computing

Test and trace with Apple and Google

Posted by | alipay, america, Android, Apple, apple inc, Bluetooth, China, Companies, computing, cryptography, digital rights, encryption, Google, google play services, human rights, MIT, NHS, operating system, Opinion, privacy, Singapore, south korea, surveillance, TC, terms of service, United Kingdom, world health organization | No Comments

After the shutdown, the testing and tracing. “Trace, test and treat is the mantra … no lockdowns, no roadblocks and no restriction on movement” in South Korea. “To suppress and control the epidemic, countries must isolate, test, treat and trace,” say WHO.

But what does “tracing” look like exactly? In Singapore, they use a “TraceTogether” app, which uses Bluetooth to track nearby phones (without location tracking), keeps local logs of those contacts, and only uploads them to the Ministry of Health when the user chooses/consents, presumably after a diagnosis, so those contacts can be alerted. Singapore plans to open-source the app.

In South Korea, the government texts people to let them know if they were in the vicinity of a diagnosed individual. The information conveyed can include the person’s age, gender, and detailed location history. Subsequently, even more details may be made available:

The level of detail provided by @Seoul_gov for each and every COVID-19 case in the city is astonishing:

Last name (which I’ve obscured)
Sex
Birth year
District of residence
Profession
Travel history
Contact with known cases
Hospital where they’re being treated pic.twitter.com/GsI0QQPcVH

— Victoria Kim (@vicjkim) March 24, 2020

In China, as you might expect, the surveillance is even more pervasive and draconian. Here, the pervasive apps Alipay and WeChat now include health codes – green, yellow, or red – set by the Chinese government, using opaque criteria. This health status is then used in hundreds of cities (and soon nationwide) to determine whether people are allowed to e.g. ride the subway, take a train, enter a building, or even exit a highway.

What about us, in the rich democratic world? Are we OK with the Chinese model? Of course not. The South Korean model? …Probably not. The Singaporean model? …Maybe. (I suspect it would fly in my homeland of Canada, for instance.) But the need to install a separate app, with TraceTogether or the directionally similar MIT project Safe Paths, is a problem. It works in a city-state like Singapore but will be much more problematic in a huge, politically divided nation like America. This will lead to inferior data blinded by both noncompliance and selection bias.

More generally, at what point does the urgent need for better data collide with the need to protect individual privacy and avoid enabling the tools for an aspiring, or existing, police state? And let’s not kid ourselves; the pandemic increases, rather than diminishes, the authoritarian threat.

Maybe, like the UK’s NHS, creators of new pandemic data infrastructures will promise “Once the public health emergency situation has ended, data will either be destroyed or returned” — but not all organizations instill the required level of trust in their populace. This tension has provoked heated discussion around whether we should create new surveillance systems to help mitigate and control the pandemic.

This surprises me greatly. Wherever you may be on that spectrum, there is no sense whatsoever in creating a new surveillance system — seeing as how multiple options already exist. We don’t like to think about it, much, but the cold fact is that two groups of entities already collectively have essentially unfettered access to all our proximity (and location) data, as and when they choose to do so.

I refer of course to the major cell providers, and to Apple & Google . This was vividly illustrated by data company Tectonix in a viral visualization of the spread of Spring Break partygoers:

Want to see the true potential impact of ignoring social distancing? Through a partnership with @xmodesocial, we analyzed secondary locations of anonymized mobile devices that were active at a single Ft. Lauderdale beach during spring break. This is where they went across the US: pic.twitter.com/3A3ePn9Vin

— Tectonix GEO (@TectonixGEO) March 25, 2020

Needless to say, Apple and Google, purveyors of the OSes on all those phones, have essentially the same capability as and when they choose to exercise it. An open letter from “technologists, epidemiologists & medical professionals” calls on “Apple, Google, and other mobile operating system vendors” (the notion that any other vendors are remotely relevant is adorable) “to provide an opt-in, privacy preserving OS feature to support contact tracing.”

They’re right. Android and iOS could, and should, add and roll out privacy-preserving, interoperable, TraceTogether-like functionality at the OS level (or Google Play Services level, to split fine technical hairs.) Granted, this means relying on corporate surveillance, which makes all of us feel uneasy. But at least it doesn’t mean creating a whole new surveillance infrastructure. Furthermore, Apple and Google, especially compared to cellular providers, have a strong institutional history and focus on protecting privacy and limiting the remit of their surveillance.

(Don’t believe me? Apple’s commitment to privacy has long been a competitive advantage. Google offers a thorough set of tools to let you control your data and privacy settings. I ask you: where is your cell service provider’s equivalent? Ah. Do you expect it to ever create one? I see. Would you also be interested in this fine, very lightly used Brooklyn Bridge I have on sale?)

Apple and Google are also much better suited to the task of preserving privacy by “anonymizing” data sets (I know, I know, but see below), or, better yet, preserving privacy via some form(s) of differential privacy and/or homomorphic encryption — or even some kind of zero-knowledge cryptography, he handwaved wildly. And, on a practical level, they’re more able than a third-party app developer to ensure a background service like that stays active.

Obviously this should all be well and firmly regulated. But at the same time, we should remain cognizant of the fact that not every nation believes in such regulation. Building privacy deep into a contact-tracing system, to the maximum extent consonant with its efficacy, is especially important when we consider its potential usage in authoritarian nations who might demand the raw data. “Anonymized” location datasets admittedly tend to be something of an oxymoron, but authoritarians may still be technically stymied by the difficulty of deanonymization; and if individual privacy can be preserved even more securely than that via some elegant encryption scheme, so much the better.

Compared to the other alternatives — government surveillance; the phone companies; or some new app, with all the concomitant friction and barriers to usage — Apple and Google are by some distance the least objectionable option. What’s more, in the face of this global pandemic they could roll out their part of the test-and-trace solution to three billion users relatively quickly. If we need a pervasive pandemic surveillance system, then let’s use one which (though we don’t like to talk about it) already exists, in the least dangerous, most privacy-preserving way.

Powered by WPeMatico

Security lapse exposed Republican voter firm’s internal app code

Posted by | Android, arizona, Cambridge Analytica, computing, Facebook, founder, Georgia, montana, Ohio, operating systems, photo sharing, Security, social media, Software, TechCrunch, UpGuard | No Comments

A voter contact and canvassing company, used exclusively by Republican political campaigns, mistakenly left an unprotected copy of its app’s code on its website for anyone to find.

The company, Campaign Sidekick, helps Republican campaigns canvas its districts using iOS and Android apps, which pull in names and addresses from voter registration rolls. Campaign Sidekick says it has helped campaigns in Arizona, Montana, and Ohio and contributed to the Brian Kemp campaign, which saw him narrowly win against Democratic rival Stacey Abrams in the Georgia gubernatorial campaign in 2018.

For the past two decades, political campaigns have ramped up their use of data to identify swing voters. This growing political data business has opened up a whole economy of startups and tech companies using data to help campaigns better understand their electorate. But that has led to voter records spilling out of unprotected servers and other privacy-related controversies — like the case of Cambridge Analytica obtaining private data from social media sites.

Chris Vickery, director of cyber risk research at security firm UpGuard, said he found the cache of Campaign Sidekick’s code by chance.

In his review of the code, Vickery found several instances of credentials and other app-related secrets, he said in a blog post on Monday, which he shared exclusively with TechCrunch. These secrets, such as keys and tokens, can typically be used to gain access to systems or data without a username or password. But Vickery did not test the password as doing so would be unlawful. Vickery also found a sampling of personally identifiable information, he said, amounting to dozens of spreadsheets packed with voter names and addresses.

Fearing the exposed credentials could be abused if accessed by a malicious actor, Vickery informed the company of the issue in mid-February. Campaign Sidekick quickly pulled the exposed cache of code offline.

One of the Campaign Sidekick mockups, using dummy data, collates a voter’s data in one place. (Image: supplied)

One of the screenshots provided by Vickery showed a mockup of a voter profile compiled by the app, containing basic information about the voter and their past voting and donor history, which can be obtained from public and voter records. The mockup also lists the voter’s “friends.”

Vickery told TechCrunch he found “clear evidence” that the app’s code was designed to pull in data from its now-defunct Facebook app, which allowed users to sign-in and pull their list of friends — a feature that was supported by Facebook at the time until limits were put on third-party developers’ access to friends’ data.

“There is clear evidence that Campaign Sidekick and related entities had and have used access to Facebook user data and APIs to query that data,” Vickery said.

Drew Ryun, founder of Campaign Sidekick, told TechCrunch that its Facebook project was from eight years prior, that Facebook had since deprecated access to developers, and that the screenshot was a “digital artifact of a mockup.” (TechCrunch confirmed that the data in the mockup did not match public records.)

Ryun said after he learned of the exposed data the company “immediately changed sensitive credentials for our current systems,” but that the credentials in the exposed code could have been used to access its databases storing user and voter data.

Powered by WPeMatico

Google Cloud launches Game Servers, a managed cloud backend for games

Posted by | Cloud, cloud computing, cloud infrastructure, computing, game developers, Gaming, Google, google cloud, google cloud platform, Kubernetes, programming languages, TC, ubisoft | No Comments

Google Cloud today announced the beta launch of Game Servers, a managed service that provides game developers with the usual backend services for running their games, including multi-player games, in the company’s cloud. It’s worth stressing that these are not game streaming servers but solely meant to make it easier for game developers to build, scale and manage the backend services for their games.

The service sits on top of the Agones open-source game server, a project Google and Ubisoft first announced in 2018, and the Kubernetes container orchestration platform. As Google Cloud product manager Scott Van Woudenberg told me, the team is also reusing some parts of Anthos, Google’s service for managing multi-cloud Kubernetes clusters. And while Game Servers can currently only run on the Google Kubernetes Engine, the plan is to allow for hybrid and multi-cloud support later this year.

Quite a few gaming companies have already built their own on-premises server fleets, so just like in the enterprise, having hybrid-cloud capabilities is a must-have for a tool like this. Google will also make it easy for developers who already use Agones outside of Game Servers today to bring those servers into the same managed Game Servers ecosystem by registering them with the Game Servers API.

As Van Woudenberg noted, virtually every game now needs some kind of cloud backend, be that for multi-player features, match-making or keeping persistent game stats, for example. That’s true for indie developers and major game studios. Game Servers, ideally, will make it easier for these companies to scale their clusters up and down as needed. Game Servers also provides for A/B testing and canary tests, and, in future updates, it will include integrations with the Open Match matchmaking framework.

To get started, developers still have to containerize their game servers. For those companies that already use Agones, that’s a pretty straightforward exercise, Van Woudenberg said. Others, though, need a bit more help with that, and Google is working with partners to walk them through this.

Powered by WPeMatico

Google hits pause on Chrome and Chrome OS releases

Posted by | Android, chrome os, computing, Google, google chrome os, google-chrome, operating systems, TC, YouTube | No Comments

Google today announced that it is pausing upcoming Chrome and Chrome OS releases “due to adjusted work schedules.”

The company confirmed that we will still see security updates, though, which will get merged into version 80, the browser’s current stable release version. “We’ll continue to prioritize any updates related to security, which will be included in Chrome 80,” the team writes in today’s brief announcement.

Don’t expect any new feature updates anytime soon, though. Chrome version 81 is currently in beta testing and will likely remain in this channel for now. Like so much in this current situation, it’s unclear when Google plans to resume regular updates.

Earlier this week, Google also noted that Android app reviews will likely now take longer as the COVID-19 pandemic has reduced in-office staffing levels. The same holds true for YouTube. As YouTube is taking measures to protect its staff, it says it’ll rely more on its AI algorithms to moderate content (which in turn will likely lead to more false positives and YouTube taking down more videos that weren’t actually violating its terms).

With most of Google (and other tech companies) now working from home, we’ll likely see more of these announcements in the future as the impact of this crisis becomes clearer in the coming weeks.

Powered by WPeMatico

Google launches the first developer preview of Android 11

Posted by | Android, api, Apps, BlackBerry Priv, computing, dave burke, Google, Google Play, machine learning, Mobile, mobile operating system, operating system, operating systems, PIXEL, smartphones, Software, TC | No Comments

With the days of desert-themed releases officially behind it, Google today announced the first developer preview of Android 11, which is now available as system images for Google’s own Pixel devices, starting with the Pixel 2.

As of now, there is no way to install the updates over the air. That’s usually something the company makes available at a later stage. These first releases aren’t meant for regular users anyway. Instead, they are a way for developers to test their applications and get a head start on making use of the latest features in the operating system.

With Android 11 we’re keeping our focus on helping users take advantage of the latest innovations, while continuing to keep privacy and security a top priority,” writes Google VP of Engineering Dave Burke. “We’ve added multiple new features to help users manage access to sensitive data and files, and we’ve hardened critical areas of the platform to keep the OS resilient and secure. For developers, Android 11 has a ton of new capabilities for your apps, like enhancements for foldables and 5G, call-screening APIs, new media and camera capabilities, machine learning, and more.”

Unlike some of Google’s previous early previews, this first version of Android 11 does actually bring quite a few new features to the table. As Burke noted, there are some obligatory 5G features like a new bandwidth estimate API, for example, as well as a new API that checks whether a connection is unmetered so apps can play higher-resolution video, for example.

With Android 11, Google is also expanding its Project Mainline lineup of updatable modules from 10 to 22. With this, Google is able to update critical parts of the operating system without having to rely on the device manufacturers to release a full OS update. Users simply install these updates through the Google Play infrastructure.

Users will be happy to see that Android 11 will feature native support for waterfall screens that cover a device’s edges, using a new API that helps developers manage interactions near those edges.

Also new are some features that developers can use to handle conversational experiences, including a dedicated conversation section in the notification shade, as well as a new chat bubbles API and the ability to insert images into replies you want to send from the notifications pane.

Unsurprisingly, Google is adding a number of new privacy and security features to Android 11, too. These include one-time permissions for sensitive types of data, as well as updates to how the OS handles data on external storage, which it first previewed last year.

As for security, Google is expanding its support for biometrics and adding different levels of granularity (strong, weak and device credential), in addition to the usual hardening of the platform you would expect from a new release.

There are plenty of other smaller updates as well, including some that are specifically meant to make running machine learning applications easier, but Google specifically highlights the fact that Android 11 will also bring a couple of new features to the OS that will help IT manage corporate devices with enhanced work profiles.

This first developer preview of Android 11 is launching about a month earlier than previous releases, so Google is giving itself a bit more time to get the OS ready for a wider launch. Currently, the release schedule calls for monthly developer preview releases until April, followed by three betas and a final release in Q3 2020.

Powered by WPeMatico

Intel and Google plot out closer collaboration around Chromebooks and the future of computing

Posted by | Apple, CES 2020, chrome os, chromebook, computing, Gadgets, GM, Google, google-chrome, hardware, Intel, laptops, Samsung, smartphone, TC | No Comments

Intel, the chip-making giant, has been on the road of refocusing its strategy in recent months. While it has sold its mobile chip operation to Apple and is reportedly looking for a buyer for its connected home division, it’s also been going through the difficult task of rethinking how best to tackle the longtime bread and butter of its business, the PC.

Part of that latter strategy is getting a big boost this week at CES 2020. Here, Intel is today announcing a deeper partnership with Google to design chips and specifications for Chromebooks built on Project Athena. Project Athena is framework first announced last year that covers both design and technical specs, with the aim of building the high-performance laptops of tomorrow that can be used not just for work, but media streaming, gaming, enterprise applications and more, all on the go — powered by Intel, naturally.

(The specs include things like requiring ‘fast wake’ using fingerprints or push-buttons or lift lids; using Intel Core i5 or i7 processors; “Ice Lake” processor designs; better battery life and charging; WiFi 6; touch displays; 2-in-1 designs; narrow bezels and more.)

Earlier today, the first two Chromebooks built on those Athena specifications — from Samsung and Asus — were announced by the respective companies, and Intel says that there will be more to come. And on stage, Google joined Intel during its keynote to also cement the two companies’ commitment to the mission.

“We’re going a step further and deepening our partnership with Google to bring Athena to Chromebooks,” Gregory Bryant, the EVP and GM of Intel’s client computing group, said in an interview with TechCrunch ahead of today. “We’ve collaborated very closely with Google [so that device makers] can take advantage of these specs.”

For Intel, having a Chromebook roster using Athena is important because these have been very popular, and it brings its processors into machines used by people who are buying Chromebooks to get access to Google services around security and more, and its apps ecosystem.

But stepping up the specifications for Chromebooks is as important for Google as it is for Intel in terms of the bottom line and growing business.

“This is a significant change for Google,” said John Solomon, Google’s VP of ChromeOS, in an interview ahead of today. “Chromebooks were successful in the education sector initially, but in the next 18 months to two years, our plan is to go broader, expanding to consumer and enterprise users. Those users have greater expectations and a broader idea of how to use these devices. That puts the onus on us to deliver more performance.”

The renewed effort comes at an interesting time. The laptop market is in a generally tight spot these days. Overall, the personal computing market is in a state of decline, and forecast to continue that way for the next several years.

But there is a slightly brighter picture for the kinds of machines that are coming out of collaborations like the one between Intel, Google, and their hardware partners: IDC forecasts that 2-in-1 devices — by which it means convertible PCs and detachable tablets — and ultra-slim notebook PCs “are expected to grow 5% collectively over the same period,” versus a compound annual growth rate of -2.4% between 2019 and 2023. So there is growth, but not a huge amount.

Up against that is the strength of the smartphone market. Granted, it, too, is facing some issues as multiple markets reach smartphone saturation and consumers are slower to upgrade.

All that is to say that there are challenges. And that is why Intel, whose fortunes are so closely linked to those of personal computing devices since it makes the processors for them, has to make a big push around projects like Athena.

Up to this month, all of the laptops built to Athena specs have been Windows PCs — 25 to date — but Intel had always said from the start Chromebooks would be part of the mix, to help bring the total number of Athena-based devices up to 75 by the end of this year (adding 50 in 2020).

Chromebooks are a good area for Intel to be focusing on, as they seem to be outpacing growth for the wider market, despite some notable drawbacks about how Chrome OS has been conceived as a “light” operating system with few native tools and integrations in favor of apps. IDC said that in Q4 of 2019, growth was 19% year-on-year,  and from what I understand the holiday period saw an even stronger rise. In the US, Chromebooks had a market share of around 27% last November, according to NPD/Gfk.

What’s interesting is the collaborative approach that Intel — and Google — are taking to grow. The Apple -style model is to build vertical integration into its hardware business to ensure a disciplined and unified approach to form and function: the specifications of the hardware are there specifically to handle the kinds of services that Apple itself envisions to work on its devices, and in turn, it hands down very specific requirements to third parties to work on those devices when they are not services and apps native to Apple itself.

While Google is not in the business of building laptops or processors (yet?), and Intel is also far from building more than just processors, what the two have created here is an attempt at bringing a kind of disciplined specification that mimics what you might get in a vertically integrated business.

“It’s all about building the best products and delivering the best experience,” Bryant said.

“We can’t do what we do without Intel’s help and this close engineering collaboration over the last 18 months,” Solomon added. “This is the beginning of more to come in this space, with innovation that hasn’t previously been seen.”

Indeed, going forward, interestingly Bryant and Solomon wouldn’t rule out that Athena and their collaboration might extend beyond laptops.

“Our job is to make the PC great. If we give consumers value and a reason to buy a PC we can keep the PC alive,” said Bryant, but he added that Intel is continuing to evolve the specification, too.

“From a form factor you’ll see an expansion of devices that have dual displays or have diff kinds of technology and form factors,” he said. “Our intention is to expand and do variations on what we have shown today.”

CES 2020 coverage - TechCrunch

Powered by WPeMatico

This new wireless charger from Zens nearly fulfills the promise of Apple’s AirPower

Posted by | AirPods, AirPower, Apple, apple inc, computing, Gadgets, hardware, inductive charging, iOS, iPhone, iphone accessories, Reviews, TC, Vaporware, wireless, wireless chargers, Zens | No Comments

Apple’s cancellation of its AirPower wireless charging mat was one of the company’s few big public flubs, but the concept behind the cancelled product remains attractive: A wireless charging pad that supports multiple devices, and that isn’t picky about how you set down your device in order to make a connection. Wireless charging accessory maker Zens has actually created such a device with the Liberty Wireless Charger, and while it doesn’t offer everything that AirPower claimed to be able to do, it’s a big step up from current wireless chargers, and a great companion for iPhone, AirPods and Apple Watch.

Coils, coils coils

The Zens Liberty is special because of how it uses the wireless charging coils that are responsible for the charging ability of any wireless chargers — wound circular loops of copper cable that provide the induction power received by devices like the latest iPhones and AirPods charging case. Zens has stacked 16 such coils in an overlapping array — which, conveniently, you can see in pretty much full detail in the transparent glass edition charger that’s available today alongside the fabric-covered version.

These overlapping coils are the key to the unique abilities of the Zens Liberty: Specifically, their arrangement means you can place your devices down in basically any orientation and they’ll begin charging right away. Most charging pads, by comparison, have one, two or sometimes three coils placed in specific locations, meaning you have to make sure your device is properly situated above one to actually get it to start charging. If you’ve been using wireless chargers for any length of time, you’ve probably had the unfortunate opportunity to get this orientation match-up wrong, resulting in a phone that didn’t charge at all when you wake up the next morning.

Zens’ Liberty does indeed solve this annoyance, and I found I was able to put devices down basically however I wanted and have them charge up.

Flexible seating for two

Up to two Qi-compatible devices can be charged at once, and they’ll each work with up to 15w of power, which is at the top end of what any current devices support. I tested it out with Android phones, iPhones and AirPods (plus AirPods Pro) and found that all worked without issue and basically however I wanted to lay them across the surface. The caveats here are that you should think of the areas around the edges of the charger as basically non-active, so stay around an inch in from the outer surface and you should be fine.

This flexibility may not seem like much (why not just pay attention when you’re putting your devices on a more traditional charger?), but it actually is a very nice convenience. Just that small assurance that you can easily put your device down on the Liberty’s generous surface and not worry too much about checking whether a connection was actually made is a big relief when you charge a device as much as you do your iPhone or your AirPods.

Apple Watch, too

The Zens Liberty can’t charge the Apple Watch on the pad, the way that Apple had advertised the cancelled AirPower would’ve been able to. But with an accessory, the pad can become a truly all-in-one charging station for your mobile Apple kit, Watch included. An officially supported Apple Watch charger with a USB-A connector on one end is an add-on option that Zens offers, and it conveniently slots right into a USB port present on the Zens Liberty (and protected/hidden by a rubber flap when not in use).

This port actually supports any kind of USB-powered device, so you can also use it with a cable to charge another gadget, like an iPad for instance. But it’s perfectly designed for the new Zens Apple Watch charger accessory, which comes with a little plastic shelf that snaps in to support your Watch when it’s charging. It provides just the right angle for Apple Watch’s Nightstand mode, and is a necessary addition for anyone looking for an all-in-one solution.

Bottom line

The Zens Liberty is the best all-around charging option available currently, based on my testing so far. It’s also powered by an included 60w USB-C charger, which comes with two international plug adapters that makes it a great travel brick for other devices, too. That means you can also use standard USB-C power bricks with it, too, rather than requiring some kind of proprietary power adapter.

There are some downsides to keep in mind, however: You should realize that this is a big charger, for instance. That’s good in that it supports multiple devices easily, but it’s also going to take up more space than your average wireless charger. It’s also thick, which allows for the stacked coils and cooling system (this is the only wireless charger I’ve used that has clear and obvious vents, for instance).

That said, the Zens Liberty makes good on the true promise of wireless charging, which is convenience and flexibility. And it’s well-designed and aesthetically attractive, in both the fabric-covered and striking transparent glass designs. Zens is now accepting pre-orders for these, with shipping starting sometime this month; the standard fabric version retails for 139.99 ($155 USD), while the glass edition is €179.99 ($199 USD) and the Apple Watch USB stick sells for €39.99 ($44.50 USD).

Powered by WPeMatico

Whatever happened to the Next Big Things?

Posted by | Amazon, Android, Apple, articles, artificial intelligence, blockchain, chatbot, computing, Elon Musk, Emerging-Technologies, Ford, Internet of Things, machine learning, Magic Leap, Microsoft, Opinion, phoenix, Prime Air, self-driving car, smartphone, smartphones, Symbian, TC, technology, waymo | No Comments

In tech, this was the smartphone decade. In 2009, Symbian was still the dominant ‘smartphone’ OS, but 2010 saw the launch of the iPhone 4, the Samsung Galaxy S, and the Nexus One, and today Android and iOS boast four billion combined active devices. Today, smartphones and their apps are a mature market, not a disruptive new platform. So what’s next?

The question presupposes that something has to be next, that this is a law of nature. It’s easy to see why it might seem that way. Over the last thirty-plus years we’ve lived through three massive, overlapping, world-changing technology platform shifts: computers, the Internet, and smartphones. It seems inevitable that a fourth must be on the horizon.

There have certainly been no shortage of nominees over the last few years. AR/VR; blockchains; chatbots; the Internet of Things; drones; self-driving cars. (Yes, self-driving cars would be a platform, in that whole new sub-industries would erupt around them.) And yet one can’t help but notice that every single one of those has fallen far short of optimistic predictions. What is going on?

You may recall that the growth of PCs, the Internet, and smartphones did not ever look wobbly or faltering. Here’s a list of Internet users over time: from 16 million in 1995 to 147 million in 1998. Here’s a list of smartphone sales since 2009: Android went from sub-1-million units to over 80 million in just three years. That’s what a major platform shift looks like.

Let’s compare each of the above, shall we? I don’t think it’s an unfair comparison. Each has had champions arguing it will, in fact, be That Big, and even people with more measured expectations have predicted growth will at least follow the trajectory of smartphones or the Internet, albeit maybe to a lesser peak. But in fact…

AR/VR: Way back in 2015 I spoke to a very well known VC who confidently predicted a floor of 10 million devices per year well before the end of this decade. What did we get? 3.7M to 4.7M to 6M, 2017 through 2019, while Oculus keeps getting reorg’ed. A 27% annual growth rate is OK, sure, but a consistent 27% growth rate is more than a little worrying for an alleged next big thing; it’s a long, long way from “10xing in three years.” Many people also predicted that by the end of this decade Magic Leap would look like something other than an utter shambles. Welp. As for other AR/VR startups, their state is best described as “sorry.”

Blockchains: I mean, Bitcoin’s doing just fine, sure, and is easily the weirdest and most interesting thing to have happened to tech in the 2010s; but the entire rest of the space? I’m broadly a believer in cryptocurrencies, but if you were to have suggested in mid-2017 to a true believer that, by the end of 2019, enterprise blockchains would essentially be dead, decentralized app usage would still be measured in the low thousands, and no real new use cases would have arisen other than collateralized lending for a tiny coterie — I mean, they would have been outraged. And yet, here we are.

Chatbots: No, seriously, chatbots were celebrated as the platform of the future not so long ago. (Alexa, about which more in a bit, is not a chatbot.) “The world is about to be re-written, and bots are going to be a big part of the future” was an actual quote. Facebook M was the future. It no longer exists. Microsoft’s Tay was the future. It really no longer exists. It was replaced by Zo. Did you know that? I didn’t. Zo also no longer exists.

The Internet of Things: let’s look at a few recent headlines, shall we? “Why IoT Has Consistently Fallen Short of Predictions.” “Is IoT Dead?” “IoT: Yesterday’s Predictions vs. Today’s Reality.” Spoiler: that last one does not discuss how reality has blown previous predictions out of the water. Rather, “The reality turned out to be far less rosy.”

Drones: now, a lot of really cool things are happening in the drone space, I’ll be the first to aver. But we’re a long way away from physical packet-switched networks. Amazon teased Prime Air delivery way back in 2015 and made its first drone delivery way back in 2016, which is also when it patented its blimp mother ship. People expected great things. People still expect great things. But I think it’s fair to say they expected … a bit more … by now.

Self-driving cars: We were promised so much more, and I’m not even talking about Elon Musk’s hyperbole. From 2016: “10 million self-driving cars will be on the road by 2020.” “True self-driving cars will arrive in 5 years, says Ford“. We do technically have a few, running in a closed pilot project in Phoenix, courtesy of Waymo, but that’s not what Ford was talking about: “Self-driving Fords that have no steering wheels, brake or gas pedals will be in mass production within five years.” So, 18 months from now, then. 12 months left for that “10 million” prediction. You’ll forgive a certain skepticism on my part.

The above doesn’t mean we haven’t seen any successes, of course. A lot of new kinds of products have been interesting hits: AirPods, the Apple Watch, the Amazon Echo family. All three are more new interfaces than whole new major platforms, though; not so much a gold rush as a single vein of silver.

You may notice I left machine learning / AI off the list. This is in part because it definitely has seen real qualitative leaps, but a) there seems to be a general concern that we may have entered the flattening of an S-curve there, rather than continued hypergrowth, b) either way, it’s not a platform. Moreover, the wall that both drones and self-driving cars have hit is labelled General Purpose Autonomy … in other words, it is an AI wall. AI does many amazing things, but when people predicted 10M self-driving cars on the roads next year, it means they predicted AI would be good enough to drive them. In fact it’s getting there a lot slower than we expected.

Any one of these technologies could define the next decade. But another possibility, which we have to at least consider, is that none of them might. It is not an irrefutable law of nature that just as one major tech platform begins to mature another must inevitably start its rise. We may well see a lengthy gap before the next Next Big Thing. Then we may see two or three rise simultaneously. But if your avowed plan is that this time you’re totally going to get in on the ground floor — well, I’m here to warn you, you may have a long wait in store.

Powered by WPeMatico

Cloud flaws expose millions of child-tracking smartwatches

Posted by | computer security, computing, Gadgets, hardware, olympics, pen test partners, Security, smartwatch, technology, ubiquitous computing, wearable devices, Wearables | No Comments

Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can.

This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a common shared cloud platform used to power millions of cellular-enabled smartwatches.

The cloud platform is developed by Chinese white-label electronics maker Thinkrace, one of the largest manufacturers of location-tracking devices. The platform works as a backend system for Thinkrace-made devices, storing and retrieving locations and other device data. Not only does Thinkrace sell its own child-tracking watches to parents who want to keep tabs on their children, the electronics maker also sells its tracking devices to third-party businesses, which then repackage and relabel the devices with their own branding to be sold on to consumers.

All of the devices made or resold use the same cloud platform, guaranteeing that any white-label device made by Thinkrace and sold by one of its customers is vulnerable.

Ken Munro, founder of Pen Test Partners, shared the findings exclusively with TechCrunch. Their research found at least 47 million vulnerable devices.

“It’s only the tip of the iceberg,” he told TechCrunch.

Smartwatches leaking location data

Munro and his team found that Thinkrace made more than 360 devices, mostly watches and other trackers. Because of relabeling and reselling, many Thinkrace devices are branded differently

“Often the brand owner doesn’t even realize the devices they are selling are on a Thinkrace platform,” said Munro.

Each tracking device sold interacts with the cloud platform either directly or via an endpoint hosted on a web domain operated by the reseller. The researchers traced the commands all the way back to Thinkrace’s cloud platform, which the researchers described as a common point of failure.

The researchers said that most of the commands that control the devices do not require authorization and the commands are well documented, allowing anyone with basic knowledge to gain access and track a device. And because there is no randomization of account numbers, the researchers found they could access devices in bulk simply by increasing each account number by one.

The flaws aren’t just putting children at risk, but also others who use the devices.

In one case, Thinkrace provided 10,000 smartwatches to athletes participating in the Special Olympics. But the vulnerabilities meant that every athlete could have their location monitored, the researchers said.

Child voice recordings found exposed

One device maker bought the rights to resell one of Thinkrace’s smartwatches. Like many other resellers, this brand owner allowed parents to track the whereabouts of their children and raise an alarm if they leave a geographical area set by the parent.

The researchers said they could track the location of any child wearing one of these watches by enumerating easy-to-guess account numbers.

The smartwatch also allows parents and children to talk to each other, just like a walkie-talkie. But the researchers found that the voice messages were recorded and stored in the insecure cloud, allowing anyone to download files.

A recording of a child’s voice from a vulnerable server of a smartwatch reseller. (We’ve removed the audio to protect the child’s privacy.)

TechCrunch listened to several recordings picked at random and could hear children talking to their parents through the app.

The researchers likened the findings to CloudPets, an internet-connected teddy bear-like toy, which, in 2017, left their cloud servers unprotected, exposing two million child voice recordings.

Some five million children and parents use the smartwatch sold by the reseller.

Disclosure whack-a-mole

The researchers disclosed the vulnerabilities to several white-label electronics makers in 2015 and 2017, including Thinkrace.

Some of the resellers fixed their vulnerable endpoints. In some cases, the fixes put in place to protect vulnerable endpoints later became undone. But many companies simply ignored the warnings, prompting the researchers to go public with their findings.

Rick Tang, a spokesperson for Thinkrace, did not respond to a request for comment.

Munro said that while the vulnerabilities are not believed to have been widely exploited, device makers like Thinkrace “need to get better” at building more secure systems. Until then, Munro said owners should stop using these devices.

Powered by WPeMatico

Kid-focused STEM device startup Kano sees layoffs as it puts Disney e-device on ice

Posted by | Amazon, Barclays, China, Collaborative Fund, computing, Disney, Education, Europe, Gadgets, Google, hardware, harry potter, Intel, Kano, London, Marc Benioff, Microsoft, microsoft windows, TC, United States | No Comments

London-based STEM device maker Kano has confirmed it’s cutting a number of jobs which it claims is part of a restructuring effort to shift focus to “educational computing”.

The job cuts — from 65 to 50 staff — were reported earlier by The Telegraph. Kano founder Alex Stein confirmed in a call with TechCrunch that Kano will have 50 staff going into next year. Although he said the kid-focused learn to code device business is also adding jobs in engineering and design, as well as eliminating other roles as it shifts focus.

He also suggested some of the cuts are seasonal and cyclical — related to getting through the holiday season.

Per Stein, jobs are being taking out as the company moves from building atop the Raspberry Pi platform — where it started, back in 2013, with its crowdfunded DIY computer — to a Windows-based learning platform.

Other factors he pointed to in relation to the layoffs include a new manufacturing setup in China, with a “simpler, larger contract manufacturer”; fewer physical retail outlets to support, with Kano leaning more on Amazon (which he said is “cheaper to support”); fewer dependencies on large partners and agencies, with Stein claiming 18% of US parents with kids aged 6-12 are now familiar with the brand, reducing its marketing overhead; and a desire to shrink the number of corporate managers vs makers on its books as “we’ve seen a stronger response to our first-party Kano products — Computer Kit, Pixel Kit, Motion Sensor Kit — than expected this year”.

“We have brought on some roles that are more focused on this new platform [Kano PC], and some roles that were focused on the Raspberry Pi are no longer with us,” he also told TechCrunch.

Kano unveiled its first Windows-based PC this fall. The 11.6-inch touch-enabled, Intel Atom-powered computer costs $300 — which puts it in the ballpark price-range of Google’s Chromebook.

The tech giant has maintained a steady focus on the educational computing market — putting a competitive squeeze on smaller players like Kano who are trying to carve out a business selling their own brand of STEM-focused hardware. Against the Google Goliath, Stein touts factors such as relative repairability and attention to computing performance for the Kano PC (which he claims is “on a par with the Surface Go”), in addition to having now thrown its lot in with rival giant, Microsoft.

“The more and more we got into school environments the more and more we were in conversations with major North American distributors to schools, the more we saw that people wanted that ‘DIY’… product design, they wanted the hackability and extensibility of the kit, they wanted the tools to be open source and manipulable but they also wanted to be able to run Photoshop and to run Class Dashboard and to run Microsoft Office. And so that was when we struck the partnership with Microsoft,” said Stein.

“The Windows computing is packed with content and curriculum for teachers and an integration with Microsoft Teams which requires a different sort of development capability,” he added.

“The roles we’re adding are around subscription, they’re around the computer, building new applications and tools for the computer and continuing to enrich the number of projects that are available for our members now — so we’re doing things like allowing people to connect the sensors in their wands to household IoT device. We’re introducing, over the Christmas period, a new collaborative drawing app.”

According to Stein, Kano is “already seeing demand for 60,000 units in this next calendar year” for its Windows-based PC — which he said is “well beyond what we expect… given the price-point.

Although he did not put a figure on exact sales to date of the Kano PC.

He also confirmed Kano will be dialling back the range of products it offers next year.

It recently emerged that an own-brand camera device, which Kano first trailed back in 2016, will not now be shipping. Stein also told us that another co-branded Disney product they’d been planning for 2020 is being “put back” — with no new date for release as yet.

Stein denied sales have been lacklustre — claiming the current Star Wars and Frozen e-products have “done enough for us”. (While a co-branded Harry Potter e-wand is selling faster than expected, per Stein, who said they had expected to have stock until March but are “selling out”.)

“The reorganization we’ve done has nothing to do with growth and users,” he told us. “We are on track to sell through more units as well as products at a higher average selling price this fiscal year. We’re selling out of Wands when we expected to have stock all the way to March. We have more pre-launch demand for the Kano PC than anything we’ve ever done.”

Of the additional co-branded Disney e-product which is being delayed — and may not now launch at all next year, Stein told us: “The fact is we’re in negotiations with Disney around this — and around the timing of it. Given that we’re not certain we’re going to be doing it in 2020 some of the contractor roles in particular that we brought on to do the licensing sign off pieces, to develop some of the content around those brands, some of the apparatus set up to manage those partnerships — we don’t need any more.”

“We introduced three new hardware SKUs this year. I don’t think we’ll do three new hardware SKUs next year,” he added, confirming the intention is to trim the number of device launches in 2020 to focus on the Kano PC.

One source we spoke to suggested Kano is considering sunsetting its partner strategy entirely. However Stein did not go that far in his comments to us.

“We’ve been riding a certain bear for a few years. We’re jumping to a new bear. That’s always going to create a bit of exhilaration. But I think this is a place of real promise,” was how he couched the pivot.

“I think what Kano does better than anyone else in the world is crafting an experience around technology that opens up its attributes to a wider audience,” Stein also said when asked whether hardware or software will be its main focus going forward. “The hardware element is crucial and beautiful and we make some of the world’s most interesting dynamic physical products. It’s an often told story that hardware’s very hard and is brutal — and yeah, because you get it right you change the fabric of society.

“It’s hard for me to draw a line between hardware and software for the business because we’ve always been asked that and seven years into the business we’ve found the greatest things that people do with the products… it’s always when there’s a combination of the two. So we’re proud that we’re good at combining the two and we’re going to continue to do it.”

The STEM device space has been going through bumpy times in recent years as early hype and investment has failed to translate into sustained revenues at every twist and turn.

The category is certainly filled with challenges — from low barrier to entry leading to plentiful (if varied quality) competition, to the demands of building safe, robust and appealing products for (fickle) kids that tightly and reliably integrate hardware and software, to checking all the relevant boxes and processes to win over teachers and support schools’ curriculum requirements that’s essential for selling direct to the education market.

Given so many demands on STEM device makers it’s not surprising this year has seen a number of these startups exiting to other players and/or larger electronics makers — such as Sphero picking up littleBits.

A couple of years ago Sphero went through its own pivot out of selling co-branded Disney ‘learn to code’ gizmos to zoom in on the education space.

While another UK-based STEM device maker — pi-top — has also been through several rounds of layoffs recently, apparently as part of its own pivot to the US edtech market.

More consolidation in the category seems highly likely. And given the new relationship between Kano and Microsoft joining Redmond via acquisition may be the obvious end point for the startup.

Per the Telegraph’s report, Kano is in the process of looking to raise more funding. However Stein did not comment when asked to confirm the company’s funding situation.

The startup last reported a raise just over two years ago — when it closed a $28M Series B round led by Thames Trust and Breyer Capital. Index Ventures, the Stanford Engineering Venture Fund, LocalGlobe, Marc Benioff, John Makinson, Collaborative Fund, Triple Point Capital, and Barclays also participated.

TechCrunch’s Ingrid Lunden contributed to this report 

Powered by WPeMatico