After extradition to Texas, 3D-printed gunmaker Cody Wilson is out on bail

Last week, after Hatreon creator and 3D-printed gun activist Cody Wilson was charged with the sexual assault of a minor, he managed to evade arrest briefly in Taipei. On Friday, authorities successfully located Wilson and extradited him back to Texas, booking him into a Harris County jail. Now, Wilson is out on a $150,000 bond.

Wilson’s arrest in a Taipei hotel on Friday was the result of a collaborative effort between the U.S. Marshals, Taiwan’s police force and the U.S. State Department. His charges stem from an August 22 incident during which Wilson allegedly sexually assaulted a 16-year-old he found on SugarDaddyMeet.com, paying her $500 for sex in a North Austin hotel.

The charges are corroborated by security footage showing Wilson himself and a car with a license plate registered to his business. The charges originated from a report by a counselor who had spoken with the 16-year-old girl who identified Wilson and described the alleged assault.

Wilson lives in Austin where he owns and operates Defense Distributed, a defense company that conducts research and development “for the benefit of the American rifleman.” He reportedly fled to Taiwan after receiving a tip that authorities sought to arrest him.

“This was a collaborative effort that demonstrates the dedication of local, state, federal and international officials working together to bring this fugitive to justice,” U.S. Marshal for the Western District of Texas Susan Pamerleau said of the arrest.

In a statement to local news, Wilson’s lawyer Samy Khalil announced Wilson’s intentions to fight the charges. “We are glad that Cody is back in Texas again where we can work with him on his case,” Khalil said. “That’s our focus right now, representing our client and preparing his defense.”

North Korea skirts US sanctions by secretly selling software around the globe

Fake social media profiles are useful for more than just sowing political discord among foreign adversaries, as it turns out. A group linked to the North Korean government has been able to duck existing sanctions on the country by concealing its true identity and developing software for clients abroad.

This week, the US Treasury issued sanctions against two tech companies accused of running cash-generating front operations for North Korea: Yanbian Silverstar Network Technology or “China Silver Star,” based near Shenyang, China, and a Russian sister company called Volasys Silver Star. The Treasury also sanctioned China Silver Star’s North Korean CEO Jong Song Hwa.

“These actions are intended to stop the flow of illicit revenue to North Korea from overseas information technology workers disguising their true identities and hiding behind front companies, aliases, and third-party nationals,” Treasury Secretary Steven Mnuchin said of the sanctions.

As the Wall Street Journal reported in a follow-up story, North Korean operatives advertised with Facebook and LinkedIn profiles, solicited business with Freelance.com and Upwork, crafted software using Github, communicated over Slack and accepted compensation with Paypal. The country appears to be encountering little resistance putting tech platforms built by US companies to work building software including “mobile games, apps, [and] bots” for unwitting clients abroad.

The US Treasury issued its first warnings of secret North Korean software development scheme in July, though did not provide many details at the time. The Wall Street Journal was able to identify “tens of thousands” of dollars stemming from the Chinese front company, though that’s only a representative sample. The company worked as a middleman, contracting its work out to software developers around the globe and then denying payment for their services.

Facebook suspended many suspicious accounts linked to the scheme after they were identified by the Wall Street Journal, including one for “Everyday-Dude.com”:

“A Facebook page for Everyday-Dude.com, showing packages with hundreds of programs, was taken down minutes later as a reporter was viewing it. Pages of some of the account’s more than 1,000 Facebook friends also subsequently disappeared…

“[Facebook] suspended numerous North Korea-linked accounts identified by the Journal, including one that Facebook said appeared not to belong to a real person. After it closed that account, another profile, with identical friends and photos, soon popped up.”

Linkedin and Upwork similarly removed accounts linked to the North Korean operations.

Beyond the consequences for international relations, software surreptitiously sold by the North Korean government poses considerable security risks. According to the Treasury, the North Korean government makes money off of a “range of IT services and products abroad” including “website and app development, security software, and biometric identification software that have military and law enforcement applications.” For companies unwittingly buying North Korea-made software, the potential for malware that could give the isolated nation eyes and ears beyond its borders is high, particularly given that the country has already demonstrated its offensive cyber capabilities.

Between that and sanctions against doing business with the country, Mnuchin urges the information technology industry and other businesses to exercise awareness of the ongoing scheme to avoid accidentally contracting with North Korea on tech-related projects.

Instead of Larry Page, Google sends written testimony to tech’s Senate hearing

Silicon Valley is about to have another big moment before Congress. On Wednesday, Twitter’s Jack Dorsey and Facebook’s Sheryl Sandberg will go before the Senate Intelligence Committee to follow-up on their work investigating (and hopefully thwarting) Russian government-linked campaigns to sow political division in the US. The hearing is titled “Foreign Influence Operations and Their Use of Social Media Platforms” and begins tomorrow morning at 9:30 AM ET.

It will be both Dorsey and Sandberg’s first time appearing before Congress on the high-stakes topic, but they’re not the only invitees. Alphabet CEO Larry Page was also called before the committee, though he is the only one of the three to decline to appear on Wednesday. Google also declined to send Sundar Pichai.

“Our SVP of Global Affairs and Chief Legal Officer, who reports directly to our CEO and is responsible for our work in this area, will be in Washington, D.C. on September 5, where he will deliver written testimony, brief Members of Congress on our work, and answer any questions they have,” a Google spokesperson told TechCrunch. “We had informed the Senate Intelligence Committee of this in late July and had understood that he would be an appropriate witness for this hearing.”

The spokesperson added that the company has briefed “dozens of committee members” and “briefed major Congressional Committees numerous times” regarding its efforts to safeguard US elections from interference originating abroad.

On Tuesday, Google published the written remarks it planned to deliver the following day in a blog post by Kent Walker, the company’s lead legal counsel and now SVP of global affairs.

In the statement, Google predictably reviews the steps it has taken to follow through on previous promises to Congress. Those steps include an ID verification program for anyone seeking to buy a federal US election ad from Google, in-ad disclosures attached to election ads across Google’s products, a transparency report specific to political ads on Google and a searchable ad library that allows anyone to view political ads for candidates in the US. As we previously reported, that database does not include issue-based ads or any ads from state or local races so its utility is somewhat limited though new ads will be added on an ongoing basis.

In the statement to Congress, Google also touted its Advanced Protection Program​, an effort to discourage spear phishing campaigns, and Project Shield, a free DDoS protection service for US campaigns, candidates and political action committees. You can read the full statement, embedded below.

There’s not much surprising in the letter summarizing Google’s progress, nor does the company identify any particular shortcomings or specific areas of concern. That isn’t surprising either. For tech companies on Capitol Hill, the name of the game is ticking off each point of good behavior while divulging as little new information as possible.

Because the committee has decided that it’s heard plenty from Google’s lawyers already, the company’s chair will sit empty tomorrow. Needless to say, the committee —in particular its vice chairman Sen. Mark Warner — isn’t happy about it. The committee is certainly right about one thing: during testimony, a company’s lead counsel is indistinguishable from an empty hot seat.

Tomorrow, we’ll get to see if Dorsey and Sandberg can pull of the same disappearing act. Considering Mark Zuckerberg’s enduring and even performance earlier this year and Facebook’s (in)famously composed public posture, Sandberg is certainly the favorite to make it out without breaking a sweat.

Valimail offers US election boards, campaigns and voting vendors its email anti-spoofing service for free

Valimail, an enterprise email security firm, announced that it will offer its email protections for free to relevant government workers and campaigns through the 2018 midterms. That offer covers state election boards, voting system vendors and major party U.S. election campaigns including congressional, statewide and gubernatorial candidates. The company will also offer the same email fraud prevention service, known as Valimail Enforce, to the Democratic National Committee and Republican National Committee at no cost through the 2020 US presidential election.

“Bad actors are trying to disrupt our elections and sow chaos in our democracy,” Valimail CEO and co-founder Alexander García-Tobar said in a statement. “They are targeting email because it is one of the weakest points in digital communications.”

As Valimail observes, spear phishing attempts in which an attacker tricks their target into opening a malicious email are a particular problem. In a spear phishing attack, a hacker can compromise a target’s login credentials by getting them to click on a fraudulent link or just by pretending to be someone they aren’t and obtaining usernames, passwords and other sensitive information. (The suspected Russian government-affiliated attackers who compromised a Gmail account belonging to Hillary Clinton’s 2016 campaign chair John Podesta used spear phishing to achieve their goals.)

Spear phishing attacks often employ email spoofing, a strategy in which the attacker disguises their true identity and makes an email look like it’s coming from a trusted domain. Citing its own research, Valimail notes that 90 percent of cyber-attacks originate in spear phishing and two thirds of those employ a fake “from” address to target potential victims.

Valimail Enforce works prevents this kind of attack with an email authentication system that only allows authorized senders to use a domain name. The company’s email authentication service employs standards like SPF, DKIM and DMARC and is Federal Risk and Authorization Management Program (FedRAMP) authorized, making it easier for government entities to adopt its security tools.

Though no states and campaigns have signed on yet, Valimail has been talking with the Department of Homeland Security, the federal agency tasked with coordinating security for election systems — now designated as critical infrastructure — among the states. Valimail follows companies like Cloudflare and Synack in offering its services at no cost to help secure election systems.

Due to the state and local-led nature of US elections, it’s very difficult to ensure that security measures can be uniformly implemented and enforced across the board. It’s too late for the patchwork of post-2016 election security efforts to provide any kind of comprehensive assurance for the 2018 midterms, but private tech companies are stepping in to fill some of the gaps. At the very least, getting some security relationships in place and educating state and local officials on potential precautions should be a useful stepping stone to a more secure elections by 2020.

Facebook and Microsoft briefed state officials on election security efforts today

So much for summer Fridays. Yesterday, BuzzFeed reported that a dozen tech companies, including Facebook, Google, Microsoft and Snapchat, would meet at Twitter headquarters on Friday to discuss election security. For two of them, that wasn’t the only meeting in the books.

In what appears to be a separate event on Friday, Facebook and Microsoft also met with the Department of Homeland Security, the FBI and two bodies of state election officials, the National Association of State Election Directors (NASED) and the National Association of Secretaries of State (NASS), about their election security efforts.

The discussion was the second of its kind connecting DHS, Facebook and state election officials on “actions being taken to combat malicious interference operations.” The meetings offer two very different perspectives on threats to election security. States are largely concerned with securing voter databases and election systems, while private tech companies are waging a very public war against coordinated disinformation campaigns by U.S. foreign adversaries on their platforms. Social media platforms and election systems themselves are two important yet usually disconnected fronts in the ongoing war against Russian election interference.

more 2018 US Midterm Election coverage

“Effectively combatting coordinated information operations requires many parts of society working together, which is why Facebook believes so strongly in the need for collaboration between law enforcement, government agencies, security experts and other companies to confront these growing threats,” Facebook VP of Public Policy Kevin Martin said of the meeting.

“We are grateful for the opportunity to brief state election officials on a recent call convened by DHS and again today as part of our continued effort to develop collaborative relationships between government and private industry.”

Curiously, while Microsoft and Facebook attended the DHS-hosted meeting, it doesn’t look like Twitter did. To date, Twitter and Facebook have faced the most fallout for foreign interference on their platforms meant to influence American politics, though Google was also called to Congress to testify on the issue last fall. When reached, Twitter declined to comment on its absence, though the company was reportedly playing host to the other major tech election security meeting today.

The meeting with state officials sounds like it was largely informative in nature, with Facebook and Microsoft providing insight on their respective efforts to contain foreign threats to election integrity. On Tuesday, Microsoft revealed that its Digital Crimes Unit secured a court order to take down six domains created by Russia’s GRU designed to phish user credentials. Half of the phishing domains were fake versions of U.S. Senate websites.

“No one organization, department or individual can solve this issue alone, that’s why information sharing is so important,” said Microsoft VP of Customer Security and Trust Tom Burt. “To really be successful in defending democracy, technology companies, government, civil society, the academic community and researchers need to come together and partner in new and meaningful ways.”

Apple removing Facebook’s Onavo for gathering data about apps on your phone

If you were on the edge of your seat wondering what Facebook’s next major consumer privacy headache would be, the wait is over! The Wall Street Journal reports that Apple has deemed Facebook-owned app Onavo in violation of its App Store policies and will be giving it the boot shortly.

In a statement to TechCrunch, an Apple spokesperson explained the reasoning behind its decision to pull the app:

“We work hard to protect user privacy and data security throughout the Apple ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used.”

In some ways, it’s a wonder that Onavo has lasted this long.

Onavo, which Facebook bought back in 2013, does two things. As far as regular consumers are concerned, Onavo comports itself like a VPN, offering to “keep you and your data safe” and “blocking potentially harmful websites and securing your personal information.”

But Onavo’s real utility is pumping a ton of app usage data to its parent company, giving Facebook an invaluable bird’s eye view into mobile trends by observing what apps are gaining traction and which are fizzling out. That perspective is useful both from a product standpoint, allowing Facebook to get ahead of the competition (Snapchat is a fine example), and giving it an edge for considering which competitors to acquire.

Google releases a searchable database of US political ads

In an effort to provide more transparency and deliver on a promise to Congress, Google just published an archive of political ads that have run on its platform.

Google new database, which it calls the Ad Library, is searchable through a dedicated launch page. Anyone can search for and filter ads, viewing them by candidate name or advertiser, spend, the dates the ads were live, impressions and type. For anyone looking for the biggest ad budget or the farthest reaching political ad, the ads can be sorted by spend, impressions and recency as well. Google also provided a report on the data, showing ad spend by US state, by advertiser and by top keywords.


The company added a bit of context around its other recent ad transparency efforts:

“Earlier this year, we took important steps to increase transparency in political advertising. We implemented new requirements for any advertiser purchasing election ads on Google in the U.S.—these advertisers now have to provide a government-issued ID and other key information that confirms they are a U.S. citizen or lawful permanent resident, as required by law. We also required that election ads incorporate a clear “paid for by” disclosure.”

The search features are pretty handy, but a few things are missing. While Google’s database does collect candidate ads in the US it does not include issue ads — broader campaigns meant to influence public thought around a specific political topic — nor does it collect state or local ads. The ads are all US-only, so elections elsewhere won’t show up in here either. Google says that it is collaborating with experts on potential tools that “capture a wider range of political ads” but it gave no timeline for that work. For now, ads that the tool does capture will be added into the library on a weekly basis.

Facebook is the recruiting tool of choice for far-right group the Proud Boys

Twitter may have suspended the Proud Boys and their controversial leader Gavin McInnes, but it was never their platform of choice.

The Proud Boys, a self described “Western chauvinist” organization that often flirts with more hard-line groups of the far right, runs an elaborate network of recruiting pages on Facebook to attract and initiate members. While McInnes maintained a presence on many platforms, Facebook is the heart of the group’s operations. It’s there that the Proud Boys boast more than 35 regional and city-specific groups that act as landing pages for vetting thousands of new members and feeding them into local chapters.

When it comes to skirting the outer boundaries of social acceptability, McInnes could teach a master class. The Vice founder and Canadian citizen launched his newest project in 2016, capturing a groundswell of public political activity on the far right and launching the Proud Boys, a men’s club allied around the mantra “West is best,” its dedication to Trump and a prohibition against flip-flops and porn.

Facebook recruiting

The group makes national headlines for its involvement in violent dust-ups between the far right and far left and has a robust recruitment network centered on initiating members through Facebook groups. As for where it fits into the far right’s many sub-factions, McInnes objects to the term alt-light, sometimes used to describe far right group that oppose some mainstream conservative ideals but don’t openly endorse white nationalism. “Alt Light is a gay term that sounds like a diet soda in bed w Alt Right,” he said on Twitter last year. “We’re “The New Right.”

To that end, most regional affiliate pages run a message outlining some ground rules, including a declaration that its members not be racist or homophobic — a useful disclaimer for making the group more palatable than many of its less clever peers.

The Proud Boys’ agenda is less explicitly race-based than many groups it has affiliations with, espousing instead a broad sort of antagonism to perceived enemies on the political left and a credo of “western chauvinism.” The language is cleaned up, but it’s one degree removed from less palatable figures, including Unite the Right leader Jason Kessler. McInnes hosted Kessler on his own talk show just days after Kessler led the Charlottesville rally that left counter-protester Heather Heyer dead. In the segment, McInnes tried to create space between Kessler and the Proud Boys, though it wasn’t Kessler’s first time on the show or his only affiliation with the Proud Boys.

The Proud Boys also coordinates with the Vancouver, Washington-based group known as Patriot Prayer, another fairly social media-savvy far right organization that doesn’t openly endorse explicitly white nationalist groups, but still welcomes them into the fold during demonstrations that often turn violent.

Who are the Proud Boys?

Like much of the young, internet-fluent alt-right, the Proud Boys intentionally don’t take themselves too seriously, a strategy that conveniently opens the door for them to denounce any kind of controversy that might arise. They show up to protests wearing black and gold Fred Perry polo shirts, have a whole charter’s worth of inside jokes and in general seem a bit more media and internet savvy than hardline white nationalist groups, some of which Facebook has managed to clear out in the last year.

Unlike some less strategic and internet-savvy portions of the far right, McInnes and his Proud Boys are careful not to openly encourage preemptive violence. Still, the Proud Boys do encourage retaliatory violence, going so far as to enshrine physical altercations in its organizational hierarchy.

To earn their “first degree,” Proud Boys must openly declare their allegiance to the group’s ideals, usually in a Facebook vetting group.

To earn the second, they have to get beaten up by other members while naming five breakfast cereals (maybe a loose tie-in to the group’s mantra against masturbation). To earn the third degree they have to get a Proud Boys tattoo. The fourth degree is reserved for members who get in a brawl sufficient for the honor:

“You can’t plan getting a fourth degree. Its a consolation prize for engaging in a major conflict for the cause. Being arrested is not encouraged, although those who are immediately become fourth degree because the court has registered a major conflict. Serious physical fights also count and it’s up to each chapter to decide how serious the conflict must be to determine a fourth degree.”

That’s where the Proud Boys Facebook network comes in. To get accepted into a local chapter, prospective members join specific vetting groups and are asked to upload a video of them meeting their “first degree” requirements:

“Once you are added here, to be properly vetted you must upload and post a video of yourself reciting our First Degree. This is just a quick video of you saying EXACTLY THIS:

“My name is [full name], I’m from [city, state], and I am a western chauvinist who refuses to apologize for creating the modern world.” You can add anything else you’d like to your video, as long as you say those words exactly.

YouTube is full of first and second degree videos depicting the usually short half-ironic hazing ceremonies.

Facebook also hosts pages dedicated to the Fraternal Order of the Alt-Knights, a new-ish subdivision of the Proud Boys and its paramilitary wing. The Alt-Knights, also known as FOAK, are led by Kyle Chapman, a.k.a. “Based Stickman,” a far right figure who grew to fame after beating political enemies with a stick at a 2017 Berkeley protest. The Alt-Knights aren’t always quite as careful to denounce violence.

Whether the Proud Boys are in violation of Facebook’s unevenly enforced and sometimes secretive policies or not, the organization is making the most of its time on the platform. Facebook has rules against organizing harm or credible violence that the Proud Boys’ brawling ethos and alt-knights would seem to run afoul of, but the group stands by the useful mantra “We don’t start fights, we finish them.”

TechCrunch reached out to the Proud Boys to get an idea of their membership numbers and will update this story if we receive a reply. An analysis of affiliated pages shows that Proud Boys groups have added hundreds of members in the last 30 days across many chapters.

With a second Unite the Right rally around the corner and the ugly reality of more real-life violence organized on social media looming large, platforms are on their toes for once. Facebook has cleaned up some of the rampant racism that stemmed from the extreme right presence on its platform, but savvier, self-censoring groups like the Proud Boys are likely to be the real headache as Facebook, Twitter and Google trudge through an endless minefield of case-by-case terms of service violations, drawing sharp criticism from both sides of the political spectrum no matter where they choose to place their feet.

Some Infowars tweets vanished today, but Twitter didn’t remove them

A handful of tweets and videos that appear to have been cited in the choice to remove Alex Jones from Facebook and YouTube vanished from Twitter on Thursday after being called out in a CNN piece focused on the company’s hypocrisy.

Twitter confirmed to TechCrunch that it did not remove the tweets in question and that someone affiliated with Alex Jones and Infowars or with access to those accounts is behind the removal. The tweets in question spanned the Infowars brand, including accusations that Sandy Hook was staged by crisis actors, slurs against transgender people and a video asserting that Parkland shooting survivor David Hogg is a Nazi.

All of the tweets CNN linked are no longer available, suggesting that Jones might be trying to walk a narrow line on the platform, keeping most of the Infowars content up even as users and reporters surface some of its most objectionable moments. We reached out to Infowars for the reasoning behind taking down the posts and will update this story when we hear more.

On Wednesday in an internal memo that was later tweeted, Twitter’s VP of trust & safety made the claim that if Jones had posted the same content on Twitter that had resulted in action on other platforms, Twitter would have acted, too.

“… At least some of the content Alex Jones published on other platforms (e.g. Facebook and YouTube) that led them to taking enforcement actions against him would also have violated our policies had he posted it on Twitter,” Twitter’s Del Harvey said. “Had he done so, we would have taken action against him as well.”

On Thursday, CNN called Twitter’s bluff. The news site found that the same content that got Jones and Infowars booted from other platforms “were still live on Twitter as of the time this article was published,” according to CNN.

In spite of the missing tweets, at the time of writing, the accounts of both Infowars and Alex Jones remained online and tweeting. In fact, just 30 minutes ago, Infowars accused former president Obama of a “deep state” scheme to purge Infowars from tech platforms.

MoviePass is down again

After the revelation that MoviePass borrowed $5 million to keep its service up and running last week, things aren’t looking good.

MoviePass subscribers, myself included, were met on Monday with a blank screen where their choice of screening should be. Navigating around dozens of theaters only shows a message that “There are no more screenings at this theater today.”

Twitter noticed too and people are starting to sound the death knell for the beleaguered monthly movie subscription service.

Plenty of companies fail, but few flail so publicly before doing so. MoviePass has dragged its subscribers on for its own apparent financial rollercoaster ride, switching pricing schemes around with bizarre frequency, adding surprise fees and suffering repeated outages. Competing services from Sinemia and AMC are moving into the space with seemingly less doomed business models, so for frequent moviegoers, that’s something to watch.

Is this the end? Has MoviePass burned through its last stack of cash? Is it just a really popular day at the movies? The company hasn’t tweeted or provided any official updates yet, but if this isn’t the end then it’s certainly near.