Connect with us

Uncategorized

Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses

Published

on

A security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app.

Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues.

While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.

But the exposed data wasn’t visible to anyone using the app. Rather, the bug was retrieving hidden data, including the user’s latitude and longitude and their home address, from Ring’s servers.

Another problem was that every post was tied to a unique number generated by the server that incremented by one each time a user created a new post. Although the number was hidden from view to the app user, the sequential post number made it easy to enumerate the location data from previous posts — even from users who aren’t geographically nearby.

Ring Neighbors app (left), and the data it was pulling in, including location data (right). (Image: TechCrunch)

The Neighbors app appeared to have about 4 million posts by the end of 2020.

Ring said it had fixed the issue.

“At Ring, we take customer privacy and security extremely seriously. We fixed this issue soon after we became aware of it. We have not identified any evidence of this information being accessed or used maliciously,” said Ring spokesperson Yassi Shahmiri.

Last year Gizmodo found a similar bug in the Neighbors app that revealed hidden location data, allowing them to map out thousands of Ring users across the United States.

Ring currently faces a class-action suit by dozens of people who say they were subjected to death threats and racial slurs after their Ring smart cameras were hacked. In response to the hacks, Ring put much of the blame on users for not using “best practices” like two-factor authentication, which makes it harder for hackers to access a user’s account with the user’s password.

After it emerged that hackers were reportedly creating tools to break into Ring accounts and over 1,500 user account passwords were found on the dark web, Ring made two-factor authentication mandatory for every user.

The smart tech maker has also faced increasing criticism from civil rights groups and lawmakers for its cozy relationship with hundreds of U.S. police departments that have partnered with Ring for access to homeowners’ doorbell camera footage.

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Continue Reading
Comments

Uncategorized

Solana, a blockchain platform followed by top crypto investors, says it’s a lot faster than Ethereum

Published

on

Solana isn’t known yet outside of the crypto community. But insiders think the blockchain platform is interesting for a wide variety of reasons, beginning with its amiable founder, Anatoly Yakovenko, who spent more than a dozen years as an engineer working on wireless protocols at Qualcomm and who says he had a lightbulb moment at a San Francisco cafe several years ago following two coffees and a beer.

His big idea centered on creating an historical record to speed along “consensus,” which is how decisions are made on blockchains, which are themselves peer-to-peer systems. Right now, consensus is reached on various blockchains when members solve a mathematical puzzle, a mechanism that’s called “proof of work.” These miners are rewarded for their efforts with cryptocurrency, but process takes work hours in Bitcoin’s case and days in the case of Ethereum, and it’s insanely energy intensive, which is why neither Bitcoin nor Ethereum has proved very scalable. (Bitcoin’s heavy reliance on fossil fuel is the reason Elon Musk cited earlier this week to explain why Tesla is no longer accepting Bitcoin as payment for the company’s electric cars.)

But there is another way. Indeed, crypto watchers and developers are excited about Ethereum and other currencies that are transitioning to a new system called “proof of stake,” wherein people who agree to lock up a certain amount of their cryptocurrency — say it’s Ether — are invited to activate so-called validator software that enables them to store data, process transactions, and add new blocks to the Ethereum blockchain. Like miners, “validators” do what they do to earn more cryptocurrency, but they need far less sophisticated equipment, which opens up the opportunity to more people. Meanwhile, because more validators can participate in a network, consensus can be reached faster.

Yakovenko is enthusiastic about the shift.  We talked with him yesterday, and he said it would “devastating for the entire industry” if Ethereum weren’t able to pull off its objective, given its mindshare and its roughly $500 billion market cap.

Still, he argues that not even proof of stake is good enough. His biggest concern, he says, is that even with proof of stake, miners — and bots — have advance access to transaction information that allows them to exploit users, or front run transactions, because they can control transaction ordering and profit from that power.

Enter Yakovenko big idea, which he calls “proof of history,” wherein the Solana blockchain has developed a kind of synchronized clock that, in essence, assigns a timestamp for each transaction and disables the ability for miners and bots to decide the order of which transactions get recorded onto the blockchain. It also, says Yakovenko, allows for faster block finalization and much faster consensus because the timestamps of previous transactions no longer need to be computed. “Basically, the speed of light is how fast we can make this network go,” he says.

Certainly, Solana — which has sold tokens to investors but never equity in the company — has many excited about its prospects. In recent interviews with both investor Garry Tan of Initialized Capital and CEO Joe Lallouz of the blockchain infrastructure company Bison Trails, both mentioned Solana as among the projects that they find most interesting right now. (We assume both hold its tokens.)

Others say on background that while they understand the developer benefits and need for more scaleable blockchains than Ethereum — and they think Solana is a contender for this market — Solana still needs to more developer mindshare to prove its long-term worth and it’s not there yet. According to Solana itself, there are currently 608 validators helping secure the Solana Network and 47 decentralized applications (or “dapps”) powered by Solana. Meawhile, they were reportedly 33,700 active validators helping to secure “Eth 2.0” as of late December and 3,000 dapps running on the Ethereum blockchain as of February.

In fairness, the Ethereum network went live in 2015, so it has a three-year head start on Solana. In the meantime, Solana has a lead of its own, says Yakovenko, who is based in San Francisco and has assembled a distributed team of 50 employees, including numerous former colleagues from Qualcomm. Asked about other projects that have embraced a proof of history approach, he says that while it’s “all open source” and “anybody can go do it,” there “isn’t a set of our biggest competitors saying they’re going to rework their system and use this.”

The likely reason is that it’s almost comically complicated. “It just takes a lot of work to build these systems,” Yakovenko says. “It takes two to three years to build a new layer one, and you can’t really take an idea for one and stuff it in the other one. If you try to do that, you’re going to set yourself back by six to nine months at the least and potentially introduce bugs and vulnerabilities.” Either way, he adds, “We’re the only ones that are really building this proof-of-history thing, that use a verifiable delay function as a source of time.”

Either way, Solana, which itself has a $12 billion market cap, isn’t interested in competing with Ethereum and other cryptocurrencies on every front anyway, suggests Yakovenko. All it really wants is to disrupt Wall Street and the rest of the global markets, even if he doesn’t put it that way exactly.

He knows it sounds crazy. But the way he sees it, what Solana is building is “an open, fair, censorship-resistant global marketplace” that’s better than anything inside of the New York Stock Exchange or any other means of settling trades. It’s certainly a much bigger opportunity than he imagined, backed at that cafe. As he said yesterday: “Everything that we do to make this thing faster and faster results in this better censorship resistance, and therefore better markets. And price discovery is what I imagine is the killer use case for decentralized public networks. Can we be the world’s price discovery engine? That’s an interesting question to ask.”

Pointing to the wild swings in cryptocurrency prices right now, he says he suspects that “part of that is just developers and folks discovering the network and building cool applications on it.” It’s exciting when people can “self serve and build stuff that they want to go to market,” he adds. “It’s the secret weapon of decentralized networks versus any incumbents like Bank of America or Visa or whatever. Those big companies can’t iterate and move as fast as global set of engineers who can just come together and code whenever they want to.”

He saw the same dynamics play at Qualcomm. “Working in a big company, it seems like there’s a ton of resources, right? They can accomplish anything. But you saw us working on proprietary operating systems while the Linux guys were just working first for fun, right? And it seemed like it was just a weird hobby that people had; they were coding operating systems at night; they were coding over the weekend. Then all of a sudden, Linux is the de facto mobile iOS for Android.”

If you’re curious to learn more about Solana, we’ll have a podcast coming out soon with our longer conversation with Yakovenko. In the meantime, the outlet Decrypt today published an explainer titled “What is Solana?” that you might check out here.

Continue Reading

Uncategorized

Extra Crunch roundup: Selling SaaS to developers, cracking YC after 13 tries, all about Expensify

Published

on

Before Twilio had a market cap approaching $56 billion and more than 200,000 customers, the cloud-communications platform developed a secret sauce to fuel its growth: a developer-focused model that dispensed with traditional marketing rules.

Software companies that sell directly to end users share a simple framework for managing growth that leverages discoverability, desirability and do-ability — the “aha!” moment where a consumer is able to incorporate a new product into their workflow.

Data show that traditional marketing doesn’t work on developers, and it’s not because they’re impervious to a sales pitch. Builders just want reliable tools that are easy to use.

As a result, companies that are looking to create and sell software to developers at scale must toss their B2B playbooks and meet their customers where they are.


Attorney Sophie Alcorn, our in-house immigration law expert, submitted two columns: On Monday, she analyzed a decision by the U.S. Department of Homeland Security not to cancel the International Entrepreneur Parole program, which potentially allows founders from other countries to stay in the U.S. for as long as 60 months.

On Wednesday, she responded to a question from an entrepreneur who asked whether it made sense to sponsor visas for workers who are working remotely inside the U.S.

Thanks very much for reading Extra Crunch this week, and have a great weekend.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

4 lessons I learned about getting into Y Combinator (after 13 applications)

Image of a chair and a trash can in an office, with the bin surrounded by crumpled paper, representing persistence.

Image Credits: Peter Finch (opens in a new window) / Getty Images

Can you imagine making 13 attempts at something before attaining a successful outcome?

Alex Circei, CEO and co-founder of Git analytics tool Waydev, applied 13 times to Y Combinator before his team was accepted. Each year, the accelerator admits only about 5% of the startups that seek to join.

“Competition may be fierce, but it’s not impossible,” says Circei. “Jumping through some hoops is not only worth the potential payoff but is ultimately a valuable learning curve for any startup.”

In an exclusive exposé for TechCrunch, he shares four key lessons he learned while steering his startup through YC’s stringent selection process.

The first? “Put your business value before your personal vanity.”

The Expensify EC-1

The Expensify EC-1

Image Credits: Illustration by Nigel Sussman, art design by Bryce Durbin

In March, TechCrunch Daily Reporter Anna Heim was interviewing executives at Expensify to learn more about the company’s history and operations when they unexpectedly made themselves less available.

Our suspicions about their change of heart were confirmed on May 3 when the expense report management company confidentially filed to go public.

With a founding team comprised mainly of P2P hackers, it’s perhaps inevitable that Expensify doesn’t look and feel like something an MBA might envision.

“We hire in a super different way. We have a very unusual internal management structure,” said founder and CEO David Barrett. “Our business model itself is very unusual. We don’t have any salespeople, for example.”

Similar to the way companies must file a Form S-1 that describes their operations and how they plan to spend capital, TechCrunch EC-1s are part origin story, part X-ray. We published the first article in a series on Expensify on Monday:

We’ll publish the remainder of Anna’s series on Expensify in the coming weeks, so stay tuned.

As Procore looks to nearly double its private valuation, the IPO market shows signs of life

Construction tech unicorn Procore Technologies this week set a price range for its impending public offering. The news comes after the company initially filed to go public in February of 2020, a move delayed by the pandemic.

In March 2021, Procore filed again for a public offering, but its second shot ran into a cooling IPO market. The company filed another S-1/A in April, and then another in early May. This week’s filing is the first that sets a price for the Carpinteria, California-based software upstart.

But Procore is not the only company that filed and later put on hold an IPO to get back to work on floating. Kaltura, a software company focused on video distribution, also recently got its IPO back on track. Are we seeing a reacceleration of the IPO market? Perhaps.

3 golden rules for health tech entrepreneurs

Family physician Bobbie Kumar lays out the golden rules to ensure your healthcare product, service or innovation is on the right track.

Rule 1: “It’s not enough to develop a ‘new tool’ to use in a health setting,” Dr. Kumar writes. “Maybe it has a purpose, but does it meaningfully address a need, or solve a problem, in a way that measurably improves outcomes? In other words: Does it have value?”

Dear Sophie: How does the International Entrepreneur Parole program work?

lone figure at entrance to maze hedge that has an American flag at the center

Image Credits: Bryce Durbin/TechCrunch

Dear Sophie,

I’m the founder of an early-stage, two-year-old fintech startup. We really want to move to San Francisco to be near our lead investor.

I heard International Entrepreneur Parole is back. What is it, and how can I apply?

— Joyous in Johannesburg

Digging into digital mortgage lender Better.com’s huge SPAC

If you have heard of Better.com but really had no idea what it does before this moment, welcome to the club. Mortgage tech is like pre-kindergarten applications — it applies to a very specific set of folks at a very particular moment. And they care a lot about it. But the rest of us aren’t really aware of its existence.

Better.com, a venture-backed digital mortgage lender, announced this week that it will combine with a SPAC, taking itself public in the second half of 2021. The unicorn’s news comes as the American IPO market is showing signs of fresh life after a modest April.

As tech offices begin to reopen, the workplace could look very different

Colleagues in the office working while wearing medical face mask during COVID-19

Image Credits: filadendron (opens in a new window) / Getty Images

The pandemic forced many employees to begin working from home, and, in doing so, may have changed the way we think about work. While some businesses have slowly returned to the office, depending on where you live and what you do, many information workers remain at home.

That could change in the coming months as more people get vaccinated and the infection rate begins to drop in the U.S.

Many companies have discovered that their employees work just fine at home. And some workers don’t want to waste time stuck on congested highways or public transportation now that they’ve learned to work remotely. But other employees suffered in small spaces or with constant interruptions from family. Those folks may long to go back to the office.

On balance, it seems clear that whatever happens, for many companies, we probably aren’t going back whole-cloth to the prior model of commuting into the office five days a week.

 

For unicorns, how much does the route to going public really matter?

4 progressively larger balls of US $1 bills, studio shot

Image Credits: PM Images (opens in a new window) / Getty Images

On a recent episode of TechCrunch’s Equity podcast, hosts Natasha Mascarenhas and Alex Wilhelm invited Yext CFO Steve Cakebread and Latch CFO Garth Mitchell on to discuss when companies should go public, the costs and benefits of the process, and when a SPAC can make sense. Yext pursued a traditional IPO a few years back; Latch is now going public via a blank-check company combination.

The chat was more than illustrative, as we got to hear two CFOs share their views on delayed public offerings and when different types of debuts can make the most sense. While the TechCrunch crew has, at times, made light of certain SPAC-led deals, the pair argued that the transactions can make good sense.

Undergirding the conversation was Cakebread’s recent IPO-focused book, which not only posited that companies going public earlier rather than later is good for their internal operations but also because it can provide the public with a chance to participate in a company’s success.

In today’s hypercharged private markets and frothy public domain, his argument is worth considering.

 

The truth about SDK integrations and their impact on developers

Image of three complex light trails converging against a white background to represent integration.

Image Credits: John Lund (opens in a new window) / Getty Images

Ken Harlan, the founder and CEO of Mobile Fuse, writes about the perks and pitfalls of software development kits.

“The digital media industry often talks about how much influence, dominance and power entities like Google and Facebook have,” Harlan writes. “Generally, the focus is on the vast troves of data and audience reach these companies tout. However, there’s more beneath the surface that strengthens the grip these companies have on both app developers and publishers alike.

“In reality, SDK integrations are a critical component of why these monolith companies have such a prominent presence.”

Don’t hate on low-code and no-code

The Exchange caught up with Appian CEO Matt Calkins after his enterprise app software company reported its first-quarter performance to discuss the low-code market and what he’s hearing in customer meetings. To round out our general thesis — and shore up our somewhat bratty headline — we’ve compiled a list of recent low-code and no-code venture capital rounds, of which there are many.

As we’ll show, the pace at which venture capitalists are putting funds into companies that fall into our two categories is pretty damn rapid, which implies that they are doing well as a cohort. We can infer as much because it has become clear in recent quarters that while today’s private capital market is stupendous for some startups, it’s harder than you’d think for others.

Bird’s SPAC filing shows scooter-nomics just don’t fly

A pair of Bird e-scooters parked in Barcelona. Image Credits: Natasha Lomas/TechCrunch

Historically — and based on what we’re seeing in this fantastical filing — Bird proved to be a simply awful business. Its results from 2019 and 2020 describe a company with a huge cost structure and unprofitable revenue, per filings. After posting negative gross profit in both of the most recent full-year periods, Bird’s initial model appears to have been defeated by the market.

What drove the company’s hugely unprofitable revenues and resulting net losses? Unit economics that were nearly comically destructive.

Dear Sophie: Does it make sense to sponsor immigrant talent to work remotely?

lone figure at entrance to maze hedge that has an American flag at the center

Image Credits: Bryce Durbin/TechCrunch

Dear Sophie,

My startup is in big-time hiring mode. All of our employees are currently working remotely and will likely continue to do so for the foreseeable future — even after the pandemic ends. We are considering individuals who are living outside of the U.S. for a few of the positions we are looking to fill.

Does it make sense to sponsor them for a visa to work remotely from somewhere in the United States?

— Selective in Silicon Valley

The hamburger model is a winning go-to-market strategy

Follow the Hamburger model for your go-to-market strategy

Image Credits: ivan101 / Getty Images

“Today, we live in a world of product-led growth, where engineers (and the software they have built) are the biggest differentiator,” says Coatue Management general partner Caryn Marooney and investor David Cahn. “If your customers love what you’re building, you’re headed in the right direction. If they don’t, you’re not.

“However, even the most successful product-led growth companies will reach a tipping point, because no matter how good their product is, they’ll need to figure out how to expand their customer base and grow from a startup into a $1 billion+ revenue enterprise.

“The answer is the hamburger model. Why call it that? Because the best go-to-market (GTM) strategies for startups are like hamburgers:

  • The bottom bun: Bottom-up GTM.
  • The burger: Your product.
  • The top bun: Enterprise sales.”

Software subscriptions are eating the world: Solving billing and cash flow woes simultaneously

the recycle logo recreated in folded US currency no visible serial numbers/faces etc.

Image Credits: belterz (opens in a new window) / Getty Images

Krish Subramanian, the co-founder and CEO of Chargebee, writes that while subscription business models are attractive, there are two major pitfalls: First, payment.

“Regardless of company size, there’s an ongoing need to convince customers to sign up long term,” Subramanian writes. “The second issue: How do businesses cover the funding gap between when customers sign up and when they pay?”

Is there a creed in venture capital?

Scott Lenet, the president of Touchdown Ventures, asks how deal-makers should think about how to handle themselves when counter-parties attempt to change an agreement. “When is it OK to modify terms, and when should deal-makers stand firm?” he asks.

“Entrepreneurs and investors should recognize that contracts are worth very little without the ongoing relationship management that keeps all parties aligned. Enforcement is so unusual in the world of startups that I consider it a mostly dead-end path. In my experience, good communication is the only reliable remedy. This is the way.”

 

Even startups on tight budgets can maximize their marketing impact

Maximize the impact of your marketing strategy

Image Credits: Ray Massey / Getty Images

“Search engine optimization, PR, paid marketing, emails, social — marketing and communications is crowded with techniques, channels, solutions and acronyms,” writes Dominik Angerer, CEO and co-founder of Storyblok, which provides best practice guidance for startups on how to build a sustainable approach to marketing their content. “It’s little wonder that many startups strapped for time and money find defining and executing a sustainable marketing campaign a daunting prospect.

“The sheer number of options makes it difficult to determine an effective approach, and my view is that this complexity often obscures the obvious answer: A startup’s best marketing asset is its story.”

Continue Reading

Uncategorized

Daily Crunch: Stripe buys Y Combinator alum Bouncer for undisclosed sum

Published

on

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here.

Wrapping the week here at Daily Crunch with a big thanks to Henry for taking over yesterday and a fist bump to everyone who has written in with notes on its format. We’re still tinkering, so your notes are read and (mostly) appreciated, even if we can’t respond to everyone.

Stick with us as we get this fully figured out. — Alex

TechCrunch Top 3

Coding school drama: The market for coding schools and bootcamps is not going to go away so long as there is an outsized market demand for developers that current educational methods can’t fulfill. But not every player in the market is doing well. Lambda School, for example, is in even more hot water this week.

VCs love edtech: While private investors are happily pouring capital into the edtech startup market, the share prices of many public edtech companies are under fire. That’s a sentiment gap that TechCrunch is keeping close tabs on. More here on the edtech venture market.

Apply to Startup Battlefield: There’s not a lot of time left to apply to the upcoming Disrupt Startup Battlefield. And we want to hear from you. Really. Many startups that have taken part in our free and fun and very public pitch-off have gone on to raise lots of capital or even go public. So hang out with us; we think you’re great!

Startups and VC

Stripe buys Bouncer: The progress of the yet-private Stripe as an online finance behemoth continued today with its purchase of Bouncer, a startup based in Brooklyn that TechCrunch reports has “built a platform to automatically run card authentications and detect fraud in card-based online transactions.” Fraud detection is a point of product differentiation among online payment companies, so this is a deal to watch.

Why aren’t more African startups going public? The SPAC boom is taking a host of American startups public, but not upstart tech companies from Africa. The real issue could simply be one of scale, it turns out. TechCrunch investigates.

SoftBank makes piles of money: Some of the bets that SoftBank has made on its own, and via its Vision Fund 1 and 2, have been clunkers. WeWork remains a byword for embarrassment. But the teleco and investing powerhouse has been on a heater lately, as TechCrunch’s Equity Podcast explored. How good were its results? Very, very well. More on its investing performance here.

Don’t leak customer account data: An exercise startup that competes with Peloton didn’t have its cybersecurity house in order. Echelon, TechCrunch reports, “had a leaky API that let virtually anyone access riders’ account information.” That’s all kinds of not good. And the news item explains why cybersecurity has been so hot lately. More tech everywhere means more potential vulnerabilities everywhere, as well.

5 ways to raise your startup’s PR game

By now, it’s widely understood that storytelling is the foundation for successful startup PR.

Tech journalists receive more pitches than we can count each day from very early-stage companies seeking to make a name for themselves, and, to be honest, most of them sound like they were written with language-prediction technology.

What most companies fail to grasp is that storytelling is everyone’s job, like product managers who write blog posts that give users real insights into the latest release. The same holds true for founders who take part in Reddit AMAs and engineers who join product Slack chats.

To make a splash and stay relevant, here are five actionable suggestions that won’t cost a dime to implement.

(Extra Crunch is our membership program, which helps founders and startup teams get ahead. You can sign up here.)

Big Tech Inc.

Wrapping up news from the biggest tech companies this week, a short digest of earnings results from companies that you care about is in order.

Coinbase met its pre-released Q1 2020 earnings expectations, posting both huge revenue and profit gains. In short, the first quarter was a huge win for the crypto trading house. It had the same sort of quarter that likely led to Robinhood filing to go public.

DoorDash blew the, er, doors off its own quarter, leading to its shares spiking by around 25% in today’s trading. That’s one hell of a result. Sure, DoorDash is worth a lot less than it was at its peak, but the company had a great day all the same.

Airbnb managed a roughly 2.5% gain today after reporting its own earnings yesterday. It also got an analyst upgrade to boot. In short, the company managed year-over-year revenue growth, but also detailed larger-than-anticipated losses thanks to some one-time items. Worth around $85 billion, Airbnb remains richly valued.

And then there was Alibaba, which has lost around a quarter-trillion in value since it got into a scrap with its local administration and swung to a loss after it was served with a multibillion dollar fine by the Chinese government. But the e-commerce giant’s $28.6 billion in total revenue was up 64% compared to its year-ago result. Hot dang.

Now you are all caught up! Have a lovely weekend, and we’ll see you again Monday afternoon.

Continue Reading

Trending