Category: StartUps

Dear blockchain people: this is your hour. Abandon your transparently greedy get-rich-quick schemes, turn away from your casinos of de-facto modern-day penny stocks, and focus your decentralized attention on what the world needs. Save us, O blockchainers, from the scourge that is Facebook! Decentralize all the things!

I’m kidding, of course. For now.

Every year, it seems, a new “new Facebook” arises, swells, deflates, and vanishes, generally in a matter of weeks. Remember Diaspora? Ello? Mastodon? Vero? I imagine them as gangs of bandits charging The Wall in Game of Thrones, prompting the Night’s Watch of Menlo Park to … ignore them completely until they go away. The critical mass of everyone you know, plus the cost and complexity of an infrastructure that provides a broad panoply of valuable features to two billion people — those are Facebook’s 700-foot-high barrier of enchanted ice.

And yet. It is whispered in dark corners, at conventions with names like Consensus and TokenFest, that there is a secret tunnel in that wall, a fundamental flaw. That Facebook’s advantage of massive scale could melt away if faced by the dark magic of decentralization, wherein users own their own data, encrypted by them, stored in the location of their choice, shared only as and when they explicitly approve, while they connect peer-to-peer with interactions mediated and paid for via a tokenized protocol, across an armada of nodes running — yep, you guessed it — some sort of blockchain.

This is essentially nonsense. For now. Its fundamental flaw is the fundamental flaw of most grandiose decentralized blockchain notions; they are too much, too large, too megalomaniacal, too soon. They want to supplant the entire existing order, whether it be money, the entire financial sector, democratic governance, social media … or, really, pick a field of human endeavour, there’s probably some white paper outlining a token-based decentralized wholesale replacement for the way things are done now.

Dear blockchain people: stop it. I like big thinking as much as anyone, but in practice you don’t change things by overthrowing them. You won’t blow out a torch that’s been burning for many years with your new Big Bang. Instead, in practice, you start small, with a tiny cohort of enthusiasts, and you iterate — sometimes for a very long time — before you get any traction that the wider world notices at all. You do not, repeat not, gather a band of adventurers together in an inn to immediately form up and charge The Wall.

Especially stop it with consumer applications. I stand by my statement that “blockchains are the new Linux, not the new Internet” more strongly with each passing month. Blockchain enthusiasts may enjoy perusing their wallets and counting how many different kinds of ERC20 tokens — which generally still have no actual utility, beyond that of a penny stock — are contained within. Ordinary users, however, do not.

Better token UX won’t fix their fundamental problem. Online micropayments didn’t fail again and again because decentralized tokens weren’t a thing yet; they failed because their cognitive load was far too great to sustain their use. Tokens don’t change that one iota. If your consumer decentralized app involves ordinary users knowingly accumulating, spending, or transferring custom tokens, your consumer decentralized app will fail.

But, you know what? Having said all that? I wasn’t kidding with the first line of this post. Dear blockchain people, this is your hour, if you would only recognize it. But your objective is not to compete with, or replace, centralized services. That may never be the objective, and that’s OK. Rather, your goal right now is to create a viable alternative for those who reject existing centralized services, whether they be many or few.

That’s what Bitcoin itself is, after all; a weird little alternative to centralized finance. Over the course of a decade it has, beyond astonishingly, actually become viable, useful, self-sufficient, and globally successful, but it remains a weird little alternative, and will for the foreseeable future.

In its wake we now have the tools to create decentralized apps that aren’t just about value transfer. Consider Blockstack, which includes “a decentralized micro-blogging app” among its basic tutorials. Consider Cosmos, designed to allow blockchains to interoperate with one another, forming a decentralized web of chains they call “the Internet of blockchains.” And of course consider Ethereum, which, believe it or not, isn’t just for ICOs, but lets you run arbitrary decentralized code, and, importantly, has serious plans to massively scale its throughput.

We’re approaching — or maybe already at — the point at which these tools could be put together to construct, say, a small-scale decentralized social network. It would still face the critical-mass problem: but that could be addressed by focusing on specific cohorts and communities; art collectives, churches, fandoms, etcetera. It would still face the ordinary-people-don’t-want-tokens problem: but that could be addressed by having a designated token-handling admin for each node, in the same way that online communities used to have designated email admins or local Usenet sysadmins, so ordinary users would just need a URL, a userid/password, and perhaps a decision whether to pay for access or be advertised to.

Is this vague and handwavey? You betcha. But I’ve done a fair amount of decentralized systems coding myself, of late, and I can tell you that the tools and networks are — well. They’re getting there. They’re close. And once you’ve built a local social network wherein users control their data, one which is part of a higher-order decentralized network of nodes, all communicating via a common tokenized protocol … well, then you have a whole world of new, interesting, and daunting scaling problems.

But my point is that you don’t have to scale to the size of Facebook for an alternative to be viable. Think small. The Wall isn’t going anywhere, but maybe you don’t need to traverse it after all. The world will have Facebook for a long time to come, but Facebook doesn’t have to be part of your world … especially if a weird, clunky, charmingly ramshackle little alternative exists, one from which you ultimately find you get far more net emotional and practical value. If things keep going as they are, maybe you won’t ever have to go through the Wall to get to the people on the other side. Maybe, eventually, they’ll come to you.

Source: Tech Crunch

Hey startups! TechCrunch is returning to Tel Aviv on 7 June, 2018 for its inaugural day-long conference at the Tel Aviv Convention Center. This year’s event will be bigger and better than ever — featuring not only TechCrunch’s signature stellar programming focused on mobility, but also a new expo area called Startup Alley, where hundreds of rock-star startups will demo their products to attendees.

TechCrunch events are the ideal place to show off your company to prospective customers, gain media attention, meet investors and take your startup to the next level. If you’re a pre-Series A early-age startup, we want to see you on our showcase floor. All verticals are welcome!

For 1700 ILS, you’ll get one full day to exhibit, two tickets to TechCrunch Tel Aviv 2018, a demo table, Wi-Fi, power, linens and a branded table-top sign. Ready to join us? You can secure your exhibit spot here.

Buy yours before we run out — space is limited. Feel free to email startupalley@techcrunch.com if you have any questions. The TechCrunch Team can’t wait to make our way to Israel and meet you in a few months!

Source: Tech Crunch

Who’s to blame for the leaking of 50 million Facebook users’ data? Facebook founder and CEO Mark Zuckerberg broke several days of silence in the face of a raging privacy storm to go on CNN this week to say he was sorry. He also admitted the company had made mistakes; said it had breached the trust of users; and said he regretted not telling Facebookers at the time their information had been misappropriated.

Meanwhile, shares in the company have been taking a battering. And Facebook is now facing multiple shareholder and user lawsuits.

Pressed on why he didn’t inform users, in 2015, when Facebook says it found out about this policy breach, Zuckerberg avoided a direct answer — instead fixing on what the company did (asked Cambridge Analytica and the developer whose app was used to suck out data to delete the data) — rather than explaining the thinking behind the thing it did not do (tell affected Facebook users their personal information had been misappropriated).

Essentially Facebook’s line is that it believed the data had been deleted — and presumably, therefore, it calculated (wrongly) that it didn’t need to inform users because it had made the leak problem go away via its own backchannels.

Except of course it hadn’t. Because people who want to do nefarious things with data rarely play exactly by your rules just because you ask them to.

There’s an interesting parallel here with Uber’s response to a 2016 data breach of its systems. In that case, instead of informing the ~57M affected users and drivers that their personal data had been compromised, Uber’s senior management also decided to try and make the problem go away — by asking (and in their case paying) hackers to delete the data.

Aka the trigger response for both tech companies to massive data protection fuck-ups was: Cover up; don’t disclose.

Facebook denies the Cambridge Analytica instance is a data breach — because, well, its systems were so laxly designed as to actively encourage vast amounts of data to be sucked out, via API, without the check and balance of those third parties having to gain individual level consent.

So in that sense Facebook is entirely right; technically what Cambridge Analytica did wasn’t a breach at all. It was a feature, not a bug.

Clearly that’s also the opposite of reassuring.

Yet Facebook and Uber are companies whose businesses rely entirely on users trusting them to safeguard personal data. The disconnect here is gapingly obvious.

What’s also crystal clear is that rules and systems designed to protect and control personal data, combined with active enforcement of those rules and robust security to safeguard systems, are absolutely essential to prevent people’s information being misused at scale in today’s hyperconnected era.

But before you say hindsight is 20/20 vision, the history of this epic Facebook privacy fail is even longer than the under-disclosed events of 2015 suggest — i.e. when Facebook claims it found out about the breach as a result of investigations by journalists.

What the company very clearly turned a blind eye to is the risk posed by its own system of loose app permissions that in turn enabled developers to suck out vast amounts of data without having to worry about pesky user consent. And, ultimately, for Cambridge Analytica to get its hands on the profiles of ~50M US Facebookers for dark ad political targeting purposes.

European privacy campaigner and lawyer Max Schrems — a long time critic of Facebook — was actually raising concerns about the Facebook’s lax attitude to data protection and app permissions as long ago as 2011.

Indeed, in August 2011 Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that’s where Facebook’s European HQ is based).

“[T]his means that not the data subject but “friends” of the data subject are consenting to the use of personal data,” wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook’s friends’ data API. “Since an average facebook user has 130 friends, it is very likely that only one of the user’s friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users’ friends personal data (e.g. games, quizzes, apps that only post things on the user’s page) but Facebook Ireland does not offer a more limited level of access than “all the basic information of all friends”.

“The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific,” he added.

As a result of Schrems’ complaint, the Irish DPC audited and re-audited Facebook’s systems in 2011 and 2012. The result of those data audits included a recommendation that Facebook tighten app permissions on its platform, according to a spokesman for the Irish DPC, who we spoke to this week.

The spokesman said the DPC’s recommendation formed the basis of the major platform change Facebook announced in 2014 — aka shutting down the Friends data API — albeit too late to prevent Cambridge Analytica from being able to harvest millions of profiles’ worth of personal data via a survey app because Facebook only made the change gradually, finally closing the door in May 2015.

“Following the re-audit… one of the recommendations we made was in the area of the ability to use friends data through social media,” the DPC spokesman told us. “And that recommendation that we made in 2012, that was implemented by Facebook in 2014 as part of a wider platform change that they made. It’s that change that they made that means that the Cambridge Analytica thing cannot happen today.

“They made the platform change in 2014, their change was for anybody new coming onto the platform from 1st May 2014 they couldn’t do this. They gave a 12 month period for existing users to migrate across to their new platform… and it was in that period that… Cambridge Analytica’s use of the information for their data emerged.

“But from 2015 — for absolutely everybody — this issue with CA cannot happen now. And that was following our recommendation that we made in 2012.”

Given his 2011 complaint about Facebook’s expansive and abusive historical app permissions, Schrems has this week raised an eyebrow and expressed surprise at Zuckerberg’s claim to be “outraged” by the Cambridge Analytica revelations — now snowballing into a massive privacy scandal.

In a statement reflecting on developments he writes: “Facebook has millions of times illegally distributed data of its users to various dodgy apps — without the consent of those affected. In 2011 we sent a legal complaint to the Irish Data Protection Commissioner on this. Facebook argued that this data transfer is perfectly legal and no changes were made. Now after the outrage surrounding Cambridge Analytica the Internet giant suddenly feels betrayed seven years later. Our records show: Facebook knew about this betrayal for years and previously argues that these practices are perfectly legal.”

So why did it take Facebook from September 2012 — when the DPC made its recommendations — until May 2014 and May 2015 to implement the changes and tighten app permissions?

The regulator’s spokesman told us it was “engaging” with Facebook over that period of time “to ensure that the change was made”. But he also said Facebook spent some time pushing back — questioning why changes to app permissions were necessary and dragging its feet on shuttering the friends’ data API.

“I think the reality is Facebook had questions as to whether they felt there was a need for them to make the changes that we were recommending,” said the spokesman. “And that was, I suppose, the level of engagement that we had with them. Because we were relatively strong that we felt yes we made the recommendation because we felt the change needed to be made. And that was the nature of the discussion. And as I say ultimately, ultimately the reality is that the change has been made. And it’s been made to an extent that such an issue couldn’t occur today.”

“That is a matter for Facebook themselves to answer as to why they took that period of time,” he added.

Of course we asked Facebook why it pushed back against the DPC’s recommendation in September 2012 — and whether it regrets not acting more swiftly to implement the changes to its APIs, given the crisis its business is now faced having breached user trust by failing to safeguard people’s data.

We also asked why Facebook users should trust Zuckerberg’s claim, also made in the CNN interview, that it’s now ‘open to being regulated’ — when its historical playbook is packed with examples of the polar opposite behavior, including ongoing attempts to circumvent existing EU privacy rules.

A Facebook spokeswoman acknowledged receipt of our questions this week — but the company has not responded to any of them.

The Irish DPC chief, Helen Dixon, also went on CNN this week to give her response to the Facebook-Cambridge Analytica data misuse crisis — calling for assurances from Facebook that it will properly police its own data protection policies in future.

“Even where Facebook have terms and policies in place for app developers, it doesn’t necessarily give us the assurance that those app developers are abiding by the policies Facebook have set, and that Facebook is active in terms of overseeing that there’s no leakage of personal data. And that conditions, such as the prohibition on selling on data to further third parties is being adhered to by app developers,” said Dixon.

“So I suppose what we want to see change and what we want to oversee with Facebook now and what we’re demanding answers from Facebook in relation to, is first of all what pre-clearance and what pre-authorization do they do before permitting app developers onto their platform. And secondly, once those app developers are operative and have apps collecting personal data what kind of follow up and active oversight steps does Facebook take to give us all reassurance that the type of issue that appears to have occurred in relation to Cambridge Analytica won’t happen again.”

Firefighting the raging privacy crisis, Zuckerberg has committed to conducting a historical audit of every app that had access to “a large amount” of user data around the time that Cambridge Analytica was able to harvest so much data.

So it remains to be seen what other data misuses Facebook will unearth — and have to confess to now, long after the fact.

But any other embarrassing data leaks will sit within the same unfortunate context — which is to say that Facebook could have prevented these problems if it had listened to the very valid concerns data protection experts were raising more than six years ago.

Instead, it chose to drag its feet. And the list of awkward questions for the Facebook CEO keeps getting longer.

Source: Tech Crunch

There is a familiar trope in Hollywood cyberwarfare movies. A lone whiz kid hacker (often with blue, pink, or platinum hair) fights an evil government. Despite combatting dozens of cyber defenders, each of whom appears to be working around the clock and has very little need to use the facilities, the hacker is able to defeat all security and gain access to the secret weapon plans or whatever have you. The weapon stopped, the hacker becomes a hero.

The real world of security operations centers (SOCs) couldn’t be further from this silver screen fiction. Today’s hackers (who are the bad guys, by the way) don’t have the time to custom hack a system and play cat-and-mouse with security professionals. Instead, they increasingly build a toolbox of automated scripts and simultaneously hit hundreds of targets using, say, a newly discovered zero-day vulnerability and trying to take advantage of it as much as possible before it is patched.

Security analysts working in a SOC are increasingly overburdened and overwhelmed by the sheer number of attacks they have to process. Yet, despite the promises of automation, they are often still using manual processes to counter these attacks. Fighting automated attacks with manual actions is like fighting mechanized armor with horses: futile.

Nonetheless, that’s the current state of things in the security operations world, but as V.Jay LaRosa, the VP of Global Security Architecture of payroll and HR company ADP explained to me, “The industry, in general from a SOC operations perspective, it is about to go through a massive revolution.”

That revolution is automation. Many companies have claimed that they are bringing machine learning and artificial intelligence to security operations, and the buzzword has been a mainstay of security startup pitch decks for some times. Results in many cases have been nothing short of lackluster at best. But a new generation of startups is now replacing soaring claims with hard science, and focusing on the time-consuming low-hanging fruit of the security analyst’s work.

One of those companies, as we will learn shortly, is JASK. The company, which is based in San Francisco and Austin, wants to create a new market for what it calls the “autonomous security operations center.” Our goal is to understand the current terrain for SOCs, and how such a platform might fit into the future of cybersecurity.

Data wrangling and the challenge of automating security

The security operations center is the central nervous system of corporate security departments today. Borrowing concepts from military organizational design, the modern SOC is designed to fuse streams of data into one place, giving security analysts a comprehensive overview of a company’s systems. Those data sources typically include network logs, an incident detection and response system, web application firewall data, internal reports, antivirus, and many more. Large companies can easily have dozens of data sources.

Once all of that information has been ingested, it is up to a team of security analysts to evaluate that data and start to “connect the dots.” These professionals are often overworked since the growth of the security team is generally reactive to the threat environment. Startups might start with a single security professional, and slowly expand that team as new threats to the business are discovered.

Given the scale and complexity of the data, investigating a single security alert can take significant time. An analyst might spend 50 minutes just pulling and cleaning the necessary data to be able to evaluate the likelihood of a threat to the company. Worse, alerts are sufficiently variable that the analyst often has to repeatedly perform this cleanup work for every alert.

Data wrangling is one of the most fundamental problems that every SOC faces. All of those streams of data need to be constantly managed to ensure that they are processed properly. As LaRosa from ADP explained, “The biggest challenge we deal with in this space is that [data] is transformed at the time of collection, and when it is transformed, you lose the raw information.” The challenge then is that “If you don’t transform that data properly, then … all that information becomes garbage.”

The challenges of data wrangling aren’t unique to security — teams across the enterprise struggle to design automated solutions. Nonetheless, just getting the right data to the right person is an incredible challenge. Many security teams still manually monitor data streams, and may even write their own ad-hoc batch processing scripts to get data ready for analysis.

Managing that data inside the SOC is the job of a security information and event management system (SIEM), which acts as a system of record for the activities and data flowing through security operations. Originally focused on compliance, these systems allow analysts to access the data they need, and also log the outcome of any alert investigation. Products like ArcSight and Splunk and many others here have owned this space for years, and the market is not going anywhere.

Due to their compliance focus though, security management systems often lack the kinds of automated features that would make analysts more efficient. One early response to this challenge was a market known as user entity behavior analytics (UEBA). These products, which include companies like Exabeam, analyze typical user behavior and search for anomalies. In this way, they are meant to integrate raw data together to highlight activities for security analysts, saving them time and attention. This market was originally standalone, but as Gartner has pointed out, these analytics products are increasingly migrating into the security information management space itself as a sort of “smarter SIEM.”

These analytics products added value, but they didn’t solve the comprehensive challenge of data wrangling. Ideally, a system would ingest all of the security data and start to automatically detect correlations, grouping disparate data together into a cohesive security alert that could be rapidly evaluated by a security analyst. This sort of autonomous security has been a dream of security analysts for years, but that dream increasingly looks like it could become reality quite soon.

LaRosa of ADP told me that “Organizationally, we have got to figure out how we help our humans to work smarter.” David Tsao, Global Information Security Officer of Veeva Systems, was more specific, asking “So how do you organize data in a way so that a security engineer … can see how these various events make sense?”

JASK and the future of “autonomous security”

That’s where a company like JASK comes in. Its goal, simply put, is to take all the disparate data streams entering the security operations center and automatically group them into attacks. From there, analysts can then evaluate each threat holistically, saving them time and allowing them to focus on the sophisticated analytical part of their work, instead of on monotonous data wrangling.

The startup was founded by Greg Martin, a security veteran who previously founded threat intelligence platform ThreatStream (now branded Anomali). Before that, he worked as an executive at ArcSight, a company that is one of the incumbent behemoths in security information management.

Martin explained to me that “we are now far and away past what we can do with just human-led SOCs.” The challenge is that every single security alert coming in has to go through manual review. “I really feel like the state of the art in security operations is really how we manufactured cars in the 1950s — hand-painting every car,” Martin said. “JASK was founded to just clean up the mess.”

Machine learning is one of these abused terms in the startup world, and certainly that is no exception in cybersecurity. Visionary security professionals wax poetic about automated systems that instantly detect a hacker as they attempt to gain access to the system and immediately respond with tested actions designed to thwart them. The reality is much less exciting: just connecting data from disparate sources is a major hurdle for AI researchers in the security space.

Martin’s philosophy with JASK is that the industry should walk before it runs. “We actually look to the autonomous car industry,” he said to me. “They broke the development roadmap into phases.” For JASK, “Phase one would be to collect all the data and prepare and identify it for machine learning,” he said. LaRosa of ADP, talking about the potential of this sort of automation, said that “you are taking forty to fifty minutes of busy work out of that process and allow [the security analysts] to get right to the root cause.”

This doesn’t mean that security analysts are suddenly out of a job, indeed far from it. Analysts still have to interpret the information that has been compiled, and even more importantly, they have to decide on what is the best course of action. Today’s companies are moving from “runbooks” of static response procedures to automated security orchestration systems. Machine learning realistically is far from being able to accomplish the full lifecycle of an alert today, although Martin is hopeful that such automation is coming in later phases of the roadmap.

Martin tells me that the technology is being used by twenty customers today. The company’s stack is built on technologies like Hadoop, allowing it to process significantly higher volumes of data compared to legacy security products.

JASK is essentially carving out a unique niche in the security market today, and the company is currently in beta. The company raised a $2m seed from Battery in early 2016, and a $12m series A led by Dell Technologies Capital, which saw its investment in security startup Zscaler IPO last week.

There are thousands of security products in the market, as any visit to the RSA conference will quickly convince you. Unfortunately though, SOCs can’t just be built with tech off the shelf. Every company has unique systems, processes, and threat concerns that security operations need to adapt to, and of course, hackers are not standing still. Products need to constantly change to adapt to those needs, which is why machine learning and its flexibility is so important.

Martin said that “we have to bias our algorithms so that you never trust any one individual or any one team. It is a careful controlled dance to build these types of systems to produce general purpose, general results that applies across organizations.” The nuance around artificial intelligence is refreshing in a space that can see incredible hype. Now the hard part is to keep moving that roadmap forward. Maybe that blue-haired silver screen hacker needs some employment.

Source: Tech Crunch

Hip hop stars are taking their reputations to Wall Street and Sand Hill road.

Unlike their rock star brethren, who’ve historically been disinterested in dabbling with startups, quite a few hip hop artists have amassed good-sized portfolios. They’ve seen a few big hits too, most recently including a massive up round for zero-commission stock trading platform Robinhood, which counted Jay-Z, Nas and Snoop Dogg among its earlier backers.

But just how deep does the hip hop-startup relationship go and where is it headed? To shed some light on that question, we put together a review of Crunchbase data on the startup investment activity of famous musicians. We looked at both hip hop and pop stars, culling a list of 21 artists who are either active investors or have joined one or more rounds in recent years.

The general conclusion: Artists are doing more deals, raising more funds and backing more companies that graduate to up rounds and exits. Here are a few examples:

• Besides getting a slice of Robinhood, Jay-Z and his entertainment company, Roc Nation, also saw an early portfolio company, flight club startup JetSmarter, go on to raise financing a year ago at a reported valuation more than $1.5 billion. Roc Nation also made headlines this week for investing in Promise, a startup providing alternatives to incarceration for people who can’t afford bail.
• QueensBridge Venture Partners, the investment fund co-founded by Nas, was an early-stage investor in video doorbell maker Ring, which Amazon just bought for $1.1 billion. The firm could also see some paper gains this week in the much-anticipated market debut of Dropbox, which it backed in a 2014 Series C round. In addition, QueensBridge participated in a $25 million Series B round for cryptocurrency trading platform Coinbase back in 2013. Coinbase’s last reported valuation was around $1.6 billion.
• Casa Verde Capital, a cannabis-focused venture fund co-founded by Snoop Dogg, has closed its debut fund with $45 million. Just this week it backed a $3.5 million round for vape manufacturer Green Tank.

That’s not to say everything a star touches turns multi-platinum. We found quite a few flops in their portfolios and assembled a list here of 10 startups now shuttered that counted a hip hop or pop star among their backers.

Of course, flops are part of life for early-stage investors, so there’s no reason we’d expect celebrities to be an exception. Moreover, most of the now-shuttered companies were not heavily capitalized by venture standards.

However, there are some higher-profile or more heavily funded companies on the flop list. One is Washio, a laundry delivery service, which raised $17 million from Nas and 20 other investors before hanging itself out to dry in 2016. Another is Viddy, an app for shooting and sharing video clips backed by Roc Nation.

Why the rich, hip and famous like startups

A number of venture pundits and pop culture mavens have previously pontificated why celebrities, and hip hop stars in particular, are drawn to startups.

One possibility is that rap music and startups resemble each other at the earliest stages, postulates Cam Houser, CEO of the 3 Day Startup Program. Rap music starts with a rapper and a producer. This duality, he says, is similar to the beginning stages of a startup, which commonly also brings together two people, a business and a technical co-founder.

Rap and startup entrepreneurship are also both longshot career tracks that celebrate raw ambition and unabashed self-promotion. To make it, however, both require an excellent grasp of what sells in the real world.

Branding is perhaps the most common rationale provided for the celebrity-startup connection. With their massive fan bases, swooning coverage and millions of social media followers, celebrities can certainly help get the word out about a new product or app. That said, the attention usually works only if said product also has compelling attributes of its own.

One of the less controversial explanations is that becoming and remaining famous requires many of the same skills and qualities as running an entrepreneurial venture, including an exceptional degree of tenacity.

It’s also true that in venture capital and the music business, it’s the hits that matter. It helps that we’re seeing plenty of those. 

Source: Tech Crunch

After the remarkable string of weekends it’s been having, it was really just a matter of time before Black Panther wrestled the top spot from his fellow Avengers. As of today, the Ryan Coogler-directed film is North America’s highest grossing superhero film of all-time (not adjusted for inflation, mind).

The news comes via The Hollywood Reporter, which notes that the film has pulled in $624 million on the continent, roaring past 2012’s The Avengers, which made $623.4 million. The film, which cost around $200 million, is now one of only seven movies to make more than $600 million, domestically.

Black Panther has been pulling in money at a steady clip since opening, with a record-setting $218 million opening weekend. Worldwide, it’s pulled in $1.2 billion and is on-track to become the third highest-grossing superhero film internationally, behind the first two Avengers films. The third Avengers film, Infinity War, is due out on April 27.

Even more so than those films, however, Black Panther has become a cultural touchstone for moviegoers, and, hopefully, a wake up call for Hollywood, which has traditionally shied away from diversity in film. Those who still haven’t seen it, can check out Anthony’s review here — or just take my word that it’s awesome. 

Source: Tech Crunch

YouTube’s plan to combat conspiracy videos with information sourced from Wikipedia got push back from a number of different quarters — including, surprisingly, Wikimedia itself. Seems Google didn’t mention the plan to the foundation before unveiling it at SXSW earlier this month. Whoops.

Wikimedia executive director Katherine Maher responded with an even-keeled statement reiterating that, while the crowd-sourced encyclopedia’s information is, indeed, free to use, well, it might be nice if corporations that used it gave a little back.

“Wikipedia’s content [is] freely licensed for reuse by anyone,” Maher wrote, “and that’s part of our mission: that every single person can share in free knowledge. We want people all over the world to use, share, add to, and remix Wikipedia. At the same time, we encourage companies who use Wikimedia’s content to give back in the spirit of sustainability.”

Of course, this isn’t the first time Google has utilized the work of Wikipedia’s army of devoted contributors and editors — and the company is hardly alone here. In recent years, the site’s vast wealth of peer-edited knowledge has, for better or worse, become the backbone of a number of wildly used services — including, notably, smart assistants. Ask Alexa, Assistant or Siri who the Queen of England is, and they’ll all pull that information from the same place.

In a conversation earlier this week, Wikimedia’s Chief Revenue Office, Lisa Gruwell told TechCrunch that this sort of usage doesn’t constitute any sort of formal relationship. Most companies more or less hook into an API to utilize that breadth of knowledge. It’s handy for sure, and it’s all well within Wikimedia’s fair use rules, but as with Maher’s letter, the CRO expressed some concerns about seemingly one-sided relationships.

“Our content is there to be used,” explained Gruwell. “It’s freely-licensed and it’s freely-licensed for a reason. At the same time, it’s like the environment. It’s there to be used, but it’s not there to be exploited. We do need the people who use the content to give back in some way. That’s what we encourage. There’s no paywall. We don’t charge for data. If you can afford to give, we ask that you give, and if you can’t, you still get use it. That’s kind of the social contract we have with our readers.”

“Exploitation” is, of course, a tricky word when it comes something like Wikipedia. Much like NPR or PBS, it’s a service that’s offered up freely to anyone, but one that relies upon charitable donations to stay afloat. Smart assistants are certainly playing by the applicable rules when it comes to leveraging that information base, but the way it’s presented can ultimately have a siloed effect on Wikipedia.

In the case of a primarily voice-based assistant like Alexa, even when Wikipedia is cited, there isn’t a direct connection to the source material. That means users don’t have immediate view of primary sources (a key part of Wikipedia’s DNA). It also means that Wikimedia’s donation information isn’t front and center.

“I don’t mean to sound like the Lorax here,” said Gruwell. “If you overuse something and you don’t give back to it, you can harm it. In the case of Alexa and Siri, our content gets intermediated. Wikipedia works because people can contribute to it, people can edit it. Also, once a year, when we ask people can donate. When they get their information not from us — but Wikipedia content through something like Siri or something like Alexa — that opportunity to either contribute back as an editor is broken, and that opportunity to contribute, to donate is also broken.”

A majority of the Foundation’s support comes from individual donors, courtesy of six million users who give, on average $10. Support from corporations (excluding foundations) makes up about four-percent of the company’s donations, according to Gruwell. Of course, it’s possible that some of the big anonymous funders have direct ties to these companies, but the list of top corporate donors is actually a bit surprising.

Here are the numbers for the 2017-2018 Fiscal Year:

1. Google (more than $1 million)
2. Humble Bundle ($456,000)
3. Craigslist Foundation ($250,000)
4. Cards Against Humanity ($35,000)

Gruwell told me that, in spite of the recent dust up with YouTube, “of the top five big Internet companies, the big technology companies, our relationship with Google is by far the best, both in terms of what they contribute to the organization and generally working with us. I will say in many instances, they do reach out to us and they do work with us. We do have partnerships with them. I think it’s a good relationship certainly, compared to the others.”

Other big players also contribute, by way of matching donations. Apple, Facebook, Microsoft and Google (again) all contributed around $50,000 by matching employee gifts. Amazon, on the other hand, is nowhere to be found on that list.

In an era when all sides of the political spectrum are shouting “fake news” at one another, source citing and fact-checking are growing increasingly important. Both have long been a fundamental tenant of Wikipedia, as the site attempt to maintain neutrality on even the most hot button of topics.

“Like every platform on the Internet, I think we are concerned and sometimes face bad actors,” said Gruwell. “Those concerns are real. We’ve done a lot of things just in terms of trying to build tools like machine learning tools to detect bad faith contributions. In our community, they’re watching particular pages. They’re certainly doing their part.”

As smart assistants, YouTube and the like grow increasingly a part of our day to day lives, it becomes more and more important that Wikimedia can do its job. And donations don’t grow on trees.

Source: Tech Crunch

Dropbox was off to the races on its first day as a public company.

After pricing above the range at $21 per share, raising $756 million, Dropbox kicked off its first day soaring to $31.60, and closing the day at $28.48. This is up almost 36%.

It’s surely a sign of public investor enthusiasm for the cloud storage business, which had initially hoped to price its IPO between $16 and $18 and then raised it from $18 to $20.

It also means that Dropbox closed well above the $10 billion it was valued at its last private round. Its market cap is about $11.1 billion.

Dropbox brought in $1.1 billion in revenue for the last year. This compares to $845 million in revenue the year before and $604 million for 2015.

While it’s been cash flow positive since 2016, it is not yet profitable, having lost nearly $112 million last year. But it is significantly improved margins when compared to losses of $210 million for 2016 and $326 million for 2015.

Its average revenue per paying user is $111.91.

There has been a debate about whether to value Dropbox, which has a freemium model, as a consumer company or an enterprise business. It has convinced just 11 million of its 500 million registered customers to pay for its services.

Dropbox “combines the scale and virality of a consumer company with the recurring revenue of a software company,” said Bryan Schreier, a general partner at Sequoia Capital and board member at the company. He said that now was the time for Dropbox to list because “the business had reached a level of scale and also cash flow that warranted a public debut.”

He also talked about the early days of Dropbox pitching at a TechCrunch event in 2008 and how disappointed they were that the slides stopped working during the presentation. The company has come a long way.

Sequoia Capital owned 23.2% of the overall shares outstanding at the time of the IPO. They shared Dropbox’s original seed pitch from 2007. 

Accel was the next largest shareholder, owning 5% overall. Sameer Gandhi made the investment at Sequoia and then invested in Dropbox again when he went over to Accel.

Founder and CEO Drew Houston owned 25.3% of the company.

Greylock Partners also had a small stake. John Lilly, a general partner there, said he “invested in Dropbox because Drew and the team had an exceptionally clear vision of what the future of work would look like and built a product that would that meet the demands of the modern workforce.”

The prospectus warned of the competitive landscape.

“The market for content collaboration platforms is competitive and rapidly changing. Certain features of our platform compete in the cloud storage market with products offered by Amazon, Apple, Google, and Microsoft, and in the content collaboration market with products offered by Atlassian, Google, and Microsoft. We compete with Box on a more limited basis in the cloud storage market for deployments by large enterprises.”

Note that they downplayed their competition with Box, a company that’s often mentioned in the same sentence as Dropbox. While the products are similar, the two have different business models and Dropbox was hoping that this would be respected with a better revenue multiple. If the first day is any indication, it looks like that strategy worked.

The company listed on the Nasdaq, under the ticker “DBX.”

We talked about Dropbox’s first day and the outlook for upcoming public debuts like Spotify on our “Equity” podcast episode below. We were joined by Eric Kim at Goodwater Capital.

Source: Tech Crunch

The swipe is where the similarity ends. Raya is less like Tinder and more like a secret society. You need a member’s recommendations or a lot of friends inside to join, and you have to apply with an essay question. It costs a flat $7.99 for everyone, women and celebrities included. You show yourself off with a video slideshow set to music of your choice. And it’s for professional networking as well as dating, with parallel profiles for each.

Launched in March 2015, Raya has purposefully flown under the radar. No interviews. Little info about the founders. Not even a profile on Crunchbase’s startup index. In fact, in late 2016 it quietly acquired video messaging startup Chime, led by early Facebooker Jared Morgenstern, without anyone noticing. He’d become Raya’s first investor a year earlier. But Chime was fizzling out after raising $1.2 million. “I learned the not everyone who leaves Facebook, their next thing turns to gold” Morgenstern laughs. So he sold it to Raya for equity and brought four of his employees to build new experiences for the app.

Now the startup’s COO, Morgenstern has agreed to give TechCrunch the deepest look yet at Raya, where the pretty, popular, and powerful meet each other.

Temptation Via Trust

“Raya is a utility for introducing you to people who can change your life. Soho House uses physical space, we’re trying to use software” says Morgenstern, referencing the global network of members-only venues.

We’re chatting in a coffee shop in San Francisco. It’s an odd place to discuss Raya, given the company has largely shunned Silicon Valley in favor of building a less nerdy community in LA, New York, London, and Paris. The exclusivity might feel discriminatory for some, even if you’re chosen based on your connections rather than your wealth or race. Though people already self-segregate based on where they go to socialize. You could argue Raya just does the same digitally

Morgenstern refuses to tell me how much Raya has raised, how it started, or anything about its co-founder Mike McGuiness who owns LA public relations company the Co-Op Agency beyond that the team is a “Humble, focused group that prefers not to be part of the story.” But he did reveal some of the core tenets that have reportedly attracted celebrities like DJs Diplo and Skrillex, actors Elijah Wood and Amy Schumer, and musicians Demi Lovato and John Mayer, plus scores of Instagram models and tattooed creative directors.

Raya’s iOS-only app isn’t a swiping game for fun and personal validation. Its interface and curated community are designed to get you from discovering someone to texting if you’re both interested to actually meeting in person as soon as possible. Like at a top-tier university or night club, there’s supposed to be an in-group sense of camaraderie that makes people more open to each other.

Then there are the rules.

“This is an intimate community with zero-tolerance for disrespect or mean-spirited behavior. Be nice to each other. Say hello like adults” says an interstitial screen that blocks use until you confirm you understand and agree every time you open the app. That means no sleazy pick-up lines or objectifying language. You’re also not allowed to screenshot, and you’ll be chastized with a numbered and filed warning if you do.

It all makes Raya feel consequential. You’re not swiping through infinite anybodies and sorting through reams of annoying messages. People act right because they don’t want to lose access. Raya recreates the feel of dating or networking in a small town, where your reputation follows you. And that sense of trust has opened a big opportunity where competitors like Tinder or LinkedIn can’t follow.

Self-Expression To First Impression

Until now, Raya showed you people in your city as well as around the world — which is a bit weird since it would be hard to ever run into each other. But to achieve its mission of getting you offline to meet people in-person, it’s now letting you see nearby people on a map when GPS says they’re at hotspots like bars, dancehalls, and cafes. The idea is that if you both swipe right, you could skip the texting and just walk up to each other.

“I’m not sure why Tinder and the other big meeting people apps aren’t doing this” says Morgenstern. But the answer seems obvious. It would be creepy on a big public dating app. Even other exclusive dating apps like The League that induct people due to their resume more than their personality might feel too unsavory for a map, since having gone to an Ivy League college doesn’t mean you’re not a jerk. Hell, it might make that more likely.

But this startup is betting that its vetted, interconnected, “cool” community will be excited to pick fellow Raya members out of the crowd to see if they have a spark or business synergy.

That brings Raya closer to the holy grail of networking apps where you can discover who you’re compatible with in the same room without risking the crash-and-burn failed come-ons. You can filter by age and gender when browsing social connections, or by “Entertainment & Culture”, “Art & Design”, and “Business & Tech” buckets for work. And through their bio and extended slideshows of photos set to their favorite song, you get a better understanding of someone than from just a few profile pics on other apps.

Users can always report people they’ve connected with if they act sketchy, though with the new map feature I was dismayed to learn they can’t yet report people they haven’t seen or rejected in the app. That could lower the consequences for finding someone you want to meet, learning a bit about them, but then approaching without prior consent. However, Morgenstern insists.”The real risk is the density challenge”.

Finding Your Tribe

Raya’s map doesn’t help much if there are no other members for 100 miles. The company doesn’t restrict the app to certain cities, or schools like Facebook originally did to beat the density problem. Instead it relies on the fact that if you’re in the middle of nowhere you probably don’t have friends on it to pull you in. Still, that makes it tough for Raya to break into new locales.

But the beauty of the business is that since all users pay $7.99 per month, it doesn’t need that many to earn plenty of money. And at less than the price of a cocktail, the subscription deters trolls without being unaffordable. Morgenstern says “The most common reason to stop your subscription: I found somebody.” That ‘success = churn’ equation drags on most dating apps. Since Raya has professional networking as well though, he says some people still continue the subscription even after they find their sweetheart.

“I’m happily in a relationship and I’m excited to use maps” Morgenstern declares. In that sense, Raya wants to expand those moments in life when you’re eager and open to meet people, like the first days of college. “At Raya we don’t think that’s something that should only happen when you’re single or when you’re twenty or when you move to a new city.”

The bottomless pits of Tinder and LinkedIn can make meeting people online feel haphazard to the point of exhaustion. We’re tribal creatures who haven’t evolved ways to deal with the decision paralysis and the anxiety caused by the paradox of choice. When there’s infinite people to choose from, we freeze up, or always wonder if the next one would have been better than the one we picked. Maybe we need Raya-like apps for all sorts of different subcultures beyond the hipsters that dominate its community, as I wrote in my 2015’s piece “Rise Of The Micro-Tinders”. But if Raya’s price and exclusivity lets people be both vulnerable and accountable, it could forge a more civil way to make a connection.

Source: Tech Crunch