privacy

Facebook announces Libra cryptocurrency: All you need to know

Posted by | Anchorage, Andreessen Horowitz, Apps, blockchain, coinbase, cryptocurrency, Developer, eBay, eCommerce, Facebook, Farfetch, Finance, funding, Libra Association, Libra Cryptocurrency, Lyft, Mobile, Move coding language, payments, PayPal, Policy, privacy, Ribbit Capital, Social, Spotify, stablecoin, stripe, TC, Thrive Capital, Uber, Union Square Ventures, visa | No Comments

Facebook has finally revealed the details of its cryptocurrency, Libra, which will let you buy things or send money to people with nearly zero fees. You’ll pseudonymously buy or cash out your Libra online or at local exchange points like grocery stores, and spend it using interoperable third-party wallet apps or Facebook’s own Calibra wallet that will be built into WhatsApp, Messenger and its own app. Today Facebook released its white paper explaining Libra and its testnet for working out the kinks of its blockchain system before a public launch in the first half of 2020.

Facebook won’t fully control Libra, but instead get just a single vote in its governance like other founding members of the Libra Association, including Visa, Uber and Andreessen Horowitz, which have invested at least $10 million each into the project’s operations. The association will promote the open-sourced Libra Blockchain and developer platform with its own Move programming language, plus sign up businesses to accept Libra for payment and even give customers discounts or rewards.

Facebook is launching a subsidiary company also called Calibra that handles its crypto dealings and protects users’ privacy by never mingling your Libra payments with your Facebook data so it can’t be used for ad targeting. Your real identity won’t be tied to your publicly visible transactions. But Facebook/Calibra and other founding members of the Libra Association will earn interest on the money users cash in that is held in reserve to keep the value of Libra stable.

Facebook’s audacious bid to create a global digital currency that promotes financial inclusion for the unbanked actually has more privacy and decentralization built in than many expected. Instead of trying to dominate Libra’s future or squeeze tons of cash out of it immediately, Facebook is instead playing the long-game by pulling payments into its online domain. Facebook’s VP of blockchain, David Marcus, explained the company’s motive and the tie-in with its core revenue source during a briefing at San Francisco’s historic Mint building. “If more commerce happens, then more small businesses will sell more on and off platform, and they’ll want to buy more ads on the platform so it will be good for our ads business.”

The risk and reward of building the new PayPal

In cryptocurrencies, Facebook saw both a threat and an opportunity. They held the promise of disrupting how things are bought and sold by eliminating transaction fees common with credit cards. That comes dangerously close to Facebook’s ad business that influences what is bought and sold. If a competitor like Google or an upstart built a popular coin and could monitor the transactions, they’d learn what people buy and could muscle in on the billions spent on Facebook marketing. Meanwhile, the 1.7 billion people who lack a bank account might choose whoever offers them a financial services alternative as their online identity provider too. That’s another thing Facebook wants to be.

Yet existing cryptocurrencies like Bitcoin and Ethereum weren’t properly engineered to scale to be a medium of exchange. Their unanchored price was susceptible to huge and unpredictable swings, making it tough for merchants to accept as payment. And cryptocurrencies miss out on much of their potential beyond speculation unless there are enough places that will take them instead of dollars, and the experience of buying and spending them is easy enough for a mainstream audience. But with Facebook’s relationship with 7 million advertisers and 90 million small businesses plus its user experience prowess, it was well-poised to tackle this juggernaut of a problem.

Now Facebook wants to make Libra the evolution of PayPal . It’s hoping Libra will become simpler to set up, more ubiquitous as a payment method, more efficient with fewer fees, more accessible to the unbanked, more flexible thanks to developers and more long-lasting through decentralization.

“Success will mean that a person working abroad has a fast and simple way to send money to family back home, and a college student can pay their rent as easily as they can buy a coffee,” Facebook writes in its Libra documentation. That would be a big improvement on today, when you’re stuck paying rent in insecure checks while exploitative remittance services charge an average of 7% to send money abroad, taking $50 billion from users annually. Libra could also power tiny microtransactions worth just a few cents that are infeasible with credit card fees attached, or replace your pre-paid transit pass.

…Or it could be globally ignored by consumers who see it as too much hassle for too little reward, or too unfamiliar and limited in use to pull them into the modern financial landscape. Facebook has built a reputation for over-engineered, underused products. It will need all the help it can get if wants to replace what’s already in our pockets.

How does Libra work?

By now you know the basics of Libra. Cash in a local currency, get Libra, spend them like dollars without big transaction fees or your real name attached, cash them out whenever you want. Feel free to stop reading and share this article if that’s all you care about. But the underlying technology, the association that governs it, the wallets you’ll use and the way payments work all have a huge amount of fascinating detail to them. Facebook has released more than 100 pages of documentation on Libra and Calibra, and we’ve pulled out the most important facts. Let’s dive in.

The Libra Association — crypto’s new oligarchy

Facebook knew people wouldn’t trust it to wholly steer the cryptocurrency they use, and it also wanted help to spur adoption. So the social network recruited the founding members of the Libra Association, a not-for-profit which oversees the development of the token, the reserve of real-world assets that gives it value and the governance rules of the blockchain. “If we were controlling it, very few people would want to jump on and make it theirs,” says Marcus.

Each founding member paid a minimum of $10 million to join and optionally become a validator node operator (more on that later), gain one vote in the Libra Association council and be entitled to a share (proportionate to their investment) of the dividends from interest earned on the Libra reserve into which users pay fiat currency to receive Libra.

The 28 soon-to-be founding members of the association and their industries, previously reported by The Block’s Frank Chaparro, include:

  • Payments: Mastercard, PayPal, PayU (Naspers’ fintech arm), Stripe, Visa
  • Technology and marketplaces: Booking Holdings, eBay, Facebook/Calibra, Farfetch, Lyft, Mercado Pago, Spotify AB, Uber Technologies, Inc.
  • Telecommunications: Iliad, Vodafone Group
  • Blockchain: Anchorage, Bison Trails, Coinbase, Inc., Xapo Holdings Limited
  • Venture Capital: Andreessen Horowitz, Breakthrough Initiatives, Ribbit Capital, Thrive Capital, Union Square Ventures
  • Nonprofit and multilateral organizations, and academic institutions: Creative Destruction Lab, Kiva, Mercy Corps, Women’s World Banking

Facebook says it hopes to reach 100 founding members before the official Libra launch and it’s open to anyone that meets the requirements, including direct competitors like Google or Twitter. The Libra Association is based in Geneva, Switzerland and will meet biannually. The country was chosen for its neutral status and strong support for financial innovation including blockchain technology.

Libra governance — who gets a vote

To join the association, members must have a half rack of server space, a 100Mbps or above dedicated internet connection, a full-time site reliability engineer and enterprise-grade security. Businesses must hit two of three thresholds of a $1 billion USD market value or $500 million in customer balances, reach 20 million people a year and/or be recognized as a top 100 industry leader by a group like Interbrand Global or the S&P.

Crypto-focused investors must have more than $1 billion in assets under management, while Blockchain businesses must have been in business for a year, have enterprise-grade security and privacy and custody or staking greater than $100 million in assets. And only up to one-third of founding members can by crypto-related businesses or individually invited exceptions. Facebook also accepts research organizations like universities, and nonprofits fulfilling three of four qualities, including working on financial inclusion for more than five years, multi-national reach to lots of users, a top 100 designation by Charity Navigator or something like it and/or $50 million in budget.

The Libra Association will be responsible for recruiting more founding members to act as validator nodes for the blockchain, fundraising to jump-start the ecosystem, designing incentive programs to reward early adopters and doling out social impact grants. A council with a representative from each member will help choose the association’s managing director, who will appoint an executive team and elect a board of five to 19 top representatives.

Each member, including Facebook/Calibra, will only get up to one vote or 1% of the total vote (whichever is larger) in the Libra Association council. This provides a level of decentralization that protects against Facebook or any other player hijacking Libra for its own gain. By avoiding sole ownership and dominion over Libra, Facebook could avoid extra scrutiny from regulators who are already investigating it for a sea of privacy abuses as well as potentially anti-competitive behavior. In an attempt to preempt criticism from lawmakers, the Libra Association writes, “We welcome public inquiry and accountability. We are committed to a dialogue with regulators and policymakers. We share policymakers’ interest in the ongoing stability of national currencies.”

The Libra currency — a stablecoin

A Libra is a unit of the Libra cryptocurrency that’s represented by a three wavy horizontal line unicode character ≋ like the dollar is represented by $. The value of a Libra is meant to stay largely stable, so it’s a good medium of exchange, as merchants can be confident they won’t be paid a Libra today that’s then worth less tomorrow. The Libra’s value is tied to a basket of bank deposits and short-term government securities for a slew of historically stable international currencies, including the dollar, pound, euro, Swiss franc and yen. The Libra Association maintains this basket of assets and can change the balance of its composition if necessary to offset major price fluctuations in any one foreign currency so that the value of a Libra stays consistent.

The name Libra comes from the word for a Roman unit of weight measure. It’s trying to invoke a sense of financial freedom by playing on the French stem “Lib,” meaning free.

The Libra Association is still hammering out the exact start value for the Libra, but it’s meant to be somewhere close to the value of a dollar, euro or pound so it’s easy to conceptualize. That way, a gallon of milk in the U.S. might cost 3 to 4 Libra, similar but not exactly the same as with dollars.

The idea is that you’ll cash in some money and keep a balance of Libra that you can spend at accepting merchants and online services. You’ll be able to trade in your local currency for Libra and vice versa through certain wallet apps, including Facebook’s Calibra, third-party wallet apps and local resellers like convenience or grocery stores where people already go to top-up their mobile data plan.

The Libra Reserve — one for one

Each time someone cashes in a dollar or their respective local currency, that money goes into the Libra Reserve and an equivalent value of Libra is minted and doled out to that person. If someone cashes out from the Libra Association, the Libra they give back are destroyed/burned and they receive the equivalent value in their local currency back. That means there’s always 100% of the value of the Libra in circulation, collateralized with real-world assets in the Libra Reserve. It never runs fractional. And unliked “pegged” stable coins that are tied to a single currency like the USD, Libra maintains its own value — though that should cash out to roughly the same amount of a given currency over time.

When Libra Association members join and pay their $10 million minimum, they receive Libra Investment Tokens. Their share of the total tokens translates into the proportion of the dividend they earn off of interest on assets in the reserve. Those dividends are only paid out after Libra Association uses interest to pay for operating expenses, investments in the ecosystem, engineering research and grants to nonprofits and other organizations. This interest is part of what attracted the Libra Association’s members. If Libra becomes popular and many people carry a large balance of the currency, the reserve will grow huge and earn significant interest.

The Libra Blockchain — built for speed

Every Libra payment is permanently written into the Libra Blockchain — a cryptographically authenticated database that acts as a public online ledger designed to handle 1,000 transactions per second. That would be much faster than Bitcoin’s 7 transactions per second or Ethereum’s 15. The blockchain is operated and constantly verified by founding members of the Libra Association, which each invested $10 million or more for a say in the cryptocurrency’s governance and the ability to operate a validator node.

When a transaction is submitted, each of the nodes runs a calculation based on the existing ledger of all transactions. Thanks to a Byzantine Fault Tolerance system, just two-thirds of the nodes must come to consensus that the transaction is legitimate for it to be executed and written to the blockchain. A structure of Merkle Trees in the code makes it simple to recognize changes made to the Libra Blockchain. With 5KB transactions, 1,000 verifications per second on commodity CPUs and up to 4 billion accounts, the Libra Blockchain should be able to operate at 1,000 transactions per second if nodes use at least 40Mbps connections and 16TB SSD hard drives.

Transactions on Libra cannot be reversed. If an attack compromises over one-third of the validator nodes causing a fork in the blockchain, the Libra Association says it will temporarily halt transactions, figure out the extent of the damage and recommend software updates to resolve the fork.

Transactions aren’t entirely free. They incur a tiny fraction of a cent fee to pay for “gas” that covers the cost of processing the transfer of funds similar to with Ethereum. This fee will be negligible to most consumers, but when they add up, the gas charges will deter bad actors from creating millions of transactions to power spam and denial-of-service attacks. “We’ve purposely tried not to innovate massively on the blockchain itself because we want it to be scalable and secure,” says Marcus of piggybacking on the best elements of existing cryptocurrencies.

Currently, the Libra Blockchain is what’s known as “permissioned,” where only entities that fulfill certain requirements are admitted to a special in-group that defines consensus and controls governance of the blockchain. The problem is this structure is more vulnerable to attacks and censorship because it’s not truly decentralized. But during Facebook’s research, it couldn’t find a reliable permissionless structure that could securely scale to the number of transactions Libra will need to handle. Adding more nodes slows things down, and no one has proven a way to avoid that without compromising security.

That’s why the Libra Association’s goal is to move to a permissionless system based on proof-of-stake that will protect against attacks by distributing control, encourage competition and lower the barrier to entry. It wants to have at least 20% of votes in the Libra Association council coming from node operators based on their total Libra holdings instead of their status as a founding member. That plan should help appease blockchain purists who won’t be satisfied until Libra is completely decentralized.

Move coding language — for moving Libra

The Libra Blockchain is open source with an Apache 2.0 license, and any developer can build apps that work with it using the Move coding language. The blockchain’s prototype launches its testnet today, so it’s effectively in developer beta mode until it officially launches in the first half of 2020. The Libra Association is working with HackerOne to launch a bug bounty system later this year that will pay security researchers for safely identifying flaws and glitches. In the meantime, the Libra Association is implementing the Libra Core using the Rust programming language because it’s designed to prevent security vulnerabilities, and the Move language isn’t fully ready yet.

Move was created to make it easier to write blockchain code that follows an author’s intent without introducing bugs. It’s called Move because its primary function is to move Libra coins from one account to another, and never let those assets be accidentally duplicated. The core transaction code looks like: LibraAccount.pay_from_sender(recipient_address, amount) procedure.

Eventually, Move developers will be able to create smart contracts for programmatic interactions with the Libra Blockchain. Until Move is ready, developers can create modules and transaction scripts for Libra using Move IR, which is high-level enough to be human-readable but low-level enough to be translatable into real Move bytecode that’s written to the blockchain.

The Libra ecosystem and the Move language will be completely open to use and build, which presents a sizable risk. Crooked developers could prey on crypto novices, claiming their app works just the same as legitimate ones, and that it’s safe because it uses Libra. But if consumers get ripped off by these scammers, the anger will surely bubble up to Facebook. Yet still, Calibra’s head of product tells me, “There are no plans for the Libra Association to take a role in actively vetting [developers],” Calibra’s head of product Kevin Weil tells me.

Even though it’s tried to distance itself sufficiently via its subsidiary Libra and the association, many people will probably always think of Libra as Facebook’s cryptocurrency and blame it for their woes.

Read our full story on the dangers of Libra’s unvetted developer platform

Libra incentives — rewarding early businesses

The Libra Association wants to encourage more developers and merchants to work with its cryptocurrency. That’s why it plans to issue incentives, possibly Libra coins, to validator node operators who can get people signed up for and using Libra. Wallets that pull users through the Know Your Customer anti-fraud and money laundering process or that keep users sufficiently active for over a year will be rewarded. For each transaction they process, merchants will also receive a percentage of the transaction back.

Businesses that earn these incentives can keep them, or pass some or all of them along to users in the form of free Libra tokens or discounts on their purchases. This could create competition between wallets to see which can pass on the most rewards to their customers, and thereby attract the most users. You could imagine eBay or Spotify giving you a discount for paying in Libra, while wallet developers might offer you free tokens if you complete 100 transactions within a year.

“One challenge for Spotify and its users around the world has been the lack of easily accessible payment systems – especially for those in financially underserved markets,” Spotify’s Chief Premium Business Officer Alex Norström writes. “In joining the Libra Association, there is an opportunity to better reach Spotify’s total addressable market, eliminate friction and enable payments in mass scale.”

This savvy incentive system should massively help ratchet up Libra’s user count without dictating how businesses balance their margins versus growth. Facebook also has another plan to grow its developer ecosystem. By offering venture capital firms like Andreessen Horowitz and Union Square Ventures a portion of the reserve interest, they’re motivating to fund startups building Libra infrastructure.

Using Libra

So how do you actually own and spend Libra? Through Libra wallets like Facebook’s own Calibra and others that will be built by third-parties, potentially including Libra Association members like PayPal. The idea is to make sending money to a friend or paying for something as easy as sending a Facebook Message. You won’t be able to make or receive any real payments until the official launch next year, though, but you can sign up for early access when it’s ready here.

None of the Libra Association members agreed to provide details on what exactly they’ll build on the blockchain, but we can take Facebook’s Calibra wallet as an example of the basic experience. Calibra will launch alongside the Libra currency on iOS and Android within Facebook Messenger, WhatsApp and a standalone app. When users first sign up, they’ll be taken through a Know Your Customer anti-fraud process where they’ll have to provide a government-issued photo ID and other verification info. They’ll need to conduct due diligence on customers and report suspicious activity to the authorities.

From there you’ll be able to cash in to Libra, pick a friend or merchant, set an amount to send them and add a description and send them Libra. You’ll also be able to request Libra, and Calibra will offer an expedited way of paying merchants by scanning your or their QR code. Eventually it wants to offer in-store payments and integrations with point-of-sale systems like Square.

The Libra Association’s e-commerce members seem particularly excited about how the token could eliminate transaction fees and speed up checkout. “We believe blockchain will benefit the luxury industry by improving IP protection, transparency in the product life cycle and — as in the case of Libra — enable global frictionless e-commerce,” says FarFetch CEO Jose Neves.

Privacy — at least from Facebook

Facebook CEO Mark Zuckerberg explained some of the philosophy behind Libra and Calibra in a post today. “It’s decentralized — meaning it’s run by many different organizations instead of just one, making the system fairer overall. It’s available to anyone with an internet connection and has low fees and costs. And it’s secured by cryptography which helps keep your money safe. This is an important part of our vision for a privacy-focused social platform — where you can interact in all the ways you’d want privately, from messaging to secure payments.”

By default, Facebook won’t import your contacts or any of your profile information, but may ask if you wish to do so. It also won’t share any of your transaction data back to Facebook, so it won’t be used to target you with ads, rank your News Feed, or otherwise earn Facebook money directly. Data will only be shared in specific instances in anonymized ways for research or adoption measurement, for hunting down fraudsters or due to a request from law enforcement. And you don’t even need a Facebook or WhatsApp account to sign up for Calibra or to use Libra.

“We realize people don’t want their social data and financial data commingled,” says Marcus, who’s now head of Calibra. “The reality is we’ll have plenty of wallets that will compete with us and many of them will not be in social, and if we want to successfully win people’s trust, we have to make sure the data will be separated.”

In case you are hacked, scammed or lose access to your account, Calibra will refund you for lost coins when possible through 24/7 chat support because it’s a custodial wallet. You also won’t have to remember any long, complex crypto passwords you could forget and get locked out from your money, as Calibra manages all your keys for you. Given Calibra will likely become the default wallet for many Libra users, this extra protection and smoother user experience is essential.

For now, Calibra won’t make money. But Calibra’s head of product Kevin Weil tells me that if it reaches scale, Facebook could launch other financial tools through Calibra that it could monetize, such as investing or lending. “In time, we hope to offer additional services for people and businesses, such as paying bills with the push of a button, buying a cup of coffee with the scan of a code or riding your local public transit without needing to carry cash or a metro pass,” the Calibra team writes. That makes it start to sound a lot like China’s everything app WeChat.

A global coin

Facebook got one thing right for sure: Today’s money doesn’t work for everyone. Those of us living comfortably in developed nations likely don’t see the hardships that befall migrant workers or the unbanked abroad. Preyed on by greedy payday lenders and high-fee remittance services, targeted by muggers and left out of traditional financial services, the poor get poorer. Libra has the potential to get more money from working parents back to their families and help people retain credit even if they’re robbed of their physical possessions. That would do more to accomplish Facebook’s mission of making the world feel smaller than all the News Feed Likes combined.

If Facebook succeeds and legions of people cash in money for Libra, it and the other founding members of the Libra Association could earn big dividends on the interest. And if suddenly it becomes super quick to buy things through Facebook using Libra, businesses will boost their ad spend there. But if Libra gets hacked or proves unreliable, it could cost lots of people around the world money while souring them on cryptocurrencies. And by offering an open Libra platform, shady developers could build apps that snatch not just people’s personal info like Cambridge Analytica, but their hard-earned digital cash.

Facebook just tried to reinvent money. Next year, we’ll see if the Libra Association can pull it off. It took me 4,000 words to explain Libra, but at least now you can make up your own mind about whether to be scared of Facebook crypto.

Powered by WPeMatico

Every secure messaging app needs a self-destruct button

Posted by | Apps, encryption, end-to-end encryption, Government, Mobile, privacy, secure messaging, Security, signal, TC, Telegram, WhatsApp | No Comments

The growing presence of encrypted communications apps makes a lot of communities safer and stronger. But the possibility of physical device seizure and government coercion is growing as well, which is why every such app should have some kind of self-destruct mode to protect its user and their contacts.

End to end encryption like that you see in Signal and (if you opt into it) WhatsApp is great at preventing governments and other malicious actors from accessing your messages while they are in transit. But as with nearly all cybersecurity matters, physical access to either device or user or both changes things considerably.

For example, take this Hong Kong citizen who was forced to unlock their phone and reveal their followers and other messaging data to police. It’s one thing to do this with a court order to see if, say, a person was secretly cyberstalking someone in violation of a restraining order. It’s quite another to use as a dragnet for political dissidents.

@telegram @durov an HK citizen who runs a Telegram channel detained by the police was forced to unlock his phone and reveal his channel followers. Could you please add an option such that channel subscribers cannot be seen under extreme circumstances? Much appreciate. https://t.co/tj4UQztuZ2

— Lo Sinofobo (@tnzqo7f9) June 12, 2019

This particular protestor ran a Telegram channel that had a number of followers. But it could just as easily be a Slack room for organizing a protest, or a Facebook group, or anything else. For groups under threat from oppressive government regimes it could be a disaster if the contents or contacts from any of these were revealed to the police.

Just as you should be able to choose exactly what you say to police, you should be able to choose how much your phone can say as well. Secure messaging apps should be the vanguard of this capability.

There are already some dedicated “panic button” type apps, and Apple has thoughtfully developed an “emergency mode” (activated by hitting the power button five times quickly) that locks the phone to biometrics and will wipe it if it is not unlocked within a certain period of time. That’s effective against “Apple pickers” trying to steal a phone or during border or police stops where you don’t want to show ownership by unlocking the phone with your face.

Those are useful and we need more like them — but secure messaging apps are a special case. So what should they do?

The best-case scenario, where you have all the time in the world and internet access, isn’t really an important one. You can always delete your account and data voluntarily. What needs work is deleting your account under pressure.

The next best-case scenario is that you have perhaps a few seconds or at most a minute to delete or otherwise protect your account. Signal is very good about this: The deletion option is front and center in the options screen, and you don’t have to input any data. WhatsApp and Telegram require you to put in your phone number, which is not ideal — fail to do this correctly and your data is retained.

Signal, left, lets you get on with it. You’ll need to enter your number in WhatsApp (right) and Telegram.

Obviously it’s also important that these apps don’t let users accidentally and irreversibly delete their account. But perhaps there’s a middle road whereby you can temporarily lock it for a preset time period, after which it deletes itself if not unlocked manually. Telegram does have self-destructing accounts, but the shortest time you can delete after is a month.

What really needs improvement is emergency deletion when your phone is no longer in your control. This could be a case of device seizure by police, or perhaps being forced to unlock the phone after you have been arrested. Whatever the case, there need to be options for a user to delete their account outside the ordinary means.

Here are a couple options that could work:

  • Trusted remote deletion: Selected contacts are given the ability via a one-time code or other method to wipe each other’s accounts or chats remotely, no questions asked and no notification created. This would let, for instance, a friend who knows you’ve been arrested remotely remove any sensitive data from your device.
  • Self-destruct timer: Like Telegram’s feature, but better. If you’re going to a protest, or have been “randomly” selected for additional screening or questioning, you can just tell the app to delete itself after a certain duration (as little as a minute perhaps) or at a certain time of the day. Deactivate any time you like, or stall for the five required minutes for it to trigger.
  • Poison PIN: In addition to a normal unlock PIN, users can set a poison PIN that when entered has a variety of user-selectable effects. Delete certain apps, clear contacts, send prewritten messages, unlock or temporarily hard-lock the device, etc.
  • Customizable panic button: Apple’s emergency mode is great, but it would be nice to be able to attach conditions like the poison PIN’s. Sometimes all someone can do is smash that button.

Obviously these open new avenues for calamity and abuse as well, which is why they will need to be explained carefully and perhaps initially hidden in “advanced options” and the like. But overall I think we’ll be safer with them available.

Eventually these roles may be filled by dedicated apps or by the developers of the operating systems on which they run, but it makes sense for the most security-forward app class out there to be the first in the field.

Powered by WPeMatico

Apple restricts ads and third-party trackers in iPhone apps for kids

Posted by | Android, app-store, Apple, Apps, computing, Google Play, iOS, iPhone, iTunes, privacy, smartphones, WWDC 2019 | No Comments

Apple has told developers to stop including third-party trackers in apps designed for kids — or they face having their apps pulled from the app store.

The tech giant quietly updated its guidelines for apps that are submitted to the app store’s kids category following the keynote address at its annual developer conference on Monday.

“Apps in the kids category may not include third-party advertising or analytics,” the new guidelines say. Previously, the guidelines only restricted behavioral advertising tracking.

Apple also currently prohibits apps in the kids category from including links that point outside the app or contain in-app purchasing.

Apple has come under fire for its recent marketing campaign claiming “what happens on your iPhone stays on your iPhone,”  which critics say is misleading. All too often apps include ads or tracking code that allows app makers to collect information about the device, including its location and other data, and send it back to base so companies can better target its users with ads, learn more about how you use the app, and more.

Just last week, the Washington Post found over 5,400 app trackers were uploading data from an iPhone over a single week — even at night when the phone owner was asleep.

As a TechCrunch investigation earlier this year found, some apps use so-called session replay technology, a kind of analytics software that records the screen when an app is open. Apps built by Expedia, Hollister and Hotels.com were found in violation of Apple’s rules and developers were told to remove the code.

Apple follows in the footsteps of Google, which last week set out new policies around kids’ apps available for Android through Google Play. The move came following a complaint by the Federal Trade Commission filed by close to two-dozen consumer advocacy groups, which accused the mobile giant of not ensuring app compliance with federal children’s privacy laws.

Now with Apple’s new restrictions, at least kids have a fighting chance of keeping their iPhone data private.

Powered by WPeMatico

Google announces new privacy requirements for Chrome extensions

Posted by | Android, Chrome extensions, Google, google search, google-chrome, privacy, Security, social network | No Comments

Google today announced two major changes to how it expects Chrome extension developers to protect their users’ privacy. Starting this summer, extension developers are required to only request access to the data they need to implement their features — and nothing more. In addition, the company is expanding the number of extension developers who will have to post privacy policies.

The company is also announcing changes to how third-party developers can use the Google Drive API to provide their users access to files there.

All of this is part of Google’s Project Strobe, an effort the company launched last year to reconsider how third-party developers can access data in your Google account and on your Android devices. It was Project Strobe, for example, that detected the issues with Google+’s APIs that hastened the shutdown of the company’s failed social network. It also extends some of the work on Chrome extensions the company announced last October.

“Third-party apps and websites create services that millions of people use to get things done and customize their online experience,” Google Fellow and VP of Engineering Ben Smith writes in today’s announcement. “To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road.”

With today’s announcements, Google aims to provide these rules. For extension developers, that means that if they need multiple permissions to implement a feature, they must access the least amount of data possible, for example. Previously, that’s something the company recommended. Now, it’s required.

Previously, only developers who write extensions that handle personal or sensitive data had to post privacy policies. Going forward, this requirement will also include extensions that handle any user-provided content and personal communications. “Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data,” Smith adds.

As for the Drive API, Google is essentially locking down the service a bit more and limiting third-party access to specific files. Apps that need broader access, including backup services, will have to be verified by Google. The Drive API changes won’t go into effect until next year, though.

Powered by WPeMatico

A year after outcry, carriers are finally stopping sale of location data, letters to FCC show

Posted by | AT&T, FCC, Government, Mobile, privacy, sprint, T-Mobile, Verizon | No Comments

Reports emerged a year ago that all the major cellular carriers in the U.S. were selling location data to third-party companies, which in turn sold them to pretty much anyone willing to pay. New letters published by the FCC show that despite a year of scrutiny and anger, the carriers have only recently put an end to this practice.

We already knew that the carriers, like many large companies, simply could not be trusted. In January it was clear that promises to immediately “shut down,” “terminate” or “take steps to stop” the location-selling side business were, shall we say, on the empty side. Kind of like their assurances that these services were closely monitored — no one seems to have bothered actually checking whether the third-party resellers were obtaining the required consent before sharing location data.

Similarly, the carriers took their time shutting down the arrangements they had in place, and communication on the process has been infrequent and inadequate.

FCC Commissioner Jessica Rosenworcel has been particularly frustrated by the foot-dragging and lack of communication on this issue (by companies and the commission).

“The FCC has been totally silent about press reports that for a few hundred dollars shady middlemen can sell your location within a few hundred meters based on your wireless phone data. That’s unacceptable,” she wrote in a statement posted today.

To provide a bit of closure, she decided to publish letters (PDF) from the major carriers explaining their current positions. Fortunately it’s good news. Here’s the gist:

T-Mobile swiftly made promises last May, and in June of 2018, CEO John Legere said in a tweet that he “personally evaluated this issue,” and pledged that the company “will not sell customer location data to shady middlemen.”

That seems to have been before “T-Mobile undertook an evaluation last summer of whether to retain or restructure its location aggregator program… Ultimately, we decided to terminate it.” That phased termination took place over the next half a year, finishing only in March of 2019.

AT&T immediately suspended access to location data by the offending company, Securus, but continued providing it to others. One hopes they at least began auditing properly. Almost a year later, the company said in its letter to Commissioner Rosenworcel that “in light of the press report to which you refer… we decided in January 2019 to accelerate our phase-out of these services. As of March 29, 2019, AT&T stopped sharing any AT&T customer location data with location aggregators and LBS providers.”

Sprint said shortly after the initial reports that it was in the “process of terminating its current contracts with data aggregators to whom we provide location data.” That process sure seems to have been a long one:

As of May 31, 2019, Sprint will no longer contract with any location aggregators to provide LBS. Sprint anticipates that after May 31. 2019, it may provide LBS services directly to customers like those described above [i.e. roadside assistance], but there are no firm plans at this time.

Verizon (the parent company of TechCrunch) managed to kill its contracts with all-purpose aggregators LocationSmart and Zumigo in November of 2018… except for a specific use case through the former to provide roadside assistance services during the winter. That agreement ended in March.

It’s taken some time, but the carriers seem to have finally followed through on shutting down the programs through which they resold customer location data. All took care to mention at some point the practical and helpful use cases of such programs, but failed to detail the apparent lack of oversight with which they were conducted. The responsibility to properly vet customers and collect mobile user consent seems to have been fully ceded to the resellers, who as last year’s reports showed, did nothing of the kind.

Location data is obviously valuable to consumers and many services can and should be able to request it — from those consumers. No one is arguing otherwise. But this important data was clearly being irresponsibly handled by the carriers, and it is probably right that the location aggregation business gets a hard stop and not a band-aid. We’ll likely see new businesses and arrangements appearing soon — but you can be sure that these too will require close monitoring to make sure the carriers don’t allow them to get out of hand… again.

Powered by WPeMatico

Alexa, does the Echo Dot Kids protect children’s privacy?

Posted by | Advertising Tech, Amazon, Amazon Echo, Amazon.com, artificial intelligence, center for digital democracy, coppa, Disney, echo, echo dot kids, eCommerce, Federal Trade Commission, Gadgets, nickelodeon, privacy, privacy policy, smart assistant, smart speaker, Speech Recognition, terms of service, United States, voice assistant | No Comments

A coalition of child protection and privacy groups has filed a complaint with the Federal Trade Commission (FTC) urging it to investigate a kid-focused edition of Amazon’s Echo smart speaker.

The complaint against Amazon Echo Dot Kids, which has been lodged with the FTC by groups including the Campaign for a Commercial-Free Childhood, the Center for Digital Democracy and the Consumer Federation of America, argues that the e-commerce giant is violating the Children’s Online Privacy Protection Act (COPPA) — including by failing to obtain proper consents for the use of kids’ data.

As with its other smart speaker Echo devices, the Echo Dot Kids continually listens for a wake word and then responds to voice commands by recording and processing users’ speech. The difference with this Echo is it’s intended for children to use — which makes it subject to U.S. privacy regulation intended to protect kids from commercial exploitation online.

The complaint, which can be read in full via the group’s complaint website, argues that Amazon fails to provide adequate information to parents about what personal data will be collected from their children when they use the Echo Dot Kids; how their information will be used; and which third parties it will be shared with — meaning parents do not have enough information to make an informed decision about whether to give consent for their child’s data to be processed.

They also accuse Amazon of providing at best “unclear and confusing” information per its obligation under COPPA to also provide notice to parents to obtain consent for children’s information to be collected by third parties via the online service — such as those providing Alexa “skills” (aka apps the AI can interact with to expand its utility).

A number of other concerns about Amazon’s device are also being raised with the FTC.

Amazon released the Echo Dot Kids a year ago — and, as we noted at the time, it’s essentially a brightly bumpered iteration of the company’s standard Echo Dot hardware.

There are differences in the software, though. In parallel, Amazon updated its Alexa smart assistant — adding parental controls, aka its FreeTime software, to the child-focused smart speaker.

Amazon said the free version of FreeTime that comes bundled with the Echo Dot Kids provides parents with controls to manage their kids’ use of the product, including device time limits; parental controls over skills and services; and the ability to view kids’ activity via a parental dashboard in the app. The software also removes the ability for Alexa to be used to make phone calls outside the home (while keeping an intercom functionality).

A paid premium tier of FreeTime (called FreeTime Unlimited) also bundles additional kid-friendly content, including Audible books, ad-free radio stations from iHeartRadio Family and premium skills and stories from the likes of Disney, National Geographic and Nickelodeon .

At the time it announced the Echo Dot Kids, Amazon said it had tweaked its voice assistant to support kid-focused interactions — saying it had trained the AI to understand children’s questions and speech patterns, and incorporated new answers targeted specifically at kids (such as jokes).

But while the company was ploughing resource into adding a parental control layer to Echo and making Alexa’s speech recognition kid-friendly, the COPPA complaint argues it failed to pay enough attention to the data protection and privacy obligations that apply to products targeted at children — as the Echo Dot Kids clearly is.

Or, to put it another way, Amazon offers parents some controls over how their children can interact with the product — but not enough controls over how Amazon (and others) can interact with their children’s data via the same always-on microphone.

More specifically, the group argues that Amazon is failing to meet its obligation as the operator of a child-directed service to provide notice and obtain consent for third parties operating on the Alexa platform to use children’s data — noting that its Children’s Privacy Disclosure policy states it does not apply to third-party services and skills.

Instead, the complaint says Amazon tells parents they should review the skill’s policies concerning data collection and use. “Our investigation found that only about 15% of kid skills provide a link to a privacy policy. Thus, Amazon’s notice to parents regarding data collection by third parties appears designed to discourage parental engagement and avoid Amazon’s responsibilities under Coppa,” the group writes in a summary of their complaint.

They are also objecting to how Amazon is obtaining parental consent — arguing its system for doing so is inadequate because it’s merely asking that a credit or debit/debit gift card number be inputted.

“It does not verify that the person ‘consenting’ is the child’s parent as required by Coppa,” they argue. “Nor does Amazon verify that the person consenting is even an adult because it allows the use of debit gift cards and does not require a financial transaction for verification.”

Another objection is that Amazon is retaining audio recordings of children’s voices far longer than necessary — keeping them indefinitely unless a parent actively goes in and deletes the recordings, despite COPPA requiring that children’s data be held for no longer than is reasonably necessary.

They found that additional data (such as transcripts of audio recordings) was also still retained even after audio recordings had been deleted. A parent must contact Amazon customer service to explicitly request deletion of their child’s entire profile to remove that data residue — meaning that to delete all recorded kids’ data a parent has to nix their access to parental controls and their kids’ access to content provided via FreeTime — so the complaint argues that Amazon’s process for parents to delete children’s information is “unduly burdensome” too.

Their investigation also found the company’s process for letting parents review children’s information to be similarly arduous, with no ability for parents to search the collected data — meaning they have to listen/read every recording of their child to understand what has been stored.

They further highlight that children’s Echo Dot Kids’ audio recordings can of course include sensitive personal details — such as if a child uses Alexa’s “remember” feature to ask the AI to remember personal data such as their address and contact details or personal health information like a food allergy.

The group’s complaint also flags the risk of other children having their data collected and processed by Amazon without their parents’ consent — such as when a child has a friend or family member visiting on a play date and they end up playing with the Echo together.

Responding to the complaint, Amazon has denied it is in breach of COPPA. In a statement, a company spokesperson said: “FreeTime on Alexa and Echo Dot Kids Edition are compliant with the Children’s Online Privacy Protection Act (COPPA). Customers can find more information on Alexa and overall privacy practices here: https://www.amazon.com/alexa/voice [amazon.com].”

An Amazon spokesperson also told us it only allows kid skills to collect personal information from children outside of FreeTime Unlimited (i.e. the paid tier) — and then only if the skill has a privacy policy and the developer separately obtains verified consent from the parent, adding that most kid skills do not have a privacy policy because they do not collect any personal information.

At the time of writing, the FTC had not responded to a request for comment on the complaint.

In Europe, there has been growing concern over the use of children’s data by online services. A report by England’s children’s commissioner late last year warned kids are being “datafied,” and suggested profiling at such an early age could lead to a data-disadvantaged generation.

Responding to rising concerns the U.K. privacy regulator launched a consultation on a draft Code of Practice for age appropriate design last month, asking for feedback on 16 proposed standards online services must meet to protect children’s privacy — including requiring that product makers put the best interests of the child at the fore, deliver transparent T&Cs, minimize data use and set high privacy defaults.

The U.K. government has also recently published a whitepaper setting out a policy plan to regulate internet content that has a heavy focus on child safety.

Powered by WPeMatico

Facebook talked privacy, Google actually built it

Posted by | Apps, artificial intelligence, Developer, Facebook, facebook privacy, Google, Google I/O 2019, google privacy, Mark Zuckerberg, Mobile, Opinion, Policy, privacy, Sundar Pichai, TC | No Comments

Mark Zuckerberg: “The future is private”. Sundar Pichai: ~The present is private~. While both CEO’s made protecting user data a central theme of their conference keynotes this month, Facebook’s product updates were mostly vague vaporware while Google’s were either ready to ship or ready to demo. The contrast highlights the divergence in strategy between the two tech giants.

For Facebook, privacy is a talking point meant to boost confidence in sharing, deter regulators, and repair its battered image. For Google, privacy is functional, going hand-in-hand with on-device data processing to make features faster and more widely accessible.

Everyone wants tech to be more private, but we must discern between promises and delivery. Like “mobile”, “on-demand”, “AI”, and “blockchain” before it, “privacy” can’t be taken at face value. We deserve improvements to the core of how our software and hardware work, not cosmetic add-ons and instantiations no one is asking for.

AMY OSBORNE/AFP/Getty Images

At Facebook’s F8 last week, we heard from Zuckerberg about how “Privacy gives us the freedom to be ourselves” and he reiterated how that would happen through ephemerality and secure data storage. He said Messenger and Instagram Direct will become encrypted…eventually…which Zuckerberg had already announced in January and detailed in March. We didn’t get the Clear History feature that Zuckerberg made the privacy centerpiece of his 2018 conference, or anything about the Data Transfer Project that’s been silent for the 10 months since it’s reveal.

What users did get was a clumsy joke from Zuckerberg about how “I get that a lot of people aren’t sure that we’re serious about this. I know that we don’t exactly have the strongest reputation on privacy right now to put it lightly. But I’m committed to doing this well.” No one laughed. At least he admitted that “It’s not going to happen overnight.”

But it shouldn’t have to. Facebook made its first massive privacy mistake in 2007 with Beacon, which quietly relayed your off-site ecommerce and web activity to your friends. It’s had 12 years, a deal with the FTC promising to improve, countless screwups and apologies, the democracy-shaking Cambridge Analytica scandal, and hours of being grilled by congress to get serious about the problem. That makes it clear that if “the future is private”, then the past wasn’t. Facebook is too late here to receive the benefit of the doubt.

At Google’s I/O, we saw demos from Pichai showing how “our work on privacy and security is never done. And we want to do more to stay ahead of constantly evolving user expectations.” Instead of waiting to fall so far behind that users demand more privacy, Google has been steadily working on it for the past decade since it introduced Chrome incognito mode. It’s changed directions away from using Gmail content to target ads and allowing any developer to request access to your email, though there are plenty of sins to atone for. Now when the company is hit with scandals, it’s typically over its frightening efficiency as with its cancelled Project Maven AI military tech, not its creepiness.

Google made more progress on privacy in low-key updates in the runup to I/O than Facebook did on stage. In the past month it launched the ability to use your Android device as a physical security key, and a new auto-delete feature rolling out in the coming weeks that erases your web and app activity after 3 or 18 months. Then in its keynote today, it published “privacy commitments” for Made By Google products like Nest detailing exactly how they use your data and your control over that. For example, the new Nest Home Max does all its Face Match processing on device so facial recognition data isn’t sent to Google. Failing to note there’s a microphone in its Nest security alarm did cause an uproar in February, but the company has already course-corrected

That concept of on-device processing is a hallmark of the new Android 10 Q operating system. Opening in beta to developers today, it comes with almost 50 new security and privacy features like TLS 1.3 support and Mac address randomization. Google Assistant will now be better protected, Pichai told a cheering crowd. “Further advances in deep learning have allowed us to combine and shrink the 100 gigabyte models down to half a gigabyte — small enough to bring it onto mobile devices.” This makes Assistant not only more private, but fast enough that it’s quicker to navigate your phone by voice than touch. Here, privacy and utility intertwine.

The result is that Google can listen to video chats and caption them for you in real-time, transcribe in-person conversations, or relay aloud your typed responses to a phone call without transmitting audio data to the cloud. That could be a huge help if you’re hearing or vision impaired, or just have your hands full. A lot of the new Assistant features coming to Google Pixel phones this year will even work in Airplane mode. Pichai says that “Gboard is already using federated learning to improve next word prediction, as well as emoji prediction across 10s of millions of devices” by using on-phone processing so only improvements to Google’s AI are sent to the company, not what you typed.

Google’s senior director of Android Stephanie Cuthbertson hammered the idea home, noting that “On device machine learning powers everything from these incredible breakthroughs like Live Captions to helpful everyday features like Smart Reply. And it does this with no user input ever leaving the phone, all of which protects user privacy.” Apple pioneered much of the on-device processing, and many Google features still rely on cloud computing, but it’s swiftly progressing.

When Google does make privacy announcements about things that aren’t about to ship, they’re significant and will be worth the wait. Chrome will implement anti-fingerprinting tech and change cookies to be more private so only the site that created them can use them. And Incognito Mode will soon come to the Google Maps and Search apps.

Pichai didn’t have to rely on grand proclamations, cringey jokes, or imaginary product changes to get his message across. Privacy isn’t just a means to an end for Google. It’s not a PR strategy. And it’s not some theoretical part of tomorrow like it is for Zuckerberg and Facebook. It’s now a natural part of building user-first technology…after 20 years of more cavalier attitudes towards data. That new approach is why the company dedicated to organizing the world’s information has been getting so little backlash lately.

With privacy, it’s all about show, don’t tell.

Powered by WPeMatico

Takeaways from F8 and Facebook’s next phase

Posted by | Advertising Tech, Apps, artificial intelligence, augmented reality, conference call, data privacy, data security, dating, Developer, eCommerce, Enterprise, Entertainment, events, Extra Crunch Conference Call, Facebook, Facebook Dating, facebook groups, Facebook Marketplace, facebook messenger, Facebook Watch, Gadgets, Gaming, hardware, investment opportunities, marketplace, Media, Oculus, Oculus Quest, Oculus Rift, privacy, Security, Social, Startups, TC, transcript, Venture Capital, Virtual reality, WhatsApp | No Comments

Extra Crunch offers members the opportunity to tune into conference calls led and moderated by the TechCrunch writers you read every day. This week, TechCrunch’s Josh Constine and Frederic Lardinois discuss major announcements that came out of Facebook’s F8 conference and dig into how Facebook is trying to redefine itself for the future.

Though touted as a developer-focused conference, Facebook spent much of F8 discussing privacy upgrades, how the company is improving its social impact, and a series of new initiatives on the consumer and enterprise side. Josh and Frederic discuss which announcements seem to make the most strategic sense, and which may create attractive (or unattractive) opportunities for new startups and investment.

“This F8 was aspirational for Facebook. Instead of being about what Facebook is, and accelerating the growth of it, this F8 was about Facebook, and what Facebook wants to be in the future.

That’s not the newsfeed, that’s not pages, that’s not profiles. That’s marketplace, that’s Watch, that’s Groups. With that change, Facebook is finally going to start to decouple itself from the products that have dragged down its brand over the last few years through a series of nonstop scandals.”

(Photo by Justin Sullivan/Getty Images)

Josh and Frederic dive deeper into Facebook’s plans around its redesign, Messenger, Dating, Marketplace, WhatsApp, VR, smart home hardware and more. The two also dig into the biggest news, or lack thereof, on the developer side, including Facebook’s Ax and BoTorch initiatives.

For access to the full transcription and the call audio, and for the opportunity to participate in future conference calls, become a member of Extra Crunch. Learn more and try it for free. 

Powered by WPeMatico