Cross-border fintech startup Airwallex raises $100M at a valuation of over $1B

Australia-based Airwallex is the tech startup to enter the billion-dollar ‘unicorn club.’ The company announced today that it has closed a $100 million Series C round that values its business above $1 billion.

Started in Melbourne in 2015 by four Chinese founders, Airwallex provides a service that lets companies manage cross-border revenue and financing in their business much like consumer service TransferWise.

Its customers can, for example, set up overseas bank accounts if they have paying customers overseas. When they want to move that revenue back to their HQ, they simply do so through the Airwallex system which uses inter-bank exchanges to trade forex at a mid-market rate. That’s something that can save its clients as much as 90 percent on their foreign exchange rates, and it massively simplifies the challenge of doing business overseas.

This new round of funding is led by DST Global — the high profile investors that’s backed the likes of Facebook, Twitter, Spotify, Xiaomi and more — with participation from returning investors that include Sequoia China, Tencent, Hillhouse Capital, Gobi Partners, Horizons Ventures and Australia’s SquarePeg Capital. Airwallex has now raised over $200 million; its previous investment was an $80 million raise around nine months ago.

Most impressively, the company has become a unicorn within three years of its launch — that’s an impressive feat, the company has come a long way since we wrote about its $3 million seed round in late 2016. CEO Jack Zhang told TechCrunch that the company is being public with its valuation for the first time because it provides a major validation that will help it build a reputation and develop additional services in the financial services space.

“We talked to a number of global funds we found interesting but we picked DST because our biggest priority is international expansion and [the firm will] help us opening doors and going after larger opportunities,” Zhang said of the lead investor for the round.

Indeed, the Airwallex vision has grown since that seed round. Today the company, which has eight offices worldwide and over 260 staff, has expanded its focus in terms of both customers and services.

“Traditionally, we served a lot of the internet companies, but now we are saying that it doesn’t matter about size,” Zhang said. “We want to go after small companies and help all businesses to grow and expand globally.”

On the product side, he added that “the vision has evolved and now we’re building a fundamental global finance infrastructure.”

What does that mean exactly? Well, Zhang said Airwallex wants to be more than just a cross-border partner for companies. It already offers services like virtual bank accounts in 50 countries, it plugs in to partners to offer other financial services and its planned future products include credit card issuance to allow companies to manage money overseas with greater granular control.

Indeed, already Airwallex has an internal team nicknamed ‘Alpha/ that helps SMEs and other businesses to grow overseas, while Zhang said it has made undisclosed investments in companies where it sees an aligned ‘global’ vision.

“Alpha identifies early-stage companies and helps them to grow,” Zhang explained. “Whether they work with us or not we don’t care, we help connect them to investors and networks.”

The founders of Airwallex

The idea for the business came to Zhang, who spent time at Australia banks ANZ and NAB, after he grew frustrated of the challenges of importing overseas goods for a coffee business that he invested in with friends.

“We were importing from overseas and paying Western Union a bunch of money,” he recalls. “It was all very slow.”

Airwallex has fixed that problem for any would-be international-minded coffee shop owners/investors, but Zhang is convinced that the future of his business is to be an ecosystem for global banking and financial services. Precisely what that might mean in the future isn’t clear. But looking at companies that work closely with business customers, Airwallex is ideally placed to offer loans and financing, either directly or via partners, and really involve itself in growing its customers and their businesses.

Having started focused on Asia — and China in particular — Zhang is gunning for global growth, and that really means the U.S. and U.K and growing beyond Airwallex’s offices in London and San Francisco. The company is looking to kickstart that push through acquisitions, with Zhang admitting his team is “actively seeking interesting payment startups in the U.K and the U.S.”

Airwallex is also casting its eye on banking licenses in selected markets, which could mean it returns to raise additional capital at the end of this year or the startup of 2020.

A family tracking app was leaking real-time location data

A popular family tracking app was leaking the real-time locations of more than 238,000 users for weeks after the developer left a server exposed without a password.

The app, Family Locator, built by Australia-based software house React Apps, allows families to track each other in real-time, such as spouses or parents wanting to know where their children are. It also lets users set up geofenced alerts to send a notification when a family member enters or leaves a certain location, such as school or work.

But the backend MongoDB database was left unprotected and accessible by anyone who knew where to look.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

Based on a review of the database, each account record contained a user’s name, email address, profile photo and their plaintext passwords. Each account also kept a record of their own and other family members’ real-time locations precise to just a few feet. Any user who had a geofence set up also had those coordinates stored in the database, along with what the user called them — such as “home” or “work.”

None of the data was encrypted.

TechCrunch verified the contents of the database by downloading the app and signing up using a dummy email address. Within seconds, our real-time location appeared as precise coordinates in the database.

We contacted one app user at random who, albeit surprised and startled by the findings, confirmed to TechCrunch that the coordinates found under their record were accurate. The Florida-based user, who did not want to be named, said that the database was the location of their business. The user also confirmed that a family member listed in the app was their child, a student at a nearby high school.

Several other records we reviewed also included the real-time locations of parents and their children.

TechCrunch spent a week trying to contact the developer, React Apps, to no avail. The company’s website had no contact information — nor did its bare-bones privacy policy. The website had a privacy-enabled hidden WHOIS record, masking the owner’s email address. We even bought the company’s business records from the Australian Securities & Investments Commission, only to learn the company owner’s name — Sandip Mann Singh — but no contact information. We sent several messages through the company’s feedback form, but received no acknowledgement.

On Friday, we asked Microsoft, which hosted the database on its Azure cloud, to contact the developer. Hours later, the database was finally pulled offline.

It’s not known precisely how long the database was exposed for. Singh still hasn’t acknowledged the data leak.

Fifty years of the internet

When my team of graduate students and I sent the first message over the internet on a warm Los Angeles evening in October, 1969, little did we suspect that we were at the start of a worldwide revolution. After we typed the first two letters from our computer room at UCLA, namely, “Lo” for “Login,” the network crashed.

Hence, the first Internet message was “Lo” as in “Lo and behold” – inadvertently, we had delivered a message that was succinct, powerful, and prophetic.

The ARPANET, as it was called back then, was designed by government, industry and academia so scientists and academics could access each other’s computing resources and trade large research files, saving time, money and travel costs. ARPA, the Advanced Research Projects Agency, (now called “DARPA”) awarded a contract to scientists at the private firm Bolt Beranek and Newman to implement a router, or Interface Message Processor; UCLA was chosen to be the first node in this fledgling network.

By December, 1969, there were only four nodes – UCLA, Stanford Research Institute, the University of California-Santa Barbara and the University of Utah. The network grew exponentially from its earliest days, with the number of connected host computers reaching 100 by 1977, 100,000 by 1989, a million by the early 1990’s, and a billion by 2012; it now serves more than half the planet’s population.

Along the way, we found ourselves constantly surprised by unanticipated applications that suddenly appeared and gained huge adoption across the Internet; this was the case with email, the World Wide Web, peer-to-peer file sharing, user generated content, Napster, YouTube, Instagram, social networking, etc.

It sounds utopian, but in those early days, we enjoyed a wonderful culture of openness, collaboration, sharing, trust and ethics. That’s how the Internet was conceived and nurtured.  I knew everyone on the ARPANET in those early days, and we were all well-behaved. In fact, that adherence to “netiquette” persisted for the first two decades of the Internet.

Today, almost no one would say that the internet was unequivocally wonderful, open, collaborative, trustworthy or ethical. How did a medium created for sharing data and information turn into such a mixed blessing of questionable information? How did we go from collaboration to competition, from consensus to dissention, from a reliable digital resource to an amplifier of questionable information?

The decline began in the early 1990s when spam first appeared at the same time there was an intensifying drive to monetize the Internet as it reached deeply into the world of the consumer. This enabled many aspects of the dark side to emerge (fraud, invasion of privacy, fake news, denial of service, etc.).

It also changed the nature of internet technical progress and innovations as risk aversion began to stifle the earlier culture of “moon shots”. We are currently still suffering from those shifts. The internet was designed to promote decentralized information, democracy and consensus based upon shared values and factual information. In this it has disappointed to fully achieve the aspirations of its founding fathers.

As the private sector gained more influence, their policies and goals began to dominate the nature of the Internet.  Commercial policies gained influence, companies could charge for domain registration, and credit card encryption opened the door for e-commerce. Private firms like AOL, CompuServe and Earthlink would soon charge monthly fees for access, turning the service from a public good into a private enterprise.

This monetization of the internet has changed it flavor. On the one hand, it has led to valuable services of great value. Here one can list pervasive search engines, access to extensive information repositories, consumer aids, entertainment, education, connectivity among humans, etc.  On the other hand, it has led to excess and control in a number of domains.

Among these one can identify restricted access by corporations and governments, limited progress in technology deployment when the economic incentives are not aligned with (possibly short term) corporate interests, excessive use of social media for many forms of influence, etc.

If we ask what we could have done to mitigate some of these problems, one can easily name two.  First, we should have provided strong file authentication – the ability to guarantee that the file that I receive is an unaltered copy of the file I requested. Second, we should have provided strong user authentication – the ability for a user to prove that he/she is whom they claim to be.

Had we done so, we should have turned off these capabilities in the early days (when false files were not being dispatched and when users were not falsifying their identities). However, as the dark side began to emerge, we could have then gradually turned on these protections to counteract the abuses at a level to match the extent of the abuse. Since we did not provide an easy way to provide these capabilities from the start, we suffer from the fact that it is problematic to do so for today’s vast legacy system we call the Internet.

A silhouette of a hacker with a black hat in a suit enters a hallway with walls textured with blue internet of things icons 3D illustration cybersecurity concept

Having come these 50 years since its birth, how is the Internet likely to evolve over the next 50? What will it look like?

That’s a foggy crystal ball. But we can foresee that it is fast on its way to becoming “invisible” (as I predicted 50 years ago) in the sense that it will and should disappear into the infrastructure.

It should be as simple and convenient to use as is electricity; electricity is straightforwardly available via a trivially simple interface by plugging it into the wall; you don’t know or care how it gets there or where it comes from, but it delivers its services on demand.

Sadly, the internet is far more complicated to access than that. When I walk into a room, the room should know I’m there and it should provide to me the services and applications that match my profile, privileges and preferences.  I should be able to interact with the system using the usual human communication methods of speech, gestures, haptics, etc.

We are rapidly moving into such a future as the Internet of Things pervades our environmental infrastructure with logic, memory, processors, cameras, microphones, speakers, displays, holograms, sensors. Such an invisible infrastructure coupled with intelligent software agents imbedded in the internet will seamlessly deliver such services. In a word, the internet will essentially be a pervasive global nervous system.

That is what I judge will be the likely essence of the future infrastructure. However, as I said above, the applications and services are extremely hard to predict as they come out of the blue as sudden, unanticipated, explosive surprises!  Indeed, we have created a global system for frequently shocking us with surprises – what an interesting world that could be!

The “splinternet” is already here

There is no question that the arrival of a fragmented and divided internet is now upon us. The “splinternet,” where cyberspace is controlled and regulated by different countries is no longer just a concept, but now a dangerous reality. With the future of the “World Wide Web” at stake, governments and advocates in support of a free and open internet have an obligation to stem the tide of authoritarian regimes isolating the web to control information and their populations.

Both China and Russia have been rapidly increasing their internet oversight, leading to increased digital authoritarianism. Earlier this month Russia announced a plan to disconnect the entire country from the internet to simulate an all-out cyberwar. And, last month China issued two new censorship rules, identifying 100 new categories of banned content and implementing mandatory reviews of all content posted on short video platforms.

While China and Russia may be two of the biggest internet disruptors, they are by no means the only ones. Cuban, Iranian and even Turkish politicians have begun pushing “information sovereignty,” a euphemism for replacing services provided by western internet companies with their own more limited but easier to control products. And a 2017 study found that numerous countries, including Saudi Arabia, Syria and Yemen have engaged in “substantial politically motivated filtering.”

This digital control has also spread beyond authoritarian regimes. Increasingly, there are more attempts to keep foreign nationals off certain web properties.

For example, digital content available to U.K. citizens via the BBC’s iPlayer is becoming increasingly unavailable to Germans. South Korea filters, censors and blocks news agencies belonging to North Korea. Never have so many governments, authoritarian and democratic, actively blocked internet access to their own nationals.

The consequences of the splinternet and digital authoritarianism stretch far beyond the populations of these individual countries.

Back in 2016, U.S. trade officials accused China’s Great Firewall of creating what foreign internet executives defined as a trade barrier. Through controlling the rules of the internet, the Chinese government has nurtured a trio of domestic internet giants, known as BAT (Baidu, Alibaba and Tencent), who are all in lock step with the government’s ultra-strict regime.

The super-apps that these internet giants produce, such as WeChat, are built for censorship. The result? According to former Google CEO Eric Schmidt, “the Chinese Firewall will lead to two distinct internets. The U.S. will dominate the western internet and China will dominate the internet for all of Asia.”

Surprisingly, U.S. companies are helping to facilitate this splinternet.

Google had spent decades attempting to break into the Chinese market but had difficulty coexisting with the Chinese government’s strict censorship and collection of data, so much so that in March 2010, Google chose to pull its search engines and other services out of China. However now, in 2019, Google has completely changed its tune.

Google has made censorship allowances through an entirely different Chinese internet platform called project Dragonfly . Dragonfly is a censored version of Google’s Western search platform, with the key difference being that it blocks results for sensitive public queries.

Sundar Pichai, chief executive officer of Google Inc., sits before the start of a House Judiciary Committee hearing in Washington, D.C., U.S., on Tuesday, Dec. 11, 2018. Pichai backed privacy legislation and denied the company is politically biased, according to a transcript of testimony he plans to deliver. Photographer: Andrew Harrer/Bloomberg via Getty Images

The Universal Declaration of Human Rights states that “people have the right to seek, receive, and impart information and ideas through any media and regardless of frontiers.”

Drafted in 1948, this declaration reflects the sentiment felt following World War II, when people worked to prevent authoritarian propaganda and censorship from ever taking hold the way it once did. And, while these words were written over 70 years ago, well before the age of the internet, this declaration challenges the very concept of the splinternet and the undemocratic digital boundaries we see developing today.

As the web becomes more splintered and information more controlled across the globe, we risk the deterioration of democratic systems, the corruption of free markets and further cyber misinformation campaigns. We must act now to save a free and open internet from censorship and international maneuvering before history is bound to repeat itself.

BRUSSELS, BELGIUM – MAY 22: An Avaaz activist attends an anti-Facebook demonstration with cardboard cutouts of Facebook chief Mark Zuckerberg, on which is written “Fix Fakebook”, in front of the Berlaymont, the EU Commission headquarter on May 22, 2018 in Brussels, Belgium. Avaaz.org is an international non-governmental cybermilitating organization, founded in 2007. Presenting itself as a “supranational democratic movement,” it says it empowers citizens around the world to mobilize on various international issues, such as human rights, corruption or poverty. (Photo by Thierry Monasse/Corbis via Getty Images)

The Ultimate Solution

Similar to the UDHR drafted in 1948, in 2016, the United Nations declared “online freedom” to be a fundamental human right that must be protected. While not legally binding, the motion passed with consensus, and therefore the UN was provided limited power to endorse an open internet (OI) system. Through selectively applying pressure on governments who are not compliant, the UN can now enforce digital human rights standards.

The first step would be to implement a transparent monitoring system which ensures that the full resources of the internet, and ability to operate on it, are easily accessible to all citizens. Countries such as North Korea, China, Iran and Syria, who block websites and filter email plus social media communication, would be encouraged to improve through the imposition of incentives and consequences.

All countries would be ranked on their achievement of multiple positive factors including open standards, lack of censorship, and low barriers to internet entry. A three tier open internet ranking system would divide all nations into Free, Partly Free or Not Free. The ultimate goal would be to have all countries gradually migrate towards the Free category, allowing all citizens full information across the WWW, equally free and open without constraints.

The second step would be for the UN to align itself much more closely with the largest western internet companies. Together they could jointly assemble detailed reports on each government’s efforts towards censorship creep and government overreach. The global tech companies are keenly aware of which specific countries are applying pressure for censorship and the restriction of digital speech. Together, the UN and global tech firms would prove strong adversaries, protecting the citizens of the world. Every individual in every country deserves to know what is truly happening in the world.

The Free countries with an open internet, zero undue regulation or censorship would have a clear path to tremendous economic prosperity. Countries who remain in the Not Free tier, attempting to impose their self-serving political and social values would find themselves completely isolated, visibly violating digital human rights law.

This is not a hollow threat. A completely closed off splinternet will inevitably lead a country to isolation, low growth rates, and stagnation.

Elizabeth Warren wants to break up Google, Amazon and Facebook

The influential Massachusetts Senator and Presidential hopeful Elizabeth Warren has been a longtime critic of the consolidation of economic power by Amazon, Google, and Facebook. Now she’s making their break-up a key component of her Presidential platform.

Warren has just released her plan for breaking up big tech, in what seems like a watershed moment for a Democratic nominee. Since Al Gore famously (infamously?) “invented the internet”, Democratic candidates have turned away from serious regulation of technology companies, preferring instead to receive their campaign contributions.

Eric Schmidt and Google donors were hugely important to the Obama campaign, and big tech companies were among his biggest supporters.

Now, Warren has said (on Medium no less) that the massive market power that Google, Facebook, and Amazon wield is a threat and will be treated accordingly.

“Twenty-five years ago, Facebook, Google, and Amazon didn’t exist,” writes Warren. “Now they are among the most valuable and well-known companies in the world. It’s a great story — but also one that highlights why the government must break up monopolies and promote competitive markets.”

The parallel she uses to make her case is the breakup of Microsoft, which she weirdly calls “the tech giant of its time” (Microsoft is still a tech giant), and holds as perhaps the last example when government went toe to toe with the technology industry.

“The government’s antitrust case against Microsoft helped clear a path for Internet companies like Google and Facebook to emerge,” Warren writes.

But now the companies that flourished in the wake of the Microsoft case have, themselves, become too powerful, she argues.

“They’ve bulldozed competition, used our private information for profit, and tilted the playing field against everyone else. And in the process, they have hurt small businesses and stifled innovation,” writes Warren.

The key components of the Warren plan include passing legislation that would designate companies with annual global revenue above $25 billion that provide marketplace, exchange, or third-party connectivity as “platform utilities” and prohibit those companies from owning participants on their platforms.

It’s a dragnet that now encompasses Alphabet and Amazon (but I don’t think it touches Facebook?). The new law would also be required to meet a standard of fair and non-discriminatory use with their users, and platforms would be restricted from sharing user data with third parties.

For companies with revenues below $25 billion, they’d be required to adhere to the fair use standard.

Warren would give state attorneys general and private parties the right to sue a platform for conduct that violates those requirements and the government could fine a company 5% of their annual revenue for violating the terms of the new legislation.

As Warren notes, “Amazon Marketplace, Google’s ad exchange, and Google Search would be platform utilities under this law. Therefore, Amazon Marketplace and Basics, and Google’s ad exchange and businesses on the exchange would be split apart. Google Search would have to be spun off as well.”

The part of Warren’s plan would be the rollback of acquisitions that Warren deems anti-competitive. In Amazon’s case that means Whole Foods and Zappos, would have to be spun back out. Alphabet would have to unwind Google’s acquisitions fo Waze, Nest, and DoubleClick (but not YouTube?), and Facebook would have to part with WhatsApp and Instagram.

“Unwinding these mergers will promote healthy competition in the market — which will put pressure on big tech companies to be more responsive to user concerns, including about privacy,” Warren writes.

Her call for regulation is a big moment for the tech industry, it should also serve as a wake-up call for these companies to do more than just pay lip service to the problems their dominance is causing in the marketplace.

Thailand passes controversial cybersecurity law that could enable government surveillance

Thailand’s government passed a controversial cybersecurity bill today that has been criticized for vagueness and the potential to enable sweeping access internet user data.

The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed the country’s parliament with 133 positives votes and no rejections although there were 16 absentees.

There are concerns around a number of clauses, chiefly the potential for the government — which came to power via a military coup in 2014 — to search and seize data and equipment in cases that are deemed issues of national emergency. That could enable internet traffic monitoring and access to private data, including communications, without a court order.

The balance of power beyond enforcement has also been questioned. Critics have highlighted the role of the National Cybersecurity Committee, which is headed by the Prime Minister and holds considerable weight in carrying out the law. The Committee has been called upon to include representation from the industry and civic groups to give it greater oversight and balance.

Added together, there’s a fear that the law could be weaponized by the government to silence critics. Thailand already has powerful lese majeste laws, which make it illegal to criticize the monarchy and have been used to jail citizens for comments left on social media and websites. The country has also censored websites in the past, including the Daily Mail and, for a nearly six-month period in 2007, YouTube.

“The Asia Internet Coalition is deeply disappointed that Thailand’s National Assembly has voted in favor of a Cybersecurity Law that overemphasizes a loosely-defined national security agenda, instead of its intended objective of guarding against cyber risks,” read a statement from Jeff Paine, managing director of Asia Internet Coalition — an alliance of international tech firms that include Facebook, Google and Apple.

“Protecting online security is a top priority, however the Law’s ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight. This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data,” Paine added.

Reaction to the law has seen a hashtag (#พรบไซเบอร์) trend on Twitter in Thailand, while other groups have spoken out on the potential implications.

Thailand isn’t alone in introducing controversial internet laws. New regulations, passed last summer, came into force in near-neighbor Vietnam on January 1 and sparked similar concerns around free speech online.

That Vietnamese law broadly forbids internet users from organizing with, or training, others for anti-state purposes, spreading false information, and undermining the nation state’s achievements or solidarity. It also requires foreign internet companies to operate a local office and store user information on Vietnamese soil. That’s something neither Google nor Facebook has complied with, despite the Vietnamese government’s recent claim that the former is investigating a local office launch.

On the strength of its Mixer partnership, streaming toolkit developer Lightstream raises $8 million

Lightstream, a Chicago-based company which develops tools to augment livestreams, has raised $8 million in new funding as it looks to add monitoring, management, and monetization services to its suite of editing technologies.

Last year, the company inked a partnership with Microsoft‘s live-streaming Twitch competitor, Mixer, to let streamers on the platform add professional flourishes like images, overlays, transitions and text to streams or to edit streams, without a lot of professional editing tools or expertise.

“We got started when Twitch was the only game in town,” says Stu Grubbs, Lightstream’s co-founder and chief executive. “Twitch was the only big name back in 2014 when we started and to be a live streamer you needed to understand bit rates and codex. We set out to make that easier.”

The company works with Twitch, YouTube, and Mixer, but it was when the partnership with Mixer came along that the company’s user base began to explode.

Key to the adoption was Microsoft’s adoption of Beam which lowered the latency on Mixer’s video streams and made that product more compelling to users. Coupled with Microsoft’s reach as the one of the most popular platforms for PC and console gamers, Lightstream’s toolkit gained a powerful, and large user base.

For the past few years, the company has had between 1,000 and 2,000 streamers signing up every week to use its tools. There are now roughly 10,000 streamers on the platform, according to a rough estimate.

Now, with the new money, the company will look to double the size of the team and add some features that have been requested by Lightstream’s growing community of users, Grubbs said.

As a result of the new round, which included a $6 million equity commitment from investors including Drive Capital, MK Capital and Pritzker Group, and a $2 million debt facility from Silicon Valley Bank; Drive Capital General Partner, Andy Jenks, will take a seat on the company’s board of directors.

“Lightstream is an incredible company that has seen tremendous growth because of smart and efficient practices. Stu and his team stand at the convergence of multiple massive and rapidly growing industries,” said Jenks, in a statement. “Stu has immense passion and a keen vision for what they can do for creators and the impact Lightstream can have in live streaming, gaming, and beyond. They have assembled an incredible team, made smart strategic moves, created massive partnerships and are building towards something so big that we had to be a part of it.”

ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure

The internet’s address book keeper has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.

The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of “multifaceted attacks utilizing different methodologies.”

It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.

In January, security company FireEye revealed that hackers likely associated with Iran were hijacking DNS records on a massive scale, by rerouting users from a legitimate web address to a malicious server to steal passwords. This so-called “DNSpionage” campaign, dubbed by Cisco’s Talos intelligence team, was targeting governments in Lebanon and the United Arab Emirates. Homeland Security’s newly founded Cybersecurity Infrastructure Security Agency later warned that U.S. agencies were also under attack. In its first emergency order amid a government shutdown, the agency ordered federal agencies to take action against DNS tampering.

ICANN’s chief technology officer David Conrad told the AFP news agency that the hackers are “going after the Internet infrastructure itself.”

The internet organization’s solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that’s more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult — though not impossible — to spoof.

But adoption has been glacial. Only three percent of the Fortune 1,000 are using DNSSEC, according to statistics by Cloudflare released in September. Internet companies like Cloudflare and Google have pushed for greater adoption by rolling out one-click enabling of DNSSEC to domain name owners.

DNSSEC adoption is currently at about 20 percent.

You can now register .dev domains

Google today announced that you can now register .dev domain names. Google acquired the .dev top-level domain when ICANN opened up the web to new generic top-level domains (gTLD) a few years ago. At the time, Google acquired gTLD’s like .app, .page and .dev (for some reason, Google also owns .soy).

Right now, the .dev domains are still in an early access program, though. That means you’ll have to pay an additional fee that decreases every day until February 28 — and that early access fee is pretty steep.

Registering a new domain on GoDaddy, which is one of the many resellers that offer the new domain names, will set you back over $12,500 in extra fees today. Tomorrow, that price drops to just over $3,100. Come February 28, you can register any available domain and it’ll just cost you about $20 per year. The idea here, of course, is to manage demand (and to extract a few extra dollars from the companies that really need to have a given domain name).

Some of the companies and organizations that are already using the new gTLD are Google itself, as well as the likes of GitHub. Women Who Code, Jetbrains, Codecademy and Salesforce. And because this is 2019, there’s also Kubernetes.dev.

Like its .app domains, .dev domain will require HTTPS connections to protect users from ad malware, tracking injections and WiFi snooping.

“We hope .dev will be a new home for you to build your communities, learn the latest tech and showcase your projects—all with a perfect domain name,” Google explains in today’s announcement.

I never got the sense that there was all that much demand for non-.com or country-level domain names (does the world really need .ninja domains?), but if you always wanted a .dev domain, now would be a good time to get our your credit card.

Amazon buys Eero: What does it mean for your privacy?

In case you hadn’t seen, Amazon is buying router maker Eero. And in case you hadn’t heard, people are pretty angry.

Deluged in a swarm of angry tweets and social media posts, many have taken to reading tealeaves to try to understand what the acquisition means for ordinary privacy-minded folks like you and me. Not many had much love for Amazon on the privacy front. A lot of people like Eero because it wasn’t attached to one of the big tech giants. Now it’s to be part of Amazon, some are anticipating the worst for their privacy.

Of the many concerns we’ve seen, the acquisition boils down to a key concern: “Amazon shouldn’t have access to all internet traffic.”

Rightfully so! It’s bad enough that Amazon wants to put a listening speaker in every corner of our home. How worried should you be that Amazon flips the switch on Eero and it’s no longer the privacy-minded router it once was?

This calls for a lesson in privacy pragmatism, and one of cautious optimism.

Don’t panic — yet

Nothing will change overnight. The acquisition will take time, and any possible changes will take longer. Eero has an easy to read privacy policy, and the company tweeted that the company will “continue to protect” customer privacy, noting that Eero “does not track customers’ internet activity and this policy will not change with the acquisition.”

That’s true! Eero doesn’t monitor your internet activity. We scoured the privacy policy, and the most the router collects is some basic information from each device connecting to the router that it already broadcasts, such as device name and its unique networking address. We didn’t see anything beyond boilerplate language for a smart router. And there’s nothing in there that says even vaguely that Eero can or will spy on your internet traffic.

Among the many reasons, it (mostly) couldn’t even if it wanted to.

Every single time you open an app or load a website, most now load over HTTPS. And most do because Google has taken to security-shaming sites that don’t. That’s an encrypted connection between your computer and the app or website. Not even your router can see your internet traffic. It’s only rare cases like Facebook’s creepy “research” app that forces you to give it “root” access to your device’s network traffic when companies can snoop on everything you do.

If Eero starts asking you to install root certificates on your devices, then we have a problem.

Fear the internet itself

The reality is that your internet service provider knows more about your internet activity than your router does.

Your internet provider not only processes your internet requests, it routes and directs them. Even when the traffic is HTTPS-encrypted, your internet provider for the most part knows which domains you visit, and when, and with that it can sometimes figure out why. With that information, your internet provider can piece together a timeline of your online life. It’s the reason why HTTPS and using privacy-focused DNS services are so important.

It doesn’t stop there. Once your internet traffic goes past your router, you’re into the big wide world of the world wide web. Your router is the least of your troubles: it’s a jungle of data collection out there.

Props to the spirited gentleman who tweeted that he trusts Google “way more with my privacy than Amazon” for the sole reason that, “Amazon wants to use the data to sell me more stuff vs. Google just wants to serve targeted ads.” Think of that: Amazon wants to sell you products from its own store, but somehow that’s worse than Google selling its profiles of who it thinks you are to advertisers to try to sell you things?

Every time you go online, what’s your first hit? Google. Every time you open a new browser window, it’s Google. Every time you want to type something in to the omnibar at the top of your browser, it’s Google. Google knows more about your browsing history than your router does because most people use Google as their one-stop directory for all they need on the internet. Your internet provider may not be able to see past the HTTPS domain that you’re visiting, but Google, for one, tracks which search queries you type, which websites you go to, and even tracks you from site-to-site with its pervasive ad network.

At least when you buy a birthday present or a sex toy (or both?) from Amazon, that knowledge stays in-house.

Knock knock, it’s Amazon already

If Amazon wanted to track you, it already could.

Everyone seems to forgets Amazon’s massive cloud business. Most of the internet these days runs on Amazon Web Services, the company’s dedicated cloud unit that made up all of the company’s operating income in 2017. It’s a cash cow and an infrastructure giant, and its retail prowess is just part of the company’s business.

Think you can escape Amazon? Just look at what happened when Gizmodo’s Kashmir Hill tried to cut out Amazon from her life. She found it “impossible.” Why? Everything seems to rely on Amazon these days — from Spotify and Netflix’s back-end, popular consumer and government websites use it, and many other major apps and services rely on Amazon’s cloud. She ended up blocking 23 million IP addresses controlled by Amazon, and still struggled..

In a single week, Hill found 95,260 total attempts by her devices to communicate with Amazon, compared to less than half that for Google at 40,527 requests, and a paltry 36 attempts for Apple. Amazon already knows which sites you go to — because it runs most of them.

So where does that leave me?

Your router is a lump of plastic. And it should stay that way. We can all agree on that.

It’s a natural fear that when “big tech” wades in, it’s going to ruin everything. Especially with Amazon. The company’s track record on transparency is lackluster at best, and downright evasive at its worst. But just because Amazon is coming in doesn’t mean it’ll necessarily become a surveillance machine. Even Google’s own mesh router system, Eero’s direct competitor, promises to “not track the websites you visit or collect the content of any traffic on your network.”

Amazon can’t turn the Eero into a surveillance hub overnight, but it doesn’t mean it won’t try.

All you can do is keep a close eye on the company’s privacy policy. We’ll do it for you. And in the event of a sudden change, we’ll let you know. Just make sure you have an escape plan.