Connect with us

Techcrunch

Zoom faces criticism for denying free users e2e encryption

Avatar

Published

on

What price privacy? Zoom is facing a fresh security storm after CEO Eric Yuan confirmed that a plan to reboot its battered security cred by (actually) implementing end-to-end encryption does not in fact extend to providing this level of security to non-paying users.

This Zoom ‘premium on privacy’ is necessary so it can provide law enforcement with access to call content, per Bloomberg, which reported on security-related remarks made by Yuan during an earnings call yesterday, when the company reported big gains thanks to the coronavirus pandemic accelerating uptake of remote working tools.

“Free users for sure we don’t want to give [e2e encryption] because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said on the call.

Security experts took swiftly to Twitter to condemn Zoom’s ‘pay us or no e2e’ policy.

EFF associate research director, Gennie Gebhart, also critically discussed Zoom’s decision to withhold e2e encryption for free users in a Twitter thread late last month, following a feedback call with the company — criticizing it for spinning what she characterized as pure upsell as a safety consideration.

It’s a nuance-free cop-out to blanket-argue that ‘bad things happen on free accounts’, she suggested.

Fast forward to today and a tweet about the report of Yuan’s comments written by Bloomberg technology reporter, Nico Grant, triggered an intervention by none other than Alex Stamos — the former Facebook and Yahoo! security executive who signed up by as a consultant on Zoom’s security strategy back in April days after the company had been served with a class action lawsuit from shareholders for overstating security claims.

Stamos — who was CSO at Yahoo! during a period when the NSA was using a backdoor to scan user email and also headed up security at Facebook at a time when Russia implemented a massive disinformation campaign targeting the 2016 US presidential election — weighed in via Twitter to claim there’s a “difficult balancing act between different kinds of harms” which he said justifies Zoom’s decision to deny e2e encryption for all users.

Curiously, Stamos was also CSO at Facebook when the tech giant completed the roll out of e2e encryption on WhatsApp — providing this level of security to the then billion+ users of its free-to-use mobile messaging and video chat app.

Which might suggest Stamos’ conception of online “harms” has evolved considerably since 2016 — after all, he’s since landed at Stanford as an adjunct professor (where he researches “safe tech”). Although, in the same year (2016), he defended his employer’s decision not to make e2e encryption the default on Facebook Messenger. So Stamos’ unifying thread appears to be being paid to defend corporate decision-making while applying a gloss of ‘security expertise’.

His latest Twit(n)ter-vention runs to type, with the security consultant now defending Zoom’s management’s decision not to extend e2e encryption to free users of the product.

But his tweeted defence of AES encryption as a valid alternative to e2e encryption has attracted some pointed criticism from the crypto community — as an attack on established standards.

Nadim Kobeissi, a Paris-based applied cryptography researcher — who told us that his protocol modelling and analysis software was used by the Zoom team during development of its proposed e2e encrypted system for (paid product) meetings — called out Stamos for “insisting that AES encryption, which can be bypassed by Zoom Inc. at will, qualifies as real encryption”.

That’s “what’s truly misleading here”, Kobeissi tweeted.

In a phone call with TechCrunch, Kobeissi fleshed out his critique, saying he’s concerned, more broadly, that a current and (he said) much needed “Internet zeitgeist” focus on online safety is being hijacked by certain vested interests to push their own agenda in a way that could roll back major online security gains — such as the expansion of e2e encryption to free messaging apps like WhatsApp and Signal — and lead to a general deterioration of security ideals and standards.

Kobeissi pointed out that AES encryption — which Stamos defended — does not prevent server intercepts and snooping on calls. Nor does it offer a way for Zoom users to detect such an attack, with the crypto expert emphasizing it’s “fundamentally different from snooping-resistant encryption”.

Hence he characterized Stamos’ defence of AES as “misleading and manipulative” — saying it blurs a clearly established dividing line between e2e encryption and non-e2e.

“There are two problems [with the Zoom situation]: 1) There’s no e2e encryption for free users; and 2) there’s intentional deception,” Kobeissi told TechCrunch.

He also questioned why Stamos has not publicly pushed for Zoom to find ways to safely implement e2e encryption for free users — pointing, by way of example, to the franking ‘abuse report’ mechanism that Facebook recently applied to e2e encrypted “Secret Conversations” on Messenger.

“Why not improve on Facebook Messenger franking,” he suggested, calling for Zoom to use its acquisition of Keybase’s security team to invest and do research that would raise security standards for all users.

Such a mechanism could “absolutely” be applied to video and voice calls, he argued.

“I think [Stamos] has a deleterious effect on the kind of truth that ends up being communicated about these services,” Kobeissi added in further critical remarks about the former Facebook CSO — who he said comes across as akin to a “fixer” who gets called in “to render a company as acceptable as possible to the security community while letting it do what it wants”.

We’ve reached out to Zoom and Stamos for comment.

Source: https://techcrunch.com/2020/06/03/zooms-privacy-premium/

Gaming

Daily Crunch: Apple Arcade expands with classic games

Avatar

Published

on

Apple adds classic titles to Apple Arcade, Microsoft experiences an outage and Coinbase is going public. This is your Daily Crunch for April 2, 2021.

The big story: Apple Arcade expands with classic games

Until now, Apple’s game subscription service was limited to exclusive new titles, but today it’s introducing two new categories: App Store Greats (popular iPhone games like Monument Valley+, Fruit Ninja Classic+, Cut the Rope Remastered and Badland+) and Timeless Classics (board games and puzzle games, such as Backgammon+ and Chess Play and Learn+).

This is a major expansion to the Apple Arcade back catalog, but it’s not simply a matter of putting previously free games behind a paywall. The Arcade versions of these titles will be ad-free and without in-app purchases — you’re never paying anything beyond the $4.99 monthly subscription fee. Also, some of these games had become unavailable in their original forms due to iOS and hardware updates.

The tech giants

Microsoft outage knocks sites and services offline — Microsoft stumbled back online Thursday after an hours-long outage in the middle of the U.S. west coast working afternoon.

Startups, funding and venture capital

Coinbase to direct list on April 14th, provide financial update on April 6th — The company will trade under the ticker symbol “COIN.”

Uruguayan payments startup dLocal quadruples valuation to $5B with $150M raise — This means that the five-year-old Uruguayan company has effectively quadrupled its valuation in a matter of months.

Backflip offers an easier way to turn used electronics into cold, hard cash — The company offers customers cash on delivery for their used electronics, which could be anything from iPhones to Game Boys.

Advice and analysis from Extra Crunch

How is edtech spending its extra capital? — Edtech M&A activity has continued to swell.

Tech in Mexico: A confluence of Latin America, the US and Asia — LatAm entrepreneurs seem to be looking to Asian tech giants for product inspiration and growth strategies.

RPA market surges as investors, vendors capitalize on pandemic-driven tech shift — Robotic process automation came to the fore during the pandemic as companies took steps to digitally transform.

(Extra Crunch is our membership program, which helps founders and startup teams get ahead. You can sign up here.)

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://techcrunch.com/2021/04/02/daily-crunch-apple-arcade-expands-with-classic-games/

Continue Reading

Private Equity

Three ways VC firms can construct sustainably diverse portfolios

Avatar

Published

on

Venture capital has a diversity problem: Data show that Black and Latinx founders received just 2.6% of overall funding in 2020. Women-founded teams received nearly 30% less funding in 2020 than they did in 2019.

For decades, a close-knit community of brilliant but like-minded individuals built a system of pattern recognition. It produced high-growth companies with homogenous leadership teams. They called it meritocracy. Those of us who didn’t fit the profile were told, or were left to assume, that we didn’t have what it takes.

When a founder needs funding but investors don’t think they “have what it takes,” it can quickly become a self-fulfilling prophecy. No matter how good you are and how much product-market fit you achieve, at some point “what it takes” to scale a company is money.

Until recently, the lack of diversity in the ecosystem was largely an issue to those of us directly affected by it. It wasn’t until the groundbreaking #metoo and #BlackLivesMatter movements that the lack of funding for women and minorities became both evident — and evidently problematic — to the rest of the world.

I believe that underrepresented founders are the most undervalued asset class in the U.S. today, and investors are starting to realize that diversity is not charity — it’s economic opportunity.

Just look at the data on women-founded startups, which deliver 63% higher ROI (according to First Round Capital), generate twice as much revenue for every dollar invested (according to BCG), and take one full year less time to exit (according to PitchBook & AllRaise). Founders that have it harder, but persevere, lead to stronger companies with outsized results for their investors.

The good news is that recent events jolted many into action. A flurry of pledges, micro-funds and quick investments in support of Black founders arrived in the wake of George Floyd’s murder last summer. Overnight, these founders were heavily courted for meetings and speaking opportunities from people and firms they didn’t have access to in the past. Some secured investments and built new relationships that will help down the line. For many, the timing was off, and they didn’t benefit materially. In the end, the frenzy quieted down, and only 3% of 2020 VC deal volume went to Black-founded companies.

Ashlee Wisdom, the co-founder and CEO of digital health platform Health in Her HUE, experienced this firsthand.

“Last summer I was overwhelmed with inbounds from investors, which felt great at first,” she said. “But I was new to venture; I didn’t know how to build a strategy around fundraising, and most of those investors were looking for companies at a later stage than mine. No one I spoke to during that time seemed to be willing to invest in my pre-seed round despite our demonstrated traction. On the positive side, I met a lot of great investors who made meaningful introductions to pre-seed and early-stage funds. And some of those later-stage investors are now watching Health In Her HUE’s progress.”

It’s too soon to tell how sustainable the progress made last year will be. But we do have evidence from prior times that small, cosmetic efforts at diversity do not result in lasting change. Just take a look at what’s happened to VC funding for women recently.

In the aftermath of #metoo, investors and corporations were also spurred to act, with some success. For a while, VC investments in women-founded companies increased slowly but steadily. But once COVID hit, and investors retreated to their closest and most trusted referral networks, VC funding for women took a huge step backward. Crunchbase data show more than 800 female-founded startups globally received a total of $4.9 billion in venture funding in 2020, through mid-December, representing a 27% decrease over the same period the prior year.

The lesson is this: Efforts at the periphery of venture capital do not make a difference in the long run. The good news is many have started taking action. To achieve systemic, long-term improvements, VC firms will need to make changes to their core system, building diversity into the primary investing process itself. Results will not be visible immediately, but they will be far more sustainable and, as the data suggest, more profitable over the lifetime of these funds. Here are three specific actions VC firms can take to achieve this:

1. Hire BIPOC and women investors

A recent PitchBook report notes that female investors are twice as likely to invest in companies with female founders and three times as likely in companies with female CEOs. And yet fewer than 10% of all VC partners are women. According to BLCK VC, more than 80% of venture firms don’t have a single Black investor on their team. That makes it less surprising that only 1 percent of venture-funded startup founders are Black.

When you hire from the same communities you want to invest in, and ensure your new hires are set up for success, you unlock dealflow, relationships, and insights into new markets and customer sets. This results in a more diverse portfolio and a stronger investment team, one that serves its entire portfolio of companies better.

2. Measure the top of your funnel

Inputs lead to outputs. VC firms should do everything they can to foster stronger relationships with underrepresented founder communities to enable more diversity at the top of the deal flow funnel.

Partner, sponsor and invest in organizations like Female Founders Alliance, SoGal Foundation, Black Women Talk Tech and more. Go out of your way to attend events, ask for introductions, schedule casual coffee meetings and meet as many founders in those networks as you can — and foster those relationships meaningfully over time. This is how you seed decades of great dealflow.

3. Invest directly in emerging fund managers

There are hundreds of new funds, many of them with less than $50 million in assets under management, with direct access to pockets of talent that you are not currently seeing. These general partners have trusting, authentic relationships with founders who might be wary of mainstream VC. If you are a larger VC fund, you should be actively investing in them. Emerging managers can act as your scouts, and, in return, you will help build the ecosystem itself.

I believe that the lack of diversity in venture capital is a once-in-a-generation opportunity for those willing to make the earliest bets. If we invest in women at the same rate that we invest in men, this could boost the global economy by up to $5 trillion. That is a huge amount of return up for grabs. A homogenous portfolio misses that opportunity.

Most investors I know are aware of the opportunity and genuinely want to do better. The more urgency they feel, the more likely they are to spin up independent initiatives to address inequities directly. While these can be helpful, they’re also not sustainable. The best way to build a sustainably diverse portfolio is to do the slow, hard work of change from the inside out.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://techcrunch.com/2021/04/02/three-ways-vc-firms-can-construct-sustainably-diverse-portfolios/

Continue Reading

Techcrunch

Hack takes: A CISO and a hacker detail how they’d respond to the Exchange breach

Avatar

Published

on

The cyber world has entered a new era in which attacks are becoming more frequent and happening on a larger scale than ever before. Massive hacks affecting thousands of high-level American companies and agencies have dominated the news recently. Chief among these are the December SolarWinds/FireEye breach and the more recent Microsoft Exchange server breach. Everyone wants to know: If you’ve been hit with the Exchange breach, what should you do?

To answer this question, and compare security philosophies, we outlined what we’d do — side by side. One of us is a career attacker (David Wolpoff), and the other a CISO with experience securing companies in the healthcare and security spaces (Aaron Fosdick).

Don’t wait for your incident response team to take the brunt of a cyberattack on your organization.

CISO Aaron Fosdick

1. Back up your system.

A hacker’s likely going to throw some ransomware attacks at you after breaking into your mail server. So rely on your backups, configurations, etc. Back up everything you can. But back up to an instance before the breach. Design your backups with the assumption that an attacker will try to delete them. Don’t use your normal admin credentials to encrypt your backups, and make sure your admin accounts can’t delete or modify backups once they’ve been created. Your backup target should not be part of your domain.

2. Assume compromise and stop connectivity if necessary.

Identify if and where you have been compromised. Inspect your systems forensically to see if any systems are using your surface as a launch point and attempting to move laterally from there. If your Exchange server is indeed compromised, you want it off your network as soon as possible. Disable external connectivity to the internet to ensure they cannot exfiltrate any data or communicate with other systems in the network, which is how attackers move laterally.

3. Consider deploying default/deny.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://techcrunch.com/2021/04/02/hack-takes-a-ciso-and-a-hacker-detail-how-theyd-respond-to-the-exchange-breach/

Continue Reading

Techcrunch

RPA market surges as investors, vendors capitalize on pandemic-driven tech shift

Avatar

Published

on

When UIPath filed its S-1 last week, it was a watershed moment for the robotic process automation (RPA) market. The company, which first appeared on our radar for a $30 million Series A in 2017, has so far raised an astonishing $2 billion while still private. In February, it was valued at $35 billion when it raised $750 million in its latest round.

RPA and process automation came to the fore during the pandemic as companies took steps to digitally transform. When employees couldn’t be in the same office together, it became crucial to cobble together more automated workflows that required fewer people in the loop.

RPA has enabled executives to provide a level of workflow automation that essentially buys them time to update systems to more modern approaches while reducing the large number of mundane manual tasks that are part of every industry’s workflow.

When UIPath raised money in 2017, RPA was not well known in enterprise software circles even though it had already been around for several years. The category was gaining in popularity by that point because it addressed automation in a legacy context. That meant companies with deep legacy technology — practically everyone not born in the cloud — could automate across older platforms without ripping and replacing, an expensive and risky undertaking that most CEOs would rather not take.

RPA has enabled executives to provide a level of workflow automation, a taste of the modern. It essentially buys them time to update systems to more modern approaches while reducing the large number of mundane manual tasks that are part of just about every industry’s workflow.

While some people point to RPA as job-elimination software, it also provides a way to liberate people from some of the most mind-numbing and mundane chores in the organization. The argument goes that this frees up employees for higher level tasks.

As an example, RPA could take advantage of older workflow technologies like OCR (optical character recognition) to read a number from a form, enter the data in a spreadsheet, generate an invoice, send it for printing and mailing, and generate a Slack message to the accounting department that the task has been completed.

We’re going to take a deep dive into RPA and the larger process automation space — explore the market size and dynamics, look at the key players and the biggest investors, and finally, try to chart out where this market might go in the future.

Meet the vendors

UIPath is clearly an RPA star with a significant market share lead of 27.1%, according to IDC. Automation Anywhere is in second place with 19.4%, and Blue Prism is third with 10.3%, based on data from IDC’s July 2020 report, the last time the firm reported on the market.

Two other players with significant market share worth mentioning are WorkFusion with 6.8%, and NTT with 5%.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://techcrunch.com/2021/04/02/rpa-market-surges-investors-vendors-capitalize-pandemic-tech-shift/

Continue Reading
Esports3 days ago

chessbae removed as moderator from Chess.com amid drama

Esports2 days ago

DreamHack Online Open Ft. Fortnite April Edition – How To Register, Format, Dates, Prize Pool & More

Esports4 days ago

Dota 2 Dawnbreaker Hero Guide

Esports4 days ago

Why did Twitch ban the word “obese” from its predictions?

Esports5 days ago

Dallas Empire escape with a win against Minnesota at the Stage 2 Major

Esports5 days ago

A detailed look at Dawnbreaker, Dota 2’s first new carry in four years

Esports2 days ago

Hikaru Nakamura drops chessbae, apologizes for YouTube strike

Esports4 days ago

Dota 2: Patch 7.29 Analysis Of Top Changes

Esports4 days ago

Dota 2 patch 7.29: Impact of Outposts, Water Runes and other major general gameplay changes

Esports4 days ago

Dota 2: Team Nigma Completes Dota 2 Roster With iLTW

Fintech3 days ago

Australia’s Peppermint Innovation signs agreement with the Philippine’s leading micro-financial services provider

Esports5 days ago

Mission Control, Tripleclix Team with Hollister for Fortnite Event/Product Launch

Esports5 days ago

Geely Holdings’ LYNK&CO Sponsors LNG Esports’ LPL Team

Esports5 days ago

xQc calls ZULUL supporters racist for wanting Twitch emote back

Esports4 days ago

Hikaru Nakamura accused of striking Eric Hansen’s YouTube channel

Esports4 days ago

Fortnite: Blatant Cheater Finishes Second In A Solo Cash Cup

Blockchain4 days ago

Revolut integriert 11 neue Kryptowährungen

Esports5 days ago

Patch 7.29 adds Dawnbreaker, removes Necronomicon and brings heroes and map changes

Esports4 days ago

LoL: Blaber Named 2021 LCS Spring Split Honda MVP

Esports5 days ago

LA Thieves defeat New York Subliners to continue at Stage 2 Major

Trending