After data incidents, Instagram expands its bug bounty

Facebook is expanding its data abuse bug bounty to Instagram.

The social media giant, which owns Instagram, first rolled out its data abuse bounty in the wake of the Cambridge Analytica scandal, which saw tens of millions of Facebook profiles scraped to help swing undecided voters in favor of the Trump campaign during the U.S. presidential election in 2016.

The idea was that security researchers and platform users alike could report instances of third-party apps or companies that were scraping, collecting and selling Facebook data for other purposes, such as to create voter profiles or build vast marketing lists.

Even following he high profile public relations disaster of Cambridge Analytica, Facebook still still had apps illicitly collecting data on its users.

Instagram wasn’t immune either. Just this month Instagram booted a “trusted” marketing partner off its platform after it was caught scraping millions of users’ stories, locations and other data points on millions of users, forcing Instagram to make product changes to prevent future scraping efforts. That came after two other incidents earlier this year where a security researcher found 14 million scraped Instagram profiles sitting on an exposed database — without a password — for anyone to access. Another incident saw another company platform scrape the profile data — including email addresses and phone numbers — of Instagram influencers.

Last year Instagram also choked developers’ access as the company tried to rebuild its privacy image in the aftermath of the Cambridge Analytica scandal.

Dan Gurfinkel, security engineering manager at Instagram, said its new and expanded data abuse bug bounty aims to “encourage” security researchers to report potential abuse.

Instagram said it’s also inviting a select group of trusted security researchers to find flaws in its Checkout service ahead of its international rollout, who will also be eligible for bounty payouts.

Read more:

Week in Review: Snapchat beats a dead horse

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how Netflix might have some rough times ahead as Disney barrels towards it.


3d video spectacles 3

The big story

There is plenty to be said about the potential of smart glasses. I write about them at length for TechCrunch and I’ve talked to a lot of founders doing cool stuff. That being said, I don’t have any idea what Snap is doing with the introduction of a third-generation of its Spectacles video sunglasses.

The first-gen were a marketing smash hit, their sales proved to be a major failure for the company which bet big and seemingly walked away with a landfill’s worth of the glasses.

Snap’s latest version of Spectacles were announced in Vogue this week, they are much more expensive at $380 and their main feature is that they have two cameras which capture images in light depth which can lead to these cute little 3D boomerangs. One one hand, it’s nice to see the company showing perseverance with a tough market, on the other it’s kind of funny to see them push the same rock up the hill again.

Snap is having an awesome 2019 after a laughably bad 2018, the stock has recovered from record lows and is trading in its IPO price wheelhouse. It seems like they’re ripe for something new and exciting, not beautiful yet iterative.

The $150 Spectacles 2 are still for sale, though they seem quite a bit dated-looking at this point. Spectacles 3 seem to be geared entirely towards women, and I’m sure they made that call after seeing the active users of previous generations, but given the write-down they took on the first-generation, something tells me that Snap’s continued experimentation here is borne out of some stubbornness form Spiegel and the higher-ups who want the Snap brand to live in a high fashion world and want to be at the forefront of an AR industry that seems to have already moved onto different things.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

tumblr phone sold

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • WordPress buys Tumblr for chump change
    Tumblr, a game-changing blogging network that shifted online habits and exited for $1.1 billion just changed hands after Verizon (which owns TechCrunch) unloaded the property for a reported $3 million. Read more about this nightmarish deal here.
  • Trump gives American hardware a holiday season pass on tariffs 
    The ongoing trade war with China generally seems to be rough news for American companies deeply intertwined with the manufacturing centers there, but Trump is giving U.S. companies a Christmas reprieve from the tariffs, allowing certain types of hardware to be exempt from the recent rate increases through December. Read more here.
  • Facebook loses one last acquisition co-founder
    This week, the final remnant of Facebook’s major acquisitions left the company. Oculus co-founder Nate Mitchell announced he was leaving. Now, Instagram, WhatsApp and Oculus are all helmed by Facebook leadership and not a single co-founder from the three companies remains onboard. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook’s turn in audio transcription debacle:
    [Facebook transcribed users’ audio messages without permission]
  2. Google’s hate speech detection algorithms get critiqued:
    [Racial bias observed in hate speech detection algorithm from Google]
  3. Amazon has a little email mishap:
    [Amazon customers say they received emails for other people’s orders]

Adam Neumann (WeWork) at TechCrunch Disrupt NY 2017

Extra Crunch

Our premium subscription service had another week of interesting deep dives. My colleague Danny Crichton wrote about the “tech” conundrum that is WeWork and the questions that are still unanswered after the company filed documents this week to go public.

WeWork’s S-1 misses these three key points

…How is margin changing at its older locations? How is margin changing as it opens up in places like India, with very different costs and revenues? How do those margins change over time as a property matures? WeWork spills serious amounts of ink saying that these numbers do get better … without seemingly being willing to actually offer up the numbers themselves…

Here are some of our other top reads this week for premium subscribers. This week, we published a major deep dive into the world’s next music unicorn and we dug deep into marketplace startups.

Sign up for more newsletters in your inbox (including this one) here.

Instagram and Facebook are experiencing outages

Users reported issues with Instagram and Facebook Sunday morning.

The mobile apps wouldn’t load for many users beginning in the early hours of the morning, prompting thousands to take to Twitter to complain about the outage. #facebookdown and #instagramdown are both trending on Twitter at time of publish.

We’ve reached out to Facebook for more information and when they are expecting services to come back online. We’ll update this story when we hear back.

 

Apple has pushed a silent Mac update to remove hidden Zoom web server

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

The video conferencing giant took flack from users following a public vulnerability disclosure on Monday by Jonathan Leitschuh, in which he described how “any website [could] forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.” The undocumented web server remained installed even if a user uninstalled Zoom. Leitschuh said this allowed Zoom to reinstall the app without requiring any user interaction.

He also released a proof-of-concept page demonstrating the vulnerability.

Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.

The update will now prompt users if they want to open the app, whereas before it would open automatically.

Apple often pushes silent signature updates to Macs to thwart known malware — similar to an anti-malware service — but it’s rare for Apple to take action publicly against a known or popular app. The company said it pushed the update to protect users from the risks posed by the exposed web server.

Zoom spokesperson Priscilla McCarthy told TechCrunch: “We’re happy to have worked with Apple on testing this update. We expect the web server issue to be resolved today. We appreciate our users’ patience as we continue to work through addressing their concerns.”

More than four million users across 750,000 companies around the world use Zoom for video conferencing.

Instagram’s new chat sticker lets friends ask to get in on the conversation directly in Stories

Instagram has a new sticker type rolling out today that lets friends and followers instantly tap to start conversations from within Stories. The new sticker option, labelled “Chat,” will let anyone looking at a story request to join an Instagram group DM conversation tied to the post, with the original poster still getting the opportunity to actually approve the requests coming in from their friends and followers.

Instagram’s Direct Messages provide built-in one-to-one and one-to-many private messaging for users on the platform, and are one key way that the social network owned by Facebook has used to fend off, anticipate and adapt features from would-be competitor Snapchat. The company confirmed in May that it was discontinuing development of Direct, its own standalone app version of the Instagram DM feature, but its clearly still interested on iterating the core product to make it more engaging for users and better linked to Instagram’s other core sharing capabilities.

Vertical market networks, effective startup names, Libra, Carbon, and Sidewalk Labs

The next service marketplace wave: Vertical market networks

B2B service marketplaces (think translation as a service) are an extraordinarily lucrative startup category. But despite the incredible potential of these platforms to generate outsized returns, many fail. Why?

Ivan Smolnikov, the CEO and founder of translation service startup Smartcat, investigates why certain marketplaces seem to grow while others stall. His conclusion is that unlocking value for both sides of the marketplace is much more challenging than it appears, and the most successful, next-generation marketplaces are going to come from highly networked, efficient platforms for complex projects targeting specific verticals.

Smolnikov then gives a step-by-step guide to optimizing marketplace growth.

One reason is that several service providers must often work together to complete a single job for a buyer, requiring a complex workflow from end to end. As a result, it’s difficult for marketplaces to not only mediate service delivery but also make it significantly more efficient for buyers and suppliers. If both the buyer and suppliers don’t see a significant efficiency gain other than being initially matched, why would they continue using the marketplace?

What startup names are most effective?

Perhaps the first step in building a company is just figuring out what to call it. Adam Zelcer, who founded Adboy, explores some tactics on how to optimize a startup’s name.

Week-in-Review: YouTube’s awful comments and Google’s $1B tech-free investment

Hello, weekend readers. This is Week-in-Review where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how the top gaming industry franchises were proving immortal and how that could change. I mainly asked questions and I got some great answers in my email. Keep the feedback coming.

An interesting corollary to that conversation was Niantic releasing its Harry Potter title this week, a game that takes liberal gameplay cues from Pokémon GO but attaches it to new IP. The big question is whether Niantic can strike gold twice; here’s an Extra Crunch interview my colleague Greg did with the startup’s CEO.


This week, the biggest tech topic at hand from the big companies was probably Facebook’s Libra cryptocurrency, I’d normally dig into that but my colleague Josh did such a bang-up job breaking down Libra and why it’s important that I don’t feel the need to. You can read his explainer below.

Facebook announces Libra cryptocurrency: All you need to know 

In the midst of scouring this week’s headlines, a pretty low-key story from Friday caught my eye detailing how YouTube was testing a version of its app where the comments were hidden by default. Companies test this stuff all the time and it’s hardly a commitment but it did make me reflect on how the nature of user-submitted comments has shifted and how certain platforms develop community cultures based on the way those comments are sorted.

Web comments have been searching for their final form for a while now. Twitter turned comments into the main 140 character dish, but Twitter’s influence is getting baked into a ton of platforms. Sites like Instagram are starting to gain a greater understanding of how users want responses to complement their content and the opportunities they’ve seized on really showcase the user-submitted opportunities being wasted by platforms like YouTube and Twitch.

YouTube downgrading their comment visibility kind of highlights what a cesspool the company has allowed them to turn into, but rather than being a place where people are vile, the platform just hasn’t grown them into something useful or exciting over the past decade.

As Instagram continues to become a place where more and more famous users interact with each other, the comment fields are becoming the place where users “bond” with the accounts they follow even if they’re still lurking around and reading how the account responds to other high-profile users. 

This is how public channels with big audiences should operate. Sure, it’s partially a result of the culture of the platform, but algorithms can shape these cultures.

The issue is so many other comment systems are seemingly organized to treat anonymous users, real-name users and verified personalities the same. Ascribing an equal weight to all of these types of content is kind of a surprisingly quaint way to handle user-generated content, it’s also a great way for platforms to find engagement ceilings and the limits of what spam can become.

You don’t have to go searching far through TechCrunch’s stories to find some good old-fashioned “how I earned $72/hour working from home” spam, but just because something isn’t spam doesn’t means it’s worthwhile. Platforms have developed their own comment memes based on what can play the algorithms, it’s not particularly useful, “Like if Jimmy Fallon brought you here,” “Like if you’re watching this in 2019.”

Platforms organized around building communities have an incentive to elevate anonymous voices and foster relationships and dialogue. Back in the Gawker days, most of my time on the site was spent digging through the comments looking for commenters I recognized and enjoying their dialogue. That’s what Reddit has become in a lot of ways, a place where the posts are secondary to the reactions, but the forum systems of web 1.0 aren’t made for such general influencer-focused platforms of 2019 and it’s an area where there are a lot of wasted opportunities.

YouTube comments have garnered this reputation for being so laughable bad because the company has let the average of what’s submitted define them, acting as a one-size fits all for platforms that are decidedly more dynamic.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context.

  • Tesla paints it black (for a price)
    Tesla is looking to keep those margins hopping and there next play to make your Tesla a bit more pricey is by making the white paint job on its vehicles, making white the standard color. It may seem like a rough deal, especially when you can a monitor stand for your new Apple Display for the same price. Read more here about why Elon did this.
  • Google drops a B on the Bay
    To those living in the arena of Silicon Valley, it’s no secret that the housing shortage is hurting wallets. How much of that is big tech’s fault and how much of it is the local government’s fault is hard to tell at times, but certainly neither is doing as much as they could. This week Google pledged a whopping $1 billion worth of assistance to the problem. Forking over $750 million worth of real estate and a quarter-billion dollars worth of funding for residential projects is quite the pledge, let’s see how the money gets spent. You can read more here.
  • Slate failures
    Google’s Pixel Slate tablet was such hot garbage that the company is leaving the tablet game for good and focusing on its Pixel laptop line instead. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of awfulness:

  1. Apple recalls some MacBooks:
    [Apple issues voluntary recall of 2015 MacBook Pro batteries due to overheating concern]
  2. Google swats down shareholder vote:
    [Google defeats shareholders on ‘Dragonfly’ censored search in China]
  3. Facebook in hot water over fake review sales: 
    [Facebook and eBay told to tackle trade in fake reviews]
  4. Maps keeping it real fake:
    [Google responds to report that concluded there are millions of fake business listings on Maps]

Image via Getty Images / Feodora Chiosea

Extra Crunch

Our premium subscription service had another week of interesting deep dives. TechCrunch’s Ron Miller wrote a story asking VCs and CEOs just how much startup founders should be paying themselves.

Startup founders need to decide how much salary is enough

“…Murat Bicer,  general partner at CRV,  says you could probably ask 10 VCs this question, and get 10 different answers, but he sees the range at the low end of perhaps $125,000 and at the high end maybe $200,000, depending on the location of the startup and the cost of living in a particular city…”

Here are some of our other top reads this week for premium subscribers. This week TechCrunch writers talked a bit about keeping your H-1B status and how you should be negotiating your term sheet with strategic investors.

Want more TechCrunch newsletters? Sign up here.

Facebook will not remove deepfakes of Mark Zuckerberg, Kim Kardashian and others from Instagram

Facebook will not remove the faked videos featuring Mark Zuckerberg, Kim Kardashian and President Donald Trump from Instagram, the company said in a statement.

Earlier today, Vice News reported on the existence of videos created by the artists Bill Posters and Daniel Howe and video and audio manipulation companies including CannyAIRespeecher and Reflect. 

The work, featured in a site-specific installation in the UK as well as circulating in video online, was the first test of Facebook’s content review policies since the company’s decision not to remove a manipulated video of House Speaker Nancy Pelosi received withering criticism from Democratic political leadership.

“We have said all along, poor Facebook, they were unwittingly exploited by the Russians,” Pelosi said in an interview with radio station KQED, quoted by The New York Times. “I think they have proven — by not taking down something they know is false — that they were willing enablers of the Russian interference in our election.”

After the late May incident Facebook’s Neil Potts testified before a smorgasbord of international regulators in Ottawa about deep fakes, saying the company would not remove a video of Mark Zuckerberg . This appears to be the first instance testing the company’s resolve.

“We will treat this content the same way we treat all misinformation on Instagram . If third-party fact-checkers mark it as false, we will filter it from Instagram’s recommendation surfaces like Explore and hashtag pages,” said an Instagram spokesperson in an email to TechCrunch.

The videos appear not to violate any Facebook policies, which means that they will be subject to the treatment any video containing misinformation gets on any of Facebook’s platforms. So the videos will be blocked from appearing in the Explore feature and hashtags won’t work with the offending material.

Facebook already uses image detection technology to find content that has been debunked by its third-party fact checking program on Instagram. When misinformation is only present on Instagram the company is testing the ability to promote links into the fact-checking product on Facebook.

“Spectre interrogates and reveals many of the common tactics and methods that are used by corporate or political actors to influence people’s behaviours and decision making,” said Posters in an artist’s statement about the project. “In response to the recent global scandals concerning data, democracy, privacy and digital surveillance, we wanted to tear open the ‘black box’ of the digital influence industry and reveal to others what it is really like.”

Facebook’s consistent decisions not to remove offending content stands in contrast with YouTube which has taken the opposite approach in dealing with manipulated videos and other material that violate its policies.

YouTube removed the Pelosi video and recently took steps to demonetize and remove videos from the platform that violated its policies of hate speech — including a wholesale purge of content about Nazism.

These issues take on greater significance as the U.S. heads into the next Presidential election in 2020.

“In 2016 and 2017, the UK, US and Europe witnessed massive political shocks as new forms of computational propaganda employed by social media platforms, the ad industry, and political consultancies like Cambridge Analytica [that] were exposed by journalists and digital rights advocates,” said Howe, in a statement about his Spectre project. “We wanted to provide a personalized experience that allows users to feel what is at stake when the data taken from us in countless everyday actions is used in unexpected and potentially dangerous ways.”

Perhaps, the incident will be a lesson to Facebook in what’s potentially at stake as well.

 

How to see another company’s growth tactics and try them yourself

Every company’s online acquisition strategy is out in the open. If you know where to look.

This post shows you exactly where to look, and how to reverse engineer their growth tactics.

Why is this important? Competitive analysis de-risks your own growth experiments: You find the best growth ideas to adopt and the worst ones to avoid.

First, a warning: Your goal is not to repurpose another company’s hard work. That makes you a thief. Your goal is to identify other companies who face the same growth challenges as you, then to study their approaches for solutions to draw from.

As I walk through uncovering a competitor’s tactics, keep in mind which competitors are worth looking at: For instance, you should rarely over-analyze early-stage companies. They’re unlikely to be methodical at growth.

Meaning, if you blindly copy their site and their ads, it’s possible you’ll be copying tactics that are not actually responsible for their growth. Their success may instead be from network effects or other hidden factors.

Instead, it’s safest to get inspiration from companies who’ve sustained high growth rates for a long time, and who face the same growth challenges as you. They’re likely to have sophisticated growth operations worth studying deeply. Examples include:

  • Pinterest
  • Airbnb
  • Amazon
  • Facebook
  • Uber

If these aren’t your direct competitors, don’t worry. You don’t need to audit a direct competitor’s tactics to get incredibly valuable insights.

You can look past direct competitors.

You’ll gain useful insights from auditing the user acquisition funnel of any company who has a similar audience and business model.

Examples of audiences:

  • Wealthy consumers
  • Enterprise businesses
  • Middle-class adults who use Chrome
  • Dog owners
  • And so on

Audiences matter because their behaviors and needs differ wildly. Each requires its own growth strategy. You want to audit a company whose audiences is similar to yours.

You also want to ensure the company shares your business model. Examples include:

  • A high-touch sales process with multiple phone calls
  • A consumer ecommerce site with easy checkout
  • A self-serve SaaS signup with a freemium plan
  • A pay-to-play mobile game
  • And so on

Each model may necessitate different ads, landing pages, automated emails, and sales collateral.

The process

Never implement another company’s tactics blindly.

There’s an effective process for growth analysis, and it looks like this:

  1. Source potential growth ideas.
  2. Prioritize them.
  3. A/B test them.
  4. Measure if an A/B variant significantly outperformed its baseline and whether the cost of implementing the winner would be worthwhile.
  5. Only then should you implement it.

An example

Here’s a brief example before we dive into tactics.

Let’s pretend we’re a SaaS company offering consumer banking tools, and that we’re struggling to get users to onboard our app. Our hypothesis is that visitors are bouncing because they don’t trust us with their sensitive information.

Our first step is to define both our audience and our business model:

  • Audience: Tech-savvy, adult consumers.
    Business model: SaaS freemium funnel.

Our next step is to look for companies who share those two aspects. (We can find them on Crunchbase.)

Once we have a few in hand, we look for how they handle customers’ sensitive information throughout their funnel. Specifically, we audit their:

It’s time to learn how we audit all that. I’ll share how our marketer training program teaches marketers to do this on the job.

Tactic #1: How to see a company’s A/B tests

Australia’s design unicorn, Canva, picks up two free image-sharing services, and launches new photo product

Canva, the design and publishing platform taking on Adobe, PowerPoint, and others, has acquired the free stock image providers Pexels and Pixabay and launched a new subscription service for its premium image marketplace, Photos Unlimited.

Taken together, the new strategic moves represent a concerted effort by the company to add more graphic options to its design toolkit.

“With over 1 million images downloaded over 500 million times on their platforms combined, both Pexels and Pixabay have proven that there is a huge demand for free, quality content from small businesses, social media marketers and others — not just from designers and companies with big budgets,” said Canva chief executive Melanie Perkins, in a statement.

Perkins declined to disclose how much Canva spent on the two stock image services.

As a result of the acquisition, Canva users will have access to Pexels and Pixabay’s images through the Canva platform free of charge. Photographs on the respective sites will continue to be free for all users as well, according to Perkins.

“No other design platform truly believes in the mission of empowering the world to design like Canva, and providing free stock content is central to their mission. Today’s announcement signifies a huge step forward in the right direction,” said Pexels co-founder, Ingo Joseph, in a statement. “We’re on our way to put an end to cheesy stock photos and open the doors to more authentic, trending content for free.”

In addition to the free services, Canva is rolling out Photos Unlimited, a subscription service for $12.95 per-month or $120 per-year for the company’s own premium stock photos. That’s in addition to the $1 per-image, per-use, or $20 for lifetime use of images that Canva charges for through its platform.

Canva has over 15 million monthly active users who have made over 1 billion designs since the company launched in 2013.

The Australian company has raised $86.6 million from institutional investors like Australia’s own Blackbird Ventures, Felicis Ventures, Matrix Partners, and Sequoia Capital, alongside celebrity investors including Owen Wilson and Woody Harrelson. Canva’s currently valued at over $1 billion.