True, the social networking app that promises to ‘protect your privacy,’ exposed private messages and user locations

True bills itself as the social networking app that will “protect your privacy.” But a security lapse left one of its servers exposed — and spilling private user data to the internet for anyone to find.

The app was launched in 2017 by Hello Mobile, a little-known virtual cell carrier that piggybacks off T-Mobile’s network. True’s website says it has raised $14 million in seed funding, and claimed more than half a million users shortly after its launch.

But a dashboard for one of the app’s databases was exposed to the internet without a password, allowing anyone to read, browse and search the database — including private user data.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the exposed dashboard and provided details to TechCrunch. Data provided by BinaryEdge, a search engine for exposed databases and devices, showed the dashboard was exposed since at least early September.

More on Extra Crunch

After we reached out, True pulled the dashboard offline.

Bret Cox, chief executive at True, confirmed the security lapse but did not answer our specific questions, including if the company planned to inform users of the security lapse or if it planned to disclose the incident to regulators under state data breach notification laws.

The dashboard contained daily server logs dating back to February, and included the user’s registered email address or phone number, the contents of private posts and messages between users, and the user’s last known geolocation, which could identify where a user was or had been. The dashboard also exposed the email and phone contacts uploaded by the user, which True uses to match with known friends in the app.

None of the data was encrypted.

TechCrunch confirmed the dashboard was returning real user data by creating a test account and asking Hussein to provide data that only we would know, such as the phone number used to register the account.

Hussein said that the dashboard was also leaking account access tokens, which could be used to hack into and hijack any user’s account. These account access tokens look like a line of random letters and numbers, but keep the user logged into the app without having to enter their login details every time. Using our test account, Hussein found our access token from the dashboard, and used it to access our account and post a message on our feed.

The dashboard also exposed one-time login codes, which True sends to an account’s associated email address or phone number instead of storing passwords.

True says deleting an account “will immediately remove all of your content from our servers,” but deleting our test account did not remove our private messages, posts and photos, and could still be searched from the dashboard.

“This is another example of how mistakes can happen at any organization, even those that are privacy-centric,” Hussein told TechCrunch. “It highlights the importance of not only building secure applications and websites, but also ensuring that proper data security measures are embedded within their internal procedures.”

A spokesperson for Hello Mobile could not be reached.

Last year, Hussein found an exposed database dashboard belonging to Blind, the “anonymous social network,” favored by employees to publicly disclose malfeasance and wrongdoing at their companies.


You can contact the author with tips securely using Signal and WhatsApp to: +1 646-755-8849.

Apple search crawler activity could signal a Google competitor, or a bid to make Siri a one-stop-shop

Encouraged by the spate of antitrust activity brewing in both the Justice Department and on Capitol Hill, Apple may be developing a search competitor to Google, according to a report in the Financial Times.

That would be a move ripe with irony as the push for an end to anti-competitive practices is seemingly creating greater competition among the largest companies which already dominate the technology industry rather than between those established companies and more nimble upstarts.

Signs of Apple’s resurgent interest in search technologies can be found in both a subtle but significant change to the latest version of the iOS 14 iPhone operating system and increasing activity from Apple’s spidering tools that are used to scour the web and refine search functionality, the Financial Times reported.

Apple is now showing its own search results and linking directly to websites when users type queries from its home screen in iOS 14. For context, this is a behavior that has been known for a while as people have seen the feature pop up in beta versions of iOS. And the search volume being up on Apple’s crawler is something that Jon Henshaw of Coywolf had noted back in August.

Sources cited by the Financial Times said that the change marked a significant step-change in Apple’s in-house search development and could be the basis for a broader push into search.

The Cupertino, Calif.-based company certainly has the expertise. A little less than three years ago it nabbed Google’s head of search, John Giannandrea in what was widely seen as an attempt to shore up Apple’s foundations in artificial intelligence and voice search via Siri. Because of the way that Apple is organized internally, it’s unlikely that Giannandrea will be devoting full-time effort to both a potential “search product” and Siri . But it’s within the realm of possibility that he could be lending his expertise to a team working on a separate feature.

Any development of a search tool would be a third way for Apple, which now uses Google as its default search service thanks to a lucrative contract between the two (one that’s also at the heart of a Justice Department inquiry into Google’s purported anti-competitive activities around search). The only other major search services on the market rely on Microsoft’s Bing to power their results.

While the signs do point to an actual uptick in activity, there could be an explanation for Apple’s crawler activity that’s less heavy on corporate skunkworks skulduggery and more in line with goals that Apple’s stated pretty clearly.

While the story about Apple getting into direct competition with Google on search makes for a great headline, the uptick in activity could be explained equally as rationally by Siri getting more search queries and being more of an interlocutor between Apple and search services like Google or Microsoft’s Bing. This disintermediation is something that Google began years ago and has even modified and expanded over the years to combat the same kind of behavior from Siri.

Some of this comes down to semantics. By “search engine” do we mean “a web site that people type queries into” or do we mean a voice assistant that steps in to white-label web results with its own sourcing. Cutting down on the brand presence of a monster like Google on your own platform is a powerful motivator for any competitor, no matter the space.

Making Siri a one-stop-shop could inoculate Apple in the scenario where they are forced to enable a search provider choice in the iOS onboarding flow by regulation. It won’t do anything to help Google though, who pays Apple billions because iOS users are worth way more than any other mobile web users to its business. Google, for its part, says that when people have a choice they still pick Google anyway. Perhaps another reason why making Siri the search equivalent of an overtalker is the strong play for Apple.

TechCrunch has reached out to Apple for comment and will update when we hear back.

GE Jumps on Surprise Profit as CEO Larry Culp Sees Turnaround Accelerating

GE Jumps on Surprise Profit as CEO Larry Culp Sees Turnaround Accelerating(Bloomberg) -- General Electric Co. surged after a surprise profit and rebound in cash flow signaled that Chief Executive Officer Larry Culp’s turnaround plan is regaining traction despite the coronavirus pandemic.Adjusted earnings of 6 cents a share in the third quarter defied Wall Street’s expectations for a 4 cent loss, and sales of $19.4 billion also exceeded analyst estimates. Industrial free cash flow, a key gauge of earnings power, will be at least $2.5 billion in the fourth quarter and positive next year, GE said Wednesday as it reported quarterly results.The financial improvement buoys Culp’s effort to restart the repair job he was leading before the pandemic, when GE was attempting to emerge from an epic corporate collapse. Concluding this year with a big boost to cash flow points to a better 2021 after the virus upended GE’s jet-engine division and slammed its other businesses earlier this year.“The underlying momentum and traction I think we have suggests that we can be positive next year, and, over time, do much more,” Culp said in an interview.GE soared 8.4% to $7.70 at 2:26 p.m. in New York, confounding a slump in the broader market to post the biggest gain on the S&P 500 Index. GE tumbled 36% this year through Tuesday, compared with a gain of almost 5% in the broader stock gauge.The results were “an across-the-board beat to our below-consensus numbers,” Steve Tusa, a JPMorgan Chase & Co. analyst, said in a note to clients.Tusa, whose bearish views on GE proved prescient when the company lost more than $200 billion in shareholder value in 2017 and 2018, has a neutral rating on the shares.Industrial free cash flow was $514 million in the third quarter, GE said. Analysts had expected the company to burn through $968.3 million in cash.Aviation SlumpA stronger performance by the health-care equipment unit and the improvement in free cash “are likely to reinforce the messaging that GE fundamentally bottomed,” Gordon Haskett analyst John Inch wrote in a note to clients.Still, the Boston-based company faces a “difficult climb-back” in the coming years, Inch said.A major drag on the outlook is the longtime crown jewel of GE’s industrial divisions, the jet engine unit, which has been laid low by the collapse in demand for air travel. Departures of jets powered by engines from GE and CFM International, a joint venture with Safran SA, are still down 40%.“What you see globally is we’ve kind of flat-lined since Labor Day,” Culp said of departures. “It’s very hard to call the slope of the curve from here back to 2019 levels.”What Bloomberg Intelligence says“GE’s progress toward improved operational performance and a more sustainable financial condition is gaining momentum, despite virus-related setbacks in 2020. Aviation, GE’s largest and most profitable unit, faces a slow air-travel recovery, and new aircraft orders could be depressed for a few years.”\--Karen Ubelhart, industrials analyst\--click here to read the researchOrders at GE Aviation fell by more than half from a year earlier. Installations and GE’s aftermarket business, which provides maintenance and spare parts to its existing fleet, are trending down by similar margins in October, according to a GE presentation.Third-quarter orders also sank in GE’s power equipment and health-care units.Wild CardAn annual test of reserves that backstop a pool of long-term care insurance policies held by GE Capital didn’t affect earnings. The policies have long been a money pit for GE.“We’re not trying to suggest that we’re going to have positive margins from here,” Culp said of the test result. “But I do think that it’s a sign that this is less of a wild card the way that some might frame it.”GE also announced that it set aside $100 million for reserves tied to all matters under investigation by the U.S. Securities and Exchange Commission, which is probing past accounting issues tied to the insurance policies and power unit.Culp said the company has been cooperating with the agency throughout the duration of the probe. The reserves are “quite appropriate under the circumstances,” he said.GE is also exploring whether it can reach a settlement with the agency “to fully resolve all matters that are under investigation,” according to a company filing Wednesday. The SEC’s staff is likely to recommend a civil enforcement action in its probe of GE’s long-term care accounting issues, the company said in the filing.“In the event that such an action is brought, GE believes it would have strong defenses to the proposed charges and would vigorously defend the case,” the company said.(Updates with CEO’s comments from fourth paragraph.)For more articles like this, please visit us at bloomberg.comSubscribe now to stay ahead with the most trusted business news source.©2020 Bloomberg L.P.


Joe Rogan, Alex Jones and Spotify’s illusion of neutrality

Social media platforms like Facebook and Twitter have taken a messy beating from critics unhappy with how they handle questionable content on their platform, with some complaining they don’t do enough to rein in misinformation, and others decrying censorship. But what about Spotify? The company is never mentioned in this context, and with its traditional business couched in streaming recorded music, you might understand why its biggest controversies over the last few years have been over how little musicians get paid.

That position, however, is being jolted into quite different territory now with its move into podcasting, which is raising lots of questions over what role Spotify should and could play in overseeing the content on its platform. Now people are in an uproar of who, essentially, gets a platform on its platform.

That issue was highlighted in the last day, when Joe Rogan — the highly paid podcaster with a libertarian bent — brought on Alex Jones (of InfoWars fame, whose own podcast was removed from Spotify, along with YouTube and others, in 2018) on to his show for a meandering three hours, leading to an uproar over how Spotify is giving a spotlight and microphone to an infamous purveyor of misinformation.

The conversation, which also featured comedian Tim Dillon, covered a pretty wide range of topics, with the common themes being today’s most controversial topics, unproven (or disproven) stories behind them presented as fact, and of course the dastardly Dems.

Rogan made a few attempts at refuting or standing up some of the stories and claims that they covered. Early on, for example, when Jones started to talk about how the Democrats are in the pocket of the lobbyists (while Trump was not, according to him), Rogan called up web links in real time, showing that this isn’t quite so clear, with AT&T admitting to paying Trump’s former lawyer Michael Cohen fees, to help advance its own position with Trump and his administration.

“I was just trying to give you a Gestalt analysis,” Jones growled in response… He then went into a defense of Jared Kushner. “Everything he touches he turns to gold.” (Except, it seems, this, this, and well, maybe many other things, actually.)

The conversation veered on to a number of other topics, such as how the Democrats were intentionally trying to crash the economy to make Trump look bad, and a discussion, very the foggy on details, of the effectiveness of vaccines (foggy, but probably enough strands of which, in the hands of a person already skeptical, may well be the tipping point to dismissing Covid-19 public health initiatives altogether).

For now, Spotify is not saying anything in response to this publicly. We’ve tried to reach out to the company to get a response to questions about the show, and we will update if we hear back. We’ve had nothing for hours, and a colleague who asked the same questions months ago never heard back either. So we’re not holding our breath.

Notably, while Spotify has detailed how to report illegal musical tracks or explicit lyrics on its platform, it has never outlined its content policies when it comes to podcasting.

And from the looks of it, the company has been using some delaying tactics in facing up to the problem more directly.

BuzzFeed today has published a leaked memo from the company’s legal officer Horacio Gutierrez, from today, which appears to defend the company’s position on publishing controversial podcasts (not this one in particular), giving hosts the freedom to have whichever guests they want, and not responding to public outcry but to refer issues to Trust & Safety to investigate.

“If a team member has concerns about any piece of content on our platform, you should encourage them to report it to Trust & Safety because they are the experts on our team charged with reviewing content,” he wrote. “However, it’s important that they aren’t simply flagging a piece of content just because of something they’ve read online. It’s all too common that things are taken out of context.”

Bulleted talking points about controversial content seem to underscore how Spotify is sticking to a position of being a neutral platform, not a proactive curator: “Spotify has always been a place for creative expressions,” Gutierrez wrote. “It’s important to have diverse voices and points of view on our platform.”

He then noted that if a podcast complies with Spotify’s content policies — it doesn’t make clear what those are — then guests are not banned: “We are not going to ban specific individuals from being guests on other people’s shows, as the episode/show complies with our content policies.”

He noted in closing that “we appreciate that not all of you will agree with every piece of content on our platform. However, we do expect you to help your teams understand our role as a platform and the care we take in making decisions.”

People were upset back when Rogan came to Spotify in an exclusive, reportedly $100 million, deal earlier this summer — an event that first introduced the question of how Spotify would handle content controversies. No surprise there, since Rogan was already courting controversy over, for example, how he uses slurs considered to be transphobic by members of the LGBQT community (an issue that has not gone away). Now those questions are coming up again, along with boycotting threats.

Whether this actually makes a dent in its user base, it does raise lots of questions about how the profile of the company is changing, and that Spotify has been given a relatively easy break when it comes to content on its platform up to now. It’s been optimising for exclusive names and speed to market in getting them (and paying big bucks for the bragging rights), over considering what those names are actually doing, and what impact that could have.

One interesting angle to ponder is whether other high-profile hosts might bail if they feel strongly about Spotify’s editorial position. Another is whether (or when) this will catch the eye of the Powers That Be.

Just today, executives from Facebook, Twitter and Google are being brought before the Senate with questions about bias on their platform and how their staff approaches content moderation, and whether they are liable for that content. I don’t know how effective or impactful today’s testimony will be, but for a start, maybe it’s time they start including Spotify in that list, too.

U.S. antitrust regulator loses bid to revive Qualcomm case

U.S. antitrust regulator loses bid to revive Qualcomm caseIn a brief order, the U.S. 9th Circuit Court of Appeals said it would not rehear arguments over whether the San Diego, California-based company had engaged in anticompetitive patent-licensing practices to keep a monopoly on the market for modem chips that connect smart phones to wireless data networks. On Aug. 11, a three-judge panel of the 9th Circuit said the FTC failed to establish that Qualcomm's practices had an anticompetitive effect on the cellular chip market. The FTC had asked the entire court to rehear arguments and reconsider the panel decision.


Qualtrics CEO Ryan Smith is buying majority stake in the Utah Jazz for $1.6B

The Utah Jazz, an NBA basketball team based in Salt Lake City, announced today that Qualitrics CEO and co-founder Ryan Smith was buying a majority stake in the team along other properties. ESPN is reporting the deal is worth $1.6 billion.

Smith can afford it. He sold Qualtrics, which is based in Provo, Utah, in 2018 to SAP for $8 billion just before the startup was about to go public. Earlier this year, SAP announced plans to spin out Qualtrics as public company.

In addition to The Jazz, he’s also getting Vivint Arena, the National Basketball Association (NBA) G League team Salt Lake City Stars and management of the Triple-A baseball affiliate Salt Lake Bees. Smith is buying the properties from the Miller family, who have run them for over three decades.

Smith was over the moon about being able to buy into a franchise he has supported over the years. “My wife and I are absolutely humbled and excited about the opportunity to take the team forward far into the future – especially with the greatest fans in the NBA. The Utah Jazz, the state of Utah, and its capital city are the beneficiaries of the Millers’ tremendous love, generosity and investment. We look forward to building upon their lifelong work,” he said in a statement.

The deal is pending approval of the NBA Board Governors, but once that happens, Smith will have full decision making authority over the franchise.

Qualtrics, which makes customer survey tools, was founded in 2002 and raised over $400 million from firms like Accel, Insight Partners and Sequoia before selling the company two years ago to SAP.

Smith is not the first tech billionaire to buy a basketball team. He joins Mark Cuban, who bought the Dallas Mavericks in 1999 after selling Broadcast.com to Yahoo for $5.7 billion that same year. Former Microsoft CEO Steve Ballmer bought the Los Angeles Clippers in 2014 for $2 billion.

Microsoft announces its first Azure data center region in Taiwan

After announcing its latest data center region in Austria earlier this month and an expansion of its footprint in Brazil, Microsoft today unveiled its plans to open a new region in Taiwan. This new region will augment its existing presence in East Asia, where the company already runs data centers in China (operated by 21Vianet), Hong Kong, Japan and Korea. This new region will bring Microsoft’s total presence around the world to 66 cloud regions.

Similar to its recent expansion in Brazil, Microsoft also pledged to provide digital skilling for over 200,000 people in Taiwan by 2024 and it is growing its Taiwan Azure Hardware Systems and Infrastructure engineering group, too. That’s in addition to investments in its IoT and AI research efforts in Taiwan and the startup accelerator it runs there.

“Our new investment in Taiwan reflects our faith in its strong heritage of hardware and software integration,” said Jean-Phillippe Courtois, Executive Vice President and President, Microsoft Global Sales, Marketing and Operations. “With Taiwan’s expertise in hardware manufacturing and the new datacenter region, we look forward to greater transformation, advancing what is possible with 5G, AI and IoT capabilities spanning the intelligent cloud and intelligent edge.”

Image Credits: Microsoft

The new region will offer access to the core Microsoft Azure services. Support for Microsoft 365, Dynamics 365 and Power Platform. That’s pretty much Microsoft’s playbook for launching all of its new regions these days. Like virtually all of Microsoft’s new data center region, this one will also offer multiple availability zones.