modulates


Monthly Archives: January 2019

Indian state government leaks thousands of Aadhaar numbers



A lapse in security has led to the leaking of over a hundred thousand Aadhaar numbers, TechCrunch can reveal.

One of the web systems used to record attendance of government workers for the Indian state of Jharkhand was left exposed and without a password as far back as 2014, allowing anyone access to names, job titles, and partial phone numbers on 166,000 workers as of the time of writing.

But the photo on each record page used the file name as that worker’s Aadhaar number, a confidential 12-digit number assigned to each Indian citizen as part of the country’s national identity and biometric database.

The data leak isn’t a direct breach of the central database run by Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), but represents another lapse in responsibility from the authority charged with protecting its data.

Aadhaar numbers aren’t strictly secret but are treated similarly to Social Security numbers. Anyone of the 1.23 billion Indian citizens enrolled in Aadhaar — more than 90 percent of the population — can use their unique number or their thumbprint to verify their identity in order to enroll in state services, like voting, welfare or financial assistance. Aadhaar users can even use their Aadhaar identity to open a bank account, get a SIM card, call an Uber, buy something on Amazon, or rent an Airbnb.

But the system has been plagued with problems that have led to starvation in cases, and the illicit trade of citizen data on the underground market.

It’s unclear why the Jharkhand government site was accessible to anyone who knew where to look, but little effort had been put in to ensure the security of the system — or even hide it from the outside world. The site was easily found on a subdomain of the state government’s website, but for long enough that it was indexed by Google, which cached copies of not only the site itself, but also its attendance record pages that still contain Aadhaar numbers in each worker’s photo.

TechCrunch asked Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, to take a look at the site. Robert has prior experience in revealing Aadhaar-related data leaks. Using less than a hundred lines of Python code, Robert demonstrated that it was easy for anyone to scrape the entire site in batches to download their photos and corresponding Aadhaar numbers.

TechCrunch verified a small selection of Aadhaar numbers from the site using UIDAI’s own verification tool on its website. (We used a VPN in Bangalore as the page was unavailable in the U.S.). Each record came back as a positive match.

After confirming our findings, we reached out to both the Jharkhand government and UIDAI.

Jharkhand’s attendance site leaking worker data. (Image: TechCrunch)

At the time of publication, neither had responded, but the website had been pulled offline.

The exposure may represent a fraction of the billion-plus users registered with Aadhaar, but uncovers yet another inadvertent disclosure of citizen data from a system that UIDAI claims is impenetrable. Instead of learning from mistakes and mishaps, UIDAI instead has shown a long history of rebuffing evidence of security incidents or breaches with mockery and declaring findings as “fake news,” by claiming to refute evidence without presenting any of its own.

The leak of Aadhaar numbers may not be seen as sensitive compared to leaked biometric data. Former attorney general Mukul Rohtagi once called a separate leak of Aadhaar numbers “much ado about nothing.” But it’s raises fears that obtaining and misusing someone’s number could lead to identity theft and fraud — which reportedly peaked last year.

Others have expressed concern that the system puts privacy at risk by recording information on a person’s life, which authorities can use to conduct surveillance on ordinary citizens.

But the exposure alone contradicts the Indian government’s claims that the Aadhaar system as a whole is secure.

In recent years, several security lapses involving data relating to Aadhaar have reignited fresh concerns about the centralized database — including several issues found by Robert. Last year, security researcher Karan Saini, a New Delhi-based security researcher, found a poorly-secured web address used by state-owned utility company Indane that had direct access to the Aadhaar database, allowing him to query results from the system. UIDAI rubbished the reports, baselessly claiming that there was “no truth to this story” in a series of tweets from its official Twitter account, despite evidence to the contrary. In the same year, India’s Tribune newspaper reported that some were selling direct access to the Aadhaar database. UIDAI responded by filing a complaint against the reporter with police.

Despite the security concerns, India’s Supreme Court ruled the database constitutional in September after a long-running court battle.

Source

Facebook removes hundreds of accounts linked to fake news group in Indonesia



Facebook said today it has removed hundreds of Facebook and Instagram counts with links to an organization that peddled fake news.

The world’s fourth largest country with a population of over 260 million, Indonesia is in election year alongside Southeast Asia neighbors Thailand and the Philippines. Facebook said this week it has set up an ‘election integrity’ team in Singapore, its APAC HQ, as it tries to prevent its social network being misused in the lead-up to voting as happened in the U.S.

This Indonesia bust is the first move announced since that task force was put in place, and it sees 207 Facebook Pages, 800 Facebook accounts, 546 Facebook Groups, and 208 Instagram accounts removed for “engaging in coordinated inauthentic behavior.”

“About 170,000 people followed at least one of these Facebook Pages, and more than 65,000 followed at least one of these Instagram accounts,” Facebook said of the reach of the removed accounts.

The groups and accounts are linked to Saracen Group, a digital media group that saw three of its members arrested by police in 2016 for spreading “incendiary material,’ as Reuters reports.

Facebook isn’t saying too much about the removals other than: “we don’t want our services to be used to manipulate people.”

In January, the social network banned a fake news group in the Philippines in similar circumstances.

Despite the recent action, the U.S. company has struggled to manage the flow of false information that flows across its services in Asia. The most extreme examples come from Myanmar, where the UN has concluded that Facebook played a key role in escalating religious hatred and fueling violence. Facebook has also been criticized for allowing manipulation in Sri Lanka and the Philippines among other places.

Source

Nintendo announces mobile game 'Dr. Mario World' for iOS and Android



Nintendo is releasing yet another game for your phone.

The company is set to release its puzzle game Dr. Mario World for iOS and Android devices sometime during the “early summer” of this year, as per an announcement on Thursday.

There’s not a whole lot of detail yet, aside from the fact that the game will be free to download, but as you can expect, it will come with in-app purchases. 

The doctor is in! Mario puts on the white coat once again in the mobile game Dr. Mario World, targeting an early summer 2019 global release#DrMario https://t.co/DTRBympHj0 pic.twitter.com/RfMZbbs3Mp

— Nintendo of America (@NintendoAmerica) January 31, 2019 Read more…

More about Entertainment, Gaming, Nintendo, Mario, and Entertainment

We dismantle Facebook’s memo defending its “Research”



Facebook published an internal memo today trying to minimize the morale damage of TechCrunch’s investigation that revealed it’d been paying people to suck in all their phone data. Attained by Business Insider’s Rob Price, the memo from Facebook’s VP of production engineering and security Pedro Canahuati gives us more detail about exactly what data Facebook was trying to collect from teens and adults in the US and India. But it also tries to claim the program wasn’t secret, wasn’t spying, and that Facebook doesn’t see it as a violation of Apple’s policy against using its Enterprise Certificate system to distribute apps to non-employees — despite Apple punishing it for the violation.

For reference, Facebook was recruiting users age 13-35 to install a Research app, VPN, and give it root network access so it could analyze all their traffic. It’s pretty sketchy to be buying people’s privacy, and despite being shut down on iOS, it’s still running on Android.

Here we lay out the memo with section by section responses to Facebook’s claims challenging TechCrunch’s reporting. Our responses are in bold and we’ve added images.

Memo from Facebook VP Pedro Canahuati

APPLE ENTERPRISE CERTS REINSTATED

Early this morning, we received agreement from Apple to issue a new enterprise certificate; this has allowed us to produce new builds of our public and enterprise apps for use by employees and contractors. Because we have a few dozen apps to rebuild, we’re initially focusing on the most critical ones, prioritized by usage and importance: Facebook, Messenger, Workplace, Work Chat, Instagram, and Mobile Home.

New builds of these apps will soon be available and we’ll email all iOS users for detailed instructions on how to reinstall. We’ll also post to iOS FYI with full details.

Meanwhile, we’re expecting a follow-up article from the New York Times later today, so I wanted to share a bit more information and background on the situation.

What happened?

On Tuesday TechCrunch reported on our Facebook Research program. This is a market research program that helps us understand consumer behavior and trends to build better mobile products.

TechCrunch implied we hid the fact that this is by Facebook – we don’t. Participants have to download an app called Facebook Research App to be involved in the stud. They also characterized this as “spying,” which we don’t agree with. People participated in this program with full knowledge that Facebook was sponsoring this research, and were paid for it. They could opt-out at any time. As we built this program, we specifically wanted to make sure we were as transparent as possible about what we were doing, what information we were gathering, and what it was for — see the screenshots below.

We used an app that we built ourselves, which wasn’t distributed via the App Store, to do this work. Instead it was side-loaded via our enterprise certificate. Apple has indicated that this broke their Terms of Service so disabled our enterprise certificates which allow us to install our own apps on devices outside of the official app store for internal dogfooding.

Author’s response: To start, “build better products” is a vague way of saying determining what’s popular and buying or building it. Facebook has used competitive analysis gathered by its similar Onavo Protect app and Facebook Research app for years to figure out what apps were gaining momentum and either bring them in or box them out. Onavo’s data is how Facebook knew WhatsApp was sending twice as many messages as Messenger, and it should invest $19 billion to acquire it.

Facebook claims it didn’t hide the program, but it was never formally announced like every other Facebook product. There were no Facebook Help pages, blog posts, or support info from the company. It used intermediaries Applause (which owns uTest) and CentreCode (which owns Betabound) to run the program under names like Project Atlas and Project Kodiak. Users only found out Facebook was involved once they started the sign-up process and signed a non-disclosure agreement prohibiting them from discussing it publicly.

TechCrunch has reviewed communications indicating Facebook would threaten legal action if a user spoke publicly about being part of the Research program. While the program had run since 2016, it had never been reported on. We believe that these facts combined justify characterizing the program as “secret”

The Facebook Research program was called Project Atlas until you signed up

How does this program work?

We partner with a couple of market research companies (Applause and CentreCode) to source and onboard candidates based in India and USA for this research project. Once people are onboarded through a generic registration page, they are informed that this research will be for Facebook and can decline to participate or opt out at any point. We rely on a 3rd party vendor for a number of reasons, including their ability to target a Diverse and representative pool of participants. They use a generic initial Registration Page to avoid bias in the people who choose to participate.

After generic onboarding people are asked to download an app called the ‘Facebook Research App,’ which takes them through a consent flow that requires people to check boxes to confirm they understand what information will be collected. As mentioned above, we worked hard to make this as explicit and clear as possible.

This is part of a broader set of research programs we conduct. Asking users to allow us to collect data on their device usage is a highly efficient way of getting industry data from closed ecosystems, such as iOS and Android. We believe this is a valid method of market research.

Author’s response: Facebook claims it wasn’t “spying”, yet it never fully laid out the specific kinds of information it would collect. In some cases, descriptions of the app’s data collection power were included in merely a footnote. The program did not specify specific data types gathered, only saying it would scoop up “which apps are on your phone, how and when you use them” and “information about your internet browsing activity”

The parental consent form from Facebook and Applause lists none of the specific types of data collected or the extent of Facebook’s access. Under “Risks/Benefits”, the form states “There are no known risks associated with this project however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of Apps. You will be compensated by Applause for your child’s participation.” It gives parents no information about what data their kids are giving up.

Facebook claims it uses third-parties to target a diverse pool of participants. Yet Facebook conducts other user feedback and research programs on its own without the need for intermediaries that obscure its identity, and only ran the program in two countries. It claims to use a generic signup page to avoid biasing who will choose to participate, yet the cash incentive and technical process of installing the root certificate also bias who will participate, and the intermediaries conveniently prevent Facebook from being publicly associated with the program at first glance. Meanwhile, other clients of the Betabound testing platform like Amazon, Norton, and SanDisk reveal their names immediately before users sign up.

Facebook’s ads recruiting teens for the program didn’t disclose its involvement

Did we intentionally hide our identity as Facebook?

No — The Facebook brand is very prominent throughout the download and installation process, before any data is collected. Also, the app name of the device appears as “Facebook Research” — see attached screenshots. We use third parties to source participants in the research study, to avoid bias in the people who choose to participate. But as soon as they register, they become aware this is research for Facebook

Author’s response: Facebook here admits that users did not know Facebook was involved before they registered.

What data do we collect? Do we read people’s private messages?

No, we don’t read private messages. We collect data to understand how people use apps, but this market research was not designed to look at what they share or see. We’re interested in information such as watch time, video duration, and message length, not that actual content of videos, messages, stories or photos. The app specifically ignores information shared via financial or health apps.

Author’s response: We never reported that Facebook was reading people’s private messages, but that it had the ability to collect them. Facebook here admits that the program was “not designed to look at what they share or see”, but stops far short of saying that data wasn’t collected. Fascinatingly, Facebook reveals it was that it was closely monitoring how much time people spent on different media types.

Facebook Research abused the Enterprise Certificate system meant for employee-only apps

Did we break Apple’s terms of service?

Apple’s view is that we violated their terms by sideloading this app, and they decide the rules for their platform, We’ve worked with Apple to address any issues; as a result, our internal apps are back up and running. Our relationship with Apple is really important — many of us use Apple products at work every day, and we rely on iOS for many of our employee apps, so we wouldn’t put that relationship at any risk intentionally. Mark and others will be available to talk about this further at Q&A later today.

Author’s response: TechCrunch reported that Apple’s policy plainly states that the Enterprise Certificate program requires companies to “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing” and that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers”. Apple took a firm stance in its statement that Facebook did violate the program’s policies, stating “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.”

Given Facebook distributed the Research apps to teenagers that never signed tax forms or formal employment agreements, they were obviously not employees or contractors, and most likely use some Facebook-owned service that qualifies them as customers. Also, I’m pretty sure you can’t pay employees in gift cards.

Source

Joseph Gordon-Levitt’s artist-collaboration platform HitRecord raises $6.4M



In the early 2000s, actor Joseph Gordon-Levitt was frustrated with the roles he was being offered. Instead of starring in critically acclaimed indies, he was typecast as “the funny kid on TV” due to roles like Tommy from “3rd Rock from the Sun.”

So like anyone who matured alongside the internet, he created a website where he could ideate, produce and share his work. More than 10 years later, he wants to turn that pet project, called HitRecord, into a full-fledged technology company.

Onstage at Upfront Venture’s annual summit outside of Los Angeles, Gordon-Levitt announced a $6.4 million Series A funding to do just that. Javelin Venture Partners has led the round, with participation from Crosslink Capital, Advancit Capital, YouTube co-founder Steve Chen, Twitch co-founder Kevin Lin and MasterClass co-founder David Rogier.

Gordon-Levitt, known for starring in “Inception,” “Snowden” and, my personal favorite, “10 Things I Hate About You,” tells TechCrunch that HitRecord has a team of 24 employees, with himself at the helm as chief executive officer, co-founder Jared Geller serving as president and co-founder Marke Johnson as creative director. The trio plan to use the investment to transform HitRecord from a traditional production company to a new collaborative media platform.

The company provides an online portal for artists to work together on projects, “building off of each other’s contributions, to create things [they] couldn’t have made on [their] own.” If projects created within the HitRecord community are sold, the creators are paid based on their original contributions. Since 2010, HitRecord has paid its community roughly $3 million.

HitRecord hasn’t accepted outside capital, until now. Initially, Gordon-Levitt used his own cash to push the company forward, and for the last five years, the startup has been cash-flow positive. I sat down with Gordon-Levitt to learn more about what he’s been working on and why he decided to pursue venture capital dollars. The following conversation has been lightly edited for length.

TC: How do you explain HitRecord in one sentence?

JGL: It’s a collaborative media platform where people make all kinds of creative things together. I guess that’s one sentence, but if I can keep going… As opposed to places where people post things that they’ve made on their own, this is a place where people collaborate, right? So they submit their ideas onto the platform and then they find people who want to collaborate with them and then they’re able to make money if the projects [find] a buyer.

We’ve done all kinds of monetized productions, but I certainly wouldn’t include money in the third or fifth or even 10th sentence of why people come to HitRecord.

TC: HitRecord launched a decade ago… what inspired you to create it?

JGL: I started HitRecord as this little hobby message board with my brother and it grew very slowly. It came out of a time in my life when I wanted to be an actor and I wanted to be in sort of like more serious Sundance movies and everyone was like, ‘oh, but you’re the funny kid on TV’ and you know, it was really painful for me. I said, okay, you know what, I can’t just wait around for someone to give me a part. I want to make my own things. And I started making my own. I started making videos and songs and stories and stuff. And my brother helped me set up a website that we called HitRecord. We didn’t spend any money; we had no intention of making any money. It was just a fun thing we were doing.

TC: And now you want to expand it into a full-fledged tech platform. But… you’re cash-flow positive and you’ve built a solid community of avid users, why take venture money?

JGL: You know, it started as just a hobby that I was doing for fun. We launched it as a production company as a way to do more ambitious, creative things and do it with everybody. But if you talk to our users, what people really enjoy is having that experience of being creative and being creative with other people because I think honestly, being creative is really hard alone. Venture money will not only allow us to do even cooler productions, but it’ll also allow this whole other world and more people to participate.

TC: Now that you’re venture-funded, how do you plan on making money for your investors?

JGL: So historically, the way we’ve made money was as a production company, and the collaborative efforts of our community and our staff made money because we turned something into a TV show, or we licensed it to a brand or we did any number of things that generated revenue. [HitRecord partnered with Ubisoft earlier this year to allow artists and musicians to contribute their own content to be used in its game, for example.] So moving forward, as we grow into a collaborative platform, the idea is that it’s not just our staff that’s leading these projects and letting people collaboratively finish them. The idea is anybody could come to start their own thing and there will be better tools to self-organize and find your collaborators.

TC: And how do you better monetize once you’ve expanded your user base?

JGL: I think, look, we were not ready to talk about exactly how we would make money that way. I think we have a number of ideas. There are ways that the internet gets monetized these days that I think incentivize the wrong things like attention for myself and I don’t want to enter into a business model that incentivizes that kind of behavior.

Actor Joseph Gordon-Levitt attends the 2014 Creative Arts Emmy Awards at the Nokia Theatre L.A. Live on August 16, 2014 in Los Angeles, California. (Photo by Tommaso Boddi/WireImage).

TC: What was the process of raising venture capital like? Did being Joseph Gordon-Levitt make it a little less terrible?

JGL: I think, honestly, it was a double-edged sword. I think there was justified skepticism and people would assume that oh, I’m an actor so I can’t start a company and I faced a certain amount of that skepticism. I don’t blame anybody for having that. The assumption is that there’s not any substance behind the company or the idea, that it’s all sizzle and no steak.

But we’re also not really a startup, per se. It’s not like I was going into these offices and saying, like, I have an idea. It’s like, here’s what we’ve done for the last 10 years and we’ve been cash flow positive five years. We know how to run a business. It’s just we’ve been running a production company business, now we want to run something that’s more like a technology business.

TC: What’s your long-term vision for HitRecord?

JGL: My ultimate goal is for my acting career and HitRecord to kind of become one in the same thing. I would love to be, you know, developing a movie not for a Hollywood studio, but like in this new collaborative way for HitRecord. I mean, we won an Emmy for our TV show. We’re about to release this special that we’re doing with Logic, the rapper, and he used the platform to lead a collaboration and make a song and a music video and we documented the process and that special is going to come out on YouTube. What I really want is to be able to put an app in Logic’s hand where he goes like, oh, I understand this and is able to use it instantly. We don’t have that app yet. This is why we raised capital.

Source

Mixtape Podcast: Oracle’s alleged $400M issue with underrepresented groups



Screen time for kids, corporations allegedly not paying people from underrepresented groups and IBM offers some hope for the future of facial recognition technology: These are the topics that Megan Rose Dickey and I dive into on this week’s episode of Mixtape.

According to research by psychologists from the University of Calgary, spending too much time in front of screens can stung the development of toddlers. The study found that kids 2-5 years old who engage in more screen time received worse scores in developmental screening tests.” We talk a bit about this then wax nostalgically about “screen time” of yore.

We then turn to a filing against Oracle by the U.S. Department of Labor’s Office of Federal Contract Compliance Programs that states the enterprise company allegedly withheld upwards of $400 million to employees from underrepresented minority groups. The company initially declined to comment, but then thought better of itself and returned the very next day with its thoughts on the matter.

And finally, IBM is trying to make facial recognition technology a thing that doesn’t unfairly target people of color. Technology! The positive news comes a week after Amazon shareholders demanded that the company stop selling Rekognition, its very own facial recognition tech that it sells to law enforcement and government agencies.

Click play above to listen to this week’s episode. And if you haven’t subscribed yet, what are you waiting for? Find us on Apple PodcastsStitcherOvercastCastBox or whatever other podcast platform you can find.

Source

Apple reactivates Facebook’s employee apps after punishment for Research spying



After TechCrunch caught Facebook violating Apple’s employee-only app distribution policy to pay people for all their phone data, Apple invalidated the social network’s Enterprise Certificate as punishment. That deactivated not only this Facebook Research app VPN, but also all of Facebook’s internal iOS apps for workplace collaboration, beta testing, and even getting the company lunch or bus schedule. That threw Facebook’s offices into chaos yesterday morning. Now after nearly two work days, Apple has ended Facebook’s time-out and restored its Enterprise Certification. That means employees can once again access all their office tools, pre-launch test versions of Facebook and Instagram…and the lunch menu.

A Facebook spokesperson issued this statement to TechCrunch: “We have had our Enterprise Certification, which enables our internal employee applications, restored. We are in the process of getting our internal apps up and running. To be clear, this didn’t have an impact on our consumer-facing services.”

 

Meanwhile, TechCrunch’s follow-up report found that Google was also violating the Enterprise Certificate program with its own “market research” VPN app called Screenwise Meter that paid people to snoop on their phone activity. After we informed Google and Apple yesterday, Google quickly apologized and took down the app. But apparently in service of consistency, this morning Apple invalidated Google’s Enterprise Certificate too, breaking its employee-only iOS apps.

Google’s internal apps are still broken. Unlike Facebook that has tons of employees on iOS, Google at least employs plenty of users of its own Android platform so the disruption may have caused fewer probelms in Mountain View than Menlo park. “We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

TechCrunch’s investigation found that the Facebook Research app not only installed an Enterprise Certificate on users phones and a VPN that could collect their data, but also demanded root network access that allows Facebook to man-in-the-middle their traffic and even deencrypt secure transmissions. It paid users 13 to 35 $10 to $20 per month to run the app so it could collect competitive intelligence on who to buy or copy. The Facebook Research app contained numerous code references to Onavo Protect, the app Apple banned and pushed Facebook to remove last August, yet Facebook kept on operating the data collection program.

When we first contacted Facebook, it claimed the Research app and its Enterprise Certificate distribution that sidestepped Apple’s oversight was in line with Apple’s policy. Seven hours later, Facebook announced it would shut down the Research app on iOS (though it’s still running on Android which has fewer rules). Facebook also claimed that “there was nothing ‘secret’ about this” as we had reported. However, TechCrunch has since reviewed communications proving that the Facebook Research program threatened legal action if its users spoke publicly about the app. That sounds pretty “secret to us”.

Then we learned yesterday morning that Facebook hadn’t voluntarily pulled the app as Apple had actually already invalidated Facebook’s Enterprise Certificate, thereby breaking the Research app and the social network’s employee tools. The company provided this brutally frank statement, which it in turn applied to Google today.

We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

Some are likening Apple to a privacy regulator overseeing Facebook and Google, perhaps with too much power given they’re all competitors. But in this case, both Facebook and Google blatantly violated Apple’s policies to collect the maximum amount of data about iOS users, including teenagers. That means Apple was fully within its right to shut down their market research apps. Breaking their employee apps too could be seen as just collateral damage since they all use the same Enterprise Certification, or as additional punishment for violating the rules. This only becomes a real problem if Apple steps beyond the boundaries of its policies. But now, all eyes are on how it enforces its rules, whether to benefit its users or beat up on its rivals.

Source

Kleiner Perkins gets back to early-stage with its $600M 18th fund



“KP used to be a small team doing hands-on company building. We’re moving away from being this institution with multiple products and really just focusing on early-stage venture capital,” Kleiner Perkins partner Ilya Fushman tells me. Indeed, 47 years after its founding, the storied venture fund is going “back to the future” with today’s announcement of an 18th fund — a $600 million fund for seed, Series A and Series B financings. It’s investing across consumer, enterprise, hard tech and fintech, looking for high-potential teams to help mold into unicorns.

Kleiner Perkins partner Ilya Fushman

“We went out to market to LPs. We got a lot of interest. We were significantly oversubscribed,” Fushman says of the firm’s raise.

Kleiner Perkins was recently rocked by the departure of legendary investor Mary Meeker. She took Kleiner partners Mood Rowghani, Noah Knauf and Juliet de Baubigny, and they’re reportedly raising a $1.25 billion growth fund called Bond. Fushman explained that with Kleiner refocusing on early-stage, their funds will be well-differentiated. “They’re going to focus on very late-stage growth,” while he described Kleiner fund 18 as a place where partners can “collaborate and create” alongside new startups.

Other trends Kleiner is seeking to invest in include better distributed work tools, infrastructure for technology businesses, shifts in the urban and economic landscape and security and identity tools to protect the software-enabled future. Recent early-stage investments from the firm have included wellness product subscription service FabFitFun, tax and insurance safety net Catch and food stamps app Propel.

With the explosion of early-stage funds, competition for the best deals is cutthroat. Kleiner will have to trade on its reputation, the expertise of its founders and its extensive connections to lure in founders. If entrepreneurs think Kleiner can fund their mid-stage rounds like some seed funds can’t, or hook them up with potential acquirers whether things go peachy or pear-shaped, they’ll open their cap table.

Source

Apple has blocked Google from running internal iOS apps after certificate misuse



Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates.

“We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

TechCrunch reported Wednesday that Google was using an Apple-issued certificate that allows the company to create and build internal apps for its staff for one of its consumer-facing apps, called Screenwise Meter, in violation of Apple’s rules. The app was designed to collect an extensive amount of data from a person’s iPhone for research, but using the special certificate allowed the company to allow users to bypass Apple’s App Store. Google later apologized, and said that the app “should not have operated under Apple’s developer enterprise program — this was a mistake.”

It followed in the footsteps of Facebook, which we first reported earlier this week was also abusing its internal-only certificates for a research app — which the company used to pay teenagers to vacuum up their phone’s web activity.

It’s not immediately clear how damaging this will be for Google. Not only does it mean its Screenwise Meter app won’t work for iPhones, but also nor will any other app for which the search giant relies on the certificate.

According to The Verge, many internal Google apps have also stopped working. That means many early and pre-release versions of its consumer-facing apps, like Google Maps, Hangouts, Gmail and other employee-only apps, such as its transportation apps, are no longer functioning.

Facebook faced a similar rebuke after Apple stepped in. We reported that after Apple’s ban was handed down, many of Facebook’s pre-launch, test-only versions of Facebook and Instagram stopped working, as well as other employee-only apps for coordinating office collaboration, travel and seeing the company’s daily lunch schedule. Neither block affects apps that consumers download from Apple’s App Store.

Facebook has more than 35,000 employees. Google has more than 94,000 employees.

It’s not known when — or if — Apple will issue Google or Facebook new internal-only certificates, but they will almost certainly have newer, stricter rules attached.

Source

Girl's wild frozen hair shows the power of the polar vortex



Alright, Mother Nature, you’ve done your thing — and we’re all very impressed — but this is getting out of hand. 

In recent days, extremely cold temperatures have caused everything from 2,600 flight delays to the halting of U.S. postal service delivery (and they never stop for anything). But if there’s anything we can learn from cold Midwesterners, it’s that this polar vortex doesn’t need to be a polar snorefest. 

Iowa native @taylor_scallon showed the power of negative temps when she shared a video of herself  outside with a very interesting hairstyle. She managed to get her hair to defy gravity and freeze straight up when she went outside with wet hair.   Read more…

More about Twitter, Culture, Polar Vortex, Viral Video, and Midwest

Subscribe to our mailing list

Join our online network:

Copyright © 2011-2018 Modulates