live in some malls in the U.S. in Chicago, Long Island, Los Angeles, Newark, San Francisco, San Jose, and Seattle, but in the coming months, it’ll come to select airports, malls and transit stations in Tokyo and Zurich as well (just in time for vaccines to arrive and travel to — maybe — rebound). Because Google is able to locate you by comparing the images around you to its database, it can also tell what floor you are on and hence guide you to your gate at the Zurich airport, for example (though in my experience, there are few places with better signage than airports…).

Also new are layers for weather data (but not weather radar) and air quality in Google Maps. The weather layer will be available globally on Android and iOS in the coming months, with the air quality layer only launching for Australia, India and the U.S. at first.

Image Credits: Google

Talking about air quality, Google Maps will also get a new eco-friendly routing option that lets you pick the driving route that produces the least CO2 (coming to Android and iOS later this year), and it will finally feature support for low emission zones, a feature of many a European City. Low emission zones on Google Maps will launch in June in Germany, France, Spain and the UK on Android and iOS. More countries will follow later.

And to bring this all together, Google will update its directions interface to show you all of the possible modes of transportations and routing options, prioritized based on your own preferences, as well as based on what’s popular in the city you are in (think he subway in NYC or bike-sharing in Portland).

Also new are more integrated options for curbside grocery pickups in partnership with Instacart and Albertsons, if that’s your thing.

And there you have it. As is so often the case with Google’s announcement, the most exciting new features the company showed off don’t have an ETA and may never launch, but until then you can hold yourself over by getting your weather forecasts on Google Maps.

Men’s health startup Manual raises $30M Series A from US and European investors

By Mike Butcher

Men’s health and wellbeing startup Manual has raised a $30m Series A round from US-based Sonoma Brands and Waldencast, and Manual’s existing European investors Felix Capital and Cherry Ventures. FJ Labs and the GISEV Family Office also participated in the round. The cash will be used for product development and international expansion. Manual provides diagnostics, treatments and ongoing care and plans to expand across Europe, Asia and Latin America. The company has already expanded to Brazil.

Manual is competing with Numan (raised $13M), also from the UK (Manual launched a month earlier than them). In the US it is competing with Ro (raised $876.1M) and Hims (listed). All these brands tend to focus on issues like vitamins and erectile dysfunction, with the, often common refrain of, ‘normalizing’ the idea that men should look after themselves better, across a number of fronts and removing stigma’s around sexual health. It performs blood tests and other tests to analyze heart health, gut health, testosterone, sleep, energy, and immunity. They are pushing at a large market, as men historically avoid doctors.

Manual app

Manual app

George Pallis, CEO and Founder, previously led marketing at Wise and Deliveroo. In a statement he said: “We’ve been encouraged to see men of all ages increasingly turning to Manual to solve multiple health problems, with almost half of our customers seeking help for more than one issue. It’s clear that a health concern may have more than one cause, and we can provide customers with the ability to treat their health in a more holistic way. Using different treatments to understand and improve their wellbeing.”

Speaking to during an interview Pallis added: “We built our own teleconsultation product and have different applications for the blood test offering. When you get your results we will offer a clinician, we’ll walk you through all the data and the learnings. We offer tools where people can monitor their progress and have regular check-ins with our medical team.”

Antoine Nussenbaum, co-Founder and partner of Felix Capital, commented: “There is still much work to be done to remove the taboo when it comes to men looking after their wellbeing and talking openly about health concerns. But we’re starting to see a shift happen amongst consumers.”

Kevin Murphy, Managing Director of Sonoma Brands, commented: “Manual exists to empower men to take better care of themselves and to live fuller lives by doing so. George and his team have the clarity of vision and the skill to make Manual a leader in this exciting and important area.”

FatFace tells customers to keep its data breach ‘strictly private’

By Zack Whittaker

Clothing giant FatFace had a data breach, but doesn’t want you to tell anyone about it.

The company sent an email to customers this week disclosing that it first detected a breach on January 17. A hacker made off with the customer’s name, email and postal address, and the last four-digits of their credit card. “Full payment card information was not compromised,” the notice reiterated.

But despite going out to thousands of customers, the email said to “keep this email and the information included within it strictly private and confidential,” an entirely unenforceable request.

Under the U.K. data protection laws, a company must disclose a data breach within 72 hours of becoming aware of an incident, but there are no legal requirements on the customer to keep the information confidential. It didn’t take long for the company to face flack from the public. The company didn’t have much to say in response, asking instead to “DM us with any questions.”

Through a spokesperson at a crisis communications firm, FatFat said: “The notification email was marked private and confidential due to the nature of the communication, which was intended for the individual concerned. Given its contents, we wanted to make this clear, which is why we marked it private and confidential.”

TechCrunch obtained a near-identical email sent to its staff from a former employee who asked not to be named. The email to employees was largely the same as the customer email, but warned that staff may have had their bank account information and their National Insurance numbers — the U.K. equivalent of Social Security — compromised.

FatFace confirmed “a select number of employees, former employees and customers and providing appropriate guidance and support,” but would not say specifically how many customers and employees were affected by the breach.

Astroscale launches its ELSA-d orbital debris removal satellite

By Darrell Etherington

Space startup Astroscale has launched ELSA-d, the demonstration mission for its End-of-Life Services by Astroscale (ELSA) technology, which aims to dock with, and then safely remove, orbital debris. Astroscale’s demonstrator package includes two separate payloads, a servicer that represents its future production spacecraft, and a ‘client’ satellite that’s meant to represent the debris satellites it’ll be de-orbiting on behalf of customers in future.

The Astrocale payload was launched via a Soyuz rocket that took off early this morning from Kazakhstan carrying 38 commercial satellites from 18 countries. It’s the first Astroscale spacecraft to reach orbit, since the startup’s founding in 2013 by Japanese entrepreneur Nobu Okada. Astroscale had launched a micro satellite designed to measure small-scale debris in 2017, but all 18 of the satellites on that particular mission failed to reach orbit, due to human error in the launch vehicle’s programming.

This ELSA-d mission is a much more ambitious effort, and involves what amounts to an active on-orbit demonstration of the technology that Astroscale ultimately hopes to commercialize. The mission profile includes repeat docking and release maneuvers between the servicer satellite and the simulated client satellite, which is equipped with a ferromagnetic plate to assist the servicer with its magnetic docking procedure.

Astroscale hopes to prove out a range of its advertised capabilities with this demonstration, including the servicer’s ability to search out and located the client satellite, inspect it for damage, and then dock with it as mentioned, in both non-tumbling and tumbling scenarios (ie., a payload that’s maintaining a stable orbit, and one that’s spinning end-over-end in space with no ability to control its own attitude).

There’s a lot riding on this mission, which will be controlled from a ground center established by Astroscale in the UK. Aside from its long-term commercial ambitions, the startup is also contracted to partner with JAXA on the Japanese space agency’s first orbital debris removal mission, which aims to be the first in the world to remove a large object from orbit, representing the spent upper stage of a launch rocket.

❌