Decrypted: As tech giants rally against Hong Kong security law, Apple holds out

It’s not often Silicon Valley gets behind a single cause. Supporting net neutrality was one, reforming government surveillance another. Last week, Big Tech took up its latest: halting any cooperation with Hong Kong police.

Facebook, Google, Microsoft, Twitter, and even China-headquartered TikTok said last week they would no longer respond to demands for user data from Hong Kong law enforcement — read: Chinese authorities — citing the new unilaterally imposed Beijing national security law. Critics say the law, ratified on June 30, effectively kills China’s “one country, two systems” policy allowing Hong Kong to maintain its freedoms and some autonomy after the British handed over control of the city-state back to Beijing in 1997.

Noticeably absent from the list of tech giants pulling cooperation was Apple, which said it was still “assessing the new law.” What’s left to assess remains unclear, given the new powers explicitly allow warrantless searches of data, intercept and restrict internet data, and censor information online, things that Apple has historically opposed if not in so many words.

Facebook, Google and Twitter can live without China. They already do — both Facebook and Twitter are banned on the mainland, and Google pulled out after it accused Beijing of cyberattacks. But Apple cannot. China is at the heart of its iPhone and Mac manufacturing pipeline, and accounts for over 16% of its revenue — some $9 billion last quarter alone. Pulling out of China would be catastrophic for Apple’s finances and market position.

The move by Silicon Valley to cut off Hong Kong authorities from their vast pools of data may be a largely symbolic move, given any overseas data demands are first screened by the Justice Department in a laborious and frequently lengthy legal process. But by holding out, Apple is also sending its own message: Its ardent commitment to human rights — privacy and free speech — stops at the border of Hong Kong.

Here’s what else is in this week’s Decrypted.


THE BIG PICTURE

Police used Twitter-backed Dataminr to snoop on protests

The best WiFi 6 home networking tech to upgrade your setup

Wifi 6 is here – making its way to more and more devices, with a noteworthy inclusion on last year’s flagship iPhone 11 lineup. This next-generation Wifi technology provides faster speeds for transferring data between devices, but more importantly, it also means your system will be better equipped to handle multiple Wifi devices connected at one time, without slowdowns or interruptions – and it can even reduce battery drain in mobile devices.

The number of Wifi 6 routers and mesh systems has definitely improved dramatically since the debut of the iPhone 11, and there are a range of options available at a variety of price points. But for those looking to get the most out of their Wifi 6 setup, two available systems in particular can provide all the power you need, with two different approaches that will appeal to differing user needs.

Orbi AX6000 Mesh WiFi System (starting at $699.99)

Image Credits: Netgear

Netgear’s Orbi lineup is a popular mesh option, and its latest AX6000 series offers WiFi 6 networking in either a 2- or 3-pack configuration. Even the 2-pack is able to cover a home of up to 5,000 square feet, Netgear claims, and it an support up to 2.5G internet connections from an Ethernet connected modem.

The Orbi AX6000 includes Netgear’s X technology, which can optimize streaming and media connections for optimal performance. Both the base unit and the satellite include 4 Gigabit Ethernet LAN ports for hardwired connections, which means you’re less likely to need an Ethernet switch to connect all your gear.

In real-world testing, the AX6000 proved a remarkably reliable and far-reaching mesh system. I tested a 2-device configuration, with one base unit and one satellite, and really saw the advantages of its range. In my testing, I was able to enjoy a consistent and strong Wifi connection with the AX6000 as far as around 500 feet or more outside – useful in the situation where I had it installed in a lake house for reaching all the way down to a dock.

Orbi’s system can be managed from a mobile app, which provides an overview of devices attached, with detailed information available for each. You can pause and resume access for each connected device from the app, and also enable features like a dedicated guest network.

Netgear also offers a service called Armor that provides real-time threat detection and protection on your network. It’s a subscription service, with a limited free trial included when you first set up your Orbi system. In practice, it did seem to effectively detect and block phishing and malware connections, and it’s optional as an ongoing paid add-on.

The real strength of the Orbi system for me was that when I used it with a cellular-based network connection in a relatively remote setting, it dramatically improved performance. That was true even when I used it with my home fibre connection, which is a 1.5Gbps network, but it improved the much less reliable 50Mbps mobile connection so much that it went from relatively unreliable to fully reliable.

Netgear’s offering also offers a level of simplicity in terms of the app and network management that has advantages and downsides, but that is probably much better suited to casual or non-technical users. I found that it lacked some advanced options I was looking for, like the ability to separate 2.4Ghz and 5Ghz networks under separate network SSIDs to more easily connect some smart home devices, but that’s probably not a feature most users want or need.

AmpliFi Alien WiFi 6 Router (starting at $379)

Image Credits: AmpliFi

The AmpliFi Alien router from AmpliFi, which is the consumer arm of commercial networking giant Ubiquiti, offers all the customization that an advanced user could want, on the other hand. The $379 device can act as a standalone tri-band router, or it can pair up with other Alient base stations (a 2-pack is $699) to form a mesh network for greater coverage. Unlike the Orbi option, AmpliFi’s hardware doesn’t have dedicated base station and satellite units, meaning they can be swapped out as needed to set up different networks if you don’t need the mesh capabilities.

AmpliFi’s Alien in testing also offered excellent coverage, and worked extremely well providing access to the full capabilities of my 1.5Gbps finer optic connection. In long-term testing, their reliability has been impeccable in terms of network uptime, and AmpliFi has consistently and reliably pushed updates to improve their performance as well.

Building on their reputation for delivering the best in advanced networking through Ubiquiti, AmpliFi has also equipped the Alien with some impressive hardware specs, including a custom antenna array and a dedicated 2.2 GHz 64-bit quad-core CPU in each base station. That’s more computing power than you’ll find in some mid-range Android smartphones, all committed to the task of continually optimizing your network and device connections for maximum performance.

All that onboard intelligence doesn’t necessarily translate to complexity, however – AmpliFi is meant to be Ubiquiti’s more accessible consumer brand, and it stays true to that with its simple, app-based setup and control. The AmpliFi app is very user-friendly and well designed, and includes all the features you’d expect from a mesh networking system including individual device views and controls, as well as rule creation and full stats reporting. You can also set up guest networking, and configure more advanced features like distinct SSIDs for different frequency networks.

The AmplifFi Alien also has a colorful, high-resolution display that provides at-a-glance information including current network performance, signal strength, and a list of connected devices. Both these menus and the in-app ones can get a little information dense compared to other options like the Orbi, however, which is why I think it’s a much better option for someone more comfortable with tech in general, and networking tech in particular.

The Alien system offers great expandability and flexibility (albeit with a cost since each is $379) and amazing custom control features. It’s definitely the networking solution to beat when it comes to advanced at-home Wifi 6 networking.

Bottom line

More and more Wifi 6 options are coming to market as the technology shows up on more consumer devices, and as mentioned, you can also get them at increasingly affordable prices. But Wifi 6 stands to be an investment that should provide you with many years of networking advantages, with more benefits accruing over time, so it’s likely worth investing money in a top-tier system that will provide future-proof performance.

Both the Netgear Orbi system and the AmpliFi Alien offer terrific performance, easy setup and a host of great features. Orbi’s AX6000 is likely better for those who prefer to set-it-and-forget-it, and who might appreciate the option of setting up threat detection on an ongoing basis. The Alien is better for power users and anyone who wants the ability to change their configuration over time – including potentially splitting up their networking hardware to use in multiple locations.

Four perspectives: Will Apple trim App Store fees?

The fact that Apple takes a 30% cut of subscriptions purchased via the App Store isn’t news. But since the company threatened to boot email app Hey from the platform last week unless its developers paid the customary tribute, the tech world and lawmakers are giving Apple’s revenue share a harder look.

Although Apple’s Senior Vice President of worldwide marketing Phil Schiller denied the company was making any changes, a new policy will let developers challenge the very rules by which they were rejected from the platform, which suggests that change is in the air.

According to its own numbers, the App Store facilitated more than $500 billion in e-commerce transactions in 2019. For reference, the federal government has given out about $529 billion in loans to U.S. businesses as part of the Paycheck Protection Program.

Given its massive reach, is it time for Apple to change its terms? Will it allow its revenue share to go gently into that good night, or does it have enough resources to keep new legislation at bay and mollify an increasingly vocal community of software developers? To examine these questions, four TechCrunch staffers weighed in:

Devin Coldewey: The App Store fee structure “seems positively extortionate”

Apple is starting to see that its simplistic and paternalistic approach to cultivating the app economy may be doing more harm than good. That wasn’t always the case: In earlier days it was worth paying Apple simply for the privilege of taking part in its fast-expanding marketplace.

But the digital economy has moved on from the conditions that drove growth before: Novelty at first, then a burgeoning ad market supercharged by social media. The pendulum is swinging back to more traditional modes of payment: one-time and subscription payments for no-nonsense services. Imagine that!

Combined with the emergence of mobile platforms not just as tools for simple consumption and communication but for serious work and productivity, the stakes have risen. People have started asking, what value is Apple really providing in return for the rent it seeks from anyone who wants to use its platform?

Surely Apple is due something for its troubles, but just over a quarter of a company’s revenue? What seemed merely excessive for a 99-cent app that a pair of developers were just happy to sell a few thousand copies of now seems positively extortionate.

Apple is in a position of strength and could continue shaking down the industry, but it is wary of losing partners in the effort to make its platform truly conducive to productivity. The market is larger and more complicated, with cross-platform and cross-device complications of which the App Store and iOS may only be a small part — but demanding an incredibly outsized share.

It will loosen the grip, but there’s no hurry. It would be a costly indignity to be too permissive and have its new rules be gamed and hastily revised. Allowing developers to push back on rules they don’t like gives Apple a lot to work with but no commitment. Big players will get a big voice, no doubt, and the new normal for the App Store will reflect a detente between moneyed interests, not a generous change of heart by Apple.

Apple’s software updates give a glimpse of software in a COVID-19 era

Apple is responding to the COVID-19 crisis with a range of new features across its software platforms. Some are intended to directly combat the threat of the novel coronavirus, as with Apple Watch’s new handwashing feature. Other updates can be seen in a new light in the COVID-19 era. For example, your Apple Watch can track your TikTok dances as a “workout,” now that you’re not going to the gym. A new sleep feature pushes you to get more rest. Apple Maps has also added a dedicated cycling feature and can show you where to find hiking trails.

While many of the new features are more reactive in nature, the handwashing timer for Apple Watch aims to directly impact consumer behavior for the better.

Today, many people still don’t know how long to wash their hands or how to properly scrub them to reduce the spread of germs. Apple Watch wearers will get a push in the right direction, however. The new feature arriving in watchOS 7 later this year will be able to detect when hand washing has begun, using machine learning models that detect the motion of the Watch wearer’s hands. It will also use audio to confirm the sounds of water running or bubbles squishing.

Image Credits: Apple

 

This will make the Apple Watch the first to offer a handwashing detection feature.

As the wearer washes their hands, a countdown timer will appear on the watch face so you’ll know how long to watch. This will also use haptics and sounds to encourage you to continue, almost gamifying the experience. The device will also offer a little coaching along the way and will even push you to finish washing if you’ve stopped.

The feature is small but could have a notable impact on consumer behavior.

Image Credits: Apple

The Apple Watch will also push users to care about other aspects of their health and wellness. While that’s always been a key area of interest for Apple’s wearable platform, being healthy takes on a new level of importance in the COVID-19 era.

For instance, a new sleep tracking function for Apple Watch, does more than count your zzz’s. It also helps users meet their sleep duration goals by allowing you to set both a bedtime and the time you want to wake up. The sleep tracking feature works in conjunction with iOS 14’s new “Wind Down” functionality, which will begin to minimize distractions ahead of your bedtime.

A calmer, notification-free home screen displays in the evenings so you can begin to transition from your wakeful, busy hours to a calmer, more relaxed state.

Wind Down shortcuts help you start to relax with quiet music or content from a meditation app.

At bedtime, your iPhone screen dims and your Apple Watch goes into sleep mode, turning the screen off. You can wake it with a tap if you want to check the time on a simple face.

As you sleep, the Watch uses machine learning to track your movements, even the rise and fall of your breath, to determine how you’re sleeping. You can later view your sleep trends, based on this tracking, in the Apple Health app.

In the morning, you can choose to wake up to a haptic vibration on your wrist, instead of a more jarring audible alarm. This could help you wake up without disturbing your partner who may still be sleeping in.

Image Credits: Apple under a license.

Though Apple didn’t reference COVID-19 by name when introducing its new Apple Watch sleep tracking features, the company briefly noted that sleep is useful in “keeping you healthy.”

Other aspects where Apple addressed the COVID-19 crisis aren’t perhaps as obvious.

Apple Watch’s addition of “dance” as a Workout type in watchOS 7 could have been dreamed up for tracking cardio exercise classes, like Zumba. But today, it feels like a nod to all those Instagram Live DJ parties happening as people sheltered in place under government lockdowns. Or even an acknowledgement of how many users are “working out” by practicing the latest TikTok dance at home.

Image Credits: Apple

Meanwhile, Apple Maps was due to get cycling directions as part of its upgrade. But the way Apple designed its new biking feature is one that seems to understand that many people will reduce their reliance on public transit for years to come in favor of other transportation options.

And they’ll want more than just directions and route time.

Image Credits: Apple

Starting in major markets — New York, Los Angeles, San Francisco, Shanghai, and Beijing — Apple Maps users will not only be able to calculate a biking route, but will be also see other aspects of that trip, like elevation changes or if there are bikes lanes available.

Image Credits: Apple

The feature will even suggest if the biker should take a flight of stairs to save themselves time. And bikers can search for and add places optimized for cyclists, like bike repair shops, then place those on their route.

Then there is Apple Maps’ new “Guides” feature, largely a way to combat Google Maps’ Explore, powered by Google’s vast business data. Here, Apple has partnered with AllTrails to add information on hiking, at a time when outdoor activities have become one of the only ways we can safely entertain ourselves without fear of catching the virus.

In another response the COVID-19 crisis, Apple has added the option for users to customize their Memoji — their personalized emoji — with face coverings, like a mask.

Though a minor tweak, the option gives users a chance to display their character as a mask wearer, which could help to destigmatize the idea of mask wearing in a market like the U.S. where it isn’t yet part of the cultural norm.

There was also a hint of how Apple understands the changes being wrought by COVID-19 in what it didn’t announce.

For example, Apple has been focused in recent years on addressing the growing criticism around the addictiveness of its iPhone device and its apps that constantly clamor for attention. It introduced a Screen Time platform in 2018 to allow iPhone owners to schedule time away from their devices, set limits on app usage, and more for either themselves or their kids. Last year, it expanded parental controls to limit who kids could call and FaceTime, and when, as part of this Screen Time system. It offered a way to more easily silence notifications. 

This go around, the concept of “too much screen time” is nowhere to be found.

This aligns with the choices consumers have made during COVID-19. According to App Annie, the global daily time spent per user on mobile increased 20% to 4 hours 20 minutes in April 2020 from 2019.

And as the pandemic rages, many parents have long since given up on reducing their kids’ screen time, as well.

Apple made no mention of upgrades in this area during its keynote. In fact, it presented device owners with a solution that’s more reflective of where we are now: with so many apps and games cluttering our iPhone, we can’t even find the ones we want anymore. The new iOS 14 user interface with its App Library and widgeting system is designed for a time when we’re using a lot of apps, not trying to distance ourselves from them. And Apple is here to accommodate that need.

Apple’s iOS 14 will give users option to decline ad tracking

A new version of iOS wouldn’t be the same without a bunch of security and privacy updates. Apple on Monday announced a ton of new features it’ll bake into iOS 14, expected out later this year with the release of new iPhones and iPads.

Apple said it will allow users to share your approximate location with apps, instead of your precise location. It’ll allow apps to take your rough location without identifying precisely where you are. It’s another option that users have when they give over their location. Last year, Apple allowed users to give over their location once so that apps can’t track a person as they go about their day.

iPhones with iOS 14 will also get a camera recording indicator in the status bar. It’s a similar feature to the camera light that comes with Macs and MacBooks. The recording indicator will sit in the top bar of your iPhone’s display when your front or rear camera is in use.

But the biggest changes are for app developers themselves, Apple said. In iOS 14, users will be asked if they want to be tracked by the app. That’s a major change that will likely have a ripple effect: by allowing users to reject tracking, it’ll reduce the amount of data that’s collected, preserving user privacy.

Apple also said it will also require app developers to self-report the kinds of permissions that their apps ask for. This will improve transparency, allowing the user to know what kind of data they may have to give over in order to use the app. It’s a feature that Android users have been able to see app permissions for years on the Google Play app store.

The move is Apple’s latest assault against the ad industry as part of the tech giant’s privacy-conscious mantra.

The ad industry has frequently been the target of Apple’s barbs, amid a string of controversies that have embroiled both advertisers and data-hungry tech giants, like Facebook and Google, which make the bulk of their profits from targeted advertising. As far back as 2015, Apple CEO Tim Cook said its Silicon Valley rivals are “gobbling up everything they can learn about you and trying to monetize it.” Apple, which makes its money selling hardware, “elected not to do that,” said Cook.

As targeted advertising became more invasive, Apple countered by baking in new privacy features to its software, like its intelligence tracking prevention technology and allowing Safari users to install content blockers that prevent ads and trackers from loading.

Just last year Apple told developers to stop using third-party trackers in apps for children or face rejection from the App Store.

Oracle’s BlueKai tracks you across the web. That data spilled online

Have you ever wondered why online ads appear for things that you were just thinking about?

There’s no big conspiracy. Ad tech can be creepily accurate.

Tech giant Oracle is one of a few companies in Silicon Valley that has near-perfected the art of tracking people across the internet. The company has spent a decade and billions of dollars buying startups to build its very own panopticon of users’ web browsing data.

One of those startups, BlueKai, which Oracle bought for a little over $400 million in 2014, is barely known outside marketing circles, but it amassed one of the largest banks of web tracking data outside of the federal government.

BlueKai uses website cookies and other tracking tech to follow you around the web. By knowing which websites you visit and which emails you open, marketers can use this vast amount of tracking data to infer as much about you as possible — your income, education, political views, and interests to name a few — in order to target you with ads that should match your apparent tastes. If you click, the advertisers make money.

But for a time, that web tracking data was spilling out onto the open internet because a server was left unsecured and without a password, exposing billions of records for anyone to find.

Security researcher Anurag Sen found the database and reported his finding to Oracle through an intermediary — Roi Carthy, chief executive at cybersecurity firm Hudson Rock and former TechCrunch reporter.

TechCrunch reviewed the data shared by Sen and found names, home addresses, email addresses and other identifiable data in the database. The data also revealed sensitive users’ web browsing activity — from purchases to newsletter unsubscribes.

“There’s really no telling how revealing some of this data can be,” said Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation, told TechCrunch.

“Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet,” said Oracle spokesperson Deborah Hellinger. “While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a reoccurrence of this issue.”

Oracle did not name the companies or say what those additional measures were, and declined to answer our questions or comment further.

But the sheer size of the exposed database makes this one of the largest security lapses this year.

The more it knows

BlueKai relies on vacuuming up a never-ending supply of data from a variety of sources to understand trends to deliver the most precise ads to a person’s interests.

Marketers can either tap into Oracle’s enormous bank of data, which it pulls in from credit agencies, analytics firms, and other sources of consumer data including billions of daily location data points, in order to target their ads. Or marketers can upload their own data obtained directly from consumers, such as the information you hand over when you register an account on a website or when you sign up for a company’s newsletter.

But BlueKai also uses more covert tactics like allowing websites to embed invisible pixel-sized images to collect information about you as soon as you open the page — hardware, operating system, browser and any information about the network connection.

This data — known as a web browser’s “user agent” — may not seem sensitive, but when fused together it can create a unique “fingerprint” of a person’s device, which can be used to track that person as they browse the internet.

BlueKai can also tie your mobile web browsing habits to your desktop activity, allowing it to follow you across the internet no matter which device you use.

Say a marketer wants to run a campaign trying to sell a new car model. In BlueKai’s case, it already has a category of “car enthusiasts” — and many other, more specific categories — that the marketer can use to target with ads. Anyone who’s visited a car maker’s website or a blog that includes a BlueKai tracking pixel might be categorized as a “car enthusiast.” Over time that person will be siloed into different categories under a profile that learns as much about you to target you with those ads.

(Sources: DaVooda, Filborg/Getty Images; Oracle BlueKai)

The technology is far from perfect. Harvard Business Review found earlier this year that the information collected by data brokers, such as Oracle, can vary wildly in quality.

But some of these platforms have proven alarmingly accurate.

In 2012, Target mailed maternity coupons to a high school student after an in-house analytics system figured out she was pregnant — before she had even told her parents — because of the data it collected from her web browsing.

Some might argue that’s precisely what these systems are designed to do.

Jonathan Mayer, a science professor at Princeton University, told TechCrunch that BlueKai is one of the leading systems for linking data.

“If you have the browser send an email address and a tracking cookie at the same time, that’s what you need to build that link,” he said.

The end goal: the more BlueKai collects, the more it can infer about you, making it easier to target you with ads that might entice you to that magic money-making click.

But marketers can’t just log in to BlueKai and download reams of personal information from its servers, one marketing professional told TechCrunch. The data is sanitized and masked so that marketers never see names, addresses or any other personal data.

As Mayer explained: BlueKai collects personal data; it doesn’t share it with marketers.

‘No telling how revealing’

Behind the scenes, BlueKai continuously ingests and matches as much raw personal data as it can against each person’s profile, constantly enriching that profile data to make sure it’s up to date and relevant.

But it was that raw data spilling out of the exposed database.

TechCrunch found records containing details of private purchases. One record detailed how a German man, whose name we’re withholding, used a prepaid debit card to place a €10 bet on an esports betting site on April 19. The record also contained the man’s address, phone number and email address.

Another record revealed how one of the largest investment holding companies in Turkey used BlueKai to track users on its website. The record detailed how one person, who lives in Istanbul, ordered $899 worth of furniture online from a homeware store. We know because the record contained all of these details, including the buyer’s name, email address and the direct web address for the buyer’s order, no login needed.

We also reviewed a record detailing how one person unsubscribed from an email newsletter run by an electronics consumer, sent to his iCloud address. The record showed that the person may have been interested in a specific model of car dash-cam. We can even tell based on his user agent that his iPhone was out of date and needed a software update.

The more BlueKai collects, the more it can infer about you, making it easier to target you with ads that might entice you to that magic money-making click.

The data went back for months, according to Sen, who discovered the database. Some logs dated back to August 2019, he said.

“Fine-grained records of people’s web-browsing habits can reveal hobbies, political affiliation, income bracket, health conditions, sexual preferences, and — as evident here — gambling habits,” said the EFF’s Cyphers. “As we live more of our lives online, this kind of data accounts for a larger and larger portion of how we spend our time.”

Oracle declined to say if it informed those whose data was exposed about the security lapse. The company also declined to say if it had warned U.S. or international regulators of the incident.

Under California state law, companies like Oracle are required to publicly disclose data security incidents, but Oracle has not to date declared the lapse. When reached, a spokesperson for California’s attorney general’s office declined to say if Oracle had informed the office of the incident.

Under Europe’s General Data Protection Regulation, companies can face fines of up to 4% of their global annual turnover for flouting data protection and disclosure rules.

Trackers, trackers everywhere

BlueKai is everywhere — even when you can’t see it.

One estimate says BlueKai tracks over 1% of all web traffic — an unfathomable amount of daily data collection — and tracks some of the world’s biggest websites: Amazon, ESPN, Forbes, Glassdoor, Healthline, Levi’s, MSN.com, Rotten Tomatoes, and The New York Times. Even this very article has a BlueKai tracker because our parent company, Verizon Media, is a BlueKai partner.

But BlueKai is not alone. Nearly every website you visit contains some form of invisible tracking code that watches you as you traverse the internet.

As invasive as it is that invisible trackers are feeding your web browsing data to a gigantic database in the cloud, it’s that very same data that has kept the internet largely free for so long.

To stay free, websites use advertising to generate revenue. The more targeted the advertising, the better the revenue is supposed to be.

While the majority of web users are not naive enough to think that internet tracking does not exist, few outside marketing circles understand how much data is collected and what is done with it.

Take the Equifax data breach in 2017, which brought scathing criticism from lawmakers after it collected millions of consumers’ data without their explicit consent. Equifax, like BlueKai, relies on consumers skipping over the lengthy privacy policies that govern how websites track them.

In any case, consumers have little choice but to accept the terms. Be tracked or leave the site. That’s the trade-off with a free internet.

But there are dangers with collecting web-tracking data on millions of people.

“Whenever databases like this exist, there’s always a risk the data will end up in the wrong hands and in a position to hurt someone,” said Cyphers.

Cyphers said the data, if in the hands of someone malicious, could contribute to identity theft, phishing or stalking.

“It also makes a valuable target for law enforcement and government agencies who want to piggyback on the data gathering that Oracle already does,” he said.

Even when the data stays where it’s intended, Cyphers said these vast databases enable “manipulative advertising for things like political issues or exploitative services, and it allows marketers to tailor their messages to specific vulnerable populations,” he said.

“Everyone has different things they want to keep private, and different people they want to keep them private from,” said Cyphers. “When companies collect raw web browsing or purchase data, thousands of little details about real people’s lives get scooped up along the way.”

“Each one of those little details has the potential to put somebody at risk,” he said.


Send tips securely over Signal and WhatsApp to +1 646-755-8849.

Software will reshape our world in the next decade

As I was wrapping up a Zoom meeting with my business partners, I could hear my son joking with his classmates in his online chemistry class.

I have to say this is a very strange time for me: As much as I love my family, in normal times, we never spend this much time together. But these aren’t normal times.

In normal times, governments, businesses and schools would never agree to shut everything down. In normal times, my doctor wouldn’t agree to see me over video conferencing.

No one would stand outside a grocery store, looking down to make sure they were six feet apart from one another. In times like these, decisions that would normally take years are being made in a matter of hours. In short, the physical world — brick-and-mortar reality— has shut down. The world still functions, but now it is operating inside everyone’s own home.

This not-so-normal time reminds me of 2008, the depths of the financial crisis. I sold my company BEA Systems, which I co-founded, to Oracle for $8.6 billion in cash. This liquidity event was simultaneously the worst and most exhausting time of my career, and the best time of my career, thanks to the many inspiring entrepreneurs I was able to meet.

These were some of the brightest, hardworking, never-take-no-for-an-answer founders, and in this era, many CEOs showed their true colors. That was when Slack, Lyft, Uber, Credit Karma, Twilio, Square, Cloudera and many others got started. All of these companies now have multibillion dollar market caps. And I got to invest and partner with some of them.

Once again, I can’t help but wonder what our world will look like in 10 years. The way we live. The way we learn. The way we consume. The way we will interact with each other.

What will happen 10 years from now?

Welcome to 2030. It’s been more than two decades since the invention of the iPhone, the launch of cloud computing and one decade since the launch of widespread 5G networks. All of the technologies required to change the way we live, work, eat and play are finally here and can be distributed at an unprecedented speed.

The global population is 8.5 billion and everyone owns a smartphone with all of their daily apps running on it. That’s up from around 500 million two decades ago.

Robust internet access and communication platforms have created a new world.

The world’s largest school is a software company — its learning engine uses artificial intelligence to provide personalized learning materials anytime, anywhere, with no physical space necessary. Similar to how Apple upended the music industry with iTunes, all students can now download any information for a super-low price. Tuition fees have dropped significantly: There are no more student debts. Kids can finally focus on learning, not just getting an education. Access to a good education has been equalized.

The world’s largest bank is a software company and all financial transactions are digital. If you want to talk to a banker live, you’ll initiate a text or video conference. On top of that, embedded fintech software now powers all industries.

No more dirty physical money. All money flow is stored, traceable and secured on a blockchain ledger. The financial infrastructure platforms are able to handle customers across all geographies and jurisdictions, all exchanges of value, all types of use-cases (producers, distributors, consumers) and all from the start.

The world’s largest grocery store is a software and robotics company — groceries are delivered whenever and wherever we want as fast as possible. Food is delivered via robot or drones with no human involvement. Customers can track where, when and who is involved in growing and handling my food. Artificial intelligence tells us what we need based on past purchases and our calendars.

The world largest hospital is a software and robotics company — all initial diagnoses are performed via video conferencing. Combined with patient medical records all digitally stored, a doctor in San Francisco and her artificial intelligence assistant can provide personalized prescriptions to her patients in Hong Kong. All surgical procedures are performed by robots, with supervision by a doctor of course, we haven’t gone completely crazy. And even the doctors get to work from home.

Our entire workforce works from home: Don’t forget the main purpose of an office is to support companies’ workers in performing their jobs efficiently. Since 2020, all companies, and especially their CEOs, realized it was more efficient to let their workers work from home. Not only can they save hours of commute time, all companies get to save money on office space and shift resources toward employee benefits. I’m looking back 10 years and saying to myself, “I still remember those days when office space was a thing.”

The world’s largest entertainment company is a software company, and all the content we love is digital. All blockbuster movies are released direct-to-video. We can ask Alexa to deliver popcorn to the house and even watch the film with friends who are far away. If you see something you like in the movie, you can buy it immediately — clothing, objects, whatever you see — and have it delivered right to your house. No more standing in line. No transport time. Reduced pollution. Better planet!

These are just a few industries that have been completely transformed by 2030, but these changes will apply universally to almost anything. We were told software was eating the world.

The saying goes you are what you eat. In 2030, software is the world.

Security and protection no longer just applies to things we can touch and see. What’s valuable for each and every one of us is all stored digitally — our email account, chat history, browsing data and social media accounts. It goes on and on. We don’t need a house alarm, we need a digital alarm.

Even though this crisis makes the near future seem bleak, I am optimistic about the new world and the new companies of tomorrow. I am even more excited about our ability to change as a human race and how this crisis and technology are speeding up the way we live.

This storm shall pass. However the choices we make now will change our lives forever.

My team and I are proud to build and invest in companies that will help shape the new world; new and impactful technologies that are important for many generations to come, companies that matter to humanity, something that we can all tell our grandchildren about.

I am hopeful.

Apple Pay and iOS App Store under formal antitrust probe in Europe

Apple is under formal investigation by antitrust regulators in European Union — following a number of complaints related to how it operates the iOS App Store and also its payment offering, Apple Pay.

The Commission said today that it has concerns that conditions and restrictions applied by the tech giant may be distorting competition in a number of areas, following a preliminary probe of the issues.

Back in March 2019, European music streaming service Spotify filed an antitrust complaint against Apple — railing very publicly against what it dubbed an “Apple tax”; aka the 30% tariff the tech giant applies on accepting payments in apps on its App Store. Spotify also accused Apple of impeding its business by applying arbitrary rules — such as making it harder to offer its own users discounts.

The Commission confirmed today that it’s looking formally into whether Apple’s rules for app developers on the distribution of apps via the App Store violate EU competition rules. It said the probe focuses on Apple’s mandatory requirement that app developers use its own proprietary in-app purchase system, as well as restrictions applied on the ability of developers to inform iPhone and iPad users of alternative cheaper purchasing possibilities outside of apps.

As well as the very public complaint from Spotify, the Commission has received a similar complaint from an unnamed e-book/audiobook distributor related to the impact of the App Store rules on competition.

Two specific restrictions imposed by Apple in its agreements with companies that wish to distribute apps to users of Apple devices will be investigated, per the Commission — namely [emphasis its]:

(i)   The mandatory use of Apple’s own proprietary in-app purchase system “IAP” for the distribution of paid digital content. Apple charges app developers a 30% commission on all subscription fees through IAP.

(ii)  Restrictions on the ability of developers to inform users of alternative purchasing possibilities outside of apps. While Apple allows users to consume content such as music, e-books and audiobooks purchased elsewhere (e.g. on the website of the app developer) also in the app, its rules prevent developers from informing users about such purchasing possibilities, which are usually cheaper.

“Following a preliminary investigation the Commission has concerns that Apple’s restrictions may distort competition for music streaming services on Apple’s devices,” it writes in a press release. “Apple’s competitors have either decided to disable the in-app subscription possibility altogether or have raised their subscription prices in the app and passed on Apple’s fee to consumers.

“In both cases, they were not allowed to inform users about alternative subscription possibilities outside of the app. The IAP obligation also appears to give Apple full control over the relationship with customers of its competitors subscribing in the app, thus dis-intermediating its competitors from important customer data while Apple may obtain valuable data about the activities and offers of its competitors.”

Commenting in a statement, Commission EVP Margrethe Vestager — who heads up competition policy for the bloc — added: Mobile applications have fundamentally changed the way we access content. Apple sets the rules for the distribution of apps to users of iPhones and iPads. It appears that Apple obtained a ‘gatekeeper’ role when it comes to the distribution of apps and content to users of Apple’s popular devices. We need to ensure that Apple’s rules do not distort competition in markets where Apple is competing with other app developers, for example with its music streaming service Apple Music or with Apple Books. I have therefore decided to take a close look at Apple’s App Store rules and their compliance with EU competition rules.”

Vestager’s reference to a “gatekeeper” role has specific significance as the Commission is currently consulting on updating regulations for digital platforms — including floating the possibility of ex ante regulation for platforms deemed to be gatekeepers vis-a-vis other suppliers.  (In parallel, the Commission is consulting on updates to competition law that may allow it to intervene more swiftly in future, in instances where it suspects digital markets have ‘tipped’.)

Spotify welcomed the Commission’s action, writing in a statement:

Today is a good day for consumers, Spotify and other app developers across Europe and around the world. Apple’s anticompetitive behavior has intentionally disadvantaged competitors, created an unlevel playing field, and deprived consumers of meaningful choice for far too long. We welcome the European Commission’s decision to formally investigate Apple, and hope they’ll act with urgency to ensure fair competition on the iOS platform for all participants in the digital economy.

On Apple Pay, the Commission said a formal investigation of how it operates the payment tech will look at the “terms, conditions and other measures” Apple applies for integrating the payment solution in merchant apps and websites on iPhones and iPads; Apple’s limitation of access to the NFC functionality on iPhones for payments in stores; and allegations of “refusals of access to Apple Pay”.

Following a preliminary probe, the Commission said it is concerned Apple’s processes “may distort competition and reduce choice and innovation”.

It also notes that Apple Pay is the only mobile payment solution that is allowed to access NFC technology on iOS devices for making payments in stores.

“The investigation will also focus on alleged restrictions of access to Apple Pay for specific products of rivals on iOS and iPadOS smart mobile devices,” it added.

The Commission said it will carry out the investigations “as a matter of priority”, but there’s no set timeframe for how long this process might take.

EU antitrust investigations have tended to take a number of years from an announcement of a formal probe to a decision being reached. (Although, in an ongoing investigation against Broadcom, Vestager recently dusted off a tool to accelerate regulatory intervention — but as yet there’s no formal ‘statement of objections’ against Apple so it remains to be seen how this case will proceed, and whether regulators may seek to speed up any intervention.)

Reached for comment on the Commission’s announcement of the two antitrust investigations, Apple dubbed the complaints “baseless” — choosing to throw shade on the complainants by claiming these companies are after “a free ride, and don’t want to play by the same rules as everyone else”.

Here’s Apple’s statement on the two investigations in full:

Throughout our history, Apple has created groundbreaking new products and services in some of the most fiercely competitive markets in the world. We follow the law in everything we do and we embrace competition at every stage because we believe it pushes us to deliver even better results.

We developed the App Store with two goals in mind: that it be a safe and trusted place for customers to discover and download apps, and a great business opportunity for entrepreneurs and developers. We’re deeply proud of the countless developers who’ve innovated and found success through our platform. And as we’ve grown together, we’ve continued to deliver innovative new services — like Apple Pay — that provide the very best customer experience while meeting industry-leading standards for privacy and security.

It’s disappointing the European Commission is advancing baseless complaints from a handful of companies who simply want a free ride, and don’t want to play by the same rules as everyone else. We don’t think that’s right — we want to maintain a level playing field where anyone with determination and a great idea can succeed.

At the end of the day, our goal is simple: for our customers to have access to the best app or service of their choice, in a safe and secure environment. We welcome the opportunity to show the European Commission all we’ve done to make that goal a reality.

Apple has had a number of run-ins with EU regulators over the years — including a probe of its acquisition of Shazam (which was later cleared); a major investigation of ebook pricing; and a probe of tax benefits in Ireland which saw it on the hook for $15BN.

French competition regulators also recently fined the tech giant $1.2BN for anti-competitive sales tactics. It’s also been fined $27M by French regulators this year for throttling old iPhones.

This report was updated with comment from Spotify

Swappie bags $40.6M to sell more secondhand iPhones across Europe

Finland-based Swappie has closed a €35.8 million ($40.6M) Series B to expand into new markets in Europe. The ecommerce business refurbishes and resells used iPhones, taking care of the entire process from testing and repairing used handsets, to selling the refurbished devices via its own marketplace, with a 12-month warranty.

Local VC and private equity firm TESI is a new investor in the Series B, along with Lifeline Ventures, Reaktor Ventures and Inventure Investors, all of whom participated in Swappie’s 2019 Series A. The total raised to date since the business was founded in 2016 is $48M.

Right now Swappie operates in Finland, Sweden, Denmark and Italy. The new financing will be used to expand across Europe, beginning with launches in Germany, Ireland, Portugal and the Netherlands this summer.

It’s also eyeing expansion beyond Europe — so will be speccing out a broader roadmap for the future.

“The main focus of this round is to become the number one player in Europe. But also to explore opportunities outside Europe as well,” says CEO and co-founder Sami Marttinen. “That’s something we will be looking into but no concrete plans to announce at this point.

“There are still opportunities for our business model everywhere in the world. So it’s a matter of just building the roadmap — where to go next.”

Swappie’s Jiri Heinonen (CMO) and Sami Marttinen (CEO) (Photo credit: Swappie)

Swappie touts growing consumer demand in the region to buy refurbished phones, saying that from 2018 to 2019 revenues grew 4x, hitting $35M+ in net revenue in 2019. It’s also seeing demand continuing to grow this year — recording a 5x increase in net revenue growth in April and May 2020 vs the same period last year, despite the ongoing COVID-19 pandemic. Indeed, the trend of consumers shifting to buying more online looks to be a help for its online marketplace.

Commenting on Swappie’s Series B in a statement, Tony Nysten, Investment Manager at TESI, said: “We believe there is a huge growth opportunity for Swappie. The smartphone market in Europe is worth over €100BN but used or refurbished phones currently make up just over 10% of that and only one in four pre-owned phones are currently re-sold. Through its rapid growth to date, Swappie has proven its ability to not just grow market share within the refurbished market, but to expand the size of the category overall. The business has enormous potential.”

Swappie’s early choice of market focus included not only familiar turf in the Nordics — but Italy, in Southern Europe. The latter was chosen deliberately on account of it being a tough market for ecommerce, per Marttinen.

“In the really early days the reason why we went to Italy was because it was one of the toughest ecommerce markets in Europe — they have a really low ecommerce maturity index. It’s very different in terms of shopping behavior. You need to build another level of trust in that market. There are lots of unique traits like cash on delivery, things like that. So we knew that in order to really conquer the market globally — and to be able to deliver on our global ambitions we would need to enter as difficult markets as early in our journey as possible.

“These days we have a much more advanced playbook and market studies across Europe.”

Swappie describes itself as a ‘scale-up’ tech business on account of addressing the whole value chain, per Marttinen.

“We’ve done a lot there on the hardware side — when it comes to actually refurbishing the devices we can make them even stronger then the original devices in many cases. So that means we can go as deep as onto the motherboard level in the repairs. Then on the software side, of course, we’re making selling and distribution and everything else scalable. Making sure that the checking processes and all the processes in the factory are according to the latest standards,” he says.

“Because of being so focused in also building the processes and focusing on the quality so much, so actually we have been able to truly change the way people consume electronics,” he adds. “If you think about it from a local player perspective they are typically mostly competing for the people who are already buying used devices — whereas we are able to deliver on this market by having full control of the entire value chain, from buying to refurbishing, to selling the phones to consumers.

“Most of our customers are buying used or refurbished devices for the first time — so actually our biggest competitors are new smartphone retailers.”

The most popular iPhone model sold on Swappie’s marketplace last year was the iPhone 8, per Marttinen.

He won’t disclosed the exact number of iPhones Swappie has refurbished and sold at this point but he says it’s a six-figure number — aka ‘hundreds of thousands’. 

The team chose to focus on iPhones to ensure they can deliver the highest quality device refurbishment, he says, while also benefiting from the relatively higher cost of Apple’s smartphone hardware vs Android devices. Though he doesn’t rule out expanding to offer another type of refurbished smartphone in future.  

“The business is now growing really rapidly but what we noticed in the early days is that the new device prices had started to rise before we started this business so we have been very lucky with the timing,” he tells TechCrunch, noting that Swappie also benefitted from the plateauing into advancements between handset models in recent years, as the technology matured.

“If you can build trust into this business, and make sure that the phones function as well as new devices — and that you’re actually making the buying process as well as safe as buying a new phone — that way you can actually accelerate the growth of the market. So that’s what we have been really successful in. It’s kind of the key to being able to grow so quickly.”

“One main point there has been that because we refurbish every device ourselves in our own factory in Finland we can deliver to customers the highest quality devices under warranty for much less than the cost of a new phone and also be more environmentally friendly,” he adds.

While, in years past, there have been instances of iPhone users’ devices bricked after a repair by an unauthorized repair shop Marttinen says Swappie is using only original iPhone parts so has avoided such problems.

He also points to recent European Commission proposals for a pan-EU ‘right to repair’ for electronics which suggests device makers selling in the region will be required to respect repairability, rather than using software updates as a way to penalize consumers who seek to extend the lifespan of their current device.

Photo credit: Swappie

Swappie’s business also slots into a wider Commission mission to transition the EU to a circular economy, as part of the green deal announced by current president, Ursula von der Leyen — so it’s skating to where the puck is headed, if you like.

“It’s really good for the environment that the right to repair legislation has come forward in the past few years. That’s one very important point for us as well which was one of the reasons why we wanted to built microscope level repairs in our factories — so we wouldn’t have to scrap as many phones as you normally would,” Marttinen adds.

What can’t it repair? The proportion of iPhones which turn out to be truly unsalvageable via its processes is “extremely small“, he says. “We can actually do any repairs that are possible to do the phones so, basically, water damaged phones which have been at the bottom of the ocean — those are of course unrepairable. Or if the phone is bent too much or if the motherboard is completely ruined. But basically all the other faults we can repair.”

On the competitive front, he says Swappie’s main rival are retailers selling new iPhones — given it’s trying to woo iOS users away from buying a brand new iPhone. On the secondhand marketplace front Marttinen mentions reBuy as one of the main rival players in refurbishing and reselling electronics, though it does not focus on iPhones — offering a full range of devices, from wearables to smartphones and tablets, laptops, consoles and cameras.

Decrypted: DEA spying on protesters, DDoS attacks, Signal downloads spike

This week saw protests spread across the world sparked by the murder of George Floyd, an unarmed Black man, killed by a white police officer in Minneapolis last month.

The U.S. hasn’t seen protests like this in a generation, with millions taking to the streets each day to lend their voice and support. But they were met with heavily armored police, drones watching from above, and “covert” surveillance by the federal government.

That’s exactly why cybersecurity and privacy is more important than ever, not least to protect law-abiding protesters demonstrating against police brutality and institutionalized, systemic racism. It’s also prompted those working in cybersecurity — many of which are former law enforcement themselves — to check their own privilege and confront the racism from within their ranks and lend their knowledge to their fellow citizens.


THE BIG PICTURE

DEA allowed ‘covert surveillance’ of protesters

The Justice Department has granted the Drug Enforcement Administration, typically tasked with enforcing federal drug-related laws, the authority to conduct “covert surveillance” on protesters across the U.S., effectively turning the civilian law enforcement division into a domestic intelligence agency.

The DEA is one of the most tech-savvy government agencies in the federal government, with access to “stingray” cell site simulators to track and locate phones, a secret program that allows the agency access to billions of domestic phone records, and facial recognition technology.

Lawmakers decried the Justice Department’s move to allow the DEA to spy on protesters, calling on the government to “immediately rescind” the order, describing it as “antithetical” to Americans’ right to peacefully assembly.