All posts in “computing”

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Flip the “days since last Facebook security incident” back to zero.

Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years.

The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine security review. None of the passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.

Krebs said the bug dated back to 2012.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable,” said Canahuati. “We have found no evidence to date that anyone internally abused or improperly accessed them,” but did not say how the company made that conclusion.

Facebook said it will notify “hundreds of millions of Facebook Lite users,” a lighter version of Facebook for users where internet speeds are slow and bandwidth is expensive, and “tens of millions of other Facebook users.” The company also said “tens of thousands of Instagram users” will be notified of the exposure.

Krebs said as many as 600 million users could be affected — about one-fifth of the company’s 2.7 billion users, but Facebook has yet to confirm the figure.

Facebook also didn’t say how the bug came to be. Storing passwords in readable plaintext is an insecure way of storing passwords. Companies, like Facebook, hash and salt passwords — two ways of further scrambling passwords — to store passwords securely. That allows companies to verify a user’s password without knowing what it is.

Twitter and GitHub were hit by similar but independent bugs last year. Both companies said passwords were stored in plaintext and not scrambled.

It’s the latest in a string of embarrassing security issues at the company, prompting congressional inquiries and government investigations. It was reported last week that Facebook’s deals that allowed other tech companies to access account data without consent was under criminal investigation.

It’s not known why Facebook took months to confirm the incident, or if the company informed state or international regulators per U.S. breach notification and European data protection laws. We asked Facebook but a spokesperson did not immediately comment beyond the blog post.

The Irish data protection office, which covers Facebook’s European operations, said the company “informed us of this issue” and the regulator is “currently seeking further information.”

Camera maker Insta360 raises $30M as it eyes 2020 IPO

Insta360, one of the pioneers in making 360-degree cameras, just raised $30 million in a Series C+ funding round from Chinese investors including Everest Venture Capital, MG Holdings and Huajin Capital.

The Shenzhen-based camera maker declines to disclose its latest valuation. It plans to use the fresh proceeds in research and development, marketing and after-sales services in its key international markets including the United States and Japan, which are the company’s second and third-largest markets behind China.

Some of its past backers include IDG Capital, Qiming Ventures, home appliance maker Suning Holdings Group and file sharing service Xunlei.

The company started making 360 cameras — thus the brand name — in 2014 when founder Liu Jingkang saw a gap in the market for compact, easy-to-use cameras shooting high-definition 360-degree footage. Over the years it has evolved into a four-pronged business covering all sorts of needs: 360 cameras for professionals and amateur users creating virtual reality content, action cameras for sports lovers, and smartphone accessories for average consumers.

In stark contrast to loss-making GoPro, which Insta360 rivals in the action camera vertical, the Chinese firm has been profitable since 2017 and is planning to file for an initial public offering in China next year, Liu told TechCrunch in an interview. The company declined to provide more details of the planned flotation but said the success of its action camera line has helped it achieve five-times revenue growth in two years and reach profitability.

From professionals to amateurs

Though the VR sector remains in its infant stage, Liu is optimistic that 360 content will become a much sought-after media form in the years to come.

“Many families will be consuming virtual reality content for entertainment in the future, so we have a huge market for 360 content. That’s why we make a 360 camera each year to keep our top-tier position,” said Liu.

insta360

The Insta360 One X / Photo: Insta360

The action camera market, by comparison, is more mature. Insta360 is riding a larger social trend of live blogging and short-form videos that has generated a huge demand for quality video content. Dozens of camera options, from Snap Spectacles to Tencent’s clone of the Snap glasses, are available to help people churn out content for video sharing apps, but Liu saw problems in many of these products.

“[Video-shooting] spectacles, for examples, are quite offensive. Not everyone wants to wear them,” said the founder. “Many cameras do a bad job at video stabilization, so people end up with unusable footage. Lastly, and this is the key issue, users don’t know how to handle their footage.”

To that end, Insta360’s latest answer to documenting sports events and traveling is a camera that can easily be held in hand or slipped into a pocket. Called the One X, the gadget shoots in 5.7K resolution at 30 frames per second, delivering pleasingly smooth stabilization even when thrown around. The camera also comes with a software toolkit that automatically selects and stitches users’ footages together, which makes sharing to TikTok and Instagram a cinch. Check out TechCrunch’s review of One X below:



Insta360 has also been chasing after the masses and its latest bid is an add-on lens that can instantly turn an iPhone into a 360-degree camera. The idea is that as users get a taste of the basic 360-degree experience, they may want to upgrade to a higher-end model.

“Insta360 has a rare ability to take cutting-edge imaging tech and put it into products that consumers want to use today,” said Gavin Li, senior director at Huajin Capital. “They’re moving faster and innovating more than their competitors, and they’re taking bold new approaches to the defining communication tool of our time: the camera.”

Apple ad focuses on iPhone’s most marketable feature — privacy

Apple is airing a new ad spot in primetime today. Focused on privacy, the spot is visually cued, with no dialog and a simple tagline: Privacy. That’s iPhone.

In a series of humorous vignettes, the message is driven home that sometimes you just want a little privacy. The spot has only one line of text otherwise, and it’s in keeping with Apple’s messaging on privacy over the long and short term. “If privacy matters in your life, it should matter to the phone your life is on.”

The spot will air tonight in primetime in the U.S. and extend through March Madness. It will then air in select other countries.

[embedded content]

You’d have to be hiding under a rock not to have noticed Apple positioning privacy as a differentiating factor between itself and other companies. Beginning a few years ago, CEO Tim Cook began taking more and more public stances on what the company felt to be your “rights” to privacy on their platform and how that differed from other companies. The undercurrent being that Apple was able to take this stance because its first-party business relies on a relatively direct relationship with customers who purchase its hardware and, increasingly, its services.

This stands in contrast to the model of other tech giants like Google or Facebook that insert an interstitial layer of monetization strategy on top of that relationship in the forms of application of personal information about you (in somewhat anonymized fashion) to sell their platform to advertisers that in turn can sell to you better.

Turning the ethical high ground into a marketing strategy is not without its pitfalls, though, as Apple has discovered recently with a (now patched) high-profile FaceTime bug that allowed people to turn your phone into a listening device, Facebook’s manipulation of App Store permissions and the revelation that there was some long overdue house cleaning needed in its Enterprise Certificate program.

I did find it interesting that the iconography of the “Private Side” spot very, very closely associates the concepts of privacy and security. They are separate, but interrelated, obviously. This spot says these are one and the same. It’s hard to enforce privacy without security, of course, but in the mind of the public I think there is very little difference between the two.

The App Store itself, of course, still hosts apps from Google and Facebook among thousands of others that use personal data of yours in one form or another. Apple’s argument is that it protects the data you give to your phone aggressively by processing on the device, collecting minimal data, disconnecting that data from the user as much as possible and giving users as transparent a control interface as possible. All true. All far, far better efforts than the competition.

Still, there is room to run, I feel, when it comes to Apple adjudicating what should be considered a societal norm when it comes to the use of personal data on its platform. If it’s going to be the absolute arbiter of what flies on the world’s most profitable application marketplace, it might as well use that power to get a little more feisty with the bigcos (and littlecos) that make their living on our data.

I mention the issues Apple has had above not as a dig, though some might be inclined to view Apple integrating privacy with marketing as boldness bordering on hubris. I, personally, think there’s still a major difference between a company that has situational loss of privacy while having a systemic dedication to privacy and, well, most of the rest of the ecosystem which exists because they operate an “invasion of privacy as a service” business.

Basically, I think stating privacy is your mission is still supportable, even if you have bugs. But attempting to ignore that you host the data platforms that thrive on it is a tasty bit of prestidigitation.

But that might be a little too verbose as a tagline.

Google will bring its Assistant to Android Messages

It’s only been a few weeks since Google brought the Assistant to Google Maps to help you reply to messages, play music and more. This feature first launched in English and will soon start rolling out to all Assistant phone languages. In addition, Google also today announced that the Assistant will come to Android Messages, the standard text messaging app on Google’s mobile operating system, in the coming months.

If you remember Allo, Google’s last failed messaging app, then a lot of this will sound familiar. For Allo, after all, Assistant support was one of the marquee features. The different, though, is that for the time being, Google is mostly using the Assistant as an additional layer of smarts in Messages while in Allo, you could have full conversations with a special Assistant bot.

In Messages, the Assistant will automatically pop up suggestion chips when you are having conversations with somebody about movies, restaurants and the weather. That’s a pretty limited feature set for now, though Google tells us that it plans to expand it over time.

What’s important here is that the suggestions are generated on your phone (and that may be why the machine learning model is limited, too, since it has to run locally). Google is clearly aware that people don’t want the company to get any information about their private text chats. Once you tap on one of the Assistant suggestions, though, Google obviously knows that you were talking about a specific topic, even though the content of the conversation itself is never sent to Google’s servers. The person you are chatting with will only see the additional information when you push it to them.

Medal.tv’s clipping service allows gamers to share the moments of their digital lives

As online gaming becomes the new social forum for living out virtual lives, a new startup called Medal.tv has raised $3.5 million for its in-game clipping service to capture and share the Kodak moments and digital memories that are increasingly happening in places like Fortnite or Apex Legends.

Digital worlds like Fortnite are now far more than just a massively multiplayer gaming space. They’re places where communities form, where social conversations happen and where, increasingly, people are spending the bulk of their time online. They even host concerts — like the one from EDM artist Marshmello, which drew (according to the DJ himself) roughly 10 million players onto the platform.

[embedded content]

While several services exist to provide clips of live streams from gamers who broadcast on platforms like Twitch, Medal.tv bills itself as the first to offer clipping services for the private games that more casual gamers play among friends and far-flung strangers around the world.

“Essentially the next generation is spending the same time inside games that we used to playing sports outside and things like that,” says Medal.tv’s co-founder and chief executive, Pim DeWitte. “It’s not possible to tell how far it will go. People will capture as many if not more moments for the reason that it’s simpler.”

The company marks a return to the world of gaming for DeWitte, a serial entrepreneur who first started coding when he was 13 years old.

Hailing from a small town in the Netherlands called Nijmegen, DeWitte first reaped the rewards of startup success with a gaming company called SoulSplit. Built on the back of his popular YouTube channel, the SoulSplit game was launched with DeWitte’s childhood friend, Iggy Harmsen, and a fellow online gamer, Josh Lipson, who came on board as SoulSplit’s chief technology officer.

At its height, SoulSplit was bringing in $1 million in revenue and employed roughly 30 people, according to interviews with DeWitte.

The company shut down in 2015 and the co-founders split up to pursue other projects. For DeWitte that meant a stint working with Doctors Without Borders on an app called MapSwipe that would use satellite imagery to better locate people in the event of a humanitarian crisis. He also helped the nonprofit develop a tablet that could be used by doctors deployed to treat Ebola outbreaks.

Then in 2017, as social gaming was becoming more popular on games like Fortnite, DeWitte and his co-founders returned to the industry to launch Medal.tv.

It initially started as a marketing tool to get people interested in playing the games that DeWitte and his co-founders were hoping to develop. But as the clipping service took off, DeWitte and co. realized they potentially had a more interesting social service on their hands.

“We were going to build a mobile app and were going to load a bunch of videos of people playing games and then we we’re going to load videos of our games,” DeWitte says. 

The service allows users to capture the last 15 seconds of gameplay using different recording mechanisms based on game type. Medal.tv captures gameplay on a device and users can opt-in to record sound as well.

It is programmed so that it only records the game,” DeWitte says. “There is no inbound connection. It only calls for the API [and] all of the things that would be somewhat dangerous from a privacy perspective are all opt-in.”

[embedded content]

There are roughly 30,000 users on the platform every week and around 15,000 daily active users, according to DeWitte. Launched last May, the company has been growing between 5 percent and 10 percent weekly, according to DeWitte. Typically, users are sharing clips through Discord, WhatsApp and Instagram direct messages, DeWitte said.

In addition to the consumer-facing clipping service, Medal also offers a data collection service that aggregates information about the clips that are shared by Medal’s users so game developers and streamers can get a sense of how clips are being shared across which platform.

“We look at clips as a form of communication and in most activity that we see, that’s how it’s being used,” says DeWitte.

But that information is also valuable to esports organizations to determine where they need to allocate new resources.

“Medal.tv Metrics is spectacular,” said Peter Levin, chairman of the Immortals esports organization, in a statement. “With it, any gaming organization gains clear, actionable insights into the organic reach of their content, and can build a roadmap to increase it in a measurable way.”

The activity that Medal was seeing was impressive enough to attract the attention of investors led by Backed VC and Initial Capital. Ridge Ventures, Makers Fund and Social Starts participated in the company’s $3.5 million round as well, with Alex Brunicki, a founding partner at Backed, and Matteo Vallone, principal at Initial, joining the company’s board.

“Emerging generations are experiencing moments inside games the same way we used to with sports and festivals growing up. Digital and physical identity are merging and the technology for gamers hasn’t evolved to support that,” said Brunicki in a statement.

Medal’s platform works with games like Apex Legends, Fortnite, Roblox, Minecraft and Oldschool Runescape (where DeWitte first cut his teeth in gaming).

“Friends are the main driver of game discovery, and game developers benefit from shareable games as a result. Medal.tv is trying to enable that without the complexity of streaming,” said Vallone, who previously headed up games for Google Play Europe, and now sits on the Medal board.