Golden Equator Capital and Korea Investment Partners announce $88M Southeast Asia fund

There’s more money flowing into Southeast Asia’s tech startup scene after Singapore’s Golden Equator Capital and Seoul-based Korea Investment Partners announced plans for a collaborative $88 million (SG$120 million) fund for the region.

The two investment firms will act as joint partners for the vehicle, which is expected to hit a first close before September and a final close by the end of 2018. Already, they claim to have 65 percent of the target capital committed by LPs.

The firms are aiming for the Series A and B spaces with a typical check size of between $1.5 million and $3.7 million for what will be known as the GEC-KIP Fund. It isn’t exactly clear what focus the fund will adopt for investments.

Southeast Asia often falls off the radar for investment in Asia, with the far larger countries of China and India typically getting the attention, but rising internet access among the region’s cumulative population of over 600 million signals growth potential. A recent report co-authored by Google forecasts Southeast Asia’s ‘internet economy’ reaching more than $200 billion by 2025, up from just $30 billion in 2015. A few unicorns, including ride-sharing companies Grab and Go-Jek, have also helped put it on the map for investors.

Speaking of investors, Golden Equator Capital is part of Golden Equator, a Singapore-based group of businesses that includes financial services, consulting, an incubator and, of course, investment funds. The firm has existing ties with Korea — via a Korea-focused health tech incubator launched last year — and its advisory team includes Taizo Son, head of Japanese VC firm Mistletoe and brother of SoftBank chairman Masayoshi Son.

Korea Investment Partners, meanwhile, manages 41 funds with more than $2 billion in assets under management worldwide.

“We are excited to embark on this cross-learning development with KIP who is a seasoned VC investor with a long, established track record across several markets such as US, China, and Korea,” Daren Tan, managing partner of Golden Equator Capital, said in a statement.

“Given the fragmented tech investment landscape in Southeast Asia, uniting our strengths and network with KIP further bolsters our position. So, when we invest, it is not just capital; we are essentially also lending our portfolio companies the collective expertise and strategic networks, to accelerate their growth and success in the long run,” Tan added.

I can remember when Southeast Asia was described as having a VC crunch just a few years ago, but today the landscape is far healthier in terms of available investment money.

GEC-KIP Fund is playing in the same field as a number of Southeast Asia-focused VCs, which include Jungle Ventures, Golden Gate Ventures, Monks Hill Ventures, Venturra Capital, Insignia Venture Partners and Vertex Ventures from Singapore sovereign fund Temasek. There are, of course, plenty of others beyond that small list.

Moment Pro Camera app brings big camera controls to your phone

Moment, the company that brought you the best glass for your mobile device, now gives you DSLR-like controls with their Pro Camera app. Features include full manual adjustment over ISO, shutter speed, white balance, image format and more.

It should be noted that if you don’t have a shiny new device you won’t be able to use the app to its full potential as some of its key features include 3D touch, dual lens control, RAW image format, 120 and 240 fps and 4K resolution.

Moment says the app is for “anyone looking for pro, manual controls on their phone.” Being one of TechCrunch’s resident image makers, I figured I should take the app out for a spin and pit it against the stock camera app. I enlisted my photogenic friend, Jackie, to be my muse.

Scrolling through the manual settings was very easy and the UI never felt fumbly. The histogram is nice to have and utilizes that iPhone notch well. The app doesn’t have portrait mode, however, which Jackie and I would have loved, because, who doesn’t love that buttery (fake) bokeh — amirite? Manipulating the exposure in video mode was equally as easy. The app didn’t have an audio meter or level settings, so folks recording dialog or VO need to plan accordingly. Luckily, our shoot didn’t need it since we were shooting slow-mo.

For a couple extra bucks you can get the same manual controls, audio levels, + RAW with ProCam 5. But if you’re already invested in the Moment Lens ecosystem and primarily shoot photography, the upgrade could be a worthwhile addition.

You can save photos in HEIF, JPG, RAW and TIFF format. For video, you have the option to shoot in 24, 30, 60, 120 and 240 fps in either 720p, 1080p or 4K resolution. Free to try; $2.99 iOS and $1.99 Android to upgrade.

Headout lands $10M Series A to help tourists book last-minute outings

Imagine being in a new city with a few hours to kill, but no idea what to do. Headout is a travel app that enables tourists to book outings at very short notice, in most cases on the same day. The startup announced today that it’s raised a $10 million Series A led by returning investors Nexus Venture Partners and Version One Ventures to support its ambitious growth targets.

Over the next 18 months, co-founder and CEO Varun Khona says the startup wants to expand from 20 cities to 100 cities in North America, Europe and the Asia-Pacific. The app recently added French, German and Spanish in select markets and aims to have all of its inventory available in 12 languages by the end of next year. Its bookings includes sightseeing tours, museum tickets and shows.

Headout’s Series A brings its total raised to $12 million. Its seed round was announced in 2015, when TechCrunch first profiled the company. The startup claims it has grown eight times over the past 12 months and is profitable.

As it enters new markets, however, Headout will be up against a roster of competitors that also offer experience bookings for tourists. These include Klook, TripAdvisor-owned Viator, Get Your Guide and Airbnb’s Experiences feature.

Khona says Headout’s main edge is tailoring its inventory and technology platform for “spontaneous last-minute mobile use cases.” It’s also a managed marketplace, meaning it standardizes pricing and quality, with the hope of creating a consistent experience across all outings. The startup says this focus on combining quality with unit economics means it’s enabled customers to save an average of 18% on last-minute bookings.

Facebook would make a martyr by banning Infowars

Alex Jones’ Infowars is a fake news-peddler. But Facebook deleting its Page could ignite a fire that consumes the network. Still, some critics are asking why it hasn’t done so already.

This week Facebook held an event with journalists to discuss how it combats fake news. The company’s recently appointed head of News Feed John Hegeman explained that, “I guess just for being false, that doesn’t violate the community standards. I think part of the fundamental thing here is that we created Facebook to be a place where different people can have a voice.”

In response, CNN’s Oliver Darcy tweeted: “I asked them why InfoWars is still allowed on the platform. I didn’t get a good answer.” BuzzFeed’s Charlie Warzel meanwhile wrote that allowing the Infowars Page to exist shows that “Facebook simply isn’t willing to make the hard choices necessary to tackle fake news.”

Facebook’s own Twitter account tried to rebuke Darcy by tweeting, “We see Pages on both the left and the right pumping out what they consider opinion or analysis – but others call fake news. We believe banning these Pages would be contrary to the basic principles of free speech.” 

But harm can be minimized without full-on censorship.

There is no doubt that Facebook hides behind political neutrality. It fears driving away conservative users for both business and stated mission reasons. That strategy is exploited by those like Jones who know that no matter how extreme and damaging their actions, they’ll benefit from equivocation that implies ‘both sides are guilty,’ with no regard for degree.

Instead of being banned from Facebook, Infowars and sites like it that constantly and purposely share dangerous hoaxes and conspiracy theories should be heavily down-ranked in the News Feed.

Effectively, they should be quarantined, so that when they or their followers share their links, no one else sees them.

“We don’t have a policy that stipulates that everything posted on Facebook must be true — you can imagine how hard that would be to enforce,” a Facebook spokesperson told TechCrunch. “But there’s a very real tension here. We work hard to find the right balance between encouraging free expression and promoting a safe and authentic community, and we believe that down-ranking inauthentic content strikes that balance. In other words, we allow people to post it as a form of expression, but we’re not going to show it at the top of News Feed.”

Facebook already reduces the future views of posts by roughly 80 percent when they’re established as false by its third-party fact checkers like Politifact and the Associated Press. For repeat offenders, I think that reduction in visibility should be closer to 100 percent of News Feed views. What Facebook does do to those whose posts are frequently labeled as false by its checkers is “remove their monetization and advertising privileges to cut off financial incentives, and dramatically reduce the distribution of all of their Page-level or domain-level content on Facebook.”

The company wouldn’t comment directly about whether Infowars has already been hit with that penalty, noting “We can’t disclose whether specific Pages or domains are receiving such a demotion (it becomes a privacy issue).” For any story fact checked as false, it shows related articles from legitimate publications to provide other perspectives on the topic, and notifies people who have shared it or are about to.

But that doesn’t solve for the initial surge of traffic. Unfortunately, Facebook’s limited array of fact checking partners are strapped with so much work, they can only get to so many BS stories quickly. That’s a strong endorsement for more funding to be dedicated to these organizations like Snopes, preferably by even keeled non-profits, though the risks of governments or Facebook chipping in might be worth it.

Given that fact-checking will likely never scale to be instantly responsive to all fake news in all languages, Facebook needs a more drastic option to curtail the spread of this democracy-harming content on its platform. That might mean a full loss of News Feed posting privileges for a certain period of time. That might mean that links re-shared by the supporters or agents of these pages get zero distribution in the feed.

But it shouldn’t mean their posts or Pages are deleted, or that their links can’t be opened unless they clearly violate Facebook’s core content policies.

Why downranking and quarantine? Because banning would only stoke conspiratorial curiosity about these inaccurate outlets. Trolls will use the bans as a badge of honor, saying, “Facebook deleted us because it knows what we say is true.”

They’ll claim they’ve been unfairly removed from the proxy for public discourse that exists because of the size of Facebook’s private platform.

What we’ll have on our hands is “but her emails!” 2.0

People who swallowed the propaganda of “her emails”, much of which was pushed by Alex Jones himself, assumed that Hillary Clinton’s deleted emails must have contained evidence of some unspeakable wrongdoing — something so bad it outweighed anything done by her opponent, even when the accusations against him had evidence and witnesses aplenty.

If Facebook deleted the Pages of Infowars and their ilk, it would be used as a rallying cry that Jones’ claims were actually clairvoyance. That he must have had even worse truths to tell about his enemies and so he had to be cut down. It would turn him into a martyr.

Those who benefit from Infowars’ bluster would use Facebook’s removal of its Page as evidence that it’s massively biased against conservatives. They’d push their political allies to vindictively regulate Facebook beyond what’s actually necessary. They’d call for people to delete their Facebook accounts and decamp to some other network that’s much more of a filter bubble than what some consider Facebook to already be. That would further divide the country and the world.

When someone has a terrible, contagious disease, we don’t execute them. We quarantine them. That’s what should happen here. The exception should be for posts that cause physical harm offline. That will require tough judgement calls, but knowing inciting mob violence for example should not be tolerated. Some of Infowars posts, such as those about Pizzagate that led to a shooting, might qualify for deletion by that standard.

Facebook is already trying to grapple with this after rumors and fake news spread through forwarded WhatsApp messages have led to crowds lynching people in India and attacks in Myanmar. Peer-to-peer chat lacks the same centralized actors to ban, though WhatsApp is now at least marking messages as forwarded, and it will need to do more. But for less threatening yet still blatantly false news, quarantining may be sufficient. This also leaves room for counterspeech, where disagreeing commenters can refute posts or share their own rebuttals.

Few people regularly visit the Facebook Pages they follow. They wait for the content to come to them through the News Feed posts of the Page, and their friends. Eliminating that virality vector would severely limit this fake news’ ability to spread without requiring the posts or Pages to be deleted, or the links to be rendered unopenable.

If Facebook wants to uphold a base level of free speech, it may be prudent to let the liars have their voice. However, Facebook is under no obligation to amplify that speech, and the fakers have no entitlement for their speech to be amplified.

Image Credit: Getty – Tom Williams/CQ Roll Call, Flickr Sean P. Anderson CC

Ransomware technique uses your real passwords to trick you

A few folks have reported a new ransomware technique that preys upon corporate inability to keep passwords safe. The notes – which are usually aimed at instilling fear – are simple: the hacker says “I know that your password is X. Give me a bitcoin and I won’t blackmail you.”

Programer Can Duruk reported getting the email today.

The email reads:

I’m aware that X is your password.

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google) .

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

To be clear there is very little possibility that anyone has video of you cranking it unless, of course, you video yourself cranking it. Further, this is almost always a scam. That said, the fact that the hackers are able to supply your real passwords – most probably gleaned from the multiple corporate break-ins that have happened over the past few years – is a clever change to the traditional cyber-blackmail methodology.

Luckily, the hackers don’t have current passwords.

“However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers,” wrote researcher Brian Krebs. In short, the password files the hackers have are very old and outdated.

To keep yourself safe, however, cover your webcam when not in use and change your passwords regularly. While difficult, there is nothing else that can keep you safer than you already are if you use two-factor authentication and secure logins.

The Nudge is a planner app packaged as an SMS subscription service

How do you fix digital information overload and the resulting life-attention deficit that’s apparently afflicting smartphone owners everywhere — and even leading some very large tech giants to unbox “digital wellness” tools lately?

San Francisco-based startup The Nudge reckons the answer to getting millennials to spend less time sucked into screens, and more time out and about actually doing things, is — you guessed it — another technology service! Albeit one that delivers inspirational plan ideas for stuff to do in your free time, delivered via the traditional text message conduit of SMS.

The sibling duo behind the startup, John and Sarah Peterson, have bagged $540,000 in pre-seed funding for their text planner idea, after running a year-long public beta of the service in San Francisco. The investment is led by seed-stage VC firm NextView Ventures, with Sequoia’s scout fund also participating.

Peterson says the idea to send plans via SMS evolved out of his earlier (and first) startup, called Livday: Also a planner app for friends to share their favorite ideas for weekend hikes and so on. But being just another app meant having to compete for attention with noisy social content, so the siblings hit on the idea of using SMS — as a sort of artisanal reversion of current state consumer tech — to “find a way to rise above the noise,” as they put it. Or, well, attempt to circumvent app notification fatigue/mute buttons.

As is often the case in fashion-led consumer tech, old ways can get polished up to feel shiny and new again once whatever displaced them has lost enough sheen to start to look old.

The Nudge has garnered around 10,000 active weekly users at this point, launching out of its year-long public beta. Peterson describes the typical user as “an active millennial woman,” with the community skewing 70 percent female at this point.

For the active user metric the team defines an active user as someone who is reading and engaging with the text messages they’re sending — either by clicking a link or replying.

They further claim to have signed up 5 percent of San Francisco’s millennials to their lifestyle “nudges.”

“While our new rebrand has a somewhat feminine aesthetic it’s interesting that we initially were targeting men. It just really resonated with millennial women,” says Peterson.

“They need this because taking the initiative is the essential yet hardest part of living our lives to the fullest, and that’s what we give them,” he adds. “A nudge. We’re laser-focused on that demo right now but have plans to help other demographics long-term. My empty nest parents badly need this.”

Nudges take the form of — initially — an SMS text message, containing a handwritten brunch idea or a hike plan, or details of a hip coffee venue or volunteering opportunity which the startup reckons will appeal to its SF community.

The texts may also contain a link to a more fully fledged plan (with photos, address, logistics etc.). You can see some of their sample plans here.

While the core delivery mechanism is SMS, there also is a Nudge app where plans can be saved for later perusal, and subscribers to the service can mark Nudges as “done” (presumably to avoid being spammed with the same plan later).

Currently, the startup has an editorial team of three people coming up with plan ideas to inspire subscribers — writing in a friendly, narrative style that’s intended to complement the cozy SMS delivery medium.

They’re also working with local social media influencers to hit on trendy ideas that resonate with their target millennial users.

Convincing information-overloaded consumers to willingly hand over their mobile digits to get random texts might seem a bit of a counter-intuitive “fix” for digital information overload. But Peterson reckons it boils down to getting the tone of voice right. (And, clearly, being careful not to send too many texts that you end up coming across as spam.)

“We want people to really feel like The Nudge is just another one of their (ridiculously resourceful and fun) friends texting them, and I think we’ve succeeded there so far,” he tells TechCrunch. “Nearly all of our growth has come from word of mouth. You’re right that text messaging is a sacred space, and we’re very sensitive about that.”

Peterson claims that unsubscribe rates are less than 1 percent each week — though they’re also limiting themselves to sending three “personalized” lifestyle “nudges” per week at this point.

On the personalization front, they say plan ideas are customized based on factors such as the current weather and local trends. They are not, as a rule, customized per user though — beyond being personalized with the subscriber’s name. So it’s more “Nudge Club” than VIP personalized lifestyle advisor.

“In general, everyone is getting the same content, as we’ve found that there’s a lot of power in the shared experience (you know your friend just got the same text at that moment),” he says. “That said, we do sometimes create a dialogue where we ask you a question and depending upon your answer, we recommend something specific for you.

“We’re carefully not taking this part too far, as we really don’t view ourselves as a bot.”

Given they are (usually) sending ~10,000 people pretty much the same idea of what to do at the weekend or of an evening, Peterson admits that venue overcrowding has been a problem they inadvertently ended up creating — for example he says they recommended a free event that ended up getting 10x overbooked and had to cancel some tickets.

“Our answer is to only recommend small venues as a general suggestion (do this date idea this summer), and recommend larger venues specifically (do this hike tomorrow),” he says, explaining how they’ve tweaked the service to try to workaround creating unintended flash mobs of demand.

On the business model side, the plan is to make The Nudge a subscription service. Though they’re not going into details at this stage as they’re still experimenting with different options. (And they’re not currently charging for the service.)

But Peterson says the intention is not to make money via the specific things they’re recommending — which, in theory, frees them from needing to operate a creepy, privacy-hostile data-harvesting surveillance operation to determine whether an SMS can be linked to a specific bar bill or restaurant check for them to take a cut, for example.

Though, to be clear, Peterson says they’re gathering “as much data as we can about people doing a Nudge” — presumably so the team can better tailor the content and recommendations they’re making by figuring out what their users really like doing.

“We don’t promote any products or services,” he emphasizes. “Selling tickets or products or ads is tempting, and a lot of lifestyle services do that, but it would ruin or credibility. This is ultimately a subscription service based on trust.”

Despite that reassuring claim, it is worth noting that their current privacy policy states they “may periodically send promotional emails about new products/special offers/info etc via provided email addresses.” So be aware you are at least agreeing to theoretical email spam if you hand over your details.

What’s next for The Nudge now that the team has raised their first tranche of VC? Peterson says they’re planning to expand the service to LA this year — which he confirms will mean hiring a team on the ground to produce the custom content needed to power the service.

Albeit, he concedes, “right now our process is very manual.” And it’s not at all clear whether their concept could sustain much automation-based scaling — at least not if they don’t want to risk generating yet more impersonal noise versus the friendly digital lifestyle advisor tone they’re aiming to strike as a strategy to stand out.

Beyond LA, Peterson says they plan to expand “pretty aggressively” in 2019. “The Nudge as it stands now would work in any urban market as I believe it’s a solution to a fundamental human problem,” he says.

The Nudge’s spare time plans by text is by no means the only SMS-based lifestyle subscription service hoping to cut itself a slice of the attention economy.

In 2016 a startup called Shine launched on-demand life coaching by text messaging, for example.

And let’s not forget Magic — the “get anything via a text message” service that had a viral moment in 2015 — and now bills itself as a “24/7 virtual assistant.”

Google has also tried texting people shopping deals. And Microsoft has dabbled in event planning specifically — outing an iMessage app for social event planning last year.

Meanwhile Facebook added “M,” a text-based assistant app (which was itself human-assisted), to its Messenger platform back in 2015 — but went on to shutter the service in January this year, apparently never having found a way to scale M into a fully fledged AI assistant.

After Uber buyout, Grab aims to go beyond rides to become Southeast Asia’s one-stop app

Grab is shrugging off the threat that Singapore might undo its acquisition of Uber’s Southeast Asia business after the ride-hailing firm announced a new strategy to become Southeast Asia’s one-stop “super app.”

The Competition and Consumer Commission Singapore (CCCS) last week said it may levy a fine or unwind the Uber-Grab deal but today Singapore-based Grab announced a push to beyond merely offering rides in Southeast Asia, a region of more than 600 million consumers.

Grab will now allow third parties to become a part of its service, which claims over 100 million downloads to date. ‘Grab Platform’ — as the initiative is called — allows partner companies to tap Grab’s scale to reach new customers and utilize other services. The first to sign up is grocery delivery company HappyFresh, which has developed a version of its service that’s integrated into the Grab app. HappyFresh, which has struggled to build a business in Southeast Asia, will enjoy Grab’s distribution and the opportunity to tap into Grab’s fleet and its GrabPay payment service. Grab declined to provide financial details of the partnership.

Grab co-founder Hooi Ling Tan said that Grab has plans to introduce APIs and, in time, make partner sign-up “significantly more self-serving so that even SMEs can leverage so the same assets that some of our larger partners have.”

Aside from related partner services, Grab is also bringing news, games and other content to its app, which is getting a design facelift to reflect the change. In the past, Grab’s app had opened to a ride-booking screen, but now it will load a list of services and content to reflect a more diverse set of options.

There’s actually nothing new there. That approach is very much similar to Go-Jek, Grab’s rival which dominates Indonesia and is expanding across Southeast Asia and first pioneered the concept of on-demand services in Southeast Asia. The Grab refresh also takes cues from China’s Meituan, a super app company that invested in Go-Jek and is going public in Hong Kong, and blockbuster Chinese apps WeChat from Tencent and Alipay.

“All of this is aimed to help our consumer experience become Southeast Asia’s everyday super app,” Tan said at a press event at the Rise conference in Hong Kong.

Grab recently raised $1 billion from Toyota — a deal that represents the largest ride-sharing investment from an automaker — and Tan hinted that the company could be profitable.

“We are already profitable in some of our markets and especially the more mature ones [and] we are in a position to continue investing into growth,” Tan explained. There’s a “strong path to profitability but we’ve made an active decision to continue growing because we know that there’s so much potential there.”

Grab said last month that it is on course to reach $1 billion in revenue for 2018, and Tan added that GMV has jumped by nine-fold over the past 12 months. While Tan declined to discuss profit or loss figures, she did say that Grab has now crossed two billion rides having clocked its first billion back in November 2017.

Facebook was never ephemeral, and now its Stories won’t have to be

Before Snapchat made social media about just today, Facebook made it about forever. The 2011 “Timeline” redesign of the profile and keyword search unlocked your past, encouraging you to curate colorful posts about your life’s top moments. That was actually an inspiration for Snapchat, as its CEO Evan Spiegel wrote in its IPO announcement that “We learned that creativity can be suppressed by the fear of permanence.”

Now Facebook is finding a middle ground by optionally unlocking the history of your Stories that otherwise disappear after 24 hours. Facebook will soon begin testing Stories Highlights, the company confirmed to TechCrunch. Similar to Instagram Stories Highlights, it will let you pick your favorite expired photos and videos, compile them into themed collections with titles and cover images and display them on your profile.

The change further differentiates Facebook Stories from the Snapchat Stories feature it copied. It’s smart for Facebook, because highly compelling content was disintegrating each day, dragging potential ad views to the grave with it. And for its 150 million daily users, it could make the time we spend obsessing over social media Stories a wiser investment. If you’re going to interrupt special moments to capture them with your phone, the best ones should still pay dividends of self-expression and community connection beyond a day later.

Facebook Stories Highlights was first spotted by frequent TechCrunch tipster Jane Manchun Wong, who specializes in generating screenshots of unreleased features out of the APK files of Android apps. TechCrunch inquired about the feature, and a Facebook spokesperson provided this statement: “People have told us they want a way to highlight and save the Stories that matter most to them. We’ll soon start testing highlights on Facebook – a way to choose Stories to stay on your profile, making it easier to express who you are through memories.”

These Highlights will appear on a horizontal scroll bar on your profile, and you’ll be able to see how many people viewed them just like with your Stories. They’ll default to being viewable by all your friends, but you can also restrict Highlights to certain people or make them public. The latter could be useful for public figures trying to build an audience, or anyone who thinks their identity is better revealed through their commentary on the world that Stories’ creative tools offer, opposed to some canned selfies and profile pics.

Facebook paved the way for Highlights by launching the Stories Archive in May. This automatically backs up your Stories privately to your profile so you don’t have to keep the saved versions on your phone, wasting storage space. That Archive is the basis for being able to choose dead Stories to show off in your Highlights. Together, they’ll encourage users to shoot silly, off-the-cuff content without that “fear of permanence,” but instead with the opportunity. If you want to spend a half hour decorating a Facebook Story with stickers and drawing and captions and augmented reality, you know it won’t be in vain.

Facebook Stories constantly adds new features, like this Blur effect I spotted today

While many relentlessly criticize Facebook for stealing the Stories from Snapchat, its rapid iteration and innovation on the format means the two companies’ versions are sharply diverging. Snapchat still lacks a Highlights-esque feature despite launching its Archive-style Memories back in July 2016. Instead of enhancing the core Stories product that made the app a teen phenomenon, it’s concentrated on Maps, gaming, Search, professional Discover content, and a disastrously needless redesign.

Facebook’s family of apps seized on the stagnation of Snapchat Stories and its neglect of the international market. It copied whatever was working while developing new features like Instagram’s Superzoom and Focus portrait mode, the ability to reshare public feed posts as quote tweet-style Stories and the addition of licensed music soundtracks. While writing this article, I even discovered a new Facebook Stories option called Blur that lets you shroud a moving subject with a dream-like haze, as demonstrated with my dumb face here.

The relentless drive to add new options and smooth out performance has paid off. Now Instagram has 400 million daily Stories users, WhatsApp has 450 million and Facebook has 150 million, while Snapchat’s whole app has just 191 million. As Instagram CEO Kevin Systrom admitted about Snapchat, “They deserve all the credit.” Still, it hasn’t had a megahit since Stories and AR puppy masks. The company’s zeal for inventing new ways to socialize is admirable, though not always a sound business strategy.

At first, the Stories war was a race, to copy functionality and invade new markets. Instagram and now Facebook making ephemerality optional for their Stories signals a second phase of the war. The core idea of broadcasting content that disappears after a day has become commoditized and institutionalized. Now the winner will be declared not as who invented Stories, but who perfected them.

Timehop discloses July 4 data breach affecting 21 million

Timehop has disclosed a security breach that has compromised the personal data (names and emails) of 21 million users. Around a fifth of the affected users — or 4.7M — have also had a phone number that was attached to their account breached in the attack.

The startup, whose service plugs into users’ social media accounts to resurface posts and photos they may have forgotten about, says it discovered the attack while it was in progress, at 2:04 US Eastern Time on July 4, and was able to shut it down two hours, 19 minutes later — albeit, not before millions of people’s data had been breached.

According to its preliminary investigation of the incident, the attacker first accessed Timehop’s cloud environment in December — using compromised admin credentials, and apparently conducting reconnaissance for a few days that month, and again for another day in March and one in June, before going on to launch the attack on July 4, during a US holiday.

Timehop publicly disclosed the breach in a blog post on Saturday, several days after discovering the attack.

It says no social media content, financial data or Timehop data was affected by the breach — and its blog post emphasizes that none of the content its service routinely lifts from third party social networks in order to present back to users as digital “memories” was affected.

However the keys that allow it to read and show users their social media content were compromised — so it has all keys deactivated, meaning Timehop users will have to re-authenticate to its App to continue using the service.

“If you have noticed any content not loading, it is because Timehop deactivated these proactively,” it writes, adding: “We have no evidence that any accounts were accessed without authorization.”

It does also admit that the tokens could “theoretically” have been used for unauthorized users to access Timehop users’ own social media posts during “a short time window” — although again it emphasizes “we have no evidence that this actually happened”.

“We want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile,” it adds.

“The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your “Memories” after you’ve seen them.”

In terms of how its network was accessed, it appears that the attacker was able to compromise Timehop’s cloud computing environment by targeting an account that had not been protected by multifactor authentication.

That’s very clearly a major security failure — but one Timehop does not explicitly explain, writing only that: “We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.”

Part of its formal incident response, which it says began on July 5, was also to add multifactor authentication to “all accounts that did not already have them for all cloud-based services (not just in our Cloud Computing Provider)”. So evidently there was more than one vulnerable account for attackers to target.

Its exec team will certainly have questions to answer about why multifactor authentication was not universally enforced for all its cloud accounts.

For now, by way of explanation, it writes: “There is no such thing as perfect when it comes to cyber security but we are committed to protecting user data. As soon as the incident was recognized we began a program of security upgrades.” Which does have a distinct ‘stable door being locked after the horse has bolted’ feel to it.

It also writes that it carried out “the introduction of more pervasive encryption throughout our environment” — so, again, questions should be asked why it took an incident response to trigger a “more pervasive” security overhaul.

Also not entirely clear from Timehop’s blog post: When/if affected users were notified their information has been breached.

The company posed the blog post disclosing the security breach to its Twitter account on July 8. But prior to that its Twitter account was only noting that some “unscheduled maintenance” might be causing problems for users accessing the app…

We’ve reached out to the company with questions and will update this post with any response.

Timehop does say that at the same time as it was working to shut down the attack and tighten up its security, company executives contacted local and federal law enforcement officials — presumably to report the breach.

Breach reporting requirements are baked into Europe’s recently updated data protection framework, the GDPR, which puts the onus firmly on data controllers to disclose breaches to supervisory authorities — and to do so quickly — with the regulation setting a universal standard of within 72 hours of becoming aware of it (unless the personal data breach is unlikely to result in “a risk to the rights and freedoms of natural persons”).

Referencing GDPR, Timehop writes: “Although the GDPR regulations are vague on a breach of this type (a breach must be “likely to result in a risk to the rights and freedoms of the individuals”), we are being pro-active and notifying all EU users and have done so as quickly as possible. We have retained and have been working closely with our European-based GDPR specialists to assist us in this effort.”

The company also writes that it has engaged the services of an (unnamed) cyber threat intelligence company to look for evidence of use of the email addresses, phone numbers, and names of users being posted or used online and on the Dark Web — saying that “while none have appeared to date, it is a high likelihood that they will soon appear”.

Timehop users who are worried the network intrusion and data breach might have impact their “Streak” — aka the number Timehop displays to denote how many consecutive days they have opened the app — are being reassured by the company that “we will ensure all Streaks remain unaffected by this event”.

Early uses of blockchain will barely be visible, says Hyperledger’s Brian Behlendorf

The blockchain revolution is coming, but you might not see it. That’s the view of Brian Behlendorf, executive director of the Linux Foundation’s Hyperledger Project.

Speaking at the TC Sessions: Blockchain event in Zug, Switzerland, Behlendorf explained that much of the innovation that the introduction of blockchains are primed to happen behind this the scenes unbeknownst to most.

“For a lot of consumers, you’re not going to realize when the bank or a web form at a government website or when you go to LinkedIn and start seeing green check marks against people’s claims that they attended this university — which are all behind-the-scenes that will likely involve blockchain,” Behlendorf told interviewer John Biggs.

“This is a revolution in storage and networking and consumers.”

As for where blockchain might make a big impact, Behlendorf said he believes that the area of online identity is particularly ripe for change. Rather than relying on central systems such as Facebook or Twitter to hold information, blockchain solutions can potentially store information more securely and with more utility thanks to self-sovereign ID systems.

“That’s what gets me up in the morning more than almost every other use case,” Behlendorf said. “I think we’ve got something of a solution but’s only going to work if the end user experience of managing your identity and your personal data is made easy and made fluid. It [has to] feel something like your wallet when you pull out your driver’s license and show it.”

Hyperledger is providing the framework and tools that the foundation hopes will enable innovation in the blockchain space, and Behlendorf said that it currently has around 10 code bases, of which two are in production use with eight additional frameworks to build blockchains. He added that there are more options coming, thanks to Hyperledger focus on “organic” development ideas.

It might seem like an irony that blockchain projects, which can raise enormous amounts of money via token sales, are basing the technologies that power their businesses on open source tools, but Behlendorf said there’s nothing new in that situation versus how the Linux Foundation traditionally operates.

“There might be a few developers who get involved to improve their skills and reputation but the vast majority work on it because their business is investigating it, wants to use it or to do a pilot, so they have a responsibility to make sure it works,” Behlendorf explained.

“For them, knowing other companies are using it and making a profit is fine,” he added. “In fact, it’s a good thing.”

Community spirit is very much the focus, and Hyperledger has had to intervene in the rare cases that members have taken things too far.

“What you want to protect against is any one company benefitting from the brand or reputation that the community creates in a way that is unfair. So we do things like we protect the trademark… because that confuses the marketplace,” Behlendorf said.

“But we want to see companies building services on top of this. In fact, it’s essential to make this a virtuous circle.”