One need not travel across the world to experience India’s exceptional treasures. London is bursting with some of the finest ancient sculptures, Mughal jewellery, gemstones, textiles, food, fashion and events. To showcase these wonderful Indian links in our capital, we have compiled our own guide of the best and most enticing places to eat, drink, […]
Startups are strange beasts. Founders and investors are obviously so super-focused on building their companies that sometimes they forget to delve into the big issues behind tech and startups. Plus, do they ever know what’s going on outside their laser-focused view? Sometimes it’s good to take stock.
That’s why we’ve built The Europas Awards & Unconference (July 3) in association with TechCrunch, to give you a heads-up on the big issues, time to network, and time to celebrate with peers and friends, on a great day in London.
So what is The Europas?
• Key Founders and investors speaking
• No secret VIP rooms, maximum Speaker interaction
• Ultra-high quality crowd, largely invited
• Convivial, relaxed atmosphere conducive to networking
• Intimate “breakout” sessions with key players
• Journalists from major tech titles
• Percentage of profits will be donated to charity
• A stunning awards dinner and party which honours both the hottest startups and the leading lights in the European startup scene
Pull up a front row seat at our Unconference as some of the most incisive and prescient thought leaders in tech will discuss and debate some of the biggest issues, opportunities and challenges in tech. You won’t want to miss these panels:
• Should We Stay or Should We Go Now? What next for European’s tech economy as Brexit looms? We’re joined by LocalGlobe partner Suzanne Ashman, BGF partner, Wendy Tan White, and Eloise Todd, CEO of Best for Britain to dissect what the Leave ramifications are for the tech ecosystem.
• The Disinfoconomy: We were all shocked, shocked, to learn that Facebook had allowed commercial entities access to our private data with no oversight into how that data was being used and for what purpose. Our panelists debate what next for businesses peddling in private data, do consumers care enough to change their behaviour, what impact has this had on the media, and is there a way to sort all this mess out?
• Mapping the Future of Transportation in an Autonomous Age: The era of the autonomous vehicle is nigh! But how will AVs interact with our existing transportation landscape in our current gridlocked cities? Bill Gross-backed AIPod thinks it has a solution. CRO and co-founder Steve Gledden unpacks the details.
• AI + Startups – A Non Starter? So you wanna be an AI startup, but there’s the pesky little problem of enough data. Paul Dowling of Dreamstake Ventures leads a discussion with Steve King of social prediction startup Black Swan and Draper Esprit partner and long-time health tech investor Vishal Gulati on the data challenge.
• APPily Ever After or APPocalypse now? Dating Apps in a Post #MeToo World. Dating apps have radically reshaped how we form relationships, our attitudes toward sex, sexism, objectification and desire — and quite frankly, what constitutes good manners. We’re joined by Olivia June, founder of vina.io, and more to come.
• TWO tracks on Crypto and Blockchain:
We’ve got TWO tracks on Crypto and Blockchain this year, one dedicated to understanding the ins and outs of investing, token economics, and ICOs; the other to the industries being disrupted by the use of blockchain or DLT. We have panels looking at social impact; the media, creative industries and visual arts, digital identity, and financial services. These panels are meant to get you clued up quickly and to explore the most exciting startups in these verticals.
• Startup Central Zone
Finally, we’ve got Startup Central, with panels packed with advice on fundraising from seed to C and beyond. You’ll want to join the Future of Funding panel, a deep dive into raising money through ICOs, traditional venture capital, and crowdfunding. We’re excited to be joined by Ali Ganjavian, founder of Studio Banana. Yes, he’s the Kickstarter darling behind the Ostrich Pillow. Our favourite tech journos, including Steve O’Hear of TechCrunch, join our popular Meet the Press panel, where you’ll get to turn the tables and grill reporters on what they think makes a tech story.
• Pitch Roulette
At the end of the day, join us for Pitch Roulette, where some of Europe’s biggest VCs will be giving selected startups feedback on their pitch.
In partnership with TechCrunch, The Europas Unconference & Awards, features smaller breakout sessions on key subjects for startups, followed by a glittering awards show for the hottest startups in Europe, based on voting by expert judges and the industry itself. Plus loads of networking opportunities with investors, and the super-fun Pitch Rolette pitch competition. See below for your special discount offer!
Just some of the investors coming to The Europas this Tuesday, July 3, in London include:
Alliott Cole, Octopus Ventures
Andrei Brasoveanu, Accel Partners
Carlos Eduardo Espinal, Seedcamp
Damir Bandolo, Columbus Capital
Eileen Burbidge, Passion Capital
Eze Vidra, Reimagine Ventures
George McDonuagh, KR1 (Blockchain/Crypto)
Jamie Burke, Outlier Ventures (Blockchain/Crypto)
Jason Ball, Qualcomm Ventures
Jeremy Yap, Angel Investor
Joe White, Entrepreneur First
Maria Wagner, Beringea
Michael Jackson, Mangrove Capital Partners
Nancy Fechnay, Angel Investor (Blockchain/Crypto)
Paul Dowling, Dreamstake Ventures
Richard Muirhead, Fabric Ventures (Blockchain/Crypto)
Scott Sage, Crane Venture Partners
Sitar Teli, Connect Ventures
Stephanie Hospital, OneRagtime
Suzanne Ashman, LocalGlobe
Thomas Graham, TLDR Capital
Tugce Ergul, Angel Labs
Vishal Gulati, Draper Esprit
Wendy Tan White, BGF
Instead of thousands and thousands of people, think of a great summer event with a selected 800 of the most interesting and useful people in the industry, including key investors and leading entrepreneurs.
• Ultra-high quality Investors, speakers & featured guests
• New startup founders brought into the eco-system
• New deal-flow for investors
• Our “Diversity Matters” Free pass bringing in more women and POC
• Expert speeches, discussions, and Q&A
• Intimate “breakout” sessions with key players on vertical topics
• The opportunity to meet almost everyone in those small groups, super-charging your networking
• Convivial, relaxed atmosphere conducive to networking
• Key press including WSJ, TechCrunch, VentureBeat, attending
• A stunning awards dinner and party which honors both the hottest startups and the leading lights in the European startup scene
• Content independently curated by journalists
• The only truly independent, industry-backed awards in Europe
• Percentage of profits will be donated to charity
• All on one day to maximize your time in London
Plus, as a special offer for TechCrunch readers, we have discounted tickets of up to 60% off:
• Daytime conference plus evening awards tickets (£250, 60% discount) (valid all day, July 3rd) – this ticket includes the daytime conference and the awards dinner with ceremony and after party. It includes refreshments and lunch during the conference, and the awards drinks reception and dinner.
Facebook knows the historical app audit it’s conducting in the wake of the Cambridge Analytica data misuse scandal is going to result in a tsunami of skeletons tumbling out of its closet.
It’s already suspended around 200 apps as a result of the audit — which remains ongoing, with no formal timeline announced for when the process (and any associated investigations that flow from it) will be concluded.
CEO Mark Zuckerberg announced the audit on March 21, writing then that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity”.
But you do have to question how much the audit exercise is, first and foremost, intended to function as PR damage limitation for Facebook’s brand — given the company’s relaxed response to a data abuse report concerning a quiz app with ~120M monthly users, which it received right in the midst of the Cambridge Analytica scandal.
Because despite Facebook being alerted about the risk posed by the leaky quiz apps in late April — via its own data abuse bug bounty program — they were still live on its platform a month later.
It took about a further month for the vulnerability to be fixed.
And, sure, Facebook was certainly busy over that period. Busy dealing with a major privacy scandal.
Let’s also not forget that, in early April, Facebook quietly confessed to a major security flaw of its own — when it admitted that an account search and recovery feature had been abused by “malicious actors” who, over what must have been a period of several years, had been able to surreptitiously collect personal data on a majority of Facebook’s ~2BN users — and use that intel for whatever they fancied.
So Facebook users already have plenty reasons to doubt the company’s claims to be able to “protect your information”. But this latest data fail facepalm suggests it’s hardly scrambling to make amends for its own stinkingly bad legacy either.
Although it remains to be seen whether Facebook will face any data breach complaints in this specific instance, i.e. for not disclosing to affected users that their information was at risk of being exposed by the leaky quiz apps.
Which Facebook data abuse victim am I?
Writing in a Medium post, the security researcher who filed the report — self-styled “hacker” Inti De Ceukelaire — explains he went hunting for data abusers on Facebook’s platform after the company announced a data abuse bounty on April 10, as the company scrambled to present a responsible face to the world following revelations that a quiz app running on its platform had surreptitiously harvested millions of users’ data — data that had been passed to a controversial UK firm which intended to use it to target political ads at US voters.
De Ceukelaire says he began his search by noting down what third party apps his Facebook friends were using — finding quizzes were one of the most popular apps. Plus he already knew quizzes had a reputation for being data-suckers in a distracting wrapper. So he took his first ever Facebook quiz, from a brand called NameTests.com, and quickly realized the company was exposing Facebook users’ data to “any third-party that requested it”.
He also found it was providing an access token that allowed it to grant even more expansive data access permissions to third party websites — such as to users’ Facebook posts, photos and friends.
He reckons people’s data had been being publicly exposed since at least the end of 2016.
On Facebook, NameTests describes its purpose thusly: “Our goal is simple: To make people smile!” — adding that its quizzes are intended as a bit of “fun”.
It doesn’t shout so loudly that the ‘price’ for taking one of its quizzes, say to find out what Disney princess you ‘are’, or what you could look like as an oil painting, is not only that it will suck out masses of your personal data (and potentially your friends’ data) from Facebook’s platform for its own ad targeting purposes but was also, until recently, that your and other people’s information could have been exposed to goodness knows who, for goodness knows what nefarious purposes…
The Facebook-Cambridge Analytica data misuse scandal has underlined that ostensibly frivolous social data can end up being repurposed for all sorts of manipulative and power-grabbing purposes. (And not only can end up, but that quizzes are deliberately built to be data-harvesting tools… So think of that the next time you get a ‘take this quiz’ notification asking ‘what is in your fact file?’ or ‘what has your date of birth imprinted on you’? And hope ads is all you’re being targeted for… )
De Ceukelaire found that NameTests would still reveal Facebook users’ identity even after its app was deleted.
“In order to prevent this from happening, the user would have had to manually delete the cookies on their device, since NameTests.com does not offer a log out functionality,” he writes.
“I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends,” he adds, fleshing out the risks for affected Facebook users.
As well as alerting Facebook to the vulnerability, De Ceukelaire says he contacted NameTests — and they claimed to have found no evidence of abuse by a third party. They also said they would make changes to fix the issue.
We’ve reached out to NameTests’ parent company — a German firm called Social Sweethearts — for comment. Its website touts a “data-driven approach” — and claims its portfolio of products achieve “a global organic reach of several billion page views per month”.
Update: It has now sent the following statement: “As the data protection officer of social sweethearts, I would like to inform you that the matter has been carefully investigated. The investigation found that there was no evidence that personal data of users was disclosed to unauthorised third parties and all the more that there was no evidence that it had been misused. Nevertheless, data security is taken very seriously at Social Sweethearts and measures are currently being taken to avoid risks in the future.”
After De Ceukelaire reported the problem to Facebook, he says he received an initial response from the company on April 30 saying they were looking into it. Then, hearing nothing for some weeks, he sent a follow up email, on May 14, asking whether they had contacted the app developers.
A week later Facebook replied saying it could take three to six months to investigate the issue (i.e. the same timeframe mentioned in their initial automated reply), adding they would keep him in the loop.
Yet at that time — which was a month after his original report — the leaky NameTests quizzes were still up and running, meaning Facebook users’ data was still being exposed and at risk. And Facebook knew about the risk.
The next development came on June 25, when De Ceukelaire says he noticed NameTests had changed the way they process data to close down the access they had been exposing to third parties.
Two days later Facebook also confirmed the flaw in writing, admitting: “[T]his could have allowed an attacker to determine the details of a logged-in user to Facebook’s platform.”
It also told him it had confirmed with NameTests the issue had been fixed. And its apps continue to be available on Facebook’s platform — suggesting Facebook did not find the kind of suspicious activity that has led it to suspend other third party apps. (At least, assuming it conducted an investigation.)
Facebook paid out a $4,000 x2 bounty to a charity under the terms of its data abuse bug bounty program — and per De Ceukelaire’s request.
We asked it what took it so long to respond to the data abuse report, especially given the issue was so topical when De Ceukelaire filed the report. But Facebook declined to answer specific questions.
Instead it sent us the following statement, attributed to Ime Archibong, its VP of product partnerships:
A researcher brought the issue with the nametests.com website to our attention through our Data Abuse Bounty Program that we launched in April to encourage reports involving Facebook data. We worked with nametests.com to resolve the vulnerability on their website, which was completed in June.
Facebook also claims it received De Ceukelaire’s report on April 27, rather than April 22, as he recounts it. Though it’s possible the former date is when Facebook’s own staff retrieved the report from its systems.
Beyond displaying a disturbingly relaxed attitude to other people’s privacy — which risks getting Facebook into regulatory trouble, given GDPR’s strict requirements around breach disclosure, for example — the other core issue of concern here is the company’s apparent failure to enforce its own developer policy.
The underlying issue is whether or not Facebook performs any checks on apps running on its platform. It’s no good having T&Cs if you don’t have any active processes to enforce your T&Cs. Rules without enforcement aren’t worth the paper they’re written on.
Historical evidence suggests Facebook did not actively enforce its developer T&Cs — even if it’s now “locking down the platform”, as it claims, as a result of so many privacy scandals.
The quiz app developer at the center of the Cambridge Analytica scandal, Aleksandr Kogan — who harvested and sold/passed Facebook user data to third parties — has accused Facebook of essentially not having a policy. He contends it is therefore Facebook who is responsible for the massive data abuses that have played out on its platform — only a portion of which have so far come to light.
Fresh examples such as NameTests’ leaky quiz apps merely bolster the case Kogan made for Facebook being the guilty party where data misuse is concerned. After all, if you built some stables without any doors at all would you really blame your horses for bolting?
From next month two Google StreetView cars will be driving around London’s streets fitted with sensors that take air quality readings every 30 meters to map and monitor air quality in the UK capital.
There will also be 100 fixed sensors fitted to lampposts and buildings in pollution blackspots and sensitive locations in the city — creating a new air quality monitoring network that Sadiq Khan, London’s mayor, is billing as “the most sophisticated in the world”.
The goal with the year-long project is to generate hyperlocal data to help feed policy responses. Khan has made tackling air pollution one of his priorities.
It’s not the first time StreetView cars have been used as a vehicle for pollution monitoring. Three years ago sensors made by San Francisco startup Aclima were fitted to the cars to map air quality in the Bay Area.
The London project is using sensors made by UK company Air Monitors.
The air quality monitoring project is a partnership between the Greater London Authority and C40 Cities network — a coalition of major cities around the world which is focused on tackling climate change and increasing health and well-being.
The project is being led by the charity Environmental Defense Fund Europe, in partnership with Air Monitors, Google Earth Outreach, Cambridge Environmental Research Consultants, University of Cambridge, National Physical Laboratory, and the Environmental Defense Fund team in the United States.
King’s College London will also be undertaking a linked study focused on schools.
Results will be shared with members of the C40 Cities network — with the ambition of developing policy responses that help improve air quality for hundreds of millions of city dwellers around the world.
Most of the attention so far has been focused on the losers post-GDPR, which can be broadly summarized as “advertising networks.” Indeed, as Jessica Davies at Digiday reported over the weekend, programmatic advertising in Europe plummeted post-GDPR this weekend, potentially threatening profits at product lines like Google’s DoubleClick network (at least temporarily until they figure out all the compliance issues).
However, the more interesting analysis is around who the winners of these laws will be (besides the lawyers of course). To me, it’s clear that the complexity around these data sovereignty laws ultimately benefits highly-scaled service providers who can manage the nuanced regulations around these laws in an automated fashion. That means, ironically, that Google will likely win long-term on its cloud side, along with other major cloud providers like Amazon and Microsoft Azure.
That free market in data is rapidly disintegrating as governments increasingly take an interest in data, not just for privacy reasons, but also for population thought control and economic growth purposes. For software developers writing applications, that portends a complicated world for managing global and even potentially national data laws — a context that is going to be deeply enriching for service providers who can successfully help clients navigate this new world.
These new laws can be broadly grouped under the term “data sovereignty,” which is one of those terms you say at the World Economic Forum to sound like you are in the know. The goal of these laws is to move data away from the geographically agnostic world of cyberspace, and plant those records directly under local jurisdictions. In short, data sovereignty is where data and meatspace connect, and it is something we have covered on TechCrunch for some time.
These laws are quite different, but they all serve the same purpose — to bring data back home and ensure that the desires of a country’s people (and, of course, its leaders) can be imprinted on how that data is used.
Here’s the challenge: these laws are enormously complicated and completely incompatible with one another. For all the questions about GDPR, it is perhaps the easiest one of the batch to handle. China’s regulations around the cloud are so opaque, it’s not even clear that the Beijing government knows exactly what its law entails. As Samm Sacks, a senior fellow at the Center for Strategic & International Studies, put it in a lengthy analysis:
Even as the [Chinese] government pushes to put in place a new regulatory framework around how data is managed and shared, there does not yet appear to be a higher-level consensus around how to do this in practice. From issues around cross-border data flows and what constitutes “important data,” to how to balance development of emerging technologies like AI with growing demands by Chinese users for data privacy, there is still unresolved internal debate in China about what this all should look like.
China’s new cloud law remains as opaque as the Beijing atmosphere.
Multiply that complexity by dozens of governments around the world creating their own standards. Even within the United States, data laws are increasingly being drafted at the state-level. California’a legislature is debating a bill that could bring a sort of GDPR-lite protocol to the Golden State. These laws force startups and large companies alike to potentially adapt to dozens of variations just to stay legal.
Once simple, data is now ridiculously complicated. What data to collect, where and when it can be stored, and what it can be used for are increasingly questions that require significant legal work to answer. Startups and even Fortune 500 companies are in no position to be able to handle these complexities without significant assistance.
That’s where I think the cloud providers are going to strike even more gold. Storing your own data isn’t just risky from a security perspective, it is also increasingly untenable in the fast currents of this data sovereignty world. Is every Fortune 500 company going to start building data centers in countries throughout the world just to stay legal? In the past, that answer was perhaps a bit more blurry, but today it is obvious: everything is going to have to move to the cloud, the sooner the better.
That’s not to say that Google and Amazon have great data governance products — quite the contrary in fact. But don’t be surprised when they announce features this year that increasingly handle these data sovereignty problems. The winners in complexity are always the abstraction layers — the Stripes of the world that simplify the development of a company’s core product. While there are startups in that space today, it’s the largest tech companies that are going to have the comprehensive data services required to manage this new terrain effectively.
GDPR has been described as an anti-Google law, but it may turn out to be the greatest forcing function to drive adoption of Google Cloud. The irony may be that the supposed losers may well turn out to be the biggest winners after all.