Hello friends, and welcome back to Week in Review.
Last week, we dove into the truly bizarre machinations of the NFT market. This week, we’re talking about something that’s a little bit more impactful on the current state of the web — Apple’s NeuralHash kerfuffle.
In the past month, Apple did something it generally has done an exceptional job avoiding — the company made what seemed to be an entirely unforced error.
In early August — seemingly out of nowhere** — the company announced that by the end of the year they would be rolling out a technology called NeuralHash that actively scanned the libraries of all iCloud Photos users, seeking out image hashes that matched known images of child sexual abuse material (CSAM). For obvious reasons, the on-device scanning could not be opted out of.
This announcement was not coordinated with other major consumer tech giants, Apple pushed forward on the announcement alone.
Researchers and advocacy groups had almost unilaterally negative feedback for the effort, raising concerns that this could create new abuse channels for actors like governments to detect on-device information that they regarded as objectionable. As my colleague Zach noted in a recent story, “The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology.”
(The announcement also reportedly generated some controversy inside of Apple.)
The issue — of course — wasn’t that Apple was looking at find ways that prevented the proliferation of CSAM while making as few device security concessions as possible. The issue was that Apple was unilaterally making a massive choice that would affect billions of customers (while likely pushing competitors towards similar solutions), and was doing so without external public input about possible ramifications or necessary safeguards.
A long story short, over the past month researchers discovered Apple’s NeuralHash wasn’t as air tight as hoped and the company announced Friday that it was delaying the rollout “to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”
Having spent several years in the tech media, I will say that the only reason to release news on a Friday morning ahead of a long weekend is to ensure that the announcement is read and seen by as few people as possible, and it’s clear why they’d want that. It’s a major embarrassment for Apple, and as with any delayed rollout like this, it’s a sign that their internal teams weren’t adequately prepared and lacked the ideological diversity to gauge the scope of the issue that they were tackling. This isn’t really a dig at Apple’s team building this so much as it’s a dig on Apple trying to solve a problem like this inside the Apple Park vacuum while adhering to its annual iOS release schedule.
Image Credits: Bryce Durbin / TechCrunch /
Apple is increasingly looking to make privacy a key selling point for the iOS ecosystem, and as a result of this productization, has pushed development of privacy-centric features towards the same secrecy its surface-level design changes command. In June, Apple announced iCloud+ and raised some eyebrows when they shared that certain new privacy-centric features would only be available to iPhone users who paid for additional subscription services.
You obviously can’t tap public opinion for every product update, but perhaps wide-ranging and trail-blazing security and privacy features should be treated a bit differently than the average product update. Apple’s lack of engagement with research and advocacy groups on NeuralHash was pretty egregious and certainly raises some questions about whether the company fully respects how the choices they make for iOS affect the broader internet.
Delaying the feature’s rollout is a good thing, but let’s all hope they take that time to reflect more broadly as well.
** Though the announcement was a surprise to many, Apple’s development of this feature wasn’t coming completely out of nowhere. Those at the top of Apple likely felt that the winds of global tech regulation might be shifting towards outright bans of some methods of encryption in some of its biggest markets.
Back in October of 2020, then United States AG Bill Barr joined representatives from the UK, New Zealand, Australia, Canada, India and Japan in signing a letter raising major concerns about how implementations of encryption tech posed “significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.” The letter effectively called on tech industry companies to get creative in how they tackled this problem.
Here are the TechCrunch news stories that especially caught my eye this week:
LinkedIn kills Stories
You may be shocked to hear that LinkedIn even had a Stories-like product on their platform, but if you did already know that they were testing Stories, you likely won’t be so surprised to hear that the test didn’t pan out too well. The company announced this week that they’ll be suspending the feature at the end of the month. RIP.
FAA grounds Virgin Galactic over questions about Branson flight
While all appeared to go swimmingly for Richard Branson’s trip to space last month, the FAA has some questions regarding why the flight seemed to unexpectedly veer so far off the cleared route. The FAA is preventing the company from further launches until they find out what the deal is.
Apple buys a classical music streaming service
While Spotify makes news every month or two for spending a massive amount acquiring a popular podcast, Apple seems to have eyes on a different market for Apple Music, announcing this week that they’re bringing the classical music streaming service Primephonic onto the Apple Music team.
TikTok parent company buys a VR startup
It isn’t a huge secret that ByteDance and Facebook have been trying to copy each other’s success at times, but many probably weren’t expecting TikTok’s parent company to wander into the virtual reality game. The Chinese company bought the startup Pico which makes consumer VR headsets for China and enterprise VR products for North American customers.
Twitter tests an anti-abuse ‘Safety Mode’
The same features that make Twitter an incredibly cool product for some users can also make the experience awful for others, a realization that Twitter has seemingly been very slow to make. Their latest solution is more individual user controls, which Twitter is testing out with a new “safety mode” which pairs algorithmic intelligence with new user inputs.
Some of my favorite reads from our Extra Crunch subscription service this week:
Our favorite startups from YC’s Demo Day, Part 1
“Y Combinator kicked off its fourth-ever virtual Demo Day today, revealing the first half of its nearly 400-company batch. The presentation, YC’s biggest yet, offers a snapshot into where innovation is heading, from not-so-simple seaweed to a Clearco for creators….”
“…Yesterday, the TechCrunch team covered the first half of this batch, as well as the startups with one-minute pitches that stood out to us. We even podcasted about it! Today, we’re doing it all over again. Here’s our full list of all startups that presented on the record today, and below, you’ll find our votes for the best Y Combinator pitches of Day Two. The ones that, as people who sift through a few hundred pitches a day, made us go ‘oh wait, what’s this?’
All the reasons why you should launch a credit card
“… if your company somehow hasn’t yet found its way to launch a debit or credit card, we have good news: It’s easier than ever to do so and there’s actual money to be made. Just know that if you do, you’ve got plenty of competition and that actual customer usage will probably depend on how sticky your service is and how valuable the rewards are that you offer to your most active users….”
Just two months after celebrating its first manned launch to orbit – which is now under investigation with the Federal Aviation Administration – Virgin Galactic wants to return to space.
The company will be conducting its first commercial mission, the 23rd for the VSS Unity rocket-powered spaceplane, in late September or early October from the company’s sprawling Spaceport America facility. The flight will carry three crew members from the Italian Air Force and the National Research Council, each of whom paid an undisclosed amount for the seat. A Virgin Galactic staff member will also be on board.
The role of mission lead will be held by Walter Villadei, a Colonel with the Italian Air Force; Angelo Landolfi, a physician and Lieutenant Colonel; Pantaleone Carlucci, an aerospace engineer on behalf of the National Research Council; and Virgin Galactic’s chief astronaut instructor Beth Moses. Michael Masucci and CJ Sturckow will pilot the spaceplane.
The goal of the mission will be to evaluate the effects of the “transitional phase” from gravity to zero G on the human body; to that end, the crew members will be wearing sensors to measure physiological activity, and Villadei will even be wearing a smart suit that Virgin says will “[incorporate] Italian fashion style and technology.”
The announcement comes just one day after the FAA said that it was investigating the first crewed flight of VSS Unity in July. The news was first reported by The New Yorker and confirmed by the aerospace regulatory, who said that the spaceplane “deviated from its Air Traffic Control clearance as it returned to Spaceport America.” According to journalist Nicholas Schmidle’s reporting, a red warning light appeared on the dash of the Unity during flight, indicating that it had diverged from its planned trajectory.
Virgin Galactic later issued a statement disputing the piece, saying that “athough the flights ultimate trajectory deviated from our initial plan, it was a controlled and intentional flight path that allowed Unity 22 to successfully reach space and land safely at our Spaceport in New Mexico.”
“At no time were passengers and crew put in any danger as a result of this change in trajectory,” the company added.
This is not the first time Schmidle has uncovered news regarding the safety of Virgin Galactic’s supersonic operations. His book, Test Gods, also includes a previously unknown account of a 2019 test flight (confirmed in the book by former employees) which saw potentially serious issues with the plane’s wing.
The Federal Aviation Administration is looking into an anomaly on the Virgin Galactic flight that carried Richard Branson to space. In a piece discussing not just that particular flight but the company’s various safety issues throughout the years, The New Yorker explained that Virgin’s spacecraft went off-course during descent, triggering an “entry glide-cone warning.” The spacecraft uses the glide cone method, which mimics water circling down the drain, for landing. Apparently, the pilots for the mission didn’t fly as steeply as they should have, causing the system to raise the alarm.
An FAA spokesperson confirmed to Reuters that the vehicle “deviated from its Air Traffic Control clearance as it returned to Spaceport America” and it’s investigating the incident. The agency gives missions to space a designated airspace they can fly in to prevent collisions with commercial planes and to minimize civilian casualties in the event of an accident. Virgin’s Unity 22 mission flew out of that designated airspace for a minute and forty-one seconds before the pilots were able to correct course.
Nicholas Schmidle, author of The New Yorker piece, said he attended a meeting a few years ago, wherein the same pilots on the Unity 22 flight said a red light entry glide-cone warning should “scare the shit out of you.” Apparently, that means it’s too late, and that the safest course of action is to abort. In a statement it published after the article went out, though, Virgin Galactic said it “disputes the misleading characterizations and conclusions” in the piece and that the people on the flight weren’t in any danger as a result of the flight deviation. The company said:
“When the vehicle encountered high altitude winds which changed the trajectory, the pilots and systems monitored the trajectory to ensure it remained within mission parameters. Our pilots responded appropriately to these changing flight conditions exactly as they were trained and in strict accordance with our established procedures. Although the flights ultimate trajectory deviated from our initial plan, it was a controlled and intentional flight path that allowed Unity 22 to successfully reach space and land safely at our Spaceport in New Mexico. At no time were passengers and crew put in any danger as a result of this change in trajectory.”
It also said that the spacecraft did not fly outside of the lateral confines of the mission’s protected airspace, though it did drop below the altitude of the airspace it was provided. The company added that it’s “working in partnership with the FAA to address the airspace for future flights.”
Editor’s note: This post originally appeared on Engadget.iv>
Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines.
This is Equity Monday, our weekly kickoff that tracks the latest private market news, talks about the coming week, digs into some recent funding rounds and mulls over a larger theme or narrative from the private markets. You can follow the show on Twitter here. I also tweet.
Today’s show was good fun to put together. Here’s what we got to:
Woo! And that’s the start to the week. Hugs from here, and we’ll chat you on Wednesday!
Virgin Orbit is set to go public via a merger with a special purpose acquisitions company (SPAC), the company has confirmed. The deal values the combined enterprise at $3.2 billion, and will provide Virgin Orbit with $483 million in cash at close, including a $100 million PIPE. The combined company will trade under the ticker VORB on the NASDAQ if and when the transaction concludes.
In June, CNBC reported that such a deal was in the works, and it’s been a popular exit option for private space startups in recent months. Rocket Lab’s SPAC merger was just approved, for instance, and it’ll begin trading on Wednesday, and Richard Branson’s other space company, Virgin Galactic, was the first big SPAC deal that ushered in the craze.
Virgin Galactic, which focuses on flying people to suborbital space, and Virgin Orbit, which transports small satellite payloads to low Earth orbit using similar technology, used to be a single company before the two split to provide more focus on their respective markets. Both Virgin Galactic and Virgin Orbit made significant progress this year, achieving milestone flights, including a first full crew space launch for Galactic, and a first commercial satellite payload delivery mission for Orbit.
Virgin Orbit launches its LauncherOne rocket from the wing of a customized 747 aircraft, which acts as a fully reusable first stage for the overall launch system. The company also has a subsidiary called VOX Space that its as a dedicated launch service provider to the national security launch market.
NextGen, the blank check company that Virgin Orbit is merging with to complete this transaction, is led by a former Goldman & Sachs partner, and will provide up to $383 million in cash from its funds held in trust when the merger goes through.
Cast your mind back to that scene in Minority Report where all those autonomous cars are whizzing through the city. The more practically-minded of you may well have gone: “Yeah, but what about the insurance…?”.
Emerging from an academic project to look at drones, Flock shifted into providing drones insurance then commercial vehicle insurance. The twist is that it hooks into the telematics of cars so that the vehicle only triggers insurance cover when it’s actually moving, not when it’s sitting on the lot, incapable of causing any accidents.
Flock has now raised $17 million in a Series A funding led by Social Capital, the investment vehicle run by Chamath Palihapitiya, best known as a SPAC investor and Chairman of Virgin Galactic. Flock’s existing investors Anthemis and Dig Ventures also participated. This round brings Flock’s total funding to $22 million. Justin Saslaw (Social Capital’s Fintech Partner) joins Flock’s Board of Directors as does Ross Mason (Founder of Dig Ventures & MuleSoft).
Ed Leon Klinger, CEO of Flock said: “Transportation is changing faster than ever, but the traditional insurance industry can’t keep up! The proliferation of electric cars, new business models such as ridesharing, and the emergence of autonomous vehicles pose huge challenges that traditional insurers just aren’t equipped for.”
He added: “Modern fleets need an equally modern insurance company that moves as fast as they do. Commercial motor insurance is a $160Bn market, crying out for disruption. The opportunity ahead of us is enormous.”
In a statement Chamath Palihapitiya, CEO of Social Capital said: “Flock is bridging the gap between today’s insurance industry and tomorrow’s transportation realities. By using real-time data to truly understand vehicle risk, Flock is meeting the demands of our rapidly evolving, hyper-connected world. Flock has the potential to help unlock and enable a truly autonomous world, and even save lives. We’re excited to be a part of their journey.”
Speaking to me over a call, Klinger outlined how the company had hit a sweet spot by hooking into Telematics APIs for cars, or by doing special integrations with existing providers and OEMs: “We’ve built our own integrated approach whereby we partner with some and we build bespoke integrations with them. Often they are not as advanced as others. So we’ll either use our integration platform or or we’ll use their approach. We’re highly flexible. The core value proposition at Flock is its flexibility, so we don’t force our own integration approach.”
Imagine a world where no one’s privacy is breached, no faces are scanned into a gargantuan database, and no privacy laws are broken. This is a world that is fast approaching. Could companies simply dump the need for real-world CCTV footage, and switch to synthetic humans, acting out potential scenarios a million times over? That’s the tantalizing prospect of a new UK startup that has attracted funding from an influential set of investors.
UK-based Mindtech Global has developed what it describes as an end-to-end synthetic data creation platform. In plain English, its system can imagine visual scenarios such as someone’s behavior inside a store, or crossing the street. This data is then used to train AI-based computer vision systems for customers such as big retailers, warehouse operators, healthcare, transportation systems and robotics. It literally trains a ‘synthetic’ CCTV camera inside a synthetic world.
That last investor is significant. In-Q-Tel invests in startups that support US intelligence capabilities and is based in Arlington, Virginia…
Mindtech’s Chameleon platform is designed to help computers understand and predict human interactions. As we all know, current approaches to training AI vision systems require companies to source data such as CCTV footage. The process is fraught with privacy issues, costly, and time-consuming. Mindtech says Chameleon solves that problem, as its customers quickly “build unlimited scenes and scenarios using photo-realistic smart 3D models”.
An added bonus is that these synthetic humans can be used to train AI vision systems to weed out human failings around diversity and bias.
Mindtech CEO Steve Harris
Steve Harris, CEO, Mindtech said: “Machine learning teams can spend up to 80% of their time sourcing, cleaning, and organizing training data. Our Chameleon platform solves the AI training challenge, freeing the industry to focus on higher-value tasks like AI network innovation. This round will enable us to accelerate our growth, enabling a new generation of AI solutions that better understand the way humans interact with each other and the world around them.”
So what can you do with it? Consider the following: A kid slips from its parent’s hand at the mall. The synthetic CCTV running inside Mindtech’s scenario is trained thousands of times over how to spot it in real-time and alert staff. Another: a delivery robot meets kids playing in a street and works out how to how to avoid them. Finally: a passenger on the platform is behaving erratically too close to the rails – the CCTV is trained to automatically spot them and send help.
Nat Puffer, Managing Director (London), In-Q-Tel commented: “Mindtech impressed us with the maturity of their Chameleon platform and their commercial traction with global customers. We’re excited by the many applications this platform has across diverse markets and its ability to remove a significant roadblock in the development of smarter, more intuitive AI systems.”
Miles Kirby, CEO, Deeptech Labs said: “As a catalyst for deeptech success, our investment, and accelerator program supports ambitious teams with novel solutions and the appetite to build world-changing companies. Mindtech’s highly-experienced team are on a mission to disrupt the way AI systems are trained, and we’re delighted to support their journey.”
There is of course potential for darker applications, such a spotting petty theft inside supermarkets, or perhaps ‘optimising’ hard-pressed warehouse workers in some dystopian fashion. However, in theory, Mindtech’s customers can use this platform to rid themselves of the biases of middle-managers, and better serve customers.
Microsoft has secured a court order to take down several malicious “homoglyph” domains that were used to impersonate Office 365 customers and commit fraud.
The technology giant filed a case earlier this month after it uncovered cybercriminal activity targeting its customers. After receiving a customer complaint about a business email compromise attack, a Microsoft investigation found that the unnamed criminal group responsible created 17 additional malicious domains, which were then used together with stolen customer credentials to unlawfully access and monitor Office 365 accounts in an attempt to defraud the customers’ contacts.
Microsoft confirmed in a blog post published Monday that a judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable service on the malicious domains, which include “thegiaint.com” and “nationalsafetyconsuiting.com,” which were used to impersonate its customers.
These so-called “homoglyph” domains exploit the similarities of some letters to create deceptive domains that appear legitimate. For example, using an uppercase “I” and a lowercase “l” (e.g. MICROSOFT.COM vs. MlCROSOFT.COM).
“These were together with stolen customer credentials to unlawfully access customer accounts, monitor customer email traffic, gather intelligence on pending financial transactions, and criminally impersonate [Office 365] customers, all in an attempt to deceive their victims into transferring funds to the cybercriminals,” Microsoft said in its complaint, adding that the cybercriminals “have caused and continue to cause irreparable injury to Microsoft, its customers, and the public.”
In one instance, for example, the criminals identified a legitimate email from the compromised account of an Office 365 customer referencing payment issues. Capitalizing on this information, the criminals sent an email from a homoglyph domain using the same sender name and nearly identical domain. They also used the same subject line and format of an email from the earlier, legitimate conversation, but falsely claimed a hold had been placed on the account by the chief financial officer and that payment needed to be received as soon as possible.
The cybercriminals then attempted to solicit a fraudulent wire transfer by sending new wire transfer information appearing to be legitimate, including using the logo of the company they were impersonating.
Microsoft notes that while these criminals will typically move their malicious infrastructure outside the Microsoft ecosystem once detected, the order — granted on Friday — eliminates defendants’ ability to move these domains to other providers.
“The action will further allow us to diminish the criminals’ capabilities and, more importantly, obtain additional evidence to undertake further disruptions inside and outside court,” said Amy Hogan-Burney, general manager of Microsoft’s Digital Crime Unit.
The tech giant hasn’t yet disclosed the identities of the cybercriminals responsible for the BEC attacks, but said that “based on the techniques deployed, the criminals appear to be financially motivated, and we believe they are part of an extensive network that appears to be based out of West Africa.” The targets of the operation were predominantly small businesses operating in North America across several industries, according to Microsoft.
This isn’t the first time Microsoft secured a court order to step up its fight against cybercriminals and similar attacks, which research shows affected 71% of businesses in 2021. Last year, a court granted the tech giant’s request to seize and take control of malicious web domains used in a large-scale cyberattack targeting victims in 62 countries with spoofed COVID-19 emails.