privacy

Google launches the final beta of Android 11

Posted by | Android, android 10, android studio, api, Bluetooth, computing, exposure notification, Google, mass surveillance, mobile operating system, operating system, operating systems, privacy, smartphones, spokesperson, TC | No Comments

With the launch of Android 11 getting closer, Google today launched the third and final beta of its mobile operating system ahead of its general availability. Google had previously delayed the beta program by about a month because of the coronavirus pandemic.

Image Credits: Google

Since Android 11 had already reached platform stability with Beta 2, most of the changes here are fixes and optimizations. As a Google spokesperson noted, “this beta is focused on helping developers put the finishing touches on their apps as they prepare for Android 11, including the official API 30 SDK and build tools for Android Studio.”

The one exception is some updates to the Exposure Notification System contact-tracing API, which users can now use without turning on device location settings. Exposure Notification is an exception here, as all other Android apps need to have location settings on (and user permission to access it) to perform the kind of Bluetooth scanning Google is using for this API.

Otherwise, there are no surprises here, given that this has already been a pretty lengthy preview cycle. Mostly, Google really wants developers to make sure their apps are ready for the new version, which includes quite a few changes.

If you are brave enough, you can get the latest beta over the air as part of the Android Beta program. It’s available for Pixel 2, 3, 3a, 4 and (soon) 4a users.

Powered by WPeMatico

Google-Fitbit deal to be scrutinized in Europe over data competition concerns

Posted by | ambient intelligence, Android, antitrust, competition, digital advertising, Europe, european commission, european union, Facebook, fitbit, Gadgets, Google, Internet of Things, Margrethe Vestager, online search, operating system, Policy, privacy, Privacy International, rick osterloh, search engine, smartphones, Sundar Pichai, United States, wearable devices, wearable technology, Wearables, WhatsApp | No Comments

In a set-back for Google’s plan to acquire health wearable company Fitbit, the European Commission has announced it’s opening an investigation to dig into a range of competition concerns being attached to the proposal from multiple quarters.

This means the deal is on ice for a period of time that could last until early December.

The Commission said it has 90 working days to take a decision on the acquisition — so until December 9, 2020.

Commenting on opening an “in-depth investigation” in a statement, Commission EVP Margrethe Vestager — who heads up both competition policy and digital strategy for the bloc — said: “The use of wearable devices by European consumers is expected to grow significantly in the coming years. This will go hand in hand with an exponential growth of data generated through these devices. This data provides key insights about the life and the health situation of the users of these devices.Our investigation aims to ensure that control by Google over data collected through wearable devices as a result of the transaction does not distort competition.”

Google has responded to the EU brake on its ambitions with a blog post in which its devices & services chief seeks to defend the deal, arguing it will spur innovation and lead to increased competition.

“This deal is about devices, not data,” Google VP Rick Osterloh further claims.

The tech giant announced its desire to slip into Fitbit’s data-sets back in November, when it announced a plan to shell out $2.1BN in an all-cash deal to pick up the wearable maker.

Fast forward a few months and CEO Sundar Pichai is being taken to task by lawmakers on home turf for stuff like ‘helping destroy anonymity on the Internet‘. Last year’s already rowdy antitrust drum beat around big tech has become a full on rock festival so the mood music around tech acquisitions might finally be shifting.

Since news of Google’s plan to grab Fitbit dropped concerns about the deal have been raised all over Europe — with consumer groups, privacy regulators and competition and tech policy wonks all sounding the alarm at the prospect of letting the adtech giant gobble a device maker and help itself to a bunch of sensitive consumer health data in the process.

Digital privacy rights group, Privacy International — one of the not-for-profits that’s been urging regulators not to rubberstamp the deal — argues the acquisition would not only squeeze competition in the nascent digital health market, and also for wearables, but also reduce “what little pressure there currently is on Google to compete in relation to privacy options available to consumers (both existing and future Fitbit users), leading to even less competition on privacy standards and thereby enabling the further degradation of consumers’ privacy protections”, as it puts it.

So much noise is being made that Google has already played the ‘we promise not to…’ card that’s a favorite of data-mining tech giants. (Typically followed, a few years later, with a ‘we got ya sucker’ joker — as they go ahead and do the thing they totally said they wouldn’t.)

To wit: From the get-go Fitbit has claimed users’ “health and wellness data will not be used for Google ads”. Just like WhatsApp said nothing would change when Facebook bought them. (Er.)

Last month Reuters revisited the concession, in an “exclusive” report that cited “people familiar with the matter” who apparently told it the deal could be waved through if Google pledged not to use Fitbit data for ads.

It’s not clear where the leak underpinning its news report came from but Reuters also ran with a quote from a Google spokeswoman — who further claimed: “Throughout this process we have been clear about our commitment not to use Fitbit health and wellness data for Google ads and our responsibility to provide people with choice and control with their data.”

In the event, Google’s headline-grabbing promises to behave itself with Fitbit data have not prevented EU regulators from wading in for a closer look at competition concerns — which is exactly as it should be.

In truth, given the level of concern now being raised about tech giants’ market power and adtech giant Google specifically grabbing a treasure trove of consumer health data, a comprehensive probe is the very least regulators should be doing.

If digital policy history has shown anything over the past decade+ (and where data is concerned) it’s that the devil is always in the fine print detail. Moreover the fast pace of digital markets can mean a competitive threat may only be a micro pivot away from materializing. Theories of harm clearly need updating to take account of data-mining technosocial platform giants. And the Commission knows that — which is why it’s consulting on giving itself more powers to tackling tipping in digital markets. But it also needs to flex and exercise the powers it currently has. Such as opening a proper investigation — rather than gaily waving tech giant deals through.

Antitrust may now be flavor of the month where tech giants are concerned — with US lawmakers all but declaring war on digital ‘robber barons’ at last month’s big subcommittee showdown in Congress. But it’s also worth noting that EU competition regulators — for all their heavily publicized talk of properly regulating the digital sphere — have yet to block a single digital tech merger.

It remains to be seen whether that record will change come December.

“The Commission is concerned that the proposed transaction would further entrench Google’s market position in the online advertising markets by increasing the already vast amount of data that Google could use for personalisation of the ads it serves and displays,” it writes in a press release today.

Following a preliminary assessment process of the deal, EU regulators said they have concerns about [emphasis theirs]:

  • “the impact of the transaction on the supply of online search and display advertising services (the sale of advertising space on, respectively, the result page of an internet search engine or other internet pages)”
  • and on “the supply of ‘ad tech’ services (analytics and digital tools used to facilitate the programmatic sale and purchase of digital advertising)”

“By acquiring Fitbit, Google would acquire (i) the database maintained by Fitbit about its users’ health and fitness; and (ii) the technology to develop a database similar to Fitbit’s one,” the Commission further notes.

“The data collected via wrist-worn wearable devices appears, at this stage of the Commission’s review of the transaction, to be an important advantage in the online advertising markets. By increasing the data advantage of Google in the personalisation of the ads it serves via its search engine and displays on other internet pages, it would be more difficult for rivals to match Google’s online advertising services. Thus, the transaction would raise barriers to entry and expansion for Google’s competitors for these services, to the ultimate detriment of advertisers and publishers that would face higher prices and have less choice.”

The Commission views Google as dominant in the supply of online search advertising services in almost all EEA (European Economic Area) countries; as well as holding “a strong market position” in the supply of online advertising display services in a large number of EEA countries (especially off-social network display ads), and “a strong market position” in the supply of adtech services in the EEA.

All of which will inform its considerations as it looks at whether Google will gain an unfair competitive advantage by assimilating Fitbit data. (Vestager has also issued a number of antitrust enforcements against the tech giant in recent years, against Android, AdSense and Google Shopping.)

The regulator has also said it will further look at:

  • the “effects of the combination of Fitbit’s and Google’s databases and capabilities in the digital healthcare sector, which is still at a nascent stage in Europe”
  • “whether Google would have the ability and incentive to degrade the interoperability of rivals’ wearables with Google’s Android operating system for smartphones once it owns Fitbit”

The tech giant has already offered EU regulators one specific concession in the hopes of getting the Fitbit buy green lit — with the Commission noting that it submitted commitments aimed at addressing concerns last month.

Google suggested creating a data silo to hold data collected via Fitbit’s wearable devices — and where it said it would be kept separate from any other dataset within Google (including claiming it would be restricted for ad purposes). However the Commission expresses scepticism about Google’s offer, writing that it “considers that the data silo commitment proposed by Google is insufficient to clearly dismiss the serious doubts identified at this stage as to the effects of the transaction”.

“Among others, this is because the data silo remedy did not cover all the data that Google would access as a result of the transaction and would be valuable for advertising purposes,” it added.

Google makes reference to this data silo in its blog post, claiming: “We’ve been clear from the beginning that we will not use Fitbit health and wellness data for Google ads. We recently offered to make a legally binding commitment to the European Commission regarding our use of Fitbit data. As we do with all our products, we will give Fitbit users the choice to review, move or delete their data. And we’ll continue to support wide connectivity and interoperability across our and other companies’ products.”

“We appreciate the opportunity to work with the European Commission on an approach that addresses consumers’ expectations of their wearable devices. We’re confident that by working closely with Fitbit’s team of experts, and bringing together our experience in AI, software and hardware, we can build compelling devices for people around the world,” it adds.

Powered by WPeMatico

First US apps based on Google and Apple Exposure Notification System expected in ‘coming weeks’

Posted by | Android, Android Nougat, api, Apple, Apps, Bluetooth, Canada, computing, coronavirus, COVID-19, dave burke, exposure notification, Google, Health, location services, mass surveillance, mobile applications, mobile software, operating systems, privacy, smartphones, TC, United States | No Comments

Google Vice President of Engineering Dave Burke provided an update about the Exposure Notifications System (ENS) that Google developed in partnership with Apple as a way to help public health authorities supplement contact-tracing efforts with a connected solution that preserves privacy while alerting people of potential exposure to confirmed cases of COVID-19. In the update, Burke notes that the company expects “to see the first set of these apps roll out in the coming weeks” in the U.S., which may be a tacit response to some critics who have pointed out that we haven’t seen much in the way of actual products being built on the technology that was launched in May.

Burke writes that 20 states and territories across the U.S. are currently “exploring” apps that make use of the ENS system, and that together those represent nearly half (45%) of the overall American populace. He also shared recent updates and improvements made to both the Exposure Notification API as well as to its surrounding documentation and information that the companies have shared in order to answer questions from state health agencies, and hopefully make its use and privacy implications more transparent.

The ENS API now supports exposure notifications between countries, which Burke says is a feature added based on nations that have already launched apps based on the tech (that includes Canada, as of today, as well as some European nations). It’s also now better at using Bluetooth values specific to a wider range of devices to improve nearby device detection accuracy. He also says they’ve improved the reliability for both apps and debugging tools for those working on development, which should help public health authorities and their developer partners more easily build apps that actually use ENS.

Burke continues that there’s been feedback from developers that they’d like more detail about how ENS works under the covers, and so they’ve published public-facing guides that direct health authorities about test verification server creation, code revealing its underlying workings and information about what data is actually collected (in a de-identified manner) to allow for much more transparent debugging and verification of proper app functioning.

Google also explains why it requires that an Android device’s location setting be turned on to use Exposure Notifications — even though apps built using the API are explicitly forbidden from also collecting location data. Basically, it’s a legacy requirement that Google is removing in Android 11, which is set to be released soon. In the meantime, however, Burke says that even with location services turned off, no app that uses the ENS will actually be able to see or receive any location data.

Powered by WPeMatico

MSCHF drops an ultrasonic jamming device add-on for your Amazon Echo

Posted by | amazon alexa, Amazon Echo, Gadgets, MSCHF, privacy, TC | No Comments

Smart assistants are sensitive to their wake words, but who among us doesn’t trigger the smart speakers in their house with alarming frequency? Add in some heavily detailed privacy mishaps and a general feeling of distrust and there’s plenty of reason you might want to silence your smart speaker occasionally.

A new device promises to do just that, placing a check on your Amazon Echo’s always-on microphones through ultrasonic jamming. The gadget, dubbed Alexagate, is the latest drop from hype-as-a-service startup MSCHF. Last month, the startup announced a partnership with YouTuber MrBeast and an app where users could win big bucks as long as they kept their finger on their phone. The contest ended with multiple winners as the competition stretched from hours into days.

Image Credits: Lucas Matney

Alexagate is a product for the times, encapsulating a lot of public and private fears about big tech. The device, which took over a year of planning to come to life, is a novelty item, but it does work and it required real engineering to build. The device features seven individual ultrasonic speakers that are arranged to jam the speakers on Echo devices by overwhelming them with sound so they can’t hear anything else. A flippable plastic interface allows the Alexagate to fit seamlessly to most of the Echo devices out there.

In my own experiments, the device does exactly what it says, jamming Alexa when it’s turned on. If you do want to use your smart speaker, you can clap and deactivate the Alexagate, allowing “Hey Alexa” to get a response from the Amazon smart speaker.

It was designed specifically for Amazon Echo devices, though MSCHF creative director Kevin Wiesner says they chose Amazon largely because their speakers were the most common. Nevertheless, when you open the box, you’re hit with a product guide featuring the title “BYE BYE BEZOS,” indicating that the device is in some ways meant to stick it to the world’s richest man.

The product’s manifesto page sows seeds of doubt around whether big tech is listening into user conversations. “Perhaps you don’t subscribe to the notion that Facebook always listens through your phone’s mic, but ask yourself at least this in all honesty: Do you think the Echo ‘mute’ button really does anything?”

It’s a tantalizing line, but sits at odds with what security researchers have found about these hardware kill switches, which do indeed work by cutting power directly to the device’s microphones. The fact is that these ideas take off because people generally don’t trust a Facebook or Amazon to approach their privacy responsibly. This idea was central to the creation of the device, Wiesner says.

“So, the guideline that we set for ourselves internally when we’re coming up with physical products ideas is objects that have a point of view.” Wiesner told TechCrunch in an interview. “You’re gonna put this in your living room and, in some ways, it’s almost like a virtue signal to someone who comes into your house and sees it on your end table. It’s ostentatious privacy, in that sense because it is kind of like supposed to start a discussion of what it means to have a smart device and what you’re giving up for it for that.”

Smart speakers are far from essential devices, so the argument for users who might “need” something like this might boil down to calls for them to just unplug their Echo and live without the mild conveniences it provides. Though it’s a functional device, the Alexagate is more focused on the themes its creation stands behind. In a lot of ways, products from huge tech companies are becoming unavoidable and it’s not wrong for users to like some things about them and wish that they could avoid other elements of the products.

Image Credits: Lucas Matney

It’s an argument used by decentralization advocates who want the freedom to hack around with a company’s products that they use so that they can tailor them for exactly what they want. In Alexagate’s instance, users might want the convenience of a smart speaker but want the checks and balance of an external company verifying that it can’t hear a thing.

MSCHF’s Alexagate device is available now on their website for $99. It doesn’t appear to be available for purchase on Amazon quite yet.

pic.twitter.com/CJeT293dqv

— Lucas Matney (@lucasmtny) July 27, 2020

Powered by WPeMatico

Typewise taps $1M to build an offline next word prediction engine

Posted by | Android, Apple, Apps, artificial intelligence, Data Mining, Elon Musk, eth, Europe, Fundings & Exits, gmail, Google, machine learning, Microsoft, ML, Mobile, mobile app, mobile device, operating systems, oracle, privacy, Salesforce, sap, smartphones, SwiftKey, switzerland, Typewise, zurich | No Comments

Swiss keyboard startup Typewise has bagged a $1 million seed round to build out a typo-busting, ‘privacy-safe’ next word prediction engine designed to run entirely offline. No cloud connectivity, no data mining risk is the basic idea.

They also intend the tech to work on text inputs made on any device, be it a smartphone or desktop, a wearable, VR — or something weirder that Elon Musk might want to plug into your brain in future.

For now they’ve got a smartphone keyboard app that’s had around 250,000 downloads — with some 65,000 active users at this point.

The seed funding breaks down into $700K from more than a dozen local business angels; and $340K via the Swiss government through a mechanism (called “Innosuisse projects“), akin to a research grant, which is paying for the startup to employ machine learning experts at Zurich’s ETH research university to build out the core AI.

The team soft launched a smartphone keyboard app late last year, which includes some additional tweaks (such as an optional honeycomb layout they tout as more efficient; and the ability to edit next word predictions so the keyboard quickly groks your slang) to get users to start feeding in data to build out their AI.

Their main focus is on developing an offline next word prediction engine which could be licensed for use anywhere users are texting, not just on a mobile device.

“The goal is to develop a world-leading text prediction engine that runs completely on-device,” says co-founder David Eberle. “The smartphone keyboard really is a first use case. It’s great to test and develop our algorithms in a real-life setting with tens of thousands of users. The larger play is to bring word/sentence completion to any application that involves text entry, on mobiles or desktop (or in future also wearables/VR/Brain-Computer Interfaces).

“Currently it’s pretty much only Google working on this (see Gmail’s auto completion feature). Applications such as Microsoft Teams, Slack, Telegram, or even SAP, Oracle, Salesforce would want such productivity increase – and at that level privacy/data security matters a lot. Ultimately we envision that every “human-machine interface” is, at least on the text-input level, powered by Typewise.”

You’d be forgiven for thinking all this sounds a bit retro, given the earlier boom in smartphone AI keyboards — such as SwiftKey (now owned by Microsoft).

The founders have also pushed specific elements of their current keyboard app — such as the distinctive honeycomb layout — before, going down a crowdfunding route back in 2015, when they were calling the concept Wrio. But they reckon it’s now time to go all in — hence relaunching the business as Typewise and shooting to build a licensing business for offline next word prediction.

“We’ll use the funds to develop advanced text predictions… first launching it in the keyboard app and then bringing it to the desktop to start building partnerships with relevant software vendors,” says Eberle, noting they’re working on various enhancements to the keyboard app and also plan to spend on marketing to try to hit 1M active users next year.

“We have more ‘innovative stuff’ [incoming] on the UX side as well, e.g. interacting with auto correction (so the user can easily intervene when it does something wrong — in many countries users just turn it off on all keyboards because it gets annoying), gamifying the general typing experience (big opportunity for kids/teenagers, also making them more aware of what and how they type), etc.”

The competitive landscape around smartphone keyboard tech, largely dominated by tech giants, has left room for indie plays, is the thinking. Nor is Typewise the only startup thinking that way (Fleksy has similar ambitions, for one). However gaining traction vs such giants — and over long established typing methods — is the tricky bit.

Android maker Google has ploughed resource into its Gboard AI keyboard — larding it with features. While, on iOS, Apple’s interface for switching to a third party keyboard is infamously frustrating and finicky; the opposite of a seamless experience. Plus the native keyboard offers next word prediction baked in — and Apple has plenty of privacy credit. So why would a user bother switching is the problem there.

Competing for smartphone users’ fingers as an indie certainly isn’t easy. Alternative keyboard layouts and input mechanism are always a very tough sell as they disrupt people’s muscle memory and hit mobile users hard in their comfort and productivity zone. Unless the user is patient and/or stubborn enough to stick with a frustratingly different experience they’ll soon ditch for the keyboard devil they know.  (‘Qwerty’ is an ancient typewriter layout turned typing habit we English speakers just can’t kick.)

Given all that, Typewise’s retooled focus on offline next word prediction to do white label b2b licensing makes more sense — assuming they can pull off the core tech.

And, again, they’re competing at a data disadvantage on that front vs more established tech giant keyboard players, even as they argue that’s also a market opportunity.

“Google and Microsoft (thanks to the acquisition of SwiftKey) have a solid technology in place and have started to offer text predictions outside of the keyboard; many of their competitors, however, will want to embed a proprietary (difficult to build) or independent technology, especially if their value proposition is focused on privacy/confidentiality,” Eberle argues.

“Would Telegram want to use Google’s text predictions? Would SAP want that their clients’ data goes through Microsoft’s prediction algorithms? That’s where we see our right to win: world-class text predictions that run on-device (privacy) and are made in Switzerland (independent environment, no security back doors, etc).”

Early impressions of Typewise’s next word prediction smarts (gleaned by via checking out its iOS app) are pretty low key (ha!). But it’s v1 of the AI — and Eberle talks bullishly of having “world class” developers working on it.

“The collaboration with ETH just started a few weeks ago and thus there are no significant improvements yet visible in the live app,” he tells TechCrunch. “As the collaboration runs until the end of 2021 (with the opportunity of extension) the vast majority of innovation is still to come.”

He also tells us Typewise is working with ETH’s Prof. Thomas Hofmann (chair of the Data Analytic Lab, formerly at Google), as well as having has two PhDs in NLP/ML and one MSc in ML contributing to the effort.

“We get exclusive rights to the [ETH] technology; they don’t hold equity but they get paid by the Swiss government on our behalf,” Eberle also notes. 

Typewise says its smartphone app supports more than 35 languages. But its next word prediction AI can only handle English, German, French, Italian and Spanish at this point. The startup says more are being added.

Powered by WPeMatico

EU antitrust lawmakers kick off IoT deep dive to follow the data flows

Posted by | Amazon, artificial intelligence, Asia, competition, digital markets, Europe, european union, Gadgets, Internet of Things, IoT, Margrethe Vestager, Policy, privacy, smart devices, United States, Wearables | No Comments

The potential for the Internet of Things to lead to distortion in market competition is troubling European Union lawmakers who have today kicked off a sectoral inquiry.

They’re aiming to gather data from hundreds of companies operating in the smart home and connected device space — via some 400 questionnaires, sent to companies big and small across Europe, Asia and the US — using the intel gleaned to feed a public consultation slated for early next year when the Commission will also publish a preliminary report. 

In a statement on the launch of the sectoral inquiry today, the European Union’s competition commissioner, Margrethe Vestager, said the risks to competition and open markets linked to the data collection capabilities of connected devices and voice assistants are clear. The aim of the exercise is therefore to get ahead of any data-fuelled competition risks in the space before they lead to irreversible market distortion.

“One of the key issues here is data. Voice assistants and smart devices can collect a vast amount of data about our habits. And there’s a risk that big companies could misuse the data collected through such devices, to cement their position in the market against the challenges of competition. They might even use their knowledge of how we access other services to enter the market for those services and take it over,” said Vestager.

“We have seen this type of conduct before. This is not new. So we know there’s a risk that some of these players could become gatekeepers of the Internet of Things, with the power to make or break other companies. And these gatekeepers might use that power to harm competition, to the detriment of consumers.”

The Commission recently opened up a consultation on whether regulators needs new powers to address competition risks in digital markets, including being able to intervene when they suspect digital market tipping.

It is also asking for views on how to shape regulations around platform governance.

The IoT sectorial enquiry adds another plank to its approach towards reformulating digital regulation in the data age. (Notably competition chief Vestager is simultaneously the Commission EVP in charge of pan-EU digital strategy.)

On the IoT front, risks Vestager said she’s concerned about include what she couched as familiar antitrust behaviour such as “self-preferencing” — i.e. a company directing users towards its own products or services — as well as companies inking exclusive deals to send users “preferred” provider, thereby locking out more open competition.

“Whether that’s for a new set of batteries for your remote control or for your evening takeaway. In either case, the result can be less choice for users, less opportunity for others to compete, and less innovation,” she suggested.

“The trouble is that competition in digital markets can be fragile,” Vestager added. “When big companies abuse their power, they can very quickly push markets beyond the tipping point, where competition turns to monopoly. We’ve seen that happen before.  If we don’t act in good time, there’s a serious risk that it will happen again, with the Internet of Things.”

The commissioner’s remarks suggest EU lawmakers could be considering regulations that aim to enforce interoperability between smart devices and platforms — although Vestager also said they will be asking about any barriers to achieving such cross-working.

“For us to get the most out of the Internet of Things, our smart devices need to communicate. So if the devices from different companies don’t work together, then consumers may be locked in to just one provider.  And be limited to what that provider has to offer,” she said.

“We’re asking about the products they sell, and how the markets for those products work. We’re asking about data – how it’s collected, how it’s used, and how companies make money from the data they collect. And we’re asking about how these products and services work together, and about possible problems with making them interoperable.”

Vestager has raised concerns about the potential for voice assistant technology to lead to market concentration and distortion before — saying last year that they present an acute challenge to regulators who she said then were “trying to figure out how access to data will change the marketplace”.

The question of how access to digital data feeds platform monopolies has been a long standing preoccupation for the now second term competition chief. Although the Commission’s work on figuring out how data access changes marketplace function remains something of a work in progress.

Vestager has an open investigation into Amazon’s use of third party data on her plate, for example. It also inked a first set of rules on ecommerce platform fairness last year. More rules may be incoming in a draft proposal for reformulating wider liability rules for platforms that’s slated to land by the end of this year, aka the forthcoming Digital Services Act.

The Commission noted today that a prior sector inquiry — into ecommerce markets — helped shape new rules against “unjustified geoblocking” in the EU, although it has not yet been able to dismantle geoblocking barriers to accessing digital services across the Single Market’s internal borders.

Last year privacy concerns raised in Europe around how tech giants operate voice assistant ‘quality grading’ programs, which involved human contractors listening in to users’ recordings, led to a number of changes — including the previously non-transparent programs being publicly disclosed, and choice/controls being provided to users.

Powered by WPeMatico

Privacy assistant Jumbo raises $8 million and releases major update

Posted by | Apps, Balderton Capital, Fundings & Exits, Jumbo Privacy, Mobile, privacy, Recent Funding, Startups | No Comments

A year after its initial release, Jumbo has two important pieces of news to announce. First, the company has released a major update of its app that protects your privacy on online services. Second, the company has raised an $8 million Series A funding round.

If you’re not familiar with Jumbo, the app wants to fix what’s broken with online privacy today. Complicated terms of services combined with customer-hostile default settings have made it really hard to understand what personal information is out there. Due to recent regulatory changes, it’s now possible to change privacy settings on many services.

While it is possible, it doesn’t mean it is easy. If you’ve tried to adjust your privacy settings on Facebook or LinkedIn, you know that it’s a convoluted process with a lot of sub-menus and non-descriptive text.

Similarly, social networks have been around for more than a decade. While you were comfortable sharing photos and public messages with a small group of friends 10 years ago, you don’t necessarily want to leave this content accessible to hundreds or even thousands of “friends” today.

The result is an iPhone and Android app that puts you in charge of your privacy. It’s essentially a dashboard that lets you control your privacy on the web. You first connect the app to various online services and you can then control those services from Jumbo. Jumbo doesn’t limit itself to what you can do with APIs, as it can mimic JavaScript calls on web pages that are unaccessible to the APIs.

For instance, if you connect your Facebook account, you can remove your profile from advertising lists, delete past searches, change the visibility of posts you’re tagged in and more. On Google, you can delete your history across multiple services — web searches, Chrome history, YouTube searches, Google Map activities, location history, etc.

More fundamentally, Jumbo challenges the fact that everything should remain online forever. Conversations you had six months ago might not be relevant today, so why can’t you delete those conversations?

Jumbo lets you delete and archive old tweets, Messenger conversations and old Facebook posts. The app can regularly scan your accounts and delete everything that is older than a certain threshold — it can be a month, a year or whatever you want.

While your friends will no longer be able to see that content, Jumbo archives everything in a tab called Vault.

With today’s update, everything has been refined. The main tab has been redesigned to inform you of what Jumbo has been doing over the past week. The company now uses background notifications to perform some tasks even if you’re not launching the app every day.

The data-breach monitoring has been improved. Jumbo now uses SpyCloud to tell you exactly what has been leaked in a data breach — your phone number, your email address, your password, your address, etc.

It’s also much easier to understand the settings you can change for each service thanks to simple toggles and recommendations that you can accept or ignore.

Image Credits: Jumbo

A clear business model

Jumbo’s basic features are free, but you’ll need to buy a subscription to access the most advanced features. Jumbo Plus lets you scan and archive your Instagram account, delete your Alexa voice recordings, manage your Reddit and Dropbox accounts and track more than one email address for data breaches.

Jumbo Pro lets you manage your LinkedIn account (and you know that LinkedIn’s privacy settings are a mess). You can also track more information as part of the data breach feature — your ID, your credit card number and your Social Security number. It also lets you activate a tracker blocker.

This new feature in the second version of Jumbo replaces default DNS settings on your phone. All DNS requests are routed through a Jumbo-managed networking profile on your phone. If you’re trying to access a tracker, the request is blocked; if you’re trying to access some legit content, the request goes through. It works in the browser and in native apps.

You can pay what you want for Jumbo Plus, from $3 per month to $8 per month. Similarly, you can pick what you want to pay for Jumbo Pro, between $9 per month and $15 per month.

You might think that you’re giving a ton of personal information to a small startup. Jumbo is well aware of that and tries to reassure its user base with radical design choices, transparency and a clear business model.

Jumbo doesn’t want to mine your data. Your archived data isn’t stored on Jumbo’s servers. It remains on your phone and optionally on your iCloud or Dropbox account as a backup.

Jumbo doesn’t even have user accounts. When you first open the app, the app assigns you a unique ID in order to send you push notifications, but that’s about it. The company has also hired companies for security audits.

“We don’t store email addresses so we don’t know why people subscribe,” Jumbo CEO Pierre Valade told me.

Profitable by 2022

Jumbo has raised an $8 million funding round. It had previously raised a $3.5 million seed round. This time, Balderton Capital is leading the round. The firm had already invested in Valade’s previous startup, Sunrise.

A lot of business angels participated in the round as well, and Jumbo is listing them all on its website. This is all about being transparent again.

Interestingly, Jumbo isn’t betting on explosive growth and eyeballs. The company says it has enough funding until February 2022. By then, the startup hopes it can attract 100,000 subscribers to reach profitability.

Powered by WPeMatico

Apple’s iOS 14 will give users the option to decline app ad tracking

Posted by | Android, app-store, Apple, apple inc, computing, events, Google, iPads, iPhone, iTunes, mach, operating systems, privacy, Security, smartphones, Software, wwdc 2020 | No Comments

A new version of iOS wouldn’t be the same without a bunch of security and privacy updates. Apple on Monday announced a ton of new features it’ll bake into iOS 14, expected out later this year with the release of new iPhones and iPads.

Apple said it will allow users to share your approximate location with apps, instead of your precise location. It’ll allow apps to take your rough location without identifying precisely where you are. It’s another option that users have when they give over their location. Last year, Apple allowed users to give over their location once so that apps can’t track a person as they go about their day.

iPhones with iOS 14 will also get a camera and microphone recording indicator in the status bar. It’s a similar feature to the camera light that comes with Macs and MacBooks. The recording indicator will sit in the top bar of your iPhone’s display when your front or rear camera is in use, or if a microphone is active.

But the biggest changes are for app developers themselves, Apple said. In iOS 14, users will be asked if they want to be tracked by the app. That’s a major change that will likely have a ripple effect: By allowing users to reject tracking, it’ll reduce the amount of data that’s collected, preserving user privacy.

Apple also said it will also require app developers to self-report the kinds of permissions that their apps request. This will improve transparency, allowing the user to know what kind of data they may have to give over in order to use the app. It also will explain how that collected data could be tracked outside of the app.

Android users have been able to see app permissions for years on the Google Play app store.

The move is Apple’s latest assault against the ad industry as part of the tech giant’s privacy-conscious mantra.

The ad industry has frequently been the target of Apple’s barbs, amid a string of controversies that have embroiled both advertisers and data-hungry tech giants, like Facebook and Google, which make the bulk of their profits from targeted advertising. As far back as 2015, Apple CEO Tim Cook said its Silicon Valley rivals are “gobbling up everything they can learn about you and trying to monetize it.” Apple, which makes its money selling hardware, “elected not to do that,” said Cook.

As targeted advertising became more invasive, Apple countered by baking in new privacy features to its software, like its intelligence tracking prevention technology and allowing Safari users to install content blockers that prevent ads and trackers from loading.

Just last year Apple told developers to stop using third-party trackers in apps for children or face rejection from the App Store.

Powered by WPeMatico

French court slaps down Google’s appeal against $57M GDPR fine

Posted by | Alphabet, Android, cnil, data controller, data processing, digital rights, Europe, european union, France, GDPR, General Data Protection Regulation, Google, ireland, Max Schrems, privacy, United States | No Comments

France’s top court for administrative law has dismissed Google’s appeal against a $57M fine issued by the data watchdog last year for not making it clear enough to Android users how it processes their personal information.

The State Council issued the decision today, affirming the data watchdog CNIL’s earlier finding that Google did not provide “sufficiently clear” information to Android users — which in turn meant it had not legally obtained their consent to use their data for targeted ads.

“Google’s request has been rejected,” a spokesperson for the Conseil D’Etat confirmed to TechCrunch via email.

“The Council of State confirms the CNIL’s assessment that information relating to targeting advertising is not presented in a sufficiently clear and distinct manner for the consent of the user to be validly collected,” the court also writes in a press release [translated with Google Translate] on its website.

It found the size of the fine to be proportionate — given the severity and ongoing nature of the violations.

Importantly, the court also affirmed the jurisdiction of France’s national watchdog to regulate Google — at least on the date when this penalty was issued (January 2019).

The CNIL’s multimillion dollar fine against Google remains the largest to date against a tech giant under Europe’s flagship General Data Protection Regulation (GDPR) — lending the case a certain symbolic value, for those concerned about whether the regulation is functioning as intended vs platform power.

While the size of the fine is still relative peanuts vs Google’s parent entity Alphabet’s global revenue, changes the tech giant may have to make to how it harvests user data could be far more impactful to its ad-targeting bottom line. 

Under European law, for consent to be a valid legal basis for processing personal data it must be informed, specific and freely given. Or, to put it another way, consent cannot be strained.

In this case French judges concluded Google had not provided clear enough information for consent to be lawfully obtained — including objecting to a pre-ticked checkbox which the court affirmed does not meet the requirements of the GDPR.

So, tl;dr, the CNIL’s decision has been entirely vindicated.

Reached for comment on the court’s dismissal of its appeal, a Google spokeswoman sent us this statement:

People expect to understand and control how their data is used, and we’ve invested in industry-leading tools that help them do both. This case was not about whether consent is needed for personalised advertising, but about how exactly it should be obtained. In light of this decision, we will now review what changes we need to make.

GDPR came into force in 2018, updating long standing European data protection rules and opening up the possibility of supersized fines of up to 4% of global annual turnover.

However actions against big tech have largely stalled, with scores of complaints being funnelled through Ireland’s Data Protection Commission — on account of a one-stop-shop mechanism in the regulation — causing a major backlog of cases. The Irish DPC has yet to issue decisions on any cross border complaints, though it has said its first ones are imminent — on complaints involving Twitter and Facebook.

Ireland’s data watchdog is also continuing to investigate a number of complaints against Google, following a change Google announced to the legal jurisdiction of where it processes European users’ data — moving them to Google Ireland Limited, based in Dublin, which it said applied from January 22, 2019 — with ongoing investigations by the Irish DPC into a long running complaint related to how Google handles location data and another major probe of its adtech, to name two

On the GDPR one-stop shop mechanism — and, indirectly, the wider problematic issue of ‘forum shopping’ and European data protection regulation — the French State Council writes: “Google believed that the Irish data protection authority was solely competent to control its activities in the European Union, the control of data processing being the responsibility of the authority of the country where the main establishment of the data controller is located, according to a ‘one-stop-shop’ principle instituted by the GDPR. The Council of State notes however that at the date of the sanction, the Irish subsidiary of Google had no power of control over the other European subsidiaries nor any decision-making power over the data processing, the company Google LLC located in the United States with this power alone.”

In its own statement responding to the court’s decision, the CNIL notes the court’s view that GDPR’s one-stop-shop mechanism was not applicable in this case — writing: “It did so by applying the new European framework as interpreted by all the European authorities in the guidelines of the European Data Protection Committee.”

Privacy NGO noyb — one of the privacy campaign groups which lodged the original ‘forced consent’ complaint against Google, all the way back in May 2018 — welcomed the court’s decision on all fronts, including the jurisdiction point.

Commenting in a statement, noyb’s honorary chairman, Max Schrems, said: “It is very important that companies like Google cannot simply declare themselves to be ‘Irish’ to escape the oversight by the privacy regulators.”

A key question is whether CNIL — or another (non-Irish) EU DPA — will be found to be competent to sanction Google in future, following its shift to naming its Google Ireland subsidiary as the regional data processor. (Other tech giants use the same or a similar playbook, seeking out the EU’s more ‘business-friendly’ regulators.)

On the wider ruling, Schrems also said: “This decision requires substantial improvements by Google. Their privacy policy now really needs to make it crystal clear what they do with users’ data. Users must also get an option to agree to only some parts of what Google does with their data and refuse other things.”

French digital rights group, La Quadrature du Net — which had filed a related complaint against Google, feeding the CNIL’s investigation — also declared victory today, noting it’s the first sanction in a number of GDPR complaints it has lodged against tech giants on behalf of 12,000 citizens.

Nouvelle victoire !

Le @Conseil_Etat valide intégralement, en la reprenant à son compte, la sanction de 50 millions d’€ contre Google prononcée en janvier 2019 par la CNIL.https://t.co/6gJRL5ZM3r

— La Quadrature du Net (@laquadrature) June 19, 2020

“The rest of the complaints against Google, Facebook, Apple and Microsoft are still under investigation in Ireland. In any case, this is what this authority promises us,” it added in another tweet.

Powered by WPeMatico

UK gives up on centralized coronavirus contacts-tracing app — will ‘likely’ switch to model backed by Apple and Google

Posted by | Apple, apple inc, Apps, Bluetooth, contacts tracing, coronavirus, COVID-19, Denmark, Europe, european union, Germany, Google, Health, ireland, Italy, Matt Hancock, Mobile, mobile app, NHS, NHS COVID-19, northern ireland, privacy, smartphone, smartphones, switzerland, United Kingdom | No Comments

The UK has given up building a centralized coronavirus contacts-tracing app and will instead switch to a decentralized app architecture, the BBC has reported. This suggests its any future app will be capable of plugging into the joint ‘exposure notification’ API which has been developed in recent weeks by Apple and Google.

The UK’s decision to abandon a bespoke app architecture comes more than a month after ministers had been reported to be eyeing such a switch. They went on to award a contract to an IT supplier to develop a decentralized tracing app in parallel as a backup — while continuing to test the centralized app, which is called NHS COVID-19.

At the same time, a number of European countries have now successfully launched contracts-tracing apps with a decentralized app architecture that’s able to plug into the ‘Gapple’ API — including Denmark, Germany, Italy, Latvia and Switzerland. Several more such apps remain in testing. While EU Member States just agreed on a technical framework to enable cross-border interoperability of apps based on the same architecture.

Germany — which launched the decentralized ‘Corona Warning App’ this week — announced its software had been downloaded 6.5M times in the first 24 hours. The country had initially appeared to favor a centralized approach but switched to a decentralized model back in April in the face of pushback from privacy and security experts.

The UK’s NHS COVID-19 app, meanwhile, has not progressed past field tests, after facing a plethora of technical barriers and privacy challenges — as a direct consequence of the government’s decision to opt for a proprietary system which uploads proximity data to a central server, rather than processing exposure notifications locally on device.

Apple and Google’s API, which is being used by all Europe’s decentralized apps, does not support centralized app architectures — meaning the UK app faced technical hurdles related to accessing Bluetooth in the background. The centralized choice also raised big questions around cross-border interoperability, as we’ve explained before. Questions had also been raised over the risk of mission creep and a lack of transparency and legal certainty over what would be done with people’s data.

So the UK’s move to abandon the approach and adopt a decentralized model is hardly surprising — although the time it’s taken the government to arrive at the obvious conclusion does raise some major questions over its competence at handling technology projects.

Michael Veale, a lecturer in digital rights and regulation at UCL — who has been involved in the development of the DP3T decentralized contacts-tracing standard, which influenced Apple and Google’s choice of API — welcomed the UK’s decision to ditch a centralized app architecture but questioned why the government has wasted so much time.

“This is a welcome, if a heavily and unnecessarily delayed, move by NHSX,” Veale told TechCrunch. “The Google -Apple system in a way is home-grown: Originating with research at a large consortium of universities led by Switzerland and including UCL in the UK. NHSX has no end of options and no reasonable excuse to not get the app out quickly now. Germany and Switzerland both have high quality open source code that can be easily adapted. The NHS England app will now be compatible with Northern Ireland, the Republic of Ireland, and also the many destinations for holidaymakers in and out of the UK.”

Perhaps unsurprisingly, UK ministers are now heavily de-emphasizing the importance of having an app in the fight against the coronavirus at all.

The Department for Health and Social Care’s, Lord Bethell, told the Science and Technology Committee yesterday the app will not now be ready until the winter. “We’re seeking to get something going for the winter, but it isn’t a priority for us,” he said.

Yet the centralized version of the NHS COVID-19 app has been in testing in a limited geographical pilot on the Isle of Wight since early May — and up until the middle of last month health minister, Matt Hancock, had said it would be rolled out nationally in mid May.

Of course that timeframe came and went without launch. And now the prospect of the UK having an app at all is being booted right into the back end of the year.

Compare and contrast that with government messaging at its daily coronavirus briefings back in May — when Hancock made “download the app” one of the key slogans — and the word ‘omnishambles‘ springs to mind…

NHSX relayed our request for comment on the switch to a decentralized system and the new timeframe for an app launch to the Department of Health and Social Care (DHSC) — but the department had not responded to us at the time of publication.

Earlier this week the BBC reported that a former Apple executive, Simon Thompson, was taking charge of the delayed app project — while the two lead managers, the NHSX’s Matthew Gould and Geraint Lewis — were reported to be stepping back.

Back in April, Gould told the Science and Technology Committee the app would “technically” be ready to launch in 2-3 weeks’ time, though he also said any national launch would depend on the preparedness of a wider government program of coronavirus testing and manual contacts tracing. He also emphasized the need for a major PR campaign to educate the public on downloading and using the app.

Government briefings to the press today have included suggestions that app testers on the Isle of Wight told it they were not comfortable receiving COVID-19 notifications via text message — and that the human touch of a phone call is preferred.

However none of the European countries that have already deployed contacts-tracing apps has promoted the software as a one-stop panacea for tackling COVID-19. Rather tracing apps are intended to supplement manual contacts-tracing methods — the latter involving the use of trained humans making phone calls to people who have been diagnosed with COVID-19 to ask who they might have been in contact with over the infectious period.

Even with major resource put into manual contacts-tracing, apps — which use Bluetooth signals to estimate proximity between smartphone users in order to calculate virus expose risk — could still play an important role by, for example, being able to trace strangers who are sat near an infected person on public transport.

Update: The DHSC has now issued a statement addressing reports of the switch of app architecture for the NHS COVID-19 app — in which it confirms, in between reams of blame-shifting spin, that it’s testing a new app that is able to plug into the Apple and Google API — and which it says it may go on to launch nationally, but without providing any time frame.

It also claims it’s working with Apple and Google to try to enhance how their technology estimates the distance between smartphone users.

“Through the systematic testing, a number of technical challenges were identified — including the reliability of detecting contacts on specific operating systems — which cannot be resolved in isolation with the app in its current form,” DHSC writes of the centralized NHS COVID-19 app.

“While it does not yet present a viable solution, at this stage an app based on the Google / Apple API appears most likely to address some of the specific limitations identified through our field testing.  However, there is still more work to do on the Google / Apple solution which does not currently estimate distance in the way required.”

Based on this, the focus of work will shift from the current app design and to work instead with Google and Apple to understand how using their solution can meet the specific needs of the public,” it adds. 

We reached out to Apple and Google for comment. Apple declined to comment.

According to one source, the UK has been pressing for the tech giants’ API to include device model and RSSI info alongside the ephemeral IDs which devices that come into proximity exchange with each other — presumably to try to improve distance calculations via a better understanding of the specific hardware involved.

However introducing additional, fixed pieces of device-linked data would have the effect of undermining the privacy protections baked into the decentralized system — which uses ephemeral, rotating IDs in order to prevent third party tracking of app users. Any fixed data-points being exchanged would risk unpicking the whole anti-tracking approach.

Norway, another European country which opted for a centralized approach for coronavirus contacts tracing — but got an app launched in mid April — made the decision to suspend its operation this week, after an intervention by the national privacy watchdog. In that case the app was collecting both GPS and Bluetooth —  posing a massive privacy risk. The watchdog warned the public health agency the tool was no longer a proportionate intervention — owing to what are now low levels of coronavirus risk in the country.

Powered by WPeMatico