Android

This early GDPR adtech strike puts the spotlight on consent

Posted by | Advertising Tech, Android, Apps, artificial intelligence, China, data processing, data protection, Europe, european union, Facebook, Fidzup, GDPR, General Data Protection Regulation, Google, location based services, mobile advertising, mobile device, online advertising, privacy, retail, smartphone, TC, terms of service | No Comments

What does consent as a valid legal basis for processing personal data look like under Europe’s updated privacy rules? It may sound like an abstract concern but for online services that rely on things being done with user data in order to monetize free-to-access content this is a key question now the region’s General Data Protection Regulation is firmly fixed in place.

The GDPR is actually clear about consent. But if you haven’t bothered to read the text of the regulation, and instead just go and look at some of the self-styled consent management platforms (CMPs) floating around the web since May 25, you’d probably have trouble guessing it.

Confusing and/or incomplete consent flows aren’t yet extinct, sadly. But it’s fair to say those that don’t offer full opt-in choice are on borrowed time.

Because if your service or app relies on obtaining consent to process EU users’ personal data — as many free at the point-of-use, ad-supported apps do — then the GDPR states consent must be freely given, specific, informed and unambiguous.

That means you can’t bundle multiple uses for personal data under a single opt-in.

Nor can you obfuscate consent behind opaque wording that doesn’t actually specify the thing you’re going to do with the data.

You also have to offer users the choice not to consent. So you cannot pre-tick all the consent boxes that you really wish your users would freely choose — because you have to actually let them do that.

It’s not rocket science but the pushback from certain quarters of the adtech industry has been as awfully predictable as it’s horribly frustrating.

This has not gone unnoticed by consumers either. Europe’s Internet users have been filing consent-based complaints thick and fast this year. And a lot of what is being claimed as ‘GDPR compliant’ right now likely is not.

So, some six months in, we’re essentially in a holding pattern waiting for the regulatory hammers to come down.

But if you look closely there are some early enforcement actions that show some consent fog is starting to shift.

Yes, we’re still waiting on the outcomes of major consent-related complaints against tech giants. (And stockpile popcorn to watch that space for sure.)

But late last month French data protection watchdog, the CNIL, announced the closure of a formal warning it issued this summer against drive-to-store adtech firm, Fidzup — saying it was satisfied it was now GDPR compliant.

Such a regulatory stamp of approval is obviously rare this early in the new legal regime.

So while Fidzup is no adtech giant its experience still makes an interesting case study — showing how the consent line was being crossed; how, working with CNIL, it was able to fix that; and what being on the right side of the law means for a (relatively) small-scale adtech business that relies on consent to enable a location-based mobile marketing business.

From zero to GDPR hero?

Fidzup’s service works like this: It installs kit inside (or on) partner retailers’ physical stores to detect the presence of user-specific smartphones. At the same time it provides an SDK to mobile developers to track app users’ locations, collecting and sharing the advertising ID and wi-fi ID of users’ smartphone (which, along with location, are judged personal data under GDPR.)

Those two elements — detectors in physical stores; and a personal data-gathering SDK in mobile apps — come together to power Fidzup’s retail-focused, location-based ad service which pushes ads to mobile users when they’re near a partner store. The system also enables it to track ad-to-store conversions for its retail partners.

The problem Fidzup had, back in July, was that after an audit of its business the CNIL deemed it did not have proper consent to process users’ geolocation data to target them with ads.

Fidzup says it had thought its business was GDPR compliant because it took the view that app publishers were the data processors gathering consent on its behalf; the CNIL warning was a wake up call that this interpretation was incorrect — and that it was responsible for the data processing and so also for collecting consents.

The regulator found that when a smartphone user installed an app containing Fidzup’s SDK they were not informed that their location and mobile device ID data would be used for ad targeting, nor the partners Fidzup was sharing their data with.

CNIL also said users should have been clearly informed before data was collected — so they could choose to consent — instead of information being given via general app conditions (or in store posters), as was the case, after the fact of the processing.

It also found users had no choice to download the apps without also getting Fidzup’s SDK, with use of such an app automatically resulting in data transmission to partners.

Fidzup’s approach to consent had also only been asking users to consent to the processing of their geolocation data for the specific app they had downloaded — not for the targeted ad purposes with retail partners which is the substance of the firm’s business.

So there was a string of issues. And when Fidzup was hit with the warning the stakes were high, even with no monetary penalty attached. Because unless it could fix the core consent problem, the 2014-founded startup might have faced going out of business. Or having to change its line of business entirely.

Instead it decided to try and fix the consent problem by building a GDPR-compliant CMP — spending around five months liaising with the regulator, and finally getting a green light late last month.

A core piece of the challenge, as co-founder and CEO Olivier Magnan-Saurin tells it, was how to handle multiple partners in this CMP because its business entails passing data along the chain of partners — each new use and partner requiring opt-in consent.

“The first challenge was to design a window and a banner for multiple data buyers,” he tells TechCrunch. “So that’s what we did. The challenge was to have something okay for the CNIL and GDPR in terms of wording, UX etc. And, at the same time, some things that the publisher will allow to and will accept to implement in his source code to display to his users because he doesn’t want to scare them or to lose too much.

“Because they get money from the data that we buy from them. So they wanted to get the maximum money that they can, because it’s very difficult for them to live without the data revenue. So the challenge was to reconcile the need from the CNIL and the GDPR and from the publishers to get something acceptable for everyone.”

As a quick related aside, it’s worth noting that Fidzup does not work with the thousands of partners an ad exchange or demand-side platform most likely would be.

Magnan-Saurin tells us its CMP lists 460 partners. So while that’s still a lengthy list to have to put in front of consumers — it’s not, for example, the 32,000 partners of another French adtech firm, Vectaury, which has also recently been on the receiving end of an invalid consent ruling from the CNIL.

In turn, that suggests the ‘Fidzup fix’, if we can call it that, only scales so far; adtech firms that are routinely passing millions of people’s data around thousands of partners look to have much more existential problems under GDPR — as we’ve reported previously re: the Vectaury decision.

No consent without choice

Returning to Fidzup, its fix essentially boils down to actually offering people a choice over each and every data processing purpose, unless it’s strictly necessary for delivering the core app service the consumer was intending to use.

Which also means giving app users the ability to opt out of ads entirely — and not be penalized by not being able to use the app features itself.

In short, you can’t bundle consent. So Fidzup’s CMP unbundles all the data purposes and partners to offer users the option to consent or not.

“You can unselect or select each purpose,” says Magnan-Saurin of the now compliant CMP. “And if you want only to send data for, I don’t know, personalized ads but you don’t want to send the data to analyze if you go to a store or not, you can. You can unselect or select each consent. You can also see all the buyers who buy the data. So you can say okay I’m okay to send the data to every buyer but I can also select only a few or none of them.”

“What the CNIL ask is very complicated to read, I think, for the final user,” he continues. “Yes it’s very precise and you can choose everything etc. But it’s very complete and you have to spend some time to read everything. So we were [hoping] for something much shorter… but now okay we have something between the initial asking for the CNIL — which was like a big book — and our consent collection before the warning which was too short with not the right information. But still it’s quite long to read.”

Fidzup’s CNIL approved GDPR-compliant consent management platform

“Of course, as a user, I can refuse everything. Say no, I don’t want my data to be collected, I don’t want to send my data. And I have to be able, as a user, to use the app in the same way as if I accept or refuse the data collection,” he adds.

He says the CNIL was very clear on the latter point — telling it they could not require collection of geolocation data for ad targeting for usage of the app.

“You have to provide the same service to the user if he accepts or not to share his data,” he emphasizes. “So now the app and the geolocation features [of the app] works also if you refuse to send the data to advertisers.”

This is especially interesting in light of the ‘forced consent’ complaints filed against tech giants Facebook and Google earlier this year.

These complaints argue the companies should (but currently do not) offer an opt-out of targeted advertising, because behavioural ads are not strictly necessary for their core services (i.e. social networking, messaging, a smartphone platform etc).

Indeed, data gathering for such non-core service purposes should require an affirmative opt-in under GDPR. (An additional GDPR complaint against Android has also since attacked how consent is gathered, arguing it’s manipulative and deceptive.)

Asked whether, based on his experience working with the CNIL to achieve GDPR compliance, it seems fair that a small adtech firm like Fidzup has had to offer an opt-out when a tech giant like Facebook seemingly doesn’t, Magnan-Saurin tells TechCrunch: “I’m not a lawyer but based on what the CNIL asked us to be in compliance with the GDPR law I’m not sure that what I see on Facebook as a user is 100% GDPR compliant.”

“It’s better than one year ago but [I’m still not sure],” he adds. “Again it’s only my feeling as a user, based on the experience I have with the French CNIL and the GDPR law.”

Facebook of course maintains its approach is 100% GDPR compliant.

Even as data privacy experts aren’t so sure.

One thing is clear: If the tech giant was forced to offer an opt out for data processing for ads it would clearly take a big chunk out of its business — as a sub-set of users would undoubtedly say no to Zuckerberg’s “ads”. (And if European Facebook users got an ads opt out you can bet Americans would very soon and very loudly demand the same, so…)

Bridging the privacy gap

In Fidzup’s case, complying with GDPR has had a major impact on its business because offering a genuine choice means it’s not always able to obtain consent. Magnan-Saurin says there is essentially now a limit on the number of device users advertisers can reach because not everyone opts in for ads.

Although, since it’s been using the new CMP, he says a majority are still opting in (or, at least, this is the case so far) — showing one consent chart report with a ~70:30 opt-in rate, for example.

He expresses the change like this: “No one in the world can say okay I have 100% of the smartphones in my data base because the consent collection is more complete. No one in the world, even Facebook or Google, could say okay, 100% of the smartphones are okay to collect from them geolocation data. That’s a huge change.”

“Before that there was a race to the higher reach. The biggest number of smartphones in your database,” he continues. “Today that’s not the point.”

Now he says the point for adtech businesses with EU users is figuring out how to extrapolate from the percentage of user data they can (legally) collect to the 100% they can’t.

And that’s what Fidzup has been working on this year, developing machine learning algorithms to try to bridge the data gap so it can still offer its retail partners accurate predictions for tracking ad to store conversions.

“We have algorithms based on the few thousand stores that we equip, based on the few hundred mobile advertising campaigns that we have run, and we can understand for a store in London in… sports, fashion, for example, how many visits we can expect from the campaign based on what we can measure with the right consent,” he says. “That’s the first and main change in our market; the quantity of data that we can get in our database.”

“Now the challenge is to be as accurate as we can be without having 100% of real data — with the consent, and the real picture,” he adds. “The accuracy is less… but not that much. We have a very, very high standard of quality on that… So now we can assure the retailers that with our machine learning system they have nearly the same quality as they had before.

“Of course it’s not exactly the same… but it’s very close.”

Having a CMP that’s had regulatory ‘sign-off’, as it were, is something Fidzup is also now hoping to turn into a new bit of additional business.

“The second change is more like an opportunity,” he suggests. “All the work that we have done with CNIL and our publishers we have transferred it to a new product, a CMP, and we offer today to all the publishers who ask to use our consent management platform. So for us it’s a new product — we didn’t have it before. And today we are the only — to my knowledge — the only company and the only CMP validated by the CNIL and GDPR compliant so that’s useful for all the publishers in the world.”

It’s not currently charging publishers to use the CMP but will be seeing whether it can turn it into a paid product early next year.

How then, after months of compliance work, does Fidzup feel about GDPR? Does it believe the regulation is making life harder for startups vs tech giants — as is sometimes suggested, with claims put forward by certain lobby groups that the law risks entrenching the dominance of better resourced tech giants. Or does he see any opportunities?

In Magnan-Saurin’s view, six months in to GDPR European startups are at an R&D disadvantage vs tech giants because U.S. companies like Facebook and Google are not (yet) subject to a similarly comprehensive privacy regulation at home — so it’s easier for them to bag up user data for whatever purpose they like.

Though it’s also true that U.S. lawmakers are now paying earnest attention to the privacy policy area at a federal level. (And Google’s CEO faced a number of tough questions from Congress on that front just this week.)

“The fact is Facebook-Google they own like 90% of the revenue in mobile advertising in the world. And they are American. So basically they can do all their research and development on, for example, American users without any GDPR regulation,” he says. “And then apply a pattern of GDPR compliance and apply the new product, the new algorithm, everywhere in the world.

“As a European startup I can’t do that. Because I’m a European. So once I begin the research and development I have to be GDPR compliant so it’s going to be longer for Fidzup to develop the same thing as an American… But now we can see that GDPR might be beginning a ‘world thing’ — and maybe Facebook and Google will apply the GDPR compliance everywhere in the world. Could be. But it’s their own choice. Which means, for the example of the R&D, they could do their own research without applying the law because for now U.S. doesn’t care about the GDPR law, so you’re not outlawed if you do R&D without applying GDPR in the U.S. That’s the main difference.”

He suggests some European startups might relocate R&D efforts outside the region to try to workaround the legal complexity around privacy.

“If the law is meant to bring the big players to better compliance with privacy I think — yes, maybe it goes in this way. But the first to suffer is the European companies, and it becomes an asset for the U.S. and maybe the Chinese… companies because they can be quicker in their innovation cycles,” he suggests. “That’s a fact. So what could happen is maybe investors will not invest that much money in Europe than in U.S. or in China on the marketing, advertising data subject topics. Maybe even the French companies will put all the R&D in the U.S. and destroy some jobs in Europe because it’s too complicated to do research on that topics. Could be impacts. We don’t know yet.”

But the fact of GDPR enforcement having — perhaps inevitably — started small, with so far a small bundle of warnings against relative data minnows, rather than any swift action against the industry dominating adtech giants, that’s being felt as yet another inequality at the startup coalface.

“What’s sure is that the CNIL started to send warnings not to Google or Facebook but to startups. That’s what I can see,” he says. “Because maybe it’s easier to see I’m working on GDPR and everything but the fact is the law is not as complicated for Facebook and Google as it is for the small and European companies.”

Powered by WPeMatico

The annual PornHub year in review tells us what we’re really looking at online

Posted by | Android, Apps, arkansas, Australia, chrome os, Germany, india, microsoft windows, Mississippi, Nintendo, pornhub, pornography, South Carolina, Startups, TC, United Kingdom, United States, video hosting, world wide web | No Comments

PornHub, a popular site that features people in various stages of undress, saw 33.5 billion visits in 2018. There are currently 7.53 billion people on Earth.

Y’all have been busy.

The company, which owns most of the major porn sites online, produces a yearly report that aggregates user behavior on the site. Of particular interest, aside from the fact that all of us are horndogs, is that the U.S., Germany and India are in the top spots for porn browsing and that the company transferred 4,000 petabytes of data, or about 500 MB, per person on the planet.

We ignore this data at our peril. While it doesn’t seem important at first glance, the fact that these porn sites are doing more traffic than most major news organizations is deeply telling. Further, like the meme worlds of Twitter and Facebook, Stormy Daniels and Fortnite made the top searches, which points to the spread of politics and culture into the heart of our desires. TV manufacturers should note that 4K searchers are rising in popularity, which suggests that consumer electronics manufacturers should start getting read for a shift (although it should be noted that there is sadly little free 4K content on these sites, a discovery I just made while researching this brief.)

Need more frightening/enlightening data? Here you go.

Just as ‘1080p’ searches had been a defining term in 2017, now ‘4k’ ultra-hd has seen a significant increase in popularity through-out 2018. The popularity of ‘Romantic’ videos more than doubled, and remained twice as popular with female visitors when compared to men.

Searches referring to the dating app ‘Tinder’ grew by 161% among women, 113% among men and 131% by visitors aged 35 to 44. It was also a top trending term in many countries including the United Kingdom and Australia. The number of Tinder themed fantasy date videos on the site is now more than 3500.

Life imitates art, and eventually porn imitates everything, so perhaps it’s no surprise to see that ‘Bowsette’ also made our list of searches that defined 2018. After the original Nintendo fan-art went viral, searches for Bowsette exceeded 3 million in just one week and resulted in the release of a live-action Bowsette themed porn parody (NSFW) with more than 720,000 views.

Bowsette. Good. Moving on.

The Bible Belt represented well in the showings, with Mississippi, South Carolina and Arkansas spending the most time looking at porn. Kansas spent the least. Phones got the most use as porn distribution devices and iOS and Android nearly tied in terms of platform popularity.

Windows traffic fell considerably this year, while Chrome OS became decidedly more popular in 2018. Chrome was popular when it came to browsers used, while the PlayStation was the biggest deliverer of flicks to the console user.

Porn is a the canary in the tech coal mine, and where it goes the rest of tech follows. All of these data points, taken together, paint a fascinating picture of a world on the cusp of a fairly unique shift from desktop to mobile and from HD to 4K video. Further, given that these sites are delivering so much data on a daily basis, it’s clear that all of us are sneaking a peek now and again… even if we refuse to admit it.

Powered by WPeMatico

Popular avatar app Boomoji exposed millions of users’ contact lists and location data

Posted by | Android, california, database, General Data Protection Regulation, privacy, Security, social media, Software, spokesperson, web browser | No Comments

Popular animated avatar creator app Boomoji, with more than five million users across the world, exposed the personal data of its entire user base after it failed to put passwords on two of its internet-facing databases.

The China-based app developer left the ElasticSearch databases online without passwords — a U.S.-based database for its international customers and a Hong Kong-based database containing mostly Chinese users’ data in an effort to comply with China’s data security laws, which requires Chinese citizens’ data to be located on servers inside the country.

Anyone who knew where to look could access, edit or delete the database using their web browser. And, because the database was listed on Shodan, a search engine for exposed devices and databases, they were easily found with a few keywords.

After TechCrunch reached out, Boomoji pulled the two databases offline. “These two accounts were made by us for testing purposes,” said an unnamed Boomoji spokesperson in an email.

But that isn’t true.

The database contained records on all of the company’s iOS and Android users — some 5.3 million users as of this week. Each record contained their username, gender, country and phone type.

Each record also included a user’s unique Boomoji ID, which was linked to other tables in the database. Those other tables included if and which school they go to — a feature Boomoji touts as a way for users to get in touch with their fellow students. That unique ID also included the precise geolocation of more than 375,000 users that had allowed the app to know their location at any given time.

Worse, the database contained every phone book entry of every user who had allowed the app access to their contacts.

One table had more than 125 million contacts, including their names (as written in a user’s phone book) and their phone numbers. Each record was linked to a Boomoji’s unique ID, making it relatively easy to know whose contact list belonged to whom.

Even if you didn’t use the app, anyone who has your phone number stored on their device and used the app more than likely uploaded your number to Boomoji’s database. To our knowledge, there’s no way to opt out or have your information deleted.

Given Boomoji’s response, we verified the contents of the database by downloading the app on a dedicated iPhone using a throwaway phone number, containing a few dummy, but easy-to-search contact list entries. To find friends, the app matches your contacts with those registered with the app in its database. When we were prompted to allow the app access to our contacts list, the entire dummy contact list was uploaded instantly — and viewable in the database.

So long as the app was installed and had access to the contacts, new phone numbers would be automatically uploaded.

Yet, none of the data was encrypted. All of the data was stored in plaintext.

Although Boomoji is based in China, it claims to follow California state law, where data protection and privacy rules are some of the strongest in the U.S. We asked Boomoji if it has or plans to inform California’s attorney general of the exposure as required by state law, but the company did not answer.

Given the vast amount of European users’ information in the database, the company may also face penalties under the EU’s General Data Protection Regulation, which can impose fines of up to four percent of the company’s global annual revenue for serious breaches.

But given its China-based presence, it’s not clear, however, what actionable repercussions the company could face.

This is the latest in a series of exposures involving ElasticSearch instances, a popular open source search and database software. In recent weeks, several high-profile data exposures have been reported as a result of companies’ failure to practice basic data security measures — including Urban Massage exposing its own customer database, Mindbody-owned FitMetrix forgetting to put a password on its servers and Voxox, a communications company, which leaked phone numbers and two-factor codes on millions of unsuspecting users.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Powered by WPeMatico

What China searched for in 2018: World Cup, trade war, Apple

Posted by | Android, Apple, artificial intelligence, Asia, Baidu, China, Entertainment, Facebook, Google, huawei, iQiyi, Netflix, oppo, producer, Qualcomm, quantum computing, search engine, shenzhen, smartphone, TC, Tencent, world cup | No Comments

Soon after Google unveiled the top trends in what people searched for in 2018, Baidu published what captivated the Chinese in a parallel online universe, where most of the West’s mainstream tech services, including Google and Facebook, are inaccessible.

China’s top search engine put together the report “based on trillions of trending queries” to present a “social collective memory” of internet users, said Baidu; 802 million people have come online in China as of August, and many of them use Baidu to look things up daily.

Overall, Chinese internet users were transfixed on a mix of sports events, natural disasters, politics and entertainment, a pattern that also prevails in Google’s year-in-search. On Baidu, the most popular queries of the year are:

  1. World Cup: China shares its top search with the rest of the world. Despite China’s lackluster performance in the tournament, World Cup managed to capture a massive Chinese fan base who supported an array of foreign teams. People filled bars in big cities at night to watch the heart-thumping matches, and many even trekked north to Russia to show their support.
  2. U.S.-China trade war: The runner-up comes as no surprise, given the escalating conflict between the world’s two largest economies. A series of events have stoked more fears of the stand-off, including the arrest of Huawei’s financial chief.
  3. Typhoon Mangkhut: The massive tropical cyclone swept across the Pacific Ocean in September, leaving the Philippines and South China in shambles. Shenzhen, the Chinese city dubbed the Silicon Valley for hardware, reportedly submitted more than $20.4 million in damage claims after the storm.
  4. Apple launch: The American smartphone giant is still getting a lot of attention in China even as local Android competitors like Huawei and Oppo chip away at its market share. Apple is also fighting a legal battle with chipmaker Qualcomm, which wanted the former to stop selling certain smartphone models in China.
  5. The story of Yanxi Palace: The historical drama of backstabbing concubines drew record-breaking views for its streamer and producer iQiyi, China’s answer to Netflix that floated in the U.S. in February. The 70-episode show was watched not only in China but also across more than 70 countries around the world.
  6. Produce 101: The talent show in which 101 young women race to be the best performer is one of Tencent Video’s biggest hits of the year, but its reach has gone beyond its targeted young audience as it popularized a meme, which made it to No. 9 on this list.
  7. Skr: A buzzword courtesy of pop idol Kris Wu, who extensively used it on a whim during iQiyi’s rap competition “Rap of China,” prompting his fans and internet users to bestow it with myriad interpretations.
  8. Li Yong passed away: The sudden death of the much-loved television host after he fought a 17-month battle with cancer stirred an outpouring of grief on social media.
  9. Koi: A colored variety of carps, the fish is associated with good luck in Chinese culture. Yang Chaoyue, a Produce 101 contestant whom the audience believed to be below average surprisingly rose to fame and has since been compared to a koi.
  10.  Esports: Professional gaming has emerged from the underground to become a source of national pride recently after a Chinese team championed the League of Legend finals, an event regarded as the Olympics for esports.

In addition to the overall ranking, Baidu also listed popular terms by category, with staple areas like domestic affairs alongside those with a local flavor, such as events that inspire national pride or are tear-jerking.

This was also the first year that Baidu added a category dedicated to AI-related keywords. The search giant, which itself has pivoted to go all in AI and has invested heavily in autonomous driving, said the technology “has not only become a nationwide buzzword but also a key engine in transforming lives across the globe.” In 2018, Chinese people were keen to learn about these AI terms: robots, chips, internet of things, smart speakers, autonomous driving, face recognition, quantum computing, unmanned vehicles, World Artificial Intelligence Conference and quantum mechanics.

Powered by WPeMatico

Prisma’s new AI-powered app, Lensa, helps the selfie camera lie

Posted by | AI, Android, Apps, artificial intelligence, Europe, machine learning, photo editing, Prisma, selfie, smartphone | No Comments

Prisma Labs, the startup behind the style transfer craze of a couple of years ago, has a new AI-powered iOS app for retouching selfies. An Android version of the app — which is called Lensa — is slated as coming in January.

It bills Lensa as a “one-button Photoshop”, offering a curated suite of photo-editing features intended to enhance portrait photos — including teeth whitening; eyebrow tinting; ‘face retouch’ which smooths skin tone and texture (but claims to do so naturally); and ‘eye contrast’ which is supposed to make your eye color pop a bit more (but doesn’t seem to do too much if, like me, you’re naturally dark eyed).

There’s also a background blur option for adding a little bokeh to make your selfie stand out from whatever unattractive clutter you’re surrounded by — much like the portrait mode that Apple added to iOS two years ago.

Lensa can also correct for lens distortion, such as if a selfie has been snapped too close. “Our algorithm reconstructs face in 3D and fixes those disproportions,” is how it explains that.

The last slider on the app’s face menu offers this feature, letting you play around with making micro-adjustments to the 3D mesh underpinning your face. (Which feels as weird to see as it sounds to type.)

Of course there’s no shortage of other smartphone apps out there on stores — and/or baked right into smartphones’ native camera apps — offering to ‘beautify’ selfies.

But the push-button pull here is that Lensa automatically — and, it claims, professionally — performs AI-powered retouching of your selfie. So you don’t have to do any manual tweaking yourself (though you also can if you like).

If you just snap a selfie you’ll see an already enhanced version of you. Who said the camera never lies? Thanks AI…

Prisma Labs’ new app, Lensa, uses machine learning to automagically edit selfies

Lensa also lets you tweak visual parameters across the entire photo, as per a standard photo-editing app, via an ‘adjust’ menu — which (at launch) offers sliders for: Exposure, contrast, saturation, plus fade, sharpen; temperature, tint; highlights, shadows.

While Lensa is free to download, an in-app subscription (costing $4.99 per month) can let you get a bit more serious about editing its AI-enhanced selfies — by unlocking the ability to adjust all those parameters across just the face; or just the background.

Prisma Labs says that might be useful if, for example, you want to fix an underexposed selfie shot against a brighter background.

“Lensa utilizes a bunch of Machine Learning algorithms to precisely extract face skin from the image and then retouching portraits like a professional artist,” is how it describes the app, adding: “The process is fully automated, but the user can set up an intensity level of the effect.”

The startup says it’s drawn on its eponymous style transfer app for Lensa’s machine learning as the majority of photos snapped and processed in Prisma are selfies — giving it a relevant heap of face data to train the photo-editing algorithms.

Having played around with Lensa I can say its natural looking instant edits are pretty seductive — in that it’s not immediately clear algorithmic fingers have gone in and done any polishing. At a glance you might just think oh, that’s a nice photo.

On closer inspection you can of course see the airbrushing that’s gone on but the polish is applied with enough subtly that it can pass as naturally pleasing.

And natural edits is one of the USP’s Prisma Labs is claiming for Lensa. “Our mission is to allow people to edit a portrait but keep it looking natural,” it tells us. (The other key feature it touts is automation, so it’s selling the time you’ll save not having to manually tweak your selfies.)

Anyone who suffers from a chronic skin condition might view Lensa as a welcome tool/alternative to make-up in an age of the unrelenting selfies (when cameras that don’t lie can feel, well, exhausting).

But for those who object to AI stripping even skin-deep layers off of the onion of reality, Lensa’s subtle algorithmic fiddling might still come over as an affront.

This report was updated with a correction after Prisma told us it had decided to remove watermarks and ads from the free version of the app so it is not necessary to pay for a subscription to remove them

Powered by WPeMatico

Watch Google CEO Sundar Pichai testify in Congress — on bias, China and more

Posted by | algorithmic accountability, Android, artificial intelligence, bias, China, Google, Government, House Judiciary Committee, Policy, Social, Sundar Pichai, United States | No Comments

Google CEO Sundar Pichai has managed to avoid the public political grillings that have come for tech leaders at Facebook and Twitter this year. But not today.

Today he will be in front of the House Judiciary committee for a hearing entitled: Transparency & Accountability: Examining Google and its Data Collection, Use and Filtering Practices.

The hearing kicks off at 10:00 ET — and will be streamed live via our YouTube channel (with the feed also embedded above in this post).

Announcing the hearing last month, committee chairman Bob Goodlatte said it would “examine potential bias and the need for greater transparency regarding the filtering practices of tech giant Google”.

Republicans have been pressuring the Silicon Valley giant over what they claim is ‘liberal bias’ embedded at the algorithmic level.

This summer President Trump publicly lashed out at Google, expressing displeasure about news search results for his name in a series of tweets in which he claimed: “Google & others are suppressing voices of Conservatives and hiding information and news that is good.”

Google rejected the allegation, responding then that: “Search is not used to set a political agenda and we don’t bias our results toward any political ideology.”

In his prepared remarks ahead of the hearing, Pichai reiterates this point.

“I lead this company without political bias and work to ensure that our products continue to operate that way. To do otherwise would go against our core principles and our business interests,” he writes. “We are a company that provides platforms for diverse perspectives and opinions—and we have no shortage of them among our own employees.”

He also seeks to paint a picture of Google as a proudly patriotic “American company” — playing up its role as a creator of local jobs and a bolster for the wider US economy, likely in the hopes of defusing some of the expected criticism from conservatives on the committee.

However his statement makes no mention of a separate controversy that’s been dogging Google this year — after news leaked this summer that it had developed a censored version of its search service for a potential relaunch in China.

The committee looks certain to question Google closely on its intentions vis-a-vis China.

In statements ahead of the hearing last month, House majority leader, Kevin McCarthy, flagged up reports he said suggested Google is “compromising its core principles by complying with repressive censorship mandates from China”.

Trust in general is a key theme, with lawmakers expressing frustration at both the opacity of Google’s blackbox algorithms, which ultimately shape content hierarchies on its platforms, and the difficulty they’ve had in getting facetime with its CEO to voice questions and concerns.

At a Senate Intelligence committee hearing three months ago, which was attended by Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg, senators did not hide their anger that Pichai had turned down their invitation — openly ripping into company leaders for not bothering to show up. (Google offered to send its chief legal officer instead.)

“For months, House Republicans have called for greater transparency and openness from Google. Company CEO Sundar Pichai met with House Republicans in September to answer some of our questions. Mr. Pichai’s scheduled appearance in front of the House Judiciary Committee is another important step to restoring public trust in Google and all the companies that shape the Internet,” McCarthy wrote last month.

Other recent news that could inform additional questions for Pichai from the committee include the revelation of yet another massive security breach at Google+; and a New York Times investigation of how mobile apps are location tracking users — with far more Android apps found to contain location-sharing code than iOS apps.

Powered by WPeMatico

Google Fit gets improved activity logging and a breathing exercise

Posted by | activity tracking, Android, Apps, Google, Google Fit, Mobile | No Comments

Google Fit, Google’ s activity-tracking app for Android, is getting a small but meaningful update today that adds a few new features that’ll likely make its regular users quite happy. Some are pretty basic, like the launch of a Fit widget for your Android home screen, while others introduce new features like a breathing exercise (though that will only be available on Wear OS), an updated home screen in the app itself and improved activity logging.

The app got a major redesign earlier this year and in the process, Google introduced Heart Points as a way of tracking not just the length but also the strenuousness of your activities. Those are tracked automatically as you go about your day, but since Fit also lets you log activities manually, you didn’t really get a chance to log the intensity of those exercises. Now, however, you can adjust the intensity in your quest for getting more Heart Points.

The other major new feature is the exact opposite of strenuous exercise: a breathing exercise for those moments when you want to calm down. For some reason, Google decided that this feature is Wear OS-only right now. I’m not quite sure why that’s the case, but if you don’t have a Wear OS watch, you’ll just have to figure out some other way to keep calm and bugger on.

Powered by WPeMatico

The Epic Games Store is now live

Posted by | Android, epic games, first person shooters, fortnite, Gaming, Google, Google Play Store, Kleiner Perkins, lightspeed venture partners, unreal engine, Unreal Tournament | No Comments

It’s a busy week for Epic Games . Fresh from pushing out a major season 7 update for Fortnite, so the gaming giant has taken the wraps off its own games store.

First announced earlier this week, the Epic Games Store is targeted squarely at Steam — the giant in the digital game commerce space — and it quietly went live today.

Right now there’s a small cluster of games available, including Hades, a new title from Supergiant Games that is in “early access” for $19.99, and Epic’s own Fortnite and Unreal Tournament, both of which are free. But Epic is saying that’s there’s a lot more to come. In particular, the store will offer a free game every two weeks, starting with Subnautica from December 14-17 and Super Meat Boy from December 28 until January 10.

What is most interesting about the store is the revenue split, which is just 12 percent. That has set off a change at Valve, the firm behind Steam, as we reported earlier this week:

While Valve will continue to take an App Store-like 30 percent from sales of game makers with less than 10 million in revenue, that figure drops to 25 percent until they hit 50 million revenue, from which point the slice drops to 20 percent.

All in all, the store is very early-stage, but you can imagine that Epic is working to add more flesh to the bones. It makes absolute sense that the company is aiming to capitalize on the phenomenal success of Fortnite — which was estimated to be grossing as much as $2 million per day in the summer — by building a destination for gamers. Indeed, a big clue came from its decision to bypass the Google Play Store and offer its Android app directly from its website — that’s a move that is estimated to cost Google around $50 million in lost earnings in 2018.

“As a developer ourselves, we have always wanted a platform with great economics that connects us directly with our players,” Epic Games CEO Tim Sweeney told TechCrunch in an emailed statement sent earlier this week. “Thanks to the success of Fortnite, we now have this and are ready to share it with other developers.”

The Epic Games Store is part of a wider vision that prompted a range of investors to pump $1.25 billion into the company in October. That round has participation from the likes of KKR, Kleiner Perkins and Lightspeed Venture Partners and it is said to value the Epic Games business — which also includes Unreal Engine for game development — at more than $15 billion.

Epic is the only gaming firm to go after Valve this year. Discord introduced a game store in August — just months earlier, Valve appeared to go after Discord with the rollout of its own gamer chat system.

So everyone is going after everyone, but Epic’s big advantage continues to be Fortnite.

Powered by WPeMatico

Google is killing off Allo, its latest messaging app flop

Posted by | Android, Apps, Assistant, computing, Google, Google Hangouts, imessage, machine learning, messaging apps, slack, SMS, Software, technology, Verizon, WhatsApp | No Comments

It’s official: Google is killing off Allo.

The messaging app was only launched in September 2016, but it was pretty much flawed from the word go, with limited usage. Google was, once again, painfully late to the messaging game.

The company said it had ceased work on the service earlier this year, and now it has announced that it’ll close down in March of next year.

“Allo will continue to work through March 2019 and until then, you’ll be able to export all of your existing conversation history from the app,” Google said in a blog post. “We’ve learned a lot from Allo, particularly what’s possible when you incorporate machine learning features, like the Google Assistant, into messaging.”

Google said it wants “every single Android device to have a great default messaging experience,” but the fact remains that the experience on Android massively lags iOS, where Apple’s iMessage service offers a slick experience with free messages, calling and video between iPhone and iPad users.

Instead of Allo, Google is pushing ahead with RCS (Rich Communication Services), an enhanced SMS standard that could allow iMessage-like communication between Android devices.

But “could” is the operative word. The main caveat with RCS is that carriers must develop their own messaging apps that work with the protocol and connect to other apps, while the many Android OEMs also need to hop on board with support.

As I wrote earlier this year, with RCS, Google is giving carriers a chance to take part in the messaging boom, rather than be cut out as WhatsApp, Messenger, iMessage and others take over. But the decision is tricky for carriers, who have traditionally tightly held any form of income until the death. That’s because they won’t directly make money from consumers via RCS, though it allows them to keep their brand and figure out other ways to generate income, such as business-related services.

Verizon has already signed up, for one, but tracking the other supporters worldwide is tricky. Another problem: RCS is not encrypted, which flies in the face of most messaging apps on the market today.

Elsewhere, Google is keeping Duo — the video chat service that launched alongside Allo — while it continues to develop Hangouts into an enterprise-focused service, much like Slack .

Powered by WPeMatico

Seized cache of Facebook docs raise competition and consent questions

Posted by | Android, api, competition, Damian Collins, data protection law, DCMS committee, Developer, Europe, european union, Facebook, Mark Zuckerberg, Onavo, Policy, privacy, Six4Three, Social, social network, terms of service, United Kingdom, vpn | No Comments

A UK parliamentary committee has published the cache of Facebook documents it dramatically seized last week.

The documents were obtained by a legal discovery process by a startup that’s suing the social network in a California court in a case related to Facebook changing data access permissions back in 2014/15.

The court had sealed the documents but the DCMS committee used rarely deployed parliamentary powers to obtain them from the Six4Three founder, during a business trip to London.

You can read the redacted documents here — all 250 pages of them.

In a series of tweets regarding the publication, committee chair Damian Collins says he believes there is “considerable public interest” in releasing them.

“They raise important questions about how Facebook treats users data, their policies for working with app developers, and how they exercise their dominant position in the social media market,” he writes.

“We don’t feel we have had straight answers from Facebook on these important issues, which is why we are releasing the documents. We need a more public debate about the rights of social media users and the smaller businesses who are required to work with the tech giants. I hope that our committee investigation can stand up for them.”

The committee has been investigating online disinformation and election interference for the best part of this year, and has been repeatedly frustrated in its attempts to extract answers from Facebook.

But it is protected by parliamentary privilege — hence it’s now published the Six4Three files, having waited a week in order to redact certain pieces of personal information.

Collins has included a summary of key issues, as the committee sees them after reviewing the documents, in which he draws attention to six issues.

Here is his summary of the key issues:

  • White Lists Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.

Facebook responded

  • Value of friends data It is clear that increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook. The idea of linking access to friends data to the financial value of the developers relationship with Facebook is a recurring feature of the documents.

In their response Facebook contends that this was essentially another “cherrypicked” topic and that the company “ultimately settled on a model where developers did not need to purchase advertising to access APIs and we continued to provide the developer platform for free.”

  • Reciprocity Data reciprocity between Facebook and app developers was a central feature in the discussions about the launch of Platform 3.0.
  • Android Facebook knew that the changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user would be controversial. To mitigate any bad PR, Facebook planned to make it as hard of possible for users to know that this was one of the underlying features of the upgrade of their app.
  • Onavo Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, and apparently without their knowledge. They used this data to assess not just how many people had downloaded apps, but how often they used them. This knowledge helped them to decide which companies to acquire, and which to treat as a threat.
  • Targeting competitor Apps The files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business.

Update: 11:40am

Facebook has posted a lengthy response (read it here) positing that the “set of documents, by design, tells only one side of the story and omits important context.” They give a blow-by-blow response to Collins’ points below though they are ultimately pretty selective in what they actually address.

Generally they suggest that some of the issues being framed as anti-competitive were in fact designed to prevent “sketchy apps” from operating on the platform. Furthermore, Facebook details that they delete some old call logs on Android, that using “market research” data from Onava is essentially standard practice and that users had the choice whether data was shared reciprocally between FB and developers. In regard to specific competitors’ apps, Facebook appears to have tried to get ahead of this release with their announcement yesterday that it was ending its platform policy of banning apps that “replicate core functionality.” 

The publication of the files comes at an awkward moment for Facebook — which remains on the back foot after a string of data and security scandals, and has just announced a major policy change — ending a long-running ban on apps copying its own platform features.

Albeit the timing of Facebook’s policy shift announcement hardly looks incidental — given Collins said last week the committee would publish the files this week.

The policy in question has been used by Facebook to close down competitors in the past, such as — two years ago — when it cut off style transfer app Prisma’s access to its live-streaming Live API when the startup tried to launch a livestreaming art filter (Facebook subsequently launched its own style transfer filters for Live).

So its policy reversal now looks intended to diffuse regulatory scrutiny around potential antitrust concerns.

But emails in the Six4Three files suggesting that Facebook took “aggressive positions” against competing apps could spark fresh competition concerns.

In one email dated January 24, 2013, a Facebook staffer, Justin Osofsky, discusses Twitter’s launch of its short video clip app, Vine, and says Facebook’s response will be to close off its API access.

As part of their NUX, you can find friends via FB. Unless anyone raises objections, we will shut down their friends API access today. We’ve prepared reactive PR, and I will let Jana know our decision,” he writes. 

Osofsky’s email is followed by what looks like a big thumbs up from Zuckerberg, who replies: “Yup, go for it.”

Also of concern on the competition front is Facebook’s use of a VPN startup it acquired, Onavo, to gather intelligence on competing apps — either for acquisition purposes or to target as a threat to its business.

The files show various Onavo industry charts detailing reach and usage of mobile apps and social networks — with each of these graphs stamped ‘highly confidential’.

Facebook bought Onavo back in October 2013. Shortly after it shelled out $19BN to acquire rival messaging app WhatsApp — which one Onavo chart in the cache indicates was beasting Facebook on mobile, accounting for well over double the daily message sends at that time.

Onavo charts are quite an insight into facebook’s commanding view of the app-based attention marketplace pic.twitter.com/Ezdaxk6ffC

— David Carroll 🦅 (@profcarroll) December 5, 2018

The files also spotlight several issues of concern relating to privacy and data protection law, with internal documents raising fresh questions over how or even whether (in the case of Facebook’s whitelisting agreements with certain developers) it obtained consent from users to process their personal data.

The company is already facing a number of privacy complaints under the EU’s GDPR framework over its use of ‘forced consent‘, given that it does not offer users an opt-out from targeted advertising.

But the Six4Three files look set to pour fresh fuel on the consent fire.

Collins’ fourth line item — related to an Android upgrade — also speaks loudly to consent complaints.

Earlier this year Facebook was forced to deny that it collects calls and SMS data from users of its Android apps without permission. But, as we wrote at the time, it had used privacy-hostile design tricks to sneak expansive data-gobbling permissions past users. So, put simple, people clicked ‘agree’ without knowing exactly what they were agreeing to.

The Six4Three files back up the notion that Facebook was intentionally trying to mislead users.

In one email dated November 15, 2013, from Matt Scutari, manager privacy and public policy, suggests ways to prevent users from choosing to set a higher level of privacy protection, writing: “Matt is providing policy feedback on a Mark Z request that Product explore the possibility of making the Only Me audience setting unsticky. The goal of this change would be to help users avoid inadvertently posting to the Only Me audience. We are encouraging Product to explore other alternatives, such as more aggressive user education or removing stickiness for all audience settings.”

Another awkward trust issue for Facebook which the documents could stir up afresh relates to its repeat claim — including under questions from lawmakers — that it does not sell user data.

In one email from the cache — sent by Mark Zuckerberg, dated October 7, 2012 — the Facebook founder appears to be entertaining the idea of charging developers for “reading anything, including friends”.

Yet earlier this year, when he was asked by a US lawmaker how Facebook makes money, Zuckerberg replied: “Senator, we sell ads.”

He did not include a caveat that he had apparently personally entertained the idea of liberally selling access to user data.

Responding to the publication of the Six4Three documents, a Facebook spokesperson told us:

As we’ve said many times, the documents Six4Three gathered for their baseless case are only part of the story and are presented in a way that is very misleading without additional context. We stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Like any business, we had many of internal conversations about the various ways we could build a sustainable business model for our platform. But the facts are clear: we’ve never sold people’s data.

Zuckerberg has repeatedly refused to testify in person to the DCMS committee.

At its last public hearing — which was held in the form of a grand committee comprising representatives from nine international parliaments, all with burning questions for Facebook — the company sent its policy VP, Richard Allan, leaving an empty chair where Zuckerberg’s bum should be.

Powered by WPeMatico