Month: August 2018

Valimail, an enterprise email security firm, announced that it will offer its email protections for free to relevant government workers and campaigns through the 2018 midterms. That offer covers state election boards, voting system vendors and major party U.S. election campaigns, including congressional, statewide and gubernatorial candidates. The company will also offer the same email fraud prevention service, known as Valimail Enforce, to the Democratic National Committee and Republican National Committee at no cost through the 2020 U.S. presidential election.

“Bad actors are trying to disrupt our elections and sow chaos in our democracy,” Valimail CEO and co-founder Alexander García-Tobar said in a statement. “They are targeting email because it is one of the weakest points in digital communications.”

As Valimail observes, spear phishing attempts in which an attacker tricks their target into opening a malicious email are a particular problem. In a spear phishing attack, a hacker can compromise a target’s login credentials by getting them to click on a fraudulent link or just by pretending to be someone they aren’t and obtaining usernames, passwords and other sensitive information. (The suspected Russian government-affiliated attackers who compromised a Gmail account belonging to Hillary Clinton’s 2016 campaign chair John Podesta used spear phishing to achieve their goals.)

Spear phishing attacks often employ email spoofing, a strategy in which the attacker disguises their true identity and makes an email look like it’s coming from a trusted domain. Citing its own research, Valimail notes that 90 percent of cyberattacks originate in spear phishing and two-thirds of those employ a fake “from” address to target potential victims.

Valimail Enforce prevents this kind of attack with an email authentication system that only allows authorized senders to use a domain name. The company’s email authentication service employs standards like SPF, DKIM and DMARC and is Federal Risk and Authorization Management Program (FedRAMP) authorized, making it easier for government entities to adopt its security tools.

Though no states and campaigns have signed on to the new offering yet, Valimail has been talking with the National Association of State Election Directors and the Department of Homeland Security, the federal agency tasked with coordinating security for election systems — now designated as critical infrastructure — among the states. Valimail follows companies like Cloudflare and Synack in offering its services at no cost to help secure election systems.

Due to the state and local-led nature of U.S. elections, it’s very difficult to ensure that security measures can be uniformly implemented and enforced across the board. It’s too late for the patchwork of post-2016 election security efforts to provide any kind of comprehensive assurance for the 2018 midterms, but private tech companies are stepping in to fill some of the gaps. At the very least, getting some security relationships in place and educating state and local officials on potential precautions should be a useful stepping stone to more secure elections by 2020.

Source: Tech Crunch

Pro-privacy search engine DuckDuckGo, which offers an alternative to surveillance engines like Google, has quietly picked up $10M in fresh funding from Canadian pension fund Omers’ VC arm. The Globe and Mail reported the news earlier this month.

It’s only the second funding round for the ten year old company — which last picked up $3M in VC all the way back in 2011, according to Crunchbase.

In a blog post announcing the investment, Omers Ventures argues that privacy and security concerns have “risen to the forefront of public consciousness” over the past five years — noting how governments are responding to public demand and data breaches and “starting to take real action”, citing the European Union’s updated privacy framework, GDPR, as one example.

With that conviction in mind, the fund actively pursued an investment in DDG, which has been profitable (via non-tracking advertising) since 2014 so was not in need of a cash injection. And, indeed, initially refused one. But Omers persisted and was able to persuade founder Gabriel Weinberg to take the money to help support growth objectives for DDG, “particularly internationally”, and including in Canada (where the fund is based).

Expanding its privacy and security offerings is another rational for DDG taking the funding.

At the start of this year the company branched out from its core product of private (non-tracking) search — adding a tracker blocker and other privacy and security tools to create a functional bundle to help web users keep their browsing private too.

In an interview with Bloomberg, Weinberg said the focus with Omers is “to figure out how to take that globally as they’re a global pension fund”.

Asked for more detail about the plans, he told TechCrunch: “While we are already global (and have been since launch in 2008), we are now trying to focus more on specific markets: In hiring, better tuning our search engine results for local markets, and expanding the channels we use to market DuckDuckGo to have more of a global focus.”

Hiring international staff will therefore be a big part of DDG’s growth push.

“We are focused on staffing up to continue to deliver the best all-in-one privacy solution (the one we launched at the beginning of the year) and marketing, with a more particular focus on outside of the US,” he also told us.

“Our top markets (in terms of search traffic) outside the US are: DE [Germany], UK, FR [France], CA [Canada], though we have significant growth and presence in most countries in terms of relative search market share.”

Weinberg added that Omers has “a deep personal interest and investment thesis in privacy, and do believe there is an inflection point now”.

Source: Tech Crunch

A coalition of privacy groups are calling on lawmakers to fill the vacant positions on the government’s surveillance oversight board, which hasn’t fully functioned in almost two years.

The Privacy and Civil Liberties Oversight Board, known as PCLOB, is a little-known but important group that helps to ensure that intelligence agencies and executive branch policies are falling within the law. The board’s work allows them to have access to classified programs run by the dozen-plus intelligence agencies and determine if they’re legal and effective, while balancing Americans’ privacy and civil liberties rights.

In its most recent unclassified major report in 2015, PCLOB called for an end of the NSA’s collection of Americans’ phone records.

But the board fell out of quorum when four members left the board last year, leaving just the chairperson. President Obama did not fill the vacancies before he left office, putting PCLOB’s work largely on ice.

A report by The Intercept said, citing obtained emails, that the board was “basically dead,” but things were looking up when President Trump earlier this year picked a bipartisan range of five nominees for the board, including a computer science and policy professor and a former senior Justice Department lawyer named in March. If confirmed by the Senate Judiciary Committee, the newly appointed members would put the board back into full swing.

Except the committee has dragged its feet. Hearings have only been heard on three nominees, but a vote has yet to be scheduled.

A total of 31 privacy organizations and rights groups, including the ACLU, Open Technology Institute and the Center for Democracy & Technology signed on to the letter calling on the senate panel to push forward with the hearings and vote on the nominees.

“During the eleven years since Congress created the PCLOB as an independent agency, it has only operated with a quorum for four and one-half years,” the letter said. “Without a quorum, the PCLOB cannot issue oversight reports, provide the agency’s advice, or build upon the agency foundations laid by the original members. It is also critical that the PCLOB operate with a full bipartisan slate of qualified individuals.”

The coalition called the lack of quorum a “lost opportunity to better inform the public and facilitate Congressional action.”

Given the continuing aftermath of the massive leak of classified documents by NSA whistleblower Edward Snowden, the board’s work is more important than ever, the letter said.

Spokespeople for the Senate Judiciary Committee did not respond to a request for comment.

Source: Tech Crunch

Next week, Bernie Sanders will introduce legislation aimed firmly at large companies he believes have taken advantage of “corporate welfare” by underpaying employees. Amazon and Walmart in particular have bore the brunt of the Senator’s criticisms, and the rhetoric has become increasingly heated over the the past few days.

Earlier today, Amazon accused Sanders of issuing “inaccurate and misleading” statements as he called the company out of warehouse conditions. The Vermont senator has since responded with a release, calling Amazon fulfillment center wages “absurd.”

“Thousands of Amazon employees are forced to rely on food stamps, Medicaid and public housing because their wages are too low,” Sanders says, “including 1 out of 3 of its workers in Arizona and 2,400 in Pennsylvania and Ohio, according to The New Food Economy. Bottom line: the taxpayers of this country should not have to subsidize employees at a company owned by Mr. Bezos who is worth $155 billion. That is absurd.”

In an interview yesterday, Sanders told TechCrunch that the company had not been forthcoming with information about employment. The company shot back, noting that the Senator had yet to take it up on its offer of a warehouse tour.

“In terms of visiting a fulfillment center, last month I was visiting Wisconsin and requested to visit the fulfillment center in Kenosha,” Sanders says. “Unfortunately, Amazon could not accommodate me then. In September, I look forward to visiting the fulfillment center in Chester, Virginia, and working out the details with Amazon. We have heard from workers there, including Navy veteran Seth King, about unsafe working conditions and at least one person has reportedly died at the warehouse.”

Sanders, of course, is far from the first person to raise issue with Amazon fulfillment center conditions. Stories have been floating around from current and former employees for years. CEO Jeff Bezos, who has been front and center in Sanders’ criticism recently told the press, “I am very proud of our working conditions, and I am very proud of the wages that we pay.”

Source: Tech Crunch

The Atlantic has hired Facebook’s Alex Hardiman to head up its business and product efforts. She’ll join in the fall from Facebook, where she’s been serving as the social media giant’s head of news products.

In her new role, Hardiman will focus on digital consumer revenue, audience experience and product strategy, leading The Atlantic’s product, engineering, data and growth teams.

“I’ve always been a news person,” Hardiman said in a Facebook post. “It’s my passion during the workday and my guilty pleasure on nights and weekends. It’s why I spent a decade at The Times before coming to Facebook to help tackle some of the company’s formidable news challenges, and it’s why I’m now joining The Atlantic at a unique moment in its history.”

Hardiman joined Facebook in 2016, just as criticism against the platform for its role in spreading “fake news” began to spread like wildfire. She was promoted to lead its news efforts on the product side in May 2017. Before that, she spent more than a decade at The New York Times, completing her tenure as vice president of news products.

“Her leadership positions at both Facebook and The New York Times give her an unrivaled perspective on digital media, and her audience-first focus will sharpen the appeal of our work,” The Atlantic president Bob Cohn said in a statement. “All this will serve us extremely well as we aggressively expand our ambitions for 2019 and beyond.”   

At Facebook, Hardiman was involved in a variety of projects, including removing the trending feature and launching Facebook Watch. Both initiatives were part of a greater effort to remove fake news from the site and provide new avenues for more reliable news from trusted sources.

“Alex is a true leader who built a fantastic team,” a representative from Facebook told me. “She helped develop a framework and key news products for both people on Facebook and publishers. We wish her nothing but the best at The Atlantic.”

Here’s Hardiman’s full statement:

A Personal Update

I have some news to share: after two deeply gratifying years at Facebook, I’ve decided to leave and join The Atlantic in the fall.

I’ve always been a news person. It’s my passion during the workday and my guilty pleasure on nights and weekends. It’s why I spent a decade at The Times before coming to Facebook to help tackle some of the company’s formidable news challenges, and it’s why I’m now joining The Atlantic at a unique moment in its history.

Facebook has given me so many things for which I’m profoundly grateful: wildly talented colleagues, great relationships with news organizations that are reinventing their future, and deep humility for the difficulty of solving nuanced problems at Facebook’s scale. Facebook has a long way to go, but there’s important progress being made to rebuild trust with consumers and publishers. The people behind the scenes work like crazy to make that happen and they often fly under the radar, but you can read more about some of them here: https://www.cnet.com/…/the-cure-for-facebooks-fake-news-in…/. I’m proud of the News team’s mission-driven ethos and I couldn’t be more confident and optimistic about its future.

It therefore required an extraordinary opportunity to compel me to move on. The Atlantic has always been a part of my life when things got complicated. When I was conflicted about how to pursue professional ambition and motherhood at the same time, I found Anne Marie Slaughter’s perspective to be the most refreshing and relatable take on the issue. When I was trying to make sense of President Obama’s foreign policy, Jeffrey Goldberg’s reporting brought radical clarity and honesty to my understanding of America. Since before the Civil War, The Atlantic has consistently defined the most ambitious and contentious ideas of the moment. In today’s political and social climate, its role has never been more vital.

So when I met with The Atlantic and Emerson Collective teams to learn about the next phase of investment and growth, I already knew how much of a privilege it would be to join them. In my new role, I’ll be partnering with teams across The Atlantic to create digital products that people love, grow the company’s consumer revenue line, and transform The Atlantic from a media-centric organization to a leader in media and product. After having built products with hundreds of news organizations at Facebook from the outside, I’m particularly excited to return to tackle these opportunities with The Atlantic from within.

Facebook friends: thank you for everything. I’ve learned so much from you and have an unwavering appreciation for all that you do to better serve the people and publishers who use your products.

Future Atlantic colleagues: I can’t wait to get to work and join you on this important mission. Thank you for having me.

Source: Tech Crunch

You’re not the only one reading your emails.

A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email scanning program analyzes over 200 million AOL and Yahoo inboxes for data that can be sold to advertisers. (Disclosure: TechCrunch is owned by Verizon by way of Oath.)

The logic goes that by learning about its users, the internet giant can hone its ad targeting effort to display the most relevant ads.

But where other major email providers have bailed from email scanning amid privacy scandals and security issues, Oath remains the outlier.

Google ended its ad-targeting email scanning operation across its consumer Gmail service last year — a decision lauded after facing criticism for years over the practice — though the company still uses machine learning to help you reply to emails. Meanwhile, Microsoft told TechCrunch in a statement that it does “not use email content for ad targeting in any way, anywhere in Microsoft.” And Apple has never scanned its customers’ inboxes for advertising, though its privacy policy says it can access your data for law enforcement purposes or for more vague reasons like “issues of public importance.”

So it’s basically just Oath, then.

Scanning the inboxes of its hundreds of millions of email users is a gutsy move for the year-old internet giant, which prior to its rebranding was responsible for two data breaches at Yahoo exposing over thee billion users’ data and a separate breach at AOL in 2014. Yahoo reportedly built a secret customer email scanning tool at the behest of the US intelligence community, which led to the departure of former Yahoo infosec chief Alex Stamos, who until recently was Facebook’s chief security officer.

Although the email scanning program isn’t new — announced earlier this year — it does go deeper than Gmail’s scanning ever did.

“Yahoo mined users’ emails in part to discover products they bought through receipts from e-commerce companies such as Amazon.com,” said the WSJ. “In 2015, Amazon stopped including full itemized receipts in the emails it sends customers, partly because the company didn’t want Yahoo and others gathering that data for their own use.”

Although some content is excluded from the scanning — such as health and medical information — it remains to be seen how (or even if) Oath can exclude other kinds of sensitive data from its customers’ inboxes, like bank transfers and stock receipts.

Yahoo Mail’s privacy policy says email accounts are subject to “manual review,” which allows certain Oath employees access to inboxes.

TechCrunch asked Oath and its parent Verizon about what assurances they could provide that confidential emails and information won’t be collected or used in any way. We also asked how consent was obtained from users in Europe, where data protection rules under the newly-implemented GDPR regulations are stricter.

Neither Verizon or Oath responded by our deadline.

It should go without saying, email isn’t the most sensitive or secure communications medium, and inboxes should never be assumed to be private — not least from law enforcement and the companies themselves.

Deleting your account might be overkill, especially if you don’t want anyone to hijack your email address once it’s recycled. But if there’s ever been a time to find a better inbox, now might be it.

Source: Tech Crunch

Cody Wilson, the self-described crypto-anarchist who on Monday was blocked from distributing schematics for 3D-printed guns online, is making good on his promise for “one hell of a week.”

Exploiting what Wilson says is a loophole in the judge’s injunction against the distribution of the plans for how to print a firearm using 3D printers, Wilson has replaced the “download” option for the schematics on his website with an option to purchase.

At a news conference in Texas, Wilson said he had begun selling the plans on Tuesday morning and had already received nearly 400 orders, according to a report by The Associated Press. 

“Anyone who wants to get these files is going to get them,” the AP quoted Wilson. “They can name their own price.”

By selling the schematics and distributing them via email or secure digital download, it looks like Wilson may just skirt the judges injunction on the distribution of the plans.

As Vice noted in its report on Wilson’s plans, the judge who issued the ruling wrote that, “Regulation under [The Arms Export Control Act] means that the files cannot be uploaded to the internet… But they can be emailed, mailed, securely transmitted, or otherwise published within the United States.”

Source: Tech Crunch

Earlier today, Facebook said that it has committed to reducing its greenhouse gas emissions by 75 percent and using 100 percent renewable energy to power global operations at the social networking giant by the end of 2020.

So, while the company may have problems keeping foreign nationals from using the platform for influence operations (or garbage influencers from engaging in influence operations), at least they’ll be doing it with less of an effect on climate change.

Facebook gave itself a well-deserved pat on the back for its pace of acquiring renewable energy. The company bought over 3 gigawatts of new solar and wind energy since its first renewable energy purchase in 2013 (that includes 2.5 gigawatts in the past 12 months alone — a rate of acquisition that makes the intervening years look… well… kind of paltry).

What’s especially good about the Facebook renewable purchases is that they’re not just offset agreements — deals where a company buys renewable energy in some far-flung geography to offset the power they’re buying in local markets that relies on traditional carbon-based fuel sources.

“All of these wind and solar projects are new and on the same grid as our data centers,” the company said. “That means that each of these projects brings jobs, investment and a healthier environment to the communities that host us — from Prineville, Oregon, and Los Lunas, New Mexico, to Henrico, Virginia, and Luleå, Sweden.”

The targets that Facebook is making public today are part of the company’s commitment to the Paris Agreement through the “We Are Still In” initiative, the company said.

For Facebook, the announcement is something of a victory lap. Back in 2015, the company set a goal of having 50 percent of its power supplied to facilities from renewable energy sources by 2018. It actually hit that target in 2017.

Source: Tech Crunch

No, it’s not just you. Yes, Slack is having connectivity issues yet again. Though this time, they seem a bit less pronounced. I know we’re having some problems off and on, with different channels appearing offline. For the most part, however, communication is still up, so you probably won’t be able to convince your boss to take the rest of the day off. Sorry.

Slack acknowledged the problems on its status page, noting, “Folks are having troubles connecting to their workspaces. We’re looking into the cause and will have updates shortly.” The site experience similar issues earlier this month and back in June.

We’ll update shortly after those updates arrive shortly. Shortly.

Update: Things appear to be back to normal. Here’s the full rundown from Slack,

On June 27th (yesterday) between 6:33 a.m. and 9:49 a.m. PDT Slack experienced an outage where people could not connect to their workspaces. The network problems were caused by a bug included in an offline batch process of data, which resulted in unexpected network spikes and led all of our customers to become disconnected and unable to reconnect.

Once we identified the problem, we restricted new connections and provisioned extra capacity. At 9:24 a.m. PST, production was healthy enough to remove restrictions and by 9:44 a.m. PST, all customers had reconnected to Slack once again.

Source: Tech Crunch