Saturday, 30 June 2018

The hottest investors at The Europas, & your specially discounted ticket

In partnership with TechCrunch, The Europas Conference & Awards, features smaller breakout sessions on key subjects for startups, followed by a glittering awards show for the hottest startups in Europe, based on voting by expert judges and the industry itself. Plus loads of networking opportunities with investors, and the super-fun Pitch Rolette pitch competition.

Just some of the investors coming to The Europas this Tuesday, July 3, in London include:

Alliott Cole, Octopus Ventures

Andrei Brasoveanu, Accel Partners

Carlos Eduardo Espinal, Seedcamp

Damir Bandolo, Columbus Capital

Eileen Burbidge, Passion Capital

Eze Vidra, Reimagine Ventures

George McDonuagh, KR1 (Blockchain/Crypto)

Jamie Burke, Outlier Ventures (Blockchain/Crypto)

Jason Ball, Qualcomm Ventures

Jeremy Yap, Angel Investor

Joe White, Entrepreneur First

Maria Wagner, Beringea

Michael Jackson, Mangrove Capital Partners

Nancy Fechnay, Angel Investor (Blockchain/Crypto)

Paul Dowling, Dreamstake Ventures

Richard Muirhead, Fabric Ventures (Blockchain/Crypto)

Scott Sage, Crane Venture Partners

Sitar Teli, Connect Ventures

Stephanie Hospital, OneRagtime

Suzanne Ashman, LocalGlobe

Thomas Graham, TLDR Capital

Tugce Ergul, Angel Labs

Vishal Gulati, Draper Esprit

Wendy Tan White, BGF

Instead of thousands and thousands of people, think of a great summer event with a selected 800 of the most interesting and useful people in the industry, including key investors and leading entrepreneurs.

Here’s the agenda.

And here’s 14 reasons to attend The Europas:

• Ultra-high quality Investors, speakers & featured guests

• New startup founders brought into the eco-system

• New deal-flow for investors

• Our “Diversity Matters” Free pass bringing in more women and POC

• Expert speeches, discussions, and Q&A

• Intimate “breakout” sessions with key players on vertical topics

• The opportunity to meet almost everyone in those small groups, super-charging your networking

• Convivial, relaxed atmosphere conducive to networking

• Key press including WSJ, TechCrunch, VentureBeat, attending

• A stunning awards dinner and party which honors both the hottest startups and the leading lights in the European startup scene

• Content independently curated by journalists

• The only truly independent, industry-backed awards in Europe

• Percentage of profits will be donated to charity

• All on one day to maximize your time in London

europas8

Plus, as a special offer for TechCrunch readers, we have discounted tickets of up to 60% off:

Daytime conference plus evening awards tickets (£250, 60% discount) (valid all day, July 3rd) – this ticket includes the daytime conference and the awards dinner with ceremony and after party. It includes refreshments and lunch during the conference, and the awards drinks reception and dinner.

Daytime only, Unconference tickets (£75, 60% discount) – this ticket includes the afternoon Unconference only.

Evening Awards-only tickets (£195, 60% discount) – this ticket is for the awards dinner with ceremony and after party. It includes the awards drinks reception and dinner.

If you wish to sponsor the events or to purchase a table for 10 or 12 guest or a half table for 5 guests, please contact petra@theeuropas.com

The conference and awards are supported by TechCrunch, the official media partner. Attendees, nominees, and winners will get deep discounts to TechCrunch Disrupt in Berlin, later this year.

https://ift.tt/2KxAe5n

Benchmark’s Mitch Lasky will reportedly step down from Snap’s board of directors

Benchmark partner Mitch Lasky, who has served on Snap’s board of directors since December 2012, is not expected to stand for re-election to Snap’s board of directors and will thus be stepping down, according to a report by The Information.

Early investors stepping down from the board of directors — or at least not seeking re-election — isn’t that uncommon as once-private companies grow into larger public ones. Benchmark partner Peter Fenton did not seek re-election for Twitter’s board of directors in April last year. As Snap continues to navigate its future, especially as it has declined precipitously since going public and now sits at a valuation of around $16.5 billion. Partners with an expertise in the early-stage and later-stage startup life cycle may end up seeing themselves more useful taking a back seat and focusing on other investments. The voting process for board member re-election happens during the company’s annual meeting, so we’ll get more information when an additional proxy filing comes out ahead of the meeting later this year.

Benchmark is, or at least was at the time of going public last year, one of Snap’s biggest shareholders. According to the company’s 424B filing prior to going public in March last year, Benchmark held ownership of 23.1% of Snap’s Class B common stock and 8.2% of Snap’s Class A common stock. Lasky has been with Benchmark since April 2007, and also serves on the boards of a number of gaming companies like Riot Games and thatgamecompany, the creators of PlayStation titles flower and Journey. At the time, Snap said in its filing that Lasky was “qualified to serve as a member of our board of directors due to his extensive experience with social media and technology companies, as well as his experience as a venture capitalist investing in technology companies.”

The timing could be totally coincidental, but an earlier Recode report suggested Lasky had been talking about stepping down in future funds for Benchmark. The firm only recently wrapped up a very public battle with Uber, which ended up with Benchmark selling a significant stake in the company and a new CEO coming in to replace co-founder Travis Kalanick. Benchmark hired its first female general partner, Sarah Tavel, earlier this year.

We’ve reached out to both Snap and a representative from Benchmark for comment and will update the story when we hear back.



https://ift.tt/2KmfuOK

Friday, 29 June 2018

Tinder bolsters its security to ward off hacks and blackmail

This week, Tinder responded to a letter from Oregon Senator Ron Wyden calling for the company to seal up security loopholes in its app that could lead to blackmail and other privacy incursions.

In a letter to Sen. Wyden, Match Group General Counsel Jared Sine describes recent changes to the app, noting that as of June 19, “swipe data has been padded such that all actions are now the same size.” Sine added that images on the mobile app are fully encrypted as of February 6, while images on the web version of Tinder were already encrypted.

The Tinder issues were first called out in a report by a research team at Checkmarx describing the app’s “disturbing vulnerabilities” and their propensity for blackmail:

“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).

“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”

In February, Wyden called for Tinder to address the vulnerability by encrypting all data that moves between its servers and the app and by padding data to obscure it from hackers. In a statement to TechCrunch at the time, Tinder indicated that it heard Sen. Wyden’s concerns and had recently implemented encryption for profile photos in the interest of moving toward deepening its privacy practices.

“Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals” Sine said in the letter. “… Our goal is to have protocols and systems that not only meet, but exceed industry best practices.”



https://ift.tt/2Nb5J3H

Verizon deep-sixes its Go90 video streaming service

Go90 was an ambitious video streaming service from Verizon. It promised to be the next YouTube by utilizing Verizon’s many partnerships to create unique content you couldn’t find on places like Vimeo or YouTube. 

With Go90, Verizon had plans to create something from nothing and hoped that it could slay the biggest names in VOD. But it didn’t. And now Verizon says that it will be shuttering the service on July 31. 

“Following the creation of Oath, Go90 will be discontinued,” a Verizon rep said in a statement to Variety. “Verizon will focus on building its digital-first brands at scale in sports, finance, news and entertainment for today’s mobile consumers and tomorrow’s 5G applications.”

Oath remember, is Verizon’s umbrella company that houses what remains of AOL and Yahoo! The news of Go90’s death comes mere months after Samsung and Verizon reached an agreement to pre-load the service on Samsung Galaxy S9 smartphones. 

It’s unclear exactly what went wrong with the service, but Variety points to the lack of advertising dollars coming in, the massive expense creating and maintaining the service and poor marketing. Also, while Go90 had compelling content, very little of it caught on with the larger public - in spite of Verizon itself winning an Oscar earlier this year for its animated short film “Dear Basketball” starring NBA star Kobe Bryant.

While its death will likely go unnoticed by the larger video streaming audience (Go90 only had about 17 million viewers per month at its highest point compared to YouTube's average 1.57 billion viewers), Go90's shuttering does speak to a larger trend of streaming services failing in a market dominated by larger players.

Show business is cutthroat. Who knew?

https://ift.tt/2yV2Zo8

Best web hosting resellers of 2018

Twitter gets a re-org and new product head

Twitter has a new product manager in the wake of a large re-org of the company announced this week. The changes will see Twitter dividing its business into groups including engineering, product, revenue product, design and research, and more, while also bringing on Kayvon Beykpour, the GM of video and former Periscope CEO, as product head.

Beykpour will replace Ed Ho, vice president of product and engineering, as Ho steps down into a part-time role. In a series of tweets, Ho explains his decision was based on a family loss, and says he hopes to return full-time in the future. He had been on leave from Twitter since May.

As Recode noted, these change will make Beykpour the sixth exec to head up product since early 2014.

Meanwhile, Ho’s other role — head of engineering — will now be overseen by Mike Montano, who is stepping up from product engineering.

Twitter CEO’s announcement of the changes, below, was tweeted out on Thursday:



https://ift.tt/2tRx4zj

Cheap VPS hosting deals

Doctrine raises $11.6 million for its legal search engine

French startup Doctrine is raising a $11.6 million funding round (€10 million) from existing investors Otium Venture and Xavier Niel. Doctrine is building a search engine for court decisions and other legal texts.

This is a key tool if you’re a lawyer or you’re working in the legal industry in general. There are now a thousand companies using the service. It currently costs around €129 per user per month.

A little back-of-the-envelope calculation lets you see that Doctrine currently has a monthly recurring revenue of hundreds of thousands of dollars.

Doctrine competes with Dalloz and LexisNexis. These databases have been hugely popular because it’s been so hard to list court decisions. Not only Doctrine managed to get a ton of data, but they also have better technology to search through all these entries.

France is currently trying to share as much open data as possible. Eventually, court decisions could be accessible to anyone. But there are many challenges to overcome as each decision needs to be anonymized.

So it might not be a data-driven industry in a few years, but a tech-driven industry. Automating the indexation of court decisions and new laws is going to be key as more and more data becomes accessible. That’s why Doctrine seems to be in a good position against legacy software in the legal industry.

The startup is currently growing by 20 percent month over month. Doctrine plans to hire 160 people over the next 18 months.

https://ift.tt/2KtSY2I

High budget, live action Halo series coming to Showtime in 10-episode run

While it's undoubtedly one of Microsoft's biggest video game properties, Halo has had a rough time branching out into the live action film and television scene, despite having a ready-made fan base and a wealth of mythology and lore to draw from. 

That's all about to change. US-based, premium cable channel Showtime has announced that a 10-part live action series is officially in the works, in a collaboration that also involves Halo developer 343 Industries and Amblin Television.

Kyle Killen (Awake) is onboard as executive producer, writer and showrunner of the series (working title Halo), while Rupert Wyatt (Rise of the Planet of the Apes) is attached to direct multiple episodes and also executive produce the hour-long series. 

If you like it, then you shoulda put a ring(world) on it

Though previous Halo shows Forward Unto Dawn and NightFall stumbled due to web series production values and questionable writing, Showtime president and CEO David Nevins promises that the new show will be in another league entirely. 

“Halo is our most ambitious series ever, and we expect audiences who have been anticipating it for years to be thoroughly rewarded,” said Nevins.

He continued, "Kyle Killen’s scripts are thrilling, expansive and provocative, Rupert Wyatt is a wonderful, world-building director, and their vision of Halo will enthral fans of the game while also drawing the uninitiated into a world of complex characters that populate this unique universe.”

The new Halo series will enter production in early 2019, so expect the Master Chief to invade your living room later that year. As for which services will be showing the series outside of the US, we do know that the Australian streaming service Stan has already announced that it will be fast-tracking the series as part of its partnership with Showtime

https://ift.tt/2KvvOsK

Thursday, 28 June 2018

Twitter launches its Ads Transparency Center, where you can see ads bought by any account

Twitter is unveiling the Ads Transparency Center that it announced back in October.

This comes as Twitter and other online platforms have faced growing political scrutiny around the role they may have played in spreading misinformation, particularly in the 2016 U.S. presidential election.

For example, House Democrats recently released thousands of of Russian-funded political Facebook ads, and Facebook will reportedly release its own ad transparency tool this week. (In fact, as this story publishes, I’m at a Facebook press event focused on ad transparency.)

Twitter says that with this tool, you should be able to search for any Twitter handle and bring up all the ad campaigns from that account that have run for the past seven days. For political advertisers in the U.S., there will be additional data, including information around billing, ad spend, impressions per tweet and demographic targeting.

Everyone should be able to access the Ads Transparency Center, no login required.

Twitter political ads

As part of  the political ad guidelines that Twitter announced last month, the company says it will be visually identifying ads that are tied to federal elections in the United States. Over time, it plans to develop a policy specifically around “issue ads” (i.e., political ads that aren’t explicitly promoting a candidate) and looking for ways to expand these policies internationally.

“We are doing our due diligence to get this right and will have more updates to come,” writes Twitter’s Bruce Falck in a blog post. “We stay committed to iterating and improving our work in this space, and doing what’s right for our community.”



https://ift.tt/2MtvAD0

LinkedIn adds Microsoft-powered translations and QR codes to connect more of its users faster

LinkedIn — the social network with more than 560 million members who connect around work-related topics and job-seeking — continues to add more features, integrating technology from its new owner Microsoft, both to improve engagement on LinkedIn as well as to create deeper data ties between the two businesses.

Today, the company announced two more: users can now instantly view translations of content on the site when it appears in a language that is not the one set as a default; and they can now use QR codes to quickly swap contact details with other LinkedIn members.

In both cases, the features are likely overdue. The lingua franca of LinkedIn seems to be English, but the platform has a large global reach, and as it continues to try to expand to a wider range of later adopters and different categories of users, having a translation feature seems to be a no-brainer. It would also put it in closer line with the likes of Twitter and Facebook, which have had translation options for years.

The QR code generator, meanwhile, has become a key way for people to swap their details when they are not already connected on a network. And with LinkedIn this makes a lot of sense: there are so many people with the same name and it can be a challenge figuring out which “Mark Smith” you might want to connect with after coming across him at an event. And given that LinkedIn has been looking for more ways of making its app useful in in-person situations, this is an obvious way to enable that.

Translations are coming by way of the Microsoft Text Analytics API, the same Azure Cognitive Service  that powers translations on Bing, Skype and Office (as well as third-party services like Twitter). It will be available in more than 60 languages, with more coming soon, LinkedIn says, to a “majority” of members using either the desktop or mobile web versions of LinkedIn.

The company says that it will be coming to LinkedIn’s iOS and Android apps in due course, as well. Users will get the “see translation” link based on a number of signals you’re providing to LinkedIn that include your language setting on the platform, the country where you are accessing content and the language you have used in your profile.

Content covered by the option to translate will include the main feed, the activity section on a person’s profile and posts if you click on them in the feed or share it.

Meanwhile, with QR codes, you trigger the ability to capture one by clicking in the search box on the iOS or Android app. Through that window, you can also pick up your own code to share with others.

LinkedIn suggests that the QR code can effectively become the replacement for the business card for people when they are at in-person events. But another option is that you can use this now in any place where you might want to provide a shortcut to your profile.



https://ift.tt/2IAt6jQ

Criteo creates an AI lab in Paris

Adtech company Criteo is investing $23 million (€20 million) in a new artificial intelligence lab in Paris. Over the next three years, the company plans to hire researchers to work on AI-related projects.

Many of their projects will lead to public presentations, open-source releases and research papers. VP of Research Suju Rajan is going to lead the lab.

Many tech companies have created AI labs in Paris, including Facebook, Google, IBM and Samsung. All those companies want to hire the best AI researchers. That’s why they open multiple AI research centers around the world to attract local talent in multiple countries

Criteo has been a flagship company in the French tech scene. The company specialized in ad retargeting and filed for an IPO around five years ago.

But retargeting isn’t really popular right now. Some internet browsers, such as Firefox and Safari, have started offering tracking protection and enabling it by default. Criteo’s ads are much less effective if the company can’t track users around the web.

Similarly, many European users are now opting out of data sharing with adtech companies thanks to GDPR’s mandatory consent popups.

That’s why Criteo shares haven’t been performing well lately. Shares were trading at around $54 per share in April 2017. Ten months later, you could buy shares for $24 — that’s a 56 percent drop.

Criteo needs to diversify its product portfolio and find new ways to make ads effective again. Existing methods involving third-party cookies, browser fingerprinting and a ton of Javascript embeds won’t work forever.

https://ift.tt/2N23YWJ

Best Microsoft Office alternatives in 2018

The best Linux web hosting services of 2018

The International Olympic Committee is curious about eSports

If there’s still any doubt that eSports is coming into the mainstream, just look to the world’s biggest sporting event: The Olympics.

The International Olympic Committee (IOC) and the Global Association of International Sports Federations (GAISF) have announced that they will host an eSports Forum, looking to gauge whether or not esports has a place in the Olympics.

According to the release, the IOC and GAISF will host esports players, game publishers, teams, media, sponsors and event organizers, as well as National Olympic Committees, International Sports Federations, athletes and the IOC. The group as a whole is looking to “explore synergies, build joint understanding, and set a platform for future engagement between esports and gaming industries and the Olympic Movement.”

In the release, GAISF President Patrick Baumann said:

Along with the IOC, the GAISF looks forward to welcoming the esports and gaming community to Lausanne. We understand that sport never stands still and the phenomenal growth of esports and gaming is part of its continuing evolution. The Esports Forum provides an important and extremely valuable opportunity for us to gain a deeper understanding of esports, their impact and likely future development, so that we can jointly consider the ways in which we may collaborate to the mutual benefit of all of sport in the years ahead.

Some of the panels at the forum include an interview on “The Key to Twitch’s Success,” “Future Opportunities for Collaboration,” an interview on “A Day in the Life of an Elite Player” and a panel on “Gender Equality in All Sports.”

eSports have continued to grow at an impressive clip. The Overwatch League has introduced city-based teams into the mix, while Fortnite had a huge Pro-Am tournament at e3, not to mention Epic’s introduction of a $100 million tournament prize pool for competitive play.

Considering how bizarre some of the Olympic sports are — I’m looking at you, Biathlon — the potential introduction of esports to the Olympic slate almost seems ordinary.

https://ift.tt/2tIJQjv

The excitement is building for #TheEuropas, next week in London

Startups are strange beasts. Founders and investors are obviously so super-focused on building their companies that sometimes they forget to delve into the big issues behind tech and startups. Plus, do they ever know what’s going on outside their laser-focused view? Sometimes it’s good to take stock.

That’s why we’ve built The Europas Awards & Unconference (July 3) in association with TechCrunch, to give you a heads-up on the big issues, time to network, and time to celebrate with peers and friends, on a great day in London.

So what is The Europas?

• Key Founders and investors speaking
• No secret VIP rooms, maximum Speaker interaction
• Ultra-high quality crowd, largely invited
• Convivial, relaxed atmosphere conducive to networking
• Intimate “breakout” sessions with key players
• Journalists from major tech titles
• Percentage of profits will be donated to charity
• A stunning awards dinner and party which honours both the hottest startups and the leading lights in the European startup scene

The Unconference

Pull up a front row seat at our Unconference as some of the most incisive and prescient thought leaders in tech will discuss and debate some of the biggest issues, opportunities and challenges in tech. You won’t want to miss these panels:

• Should We Stay or Should We Go Now? What next for European’s tech economy as Brexit looms? We’re joined by LocalGlobe partner Suzanne Ashman, BGF partner, Wendy Tan White, and Eloise Todd, CEO of Best for Britain to dissect what the Leave ramifications are for the tech ecosystem.

• The Disinfoconomy: We were all shocked, shocked, to learn that Facebook had allowed commercial entities access to our private data with no oversight into how that data was being used and for what purpose. Our panelists debate what next for businesses peddling in private data, do consumers care enough to change their behaviour, what impact has this had on the media, and is there a way to sort all this mess out?

• Mapping the Future of Transportation in an Autonomous Age: The era of the autonomous vehicle is nigh! But how will AVs interact with our existing transportation landscape in our current gridlocked cities? Bill Gross-backed AIPod thinks it has a solution. CRO and co-founder Steve Gledden unpacks the details.

• AI + Startups – A Non Starter? So you wanna be an AI startup, but there’s the pesky little problem of enough data. Paul Dowling of Dreamstake Ventures leads a discussion with Steve King of social prediction startup Black Swan and Draper Esprit partner and long-time health tech investor Vishal Gulati on the data challenge.

• APPily Ever After or APPocalypse now? Dating Apps in a Post #MeToo World. Dating apps have radically reshaped how we form relationships, our attitudes toward sex, sexism, objectification and desire — and quite frankly, what constitutes good manners. We’re joined by Olivia June, founder of vina.io, and more to come.

• TWO tracks on Crypto and Blockchain:

We’ve got TWO tracks on Crypto and Blockchain this year, one dedicated to understanding the ins and outs of investing, token economics, and ICOs; the other to the industries being disrupted by the use of blockchain or DLT. We have panels looking at social impact; the media, creative industries and visual arts, digital identity, and financial services. These panels are meant to get you clued up quickly and to explore the most exciting startups in these verticals.

• Startup Central Zone

Finally, we’ve got Startup Central, with panels packed with advice on fundraising from seed to C and beyond. You’ll want to join the Future of Funding panel, a deep dive into raising money through ICOs, traditional venture capital, and crowdfunding. We’re excited to be joined by Ali Ganjavian, founder of Studio Banana. Yes, he’s the Kickstarter darling behind the Ostrich Pillow. Our favourite tech journos, including Steve O’Hear of TechCrunch, join our popular Meet the Press panel, where you’ll get to turn the tables and grill reporters on what they think makes a tech story.

• Pitch Roulette

At the end of the day, join us for Pitch Roulette, where some of Europe’s biggest VCs will be giving selected startups feedback on their pitch.

https://ift.tt/2tAwR46

BlackBerry CTO: Let’s learn from NotPetya to guard against future attacks

2017 was a big year for large-scale attacks. Just weeks after WannaCry crippled the NHS and broader industries, NotPetya hit. One year on from NotPetya, it seems lessons still haven’t been learned. 

NotPetya targeted a range of businesses – from shipping ports and supermarkets to ad agencies and law firms. Once in a system, the code sought to destroy files. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains. 

With stretched budgets, IT teams are too often short on the resources required to conduct manual patching. So, it doesn’t take long for hardware to become increasingly outdated, software to become increasingly unstable and IT training to be left by the wayside. The result is an environment where basic security practices are being forgotten. This lack of IT security awareness is in stark contrast to the number of technological advances we’re seeing across all industries. More worrying, it’s an opposing trend to the increasingly sophisticated techniques being used by hackers, who are innovating at a far greater pace than IT teams can handle.

A year after NotPetya, the adage of prevention is better than cure remains true. Our recommendation is clear: go hack yourself. Ethical hackers use the same tools, techniques and methodologies as the ‘bad guys’ behind the likes of NotPetya, WannaCry, and more. They know what organisations should do to limit their exposure and vulnerabilities regarding network security. Most software has an inherent weakness, as it is written by humans – whereas criminals are using automated tools to scan software code for vulnerabilities. So, the chips are stacked against the IT teams already, and engaging in ethical hacking practices can rectify weaknesses before criminals can exploit it.

The issue of cybersecurity goes beyond the industries making the front pages for breaches of cybersecurity. According to the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018, around 43% of UK businesses have experienced a cybersecurity breach in the past 12 months. 

This highlights the fact that you cannot retrofit security and protection is a continuous activity spanning many areas including Life Cycle Management. The most secure organisations do not adopt one-size fits all approach, but instead, take a proactive approach and implement robust security practices that match the nature of their organisation. 

Cyber security resilience must be approached logically, regularly, and in response to the context of the environment in which it operates. This means security teams must be working towards assessing risk levels and identifying assets (which should be simpler in a post-GDPR world). Only then can potential countermeasures be considered, continuity plans put in place, and vulnerabilities detected and managed.

The security chain is only as strong as the weakest link, which is why security risk must be consistently approached in a cyclical manner. 

NotPetya exposed just how primitive an approach many organisations are still taking towards cybersecurity, despite the daily warnings and threat of breaches. Organisations can’t afford to wait any longer before addressing the most basic of security concerns. The good news is – these practices are manageable, and with solutions providers, ethical hackers and IT teams working in unison, we can prevent the impact of the next NotPetya.

Charles Eagan is chief technology officer, BlackBerry

https://ift.tt/2yQtDyr

Does Facebook know when you'll die?

Facebook holds a huge amount of your personal data - perhaps even enough to tell when you'll get married, have children and die.

To find out how much the site can extrapolate about its users' lives, the New York Times plunged into the hundreds of patent applications Facebook has filed since it went public in 2012.

One of its most alarming - and fascinating - discoveries was the patent Predicting Life Changes of Members of a Social Networking System, which would use your recent online activity to forecast major personal events.

According to the patent, "A life change event, for example, may be a change in marital status, a birthday, a new job, a birth of a child, a graduation, or a death of a person associated with the user, just to name a few."

The patent refers to communication data, including wall posts, instant messages and text messages, which could be scanned for key words indicating that something big is about to happen in your life.

The circle of ads

This information could then be used to target advertising more effectively. For example, if the algorithm determined that you were about to become a parent, it could shower you with ads for nurseries and diapers. 

Although Facebook users update their profile when something important happens, like an engagement or a marriage, it's not very helpful to advertisers if that happens after the event has taken place. There's no point trying to sell a wedding dress to a woman who's already on her honeymoon.

Although the potential might be there, a patent isn't the same as a plan, and few of the documents the NYT pored over have borne fruit.

“Most of the technology outlined in these patents has not been included in any of our products, and never will be,” Allen Lo, a Facebook vice president and deputy general counsel, and the company’s head of intellectual property, told the newspaper.

Still, it's a poignant reminder to take a look at your privacy settings if you haven't done so recently, and make sure you aren't sharing any more data than you want to with the site and its advertisers. 

https://ift.tt/2KpwaUS

Best contact management software of 2018

Yet another massive Facebook fail: Quiz app leaked data on ~120M users for years

Facebook knows the historical app audit it’s conducting in the wake of the Cambridge Analytica data misuse scandal is going to result in a tsunami of skeletons tumbling out of its closet.

It’s already suspended around 200 apps as a result of the audit — which remains ongoing, with no formal timeline announced for when the process (and any associated investigations that flow from it) will be concluded.

CEO Mark Zuckerberg announced the audit on March 21, writing then that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity”.

But you do have to question how much the audit exercise is, first and foremost, intended to function as PR damage limitation for Facebook’s brand — given the company’s relaxed response to a data abuse report concerning a quiz app with ~120M monthly users, which it received right in the midst of the Cambridge Analytica scandal.

Because despite Facebook being alerted about the risk posed by the leaky quiz apps in late April — via its own data abuse bug bounty program — they were still live on its platform a month later.

It took about a further month for the vulnerability to be fixed.

And, sure, Facebook was certainly busy over that period. Busy dealing with a major privacy scandal.

Perhaps the company was putting rather more effort into pumping out a steady stream of crisis PR — including taking out full page newspaper adverts (where it wrote that: “we have a responsibility to protect your information. If we can’t, we don’t deserve it”) — vs actually ‘locking down the platform’, per its repeat claims, even though the company’s long and rich privacy-hostile history suggests otherwise.

Let’s also not forget that, in early April, Facebook quietly confessed to a major security flaw of its own — when it admitted that an account search and recovery feature had been abused by “malicious actors” who, over what must have been a period of several years, had been able to surreptitiously collect personal data on a majority of Facebook’s ~2BN users — and use that intel for whatever they fancied.

So Facebook users already have plenty reasons to doubt the company’s claims to be able to “protect your information”. But this latest data fail facepalm suggests it’s hardly scrambling to make amends for its own stinkingly bad legacy either.

Change will require regulation. And in Europe that has arrived, in the form of the GDPR.

Although it remains to be seen whether Facebook will face any data breach complaints in this specific instance, i.e. for not disclosing to affected users that their information was at risk of being exposed by the leaky quiz apps.

The regulation came into force on May 25 — and the javascript vulnerability was not fixed until June. So there may be grounds for concerned consumers to complain.

Which Facebook data abuse victim am I?

Writing in a Medium post, the security researcher who filed the report — self-styled “hacker” Inti De Ceukelaire — explains he went hunting for data abusers on Facebook’s platform after the company announced a data abuse bounty on April 10, as the company scrambled to present a responsible face to the world following revelations that a quiz app running on its platform had surreptitiously harvested millions of users’ data — data that had been passed to a controversial UK firm which intended to use it to target political ads at US voters.

De Ceukelaire says he began his search by noting down what third party apps his Facebook friends were using — finding quizzes were one of the most popular apps. Plus he already knew quizzes had a reputation for being data-suckers in a distracting wrapper. So he took his first ever Facebook quiz, from a brand called NameTests.com, and quickly realized the company was exposing Facebook users’ data to “any third-party that requested it”.

The issue was that NameTests was displaying the quiz taker’s personal data (such as full name, location, age, birthday) in a javascript file — thereby potentially exposing the identify and other data on logged in Facebook users to any external website they happened to visit.

He also found it was providing an access token that allowed it to grant even more expansive data access permissions to third party websites — such as to users’ Facebook posts, photos and friends.

It’s not clear exactly why — but presumably relates to the quiz app company’s own ad targeting activities. (Its privacy policy states: “We work together with various technological partners who, for example, display advertisements on the basis of user data. We make sure that the user’s data is pseudonymised (e.g. no clear data such as names or e-mail addresses) and that users have simple rights of revocation at their disposal. We also conclude special data protection agreements with our partners, in which they commit themselves to the protection of user data.” — which sounds great until you realize its javascript was just leaking people’s personally identified data… [facepalm])

“Depending on what quizzes you took, the javascript could leak your facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends,” writes De Ceukelaire.

He reckons people’s data had been being publicly exposed since at least the end of 2016.

On Facebook, NameTests describes its purpose thusly: “Our goal is simple: To make people smile!” — adding that its quizzes are intended as a bit of “fun”.

It doesn’t shout so loudly that the ‘price’ for taking one of its quizzes, say to find out what Disney princess you ‘are’, or what you could look like as an oil painting, is not only that it will suck out masses of your personal data (and potentially your friends’ data) from Facebook’s platform for its own ad targeting purposes but was also, until recently, that your and other people’s information could have been exposed to goodness knows who, for goodness knows what nefarious purposes… 

The Facebook-Cambridge Analytica data misuse scandal has underlined that ostensibly frivolous social data can end up being repurposed for all sorts of manipulative and power-grabbing purposes. (And not only can end up, but that quizzes are deliberately built to be data-harvesting tools… So think of that the next time you get a ‘take this quiz’ notification asking ‘what is in your fact file?’ or ‘what has your date of birth imprinted on you’? And hope ads is all you’re being targeted for… )

De Ceukelaire found that NameTests would still reveal Facebook users’ identity even after its app was deleted.

“In order to prevent this from happening, the user would have had to manually delete the cookies on their device, since NameTests.com does not offer a log out functionality,” he writes.

“I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends,” he adds, fleshing out the risks for affected Facebook users.

As well as alerting Facebook to the vulnerability, De Ceukelaire says he contacted NameTests — and they claimed to have found no evidence of abuse by a third party. They also said they would make changes to fix the issue.

We’ve reached out to NameTests’ parent company — a German firm called Social Sweethearts — for comment. Its website touts a “data-driven approach” — and claims its portfolio of products achieve “a global organic reach of several billion page views per month”.

After De Ceukelaire reported the problem to Facebook, he says he received an initial response from the company on April 30 saying they were looking into it. Then, hearing nothing for some weeks, he sent a follow up email, on May 14, asking whether they had contacted the app developers.

A week later Facebook replied saying it could take three to six months to investigate the issue (i.e. the same timeframe mentioned in their initial automated reply), adding they would keep him in the loop.

Yet at that time — which was a month after his original report — the leaky NameTests quizzes were still up and running,  meaning Facebook users’ data was still being exposed and at risk. And Facebook knew about the risk.

The next development came on June 25, when De Ceukelaire says he noticed NameTests had changed the way they process data to close down the access they had been exposing to third parties.

Two days later Facebook also confirmed the flaw in writing, admitting: “[T]his could have allowed an attacker to determine the details of a logged-in user to Facebook’s platform.”

It also told him it had confirmed with NameTests the issue had been fixed. And its apps continue to be available on Facebook’s platform — suggesting Facebook did not find the kind of suspicious activity that has led it to suspend other third party apps. (At least, assuming it conducted an investigation.)

Facebook paid out a $4,000 x2 bounty to a charity under the terms of its data abuse bug bounty program — and per De Ceukelaire’s request.

We asked it what took it so long to respond to the data abuse report, especially given the issue was so topical when De Ceukelaire filed the report. But Facebook declined to answer specific questions.

Instead it sent us the following statement, attributed to Ime Archibong, its VP of product partnerships:

A researcher brought the issue with the nametests.com website to our attention through our Data Abuse Bounty Program that we launched in April to encourage reports involving Facebook data. We worked with nametests.com to resolve the vulnerability on their website, which was completed in June.

Facebook also claims it received De Ceukelaire’s report on April 27, rather than April 22, as he recounts it. Though it’s possible the former date is when Facebook’s own staff retrieved the report from its systems. 

Beyond displaying a disturbingly relaxed attitude to other people’s privacy — which risks getting Facebook into regulatory trouble, given GDPR’s strict requirements around breach disclosure, for example — the other core issue of concern here is the company’s apparent failure to enforce its own developer policy. 

The underlying issue is whether or not Facebook performs any checks on apps running on its platform. It’s no good having T&Cs if you don’t have any active processes to enforce your T&Cs. Rules without enforcement aren’t worth the paper they’re written on.

Historical evidence suggests Facebook did not actively enforce its developer T&Cs — even if it’s now “locking down the platform”, as it claims, as a result of so many privacy scandals. 

The quiz app developer at the center of the Cambridge Analytica scandal, Aleksandr Kogan — who harvested and sold/passed Facebook user data to third parties — has accused Facebook of essentially not having a policyHe contends it is therefore Facebook who is responsible for the massive data abuses that have played out on its platform — only a portion of which have so far come to light. 

Fresh examples such as NameTests’ leaky quiz apps merely bolster the case Kogan made for Facebook being the guilty party where data misuse is concerned. After all, if you built some stables without any doors at all would you really blame your horses for bolting?



https://ift.tt/2Mrphjh

Yet another massive Facebook fail: Quiz app leaked data on ~120M users for years

Facebook knows the historical app audit it’s conducting in the wake of the Cambridge Analytica data misuse scandal is going to result in a tsunami of skeletons tumbling out of its closet.

It’s already suspended around 200 apps as a result of the audit — which remains ongoing, with no formal timeline announced for when the process (and any associated investigations that flow from it) will be concluded.

CEO Mark Zuckerberg announced the audit on March 21, writing then that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity”.

But you do have to question how much the audit exercise is, first and foremost, intended to function as PR damage limitation for Facebook’s brand — given the company’s relaxed response to a data abuse report concerning a quiz app with ~120M monthly users, which it received right in the midst of the Cambridge Analytica scandal.

Because despite Facebook being alerted about the risk posed by the leaky quiz apps in late April — via its own data abuse bug bounty program — they were still live on its platform a month later.

It took about a further month for the vulnerability to be fixed.

And, sure, Facebook was certainly busy over that period. Busy dealing with a major privacy scandal.

Perhaps the company was putting rather more effort into pumping out a steady stream of crisis PR — including taking out full page newspaper adverts (where it wrote that: “we have a responsibility to protect your information. If we can’t, we don’t deserve it”) — vs actually ‘locking down the platform’, per its repeat claims, even though the company’s long and rich privacy-hostile history suggests otherwise.

Let’s also not forget that, in early April, Facebook quietly confessed to a major security flaw of its own — when it admitted that an account search and recovery feature had been abused by “malicious actors” who, over what must have been a period of several years, had been able to surreptitiously collect personal data on a majority of Facebook’s ~2BN users — and use that intel for whatever they fancied.

So Facebook users already have plenty reasons to doubt the company’s claims to be able to “protect your information”. But this latest data fail facepalm suggests it’s hardly scrambling to make amends for its own stinkingly bad legacy either.

Change will require regulation. And in Europe that has arrived, in the form of the GDPR.

Although it remains to be seen whether Facebook will face any data breach complaints in this specific instance, i.e. for not disclosing to affected users that their information was at risk of being exposed by the leaky quiz apps.

The regulation came into force on May 25 — and the javascript vulnerability was not fixed until June. So there may be grounds for concerned consumers to complain.

Which Facebook data abuse victim am I?

Writing in a Medium post, the security researcher who filed the report — self-styled “hacker” Inti De Ceukelaire — explains he went hunting for data abusers on Facebook’s platform after the company announced a data abuse bounty on April 10, as the company scrambled to present a responsible face to the world following revelations that a quiz app running on its platform had surreptitiously harvested millions of users’ data — data that had been passed to a controversial UK firm which intended to use it to target political ads at US voters.

De Ceukelaire says he began his search by noting down what third party apps his Facebook friends were using — finding quizzes were one of the most popular apps. Plus he already knew quizzes had a reputation for being data-suckers in a distracting wrapper. So he took his first ever Facebook quiz, from a brand called NameTests.com, and quickly realized the company was exposing Facebook users’ data to “any third-party that requested it”.

The issue was that NameTests was displaying the quiz taker’s personal data (such as full name, location, age, birthday) in a javascript file — thereby potentially exposing the identify and other data on logged in Facebook users to any external website they happened to visit.

He also found it was providing an access token that allowed it to grant even more expansive data access permissions to third party websites — such as to users’ Facebook posts, photos and friends.

It’s not clear exactly why — but presumably relates to the quiz app company’s own ad targeting activities. (Its privacy policy states: “We work together with various technological partners who, for example, display advertisements on the basis of user data. We make sure that the user’s data is pseudonymised (e.g. no clear data such as names or e-mail addresses) and that users have simple rights of revocation at their disposal. We also conclude special data protection agreements with our partners, in which they commit themselves to the protection of user data.” — which sounds great until you realize its javascript was just leaking people’s personally identified data… [facepalm])

“Depending on what quizzes you took, the javascript could leak your facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends,” writes De Ceukelaire.

He reckons people’s data had been being publicly exposed since at least the end of 2016.

On Facebook, NameTests describes its purpose thusly: “Our goal is simple: To make people smile!” — adding that its quizzes are intended as a bit of “fun”.

It doesn’t shout so loudly that the ‘price’ for taking one of its quizzes, say to find out what Disney princess you ‘are’, or what you could look like as an oil painting, is not only that it will suck out masses of your personal data (and potentially your friends’ data) from Facebook’s platform for its own ad targeting purposes but was also, until recently, that your and other people’s information could have been exposed to goodness knows who, for goodness knows what nefarious purposes… 

The Facebook-Cambridge Analytica data misuse scandal has underlined that ostensibly frivolous social data can end up being repurposed for all sorts of manipulative and power-grabbing purposes. (And not only can end up, but that quizzes are deliberately built to be data-harvesting tools… So think of that the next time you get a ‘take this quiz’ notification asking ‘what is in your fact file?’ or ‘what has your date of birth imprinted on you’? And hope ads is all you’re being targeted for… )

De Ceukelaire found that NameTests would still reveal Facebook users’ identity even after its app was deleted.

“In order to prevent this from happening, the user would have had to manually delete the cookies on their device, since NameTests.com does not offer a log out functionality,” he writes.

“I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends,” he adds, fleshing out the risks for affected Facebook users.

As well as alerting Facebook to the vulnerability, De Ceukelaire says he contacted NameTests — and they claimed to have found no evidence of abuse by a third party. They also said they would make changes to fix the issue.

We’ve reached out to NameTests’ parent company — a German firm called Social Sweethearts — for comment. Its website touts a “data-driven approach” — and claims its portfolio of products achieve “a global organic reach of several billion page views per month”.

After De Ceukelaire reported the problem to Facebook, he says he received an initial response from the company on April 30 saying they were looking into it. Then, hearing nothing for some weeks, he sent a follow up email, on May 14, asking whether they had contacted the app developers.

A week later Facebook replied saying it could take three to six months to investigate the issue (i.e. the same timeframe mentioned in their initial automated reply), adding they would keep him in the loop.

Yet at that time — which was a month after his original report — the leaky NameTests quizzes were still up and running,  meaning Facebook users’ data was still being exposed and at risk. And Facebook knew about the risk.

The next development came on June 25, when De Ceukelaire says he noticed NameTests had changed the way they process data to close down the access they had been exposing to third parties.

Two days later Facebook also confirmed the flaw in writing, admitting: “[T]his could have allowed an attacker to determine the details of a logged-in user to Facebook’s platform.”

It also told him it had confirmed with NameTests the issue had been fixed. And its apps continue to be available on Facebook’s platform — suggesting Facebook did not find the kind of suspicious activity that has led it to suspend other third party apps. (At least, assuming it conducted an investigation.)

Facebook paid out a $4,000 x2 bounty to a charity under the terms of its data abuse bug bounty program — and per De Ceukelaire’s request.

We asked it what took it so long to respond to the data abuse report, especially given the issue was so topical when De Ceukelaire filed the report. But Facebook declined to answer specific questions.

Instead it sent us the following statement, attributed to Ime Archibong, its VP of product partnerships:

A researcher brought the issue with the nametests.com website to our attention through our Data Abuse Bounty Program that we launched in April to encourage reports involving Facebook data. We worked with nametests.com to resolve the vulnerability on their website, which was completed in June.

Facebook also claims it received De Ceukelaire’s report on April 27, rather than April 22, as he recounts it. Though it’s possible the former date is when Facebook’s own staff retrieved the report from its systems. 

Beyond displaying a disturbingly relaxed attitude to other people’s privacy — which risks getting Facebook into regulatory trouble, given GDPR’s strict requirements around breach disclosure, for example — the other core issue of concern here is the company’s apparent failure to enforce its own developer policy. 

The underlying issue is whether or not Facebook performs any checks on apps running on its platform. It’s no good having T&Cs if you don’t have any active processes to enforce your T&Cs. Rules without enforcement aren’t worth the paper they’re written on.

Historical evidence suggests Facebook did not actively enforce its developer T&Cs — even if it’s now “locking down the platform”, as it claims, as a result of so many privacy scandals. 

The quiz app developer at the center of the Cambridge Analytica scandal, Aleksandr Kogan — who harvested and sold/passed Facebook user data to third parties — has accused Facebook of essentially not having a policyHe contends it is therefore Facebook who is responsible for the massive data abuses that have played out on its platform — only a portion of which have so far come to light. 

Fresh examples such as NameTests’ leaky quiz apps merely bolster the case Kogan made for Facebook being the guilty party where data misuse is concerned. After all, if you built some stables without any doors at all would you really blame your horses for bolting?

https://ift.tt/2Mrphjh

Best graphic design software of 2018

Ultimate set-top boxes for World Cup recordings

The 2018 World Cup is currently being broadcast on BBC and ITV channels. This is great news as we don’t have to pay for an expensive subscription to watch a match, just the standard TV license fee. 

However, that doesn’t mean it’ll be easy to catch all the World Cup 2018 games that you want to. Even if you don’t have a day job.

The solution? A PVR, a set-top box that will record them for you. Their popularity has dwindled over the years as more of us hooked onto catch-up and streaming services like Netflix. But they are the best way to make sure you don’t miss any of the action during the 2018 World Cup.

Here are the models you should check out.

Humax FVP-5000T

Humax is one of the main names in the world of PVRs. Put a FVP-5000T under your TV and you have one of the best hubs for home entertainment money can buy. 

There are three models to choose from. The entry-level model has a 500GB hard drive, but there are 1TB and 2TB versions if that is just not enough for your TV habit. 

A multi-tuner array lets you record up to four programmes (or matches) at once and the 2TB Humax FVP-5000T can store a massive 500 hours of HD content. Or 1000 at SD quality. 

The Humax Live TV app for iOS and Android also lets you set recordings using your phone, and even stream TV to it directly. 

As it uses Freeview Play, the Humax FVP-5000T lets you access all the major UK catch-up services, as well as Netflix and YouTube. 

Humax HDR-1100S

Is the Freeview signal weak in your area? You need a Freesat PVR like the Humax HDR-1100S. This uses a satellite dish instead of a standard antenna to receive the TV signal. 

Integrated Wi-Fi also lets you access catch-up services, plus YouTube and Netflix. 

Like the Humax FVP-5000T you have a choice of 500GB, 1TB and 2TB models. You just have to decide how much you want to store. Want to keep the entire 2018 World Cup for posterity, including all the pre-match prattle? Look for the 1TB version. 

You can record two programmes at once using the Humax HDR-1100S, and check out the TV guide and set recordings using the Freesat phone app. 

Panasonic DMR-HWT250EB

The Panasonic DMR-HWT250EB is a sleek-looking alternative to the Humax FVP-5000T. But what’s different?

It’s a Freeview Play and Freeview HD recorder, so you get the same channels and the same access to secondary services like YouTube and Netflix. It only lets you record two programmes at once rather than four, but also has a few extra tricks. 

The Panasonic DMR-HWT250EB can play 4K video through its USB port, a great extra for those with 4K TVs. It also has special long play recording modes that chip down the amount of room World Cup matches with take up.

You can fit up to 684 hours of HD content on its 1TB hard drive, instead of the 259 hours you’ll get directly capturing the Freeview HD feed. 

BT YouView+

You might guess you’ll need some sort of subscription to use a BT YouView+ box, but you don’t.

YouView is an alternative to Freeview Play, an interface that combines normal Freeview channels with streaming services. These include Netflix, Amazon Prime Video and YouTube. 

If you want to dig deeper you can get the YouView+ box as part of a BT TV subscription, which unlocks access to extra channels like BT Sport and Comedy Central. 

However, for the World Cup fans out there one of the main appeals of the BT YouView+ box is its low price when bought solo. At just £125 this is a bit of a bargain. 

It “only” has a 500GB hard drive, which can store 300 hours in SD quality or 125 in HD. But that just means you’ll have to juggle your recordings library more. For the tech-heads out there, this box is actually made by PVR master Humax. 

There’s also an Ultra HD version of the YouView+ box, for those with 4K TVs. 

Sky Q

If you want the best TV recording experience, check out Sky Q. This may be overkill if all you want to do is watch the World Cup. But once you’ve tried this service, it’s hard to go back. 

Sky Q lets you watch TV and recordings on your phone or tablet, and stream content to other Sky boxes around the house. It’s the multi-room PVR. 

Get the top-end 2TB Ultra HD Sky Q box and you can record a massive six programmes at once while watching a seventh. You get a high-tech Bluetooth remote too. 

There is, of course, a bigger investment involved than with a standard set-top box, though. You’ll pay £20 a month for the basic Sky TV package and the top-end PVR box of dreams comes with a £199 up-front setup cost. A Sky Sports sub costs an additional £20 a month, if the BBC and ITV coverage does not quite sate your sports appetite. 

But Sky Q really is something special. 

Virgin Media TiVO

If Sky looks too pricey to you, Virgin Media is your other subscription option. All Virgin Media TV packages now come with an advanced Virgin Media TiVO V6 box. 

It’s significantly better than most stand-alone set-top PVRs. First, it can record six programmes at once (and lets you watch a seventh). It’ll play Netflix and YouTube at 4K resolution and the 1TB hard drive can store 500 hours of SD TV, or 100 at HD quality. 

You can stream TV and recordings to a phone or tablet too. 

But is it that much cheaper than Sky Q? You’ll pay £22 a month for the basic Mix TV package, which offers 150 channels including Sky One, Fox, and of course the terrestrial channels we need for the World Cup. There’s a £20 “set up” fee too, but that’s a lot less than the £199 you’ll pay for Sky’s Ultra HD 2TB box.

TechRadar's World Cup coverage is brought to you in association with Honor. 

https://ift.tt/2KpdOn7

New Windows 10 preview makes tons of changes to Edge, Skype, security and more

Microsoft has deployed a new preview build of Windows 10 (17704) which contains a number of changes, with a good deal of work having been done to the Edge browser, alongside improvements for the Skype app, bolstered security and more.

So let’s start with Edge, which has had its appearance smartened up with elements of Fluent Design which is slowly taking over the Windows 10 desktop interface. The browser now has a depth effect for the active tab to help highlight it more clearly. It's a subtle move, but a helpful one.

Also, there’s a new Microsoft Edge Beta logo – with the word ‘BETA’ stamped across it in not-so-subtle fashion – to remind testers that the browser they’re using isn’t a finished product and may suffer from bugs.

Aesthetics aside, the browser’s Settings menu has been rejigged to put the most commonly used items at the top of the menu, making it generally more easy to use – plus more customization options have been added so you can tailor it better for your own preferences.

Speaking of customization, Microsoft has added the ability to choose which icons show in the Edge toolbar. Finally, it’s now also possible to choose your preference as to whether media should play automatically in the browser when you visit a website with a video. That functionality was supposed to make the cut for the last preview build, although it ended up getting dropped – but it’s here now.

Skype hype

Moving on to Skype, build 17704 has added a few new calling features, including the ability to take a screenshot during a call, plus Microsoft has moved the screen sharing button to a more prominent and easily reached position. More customization is now available for those on a group call – such as deciding who is highlighted on the main call canvas – as well.

That comes alongside various interface tweaks such as making your contacts easier to access, and easier to digest to boot, thanks to a new layout. The Skype for Windows 10 client now has new customizable themes, too, as well as various other tweaks to the likes of the notification panel. In other words, there’s quite a lot of work here to make Skype a more streamlined experience.

Guarding against exploits

On the security front, under Virus & Threat Protection, there’s a new Block Suspicious Behaviors capability, which leverages Windows Defender Exploit Guard technology to keep an eye out for apps or services which are doing strange things that could be malware-related.

Also, the Windows Diagnostic Data Viewer – which shows the telemetry data Microsoft collects from your PC – has also had its interface tuned somewhat, and now allows you to view any Problem Reports that have been sent to Microsoft. In other words, the logs that detail what happened in a crash or other glitch.

Windows 10 video playback settings

Further tweaks made include the introduction of a new video playback viewing mode designed to adapt to the current ambient lighting level, and make a video clip more visible in very bright environments. That could certainly be handy for those running Windows 10 on a laptop who use the machine outdoors.

The Task Manager has also seen a nifty change in that it now presents two new columns showing the power usage of apps at the current time, and over the last two minutes, so you can see if any applications are draining your notebook’s battery excessively.

Finally, new Typing Insights detail exactly how AI has been helping you out with features like auto-correct, for those who use the virtual keyboard. For the full list of changes brought in with build 17704, check out Microsoft’s extensive blog post.

The other major point to note here isn’t an introduction, but a removal. Microsoft has ditched Sets functionality – which brings the concept of tabs from the web browser to the wider desktop interface – from Windows 10 with this preview build.

That’s potentially sad news, as this means it may not make the cut for the big Redstone 5 update due later this year (if you’re suddenly experiencing déjà vu, that’s because it was also dropped from Redstone 4).

https://ift.tt/2Ks7Di8

Microsoft delays the Sets feature for Windows 10

The upcoming Sets feature for Windows 10, which adds a web browser-like tabbed user interface for easier navigation and organisation of your apps, has been delayed by Microsoft.

An early version of the feature first appeared in Redstone 4, which was a beta testing version of the Windows 10 April 2018 Update, but it was removed from the final release. 

It then made a reappearance in recent Redstone 5 builds, which led many people to hope that the feature will finally be officially included in the next major update for Windows 10.

However, with the latest Windows 10 test build, 17704, which has just been released, the Sets feature has been removed, which means it's unlikely to appear in Windows 10 when the next major update is launched.

Sets appeal

Microsoft releases early versions of Redstone 5 to users to test the new features and send feedback. It appears that due to this feedback, Microsoft has decided to pull the Sets feature for now.

As Microsoft’s Dona Sarkar explains in a blog post announcing the 17704 preview build, “we’re taking Sets offline to continue making it great. Based on your feedback, some of the things we’re focusing on include improvements to the visual design and continuing to better integrate Office and Microsoft Edge into Sets to enhance workflow”.

Sarkar promises that Sets will return in a future build, and hopefully this extra time makes the feature even better to use.

https://ift.tt/2tAsXbo

Wednesday, 27 June 2018

ProtonMail suffers DDoS attack that takes its email service down for minutes

It’s been an unexpectedly slack day for digital comms services. It’s not just workplace IM tool Slack suffering outages but end-to-end encrypted email service ProtonMail too.

In the latter case, the company has blamed several hours’ worth of sporadic outages on a major DDoS attack.

In a statement on Reddit the company says the attack is “unlike the more ‘generic’ DDoS attacks that we deal with on a daily basis” — which in turn meant its upstream DDoS protection service (Radware) needed more time than usual to mitigate the attack.

The longest outage has been “on the order of 10 minutes”, according to ProtonMail.

Back in 2015 the then fledgling startup suffered a major DDoS attack. And felt compelled to pay a ransom to fend off the hackers — a decision which earned it criticism from some segments of the security industry, and is perhaps coming back to haunt it now. Although the experience also led ProtonMail to spend on upgrading its defenses.

Since then it’s had a good record with uptime, despite dealing with DDoS attacks on a daily basis.

That said, while it’s claiming today’s attacks were orders of magnitude bigger than usual, its CTO Bart Butler also sounds less than pleased with how things went down today, tweeting in response to a user: “We will be evaluating this incident in the future, as it definitely should have been handled better.”

“Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future,” the company also writes on Reddit. “While we don’t yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS’s on record.”

“It is multi-vector, and they are dynamically changing the type of attack traffic they are sending at us, so it’s a higher level of sophistication than the usual ones,” founder Andy Yen told us, in the midst of firefighting the attack earlier today.

He also pointed out that the attackers’ Twitter feed included them having “called in a lot of fake bomb threats recently”, adding: “They are clearly bad actors and we will pass on any intelligence we gather to the appropriate authorities after we make our own investigation and research.”

A little later today, and a little more comfortable about having got the attack under control — despite confirming the attackers are “still hitting us” — Yen said: “Throughout the day, we have gotten a lot better at blocking this type of attack so now things are stable.

“I wouldn’t go so far as to say we have ‘won’ as these things can sometimes go on for multiple days, but its much harder for them to get through now.”

Asked why he thought ProtonMail is being targeted he declined to speculate, saying only: “The reason behind these attacks is always hard to know for sure. For instance, a lot of times, the stated reason is a cover for the actual reason.”

Meanwhile the Russian hackers claiming responsibility for ProtonMail’s attack — a group calling itself Apophis Squad — had been using Twitter (where they appear to have had an account since October 2016) to taunt ProtonMail users and trade insults with Butler.

Summing up, Yen dubs it “a rough day for messaging”.

Though at the time of writing it’s still not clear what the root cause of Slack’s issues are.

https://ift.tt/2lD8Jt5

Snap is reportedly about to launch its own gaming platform

Snap is seeking to explore new ground as it tries to outrun Instagram’s efforts to copy its features. Its newest effort may be building out a bona fide hub for gaming inside Snapchat, according to a new report from The Information. The platform will launch later this year, the report says, and Snap is already signing on game publishers to participate in its efforts.

We reached out to Snap for comment.

The news makes a lot of sense, given the efforts Snap has increasingly been pouring into its own Lens Studio software for developers to create its specialized AR filters. Snap reportedly bought a web-based 3D game engine last year, called PlayCanvas, which would serve as a good backbone for even more robust developer tools.

It’s not clear from the report whether these gaming titles would be focused largely on AR gaming, though one might expect it given all of the attention Snap has paid to the emerging mobile platform.

In April, the company launched “Snappables,” which were basically short selfie AR games that integrate easily into Snapchat’s Lens selection UI.

Augmented reality applications really benefit from sidling up closely to a camera platform, where you can snap a photo or record some video of an encounter with an AR T-Rex. This thinking benefits Snap. Snap is probably not competing with Google’s ARCore or Apple’s ARKit anymore; with these technologies, Snap simply seems to be striving to be the app that’s home to several of these experiences. This is an advantage Snapchat still seems to hold over Facebook and Instagram’s in-app cameras, which anecdotally don’t seem to be used very heavily by users, though the companies have not released usage numbers.

Snap won’t exactly be blazing the trail with messaging-based gaming experiences. Facebook Messenger has already experimented with short, shareable mini-games. As noted by The Information report, CEO Evan Spiegel has expressed admiration for Tencent’s business model, which sees nearly 40 percent of its revenues come from in-game purchases in the WeChat app. If the gaming platform did have a skew toward augmented reality, that would certainly be a unique proposition — though many of AR’s promises have still been unrealized as developers grapple with what makes an engaging experience.

https://ift.tt/2yPNvSg