WhatsApp

WhatsApp exploit let attackers install government-grade spyware on phones

Posted by | Apps, Facebook, Hack, Mobile, NSO Group, Security, WhatsApp | No Comments

WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.

The vulnerability (documented here) was discovered by the Facebook-owned WhatsApp in early May, the company confirmed to TechCrunch. It apparently leveraged a bug in the audio call feature of the app to allow the caller to allow the installation of spyware on the device being called, whether the call was answered or not.

The spyware in question that was detected as having been installed was Israel-based NSO Group’s Pegasus, which is usually (ostensibly) licensed to governments looking to infect targets of investigations and gain access to various aspects of their devices.

This is, as you can imagine, an extremely severe security hole, and it is difficult to fix the window during which it was open, or how many people were affected by it. Without knowing exactly what the exploit was and what data WhatsApp keeps regarding that type of activity, we can only speculate.

The company said that it suspects a relatively small number of users were targeted, since it would be nontrivial to deploy, limiting it to advanced and highly motivated actors.

Once alerted to the issue’s existence, the company said it took less than 10 days to make the required changes to its infrastructure that would render the attack inoperable. After that, an update went out to the client that further secured against the exploit.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement.

So what about NSO Group? Is this attack their work as well? The company told the Financial Times, which first reported the attack, that it was investigating the issue. But it noted that it is careful not to involve itself with the actual applications of its software — it vets its customers and investigates abuse, it said, but it has nothing to do with how its code is used or against whom.

WhatsApp did not name NSO in its remarks, but its suspicions seem clear:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

Naturally when a security-focused app like WhatsApp finds that a private company has, potentially at least, been secretly selling a known and dangerous exploit of its protocols, there’s a certain amount of enmity. But it’s all part of the 0-day game, an arms race to protect against or breach the latest security measures. WhatsApp notified the Department of Justice and “a number of human rights organisations” of the issue.

You should, as WhatsApp suggests, always keep your apps up to date for situations like this, although in this case the problem was able to be fixed in the backend before clients could be patched.

Powered by WPeMatico

Takeaways from F8 and Facebook’s next phase

Posted by | Advertising Tech, Apps, artificial intelligence, augmented reality, conference call, data privacy, data security, dating, Developer, eCommerce, Enterprise, Entertainment, events, Extra Crunch Conference Call, Facebook, Facebook Dating, facebook groups, Facebook Marketplace, facebook messenger, Facebook Watch, Gadgets, Gaming, hardware, investment opportunities, marketplace, Media, Oculus, Oculus Quest, Oculus Rift, privacy, Security, Social, Startups, TC, transcript, Venture Capital, Virtual reality, WhatsApp | No Comments

Extra Crunch offers members the opportunity to tune into conference calls led and moderated by the TechCrunch writers you read every day. This week, TechCrunch’s Josh Constine and Frederic Lardinois discuss major announcements that came out of Facebook’s F8 conference and dig into how Facebook is trying to redefine itself for the future.

Though touted as a developer-focused conference, Facebook spent much of F8 discussing privacy upgrades, how the company is improving its social impact, and a series of new initiatives on the consumer and enterprise side. Josh and Frederic discuss which announcements seem to make the most strategic sense, and which may create attractive (or unattractive) opportunities for new startups and investment.

“This F8 was aspirational for Facebook. Instead of being about what Facebook is, and accelerating the growth of it, this F8 was about Facebook, and what Facebook wants to be in the future.

That’s not the newsfeed, that’s not pages, that’s not profiles. That’s marketplace, that’s Watch, that’s Groups. With that change, Facebook is finally going to start to decouple itself from the products that have dragged down its brand over the last few years through a series of nonstop scandals.”

(Photo by Justin Sullivan/Getty Images)

Josh and Frederic dive deeper into Facebook’s plans around its redesign, Messenger, Dating, Marketplace, WhatsApp, VR, smart home hardware and more. The two also dig into the biggest news, or lack thereof, on the developer side, including Facebook’s Ax and BoTorch initiatives.

For access to the full transcription and the call audio, and for the opportunity to participate in future conference calls, become a member of Extra Crunch. Learn more and try it for free. 

Powered by WPeMatico

Developers can now verify mobile app users over WhatsApp instead of SMS

Posted by | Android, Apps, authentication, Facebook, iOS, Mobile, Security, SMS, Social, social media, social network, text messaging, verification, WhatsApp | No Comments

Facebook today released a new SDK that allows mobile app developers to integrate WhatsApp verification into Account Kit for iOS and Android. This will allow developers to build apps where users can opt to receive their verification codes through the WhatsApp app installed on their phone instead of through SMS.

Today, many apps give users the ability to sign up using only a phone number — a now popular alternative to Facebook Login, thanks to the social network’s numerous privacy scandals that led to fewer people choosing to use Facebook with third-party apps.

Plus, using phone numbers to sign up is common with a younger generation of users who don’t have Facebook accounts — and sometimes barely use email, except for joining apps and services.

When using a phone number to sign in, it’s common for the app to confirm the user by sending a verification code over SMS to the number provided. The user then enters that code to create their account. This process can also be used when logging in, as part of a multi-factor verification system where a user’s account information is combined with this extra step for added security.

While this process is straightforward and easy enough to follow, SMS is not everyone’s preferred messaging platform. That’s particularly true in emerging markets like India, where 200 million people are on WhatsApp, for example. In addition, those without an unlimited messaging plan are careful not to overuse texting when it can be avoided.

That’s where the WhatsApp SDK comes in. Once integrated into an iOS or Android app, developers can offer to send users their verification code over WhatsApp instead of text messaging. They can even choose to disable SMS verification, notes Facebook.

This is all a part of WhatsApp’s Account Kit, which is a larger set of developer tools designed to allow people to quickly register and log in to apps or websites using only a phone number and email, no password required.

This WhatsApp verification codes option has been available on WhatsApp’s web SDK since late 2018, but hadn’t been available with mobile apps until today.

Powered by WPeMatico

You might hate it, but Facebook Stories now has 500M users

Posted by | Advertising Tech, Apps, Facebook, Facebook ads, Facebook Earnings, Facebook Earnings Q1 2019, Facebook Stories, Facebook Stories Ads, instagram, Instagram Stories, Mobile, Social, TC, WhatsApp, WhatsApp Status | No Comments

You might think it’s redundant with Instagram Stories, or just don’t want to see high school friends’ boring lives, but ephemeral Snapchat-style Stories now have 500 million daily users across Facebook and Messenger. WhatsApp’s Stories feature Status has 500 million dailies too, and Instagram hit that milestone three months ago. That’s impressive, because it means one-third of Facebook’s 1.56 billion daily users are posting or watching Stories each day, up from zero when Facebook launched the feature two years ago.

For reference, Stories inventor Snapchat has just 190 million total daily users.

Facebook Stories

CEO Mark Zuckerberg announced the new stats on today’s Facebook Q1 2019 earnings call, which showed it’s user growth rate had increased but it had to save $3 billion for a potential FTC fine over privacy practices.

Facebook isn’t just using Stories to keep people engaged, but to squeeze more cash out of them. Today COO Sheryl Sandberg announced that 3 million advertisers have now bought Stories ads across Facebook’s family of apps. I’d expect Facebook to launch a Stories Ad Network soon so other apps can show Facebook’s vertical video ads and get a cut of the revenue.

Facebook’s aggressive move to clone Snapchat Stories not just in Instagram but everywhere might have pissed users off at first, but many of them have come around. If you give people a place to put their face at the top of their friends’ phones, they’ll fill it. And if someone dangles a window into the lives of people you know and people you wish you did, you’ll open that window regularly.

Powered by WPeMatico

The consumer version of BBM is shutting down on May 31

Posted by | Android, apple-app-store, BBM, BlackBerry, computing, emtek, encryption, Google Play Store, imessage, Instant Messaging, messaging apps, Messenger, microsoft windows, Mobile, operating systems, private, research-in-motion, smartphone, smartphones, SMS, technology, WhatsApp, Windows Live Messenger | No Comments

It might be time to move on from BBM. The consumer version of the BlackBerry Messenger will shut down on May 31. Emtek, the Indonesia-based company that partnered with BlackBerry in 2016, just announced the closure. It’s important to note, BBM will still exist and BlackBerry today revealed a plan to open its enterprise-version of BBM to general consumers.

Starting today, BBM Enterprise will be available through the Google Play Store and eventually from the Apple App Store. The service will be free for one year and after that, $2.49 for six months of service. This version of the software, like the consumer version, still features group chats, voice and video calls and the ability to edit and retract messages.

As explained by BlackBerry, BBMe features end-to-end encryption:

BBMe can be downloaded on any device that uses Android, iOS, Windows or MAC operating systems. The sender and recipient each have unique public/private encryption and signing keys. These keys are generated on the device by a FIPS 140-2 certified cryptographic library and are not controlled by BlackBerry. Each message uses a new symmetric key for message encryption. Additionally, TLS encryption between the device and BlackBerry’s infrastructure protects BBMe messages from eavesdropping or manipulation.

BBM is one of the oldest smartphone messaging services. Research in Motion, BlackBerry’s original name, released the messenger in 2005. It quickly became a selling point for BlackBerry devices. BBM wasn’t perfect and occasionally crashed, but it was a robust, feature-filled messaging app when most of the world was still using SMS. Eventually, with the downfall of RIM and eventually BlackBerry, BBM fell behind iMessage, WhatsApp and other independent messaging platforms. Emtek’s partnership with BlackBerry was supposed to bring the service into the current age, but some say the consumer version ended up bloated with games, channels and ads. BlackBerry’s BBMe lacks a lot of those extra features, so consumers might find it a better platform for communicating.

Powered by WPeMatico

CleverTap lands $26M for its mobile-focused customer marketing service

Posted by | Accel, Asia, clevertap, Facebook, Fandango, funding, Fundings & Exits, go-jek, india, Media, Mobile, rakuten, Sequoia, Sequoia India, Singapore, Southeast Asia, tiger global, United States, Viber, WhatsApp | No Comments

CleverTap, an India-based startup that lets companies track and improve engagement with users across the web, has pulled in $26 million in new funding thanks to a round led by Sequoia India.

Existing investor Accel and new backer Tiger Global also took part in the deal, which values CleverTap at $150-$160 million, the startup disclosed. The deal takes CleverTap to around $40 million from investors to date.

Founded in 2015 and based in Mumbai, CleverTap competes with a range of customer experience services, including Oracle Cloud. Its service covers a range of touchpoints with consumers, including email, in-app activity, push notifications, Facebook, WhatsApp (for business) and Viber. Its service helps companies map out how their users are engaging across those vectors, and develop “re-engagement” programs to help reactive dormant users or increase engagement among others.

The company says its SDK is installed in more than 8,000 apps and its customers include Southeast Asia-based startups Go-Jek and Zilingo, Hotstar in India and U.S.-based Fandango . With a considerable customer base in Asia, CleverTap puts a particular focus on mobile because many of these markets are all about personal devices.

“Asia is mobile-first and massively growing,” CleverTap CEO and co-founder Sunil Thomas told TechCrunch in an interview. “A lot of engagement in this [part of the] world is timely… we were sort of born physically on the east side of the world, so we got to scale with all these diverse set of devices.”

That stands to benefit CleverTap as it seeks to grow market share outside of Asia, and in markets like the U.S. and Europe where mobile is — right now — just one part of the marketing and customer engagement process. The company believes that engagement by mobile has a long way to develop there.

“Engagement [in the West] is still email-heavy and not really timely,” Thomas said. “Whereas the East thinks of it as ‘Hey, let’s be proactive… instead of a user coming in to hunt for information, can I provide it when I think he or she will need it?’ ”

Of course, mobile push and in-app notifications can be easily abused.

Most people will know of an app on their phone that falls into that category. So, how does a company know what is too much or what isn’t enough?

“As long as you use push or in-app as an extension of your brand, then I think it’s extremely useful,” explained Thomas. “After all, this is a really competitive world; it isn’t just your app out there — if you can make your brand count when this person isn’t in your app, that’ll help you.”

More broadly, Thomas argued that CleverTap brings data to the table which, ultimately, “changes the whole context in real time.” So a customer can really look holistically at their online presence and figure out what is working, and with which users. In real terms, when used to acquire new users online, he said he believes that CleverTap typically doubles registration conversions and triples the buying rate.

“The cost of acquisition to first purchase is what we really effect,” said Thomas. “It’s that moment you get a new person into your house.”

CleverTap has an office in Sunnyvale and it has just landed in Singapore. Now it plans to add a location in Indonesia before the end of the year. Those expansions are centered around business development, with some customer support, since tech and other teams are in India. Already, according to Thomas, the company is looking to grow in Europe while it is weighing the potential to enter Latin America in a move that could include a local partnership.

The CleverTap CEO is also considering raising more money toward the end of the year, when he believes that the company can push its valuation as high as $400 million.

“That’s very doable based on revenue growth,” he said. “We think that the revenue will demand that valuation.”

Powered by WPeMatico

Snap is channeling Asia’s messaging giants with its move into gaming

Posted by | alibaba, Apps, Asia, Australia, Bitmoji, Canada, China, computing, e-commerce, epic games, Evan Spiegel, Facebook, food, France, game developers, Gaming, instagram, Instant Messaging, Japan, josh constine, Kakao, Los Angeles, messaging apps, Messenger, nhn japan, Nintendo, operating systems, player, Snap, Snapchat, Social, social media, social network, Software, Southeast Asia, Startups, Tencent, United Kingdom, United States, WeChat, WhatsApp | No Comments

Snap is taking a leaf out of the Asian messaging app playbook as its social messaging service enters a new era.

The company unveiled a series of new strategies that are aimed at breathing fresh life into the service that has been ruthlessly cloned by Facebook across Instagram, WhatsApp and even its primary social network. The result? Snap has consistently lost users since going public in 2017. It managed to stop the rot with a flat Q4, but resting on its laurels isn’t going to bring back the good times.

Snap has taken a three-pronged approach: extending its stories feature (and ads) into third-party apps and building out its camera play with an AR platform, but it is the launch of social games that is the most intriguing. The other moves are logical, and they fall in line with existing Snap strategies, but games is an entirely new category for the company.

It isn’t hard to see where Snap found inspiration for social games — Asian messaging companies have long twinned games and chat — but the U.S. company is applying its own twist to the genre.

Powered by WPeMatico

WhatsApp’s Brian Acton to talk Signal Foundation and leaving Facebook at Disrupt SF

Posted by | Apps, Brian Acton, Facebook, Mobile, Policy, privacy, signal, signal foundation, Talent, TC, TechCrunch Disrupt SF 2019, WhatsApp | No Comments

“We give them the power. That’s the bad part. We buy their products. We sign up for these websites. Delete Facebook, right?”

That’s WhatsApp founder Brian Acton’s most recent quote about his former employer, Facebook. Acton has seemingly been fueled by his experience running WhatsApp from within Facebook, which has been scrutinized for profiting from collecting data on users.

Which explains why now, two years after leaving Facebook, Acton has found a new groove as founder and executive chairman of the Signal Technology Foundation, a 501(c)(3) nonprofit organization dedicated to doing the foundational work around making private communication accessible, secure and ubiquitous. Acton invested $50 million of his own money to start Signal Foundation in February of 2018.

At TechCrunch Disrupt SF in October, we’ll hear more from Acton about Signal Foundation and his predictions for the future of communication and privacy. And, of course, we’ll try to learn more about what Facebook was up to with WhatsApp, why he left and how it felt leaving $850 million on the table.

Though he was rejected for positions at Facebook and Twitter in 2009, Acton is actually a Silicon Valley veteran, working in the industry (mostly as a software builder) for more than 25 years at places like Apple, Yahoo and Adobe before founding WhatsApp.

The chat app he built with co-founder Jan Koum grew to 1.5 billion users and, eventually, saw a $19 billion buyout from Mark Zuckerberg in 2014. But when Facebook wanted to lay the basis for targeted ads and commercial messaging within the encrypted chat app he’d spent years building, he walked away.

The Signal Foundation is all about ensuring people have access to private communication that doesn’t cost their own personal data.

“We believe there is an opportunity to act in the public interest and make a meaningful contribution to society by building sustainable technology that respects users and does not rely on the commoditization of personal data,” Acton wrote when it was first announced. In many ways, the Signal Foundation is a symbol and a continuation of Acton’s most expensive moral stand.

We’re thrilled to hear from Acton about what’s next at Signal Foundation. We’ll also try to learn more about his exit at Facebook and his feelings about the products he spent so much time building there.

After all, unsavvy regulators, legions of competitors and user backlash have all failed to compel Facebook to treat people better. But the real power lies with the talent that tech giants fight over. When people like Acton speak up or walk out, employers are forced to listen.

“No filter” is Acton’s style, so get ready for some fireworks when we sit down with him onstage at Disrupt SF.

Disrupt SF runs October 2 to October 4 at the Moscone Center. Tickets are available here.

Powered by WPeMatico

Zuckerberg wants messages to auto-expire to make Facebook a ‘living room’

Posted by | Apps, encryption, end-to-end encryption, Facebook, facebook messenger, Facebook Policy, facebook privacy, instagram, Mark Zuckerberg, Mobile, Policy, privacy, Social, TC, WhatsApp | No Comments

On feed-based “broader social networks, where people can accumulate friends or followers until the services feel more public . . . it feels more like a town square than a more intimate space like a living room” Facebook CEO Mark Zuckerberg explained in a blog post today. With messaging, groups, and ephemeral stories as the fastest growing social features, Zuckerberg laid out why he’s rethinking Facebook as a private living room where people can be comfortable being themselves without fear of hackers, government spying, and embarrassment from old content — all without encryption allowing bad actors to hide their crimes.

Perhaps this will just be more lip service in a time of PR crisis for Facebook. But with the business imperative fueled by social networking’s shift away from permanent feed broadcasting, Facebook can espouse the philosophy of privacy while in reality servicing its shareholders and bottom line. It’s this alignment that actually spurs product change. We saw Facebook’s agility with last year’s realization that a misinformation- and hate-plagued platform wouldn’t survive long-term so it had to triple its security and moderation staff. And in 2017, recognizing the threat of Stories, it implemented them across its apps. Now Facebook might finally see the dollar signs within privacy.

The New York Times’ Mike Isaac recently reported that Facebook planned to unify its Facebook, WhatsApp, and Instagram messaging infrastructure to allow cross-app messaging and end-to-end encryption. And Zuckerberg discussed this and the value of ephemerality on the recent earnings call. But now Zuckerberg has roadmapped a clearer slate of changes and policies to turn Facebook into a living room:

-Facebook will let users opt in to the ability to send or receive messages across Facebook, WhatsApp, and Instagram

-Facebook wants to expand that interoperability to SMS on Android

-Zuckerberg wants to make ephemerality automatic on messaging threads, so chats disappear by default after a month or year, with users able to control that or put timers on individual messages.

-Facebook plans to limit how long it retains metadata on messages once it’s no longer needed for spam or safety protections

-Facebook will extend end-to-end encryption across its messaging apps but use metadata and other non-content signals to weed out criminals using privacy to hide their misdeeds.

-Facebook won’t store data in countries with a bad track record of privacy abuse such as Russia, even if that means having to shut down or postpone operations in a country

You can read the full blog post from Zuckerberg below:

A Privacy-Focused Vision for Social Networking

My focus for the last couple of years has been understanding and addressing the biggest challenges facing Facebook. This means taking positions on important issues concerning the future of the internet. In this note, I’ll outline our vision and principles around building a privacy-focused messaging and social networking platform. There’s a lot to do here, and we’re committed to working openly and consulting with experts across society as we develop this.

Over the last 15 years, Facebook and Instagram have helped people connect with friends, communities, and interests in the digital equivalent of a town square. But people increasingly also want to connect privately in the digital equivalent of the living room. As I think about the future of the internet, I believe a privacy-focused communications platform will become even more important than today’s open platforms. Privacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks.

Today we already see that private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication. There are a number of reasons for this. Many people prefer the intimacy of communicating one-on-one or with just a few friends. People are more cautious of having a permanent record of what they’ve shared. And we all expect to be able to do things like payments privately and securely.

Public social networks will continue to be very important in people’s lives — for connecting with everyone you know, discovering new people, ideas and content, and giving people a voice more broadly. People find these valuable every day, and there are still a lot of useful services to build on top of them. But now, with all the ways people also want to interact privately, there’s also an opportunity to build a simpler platform that’s focused on privacy first.

I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform — because frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing. But we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.

I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about.

We plan to build this the way we’ve developed WhatsApp: focus on the most fundamental and private use case — messaging — make it as secure as possible, and then build more ways for people to interact on top of that, including calls, video chats, groups, stories, businesses, payments, commerce, and ultimately a platform for many other kinds of private services.

This privacy-focused platform will be built around several principles:

Private interactions. People should have simple, intimate places where they have clear control over who can communicate with them and confidence that no one else can access what they share.

Encryption. People’s private communications should be secure. End-to-end encryption prevents anyone — including us — from seeing what people share on our services.

Permanence. People should be comfortable being themselves, and should not have to worry about what they share coming back to hurt them later. So we won’t keep messages or stories around for longer than necessary to deliver the service or longer than people want it.

Safety. People should expect that we will do everything we can to keep them safe on our services within the limits of what’s possible in an encrypted service.

Interoperability. People should be able to use any of our apps to reach their friends, and they should be able to communicate across networks easily and securely.

Secure data storage. People should expect that we won’t store sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.

Over the next few years, we plan to rebuild more of our services around these ideas. The decisions we’ll face along the way will mean taking positions on important issues concerning the future of the internet. We understand there are a lot of tradeoffs to get right, and we’re committed to consulting with experts and discussing the best way forward. This will take some time, but we’re not going to develop this major change in our direction behind closed doors. We’re going to do this as openly and collaboratively as we can because many of these issues affect different parts of society.

Private Interactions as a Foundation

For a service to feel private, there must never be any doubt about who you are communicating with. We’ve worked hard to build privacy into all our products, including those for public sharing. But one great property of messaging services is that even as your contacts list grows, your individual threads and groups remain private. As your friends evolve over time, messaging services evolve gracefully and remain intimate.

This is different from broader social networks, where people can accumulate friends or followers until the services feel more public. This is well-suited to many important uses — telling all your friends about something, using your voice on important topics, finding communities of people with similar interests, following creators and media, buying and selling things, organizing fundraisers, growing businesses, or many other things that benefit from having everyone you know in one place. Still, when you see all these experiences together, it feels more like a town square than a more intimate space like a living room.

There is an opportunity to build a platform that focuses on all of the ways people want to interact privately. This sense of privacy and intimacy is not just about technical features — it is designed deeply into the feel of the service overall. In WhatsApp, for example, our team is obsessed with creating an intimate environment in every aspect of the product. Even where we’ve built features that allow for broader sharing, it’s still a less public experience. When the team built groups, they put in a size limit to make sure every interaction felt private. When we shipped stories on WhatsApp, we limited public content because we worried it might erode the feeling of privacy to see lots of public content — even if it didn’t actually change who you’re sharing with.

In a few years, I expect future versions of Messenger and WhatsApp to become the main ways people communicate on the Facebook network. We’re focused on making both of these apps faster, simpler, more private and more secure, including with end-to-end encryption. We then plan to add more ways to interact privately with your friends, groups, and businesses. If this evolution is successful, interacting with your friends and family across the Facebook network will become a fundamentally more private experience.

Encryption and Safety

People expect their private communications to be secure and to only be seen by the people they’ve sent them to — not hackers, criminals, over-reaching governments, or even the people operating the services they’re using.

There is a growing awareness that the more entities that have access to your data, the more vulnerabilities there are for someone to misuse it or for a cyber attack to expose it. There is also a growing concern among some that technology may be centralizing power in the hands of governments and companies like ours. And some people worry that our services could access their messages and use them for advertising or in other ways they don’t expect.

End-to-end encryption is an important tool in developing a privacy-focused social network. Encryption is decentralizing — it limits services like ours from seeing the content flowing through them and makes it much harder for anyone else to access your information. This is why encryption is an increasingly important part of our online lives, from banking to healthcare services. It’s also why we built end-to-end encryption into WhatsApp after we acquired it.

In the last year, I’ve spoken with dissidents who’ve told me encryption is the reason they are free, or even alive. Governments often make unlawful demands for data, and while we push back and fight these requests in court, there’s always a risk we’ll lose a case — and if the information isn’t encrypted we’d either have to turn over the data or risk our employees being arrested if we failed to comply. This may seem extreme, but we’ve had a case where one of our employees was actually jailed for not providing access to someone’s private information even though we couldn’t access it since it was encrypted.

At the same time, there are real safety concerns to address before we can implement end-to-end encryption across all of our messaging services. Encryption is a powerful tool for privacy, but that includes the privacy of people doing bad things. When billions of people use a service to connect, some of them are going to misuse it for truly terrible things like child exploitation, terrorism, and extortion. We have a responsibility to work with law enforcement and to help prevent these wherever we can. We are working to improve our ability to identify and stop bad actors across our apps by detecting patterns of activity or through other means, even when we can’t see the content of the messages, and we will continue to invest in this work. But we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves.

Finding the right ways to protect both privacy and safety is something societies have historically grappled with. There are still many open questions here and we’ll consult with safety experts, law enforcement and governments on the best ways to implement safety measures. We’ll also need to work together with other platforms to make sure that as an industry we get this right. The more we can create a common approach, the better.

On balance, I believe working towards implementing end-to-end encryption for all private communications is the right thing to do. Messages and calls are some of the most sensitive private conversations people have, and in a world of increasing cyber security threats and heavy-handed government intervention in many countries, people want us to take the extra step to secure their most private data. That seems right to me, as long as we take the time to build the appropriate safety systems that stop bad actors as much as we possibly can within the limits of an encrypted service. We’ve started working on these safety systems building on the work we’ve done in WhatsApp, and we’ll discuss them with experts through 2019 and beyond before fully implementing end-to-end encryption. As we learn more from those experts, we’ll finalize how to roll out these systems.

Reducing Permanence

We increasingly believe it’s important to keep information around for shorter periods of time. People want to know that what they share won’t come back to hurt them later, and reducing the length of time their information is stored and accessible will help.

One challenge in building social tools is the “permanence problem”. As we build up large collections of messages and photos over time, they can become a liability as well as an asset. For example, many people who have been on Facebook for a long time have photos from when they were younger that could be embarrassing. But people also really love keeping a record of their lives. And if all posts on Facebook and Instagram disappeared, people would lose access to a lot of valuable knowledge and experiences others have shared.

I believe there’s an opportunity to set a new standard for private communication platforms — where content automatically expires or is archived over time. Stories already expire after 24 hours unless you archive them, and that gives people the comfort to share more naturally. This philosophy could be extended to all private content.

For example, messages could be deleted after a month or a year by default. This would reduce the risk of your messages resurfacing and embarrassing you later. Of course you’d have the ability to change the timeframe or turn off auto-deletion for your threads if you wanted. And we could also provide an option for you to set individual messages to expire after a few seconds or minutes if you wanted.

It also makes sense to limit the amount of time we store messaging metadata. We use this data to run our spam and safety systems, but we don’t always need to keep it around for a long time. An important part of the solution is to collect less personal data in the first place, which is the way WhatsApp was built from the outset.

Interoperability

People want to be able to choose which service they use to communicate with people. However, today if you want to message people on Facebook you have to use Messenger, on Instagram you have to use Direct, and on WhatsApp you have to use WhatsApp. We want to give people a choice so they can reach their friends across these networks from whichever app they prefer.

We plan to start by making it possible for you to send messages to your contacts using any of our services, and then to extend that interoperability to SMS too. Of course, this would be opt-in and you will be able to keep your accounts separate if you’d like.

There are privacy and security advantages to interoperability. For example, many people use Messenger on Android to send and receive SMS texts. Those texts can’t be end-to-end encrypted because the SMS protocol is not encrypted. With the ability to message across our services, however, you’d be able to send an encrypted message to someone’s phone number in WhatsApp from Messenger.

This could also improve convenience in many experiences where people use Facebook or Instagram as their social network and WhatsApp as their preferred messaging service. For example, lots of people selling items on Marketplace list their phone number so people can message them about buying it. That’s not ideal, because you’re giving strangers your phone number. With interoperability, you’d be able to use WhatsApp to receive messages sent to your Facebook account without sharing your phone number — and the buyer wouldn’t have to worry about whether you prefer to be messaged on one network or the other.

You can imagine many simple experiences — a person discovers a business on Instagram and easily transitions to their preferred messaging app for secure payments and customer support; another person wants to catch up with a friend and can send them a message that goes to their preferred app without having to think about where that person prefers to be reached; or you simply post a story from your day across both Facebook and Instagram and can get all the replies from your friends in one place.

You can already send and receive SMS texts through Messenger on Android today, and we’d like to extend this further in the future, perhaps including the new telecom RCS standard. However, there are several issues we’ll need to work through before this will be possible. First, Apple doesn’t allow apps to interoperate with SMS on their devices, so we’d only be able to do this on Android. Second, we’d need to make sure interoperability doesn’t compromise the expectation of encryption that people already have using WhatsApp. Finally, it would create safety and spam vulnerabilities in an encrypted system to let people send messages from unknown apps where our safety and security systems couldn’t see the patterns of activity.

These are significant challenges and there are many questions here that require further consultation and discussion. But if we can implement this, we can give people more choice to use their preferred service to securely reach the people they want.

Secure Data Storage

People want to know their data is stored securely in places they trust. Looking at the future of the internet and privacy, I believe one of the most important decisions we’ll make is where we’ll build data centers and store people’s sensitive data.

There’s an important difference between providing a service in a country and storing people’s data there. As we build our infrastructure around the world, we’ve chosen not to build data centers in countries that have a track record of violating human rights like privacy or freedom of expression. If we build data centers and store sensitive data in these countries, rather than just caching non-sensitive data, it could make it easier for those governments to take people’s information.

Upholding this principle may mean that our services will get blocked in some countries, or that we won’t be able to enter others anytime soon. That’s a tradeoff we’re willing to make. We do not believe storing people’s data in some countries is a secure enough foundation to build such important internet infrastructure on.

Of course, the best way to protect the most sensitive data is not to store it at all, which is why WhatsApp doesn’t store any encryption keys and we plan to do the same with our other services going forward.

But storing data in more countries also establishes a precedent that emboldens other governments to seek greater access to their citizen’s data and therefore weakens privacy and security protections for people around the world. I think it’s important for the future of the internet and privacy that our industry continues to hold firm against storing people’s data in places where it won’t be secure.

Next Steps

Over the next year and beyond, there are a lot more details and trade-offs to work through related to each of these principles. A lot of this work is in the early stages, and we are committed to consulting with experts, advocates, industry partners, and governments — including law enforcement and regulators — around the world to get these decisions right.

At the same time, working through these principles is only the first step in building out a privacy-focused social platform. Beyond that, significant thought needs to go into all of the services we build on top of that foundation — from how people do payments and financial transactions, to the role of businesses and advertising, to how we can offer a platform for other private services.

But these initial questions are critical to get right. If we do this well, we can create platforms for private sharing that could be even more important to people than the platforms we’ve already built to help people share and connect more openly.

Doing this means taking positions on some of the most important issues facing the future of the internet. As a society, we have an opportunity to set out where we stand, to decide how we value private communications, and who gets to decide how long and where data should be stored.

I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it and won’t all stick around forever. If we can help move the world in this direction, I will be proud of the difference we’ve made.

Powered by WPeMatico

Medal.tv’s clipping service allows gamers to share the moments of their digital lives

Posted by | api, Casual Game, computing, fortnite, gamer, Gaming, Initial Capital, instagram, makers fund, medal.tv, Netherlands, online gaming, Recent Funding, Ridge Ventures, Roblox, satellite imagery, serial entrepreneur, Startups, TC, Twitch, WhatsApp | No Comments

As online gaming becomes the new social forum for living out virtual lives, a new startup called Medal.tv has raised $3.5 million for its in-game clipping service to capture and share the Kodak moments and digital memories that are increasingly happening in places like Fortnite or Apex Legends.

Digital worlds like Fortnite are now far more than just a massively multiplayer gaming space. They’re places where communities form, where social conversations happen and where, increasingly, people are spending the bulk of their time online. They even host concerts — like the one from EDM artist Marshmello, which drew (according to the DJ himself) roughly 10 million players onto the platform.

While several services exist to provide clips of live streams from gamers who broadcast on platforms like Twitch, Medal.tv bills itself as the first to offer clipping services for the private games that more casual gamers play among friends and far-flung strangers around the world.

“Essentially the next generation is spending the same time inside games that we used to playing sports outside and things like that,” says Medal.tv’s co-founder and chief executive, Pim DeWitte. “It’s not possible to tell how far it will go. People will capture as many if not more moments for the reason that it’s simpler.”

The company marks a return to the world of gaming for DeWitte, a serial entrepreneur who first started coding when he was 13 years old.

Hailing from a small town in the Netherlands called Nijmegen, DeWitte first reaped the rewards of startup success with a gaming company called SoulSplit. Built on the back of his popular YouTube channel, the SoulSplit game was launched with DeWitte’s childhood friend, Iggy Harmsen, and a fellow online gamer, Josh Lipson, who came on board as SoulSplit’s chief technology officer.

At its height, SoulSplit was bringing in $1 million in revenue and employed roughly 30 people, according to interviews with DeWitte.

The company shut down in 2015 and the co-founders split up to pursue other projects. For DeWitte that meant a stint working with Doctors Without Borders on an app called MapSwipe that would use satellite imagery to better locate people in the event of a humanitarian crisis. He also helped the nonprofit develop a tablet that could be used by doctors deployed to treat Ebola outbreaks.

Then in 2017, as social gaming was becoming more popular on games like Fortnite, DeWitte and his co-founders returned to the industry to launch Medal.tv.

It initially started as a marketing tool to get people interested in playing the games that DeWitte and his co-founders were hoping to develop. But as the clipping service took off, DeWitte and co. realized they potentially had a more interesting social service on their hands.

“We were going to build a mobile app and were going to load a bunch of videos of people playing games and then we we’re going to load videos of our games,” DeWitte says. 

The service allows users to capture the last 15 seconds of gameplay using different recording mechanisms based on game type. Medal.tv captures gameplay on a device and users can opt-in to record sound as well.

It is programmed so that it only records the game,” DeWitte says. “There is no inbound connection. It only calls for the API [and] all of the things that would be somewhat dangerous from a privacy perspective are all opt-in.”

There are roughly 30,000 users on the platform every week and around 15,000 daily active users, according to DeWitte. Launched last May, the company has been growing between 5 percent and 10 percent weekly, according to DeWitte. Typically, users are sharing clips through Discord, WhatsApp and Instagram direct messages, DeWitte said.

In addition to the consumer-facing clipping service, Medal also offers a data collection service that aggregates information about the clips that are shared by Medal’s users so game developers and streamers can get a sense of how clips are being shared across which platform.

“We look at clips as a form of communication and in most activity that we see, that’s how it’s being used,” says DeWitte.

But that information is also valuable to esports organizations to determine where they need to allocate new resources.

“Medal.tv Metrics is spectacular,” said Peter Levin, chairman of the Immortals esports organization, in a statement. “With it, any gaming organization gains clear, actionable insights into the organic reach of their content, and can build a roadmap to increase it in a measurable way.”

The activity that Medal was seeing was impressive enough to attract the attention of investors led by Backed VC and Initial Capital. Ridge Ventures, Makers Fund and Social Starts participated in the company’s $3.5 million round as well, with Alex Brunicki, a founding partner at Backed, and Matteo Vallone, principal at Initial, joining the company’s board.

“Emerging generations are experiencing moments inside games the same way we used to with sports and festivals growing up. Digital and physical identity are merging and the technology for gamers hasn’t evolved to support that,” said Brunicki in a statement.

Medal’s platform works with games like Apex Legends, Fortnite, Roblox, Minecraft and Oldschool Runescape (where DeWitte first cut his teeth in gaming).

“Friends are the main driver of game discovery, and game developers benefit from shareable games as a result. Medal.tv is trying to enable that without the complexity of streaming,” said Vallone, who previously headed up games for Google Play Europe, and now sits on the Medal board. 

Powered by WPeMatico