Ideaforge

Snapchat has ephemeral messages, and now Facebook has ephemeral friend requests. The big blue social network feeds off your social graph, and every time you expand it, it has more content to show you. But if you leave a questionable friend request in limbo for too long, you’ll probably never confirm or delete it. So Facebook is betting that by making those friend requests into exploding offers, you’ll be more likely to accept than lose the opportunity to connect. And if you didn’t want that friend request in the first place, it will self-destruct even if you don’t bother to manually reject it.

On Friday, TechCrunch reader Christine Hudler provided screenshots of a new expiring friend requests feature that gives you a 14 day countdown to make a decision. Now a Facebook spokesperson has confirmed the feature to TechCrunch, writing “I can confirm that this is a test to help surface the most recent requests.” Facebook tells me it’s a way to assist people with managing unwanted friend requests by eventually deleting those people saw but didn’t accept. It’s currently only appearing to a subset of users, not to everyone.

Those in the test group will see a “14 days to respond” countdown on their friend requests. A ‘Learn More’ link leads to this Help Center article we’ve screenshotted here, as it only shows details about expirations to those in the test.

Keeping people’s friend request queue clean is critical to the company because if you can’t find the legitimate ones from people you know amongst all the randos and spam, you might stop growing your graph. Expiring friend requests could also solve a problem for social media stars and other public figures on Facebook. The app only lets you have up to 5000 friends, and a limited number of pending requests that seems to be 5000 minus your friend count (Facebook wouldn’t say). After that, you won’t receive inbound friend requests any more. The expiration date makes it much less likely that you’ll ever hit the pending friend request maximum.

The “limited time offer” trick has been around in shopping forever as way to boost your sense of urgency. Humans love optionality but hate to miss out. People buy things off of infomercials they don’t actually want because if they “ACT NOW!” they’ll get a discount before it disappears. This same approach compels people to open Snapchat so they don’t miss their friends’ Stories that delete themselves after 24 hours.

The feature comes at a time when Facebook is especially sensitive about appearing respectful of your data, following the Cambridge Analytica scandal. Friend requests from total strangers can make users feel like they’re already sharing too much public information, and that one wrong click could expose their friends-only photos and posts. Keeping these requests from piling up could make users feel safer while ensuring they can keep adding real friends.

For more on what’s up with Facebook, read our feature pieces:

Source: Tech Crunch

Smartsheet is the latest company to file to go public, now that the IPO window is open. 

The Bellevue, Washington-based company offers enterprise software for communication and collaboration.

It describes itself as the “leading cloud-based platform for work execution, enabling teams and organizations to plan, capture, manage, automate, and report on work at scale, resulting in more efficient processes and better business outcomes. ”

Smartsheet says it has 3.6 million users and its products are utilized at 90% of the Fortune 100 companies around the world.

It touts clients like Cisco and Starbucks. Smartsheet says Cisco uses it to keep tabs on spending and Starbucks uses it send product and business updates to its thousands of stores.

The company brought in $111.3 million in revenue for its fiscal 2018 year. It’s a big jump from $67 million for 2017 and $40.8 million for 2016.

But losses are also growing, totaling $49.1 million for 2018, up from negative $15.2 million and $14.3 million in prior years.

“We have a history of cumulative losses and we cannot assure you that we will achieve profitability in the foreseeable future,” the company warned in its prospectus.

Smartsheet acknowledges that it competes with Microsoft and Google on spreadsheets and other productivity tools. Its products also compete with Asana, Atlassian, Planview and Workfront.

“The market in which we participate is highly competitive, and if we do not compete effectively, our operating results could be harmed,” reads the “risk factors” section of the filing.

The largest shareholder is Insight Venture Partners, which owned a sizeable 32.1% of the company prior to the IPO. Madrona Ventures owned 28.4% of the company and Sutter Hill Ventures owned 5.4%.

Smartsheet had raised at least $106 million in venture funding, dating back to 2010, according to Crunchbase data. Last year, TechCrunch reported that it had an $800 million valuation.

The company plans to list on the New York Stock Exchange, under the ticker “SMAR.”

Morgan Stanley and J.P. Morgan are managing the offering. Fenwick & West and Wilson Sonsini served as counsel.

The floodgates have opened for enterprise tech IPOs. Last week we saw Dropbox debut and now we’ve seen filings for Zuora and Pivotal. DocuSign is also expected to file in the coming months.

Many of last year’s enterprise tech IPOs performed well, giving pipeline companies confidence in their debuts.

Spring also tends to be an active time for IPOs, with companies looking to debut before the summer slowdown.

And while consumer tech IPOs have been slow for several years now, one of the more anticipated companies looking to debut is Spotify, which is expected to go public next week via a “direct listing.”

 

Source: Tech Crunch

After weeks of speculation, Uber has concluded a deal that will see it sell its business in Southeast Asia to local rival Grab . The company plans to announce the agreement this coming week and potentially as soon as Monday, two sources have confirmed to TechCrunch.

Full details of the arrangement aren’t fully clear at this point, but TechCrunch understands that Singapore-based Grab will take over Uber’s ride-sharing in the eight markets in Southeast Asia where it is operational. It will also take ownership of Uber Eats, which is available in Thailand, Malaysia and Singapore. Bloomberg reported today that Uber will take 25-30 percent equity in Grab in exchange.

Both Uber and Grab declined to comment when contacted separately for comment.

The successful conclusion of negotiations comes less than two months after SoftBank, an early investor in Grab, secured a long-drawn-out deal to become an Uber shareholder.

SoftBank is thought to have favored consolidating Uber’s businesses in emerging markets, with Southeast Asia — a loss-making geography for all — one of its apparent targets. That’s despite significant growth potential as more of the regions 600 million consumers come online for the first time.

Revenue from taxi apps is said to have more than doubled over the past two years to cross $5 billion in 2017, according to a recent report co-authored by Google. The industry is expected to reach $20 billion by 2025, the same report found.

Uber previously exited China in 2016 after striking an equity exchange deal with Chinese market leader Didi. The U.S. firm also quit Russia last year after it sold its business in the country to local rival Yandex.

Unlike those two deals, however, Uber had held a decent position in Southeast Asia in recent times although it appeared to lose considerable market share last year. Issues inside Uber, including the resignation of founding CEO Travis Kalanick and investor squabbles, seemed to divert its attention away from Southeast Asia. All the while, Grab marched on and it notably refueled its tanks with over $2.5 billion in additional funding from investors.

Grab isn’t the only rival in Southeast Asia, however. Go-Jek leads the Indonesian market and it recently gained the backing of Google, JD.com and Tencent at a valuation of some $5 billion. Despite winning in Indonesia, Southeast Asia’s largest economy and the world’s fourth most populous country, Go-Jek is yet to venture overseas. This Uber-Grab consolidate certains gives it a good reason to expedite those plans.

Source: Tech Crunch

Facebook chief Mark Zuckerberg has taken out a full page ad in the Washington Post, the New York Times, the Wall Street Journal and six UK papers today to apologize Cambridge Analytica scandal, according to CNN’s Brian Stelter.

The ad starts in bold letters, saying:

“We have a responsibility to protect your information. If we can’t, we don’t deserve it.”

The ad was published on Sunday, following Zuck’s first public acknowledgement of the issue on Facebook and a subsequent media tour earlier this week.

Congress has also put Mark Zuckerberg on notice to potentially come speak with them, with Senator Kennedy of Louisiana encouraging Zuck to “do the common sense thing and roll up his sleeves and take a meaningful amount of time talking to [them].”

For those of you still unsure what’s going on with Facebook and Cambridge Analytica, you can see a full play-by-play here.

Here’s the full transcript from the print ad:

We have a responsibility to protect your information. If we can’t, we don’t deserve it.

You may have heard about a quiz app built by a university researcher that leaked Facebook data of millions of people in 2014. This was a breach of trust, and I’m sorry we didn’t do more at the time. We’re now taking steps to make sure this doesn’t happen again.

We’ve already stopped apps like this from getting so much information. Now we’re limiting the data apps get when you sign in using Facebook.

We’re also investigating every single app that had access to large amounts of data before we fixed this. We expect there are others. And when we find them, we will ban them and tell everyone affected.

Finally, we’ll remind you of which apps you’ve given access to your information — so you can shut off the ones you don’t want anymore.

Thank you for believing in this community. I promise to do better for you.

Mark Zuckerberg

Source: Tech Crunch

Earlier this year, the business community received a wake-up call issued with all of the might that $6 trillion can muster.

The call came from Laurence Fink, the founder and chief executive of the global investment firm, BlackRock, and was delivered as a letter to the CEOs of the world’s largest companies.

Aptly titled, “A Sense of Purpose,” the letter informed business leaders that driving record profits is no longer enough to garner BlackRock’s support. Companies must also positively contribute to society, or in Mr. Fink’s words, “Companies must benefit all of their stakeholders, including shareholders, employees, customers, and the communities in which they operate.”

I was elated when I read the letter. I’ve spent my entire career as a social entrepreneur advocating for businesses—specifically technology businesses in Silicon Valley—to use their technology, wealth, and influence for social good. After reading the letter in the New York Times and seeing the extensive coverage in major business publications, I turned to the leading Silicon Valley tech blogs to get their take on this blockbuster announcement. After all, the Bay Area is home to many of BlackRock’s largest clients.

Crickets. Fink’s letter wasn’t covered by the technology press. Well, to be accurate, I checked the first ten pages of Google results as well as all of the tech pubs in Techmeme’s top ten list. Nothing.

Guys (I hate to say it, but it’s mostly guys here in the Valley), Fink’s point is that ignoring society’s voice will lead to the loss of our “license to operate.” Putting the Valley’s collective hands over our ears and saying “we can’t hear you” only works for so long.

Instead, what if Silicon Valley embraced the letter to commit good for the better of society as a whole, not just the interests of the software and data industrial complex? What if Fink’s letter served as a constant reminder to build products that make the world a 10x more equitable place to live and prosper and not just to build products that deliver 10x profit?

With those questions in mind, here are two interrelated and crucial ways to commit good on purpose while making sure Silicon Valley technology companies embrace “A Sense of Purpose.”

Put People Before Algorithms. The goal of algorithms must not be to replace, manipulate, or deceive in the name of profit. This is all too often the case as black-box algorithms use massive amounts of data to attract eyeballs, encourage clicks, and, in more dire circumstances, even determine if someone goes to prison.

We must always ask up front how unaccountable algorithms impact individuals and society as a whole. Instead of eyeballs, clicks, and even prison time served, algorithms should be optimized to make people better—more efficient in their jobs, more informed in their daily lives, and more connected to their communities. We must make a cognizant effort to analyze and identify the risks of algorithms-gone-rogue before they result in disasters. Let’s not only ask, “How can we make more money?” but also, “What could go wrong?”

Risk-benefit analysis already takes place around boardroom tables by those with monetary interests, but those conversations fail to include the diverse voices of the communities that will feel the decision’s impact. There will never be perfect clarity around what will unfold after a decision is made. That’s exactly why decisions that impact thousands, millions, and even billions of people must include all company stakeholders—shareholders, employees, customers, and the communities in which they operate—if we are ever to prevent a world where algorithms reign supreme in the name of profit.

Treat Diversity as Our Greatest Asset. It’s very easy to discount points of view, values, and even someone’s humanity when the voice of diversity is not present. Establishing diversity as a core company principle is a good start, but it’s not enough. Diversity must be omnipresent and it must be truly embraced across an organization as an asset, not a statistic.

Many in Silicon Valley will tell you that diversity has been a top priority for years, only to follow with reports that cite a 2% increase in women employees, 0% increase in black employees, and no data at all on the number of employees with disabilities. Let’s not conflate transparency with priority. We must increase diversity now while investing in STEM education and training to create a more diverse pipeline of workers for tomorrow’s technology jobs. By making the workforce of today and tomorrow more diverse, we make our communities more diverse. We are then one step closer to never discounting a point of view, value, or someone’s entire humanity due to a lack of voice.

It’s not too late to use Mr. Fink’s letter as a wake-up call for Silicon Valley to commit good on purpose. While the two proposals detailed in this article are aspirational, they have at their core something much more valuable than $6 trillion. These ideas are about regaining Silicon Valley’s conscience. They are about investing in a collective future that prizes diversity and equality, not a future that allows technology, data, and algorithms to further entrench the inequality that we face today in Silicon Valley and everywhere that feels our impact.

Source: Tech Crunch

Dear blockchain people: this is your hour. Abandon your transparently greedy get-rich-quick schemes, turn away from your casinos of de-facto modern-day penny stocks, and focus your decentralized attention on what the world needs. Save us, O blockchainers, from the scourge that is Facebook! Decentralize all the things!

I’m kidding, of course. For now.

Every year, it seems, a new “new Facebook” arises, swells, deflates, and vanishes, generally in a matter of weeks. Remember Diaspora? Ello? Mastodon? Vero? I imagine them as gangs of bandits charging The Wall in Game of Thrones, prompting the Night’s Watch of Menlo Park to … ignore them completely until they go away. The critical mass of everyone you know, plus the cost and complexity of an infrastructure that provides a broad panoply of valuable features to two billion people — those are Facebook’s 700-foot-high barrier of enchanted ice.

And yet. It is whispered in dark corners, at conventions with names like Consensus and TokenFest, that there is a secret tunnel in that wall, a fundamental flaw. That Facebook’s advantage of massive scale could melt away if faced by the dark magic of decentralization, wherein users own their own data, encrypted by them, stored in the location of their choice, shared only as and when they explicitly approve, while they connect peer-to-peer with interactions mediated and paid for via a tokenized protocol, across an armada of nodes running — yep, you guessed it — some sort of blockchain.

This is essentially nonsense. For now. Its fundamental flaw is the fundamental flaw of most grandiose decentralized blockchain notions; they are too much, too large, too megalomaniacal, too soon. They want to supplant the entire existing order, whether it be money, the entire financial sector, democratic governance, social media … or, really, pick a field of human endeavour, there’s probably some white paper outlining a token-based decentralized wholesale replacement for the way things are done now.

Dear blockchain people: stop it. I like big thinking as much as anyone, but in practice you don’t change things by overthrowing them. You won’t blow out a torch that’s been burning for many years with your new Big Bang. Instead, in practice, you start small, with a tiny cohort of enthusiasts, and you iterate — sometimes for a very long time — before you get any traction that the wider world notices at all. You do not, repeat not, gather a band of adventurers together in an inn to immediately form up and charge The Wall.

Especially stop it with consumer applications. I stand by my statement that “blockchains are the new Linux, not the new Internet” more strongly with each passing month. Blockchain enthusiasts may enjoy perusing their wallets and counting how many different kinds of ERC20 tokens — which generally still have no actual utility, beyond that of a penny stock — are contained within. Ordinary users, however, do not.

Better token UX won’t fix their fundamental problem. Online micropayments didn’t fail again and again because decentralized tokens weren’t a thing yet; they failed because their cognitive load was far too great to sustain their use. Tokens don’t change that one iota. If your consumer decentralized app involves ordinary users knowingly accumulating, spending, or transferring custom tokens, your consumer decentralized app will fail.

But, you know what? Having said all that? I wasn’t kidding with the first line of this post. Dear blockchain people, this is your hour, if you would only recognize it. But your objective is not to compete with, or replace, centralized services. That may never be the objective, and that’s OK. Rather, your goal right now is to create a viable alternative for those who reject existing centralized services, whether they be many or few.

That’s what Bitcoin itself is, after all; a weird little alternative to centralized finance. Over the course of a decade it has, beyond astonishingly, actually become viable, useful, self-sufficient, and globally successful, but it remains a weird little alternative, and will for the foreseeable future.

In its wake we now have the tools to create decentralized apps that aren’t just about value transfer. Consider Blockstack, which includes “a decentralized micro-blogging app” among its basic tutorials. Consider Cosmos, designed to allow blockchains to interoperate with one another, forming a decentralized web of chains they call “the Internet of blockchains.” And of course consider Ethereum, which, believe it or not, isn’t just for ICOs, but lets you run arbitrary decentralized code, and, importantly, has serious plans to massively scale its throughput.

We’re approaching — or maybe already at — the point at which these tools could be put together to construct, say, a small-scale decentralized social network. It would still face the critical-mass problem: but that could be addressed by focusing on specific cohorts and communities; art collectives, churches, fandoms, etcetera. It would still face the ordinary-people-don’t-want-tokens problem: but that could be addressed by having a designated token-handling admin for each node, in the same way that online communities used to have designated email admins or local Usenet sysadmins, so ordinary users would just need a URL, a userid/password, and perhaps a decision whether to pay for access or be advertised to.

Is this vague and handwavey? You betcha. But I’ve done a fair amount of decentralized systems coding myself, of late, and I can tell you that the tools and networks are — well. They’re getting there. They’re close. And once you’ve built a local social network wherein users control their data, one which is part of a higher-order decentralized network of nodes, all communicating via a common tokenized protocol … well, then you have a whole world of new, interesting, and daunting scaling problems.

But my point is that you don’t have to scale to the size of Facebook for an alternative to be viable. Think small. The Wall isn’t going anywhere, but maybe you don’t need to traverse it after all. The world will have Facebook for a long time to come, but Facebook doesn’t have to be part of your world … especially if a weird, clunky, charmingly ramshackle little alternative exists, one from which you ultimately find you get far more net emotional and practical value. If things keep going as they are, maybe you won’t ever have to go through the Wall to get to the people on the other side. Maybe, eventually, they’ll come to you.

Source: Tech Crunch

Hey startups! TechCrunch is returning to Tel Aviv on 7 June, 2018 for its inaugural day-long conference at the Tel Aviv Convention Center. This year’s event will be bigger and better than ever — featuring not only TechCrunch’s signature stellar programming focused on mobility, but also a new expo area called Startup Alley, where hundreds of rock-star startups will demo their products to attendees.

TechCrunch events are the ideal place to show off your company to prospective customers, gain media attention, meet investors and take your startup to the next level. If you’re a pre-Series A early-age startup, we want to see you on our showcase floor. All verticals are welcome!

For 1700 ILS, you’ll get one full day to exhibit, two tickets to TechCrunch Tel Aviv 2018, a demo table, Wi-Fi, power, linens and a branded table-top sign. Ready to join us? You can secure your exhibit spot here.

Buy yours before we run out — space is limited. Feel free to email startupalley@techcrunch.com if you have any questions. The TechCrunch Team can’t wait to make our way to Israel and meet you in a few months!

Source: Tech Crunch

Who’s to blame for the leaking of 50 million Facebook users’ data? Facebook founder and CEO Mark Zuckerberg broke several days of silence in the face of a raging privacy storm to go on CNN this week to say he was sorry. He also admitted the company had made mistakes; said it had breached the trust of users; and said he regretted not telling Facebookers at the time their information had been misappropriated.

Meanwhile, shares in the company have been taking a battering. And Facebook is now facing multiple shareholder and user lawsuits.

Pressed on why he didn’t inform users, in 2015, when Facebook says it found out about this policy breach, Zuckerberg avoided a direct answer — instead fixing on what the company did (asked Cambridge Analytica and the developer whose app was used to suck out data to delete the data) — rather than explaining the thinking behind the thing it did not do (tell affected Facebook users their personal information had been misappropriated).

Essentially Facebook’s line is that it believed the data had been deleted — and presumably, therefore, it calculated (wrongly) that it didn’t need to inform users because it had made the leak problem go away via its own backchannels.

Except of course it hadn’t. Because people who want to do nefarious things with data rarely play exactly by your rules just because you ask them to.

There’s an interesting parallel here with Uber’s response to a 2016 data breach of its systems. In that case, instead of informing the ~57M affected users and drivers that their personal data had been compromised, Uber’s senior management also decided to try and make the problem go away — by asking (and in their case paying) hackers to delete the data.

Aka the trigger response for both tech companies to massive data protection fuck-ups was: Cover up; don’t disclose.

Facebook denies the Cambridge Analytica instance is a data breach — because, well, its systems were so laxly designed as to actively encourage vast amounts of data to be sucked out, via API, without the check and balance of those third parties having to gain individual level consent.

So in that sense Facebook is entirely right; technically what Cambridge Analytica did wasn’t a breach at all. It was a feature, not a bug.

Clearly that’s also the opposite of reassuring.

Yet Facebook and Uber are companies whose businesses rely entirely on users trusting them to safeguard personal data. The disconnect here is gapingly obvious.

What’s also crystal clear is that rules and systems designed to protect and control personal data, combined with active enforcement of those rules and robust security to safeguard systems, are absolutely essential to prevent people’s information being misused at scale in today’s hyperconnected era.

But before you say hindsight is 20/20 vision, the history of this epic Facebook privacy fail is even longer than the under-disclosed events of 2015 suggest — i.e. when Facebook claims it found out about the breach as a result of investigations by journalists.

What the company very clearly turned a blind eye to is the risk posed by its own system of loose app permissions that in turn enabled developers to suck out vast amounts of data without having to worry about pesky user consent. And, ultimately, for Cambridge Analytica to get its hands on the profiles of ~50M US Facebookers for dark ad political targeting purposes.

European privacy campaigner and lawyer Max Schrems — a long time critic of Facebook — was actually raising concerns about the Facebook’s lax attitude to data protection and app permissions as long ago as 2011.

Indeed, in August 2011 Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that’s where Facebook’s European HQ is based).

“[T]his means that not the data subject but “friends” of the data subject are consenting to the use of personal data,” wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook’s friends’ data API. “Since an average facebook user has 130 friends, it is very likely that only one of the user’s friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users’ friends personal data (e.g. games, quizzes, apps that only post things on the user’s page) but Facebook Ireland does not offer a more limited level of access than “all the basic information of all friends”.

“The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific,” he added.

As a result of Schrems’ complaint, the Irish DPC audited and re-audited Facebook’s systems in 2011 and 2012. The result of those data audits included a recommendation that Facebook tighten app permissions on its platform, according to a spokesman for the Irish DPC, who we spoke to this week.

The spokesman said the DPC’s recommendation formed the basis of the major platform change Facebook announced in 2014 — aka shutting down the Friends data API — albeit too late to prevent Cambridge Analytica from being able to harvest millions of profiles’ worth of personal data via a survey app because Facebook only made the change gradually, finally closing the door in May 2015.

“Following the re-audit… one of the recommendations we made was in the area of the ability to use friends data through social media,” the DPC spokesman told us. “And that recommendation that we made in 2012, that was implemented by Facebook in 2014 as part of a wider platform change that they made. It’s that change that they made that means that the Cambridge Analytica thing cannot happen today.

“They made the platform change in 2014, their change was for anybody new coming onto the platform from 1st May 2014 they couldn’t do this. They gave a 12 month period for existing users to migrate across to their new platform… and it was in that period that… Cambridge Analytica’s use of the information for their data emerged.

“But from 2015 — for absolutely everybody — this issue with CA cannot happen now. And that was following our recommendation that we made in 2012.”

Given his 2011 complaint about Facebook’s expansive and abusive historical app permissions, Schrems has this week raised an eyebrow and expressed surprise at Zuckerberg’s claim to be “outraged” by the Cambridge Analytica revelations — now snowballing into a massive privacy scandal.

In a statement reflecting on developments he writes: “Facebook has millions of times illegally distributed data of its users to various dodgy apps — without the consent of those affected. In 2011 we sent a legal complaint to the Irish Data Protection Commissioner on this. Facebook argued that this data transfer is perfectly legal and no changes were made. Now after the outrage surrounding Cambridge Analytica the Internet giant suddenly feels betrayed seven years later. Our records show: Facebook knew about this betrayal for years and previously argues that these practices are perfectly legal.”

So why did it take Facebook from September 2012 — when the DPC made its recommendations — until May 2014 and May 2015 to implement the changes and tighten app permissions?

The regulator’s spokesman told us it was “engaging” with Facebook over that period of time “to ensure that the change was made”. But he also said Facebook spent some time pushing back — questioning why changes to app permissions were necessary and dragging its feet on shuttering the friends’ data API.

“I think the reality is Facebook had questions as to whether they felt there was a need for them to make the changes that we were recommending,” said the spokesman. “And that was, I suppose, the level of engagement that we had with them. Because we were relatively strong that we felt yes we made the recommendation because we felt the change needed to be made. And that was the nature of the discussion. And as I say ultimately, ultimately the reality is that the change has been made. And it’s been made to an extent that such an issue couldn’t occur today.”

“That is a matter for Facebook themselves to answer as to why they took that period of time,” he added.

Of course we asked Facebook why it pushed back against the DPC’s recommendation in September 2012 — and whether it regrets not acting more swiftly to implement the changes to its APIs, given the crisis its business is now faced having breached user trust by failing to safeguard people’s data.

We also asked why Facebook users should trust Zuckerberg’s claim, also made in the CNN interview, that it’s now ‘open to being regulated’ — when its historical playbook is packed with examples of the polar opposite behavior, including ongoing attempts to circumvent existing EU privacy rules.

A Facebook spokeswoman acknowledged receipt of our questions this week — but the company has not responded to any of them.

The Irish DPC chief, Helen Dixon, also went on CNN this week to give her response to the Facebook-Cambridge Analytica data misuse crisis — calling for assurances from Facebook that it will properly police its own data protection policies in future.

“Even where Facebook have terms and policies in place for app developers, it doesn’t necessarily give us the assurance that those app developers are abiding by the policies Facebook have set, and that Facebook is active in terms of overseeing that there’s no leakage of personal data. And that conditions, such as the prohibition on selling on data to further third parties is being adhered to by app developers,” said Dixon.

“So I suppose what we want to see change and what we want to oversee with Facebook now and what we’re demanding answers from Facebook in relation to, is first of all what pre-clearance and what pre-authorization do they do before permitting app developers onto their platform. And secondly, once those app developers are operative and have apps collecting personal data what kind of follow up and active oversight steps does Facebook take to give us all reassurance that the type of issue that appears to have occurred in relation to Cambridge Analytica won’t happen again.”

Firefighting the raging privacy crisis, Zuckerberg has committed to conducting a historical audit of every app that had access to “a large amount” of user data around the time that Cambridge Analytica was able to harvest so much data.

So it remains to be seen what other data misuses Facebook will unearth — and have to confess to now, long after the fact.

But any other embarrassing data leaks will sit within the same unfortunate context — which is to say that Facebook could have prevented these problems if it had listened to the very valid concerns data protection experts were raising more than six years ago.

Instead, it chose to drag its feet. And the list of awkward questions for the Facebook CEO keeps getting longer.

Source: Tech Crunch

There is a familiar trope in Hollywood cyberwarfare movies. A lone whiz kid hacker (often with blue, pink, or platinum hair) fights an evil government. Despite combatting dozens of cyber defenders, each of whom appears to be working around the clock and has very little need to use the facilities, the hacker is able to defeat all security and gain access to the secret weapon plans or whatever have you. The weapon stopped, the hacker becomes a hero.

The real world of security operations centers (SOCs) couldn’t be further from this silver screen fiction. Today’s hackers (who are the bad guys, by the way) don’t have the time to custom hack a system and play cat-and-mouse with security professionals. Instead, they increasingly build a toolbox of automated scripts and simultaneously hit hundreds of targets using, say, a newly discovered zero-day vulnerability and trying to take advantage of it as much as possible before it is patched.

Security analysts working in a SOC are increasingly overburdened and overwhelmed by the sheer number of attacks they have to process. Yet, despite the promises of automation, they are often still using manual processes to counter these attacks. Fighting automated attacks with manual actions is like fighting mechanized armor with horses: futile.

Nonetheless, that’s the current state of things in the security operations world, but as V.Jay LaRosa, the VP of Global Security Architecture of payroll and HR company ADP explained to me, “The industry, in general from a SOC operations perspective, it is about to go through a massive revolution.”

That revolution is automation. Many companies have claimed that they are bringing machine learning and artificial intelligence to security operations, and the buzzword has been a mainstay of security startup pitch decks for some times. Results in many cases have been nothing short of lackluster at best. But a new generation of startups is now replacing soaring claims with hard science, and focusing on the time-consuming low-hanging fruit of the security analyst’s work.

One of those companies, as we will learn shortly, is JASK. The company, which is based in San Francisco and Austin, wants to create a new market for what it calls the “autonomous security operations center.” Our goal is to understand the current terrain for SOCs, and how such a platform might fit into the future of cybersecurity.

Data wrangling and the challenge of automating security

The security operations center is the central nervous system of corporate security departments today. Borrowing concepts from military organizational design, the modern SOC is designed to fuse streams of data into one place, giving security analysts a comprehensive overview of a company’s systems. Those data sources typically include network logs, an incident detection and response system, web application firewall data, internal reports, antivirus, and many more. Large companies can easily have dozens of data sources.

Once all of that information has been ingested, it is up to a team of security analysts to evaluate that data and start to “connect the dots.” These professionals are often overworked since the growth of the security team is generally reactive to the threat environment. Startups might start with a single security professional, and slowly expand that team as new threats to the business are discovered.

Given the scale and complexity of the data, investigating a single security alert can take significant time. An analyst might spend 50 minutes just pulling and cleaning the necessary data to be able to evaluate the likelihood of a threat to the company. Worse, alerts are sufficiently variable that the analyst often has to repeatedly perform this cleanup work for every alert.

Data wrangling is one of the most fundamental problems that every SOC faces. All of those streams of data need to be constantly managed to ensure that they are processed properly. As LaRosa from ADP explained, “The biggest challenge we deal with in this space is that [data] is transformed at the time of collection, and when it is transformed, you lose the raw information.” The challenge then is that “If you don’t transform that data properly, then … all that information becomes garbage.”

The challenges of data wrangling aren’t unique to security — teams across the enterprise struggle to design automated solutions. Nonetheless, just getting the right data to the right person is an incredible challenge. Many security teams still manually monitor data streams, and may even write their own ad-hoc batch processing scripts to get data ready for analysis.

Managing that data inside the SOC is the job of a security information and event management system (SIEM), which acts as a system of record for the activities and data flowing through security operations. Originally focused on compliance, these systems allow analysts to access the data they need, and also log the outcome of any alert investigation. Products like ArcSight and Splunk and many others here have owned this space for years, and the market is not going anywhere.

Due to their compliance focus though, security management systems often lack the kinds of automated features that would make analysts more efficient. One early response to this challenge was a market known as user entity behavior analytics (UEBA). These products, which include companies like Exabeam, analyze typical user behavior and search for anomalies. In this way, they are meant to integrate raw data together to highlight activities for security analysts, saving them time and attention. This market was originally standalone, but as Gartner has pointed out, these analytics products are increasingly migrating into the security information management space itself as a sort of “smarter SIEM.”

These analytics products added value, but they didn’t solve the comprehensive challenge of data wrangling. Ideally, a system would ingest all of the security data and start to automatically detect correlations, grouping disparate data together into a cohesive security alert that could be rapidly evaluated by a security analyst. This sort of autonomous security has been a dream of security analysts for years, but that dream increasingly looks like it could become reality quite soon.

LaRosa of ADP told me that “Organizationally, we have got to figure out how we help our humans to work smarter.” David Tsao, Global Information Security Officer of Veeva Systems, was more specific, asking “So how do you organize data in a way so that a security engineer … can see how these various events make sense?”

JASK and the future of “autonomous security”

That’s where a company like JASK comes in. Its goal, simply put, is to take all the disparate data streams entering the security operations center and automatically group them into attacks. From there, analysts can then evaluate each threat holistically, saving them time and allowing them to focus on the sophisticated analytical part of their work, instead of on monotonous data wrangling.

The startup was founded by Greg Martin, a security veteran who previously founded threat intelligence platform ThreatStream (now branded Anomali). Before that, he worked as an executive at ArcSight, a company that is one of the incumbent behemoths in security information management.

Martin explained to me that “we are now far and away past what we can do with just human-led SOCs.” The challenge is that every single security alert coming in has to go through manual review. “I really feel like the state of the art in security operations is really how we manufactured cars in the 1950s — hand-painting every car,” Martin said. “JASK was founded to just clean up the mess.”

Machine learning is one of these abused terms in the startup world, and certainly that is no exception in cybersecurity. Visionary security professionals wax poetic about automated systems that instantly detect a hacker as they attempt to gain access to the system and immediately respond with tested actions designed to thwart them. The reality is much less exciting: just connecting data from disparate sources is a major hurdle for AI researchers in the security space.

Martin’s philosophy with JASK is that the industry should walk before it runs. “We actually look to the autonomous car industry,” he said to me. “They broke the development roadmap into phases.” For JASK, “Phase one would be to collect all the data and prepare and identify it for machine learning,” he said. LaRosa of ADP, talking about the potential of this sort of automation, said that “you are taking forty to fifty minutes of busy work out of that process and allow [the security analysts] to get right to the root cause.”

This doesn’t mean that security analysts are suddenly out of a job, indeed far from it. Analysts still have to interpret the information that has been compiled, and even more importantly, they have to decide on what is the best course of action. Today’s companies are moving from “runbooks” of static response procedures to automated security orchestration systems. Machine learning realistically is far from being able to accomplish the full lifecycle of an alert today, although Martin is hopeful that such automation is coming in later phases of the roadmap.

Martin tells me that the technology is being used by twenty customers today. The company’s stack is built on technologies like Hadoop, allowing it to process significantly higher volumes of data compared to legacy security products.

JASK is essentially carving out a unique niche in the security market today, and the company is currently in beta. The company raised a $2m seed from Battery in early 2016, and a $12m series A led by Dell Technologies Capital, which saw its investment in security startup Zscaler IPO last week.

There are thousands of security products in the market, as any visit to the RSA conference will quickly convince you. Unfortunately though, SOCs can’t just be built with tech off the shelf. Every company has unique systems, processes, and threat concerns that security operations need to adapt to, and of course, hackers are not standing still. Products need to constantly change to adapt to those needs, which is why machine learning and its flexibility is so important.

Martin said that “we have to bias our algorithms so that you never trust any one individual or any one team. It is a careful controlled dance to build these types of systems to produce general purpose, general results that applies across organizations.” The nuance around artificial intelligence is refreshing in a space that can see incredible hype. Now the hard part is to keep moving that roadmap forward. Maybe that blue-haired silver screen hacker needs some employment.

Source: Tech Crunch

Hip hop stars are taking their reputations to Wall Street and Sand Hill road.

Unlike their rock star brethren, who’ve historically been disinterested in dabbling with startups, quite a few hip hop artists have amassed good-sized portfolios. They’ve seen a few big hits too, most recently including a massive up round for zero-commission stock trading platform Robinhood, which counted Jay-Z, Nas and Snoop Dogg among its earlier backers.

But just how deep does the hip hop-startup relationship go and where is it headed? To shed some light on that question, we put together a review of Crunchbase data on the startup investment activity of famous musicians. We looked at both hip hop and pop stars, culling a list of 21 artists who are either active investors or have joined one or more rounds in recent years.

The general conclusion: Artists are doing more deals, raising more funds and backing more companies that graduate to up rounds and exits. Here are a few examples:

• Besides getting a slice of Robinhood, Jay-Z and his entertainment company, Roc Nation, also saw an early portfolio company, flight club startup JetSmarter, go on to raise financing a year ago at a reported valuation more than $1.5 billion. Roc Nation also made headlines this week for investing in Promise, a startup providing alternatives to incarceration for people who can’t afford bail.
• QueensBridge Venture Partners, the investment fund co-founded by Nas, was an early-stage investor in video doorbell maker Ring, which Amazon just bought for $1.1 billion. The firm could also see some paper gains this week in the much-anticipated market debut of Dropbox, which it backed in a 2014 Series C round. In addition, QueensBridge participated in a $25 million Series B round for cryptocurrency trading platform Coinbase back in 2013. Coinbase’s last reported valuation was around $1.6 billion.
• Casa Verde Capital, a cannabis-focused venture fund co-founded by Snoop Dogg, has closed its debut fund with $45 million. Just this week it backed a $3.5 million round for vape manufacturer Green Tank.

That’s not to say everything a star touches turns multi-platinum. We found quite a few flops in their portfolios and assembled a list here of 10 startups now shuttered that counted a hip hop or pop star among their backers.

Of course, flops are part of life for early-stage investors, so there’s no reason we’d expect celebrities to be an exception. Moreover, most of the now-shuttered companies were not heavily capitalized by venture standards.

However, there are some higher-profile or more heavily funded companies on the flop list. One is Washio, a laundry delivery service, which raised $17 million from Nas and 20 other investors before hanging itself out to dry in 2016. Another is Viddy, an app for shooting and sharing video clips backed by Roc Nation.

Why the rich, hip and famous like startups

A number of venture pundits and pop culture mavens have previously pontificated why celebrities, and hip hop stars in particular, are drawn to startups.

One possibility is that rap music and startups resemble each other at the earliest stages, postulates Cam Houser, CEO of the 3 Day Startup Program. Rap music starts with a rapper and a producer. This duality, he says, is similar to the beginning stages of a startup, which commonly also brings together two people, a business and a technical co-founder.

Rap and startup entrepreneurship are also both longshot career tracks that celebrate raw ambition and unabashed self-promotion. To make it, however, both require an excellent grasp of what sells in the real world.

Branding is perhaps the most common rationale provided for the celebrity-startup connection. With their massive fan bases, swooning coverage and millions of social media followers, celebrities can certainly help get the word out about a new product or app. That said, the attention usually works only if said product also has compelling attributes of its own.

One of the less controversial explanations is that becoming and remaining famous requires many of the same skills and qualities as running an entrepreneurial venture, including an exceptional degree of tenacity.

It’s also true that in venture capital and the music business, it’s the hits that matter. It helps that we’re seeing plenty of those. 

Source: Tech Crunch