Sunday, November 3, 2019
How Oulu, Finland, 5+ years after Nokia's collapse in smartphones, has become an entrepreneurial tech hub and home to 1,175 new companies in 2017 alone (Natasha Frost/Quartz)
How Oulu, Finland, 5+ years after Nokia's collapse in smartphones, has become an entrepreneurial tech hub and home to 1,175 new companies in 2017 alone — In the early days of the mobile phone, Nokia was everywhere—ubiquitous, inescapable, supreme. It created the best-selling 1100 …
Gig economy weighs impact of social security for workers
Future’s Amazon deal set to close soon: Kishore Biyani
Tibetans too under spyware radar
WhatsApp row: Company that backed NSO has an 'India connection'
Govt flags risks to payments through social media companies
Cyber law experts asks why CERT-In removed advisory warning about WhatsApp vulnerability
Apple is now rejecting Mac apps using the latest versions of Electron framework for non-public API usage, warns devs repeated app submissions can result in ban (david.dev)
Apple is now rejecting Mac apps using the latest versions of Electron framework for non-public API usage, warns devs repeated app submissions can result in ban — Allright, as a follow up to the previous chapter in this odyssey I can now state that, apparently, you cannot submit an electron 6 or 7 app to the apple store:
Officials seek probe against WhatsApp and the hack using spyware
Uber restructured and moved its India business
Android bug impacting all Android 8 or later devices lets hackers plant malware via NFC beaming and circumvent the installation security prompt; patch available (Catalin Cimpanu/ZDNet)
Android bug impacting all Android 8 or later devices lets hackers plant malware via NFC beaming and circumvent the installation security prompt; patch available — All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019.
A network of ‘camgirl’ sites exposed millions of users and sex workers
A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.
The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States.
According to Alexa traffic rankings, amateur.tv is one of the most popular in Spain.
The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.
The exposed data also revealed which videos users were watching and renting, exposing kinks and private sexual preferences.
In all, the logs were detailed enough to see which users were logging in, from where, and often their email addresses or other identifiable information — which in some cases we could match to real-world identities.
Not only were users affected, the “camgirls” — who broadcast sexual content to viewers — also had some of their account information exposed.
The database was shut off last week, allowing us to publish our findings.
The “camgirl” site, which exposed millions of users’ and sex workers’ account data by failing to protect a backend database with a password. (Image: TechCrunch)
Researchers at Condition:Black, a cybersecurity and internet freedom firm, discovered the exposed database.
“This was a serious failure from a technical and compliance perspective,” said John Wethington, founder of Condition:Black. “After reviewing the sites’ data privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities being monitored to this level of detail.”
“Users should always take into consideration the implications of their data leaking but especially where the implications could be life altering,” he said.
Data exposures — where companies inadvertently leave their own systems open for anyone to access — have become increasingly common in recent years. Dating sites are among those with some of the most sensitive data. Earlier this year, a group dating site 3Fun exposed over a million users’ data, allowing researchers to view users’ real-time locations without permission. These security lapses can be extremely damaging to their users, exposing private sexual encounters and preferences known only to the users themselves. The fallout following the 2016 hack of affair-focused site Ashley Madison resulted in families breaking up and several reports of suicides connected to the breach.
An email to VTS Media bounced over the weekend and could not be reached for comment.
Given both the company and its servers are located in Europe, the exposure of sexual preferences would fall under the “special categories” of GDPR rules, which require more protections. Companies can be fined up to 4% of their annual turnover for GDPR violations.
A spokesperson for the Spanish data protection authority (AEPD) did not respond to a request for comment outside business hours.
Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Week in Review: #DeleteLinkedIn
Hey everyone. Thank you for welcoming me into you inbox yet again.
Last week, I talked about SoftBank’s big embarrassment and how it could impact venture capital.
If you’re reading this on the TechCrunch site, you can get this in your inbox here, and follow my tweets here.
The big story
#DeleteLinkedIn
Before you dial up a quick search, no, LinkedIn isn’t currently caught in a scandal, but does a product need to have a deeply toxic culture, corrupt democracy or have an ICE contract for you to boycott it? Can’t the product itself just be bad?
I’ve thought about writing this for a long time because LinkedIn does serve some purposes, but it’s not a professional network, for the lay user it’s not much of anything.
It’s built for recruiters and salespeople, and, yeah, I’m sure they will have plenty of great things to say about the doors that have been opened to them, but what about the employed consumers who value professional development and have been convinced that a LinkedIn account is a necessity? Facebook has taught consumers that our data is the price to use their services, but at least we get a little something out of that deal. LinkedIn is just a CRM where the customers all populate their own cells of the spreadsheet. It gives users spam and pop-ups that seem designed to help them find where the notifications settings on their phones are.
LinkedIn has been remarkably unambitious for a long time. The company is trying to make money and that’s chill; they’re trying to live up to Microsoft’s expectations by making obvious choices and I’d imagine it’s awfully hard to do that.
Enterprise software lives in an eternal cycle of bundling and unbundling and LinkedIn is long overdue for some startups to come unbundle it. It can keep recruiting, sales and the millions of hallowed-out users profiles, but there’s so much potential dying on the LinkedIn vine.
Investors have raved about the “consumerization of enterprise,” or bringing consumer-like products deeper into the workplace. There has also been a ton of chatter about startups building bespoke communities focused on tighter verticals. These two trends should lead to some great professional development products, and I’m sure there already are plenty entrepreneurs building solutions that will pop up in my inbox or the comments. There’s nearly endless potential for niche professional networks to flourish, actually innovate and create connections.
LinkedIn is what happens when network effects congeal. It has this data that could be used to create so many good worker-facing products, instead the company has monetized itself by going out of its way to obfuscate this data for the majority of its users. I have truly limited faith in LinkedIn turning itself around so maybe it’s time we all walk away from this idea that it has so much untapped potential and we just give up on it to search out some more focused products that have a few users and meet a few needs.
Please reach out to me if you’re building something cool.
Send me feedback
on Twitter @lucasmtny or email
lucas@techcrunch.com
On to the rest of the week’s news.
Cole Burston/Bloomberg via Getty Images
Trends of the week
Here are a few big news items from big companies, with green links to all the sweet, sweet added context:
- Jack and Zuck
Jack Dorsey says an awful lot of nothing for being the guy in charge of Twitter, but he had a lot to say this week, and more importantly a little to do. He said the company would be uniformly banning political ads on its site, something that will likely help it sidestep some controversy, and will turn up the heat for Facebook to do the same. - Escape pods
I wrote some harsh words about Juul in my previous newsletter ahead of what seemed like an inevitable reckoning. Well, that reckoning has gotten a bit more codified this week. Altria wrote down $4.5 billion of Juul’s value. The company is prepping for major layoffs including a handful of execs. Layoffs suck but not quite as much as taking a job at Juul. - Fitting in
Google made an interesting hardware play this week buying Fitbit for $2.1 billion. Hardware has always been a bit of an afterthought for Google, but maybe this purchase will allow them a more concerted push to take on the Apple Watch, or maybe like Nest, they won’t have any idea what to do with them. Regardless, it’s a relatively soft and dignified landing for Fitbit which has had a rocky past three years going head-to-head with Apple.
GAFA Gaffes
How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:
- Facebook pays fine without saying sorry:
[Facebook agrees to pay UK data watchdogs Cambridge Analytica fine but settles without admitting liability] - App Store bugs erases ratings:
[A week-long iOS App Store bug wiped out over 20M ratings]
Disrupt Berlin
It’s hard to believe it’s already that time of the year again, but we just announced the agenda for Disrupt Berlin and we’ve got some all-stars making their way to the stage. I’ll be there this year, get some tickets and come say hey!
- Learn how to win customers and influence consumers
- Three of the best tackle the thorny issue of Brexit for startups
- Learn how to raise your first Euros
Sign up for more newsletters in your inbox (including this one) here.
Ford is bringing huge screens—and live updates—to its cars
Enlarge / A 2019 Ford Edge Titanium. (credit: Eric Bangeman)
In the unending war for dominance in the auto industry, the fighting has long focused on questions of performance, reliability, comfort, style, and safety. But in the past decade, a new front has opened up: infotainment.
The newest entrant is Ford. Today, the biggest touchscreen you can get in a Ford is the Explorer’s 10-incher. Most of its cars come with 8-inch offerings. Starting next year, Ford announced Wednesday, some (to be announced) vehicles will come with 12- and 15-inch touchscreens—the latter is larger than any iPad—stuck smack in the middle of the dashboard.
Read 7 remaining paragraphs | Comments
Strava's new API rules for third parties will make it harder for users across dozens of fitness apps and wearables to integrate their fitness data in one place (Victoria Song/The Verge)
Victoria Song / The Verge : Strava's new API rules for third parties will make it harder for users across dozens of fitness apps and ...
-
Jake Offenhartz / Gothamist : Since October, the NYPD has deployed a quadruped robot called Spot to a handful of crime scenes and hostage...
-
Answers to common questions about PCMag.com http://bit.ly/2SyrjWu https://ift.tt/eA8V8J
