Businesses

We Are in the Middle of a Wave of Interesting New Productivity Software Startups (ben-evans.com) 45

VC fund A16z's Benedict Evans writes: We are in the middle of a wave of interesting new productivity software startups -- there are dozens of companies that remix some combination of lists, tables, charts, tasks, notes, light-weight databases, forms, and some kind of collaboration, chat or information-sharing. All of these things are unbundling and rebundling spreadsheets, email and file shares. Instead of a flat grid of cells, a dumb list of files, and a dumb list of little text files (which is what email really is), we get some kind of richer canvas that mixes all of these together in ways that are native to the web and collaboration. Then, we have another new wave of productivity company that addresses a particular profession and bundles all of the tasks that were spread across spreadsheets, email and file shares into some new structured flow.

[...] A few years ago a consultant told me that for half of their jobs they told people using Excel to use a database, and for the other half they told people using a database to use Excel. There's clearly a point in the life of any company where you should move from the list you made in a spreadsheet to the richer tools you can make in coolproductivityapp.io. But when that tool is managing a thousand people, you might want to move it into a dedicated service. After all, even Craigslist started as an actual email list and ended up moving to a database. But then, at a certain point, if that task is specific to your company and central to what you do, you might well end up unbundling Salesforce or SAP or whatever that vertical is and go back to the beginning. Of course, this is the cycle of life of enterprise software. IBM mainframes bundled the adding machines you see Jack Lemmon using below, and also bundled up filing cabinets and telephones. SAP unbundled IBM. But I'd suggest there are two specific sets of things that are happening now.

First, every application category is getting rebuilt as a web application, allowing continuous development, deployment, version tracking and collaboration. As Frame.io (video!) and OnShape (3D CAD!) show, there's almost no native PC application that can't be rebuilt as a web app. In parallel, everything now has to be native to collaboration, and so the model of a binary file saved to a file share will generally go away over time (this could be done with a native PC app, but in practice generally won't be). So, we have some generational changes, and that also tends to create new companies. But second, and much more important -- everyone is online now. The reason we're looking at nursing or truck drivers or oil workers is that an entire generation now grew up after the web, and grew up with smartphones, and assumes without question that every part of their life can be done with a smartphone. In 1999 hiring 'roughnecks' in a mobile app would have sounded absurd -- now it sounds absurd if you're not. And that means that a lot of tasks will get shifted into software that were never really in software at all before.

Privacy

Looking Back at the Snowden Revelations (cryptographyengineering.com) 105

Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: So what did Snowden's leaks really tell us? The brilliant thing about the Snowden leaks was that he didn't tell us much of anything. He showed us. Most of the revelations came in the form of a Powerpoint slide deck, the misery of which somehow made it all more real. And despite all the revelation fatigue, the things he showed us were remarkable. I'm going to hit a few of the highlights from my perspective. Many are cryptography-related, just because that's what this blog is about. Others tell a more basic story about how vulnerable our networks are.

"Collect it all"

Prior to Snowden, even surveillance-skeptics would probably concede that, yes, the NSA collects data on specific targets. But even the most paranoid observers were shocked by the sheer scale of what the NSA was actually doing out there. The Snowden revelations detailed several programs that were so astonishing in the breadth and scale of the data being collected, the only real limits on them were caused by technical limitations in the NSA's hardware. Most of us are familiar with the famous examples, like nationwide phone metadata collection. But it's the bizarre, obscure leaks that really drive this home. "Optic Nerve": From 2008-2010 the NSA and GCHQ collected millions of still images from every Yahoo! Messenger webchat stream, and used them to build a massive database for facial recognition. The collection of data had no particular rhyme or reason -- i.e., it didn't target specific users who might be a national security threat. It was just... everything.

Crime

New Federal Rules Limit Police Searches of Family Tree DNA Databases (sciencemag.org) 40

An anonymous reader quotes a report from Science Magazine: The U.S. Department of Justice (DOJ) released new rules yesterday governing when police can use genetic genealogy to track down suspects in serious crimes -- the first-ever policy covering how these databases, popular among amateur genealogists, should be used in law enforcement attempts to balance public safety and privacy concerns. The DOJ interim policy, which takes effect on 1 November, is intended to "balance the Department's relentless commitment to solving violent crime and protecting public safety against equally important public interests," such as privacy and civil liberties, a press release states. The policy says "forensic genetic genealogy" should generally be used only for violent crimes such as murder and rape, as well as to identify human remains. (The policy permits broader use if the ancestry database's policy allows such searches.) Police should first exhaust traditional crime solving methods, including searching their own criminal DNA databases.

Under the new policy, police can't quietly upload a fake profile to a genealogy website, as some have done in hopes of finding a suspect's distant relatives, without first identifying themselves. And the site itself must have informed its users that law enforcement agencies may search their data. The policy also bars police from using a suspect's DNA profile to look for genes related to disease risks or psychological traits. Another provision attempts to limit situations in which police secretly take a DNA sample from a suspect's relative -- from a discarded cup or tissue, for example -- to help home in on a suspect. The policy says the person must give their informed consent unless police have obtained a search warrant.

Social Networks

'OK' is Now a Hate Symbol, the ADL Says (cnn.com) 495

The "OK" hand gesture is now a hate symbol, according to a new report by the Anti-Defamation League. From a report: The ADL added that symbol along with several others on Thursday to its long-standing database of slogans and symbols used by extremists. The finger-and-thumb OK sign is universally known for meaning everything is all right or approval of something. But the ADL says while not everyone means it to be hateful, the sign has been co-opted by the alt-right.
Privacy

Vimeo Sued For Storing Faceprints of People Without Their Consent (sophos.com) 6

The ad-free video platform Vimeo is collecting and storing thousands of people's facial biometrics without their permission or knowledge, according to a complaint filed on September 20 on behalf of potentially thousands of plaintiffs under the Illinois Biometric Information Privacy Act (BIPA). Naked Security reports: The suit takes aim at Vimeo's Magisto application: a short-form video creation platform purchased by Vimeo in April 2019 that uses facial recognition to automatically index the faces of people in videos so they can be face-tagged. BIPA bans collecting and storing biometric data without explicit consent, including "faceprints." The complaint against Vimeo claims that users of Magisto "upload millions of videos and/or photos per day, making videos and photographs a vital part of the Magisto experience."

The complaint against Vimeo claims that users of Magisto "upload millions of videos and/or photos per day, making videos and photographs a vital part of the Magisto experience." The court document points to a Magisto website, "How Does Magisto Video Editor Work?" that touts its "so-called 'artificial intelligence engines' that intuitively analyze and edit video content" using "facial detection and recognition technology." The complaint maintains that unbeknownst to the average consumer, Magisto scans "each and every video and photo uploaded to Magisto for faces" and analyzes "biometric identifiers," including facial geometry, to "create and store a template for each face." That template is later used to "organize and group together videos based upon the particular individuals appearing in the videos" by "comparing the face templates of individuals who appear in newly-edited videos or photos with the facial templates already saved in Magisto's face database."
The complaint also asserts that Magisto analyzes and face-matches the biometrics of non-Magisto users who happen to appear in the photos and videos, which is a violation of BIPA.

The suit is looking for $5,000 per class member, along with court fees.
Advertising

Developer Made an Ad Blocker That Works On Podcasts and Radio (vice.com) 31

An anonymous reader quotes a report from Motherboard: Meet AdBlock Radio, an adblocker for live radio streams and podcasts. Its creator, Alexandre Storelli, told Motherboard he hopes to help companies "develop alternative business models for radio and podcast lovers that do not want ads." "Ads exploit the weaknesses of many defenseless souls," Storelli told Motherboard. "Ads dishonestly tempt people, steal their time and promise them a higher social status. Blocking them will be a relieving experience for many."

Most audio ads exploit "auditory artifacts" to produce an ad that can't be ignored or tuned out because it feels louder than it actually is -- this has gotten so bad that there has actually been a "sonic arms race" where ads have been made increasingly louder over the years. "Adblock Radio detects audio ads with machine-learning and Shazam-like techniques," Storelli wrote about the project. He said he's been working on it for more than three years and that it uses techniques such as speech recognition, acoustic fingerprinting, and machine learning to detect known ad formats. It uses a crowdsourced database of ads and "acoustic fingerprinting," which converts audio features into a series of numbers that can be combed by an algorithm.
Storelli has made Adblock Radio open-source and given detailed instructions on how to build on it, integrate it into user devices, and deploy it in a way that pressures radio stations (and podcasts) to self-regulate the quality of their ads.
The Courts

Facebook Plans Launch of Its Own 'Supreme Court' For Handling Takedown Appeals (arstechnica.com) 27

An anonymous reader quotes a report from Ars Technica: Facebook, which has managed to transcend geographic borders to draw in a population equal to roughly a third of all human life on Earth, has made its final charter for a "Supreme Court" of Facebook public. The company pledges to launch this initiative by November of next year. The new Oversight Board will have five key powers, according to a charter (PDF) Facebook released yesterday. It can "request that Facebook provide information" it needs in a timely manner; it can make interpretations of Facebook standards and guidelines "in light of Facebook's articulated values"; and it can instruct the company to allow or remove content, to uphold or reverse a decision leading to content being permitted or removed, and to issue "prompt, written explanations of the board's decisions."

"If someone disagrees with a decision we've made, they can appeal to us first, and soon they will be able to further appeal this to the independent board," company CEO Mark Zuckerberg wrote in a letter (PDF). "As an independent organization, we hope it gives people confidence that their views will be heard and that Facebook doesn't have the ultimate power over their expression." The board will launch with at least 11 members and should eventually get up to 40. The entity will contract its services to Facebook. Participants will serve a maximum of three three-year terms each and will be paid for their time. Their decisions will "be made publicly available and archived in a database of case decisions," with details subject to certain data or privacy restrictions. Facebook can also contact the board for an "automatic and expedited review" in exceptional circumstances, "when content could result in urgent real world consequences," such as, for example, if a mass-murderer is livestreaming his crimes. The panel's decisions will be binding, Facebook added, and the company will implement its findings promptly, "unless implementation of a resolution could violate the law."

Privacy

Database Leaks Data on Most of Ecuador's Citizens, Including 6.7 Million Children (zdnet.com) 11

The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet reported Monday. From the report: The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner. The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens. The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.
Crime

Released from Prison, Spammer Who Stole 17.5 Million Passwords Apologizes and Reforms (zdnet.com) 19

An anonymous reader quotes ZDNet: Kyle Milliken, a 29-year-old Arkansas man, was released last week from a federal work camp. He served 17 months for hacking into the servers of several companies and stealing their user databases. Some of the victims included Disqus, from where he stole 17.5 million user records, Kickstarter, from where he took 5.2 million records, and Imgur, with 1.7 million records. For years, Milliken and his partners operated by using the credentials stolen from other companies to break into more lucrative accounts on other services.

If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services. From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life. Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground....

In an interview with ZDNet last week, Milliken said he's planning to go back to school and then start a career in cyber-security... [H]e publicly apologized to the Kickstarter CEO on Twitter. "I've had a lot of time to reflect and see things from a different perspective," Milliken told ZDNet. "When you're hacking or have an objective to dump a database, you don't think about who's on the other end. There's a lot of talented people, a ton of work, and even more money that goes into creating a company... there's a bit of remorse for putting these people through cyber hell."

He also has a message for internet uesrs: stop reusing your passwords. And he also suggests enabling two-factor authentication.

"I honestly think that the big three email providers (Microsoft, Yahoo, Google) added this feature because of me."
Privacy

Would Consumers Be Safer With a National Data Broker Registry? (nytimes.com) 27

"A comprehensive national privacy law cannot be developed overnight..." argues the chief "data ethics officer" for Acxiom, a database marketing company, in a New York Times op-ed: Still, people deserve to know who is collecting data about them, why it's being collected and the types of companies with which the data is being shared. They should also have assurances that companies collecting data have adequate measures in place to ensure security and confidentiality. That's why, until we have a national privacy law, we should pursue a national data broker registry to help consumers discover this information -- and learn the difference between good data actors and bad ones.

People who today use Facebook, Google, Amazon and Apple understand that these companies collect their data in an effort to improve their experience and to generate revenue by selling advertising. But there is less awareness of companies -- generally referred to as data brokers -- that collect, source and otherwise license information about consumers who are not their customers. The growing commercial use of data is outpacing the public's understanding....

Data-driven marketing helps businesses reduce wasteful ad spending and helps fund free or low-cost consumer products and services on the internet, including free search, email and social media platforms, as well as customized content. In many cases, it also funds the press and other channels of expression. Our business is underpinned by policies on comprehensive data governance, in an effort to ensure that data use is transparent, fair and just, that there are benefits for both businesses and consumers. We help marketers follow the golden rule of business -- "Know Your Customer" -- so that they can deliver a better experience. Unfortunately, the irresponsible actions of some individuals and organizations have cast a shadow over our industry. They violate consumers' privacy, profit from stolen data and commit fraud.

Increasing transparency -- initially through a data broker registry and ultimately through a robust and balanced national privacy law -- would help reduce the conflation of legitimate, regulated entities with unethical companies and criminals.

Google

Google Maps Shows Sunken Car Where Missing Man's Body Was Found (bbc.com) 37

The remains of a man who went missing two decades ago in Florida have been found in a submerged car visible on Google Maps. The BBC reports: William Moldt, 40, was reported missing from Lantana, Florida, on November 7, 1997. He failed to return home from a night out at a club when he was 40 years old. A missing person investigation was launched by police but the case went cold. On August 28 this year -- 22 years on -- police were called to reports of a car found in a pond in Moon Bay Circle, Wellington.

When the vehicle was pulled from the water, skeletal remains were found inside. One week later the remains were positively identified as belonging to Mr Moldt. A report by the Charley Project, an online database of cold cases in the U.S., said "a property surveyor saw the car while looking at Google Earth." "Amazingly, a vehicle had plainly [been] visible on a Google Earth satellite photo of the area since 2007, but apparently no-one had noticed it until 2019," according to the report. What appears to be a silver car submerged in the pond can still be viewed on Google Maps.

Open Source

Open-Source Database Scylla Gains DynamoDB Compatibility (techcrunch.com) 8

urdak writes: Four years ago, ScyllaDB introduced Scylla -- a new open-source NoSQL database, compatible with the popular Cassandra but 10 times faster. Today, the project announced support for the DynamoDB API as well. This will allow applications that use Amazon's DynamoDB to be migrated to other public or private clouds -- running on Scylla instead of DynamoDB. Beyond the added choice, large users may also see their cloud bills drastically reduced by moving to Scylla: ScyllaDB reported in the past that the total cost of running Scylla is only one seventh the cost of DynamoDB.
Chrome

'Google's Chrome Has My Dead Grandpa's Data and He Never Used the Internet' (forbes.com) 229

schwit1 shares a Forbes article by Joe Toscano, a former experience design consultant for Google who in 2017 "decided to step away from my role consulting with Google, due to ethical concerns."

This summer he got a big surprise when he looked in Chrome's "addresses" panel at chrome://settings/addresses It turns out Google has info connecting me to my grandma (on my dad's side) who's alive and well but has never had the internet, and my grandpa (on my mom's side), who recently passed away in March 2019 and also never had the internet. This was disturbing for several reasons, the biggest of which being that neither of them had ever logged onto the internet in their lives. Neither even had the internet in their homes their entire lives! Beyond that, Google knew their exact addresses and their middle initials. I couldn't even have told you those things about my grandparents...

[T]he data wasn't manually entered by me or anyone using my account, but yet the data is associated with my account? How did that happen? The only thing I can think of is that at one point in history my grandpa gave his information to someone or some company in real life and his information was sold to Google at one point or another... But then that led me to another question: How did his data get associated with my Google account...?

Other questions I have: What other information does Google have about me/my family/others that I don't know about...?

He's now asking readers if they have any idea how Google connected him to his dead grandpa -- and whether Google is somehow creating an ancestry database.

Toscano also discovered Chrome has been creating a list of "Never Saved" passwords at chrome://settings/passwords?search=credentials even though "At no point did I tell Google to create and store a list of websites I had logged into that they didn't get access to but would like access to at some point in the future. Maybe in the Terms of Service/Privacy Policy I agreed to this, but who knows? Not the majority of us, and it's just creepy."

And in an update Toscano writes that he hopes the article will "provoke thought" about "why we willingly allow this to happen": Why is it okay that the internet is designed to be a surveillance machine? Why isn't it designed to be private by design? Is this how we want to carry on? Just because something is legal doesn't mean it's right. What would you like to see done? How would you like to see things changed?
Crime

MIT Media Lab Chief Joi Ito Resigns Following Ronan Farrow's New Yorker Expose (newyorker.com) 75

Long-time Slashdot reader theodp writes: It was beginning to look like Joi Ito, the director of the MIT Media Lab, might weather a scandal over accepting donations from the financier and convicted sex offender Jeffrey Epstein. But less than a day after a scathing new expose in the New Yorker by Ronan Farrow alleged the Media Lab had a deeper fund-raising relationship with Epstein than previously acknowledged and attempted to conceal the extent of its contacts with him, Ito resigned from his position. "After giving the matter a great deal of thought over the past several days and weeks, I think that it is best that I resign as director of the media lab and as a professor and employee of the Institute, effective immediately," Ito wrote in an internal e-mail.

In a message to the MIT community, MIT President L. Rafael Reif wrote, "Because the accusations in the story are extremely serious, they demand an immediate, thorough and independent investigation," and announced that MIT's general counsel would engage an outside law firm to oversee that investigation.

Ronan's damning New Yorker story began: "Dozens of pages of e-mails and other documents obtained by The New Yorker reveal that, although Epstein was listed as 'disqualified' in MIT's official donor database, the Media Lab continued to accept gifts from him, consulted him about the use of the funds, and, by marking his contributions as anonymous, avoided disclosing their full extent, both publicly and within the university. Perhaps most notably, Epstein appeared to serve as an intermediary between the lab and other wealthy donors, soliciting millions of dollars in donations from individuals and organizations, including the technologist and philanthropist Bill Gates and the investor Leon Black."

"The effort to conceal the lab's contact with Epstein was so widely known," reports the New Yorker, that some of Ito's staff "referred to Epstein as Voldemort or 'he who must not be named.'"
United States

Federal Judge Says Terrorist Watchlist Is Unconstitutional (arstechnica.com) 165

An anonymous reader quotes a report from Ars Technica: A federal judge in Virginia has ruled that the government's terrorism screening database (TSDB) is unconstitutional because people on the list are not given an adequate opportunity to contest their inclusion. The ruling is a victory for a group of almost 20 Muslim Americans who sued the government over the list in 2016. "There is no independent review of a person's placement on the TSDB by a neutral decisionmaker," Judge Anthony Trenga wrote on Wednesday. "Individuals are not told whether or not they were or remain on the TSDB watchlist and are also not told the factual basis for their inclusion." As a result, the judge concluded, the watchlist system is unconstitutional.

The government maintains several different lists for suspected terrorists. These include the no-fly list, which, as its name implies, prohibits certain people from flying in the US. The TSDB is a larger list believed to hold more than a million names. People on the list aren't prohibited from flying, but they can face unpleasant consequences when they travel, especially internationally.
The current system "provides no notice concerning whether a person has been included or remains in the TSDB, what criteria was applied in making that determination, or the evidence used to determine a person's TSDB status." The judge concludes that the current system "does not provide to a United States citizen a constitutionally adequate remedy under the Due Process Clause."

Judge Trenga ordered both sides in the lawsuit to propose changes that could address the system's constitutional defects.
Facebook

A Huge Database of Facebook Users' Phone Numbers Found Online (techcrunch.com) 36

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. TechCrunch: The exposed server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn't protected with a password, anyone could find and access the database. Each record contained a user's unique Facebook ID and the phone number listed on the account. A user's Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account's username. But phone numbers have not been public in more than a year since Facebook restricted access to users' phone numbers. TechCrunch verified a number of records in the database by matching a known Facebook user's phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook's own password reset feature, which can be used to partially reveal a user's phone number linked to their account.
Privacy

Amazon's Ring May Also Be Working On Facial Recognition (buzzfeednews.com) 71

"More than 10 million Ring doorbells have been installed worldwide, and BuzzFeed News found evidence that the company is working to develop facial recognition technology for its devices in Ukraine." An anonymous reader quotes their report: While Ring devices don't currently use facial recognition technology, the company's Ukraine arm appears to be working on it. "We develop semi-automated crime prevention and monitoring systems which are based on, but not limited to, face recognition," reads Ring Ukraine's website. BuzzFeed News also found a 2018 presentation from Ring Ukraine's "head of face recognition research" online and direct references to the technology on its website...

In November 2018, Ring filed two patent applications that describe technology with the ability to identify "suspicious people" and create a "database of suspicious persons..." In December 2018, the Information reported that Ring gave its Ukraine-based research team access to customer videos in order to train image recognition software, potentially for use in Ring cameras. This use of customer videos is, in fact, allowed by the company's terms of service, which says that Ring has the right to unilaterally "access and use your User Recordings" for "developing new Products and Services" -- like facial recognition... As BuzzFeed News previously reported, Ring's terms of service gives the company an irrevocable, perpetual license to the video content users post on Neighbors.

Buzzfeed News also quotes their op-ed last month by the deputy director of the digital rights group Fight for the Future.

"We are on the verge of an unprecedented increase in state and private spying that will be built in plain sight."
Security

Google Says Hackers Have Put 'Monitoring Implants' in iPhones For Years (theguardian.com) 68

An unprecedented iPhone hacking operation, which attacked "thousands of users a week" until it was disrupted in January, has been revealed by researchers at Google's external security team. From a report: The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.

Once hacked, the user's deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device's keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: "Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device."

Censorship

China Intercepts WeChat Texts From US and Abroad, Researcher Says (npr.org) 27

China is intercepting texts from WeChat users living outside of the country, mostly from the U.S. Taiwan, South Korea, and Australia. NPR reports: The popular Chinese messaging app WeChat is Zhou Fengsuo's most reliable communication link to China. That's because he hasn't been back in over two decades. Zhou, a human rights activist, had been a university student in 1989, when the pro-democracy protests broke out in Beijing's Tiananmen Square. After a year in jail and another in political reeducation, he moved to the United States in 1995. But WeChat often malfunctions. Zhou began noticing in January that his chat groups could not read his messages. "I realized this because I was expecting some feedback [on a post] but there was no feedback," Zhou tells NPR at from his home in New Jersey.

As Chinese technology companies expand their footprint outside China, they are also sweeping up vast amounts of data from foreign users. Now, analysts say they know where the missing messages are: Every day, millions of WeChat conversations held inside and outside China are flagged, collected and stored in a database connected to public security agencies in China, according to a Dutch Internet researcher. Zhou is not the only one experiencing recent issues. NPR spoke to three other U.S. citizens who have been blocked from sending messages in WeChat groups or had their accounts frozen earlier this year, despite registering with U.S. phone numbers. This March, [Victor Gevers, co-founder of the nonprofit GDI Foundation, an open-source data security collection] found a Chinese database storing more than 1 billion WeChat conversations, including more than 3.7 billion messages, and tweeted out his findings. Each message had been tagged with a GPS location, and many included users' national identification numbers. Most of the messages were sent inside China, but more than 19 million of them had been sent from people outside the country, mostly from the U.S., Taiwan, South Korea and Australia.

Privacy

Ten Years On, Foursquare Is Now Checking In to You (nymag.com) 18

Location social networks never took off, and Gowalla's star burned out fast. Gilt sold at a loss. And Tumblr, recently sold by Yahoo for less than 1 percent of what it originally paid, has become a cautionary tale. If you haven't been paying close attention, you'd be forgiven for assuming that Foursquare had fallen prey to the same fates as its once-hot peers. From a report: But you'd be wrong. This year, Foursquare's revenue will surpass $100 million, a critical mile marker for any company on its way to a public offering. In fact its story of success is a perfect tech-industry parable: A charming, rickety, vintage-2000s social app that's survived the last decade by evolving into a powerhouse enterprise data-extraction business. In 2014, Foursquare made a decision to shift its attention from its consumer apps to a growing business-to-business operation; five years later, 99 percent of Foursquare's business comes from its software and data products. Its clients include Uber, Twitter, Apple, Snapchat, and Microsoft. The company is still shining brightly, not because location-based social networks or New York's start-up scene have finally reached escape velocity, but because Foursquare had something that other start-ups didn't: location technology rivaled by only Google and Facebook.

[...] By 2014, Foursquare made the decision to focus on providing software tools and data to app developers, advertisers, and brands. Foursquare began charging developers for the use of its location technology in their own apps (it has worked with more than 150,000 to date) and selling its data to brands, marketers, advertisers, and data-hungry investors. The company's tools could measure foot traffic in and out of brick-and-mortar locations and build consumer profiles based on where people had recently visited. Soon, Foursquare began brandishing its power with public market predictions. It projected iPhone sales in 2015 based on traffic to Apple stores and, in 2016, the huge drop in Chipotle's sales figures (thanks to E. coli) two weeks before the burrito-maker announced its quarterly earnings. Co-founder and executive chairman Dennis Crowley says the human check-ins gave Foursquare engineers and data scientists the ability to verify and adjust location readings from other sources, like GPS, Wi-Fi, and Bluetooth. As it turns out, the goofy badges for Uncle Tony that made Foursquare easy to dismiss as a late-2000s fad were an incredibly powerful tool. [...] In addition to all of those active check-ins, at some point Foursquare began collecting passive data using a "check-in button you never had to press." It doesn't track people 24/7 (in addition to creeping people out, doing so would burn through phones' batteries), but instead, if users opt-in to allow the company to "always" track their locations, the app will register when someone stops and determine whether that person is at a red light or inside an Urban Outfitters. The Foursquare database now includes 105 million places and 14 billion check-ins.

Slashdot Top Deals