Australian security software house Click Studios has told customers not to post emails sent by the company about its data breach, which allowed malicious hackers to push a malicious update to its flagship enterprise password manager Passwordstate to steal customer passwords.
Last week, the company told customers to “commence resetting all passwords” stored in its flagship password manager after the hackers pushed the malicious update to customers over a 28-hour window between April 20-22. The malicious update was designed to contact the attacker’s servers to retrieve malware designed to steal and send the password manager’s contents back to the attackers.
In an email to customers, Click Studios did not say how the attackers compromised the password manager’s update feature, but included a link to a security fix.
But news of the breach only became public after Danish cybersecurity firm CSIS Group published a blog post with details of the attack hours after Click Studios emailed its customers.
Click Studios claims Passwordstate is used by “more than 29,000 customers,” including in the Fortune 500, government, banking, defense and aerospace, and most major industries.
In an update on its website, Click Studios said in a Wednesday advisory that customers are “requested not to post Click Studios correspondence on Social Media.” The email adds: “It is expected that the bad actor is actively monitoring Social Media, looking for information they can use to their advantage, for related attacks.”
“It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content,” the company said.
Besides a handful of advisories published by the company since the breach was discovered, the company has refused to comment or respond to questions.
It’s also not clear if the company has disclosed the breach to U.S. and EU authorities where the company has customers, but where data breach notification rules obligate companies to disclose incidents. Companies can be fined up to 4% of their annual global revenue for falling foul of Europe’s GDPR rules.
Click Studios chief executive Mark Sandford has not responded to repeated requests (from TechCrunch) for comment. Instead, TechCrunch received the same canned autoresponse from the company’s support email saying that the company’s staff are “focused only on assisting customers technically.”
TechCrunch emailed Sandford again on Thursday for comment on the latest advisory, but did not hear back.
Mighty Networks, a platform designed to give creators and brands a dedicated place to start and grow communities, has closed on $50 million in a Series B funding round led by Owl Ventures.
Ziff Capital Partners and LionTree Partners also participated in the financing, along with existing backers Intel Capital, Marie Forleo, Gretchen Rubin, Dan Rosensweig, Reid Hoffman, BBG Ventures and Lucas Venture Group. The investment brings Palo Alto-based Mighty Networks’ total raised since its 2017 inception to $67 million.
Mighty Networks founder and CEO Gina Bianchini — who started the company with Tim Herby and Thomas Aaron — is no stranger to building nurturing environments for community building. Previously, she was the CEO and co-founder of Ning, where she led the company’s rapid growth to three million Ning Networks created and about 100 million users around the world in three years.
With Mighty Networks, Bianchini’s goal is to build “a creator middle class” founded on community memberships, events and live online courses.
“Basically we have a platform for people to create communities the way that they would create e-commerce stores,” she told TechCrunch. “So what Shopify has done for e-commerce, we’re doing for digital subscriptions and digital payments where the value is around a community that is mastering something interesting or important together, and not just content alone.”
The company’s flagship Business Plan product is aimed at new creators with the goal of giving them an easy way to get started with digital subscriptions, Bianchini said. Established brands, organizations and successful creators use the company’s Mighty Pro plan to get everything Mighty Networks offers on their own branded iOS, iPad and Android apps.
Mighty Networks — which operates as a SaaS business — has seen impressive growth. In 2020, ARR climbed by “2.5x” while annual customer growth climbed by 200%. Customers are defined as paying creators who host their community, courses and events on their own Mighty Network. The company also saw a 400% annual growth in payments, or rather in subscriptions and payments where a creator or brand will sell a membership or an online course.
The pandemic was actually a boon to the business, as well as the fact that it launched live events last year.
“We were able to help many businesses quickly move online — from yoga studios to leadership speakers and consultants — and now that the world is coming back, they’ll be able to use the features that we’ve built into the platform from day one around finding members, events and groups near them, as well as making everything via not just the web but mobile apps,” Bianchini said.
One of the startup’s goals is to help people understand that they don’t need massive amounts of followers (such as 1 million followers on TikTok) to be successful creators. For example, a creator charging 30 people for a subscription that amounts to around $1,000 a year can still pull in $30,000 a year. So while it’s not huge, it’s certainly still substantial — hence the company’s intent to build a “creator middle class.”
Mighty Networks has more than 10,000 paying creators, brands and coaches today. Users include established creators and brands such as YouTube star Adriene Mishler, Xprize and Singularity University founder Peter Diamandis, author Luvvie Ajayi Jones, comedian Amanda Seales, Girlboss founder Sophia Amoruso and brands such as the TED conference and wellness scheduling platform MINDBODY.
“Content alone will kill the creator economy,” Bianchini said. “We can’t build a thriving creator movement on an exhausting, unfair dynamic where content creators rent audiences from big tech platforms, are required to produce a never-ending stream of content and get paid pennies for it, if they get paid at all. Creators need to own their own community on the internet, where members meet each other and get results and transformation.”
Owl Ventures Managing Director Amit Patel said his firm was impressed by Mighty Networks before it even met the company.
“No company in this space has more loyal, passionate believers, and when we saw firsthand that creators could successfully build paid communities and online courses on a Mighty Network with as few as 30 members, we wanted to be a part of unlocking this creator middle class for a million more creators,” Patel said in a written statement.
The company plans to use its new capital on product development across media types, payment options and expansion into new markets.
Earlier this month, Pico, a New York startup that helps online creators and media companies make money and manage their customer data, announced that it had launched an upgraded platform and raised $6.5 million in new funding. Essentially, the company is building what it considers to be an operating system for the creator market.
Earth Day may have come and gone, but with apps like #8meals from the non-profit Habits of Waste, anyone can try and do their part to help reduce deforestation and rising greenhouse gas emissions by cutting meat out of their diets for just 8 meals a week.
The app, which was created by Habits of Waste founder Sheila Morovati along with the development shop Digital Pomegranate, gives users a way to schedule which meals of theirs will be meatless and offers recipe suggestions for what to eat to help them stick to their goals.
For Morovati, the #8meals app is only the latest in a series of initiatives that are meant to cut down on waste and consumption. Morovati’s journey to environmental advocacy began with a program to redistribute used crayons from restaurants to schools in the Southern California region.
That program, called Crayon Collection, has redirected over 20 million crayons from landfills, but Morovati’s non-profit push to reduce waste didn’t end there.
The Habits of Waste organization also launched the #cutoutcutlery campaign, which convinced Uber Eats, Postmates, Grubhub and DoorDash to change their default settings to make customers opt-in to receive plastic cutlery. It’s a way to reduce the nearly 40 billion plastic utensils that are thrown away each year, according to the Habits of Waste website.
“We decided to create a whole new arm which is cut out cutlery and eight meals. Trying to shift societal mindset is my goal,” said Morovati.
Meanwhile, the number of meat replacements available to consumers continues to expand. Everyone from Post Cereal to Anheuser Busch is trying to make a play for replacements to proteins sourced from animals. That’s not to mention the billions raised by companies like Impossible Foods and Beyond Meat to sell replacements direct to consumers.
Going meatless, even for a few meals a week, can make a huge difference for planetary health (and human health). That’s because animal agriculture is responsible for more than 18% of greenhouse gas emissions worldwide — and it contributes to deforestation.
“I always think about this fake person that I’ve created in my mind and I call him Mr. Joe Barbecue,” Morovati said during a YouTube interview with self-described superfood guru, Darien Olien, earlier this year. “How can we get Mr. Joe Barbecue to be on board? Is it possible to tell him to go fully vegan? I don’t think so. Not yet. But I think if we introduce it with eight meals a week, maybe even Mr. Joe Barbecue will be willing to go there and understand it and try it and open up the door a crack to invite people in who may not be willing to do this.”
When the third minute of Apple’s first product event of 2021 ticked over and they had already made 3 announcements we knew it was going to be a packed one. In a tight single hour this week, Apple launched a ton of new product including AirTags, new Apple Card family sharing, a new Apple TV, a new set of colorful iMacs, and a purple iPhone 12 shade.
Of the new devices announced, though, Apple’s new 12.9” iPad Pro is the most interesting from a market positioning perspective.
This week I got a chance to speak to Apple Senior Vice President of Worldwide Marketing Greg Joswiak and Senior Vice President of Hardware Engineering John Ternus about this latest version of the iPad Pro and its place in the working universe of computing professionals.
In many ways, this new iPad Pro is the equivalent of a sprinter being 3 lengths ahead going into the last lap and just turning on the afterburners to put a undebatable distance between themselves and the rest of the pack. Last year’s model is still one of the best computers you can buy, with a densely packed offering of powerful computing tools, battery performance and portability. And this year gets upgrades in the M1 processor, RAM, storage speed, Thunderbolt connection, 5G radio, new ultra wide front camera and its Liquid Retina XDR display.
This is a major bump even while the 2020 iPad Pro still dominates the field. And at the center of that is the display.
Apple has essentially ported its enormously good $5,000 Pro Display XDR down to a 12.9” touch version, with some slight improvements. But the specs are flat out incredible. 1,000 nit brightness peaking at 1,600 nits in HDR with 2,500 full array local dimming zones — compared to the Pro Display XDR’s 576 in a much larger scale.
Given that this year’s first product launch from Apple was virtual, the media again got no immediate hands on with the new devices introduced, including iPad Pro. This means that I have not yet seen the XDR display in action. Unfortunately, these specs are so good that estimating them without having seen the screen yet is akin to trying to visualize “a trillion” in your head. It’s intellectually possible but not really practical.
It’s brighter than any Mac or iOS device not the market and could be a big game changing device for professionals working in HDR video and photography. But even still, this is a major investment to ship a micro-LED display in the millions or tens of millions of units with more density and brightness than any other display on the market.
I ask both of them why there’s a need to do this doubling down on what is already one of the best portable displays ever made — if not one of the best displays period.
“We’ve always tried to have the best display,” says Ternus. “We’re going from the best display on any device like this and making it even better, because that’s what we do and that’s why we, we love coming to work every day is to take that next big step.
“[With the] Pro Display XDR if you remember one thing we talked about was being able to have this display and this capability in more places in the work stream. Because traditionally there was just this one super expensive reference monitor at the end of the line. This is like the next extreme of that now you don’t even have to be in the studio anymore you can take it with you on the go and you can have that capability so from a, from a creative pro standpoint we think this is going to be huge.”
In my use of the Pro Display and my conversations with professionals about it one of the the common themes that I’ve heard is the reduction in overall workload due to the multiple points in the flow where color and image can be managed accurately to spec now. The general system in place puts a reference monitor very late in the production stage which can often lead to expensive and time consuming re-rendering or new color passes. Adding the Liquid Retina XDR display into the mix at an extremely low price point means that a lot more plot points on the production line suddenly get a lot closer to the right curve.
One of the stronger answers on the ‘why the aggressive spec bump’ question comes later in our discussion but is worth mentioning in this context. The point, Joswiak says, is to offer headroom. Headroom for users and headroom for developers.
“One of the things that iPad Pro has done as John [Ternus] has talked about is push the envelope. And by pushing the envelope that has created this space for developers to come in and fill it. When we created the very first iPad Pro, there was no Photoshop,” Joswiak notes. “There was no creative apps that could immediately use it. But now there’s so many you can’t count. Because we created that capability, we created that performance — and, by the way sold a fairly massive number of them — which is a pretty good combination for developers to then come in and say, I can take advantage of that. There’s enough customers here and there’s enough performance. I know how to use that. And that’s the same thing we do with each generation. We create more headroom to performance that developers will figure out how to use.
“The customer is in a great spot because they know they’re buying something that’s got some headroom and developers love it.”
The iPad Pro is now powered by the M1 chip — a move away from the A-series naming. And that processor part is identical (given similar memory configurations) to the one found in the iMac announced this week and MacBooks launched earlier this year.
“It’s the same part, it’s M1,” says Ternus. “iPad Pro has always had the best Apple silicon we make.”
“How crazy is it that you can take a chip that’s in a desktop, and drop it into an iPad,” says Joswiak. “I mean it’s just incredible to have that kind of performance at such amazing power efficiency. And then have all the technologies that come with it. To have the neural engine and ISP and Thunderbolt and all these amazing things that come with it, it’s just miles beyond what anybody else is doing.”
As the M1 was rolling out and I began running my testing, the power per watt aspects really became the story. That really is the big differentiator for M1. For decades, laptop users have been accustomed to saving any heavy or intense workloads for the times when their machines were plugged in due to power consumption. M1 is in the process of resetting those expectations for desktop class processors. In fact, Apple is offering not only the most powerful CPUs but also the most power-efficient CPUs on the market. And it’s doing it in a $700 Mac Mini, a $1,700 iMac and a $1,100 iPad Pro at the same time. It’s a pretty ridiculous display of stunting, but it’s also the product of more than a decade of work building its own architecture and silicon.
“Your battery life is defined by the capacity of your battery and the efficiency of your system right? So we’re always pushing really really hard on the system efficiency and obviously with M1, the team’s done a tremendous job with that. But the display as well. We designed a new mini LED for this display, focusing on efficiency and on package size, obviously, to really to be able to make sure that it could fit into the iPad experience with the iPad experience’s good battery life.
We weren’t going to compromise on that,” says Ternus.
One of the marquee features of the new iPad Pro is its 12MP ultra-wide camera with Center Stage. An auto-centering and cropping video feature designed to make FaceTime calling more human-centric, literally. It finds humans in the frame and centers their faces, keeping them in the frame even if they move, standing and stretching or leaning to the side. It also includes additional people in the frame automatically if they enter the range of the new ultra-wide 12MP front-facing camera. And yes, it also works with other apps like Zoom and Webex and there will be an API for it.
I’ve gotten to see it in action a bit more and I can say with surety that this will become an industry standard implementation of this kind of subject focusing. The crop mechanic is handled with taste, taking on the characteristics of a smooth zoom pulled by a steady hand rather than an abrupt cut to a smaller, closer framing. It really is like watching a TV show directed by an invisible machine learning engine.
“This is one of the examples of some of our favorite stuff to do because of the way it marries the hardware and software right,” Ternus says. “So, sure it’s the camera but it’s also the SOC and and the algorithms associated with detecting the person and panning and zooming. There’s the kind of the taste aspect right which is how do we make something that feels good it doesn’t move too fast and doesn’t move too slow. That’s a lot of talented, creative people coming together and trying to find the thing that makes it Apple like.”
It also goes a long way to making the awkward horizontal camera placement when using the iPad Pro with Magic Keyboard. This has been a big drawback for using the iPad Pro as a portable video conferencing tool, something we’ve all been doing a lot of lately. I ask Ternus whether Center Stage was designed to mitigate this placement.
“Well, you can use iPad in any orientation right? So you’re going to have different experiences based on how you’re using it. But what’s amazing about this is that we can keep correcting the frame. What’s been really cool is that we’ve all been sitting around in these meetings all day long on video conferencing and it’s just nice to get up. This experience of just being able to stand up and kind of stretch and move around the room without walking away from the camera has been just absolutely game changing, it’s really cool.”
It’s worth noting that several other video sharing devices like the Portal and some video software like Teams already offer cropping-type follow features, but the user experience is everything when you’re shipping software like this to millions of people at once. It will be interesting to see how Center Stage stacks up agains the competition when we see it live.
With the ongoing chatter about how the iPad Pro and Mac are converging from a feature-set perspective, I ask how they would you characterize an iPad Pro vs. a MacBook buyer? Joswiak is quick to respond to this one.
“This is my favorite question because you know, you have one camp of people who believe that the iPad and the Mac are at war with one another right it’s one or the other to the death. And then you have others who are like, no, they’re bringing them together — they’re forcing them into one single platform and there’s a grand conspiracy here,” he says.
“They are at opposite ends of a thought spectrum and reality is neither is correct, right? We pride ourselves in the fact that we work really, really, really hard to have the best products in the respective categories. The Mac is the best personal computer, it just is. Customer satisfaction would indicate that is the case, by a longshot.”
Joswiak points out that the whole PC category is growing, which he says is nice to see. But he points out that Macs are way outgrowing PCs and doing ‘quite well’. He also notes that the iPad business is still outgrowing the tablets category (while still refusing to label the iPad a tablet).
“And it’s also the case that it’s not an ‘either or’. The majority of our Mac customers have an iPad. That’s an awesome thing. They don’t have it because they’re replacing their Mac, it’s because they use the right tool at the right time.
What’s very cool about what [Ternus] and his team have done with iPad Pro is that they’ve created something where that’s still the case for creative professionals too — the hardest to please audience. They’ve given them a tool where they can be equally at home using the Mac for their professional making money with it kind of work, and now they can pick up an iPad Pro — and they have been for multiple generations now and do things that, again, are part of how they make money, part of their creative workflow flow,” says Joswiak. “And that test is exciting. it isn’t one or the other, both of them have a role for these people.”
Since converting over to an iPad Pro as my only portable computer, I’ve been thinking a lot about the multimodal aspects of professional work. And, clearly, Apple has as well given its launch of a Pro Workflows team back in 2018. Workflows have changed massively over the last decade, and obviously the iPhone and an iPad, with their popularization of the direct manipulation paradigm, have had everything to do with that. In the current world we’re in, we’re way past ‘what is this new thing’, and we’re even way past ‘oh cool, this feels normal’ and we’re well into ‘this feels vital, it feels necessary.’
Contrary to some people’s beliefs, we’re never thinking about what we should not do on an iPad because we don’t want to encroach on Mac or vice versa,” says Ternus. “Our focus is, what is the best way? What is the best iPad we can make what are the best Macs we can make. Some people are going to work across both of them, some people will kind of lean towards one because it better suits their needs and that’s, that’s all good.
If you follow along, you’ll know that Apple studiously refuses to enter into the iPad vs. Mac debate — and in fact likes to place the iPad in a special place in the market that exists unchallenged. Joswiak often says that he doesn’t even like to say the word tablet.
“There’s iPads and tablets, and tablets aren’t very good. iPads are great,” Joswiak says. “We’re always pushing the boundaries with iPad Pro, and that’s what you want leaders to do. Leaders are the ones that push the boundaries leaders are the ones that take this further than has ever been taken before and the XDR display is a great example of that. Who else would you expect to do that other than us. And then once you see it, and once you use it, you won’t wonder, you’ll be glad we did.”
Image Credits: Apple
Google today announced that it is moving FeedBurner to a new infrastructure but also deprecating its email subscription service.
If you’re an internet user of a certain age, chances are you used Google’s FeedBurner to manage the RSS feeds of your personal blogs and early podcasts at some point. During the Web 2.0 era, it was the de facto standard for feed management and analytics, after all. Founded in 2004, with Dick Costolo as one of its co-founders (before he became Twitter’s CEO in 2010), it was acquired by Google in 2007.
Ever since, FeedBurner lingered in an odd kind of limbo. While Google had no qualms shutting down popular services like Google Reader in favor of its ill-fated social experiments like Google+, FeedBurner just kept burning feeds day in and day out, even as Google slowly deprecated some parts of the service, most notably its advertising integrations.
I don’t know that anybody spent a lot of time thinking about the service and RSS has slowly (and sadly) fallen into obscurity, yet the service was probably easy enough to maintain that Google kept it going. And despite everything, shutting it down would probably break enough tools for publishers to create quite an uproar. The TechCrunch RSS feed, to which you are surely subscribed in your desktop RSS reader, is http://feeds.feedburner.com/TechCrunch/, after all.
So here we are, 14 years later, and Google today announced that it is “making several upcoming changes to support the product’s next chapter.” It’s moving the service to a new, more stable infrastructure.
But in July, it is also shutting down some non-core features that don’t directly involve feed management, most importantly the FeedBurner email subscription service that allowed you to get emailed alerts when a feed updates. Feed owners will be able to download their email subscriber lists (and will be able to do so after July, too). With that, Blogger’s FollowByEmail widget will also be deprecated (and hey, did you start this day thinking you’d read about FeedBurner AND Blogger on TechCrunch without having to travel back to 2007?).
Google stresses that other core FeedBurner features will remain in place, but given the popularity of email newsletters, that’s a bit of an odd move.
Risk and compliance startup LogicGate has confirmed a data breach. But unless you’re a customer, you probably didn’t hear about it.
An email sent by LogicGate to customers earlier this month said on February 23 an unauthorized third-party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud, which helps companies to identify and manage their risk and compliance with data protection and security standards. LogicGate says its Risk Cloud can also help find security vulnerabilities before they are exploited by malicious hackers.
The credentials “appear to have been used by an unauthorized third party to decrypt particular files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment,” the email read.
“Only data uploaded to your Risk Cloud environment on or prior to February 23, 2021, would have been included in that backup file. Further, to the extent you have stored attachments in the Risk Cloud, we did not identify decrypt events associated with such attachments,” it added.
LogicGate did not say how the AWS credentials were compromised. An email update sent by LogicGate last Friday said the company anticipates finding the root cause of the incident by this week.
But LogicGate has not made any public statement about the breach. It’s also not clear if LogicGate contacted all of its customers or only those whose data was accessed. LogicGate counts Capco, SoFi, and Blue Cross Blue Shield of Kansas City as customers.
We sent a list of questions, including how many customers were affected and if the company has alerted U.S. state authorities as required by state data breach notification laws. When reached, LogicGate chief executive Matt Kunkel confirmed the breach but declined to comment citing an ongoing investigation. “We believe it’s best to communicate developers directly to our customers,” he said.
Kunkel would not say, when asked, if the attacker also exfiltrated the decrypted customer data from its servers.
Data breach notification laws vary by state, but companies that fail to report security incidents can face heavy fines. Under Europe’s GDPR rules, companies can face fines of up to 4% of their annual turnover for violations.
In December, LogicGate secured $8.75 million in fresh funding, totaling more than $40 million since it launched in 2015.
Are you a LogicGate customer? Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.
Meroxa, a startup that makes it easier for businesses to build the data pipelines to power both their analytics and operational workflows, today announced that it has raised a $15 million Series A funding round led by Drive Capital. Existing investors Root, Amplify and Hustle Fund also participated in this round, which together with the company’s previously undisclosed $4.2 million seed round now brings total funding in the company to $19.2 million.
The promise of Meroxa is that can use a single platform for their various data needs and won’t need a team of experts to build their infrastructure and then manage it. At its core, Meroxa provides a single Software-as-a-Service solution that connects relational databases to data warehouses and then helps businesses operationalize that data.
“The interesting thing is that we are focusing squarely on relational and NoSQL databases into data warehouse,” Meroxa co-founder and CEO DeVaris Brown told me. “Honestly, people come to us as a real-time FiveTran or real-time data warehouse sink. Because, you know, the industry has moved to this [extract, load, transform] format. But the beautiful part about us is, because we do change data capture, we get that granular data as it happens.” And businesses want this very granular data to be reflected inside of their data warehouses, Brown noted, but he also stressed that Meroxa can expose this stream of data as an API endpoint or point it to a Webhook.
The company is able to do this because its core architecture is somewhat different from other data pipeline and integration services that, at first glance, seem to offer a similar solution. Because of this, users can use the service to connect different tools to their data warehouse but also build real-time tools on top of these data streams.
“We aren’t a point-to-point solution,” Meroxa co-founder and CTO Ali Hamidi explained. “When you set up the connection, you aren’t taking data from Postgres and only putting it into Snowflake. What’s really happening is that it’s going into our intermediate stream. Once it’s in that stream, you can then start hanging off connectors and say, ‘Okay, well, I also want to peek into the stream, I want to transfer my data, I want to filter out some things, I want to put it into S3.”
Because of this, users can use the service to connect different tools to their data warehouse but also build real-time tools to utilize the real-time data stream. With this flexibility, Hamidi noted, a lot of the company’s customers start with a pretty standard use case and then quickly expand into other areas as well.
Brown and Hamidi met during their time at Heroku, where Brown was a director of product management and Hamidi a lead software engineer. But while Heroku made it very easy for developers to publish their web apps, there wasn’t anything comparable in the highly fragmented database space. The team acknowledges that there are a lot of tools that aim to solve these data problems, but few of them focus on the user experience.
“When we talk to customers now, it’s still very much an unsolved problem,” Hamidi said. “It seems kind of insane to me that this is such a common thing and there is no ‘oh, of course you use this tool because it addresses all my problems.’ And so the angle that we’re taking is that we see user experience not as a nice-to-have, it’s really an enabler, it is something that enables a software engineer or someone who isn’t a data engineer with 10 years of experience in wrangling Kafka and Postgres and all these things. […] That’s a transformative kind of change.”
It’s worth noting that Meroxa uses a lot of open-source tools but the company has also committed to open-sourcing everything in its data plane as well. “This has multiple wins for us, but one of the biggest incentives is in terms of the customer, we’re really committed to having our agenda aligned. Because if we don’t do well, we don’t serve the customer. If we do a crappy job, they can just keep all of those components and run it themselves,” Hamidi explained.
Today, Meroxa, which the team founded in early 2020, has over 24 employees (and is 100% remote). “I really think we’re building one of the most talented and most inclusive teams possible,” Brown told me. “Inclusion and diversity are very, very high on our radar. Our team is 50% black and brown. Over 40% are women. Our management team is 90% underrepresented. So not only are we building a great product, we’re building a great company, we’re building a great business.”
Hello friends, and welcome back to Week in Review!
Last week, I talked about Clubhouse’s slowing user growth. Well, this week news broke that they had been in talks with Twitter for a $4 billion acquisition, so it looks like they’re still pretty desirable. This week, I’m talking about a story I published a couple days ago that highlights pretty much everything that’s wild about the alternative asset world right now.
If you successfully avoided all mentions of NFTs until now, I congratulate you, because it certainly does seem like the broader NFT market is seeing some major pullback after a very frothy February and March. You’ll still be seeing plenty of late-to-the-game C-list celebrities debuting NFT art in the coming weeks, but a more sober pullback in prices will probably give some of the NFT platforms that are serious about longevity a better chance to focus on the future and find out how they truly matter.
I spent the last couple weeks, chatting with a bunch of people in one particular community — one of the oldest active NFT communities on the web called CryptoPunks. It’s a platform with 10,000 unique 24×24 pixel portraits and they trade at truly wild prices.
I wrote about the history and legacy of CryptoPunks, a vibrant $200 million NFT marketplace built around trading pixelated characters. There are only 10,000 of them and owning the cheapest one will cost you about $30k. https://t.co/X4iTSl6FjC
— Lucas Matney (@lucasmtny) April 8, 2021
This picture sold for a $1.05 million.
I talked to a dozen or so people (including the guy who sold that one ^^) that had spent between tens of thousands and millions of dollars on these pixelated portraits, my goal being to tap into the psyche of what the hell is happening here. The takeaway is that these folks don’t see these assets as any more non-sensical than what’s going on in more traditional “old world” markets like public stock exchanges.
A telling quote from my reporting:
“Obviously this is a very speculative market… but it’s almost more honest than the stock market,” user Max Orgeldinger tells TechCrunch. “Kudos to Elon Musk — and I’m a big Tesla fan — but there are no fundamentals that support that stock price. It’s the same when you look at GameStop. With the whole NFT community, it’s almost more honest because nobody’s getting tricked into thinking there’s some very complicated math that no one can figure out. This is just people making up prices and if you want to pay it, that’s the price and if you don’t want to pay it, that’s not the price.”
Shortly after I published my piece, Christie’s announced that they were auctioning off nine of the CryptoPunks in an auction likely to fetch at least $10 million at current prices. The market surged in the aftermath and many millions worth of volume quickly moved through the marketplace minting more NFT millionaires.
Is this all just absolutely nuts? Sure.
Is it also a poignant picture of where alternative asset investing is at in 2021? You bet.
Here are the TechCrunch news stories that especially caught my eye this week:
Amazon workers vote down union organization attempt
Amazon is breathing a sigh of relief after workers at their Bessemer, Alabama warehouse opted out of joining a union, lending a crushing defeat to labor activists who hoped that the high-profile moment would lead more Amazon workers to organize. The vote has been challenged, but the margin of victory seems fairly decisive.
Supreme court sides with Google in Oracle case
If any singular event impacted the web the most this week, it was the Supreme Court siding with Google in a very controversial lawsuit by Oracle that could’ve fundamentally shifted the future of software development.
Coinbase is making waves
The Coinbase direct listing is just around the corner and they’re showing off some of their financials. Turns out crypto has been kind of hot lately and they’re raking in the dough, with revenue of $1.8 billion this past quarter.
Apple share more about the future of user tracking
Apple is about to upend the ad-tracking market and they published some more details on what exactly their App Tracking Transparency feature is going to look like. Hint: more user control.
Consumers are spending lots of time in apps
A new report from mobile analytics firm App Annie suggests that we’re dumping more of our time into smartphone apps, with the average users spending 4.2 hours a day doing so, a 30 percent increase over two years.
Sonos perfects the bluetooth speaker
I’m a bit of an audio lover, which made my colleague Darrell’s review of the new Sonos Roam bluetooth speaker a must-read for me. He’s pretty psyched about it, even though it comes in at the higher-end of pricing for these devices, still I’m looking forward to hearing one with my own ears.
Image Credits: Nigel Sussman
Some of my favorite reads from our Extra Crunch subscription service this week:
The StockX EC-1
“StockX is a unique company at the nexus of two radical transitions that isn’t just redefining markets, but our culture as well. E-commerce upended markets, diminishing the physical experience by intermediating and aggregating buyers and sellers through digital platforms. At the same time, the internet created rapid new communication channels, allowing euphoria and desire to ricochet across society in a matter of seconds. In a world of plenty, some things are rare, and the hype around that rarity has never been greater. Together, these two trends demanded a stock market of hype, an opportunity that StockX has aggressively pursued.”
Building the right team for a billion-dollar startup
“I would really encourage you to take some time to think about what kind of company you want to make first before you go out and start interviewing people. So that really is going to be about understanding and defining your culture. And then the second thing I’d be thinking about when you’re scaling from, you know, five people up to, you know, 50 and beyond is that managers really are the key to your success as a company. It’s hard to overstate how important managers, great managers, are to the success of your company.
So you want to raise a Series A
“More companies will raise seed rounds than Series A rounds, simply due to the fact that many startups fail, and venture only makes sense for a small fraction of businesses out there. Every check is a new cycle of convincing and proving that you, as a startup, will have venture-scale returns. Moore explained that startups looking to move to their next round need to explain to investors why now is their moment.”
Until next week,
Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake.
The non-profit, founded by Jordan’s Queen Rania and headquartered in the kingdom’s capital, was set up in 2013 to promote education across the Arab region. The organization works with several partners, including the British Council and edX, a consortium set up by Harvard, Stanford, and MIT.
In February, researchers at U.K. cybersecurity firm TurgenSec found one of Edraak’s cloud storage servers containing at least tens of thousands of students’ data, including spreadsheets with students’ names, email addresses, gender, birth year, country of nationality, and some class grades.
TurgenSec, which runs Breaches.UK, a site for disclosing security incidents, alerted Edraak to the security lapse. A week later, their email was acknowledged by the organization but the data continued to spill. Emails seen by TechCrunch show the researchers tried to alert others who worked at the organization via LinkedIn requests, and its partners, including the British Council.
Two months passed and the server remained open. At its request, TechCrunch contacted Edraak, which closed the servers a few hours later.
In an email this week, Edraak chief executive Sherif Halawa told TechCrunch that the storage server was “meant to be publicly accessible, and to host public course content assets, such as course images, videos, and educational files,” but that “student data is never intentionally placed in this bucket.”
“Due to an unfortunate configuration bug, however, some academic data and student information exports were accidentally placed in the bucket,” Halawa confirmed.
“Unfortunately our initial scan did not locate the misplaced data that made it there accidentally. We attributed the elements in the Breaches.UK email to regular student uploads. We have now located these misplaced reports today and addressed the issue,” Halawa said.
The server is now closed off to public access.
It’s not clear why Edraak ignored the researchers’ initial email, which disclosed the location of the unprotected server, or why the organization’s response was not to ask for more details. When reached, British Council spokesperson Catherine Bowden said the organization received an email from TurgenSec but mistook it for a phishing email.
Edraak’s CEO Halawa said that the organization had already begun notifying affected students about the incident, and put out a blog post on Thursday.
Last year, TurgenSec found an unencrypted customer database belonging to U.K. internet provider Virgin Media that was left online by mistake, containing records linking some customers to adult and explicit websites.
More from TechCrunch:
Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.
At its Octane21 conference, Okta, the popular authentication and identity platform, today announced a new — and free — developer edition that features fewer limitations and support for significantly more monthly active users than its current free plan.
“Our overall philosophy isn’t, ‘we want to just provide […] a set of authentication and authorization services.’ The way we’re looking at this is, ‘hey, app developer, how do we provide you the foundation you need to get up and running quickly with authorization and authentication as one part of it,’ ” Diya Jolly, Okta’s chief product officer, told me. And she believes that Okta is in a unique position to do so, because it doesn’t only offer tools to manage authorization and access, but also systems for securing microservices and providing applications with access to privileged resources.
It’s also worth noting that, while the deal hasn’t closed yet, Okta’s intent to acquire Auth0 significantly extends its developer strategy, given Auth0’s developer-first approach.
As for the expanded free account, Jolly noted that the company found that developers wanted to be able to access more of the service’s features during their prototyping phases. That means the new free Developer Edition comes with support for multi-factor authentication, machine-to-machine tokens and B2B integrations, for example, in addition to expanded support for integrations into toolchains. As is so often the case with enterprise tools, the free edition doesn’t come with the usual enterprise support options and has lower rate limits than the paid plans.
Still, and Jolly acknowledged this, a small to medium-sized business may be able to build applications and take them into production based on this new free plan.
“15K [monthly active users] is is a lot, but if you look at our customer base, it’s about the right amount for the smaller business applications, the real SMBs, and that was the goal. In a developer motion, you want people to try out things and then upgrade. I think that’s the key. No developer is going to come and build with you if you don’t have a free offering that they can tinker around and play with.”
She noted that the company has spent a lot of time thinking about how to support developers through the application development lifecycle overall. That includes better CLI tools for developers who would rather bypass Okta’s web-based console, for example, and additional integrations with tools like Terraform, Kong and Heroku. “Today, [developers] have to stitch together identity and Okta into those experiences — or they use some other identity — we’ve pre-stitched all of this for them,” Jolly said.
The new Okta Starter Developer Edition, as well as the new documentation, sample applications and integrations, are now available at developer.okta.com.
From the earliest days of the pandemic, it was no secret that video chat was about to become a very hot space.
Over the past several months investors have bankrolled a handful of video startups with specific niches, ranging from always-on office surveillance to platforms that encouraged plenty of mini calls to avoid the need for more lengthy team-wide meetings. As the pandemic wanes and plenty of startups begin to look towards hybrid office models, there are others who have decided to lean into embracing a fully remote workforce, a strategy that may require new tools.
PingPong, a recent launch from Y Combinator’s latest batch, is building an asynchronous video chat app for the workplace. We selected PingPong as one of our favorite startups that debuted last week.
The company’s central sell is that for remote teams, there needs to be a better alternative to Slack or email for catching up with co-workers across time zones. While Zoom calls might be able to convey a company’s culture better than a post in a company-wide Slack channel, for fully remote teams operating on different continents, scheduling a company-wide meeting is often a non-starter.
PingPong is selling its service as an addendum to Slack that helps remote product teams collaborate and convey what they’re working on. Users can capture a short video of themselves and share their screen in lieu of a standup presentation and then they can get caught up on each other’s progress on their own time. PingPong’s hope is that users find more value in brainstorming, conducting design reviews, reporting bugs and more inside while using asynchronous video than they would with text.
“We have a lot to do before we can replace Slack, so right now we kind of emphasize playing nice with Slack,” PingPong CEO Jeff Whitlock tells TechCrunch. “Our longer term vision is that what young people are doing in their consumer lives, they bring into the enterprise when they graduate into the workforce. You and I were using Instant Messenger all the time in the early 2000s and then we got to the workplace, that was the opportunity for Slack… We believe in the next five or so years, something that’s a richer, more asynchronous video-based Slack alternative will have a lot more interest.”
Building a chat app specifically designed for remote product teams operating in multiple time zones is a tight niche for now, but Whitlock believes that this will become a more common problem as companies embrace the benefits of remote teams post-pandemic. PingPong costs $100 per user per year.
While the growth of game-streaming audiences have continued on desktop platforms, the streaming space has felt surprisingly stagnant at times, particularly due to the missing mobile element and a lack of startup competitors.
Lowkey, a young gaming startup that builds software for game streamers, is aiming to build out opportunities in bit-sized clips. The startup wants to be a hub for both creating and viewing short gaming clips but also sees a big opportunity in helping streamers cut down their existing content for distribution on platforms like Instagram and TikTok where short-form gaming content sees a good deal of engagement.
The startup announced today that they’ve closed a $7 million Series A led by Andreessen Horowitz with participation from a host of angel investors including Figma’s Dylan Field, Loom’s Joe Thomas and Plaid’s Zach Perret & William Hockey.
We last covered Lowkey in early 2020 when the company was looking to build out a games tournament platform for adults. At the time, the company had already pivoted after going through YC as Camelot but which allowed audiences on Twitch and YouTube pay creators to take on challenges. This latest shift brings Lowkey back to the streaming world but more focused on becoming a tool for streamers and a hub for viewers.
One of the challenges for streamers has been adapting widescreen content for a vertical video form factor, but CEO Jesse Zhang says that it’s not really a problem with most modern games. “Games inherently want to focus you attention on the center of the screen,” Zhang tells TechCrunch. “So, almost all clips extend really cleanly to like a mobile format, which is what we’ve done.”
Twitch and YouTube Gaming have proven to be pretty uninterested in short-form content, favoring the opportunities of long-form stream that allow streamers to press broadcast and upload 30 minutes+ streams. Lowkey users can easily upload footage captured from Lowkey’s desktop app or directly import a linked stream. This allows content creators to upload and comment on their own footage or remix and respond to another streamer’s content.
Lowkey’s desktop app is available on Windows and their new mobile app is now live for iOS.
FLoC is meant to be an alternative to the kind of cookies that advertising technology companies use today to track you across the web. Instead of a personally identifiable cookie, FLoC runs locally and analyzes your browsing behavior to group you into a cohort of like-minded people with similar interests (and doesn’t share your browsing history with Google). That cohort is specific enough to allow advertisers to do their thing and show you relevant ads, but without being so specific as to allow marketers to identify you personally.
This “interest-based advertising,” as Google likes to call it, allows you to hide within the crowd of users with similar interests. All the browser displays is a cohort ID and all your browsing history and other data stay locally.
The trial will start in the U.S., Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand and the Philippines. Over time, Google plans to scale it globally. As we learned earlier this month, Google is not running any tests in Europe because of concerns around GDPR and other privacy regulations (in part, because it’s unclear whether FLoC IDs should be considered personal data under these regulations).
Users will be able to opt out from this origin trial, just like they will be able to do so with all other Privacy Sandbox trials.
Unsurprisingly, given how FLoC upends many of the existing online advertising systems in place, not everybody loves this idea. Advertisers obviously love the idea of being able to target individual users, though Google’s preliminary data shows that using these cohorts leads to similar results for them and that advertisers can expect to see “at least 95% of the conversions per dollar spent when compared to cookie-based advertising.”
Google notes that its own advertising products will get the same access to FLoC IDs as its competitors in the ads ecosystem.
But it’s not just the advertising industry that is eyeing this project skeptically. Privacy advocates aren’t fully sold on the idea either. The EFF, for example, argues that FLoC will make it easier for marketing companies that want to fingerprint users based on the various FLoC IDs they expose, for example. That’s something Google is addressing with its Privacy Budget proposal, but how well that will work remains to be seen.
Meanwhile, users would probably prefer to just browse the web without seeing ads (no matter what the advertising industry may want us to believe) and without having to worry about their privacy. But online publishers continue to rely on advertising income to fund their sites.
With all of these divergent interests, it was always clear that Google’s initiatives weren’t going to please everyone. That friction was always built into the process. And while other browser vendors can outright block ads and third-party cookies, Google’s role in the advertising ecosystem makes this a bit more complicated.
“When other browsers started blocking third-party cookies by default, we were excited about the direction, but worried about the immediate impact,” Marshall Vale, Google’s product manager for Privacy Sandbox, writes in today’s announcement. “Excited because we absolutely need a more private web, and we know third-party cookies aren’t the long-term answer. Worried because today many publishers rely on cookie-based advertising to support their content efforts, and we had seen that cookie blocking was already spawning privacy-invasive workarounds (such as fingerprinting) that were even worse for user privacy. Overall, we felt that blocking third-party cookies outright without viable alternatives for the ecosystem was irresponsible, and even harmful, to the free and open web we all enjoy.”
It’s worth noting that FLoC, as well as Google’s other privacy sandbox initiatives, are still under development. The company says the idea here is to learn from these initial trials and evolve the project accordingly.
Swiss automation and technology company ABB has announced a collaboration with Amazon Web Services (AWS) to create a cloud-based EV fleet management platform that it hopes will hasten the electrification of fleets. The platform, which the company says will help operators maintain business continuity as they switch to electric, will roll out in the second half of 2021.
This announcement comes after a wave of major delivery companies pledged to electrify their fleets. Amazon already has a number of Rivian-sourced electric delivery vans on the streets of California and plans to have 10,000 more operational by this year; UPS ordered 10,000 electric vans from Arrival for its fleet; 20% of DHL’s fleet is already electric; and FedEx plans to electrify its entire fleet by 2040. A 2020 McKinsey report predicted commercial and passenger fleets in the U.S. could include as many as eight million EVs by 2030, compared with fewer than 5,000 in 2018. That’s about 10 to 15% of all fleet vehicles.
“We want to make EV adoption easier and more scalable for fleets,” Frank Muehlon, president of ABB’s e-mobility division, told TechCrunch. “To power progress, the industry must bring together the best minds and adopt an entrepreneurial approach to product development.”
ABB brings experience in e-mobility solutions, energy management and charging technology to the table, which will combine with AWS’s cloud and software to make a single-view platform that can be tailored to whichever company is using it. Companies will be able to monitor things like charge planning, EV maintenance status, and route optimization based on the time of day, weather and use patterns. Muehlon said they’ll work with customers to explore ways to use existing data from fleets for faster implementation.
The platform will be hosted on the AWS cloud, which means that it can scale anywhere AWS is available, which so far includes in 25 regions globally.
The platform will be hardware-agnostic, meaning any type of EV or charger can work with it. Integration of software into specific EV fleets will depend on the fleet’s level of access to third-party asset management systems and onboard EV telematics, but the platform will support a layered feature approach, wherein each layer provides more accurate vehicle data. Muehlon says this makes for a more seamless interface than existing third-party charging management software, which don’t have the technology or the flexibility to work with the total breadth of EV models and charging infrastructure.
“Not only do fleet managers have to contend with the speed of development in charging technology, but they also need real-time vehicle and charging status information, access to charging infrastructures and information for hands-on maintenance,” said Muehlon. “This new real-time EV fleet management solution will set new standards in the world of electric mobility for global fleet operators and help them realize improved operations.”
This software is aimed at depot and commercial fleets, as well as public infrastructure fleets. Muehlon declined to specify any specific EV operators or customers lined up to use this new technology, but he did say there are “several pilots underway” which will “enable us to ensure that we are developing market-ready solutions for all kinds of fleets.”
Digital House, a Buenos Aires-based edtech focused on developing tech talent through immersive remote courses, announced today it has raised more than $50 million in new funding.
Notably, two of the main investors are not venture capital firms but instead are two large tech companies: Latin American e-commerce giant Mercado Libre and San Francisco-based software developer Globant. Riverwood Capital, a Menlo Park-based private equity firm, and existing backer early-stage Argentina-based venture firm Kaszek also participated in the financing.
The raise brings Digital House’s total funding raised to more than $80 million since its 2016 inception. The Rise Fund led a $20 million Series B for Digital House in December 2017, marking the San Francisco-based firm’s investment in Latin America.
Nelson Duboscq, CEO and co-founder of Digital House, said that accelerating demand for tech talent in Latin America has fueled demand for the startup’s online courses. Since it first launched its classes in March 2016, the company has seen a 118% CAGR in revenues and a 145% CAGR in students. The 350-person company expects “and is on track” to be profitable this year, according to Duboscq.
Digital House CEO and co-founder Nelson Duboscq. Image Credits: Digital House
In 2020, 28,000 students across Latin America used its platform. The company projects that more than 43,000 will take courses via its platform in 2021. Fifty percent of its business comes out of Brazil, 30% from Argentina and the remaining 20% in the rest of Latin America.
Specifically, Digital House offers courses aimed at teaching “the most in-demand digital skills” to people who either want to work in the digital industry or for companies that need to train their employees on digital skills. Emphasizing practice, Digital House offers courses — that range from six months to two years — teaching skills such as web and mobile development, data analytics, user experience design, digital marketing and product development.
The courses are fully accessible online and combine live online classes led by in-house professors, with content delivered through Digital House’s platform via videos, quizzes and exercises “that can be consumed at any time.”
Digital House also links its graduates to company jobs, claiming an employability rate of over 95%.
Looking ahead, Digital House says it will use its new capital toward continuing to evolve its digital training platforms, as well as launching a two-year tech training program — dubbed the the “Certified Tech Developer” initiative — jointly designed with Mercado Libre and Globant. The program aims to train thousands of students through full-time two-year courses and connect them with tech companies globally.
Specifically, the company says it will also continue to expand its portfolio of careers beyond software development and include specialization in e-commerce, digital marketing, data science and cybersecurity. Digital House also plans to expand its partnerships with technology employers and companies in Brazil and the rest of Latin America. It also is planning some “strategic M&A,” according to Duboscq.
Francisco Alvarez-Demalde, co-founder & co-managing partner of Riverwood Capital, noted that his firm has observed an accelerating digitization of the economy across all sectors in Latin America, which naturally creates demand for tech-savvy talent. (Riverwood has an office in São Paulo).
For example, in addition to web developers, there’s been increased demand for data scientists, digital marketing and cybersecurity specialists.
“In Brazil alone, over 70,000 new IT professionals are needed each year and only about 45,000 are trained annually,” Alvarez-Demalde said. “As a result of such a talent crunch, salaries for IT professionals in the region increased 20% to 30% last year. In this context, Digital House has a large opportunity ahead of them and is positioned strategically as the gatekeeper of new digital talent in Latin America, preparing workers for the jobs of the future.”
André Chaves, senior VP of Strategy at Mercado Libre, said the company saw in Digital House a track record of “understanding closely” what Mercado Libre and other tech companies need.
“They move as fast as we do and adapt quickly to what the job market needs,” he said. “A very important asset for us is their presence and understanding of Latin America, its risks and entrepreneurial environment. Global players have succeeded for many years in our region. But things are shifting gradually, and local knowledge of risks and opportunities can make a great difference.”
When it comes to Steady, the platform that helps hourly workers manage their income, maximize their income, and access deals on things like benefits and financial services, the strengths of the business are clear. But it took time for founder and CEO Adam Roseman to clearly define and communicate each of them in his quest for fundraising.
To date, Steady has raised just under $30 million with investors that include Loeb.nyc, Recruit Strategic Partners, Propel Ventures and Flourish Ventures. In fact, Flourish’s Emmalyn Shaw sits on the board, having led the company’s Series A round in 2018.
As a partner at a $500 million fintech fund, her expertise in not only how fintech companies should think about fundraising but what it takes for them to be successful is invaluable. Lucky for us, we got the chance to sit down with both Steady CEO Adam Roseman and Emmalyn Shaw for a recent episode of Extra Crunch Live.
The duo were gracious enough to walk us through Steady’s Series A deck, explaining the importance of highlighting the strengths of the business. They went into detail on how Steady was successful in that during that fundraising process, and what the company could have done differently to be more effectively.
Shaw and Roseman also gave some fantastic advice for founders during the Pitch Deck Teardown, wherein speakers give their expert feedback on decks submitted by the audience. (If you’d like to have your pitch deck featured on an episode of Extra Crunch Live, hit up this link.)
Roseman shared that the best investors are ones that not only understand the business but understand you as a founder and a person. He explained that he and Shaw had plenty of time to get to know each other before the Series A deal.
“I’ve been a part of businesses in the past as an entrepreneur and on boards where it’s been the worst situation, especially when they don’t understand your business,” said Roseman. “Flourish took the time to understand it through and through and was entirely aligned. That makes for the best long-term partnership.”
While it’s a cliche, it remains true that investors often place bets based on a team and not an idea or a product. But what exactly makes a great team or founder? According to Shaw, it’s about vision and passion.
“In Adam’s case, he has a direction connection to what Steady is trying to do,” said Shaw. “That makes a huge difference in terms of commitment because you have ups and downs. They bring experience in terms of understanding the space, how to penetrate and scale and a deep understanding of fintech.”
That’s how long Google gave developers to start implementing required changes to improve user experience. In early May 2020, Google published a modest post on one of its developer blogs introducing Core Web Vitals — a set of metrics that will result in major changes to the way websites are ranked by the search engine. In May 2021, Google will officially add those Core Web Vitals to the various other “page experience” signals it analyzes when deciding how to rank websites.
The quest to improve a website’s position in search results has spawned hundreds (if not thousands) of how-to articles over the years. Businesses that are scared about taking a hit to SEO from Google’s new metrics have been pushing developers to optimize company websites. At the same time, developers have been frustrated because there’s a lot that goes into user experience that isn’t reflected in the Core Web Vitals. A lot of details have to be juggled.
Aside from improved SEO, small business websites optimizing for the new metrics will reap the rewards of an improved user experience for their site visitors.
But what about the startups, tech companies and small business owners who handle their own websites in-house? What about the agencies and enterprise platforms that manage or host hundreds or even thousands of websites for clients? While many are looking at the Core Web Vitals as a big hoop to jump through to please the search powers that be, others are seeing — and seizing — the opportunities that come along with this change.
Small businesses wondering “What’s in it for me?” should recognize that if all other things are equal, optimizing for the Core Web Vitals is going to be a significant tiebreaker between websites. If a company’s site is ranking really well with these rigorous metrics, it will have an edge against competitors in searches when content and ranking are otherwise comparable.
Aside from improved SEO, small business websites optimizing for the new metrics will reap the rewards of an improved user experience for their site visitors. Internet users frequently complain about long wait times as pages are loading, or problems with an entire page shifting just as the user goes to click a specific button — which results in them clicking the wrong button and causing further delays. For online retail websites, a poor user experience leads to lost revenue as users abandon shopping carts and never return to a site. Once the Core Web Vitals go into effect, companies that have made the efforts to provide smooth and speedy performance for visitors will win out against competitors that retain sluggish designs.
Researchers say a botnet targeting Windows devices is rapidly growing in size, thanks to a new infection technique that allows the malware to spread from computer to computer.
The Purple Fox malware was first spotted in 2018 spreading through phishing emails and exploit kits, a way for threat groups to infect machines using existing security flaws.
But researchers Amit Serper and Ophir Harpaz at security firm Guardicore, which discovered and revealed the new infection effort in a new blog post, say the malware now targets internet-facing Windows computers with weak passwords, giving the malware a foothold to spread more rapidly.
The malware does this by trying to guess weak Windows user account passwords by targeting the server message block, or SMB — a component that lets Windows talk with other devices, like printers and file servers. Once the malware gains access to a vulnerable computer, it pulls a malicious payload from a network of close to 2,000 older and compromised Windows web servers and quietly installs a rootkit, keeping the malware persistently anchored to the computer while also making it much harder to be detected or removed.
Once infected, the malware then closes the ports in the firewall it used to infect the computer to begin with, likely to prevent reinfection or other threat groups hijacking the already-hacked computer, the researchers said.
The malware then generates a list of internet addresses and scans the internet for vulnerable devices with weak passwords to infect further, creating a growing network of ensnared devices.
Botnets are formed when hundreds or thousands of hacked devices are enlisted into a network run by criminal operators, which are often then used to launch denial-of-network attacks to pummel organizations with junk traffic with the aim of knocking them offline. But with control of these devices, criminal operators can also use botnets to spread malware and spam, or to deploy file-encrypting ransomware on the infected computers.
But this kind of wormable botnet presents a greater risk as it spreads largely on its own.
Serper, Guardicore’s vice president of security research for North America, said the wormable infection technique is “cheaper” to run than its earlier phishing and exploit kit effort.
“The fact that it’s an opportunistic attack that constantly scans the internet and looks for more vulnerable machines means that the attackers can sort of ‘set it and forget it’,” he said.
It appears to be working. Purple Fox infections have rocketed by 600% since May 2020, according to data from Guardicore’s own network of internet sensors. The actual number of infections is likely to be far higher, amounting to more than 90,000 infections in the past year.
Guardicore published indicators of compromise to help networks identify if they have been infected. The researchers do not know what the botnet will be used for but warned that its growing size presents a risk to organizations.
“We assume that this is laying the groundwork for something in the future,” said Serper.
Zoom, Microsoft and Google all rocketed to the top of the charts in the virtual meetings stakes during the pandemic but a plucky startup from Norway had others ideas. Video meeting startup Whereby has now raised $12 million from German VC Point Nine, SaaStr fund and a group of more than 20 angel investors.
Angels investors include Josh Buckley(CEO, Producthunt), Shakil Khan (Founding Member, Spotify), Elizabeth Yin (Hustlefund) and Jason M. Lemkin (founder of Saastr).
Øyvind Reed, CEO at Whereby said in a statement: “The past year has led many of us to question the future of work, with video meetings set to remain a big part of our lives. More than ever, the tools we use to connect have to enable effective and enjoyable meetings, providing focus, collaboration and wellbeing. .”
Whereby’s platform has three pricing plans (including free) and allows users to embed tools like Google Docs, Trello and Miro directly in their meetings, unlike other video platforms.
Whereby was demonstrated to me by co-founder Ingrid Ødegaard on a coffee table during 2016’s Oslo Innovation Week. I immediately set-up my username, which has existed even as the startup changed it name from Appear.in. Ingrid told me during an interview that they “tried to be much more human-centric and really focus on some of the human problems that come with collaborating remotely. One of the big mistakes that a lot of people making is just replicating the behavior that they had in the office… whereas we think that you actually need to work in a fundamentally different way. We want to help people do that and by making it really easy to jump in and have a meeting when you need to. But our goal is not to push people to have more meetings, quite the opposite.”
The startup’s secret weapon is enterprise integrations. If you had a video meeting with a UK GP over video in the last year it was probably over Whereby (indeed, mine was!). Whereby won a contract with the NHS for its remote video patient consultations during the pandemic. Competitors for this include Jitsi and AccurX. The company claims it saw a 450% increase in users across 150 countries last year.
“Last year we saw the mass adoption of video meetings,” said Christoph Janz, Partner at Point Nine. “Now it’s about taking the user experience to the next level and Whereby will be leading that charge. It’s amazing to see a Scandinavian startup playing in the same league as the tech giants.”