Coinbase UX teardown: 5 fails and how to fix them

Digital currency exchange Coinbase has probably done more than most to push cryptocurrencies closer to the mainstream, earning an $8 billion valuation by private investors along the way. The company is reportedly eyeing a public listing next year, and is inarguably doing a lot of things right. However, that doesn’t mean its product experience is perfect. In fact, far from it.

In our latest UX teardown, with the help of Built for Mars founder and UX expert Peter Ramsey, we highlight some of Coinbase’s biggest user experience failings and offer ways to fix them. Many of these lessons can be applied to other existing digital products or ones you are currently building, including the need to avoid the “Get Started” trap, the importance of providing feedback, why familiarity often wins and other principles.

The ‘Get Started’ trap

Only use CTAs like “get started” or “learn more” if you’re actually teaching users something.

The fail: Coinbase doesn’t actually have any onboarding — but it looks like it does. It has a very prominent “get started” CTA, which actually just puts bitcoins in your basket. This isn’t helping you get started, it’s nothing more than an onboarding Trojan horse.

The fix: It’s simple: Don’t lie in your CTAs. You wouldn’t have “Email Support” as a CTA, and then just show the user a bunch of FAQs.

Steve O’Hear: This feels like another classic “bait and switch” and reeks of dark pattern design. However, what if it actually works to get users over the line and purchase their first bitcoin? Growth hackers, rejoice, no?

Peter Ramsey: You’re absolutely right, this may convert better. From a business point of view, this could be a brilliant little growth hack. However, something converting well doesn’t mean it was a good experience for the user. Look at clickbait-y journalism — it gets more eyeballs, but people aren’t generally happy with what they read.

I’m convinced that in the long term having a great product will perform better than frustrating short-term growth hacks.

Feedback architecture

As a general rule of thumb, all “states” — e.g., success/failure of an action — need to provide feedback to the user.

The fail: After adding a card, you click “Add Card,” and … it takes you back to the homepage. There’s no notice if it was successful or not. The user has no awareness if the action they were trying to do failed and they need to do it again. This is a real problem with digital products: All feedback needs to be thought of and built.

The fix: During the design phase, consider statuses and what the user will want feedback on. For example, if they’ve just added an item to their “wishlist,” how will you show them that the action was successful?

Wildtype is opening up a pre-order list for select chefs as it focuses on lab-grown, sushi-grade salmon

Wildtype, the startup making lab-grown salmon, is opening up a pre-order list for select chefs.

Although the company is as much as five years out from commercial production, according to founders, the company is looking to partner with select chefs around the country who want to incorporate their sushi-grade salmon product into their menus.

“We’re not launching right now. We’re releasing the news that we have the next iteration of the product,” said co-founder Justin Kolbeck, a former U.S. diplomat who launched the company to address issues of food insecurity he’d seen firsthand while stationed in Afghanistan.

“[It’s] sushi or nigiri or sashimi that you would order at a sushi restaurant,” he said. So the product that Wildtype hopes to ship will be equivalent to the saku blocks of fish meat that sushi chefs carve to prepare salmon. “Chefs will take a fish apart into saku blocks which are 10 to 14 ounces of fish,” said Kolbeck. “They’ll cut out bits that go on nigiri and the bits that are left over are made into rolls. We’ve designed an initial product release that can serve all three of those form factors.”

The process is more difficult than simply culturing cells. According to Kolbeck and Wildtype’s other co-founder Arye Elfenbein, the company has developed its own technology for developing the scaffolding on which both the muscle tissue and fats can grow to replicate the taste and texture of wild-caught salmon.

“We’re developing the cell lines ourselves, we’re developing the scaffolding and we’re developing the nutrients that we need to grow and we’re developing the cultivators that the cells need to grow in,” said Kolbeck.

Image of Wildtype’s sushi-grade, lab-grown salmon (Image Credit: Arye Elfenbein/Wildtype)

For the cultivated meat industry to reach its full potential, companies may need to differentiate their businesses to focus on a single element of the supply chain going forward, the founders said.

Already, companies like Future Fields are raising money to focus on specific examples of the cultivated food supply chain, and Wildtype considered going down that road itself, according to Elfenbein.

“What we’ve created is special in its ability to provide cells with the right signals to organize and mature,” said Elfenbein. “This is applicable to other species than the salmon that we have worked on… we basically create a scaffold that provides the right guidance in different places for cells to take up fats in different places or become more striated.”

Already Wildtype has created sushi-grade salmon that achieves equivalence when it comes to nutrition and when it comes to the healthy omega 3 fats that make salmon a healthier option for consumers.

Wildtype is already working with restaurants in San Francisco, Portland and Seattle and is looking for chefs in other parts of the country.

Kolbeck thinks the timing is right for the company’s cultivated product. Consumers right now are coming to the realization that the supply chain for seafood is broken even as more shoppers are gravitating from the meat aisle to seafood in greater numbers.

From mislabeling of fish to the problems associated with factory fish farming, aquaculture and environmental degradation — along with the risks of chemically contaminated fish — shoppers who want seafood are also increasingly looking for more information about the provenance of the food they’re eating.

“The news is that we’re placing our bet on sushi as an industry where we can launch and make a big splash… pun intended,” said Kolbeck.

Committing to a fully zero-emission fleet by 2040, Uber is dedicating $800 million to electrifying its drivers

Ride hailing giant Uber is committing to become a fully zero-emission platform by 2040 and setting aside $800 million to help get its drivers using electric vehicles by 2025.

The company said that it would invest further in its micro-mobility options as well with the goal of having 100 percent of its rides take place on electric vehicles in the US, Canada, and European cities in which the company operates. Uber also said it would commit to reaching net-zero emissions from its own corporate operations by 2030.

If the company can hit its timeline, Uber would achieve necessary milestones in its operations a decade ahead of the Paris Climate Agreement targets set for 2050.

The keys to the company’s efforts are four new and expanding initiatives, according to a statement.

The first is the launch of Uber Green in 15 US and Canadian cities. For customers willing to spend an extra dollar, they can request an EV or hybrid electric vehicle to pick them up. By the end of the year, Uber Green will be available in over 65 cities around the world. Riders who choose the green option will also receive three times the Uber Rewards points they would have received for a typical UberX ride, the company said.

Uber’s second step toward making the world a greener place is to commit $800 million to transition its fleet to electric vehicles. Part of that transition is being subsidized by the $1 surcharge for riders who choose to go green and from fees that the company collects under its London and French Clean Air Plans. Those are 15 cent (or pence) surcharges that Uber has been collecting since January of last year to pay for the electrification of its drivers’ cars in European cities.

Dara Kowsrowshahi, chief executive officer of Uber Technologies Inc., speaks during an event in New Delhi, India, on Thursday, Feb. 22, 2018. During his Japan trip, Khosrowshahi has made it clear the ride-hailing company isnt scaling back its ambitions in certain Asian markets, despite speculation of a retreat. Photographer: Anindito Mukherjee/Bloomberg via Getty Images

To incentivize drivers to go green, Uber’s doling out an extra 50 cents per trip in the US and Canada for every “Uber Green” trip completed to be paid out by riders. Drivers using EVs will also get another dollar from Uber itself, amounting to $1.50 more per trip for each EV ride completed.

Other enticements include partnerships with GM in the US and Canada and Renault -Nissan in Europe to offer discounts on electric vehicles to Uber drivers. Working with Avis, Uber is planning to offer more electric vehicles for rental to US drivers. Meanwhile, the company said it would also expand electric vehicle charging by working to develop new charging stations in conjunction with companies like BP, EVgo, Enel X, Izivia by EDF, and Power Dot.

Uber’s also working to revive the vision of robotic battery swapping to enable customers to forget about their concerns when it comes to charging a new vehicle. It’s working with the San Francisco-based startup, Ample, as the young company develops its battery-swapping tech — and Lithium Urban Technologies, an electric fleet operator out of India.

Building on its existing micro-mobility network, the company is going to integrate bikes and scooters from Lime even closer into its networks and expanding its shared ride programs as soon as its safe to do it. The company is also intent on expanding its Journey Planning feature to enable users to see pricing options, schedules, and directions to and from transit stations. Uber also now offers in-app ticketing in more than ten cities, so people can buy public transit passes in the app itself. As a coup de grace, Uber’s also unveiling a new feature that allows users to plan their trips in Chicago and Sydney using cars and public transit to get where they need to go.

Finally, the company has released its first Climate Assessment and Performance Report analyzing emissions from the company’s operations in the United States and Canada from 2017 through 2019. Unsurprisingly, Uber found that it was more efficient than single-occupant driving, but the company did reveal that its carbon intensity is higher than that of average-occupancy personal cars. Meaning when there’re two people using a personal car, their footprint is lower than that of an Uber driver looking for passengers.

Although arguably, Uber shouldn’t be having its customers foot so much of the bill for its electric transition, these are all positive steps from a company that still has a long road ahead of it if it’s looking to reduce its carbon footprint.

PandaDoc employees arrested in Belarus after founders protest against Lukashenko regime

Yesterday the four employees (pictured) of US-headquartered enterprise startup PandaDoc were arrested in Minsk by the Belarus police, in what appears to be an act of state-led retaliation, after the company’s founders joined protests against the 26 year-long regime of President Alexander Lukashenko. Lukashenko is widely believed by international observers to have rigged the country’s recent elections in his favor, preventing the election of opposition leader Sviatlana Tsikhanouskaya.

PandaDoc — which has raised $51.1M and is now headquartered in San Francisco after debuting at a TechCrunch Meetup in Berlin in 2013 — issued a statement saying their Minsk development office was raided by police and the ‘Financial Investigation Department’ yesterday morning.

PandaDoc has released a statement on a new web site, SavePandaDoc, outlining the incident, saying employees had been prevented from leaving the office, refused access to lawyers, and a director was taken away by Police.

One of the founders of the company, Mikita Mikado, who lives in the US, has also released a statement to this effect on his Instagram and Youtube.

Four of the arrested PandaDoc employees have been charged with embezzling 107,000 BYR ($41,000) from company and therefore avoiding tax. The employees have been detained for two months.

However, PandaDoc released a statement saying: “We declare that this accusation is completely untrue and has no basis whatsoever. All activities of the company were carried out in full compliance with the legislation, which is confirmed by repeated international audits and inspections.”

Now held in custody are (also pictured):

Yulia Shardiko, Chief Accountant
Dmitry Rabtsevich, Director
Victor Kuvshinov, Product Director
Vladislav Mikholap, HR

Although the company HQ is in San Francisco, it has a large office on the Belarusian High Technologies Park, which was set up by the government supposedly to support the tech industry.

PandaDoc said the police raid was likely linked to the fact that the founders of PandaDoc, in particular Mikado, have protested publicly against the brutal crackdown on pro-democracy protesters by Lukashenko, but have done so strictly in a personal capacity.

Mikado recently became a leading voice in the protest movement. He set up an initiative, ProtectBelarus.org, offering Belarusian police officers who had decided to disobey orders to beat and torture protesters financial aid and re-training in the tech industry.

Belarussian police officers are effectively ‘indentured employees’ because they are paid in large sums at the beginning of their contract, but this immediately becomes a debt to the state the moment they decide to break leave their contract.

In a statement, Mikado said that as of August 29th, the platform had received more than 6,000 messages and almost 600 requests for help. The platform is run by volunteers and has no relation to PandaDoc, the company.

Mikado said in a statement: “We are asking international tech community to support PandaDoc by sharing this message and reaction to it with a #SavePandaDoc tag.”

“There is no more law. The authorities do not even try to act according to the law, they simply fabricate cases for political orders that come from above. And if you thought that this would not affect you, then we can safely assure you of the opposite – it has already affected everyone,” the statement reads.

“We will not be silent anymore! The country is full of legal chaos. The actions of the authorities cannot be called anything except genocide and repression. The further it goes, the longer the road back. And soon there will be a cliff. We demand to immediately release our colleagues, close the criminal case, let the company work normally and bring benefits and income, including to the state.”

The company now says it will be forced to close the company in Belarus and “will begin to establish an alternative to the Park of High Technologies outside the Republic of Belarus.”

PandaDoc only recently raised $30 million in a Series B extension from One Peak, Microsoft Venture Fund M12 and EBRD Venture Fund.

After the Belarusian presidential election on August 9th (which was not recognized as free and fair by the EU, the UK and the US due to widely reported and documented vote-rigging in favor of Lukashenko) the police violently cracked down on peaceful protests, leading to six reported deaths and 450 UN-documented cases of police torture.

Microsoft launches a deepfake detector tool ahead of US election

Microsoft has added to the slowly growing pile of technologies aimed at spotting synthetic media (aka deepfakes) with the launch of a tool for analyzing videos and still photos to generate a manipulation score.

The tool, called Video Authenticator, provides what Microsoft calls “a percentage chance, or confidence score” that the media has been artificially manipulated.

“In the case of a video, it can provide this percentage in real-time on each frame as the video plays,” it writes in a blog post announcing the tech. “It works by detecting the blending boundary of the deepfake and subtle fading or greyscale elements that might not be detectable by the human eye.”

If a piece of online content looks real but ‘smells’ wrong chances are it’s a high tech manipulation trying to pass as real — perhaps with a malicious intent to misinform people.

And while plenty of deepfakes are created with a very different intent — to be funny or entertaining — taken out of context such synthetic media can still take on a life of its own as it spreads, meaning it can also end up tricking unsuspecting viewers.

While AI tech is used to generate realistic deepfakes, identifying visual disinformation using technology is still a hard problem — and a critically thinking mind remains the best tool for spotting high tech BS.

Nonetheless, technologists continue to work on deepfake spotters — including this latest offering from Microsoft.

Although its blog post warns the tech may offer only passing utility in the AI-fuelled disinformation arms race: “The fact that [deepfakes are] generated by AI that can continue to learn makes it inevitable that they will beat conventional detection technology. However, in the short run, such as the upcoming U.S. election, advanced detection technologies can be a useful tool to help discerning users identify deepfakes.”

This summer a competition kicked off by Facebook to develop a deepfake detector served up results that were better than guessing — but only just in the case of a data-set the researchers hadn’t had prior access to.

Microsoft, meanwhile, says its Video Authenticator tool was created using a public dataset from Face Forensic++ and tested on the DeepFake Detection Challenge Dataset, which it notes are “both leading models for training and testing deepfake detection technologies”.

It’s partnering with the San Francisco-based AI Foundation to make the tool available to organizations involved in the democratic process this year — including news outlets and political campaigns.

“Video Authenticator will initially be available only through RD2020 [Reality Defender 2020], which will guide organizations through the limitations and ethical considerations inherent in any deepfake detection technology. Campaigns and journalists interested in learning more can contact RD2020 here,” Microsoft adds.

The tool has been developed by its R&D division, Microsoft Research, in coordination with its Responsible AI team and an internal advisory body on AI, Ethics and Effects in Engineering and Research Committee — as part of a wider program Microsoft is running aimed at defending democracy from threats posed by disinformation.

“We expect that methods for generating synthetic media will continue to grow in sophistication,” it continues. “As all AI detection methods have rates of failure, we have to understand and be ready to respond to deepfakes that slip through detection methods. Thus, in the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media. There are few tools today to help assure readers that the media they’re seeing online came from a trusted source and that it wasn’t altered.”

On the latter front, Microsoft has also announced a system that will enable content producers to add digital hashes and certificates to media that remain in their metadata as the content travels online — providing a reference point for authenticity.

The second component of the system is a reader tool, which can be deployed as a browser extension, for checking certificates and matching the hashes to offer the viewer what Microsoft calls “a high degree of accuracy” that a particular piece of content is authentic/hasn’t been changed.

The certification will also provide the viewer with details about who produced the media.

Microsoft is hoping this digital watermarking authenticity system will end up underpinning a Trusted News Initiative announced last year by UK publicly funded broadcaster, the BBC — specifically for a verification component, called Project Origin, which is led by a coalition of the BBC, CBC/Radio-Canada, Microsoft and The New York Times.

It says the digital watermarking tech will be tested by Project Origin with the aim of developing it into a standard that can be adopted broadly.

“The Trusted News Initiative, which includes a range of publishers and social media companies, has also agreed to engage with this technology. In the months ahead, we hope to broaden work in this area to even more technology companies, news publishers and social media companies,” Microsoft adds.

While work on technologies to identify deepfakes continues, its blog post also emphasizes the importance of media literacy — flagging a partnership with the University of Washington, Sensity and USA Today aimed at boosting critical thinking ahead of the US election.

This partnership has launched a Spot the Deepfake Quiz for voters in the US to “learn about synthetic media, develop critical media literacy skills and gain awareness of the impact of synthetic media on democracy”, as it puts it.

The interactive quiz will be distributed across web and social media properties owned by USA Today, Microsoft and the University of Washington and through social media advertising, per the blog post.

The tech giant also notes that it’s supporting a public service announcement (PSA) campaign in the US encouraging people to take a “reflective pause” and check to make sure information comes from a reputable news organization before they share or promote it on social media ahead of the upcoming election.

“The PSA campaign will help people better understand the harm misinformation and disinformation have on our democracy and the importance of taking the time to identify, share and consume reliable information. The ads will run across radio stations in the United States in September and October,” it adds.

Decrypted: Uber’s former security chief charged, FBI’s ‘vishing’ warning

A lot happened in cybersecurity over the past week.

The University of Utah paid almost half a million dollars to stop hackers from leaking sensitive student data after a ransomware attack. Two major ATM makers patched flaws that could’ve allowed for fraudulent cash withdrawals from vulnerable ATMs. Grant Schneider, the U.S. federal chief information security officer, is leaving his post after more than three decades in government. And, a new peer-to-peer botnet is spreading like wildfire and infecting millions of machines around the world.

In this week’s column, we look at how Uber’s handling of its 2016 data breach put the company’s former chief security officer in hot water with federal prosecutors. And, what is “vishing” and why should companies take note?


THE BIG PICTURE

Uber’s former security chief charged with data breach cover-up

Joe Sullivan, Uber’s former security chief, was indicted this week by federal prosecutors for allegedly trying to cover up a data breach in 2016 that saw 57 million rider and driver records stolen.

Sullivan paid $100,000 in a “bug bounty” payment to the two hackers, who were also charged with the breach, in exchange for signing a nondisclosure agreement. It wasn’t until a year after the breach that former Uber chief executive Travis Kalanick was forced out and replaced with Dara Khosrowshahi, who fired Sullivan after learning of the cyberattack. Sullivan now serves as Cloudflare’s chief security officer.

The payout itself isn’t the issue, as some had claimed. Prosecutors in San Francisco took issue with how Sullivan allegedly tried to bury the breach, which later resulted in a massive $148 million settlement with the Federal Trade Commission.

As the pandemic creates supply chain chaos, Craft raises $10M to apply some intelligence

During the COVID-19 pandemic supply chains have suddenly become hot. Who knew that would ever happen? The race to secure PPE, ventilators, minor things like food, was and still is, an enormous issue. But perhaps, predictably, the world of ‘supply chain software’ could use some updating. Most of the platforms are deployed ‘empty’ and require the client to populate them with their own data or ‘bring their own data’. The UIs can be outdated and still have to be juggled with manual and offline workflows. So startups working in this space are now attracting some timely attention.

Thus, Craft, the enterprise intelligence company, today announces that it has closed a $10 million Series A financing to build what it characterizes as a ‘supply chain intelligence platform’. With the new funding, Craft will expand its offices in San Francisco, London, and Minsk, and grow remote teams across engineering, sales, marketing and operations in North America and Europe.

It competes with some large incumbents such as Dun & Bradstreet, Bureau van Dijk, Thomson Reuters . These are traditional data providers focused primarily on providing financial data about public companies, rather than real-time data from data sources such as operating metrics, human capital, and risk metrics.

The idea is to allow companies to monitor and optimize their supply chain and enterprise systems. The financing was led by High Alpha Capital, alongside Greycroft. Craft also has some high-flying Angel investors including Sam Palmisano, chairman of the Center for Global Enterprise and former CEO and chairman of IBM; Jim Moffatt, former CEO of Deloitte Consulting; Frederic Kerrest, executive vice-chairman, COO and co-founder of Okta; and Uncork Capital which previously led Craft’s Seed financing. High Alpha Partner, Kristian Andersen, is joining Craft’s Board of Directors.

The problem Craft is attacking is a lack of visibility into complex global supply chains. For obvious reasons, COVID-19 disrupted global supply chains which tended to reveal a lot of risks, structural weaknesses across industries and a lack of intelligence about how it’s all holding together. Craft’s solution is a proprietary data platform, API, and portal that integrates into existing enterprise workflows.

While many business intelligence products require clients to bring their own data, Craft’s data platform comes pre-deployed with data from thousands of financial and alternative sources, such as 300+ data points that are refreshed using both Machine Learning and human validation. It’s open-to-the-web company profiles appear in 50 million search results, for instance.

Ilya Levtov, co-founder and CEO of Craft said in a statement: “Today, we are focused on providing powerful tracking and visibility to enterprise supply chains, while our ultimate vision is to build the intelligence layer of the enterprise technology stack.”

Kristian Andersen, partner with High Alpha commented: “We have a deep conviction that supply chain management remains an underinvested and under-innovated category in enterprise software.”

In the first half of 2020, Craft claims its revenues have grown nearly threefold, with Fortune 100 companies, government and military agencies, and SMEs among its clients.

Digitizing Burning Man

For decades, Burning Man has represented an escape from the current reality. An event for free-er spirits to rethink new age ideals inside a stateless entity where art, music and partying reign supreme on the desert plains.

Over the years, the Bay Area-founded event has dealt with an internal clash as the gathering has grown larger and attracted a heavy presence from Silicon Valley’s wealthy tech class, with tales of turnkey experiences, air-conditioned camps, helicopters and lobster dinners. Now, under the shadow of a historic pandemic, the organization behind the massive, iconic event is desperately working to stick to its roots while avoiding financial ruin as it pivots the 2020 festival to a digital format with the pro bono help of some of its tech industry attendees.

With just a few weeks before the event is set to kick off, the organization is bringing together a group of technologists with backgrounds in virtual reality, blockchain, hypnotism and immersive theatre to create a web of hacked-together social products that they hope will capture the atmosphere of Burning Man.

Going virtual is an unprecedented move for an event that’s mere existence already seems to defy precedent.

Burning Man is held in late August every year inside Nevada’s Black Rock Desert. For nine days, the attendees, who refer to themselves as Burners, fill up the desolate landscape with massive art installations, stages and camps. Attendance has been climbing over the past several decades, to the point that the federal government got involved, creating a more than 170-page report arguing why the event’s attendance should be capped. More than 78,000 people attended in 2019.

It’s an escape from society in a shared social experience that doesn’t seem to be replicable elsewhere.

The Multiverse

Steven Blumenfeld became the CTO of Burning Man days before the org’s leaders publicly announced that, due to the COVID-19 pandemic, the physical event was being abruptly canceled and the team was going all-in on a virtual gathering. Though the serial CTO expected the position to largely involve crusty tasks maintaining the event’s media infrastructure, he soon was pressed to rethink the front-end of a sprawling event that’s decades old and steeped in lore.

“My first inclination is, ‘Great! Let’s go build a big 3D VR world blah blah blah… So then I spent the first two weeks looking at what I had for staff, what I had for time frame, and what we could actually do,” Blumenfeld says. “There was just no way. And you know, I actually still wanted to do it. I wanted a challenge… but the reality was it just wasn’t going to happen.”

Burning Man is a massive undertaking, with a particularly deep emotional hold inside San Francisco, where it was first held in 1986, and by extension Silicon Valley. It isn’t all that surprising that when the Burning Man Project announced the event was making the move to a digital format, there was a rapid influx of community input to help decipher what an on-the-grid virtual Burning Man might look like.

“We had 14,000 people tell us they wanted to contribute in some way to a virtual Black Rock City,” said Kim Cook, the org’s director of art and civic engagement. “Some of them said what they wanted to contribute was love; so that’s cool. We also had around a thousand of them say they wanted to do developer-type work.”

Some of the groups that reached out to the Burning Man Project were companies that were willing to build a Burning Man experience but wanted official branding present. Despite a precarious financial position, Burning Man’s organizers declined help from these sponsors, citing the org’s adherence to “de-commodification” — a desire to prevent corporate infiltration of the event, eschewing advertising, branded stages and corporate partnerships.

Turning away from the professional studios, Blumenfeld and others settled on a network of small indie teams filled with Burners that were willing to develop the official digital experiences for the event on their own time.

A new moment for social networking

Eight projects eventually emerged as official “recognized universes,” each taking drastically different approaches to what a virtual Burning Man should look like. While some focus their efforts on virtual reality, others add social layers to video chat or build 3D environments on top of existing platforms like Second Life or Microsoft’s AltspaceVR .

During the pandemic, revamped developer conferences and trade shows have been able to port keynote addresses or panels to a Zoom format fairly seamlessly, but there are plenty of elements of the Burning Man experience that the teams involved realize might be impossible to replicate with online platforms. The developers creating the event’s virtual worlds are determined to rethink the conventions of online social networking to ensure that Burners make new friends this year.

“The sense of awe and scale is tricky,” says Ed Cooke, who is building one of the official apps. “One way of explaining Burning Man is that it’s a state of mind that you access as a side effect of all the things that happen on the way there.”

Cooke, a London startup founder who also boasts the title of Grand Memory Master, earned for — among other things — memorizing the order of 10 decks of cards in less than an hour, has been building SparkleVerse with his friend Chris Adams, whose daytime gig is as a senior software manager at Airbnb.

Their web app, which pairs a 2D map interface with video chat windows, is primarily focused on advancing how shared context can facilitate and better frame social relationships.

Amid quarantine, the pair tells TechCrunch they have been creating deeply complicated video chat parties for their friends. One example is a moon-themed party where they created a clickable map of the lunar surface that guided the 200 attendees through 16 separate virtual spaces with their own themes. Before the party kicked off, the hosts walked people through the “experience of traveling to the moon” by guiding them through the effects of zero gravity and instructing them to play along with experiencing it. Another hot tub-themed party invited guests to jump into their bath tub before firing up Zoom.

Cooke and Adams are leaning on some of these mechanics to create a Burning Man theme, hoping that taking cues from immersive theatre will enable people to commit more deeply to the experience. The acts of driving, losing your phone connection and growing tired and hungry on the way to the physical event add to a “spaciousness in your consciousness” that allows people to act more freely, Cooke says. He wants participants to replicate these experiences by taking steps outside their normal life in the run-up to the event, whether that’s sitting through an obscenely long video chat session to simulate a drive to the desert or setting up a tent in their living room, or cutting off their water line and avoiding showers during the nine days.

“All of this is embedding you further and further into this distant context, miles away from your normal life, where effectively in the course of this, you’re just becoming a radically less boring person,” Cooke explains in a nine-minute video outlining the platform.

Many of the apps are building on the idea of how spatial interfaces can feed greater social context and make it easier to approach people and make new friends.

Another official app, Build-a-Burn, takes the idea of a stylized 2D interface for video chat even further with a sketched-out grayscale map of Black Rock City that users can navigate little stick figures across. As a user moves through different camps and their avatars get physically close to each other, new video chat screens fade in and users can gain the experience of venturing into a new social bubble.

A screenshot of Build-a-Burn

While Build-a-Burn and SparkleVerse are leaning more heavily on video chat, other experiences hope that creating massive 3D landscapes that match the scale of the real-world event will help people get into the spirit of the event.

Other than Burn2, which is wholly contained within the Second Life platform, most of the 3D-centric apps integrate some level of virtual reality support. Projects that support VR headsets include The Infinite Playa, The Bridge Experience, MysticVerse, BRCvr (which taps into Microsoft’s AltspaceVR platform) and Multiverse.

Each of the VR experiences will also allow users to join on mobile or desktop, an effort to ensure that the apps are more widely accessible.


Over on Extra Crunch, read about how a new generation of chat apps are leaning on game-like interfaces


Multiverse creator Faryar Ghazanfari, who runs an AR startup and previously worked on Tesla’s legal team, says that the motivations for building his app were a bit on the selfish side, telling TechCrunch that he became “extremely sad” after the physical event’s cancellation and felt the need to help build a place where he could reunite with his own camp.

Screenshot from a demo of Multiverse.

Ghazanfari tells TechCrunch he feels a responsibility in creating the environment that other Burners will experience; he says his chief concern is capturing the event’s complexity. Compared to the other apps, Multiverse focuses primarily on providing a photorealistic 3D playground where avatars can zoom around.

“As Burners, we don’t think of Burning Man as just a music festival or art festival; it is much more than that. Burning Man is a social experiment of creating a community out of a shared struggle,” Ghazanfari says.

Each of the Burning Man-approved apps seem to engage with evoking that shared struggle differently, which appears to be the most looming challenge of moving this event to a virtual format. While the apps hope to bring elements of the physical event into their virtual spaces, the creators also seem to realize that aiming to compete with attendees’ past memories is unwise. It’s a challenge that has been faced by dozens of startups in the virtual reality space over the past several years.

“I think the main challenge is taking something that exists in reality and then porting it into a different platform,” said Adam Arrigo, CEO of Wave, a venture-backed startup that initially launched a VR app for music concerts but has since shifted focus to mobile and desktop experiences. “When you’re in these digital spaces, the agency that you have as a user and the experiences you can create are so different than something that could exist, even at a concert.”

Financial uncertainty

Perhaps the biggest unknown, as the organization readies for Burning Man’s August 30 start date, is that nobody really has any idea how many people are going to show up. While Blumenfeld pointed me to suggestions the entire digital event could attract up to 30,000 people over its nine-day run, Ghazanfari hopes that hundreds of thousands or millions of users will come into the fold of his experience.

Another point of contention internally is how exactly the groups plan to monetize these digital experiences.

In 2020, the standard ticket price for Burning Man was $475. The organization postponed the “main sale” of tickets prior to this year’s physical event’s cancellation, but they had already sold tens of thousands of tickets. Ticket holders will have the option of being refunded, but the organization has encouraged those who “have the means” to consider making a full or partial donation of the ticket price instead.

In 2018, Burning Man cost $44 million for the organization to produce, according to tax documents. The Burning Man Project reported about $43 million in ticket sales from that event, with other donations and revenue streams bringing the nonprofit’s total revenue for that fiscal year to about $46 million. In a blog post, the event’s organizers noted that though the group had event insurance, they were not covered for a cancellation caused by a pandemic. Burning Man Project says it has $10 million in cash reserves, but that it anticipates draining through that funding by the end of the year to stay afloat. The organization is listed as having received a loan from the federal government’s Paycheck Protection Program for between $2-5 million.

While some like Ghazanfari are pushing to make their experiences free to access with the option of giving a donation later, others expressed desire for a single digital ticket that would give attendees access to all eight digital experiences. Cooke says users will need to pay a $50 entrance fee to access the SparkleVerse.

The disparate nature of the experience being built this year — with some being shipped as native apps, others in HTML5 and others inside existing tech platforms — meant that a unified ticketing platform just wouldn’t work, Blumenfeld told TechCrunch. Not all of the developers were thrilled with this outcome, which they fear could fracture attendance at events on certain platforms. The biggest concern seemed to be ensuring that all of this effort pays off in some way for the organization so that they can continue to host the Burning Man event post-pandemic.

“One of the biggest reasons we’re all doing this is to help Burning Man survive, because the Burning Man organization unfortunately was really badly hit because of COVID,” Ghazanfari says. “The organization is in kind of a precarious situation financially.”

The organization has attracted criticism in recent years for the event’s inclusiveness. Some of the developers acknowledge that planning for a nine-day trip to the middle of the desert can be daunting and prohibitively expensive for people that want to join the community, and they hope that this year’s shift to a digital format will open up the event to more people and that these apps can be a less intimidating way for skeptics to get a taste of the community.

Thinking of the future

None of the developers behind the digital experiences are being paid for their efforts building these apps. However, the Burning Man Project has given at least some of them perpetual licenses to continue operating these digital platforms with the Burning Man name and an option to monetize, though a percentage of proceeds will be kicked back to the organization.

While getting this event across the finish line by the end of the month is daunting enough, the Burning Man Project is also trying to consider how its rapid learnings will apply to next year, though they hope that the physical event returns for 2021.

Blumenfeld says he plans to spend the next year working on the background infrastructure so that items like gating and ticketing functions for a virtual Burning Man can all be centralized.

While having eight distinct experiences this year could complicate the goal of getting one big group together, developers concerned about troubleshooting their new apps or having a sudden influx of virtual Burners overwhelm their infrastructures view multiple entry points to the festival as a necessary logistical move. Organizers hope the diversity of options will keep things interesting for attendees.

“I think we’ve got a good mix, and part of it is, we want to learn,” Blumenfeld says. “What we’re trying very hard to avoid is being in Zoom meeting hell.”

Whether users are connecting via video chat or as avatars inside a large virtual world, the developers building Burning Man’s virtual experiences believe they are operating on the cutting edge of virtual interaction and that they are rethinking elements of modern social networking to create a virtual Burning Man where people will be able to form new social bonds.

“I’ve fallen in love with this idea that at some point in the future, some Ph.D. student in 300 years time is going to write a thesis on the first online Burning Man, because it does feel like an extraordinary moment of avant garde imagineering for what the future of human online interaction looks like,” Cooke tells TechCrunch.

A new technique can detect newer 4G ‘stingray’ cell phone snooping

Security researchers say they have developed a new technique to detect modern cell-site simulators.

Cell site simulators, known as “stingrays,” impersonate cell towers and can capture information about any phone in its range — including in some cases calls, messages and data. Police secretly deploy stingrays hundreds of times a year across the United States, often capturing the data on innocent bystanders in the process.

Little is known about stingrays, because they are deliberately shrouded in secrecy. Developed by Harris Corp. and sold exclusively to police and law enforcement, stingrays are covered under strict nondisclosure agreements that prevent police from discussing how the technology works. But what we do know is that stingrays exploit flaws in the way that cell phones connect to 2G cell networks.

Most of those flaws are fixed in the newer, faster and more secure 4G networks, though not all. Newer cell site simulators, called “Hailstorm” devices, take advantage of similar flaws in 4G that let police snoop on newer phones and devices.

Some phone apps claim they can detect stingrays and other cell site simulators, but most produce wrong results.

But now researchers at the Electronic Frontier Foundation have discovered a new technique that can detect Hailstorm devices.

Enter the EFF’s latest project, dubbed “Crocodile Hunter” — named after Australian nature conservationist Steve Irwin who was killed by a stingray’s barb in 2006 — helps detect cell site simulators and decodes nearby 4G signals to determine if a cell tower is legitimate or not.

Every time your phone connects to the 4G network, it runs through a checklist — known as a handshake — to make sure that the phone is allowed to connect to the network. It does this by exchanging a series of unencrypted messages with the cell tower, including unique details about the user’s phone — such as its IMSI number and its approximate location. These messages, known as the master information block (MIB) and the system information block (SIB), are broadcast by the cell tower to help the phone connect to the network.

“This is where the heart of all of the vulnerabilities lie in 4G,” said Cooper Quintin, a senior staff technologist at the EFF, who headed the research.

Quintin and fellow researcher Yomna Nasser, who authored the EFF’s technical paper on how cell site simulators work, found that collecting and decoding the MIB and SIB messages over the air can identify potentially illegitimate cell towers.

This became the foundation of the Crocodile Hunter project.

A rare public photo of a stingray, manufactured by Harris Corp. Image Credits: U.S. Patent and Trademark Office

Crocodile Hunter is open-source, allowing anyone to run it, but it requires a stack of both hardware and software to work. Once up and running, Crocodile Hunter scans for 4G cellular signals, begins decoding the tower data, and uses trilateration to visualize the towers on a map.

But the system does require some thought and human input to find anomalies that could identify a real cell site simulator. Those anomalies can look like cell towers appearing out of nowhere, towers that appear to move or don’t match known mappings of existing towers, or are broadcasting MIB and SIB messages that don’t seem to make sense.

That’s why verification is important, Quintin said, and stingray-detecting apps don’t do this.

“Just because we find an anomaly, doesn’t mean we found the cell site simulator. We actually need to go verify,” he said.

In one test, Quintin traced a suspicious-looking cell tower to a truck outside a conference center in San Francisco. It turned out to be a legitimate mobile cell tower, contracted to expand the cell capacity for a tech conference inside. “Cells on wheels are pretty common,” said Quintin. “But they have some interesting similarities to cell site simulators, namely in that they are a portable cell that isn’t usually there and suddenly it is, and then leaves.”

In another test carried out earlier this year at the ShmooCon security conference in Washington, D.C. where cell site simulators have been found before, Quintin found two suspicious cell towers using Crocodile Hunter: One tower that was broadcasting a mobile network identifier associated with a Bermuda cell network and another tower that didn’t appear to be associated with a cell network at all. Neither made much sense, given Washington, D.C. is nowhere near Bermuda.

Quintin said that the project was aimed at helping to detect cell site simulators, but conceded that police will continue to use cell site simulators for as long as the cell networks are vulnerable to their use, an effort that could take years to fix.

Instead, Quintin said that the phone makers could do more at the device level to prevent attacks by allowing users to switch off access to legacy 2G networks, effectively allowing users to opt-out of legacy stingray attacks. Meanwhile, cell networks and industry groups should work to fix the vulnerabilities that Hailstorm devices exploit.

“None of these solutions are going to be foolproof,” said Quintin. “But we’re not even doing the bare minimum yet.”


Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: [email protected]

A new technique can detect newer 4G ‘stingray’ cell phone snooping

Security researchers say they have developed a new technique to detect modern cell-site simulators.

Cell site simulators, known as “stingrays,” impersonate cell towers and can capture information about any phone in its range — including in some cases calls, messages and data. Police secretly deploy stingrays hundreds of times a year across the United States, often capturing the data on innocent bystanders in the process.

Little is known about stingrays, because they are deliberately shrouded in secrecy. Developed by Harris Corp. and sold exclusively to police and law enforcement, stingrays are covered under strict nondisclosure agreements that prevent police from discussing how the technology works. But what we do know is that stingrays exploit flaws in the way that cell phones connect to 2G cell networks.

Most of those flaws are fixed in the newer, faster and more secure 4G networks, though not all. Newer cell site simulators, called “Hailstorm” devices, take advantage of similar flaws in 4G that let police snoop on newer phones and devices.

Some phone apps claim they can detect stingrays and other cell site simulators, but most produce wrong results.

But now researchers at the Electronic Frontier Foundation have discovered a new technique that can detect Hailstorm devices.

Enter the EFF’s latest project, dubbed “Crocodile Hunter” — named after Australian nature conservationist Steve Irwin who was killed by a stingray’s barb in 2006 — helps detect cell site simulators and decodes nearby 4G signals to determine if a cell tower is legitimate or not.

Every time your phone connects to the 4G network, it runs through a checklist — known as a handshake — to make sure that the phone is allowed to connect to the network. It does this by exchanging a series of unencrypted messages with the cell tower, including unique details about the user’s phone — such as its IMSI number and its approximate location. These messages, known as the master information block (MIB) and the system information block (SIB), are broadcast by the cell tower to help the phone connect to the network.

“This is where the heart of all of the vulnerabilities lie in 4G,” said Cooper Quintin, a senior staff technologist at the EFF, who headed the research.

Quintin and fellow researcher Yomna Nasser, who authored the EFF’s technical paper on how cell site simulators work, found that collecting and decoding the MIB and SIB messages over the air can identify potentially illegitimate cell towers.

This became the foundation of the Crocodile Hunter project.

A rare public photo of a stingray, manufactured by Harris Corp. Image Credits: U.S. Patent and Trademark Office

Crocodile Hunter is open-source, allowing anyone to run it, but it requires a stack of both hardware and software to work. Once up and running, Crocodile Hunter scans for 4G cellular signals, begins decoding the tower data, and uses trilateration to visualize the towers on a map.

But the system does require some thought and human input to find anomalies that could identify a real cell site simulator. Those anomalies can look like cell towers appearing out of nowhere, towers that appear to move or don’t match known mappings of existing towers, or are broadcasting MIB and SIB messages that don’t seem to make sense.

That’s why verification is important, Quintin said, and stingray-detecting apps don’t do this.

“Just because we find an anomaly, doesn’t mean we found the cell site simulator. We actually need to go verify,” he said.

In one test, Quintin traced a suspicious-looking cell tower to a truck outside a conference center in San Francisco. It turned out to be a legitimate mobile cell tower, contracted to expand the cell capacity for a tech conference inside. “Cells on wheels are pretty common,” said Quintin. “But they have some interesting similarities to cell site simulators, namely in that they are a portable cell that isn’t usually there and suddenly it is, and then leaves.”

In another test carried out earlier this year at the ShmooCon security conference in Washington, D.C. where cell site simulators have been found before, Quintin found two suspicious cell towers using Crocodile Hunter: One tower that was broadcasting a mobile network identifier associated with a Bermuda cell network and another tower that didn’t appear to be associated with a cell network at all. Neither made much sense, given Washington, D.C. is nowhere near Bermuda.

Quintin said that the project was aimed at helping to detect cell site simulators, but conceded that police will continue to use cell site simulators for as long as the cell networks are vulnerable to their use, an effort that could take years to fix.

Instead, Quintin said that the phone makers could do more at the device level to prevent attacks by allowing users to switch off access to legacy 2G networks, effectively allowing users to opt-out of legacy stingray attacks. Meanwhile, cell networks and industry groups should work to fix the vulnerabilities that Hailstorm devices exploit.

“None of these solutions are going to be foolproof,” said Quintin. “But we’re not even doing the bare minimum yet.”


Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: [email protected]