The complicated calculus of taking Facebook’s venture money

Facebook is reportedly getting into the venture capital game, but for young entrepreneurs working in social media, ignoring or deleting that particular friend request could be the right call.

According to a report in Axios, the company is building up a corporate fund under the auspices of its “New Product Experimentation” team, which launched last year. The company posted a job opening looking for a “head of investments” for the new division and now has new job openings in the group for two “founder” positions in New York City and Menlo Park, California. 

Axios reported that the role would “manage a multimillion dollar fund that invests in leading private companies alongside top venture capital firms and angel investors,” according to a now-deleted post. The new hire will join Shabih Rizvi, a former partner at the Alphabet-backed corporate venture firm, Gradient Ventures, who began his career in venture at KPCB.

While Facebook said that the new investment arm would complement the work that the company already does to support startups through accelerators and hackathons, investors at some of Silicon Valley’s venture capital firms were skeptical. Perhaps with good reason, since the group that houses Facebook’s new investment team is hiring its own “founders” and has already developed a few apps that could compete with existing startups.

“[Money] of last resort,” one investor wrote in a text. Another said it would be a way for Facebook to spot potential acquisitions early enough to avoid triggering antitrust concerns, which may be good for Facebook, but bad for startups. “[Facebook] can’t buy 100 million-user apps any more,” this investor wrote in a direct message. “It needs to buy them closer to 10 million.”

All Facebook users can now access a tool to port data to Google Photos

Facebook’s photo transfer tool is now available globally half a year on from an initial rollout in Europe, the company said today.

The data portability feature enables users of the social network to directly port a copy of their photos to Google’s eponymous photo storage service via encrypted transfer, rather than needing to download and manually upload photos themselves — thereby reducing the hassle involved with switching to a rival service.

Facebook users can find the option to “Transfer a copy of your photos and videos” under the Your Facebook Information settings menu.

This is the same menu where the company has long enabled users to download a copy of a range of information related to their use of its service (including photos). However there’s little that can be done with that data dump. Whereas the direct photo transfer mechanism shrinks the friction involved in account switching.

Facebook debuted the feature in Ireland at the back end of last year, going on to open it up to more international markets earlier this year and grant access to users in the US and Canada come April.

Now all Facebook users can tap in — though the choice of where you can port your photos remains limited to Google Photos. So it’s not the kind of data portability that’s of any help to startup services (yet).

Facebook has said support for other services is being built out. However this requires collaborating developers to build the necessary adapters for photos APIs. Which in turn depends on wider participation in an underpinning open source effort, called the Data Transfer Project (DTP).

The wider context around the DTP — which kicked off in 2018, backed by a number of tech giants all keen to hitch their wagon to the notion of greasing platform-to-platform data portability — is the fact regulators in the US and Europe are paying closer attention to the deleterious impact of platform power on competition and markets.

Putting some resource into data portability looks like a collective strategy by powerful players to try to manage and fend off antitrust action that might otherwise see dominant empires broken up in the interests of rebalancing digital markets.

If platforms can make a plausible case that their users aren’t locked into their walled gardens because network effects force them to stay but can simply push a button to move their stuff and waltz elsewhere, they will hope to shrink their antitrust risk and water down the case for sweeping reforms of digital regulations.

Europe is certainly looking closely at updating its rulebook to tackle platform power — with legislative proposals wrapping digital services slated before the end of the year.

EU lawmakers are also specifically consulting on whether the bloc needs a new tool in its antitrust arsenal to tackle the problem of tipping markets in the digital sphere — where a dominant player consolidates a market position to such an extent that it becomes difficult to reverse. The proposed new power would enable European antitrust regulators to speed up interventions by letting them impose behavioural and structural remedies without needing to make a finding of infringement first.

Given all that, it would be interesting to know how many Facebook users have actually made use of the photo porting tool in the half-year since it launched to a sub-set of users.

A Facebook spokesman told us he did not have “specific numbers to share at this time” — but claimed it’s seen “many” users making photo transfers via the tool.

“We’ve received some positive feedback from stakeholders who have been giving feedback on the product throughout the rollout,” the spokesman added. “We hope that will continue to increase as more people are aware of the tool and new destinations and data types are added.”

First major GDPR decisions looming on Twitter and Facebook

The lead data regulator for much of big tech in Europe is moving inexorably towards issuing its first major cross-border GDPR decision — saying today it’s submitted a draft decision related to Twitter’s business to its fellow EU watchdogs for review.

“The draft decision focusses on whether Twitter International Company has complied with Articles 33(1) and 33(5) of the GDPR,” said the Irish Data Protection Commission (DPC) in a statement.

Europe’s General Data Protection Regulation came into application two years ago, as an update to the European Union’s long-standing data protection framework which bakes in supersized fines for compliance violations. More interestingly, regulators have the power to order that violating data processing cease. While, in many EU countries, third parties such as consumer rights groups can file complaints on behalf of individuals.

Since GDPR begun being applied, there have been thousands of complaints filed across the bloc, targeting companies large and small — alongside a rising clamour around a lack of enforcement in major cross-border cases pertaining to big tech.

So the timing of the DPC’s announcement on reaching a draft decision in its Twitter probe is likely no accident. (GDPR’s actual anniversary of application is May 25.)

The draft decision relates to an inquiry the regulator instigated itself, in November 2018, after the social network had reported a data breach — as data controllers are required to do promptly under GDPR, risking penalties should they fail to do so.

Other interested EU watchdogs (all of them in this case) will now have one month to consider the decision — and lodge “reasoned and relevant objections” should they disagree with the DPC’s reasoning, per the GDPR’s one-stop-shop mechanism which enables EU regulators to liaise on cross-border inquiries.

In instances where there is disagreement between DPAs on a decision the regulation contains a dispute resolution mechanism (Article 65) — which loops in the European Data Protection Board (EDPB) to make a final decision on a majority basis.

On the Twitter decision, the DPC told us it’s hopeful this can be finalized in July.

Commissioner Helen Dixon has previously said the first cross border decisions would be coming “early” in 2020. However the complexity of working through new processes — such as the one-stop-shop — appear to have taken EU regulators longer than hoped.

The DPC is also dealing with a massive case load at this point, with more than 20 cross border investigations related to complaints and/or inquiries still pending decisions — with active probes into the data processing habits of a large number of tech giants; including Apple, Facebook, Google, Instagram, LinkedIn, Tinder, Verizon (TechCrunch’s parent company) and WhatsApp — in addition to its domestic caseload (operating with a budget that’s considerably less than it requested from the Irish government).

The scope of some of these major cross-border inquiries may also have bogged Ireland’s regulator down.

But — two years in — there are signs of momentum picking up, with the DPC’s deputy commissioner, Graham Doyle, pointing today to developments on four additional investigations from the cross-border pile — all of which concern Facebook owned platforms.

The furthest along of these is a probe into the level of transparency the tech giant provides about how user data is shared between its WhatsApp and Facebook services.

“We have this week sent a preliminary draft decision to WhatsApp Ireland Limited for their submissions which will be taken in to account by the DPC before preparing a draft decision in that matter also for Article 60 purposes,” said Doyle in a statement on that. “The inquiry into WhatsApp Ireland examines its compliance with Articles 12 to 14 of the GDPR in terms of transparency including in relation to transparency around what information is shared with Facebook.”

The other three cases the DPC said it’s making progress on relate to GDPR consent complaints filed back in May 2018 by the EU privacy rights not-for-profit, noyb.

noyb argues that Facebook uses a strategy of “forced consent” to continue processing individuals’ personal data — when the standard required by EU law is for users to be given a free choice unless consent is strictly necessary for provision of the service. (And noyb argues that microtargeted ads are not core to the provision of a social networking service; contextual ads could instead be served, for example.)

Back in January 2019, Google was fined $57M by France’s data watchdog, CNIL, over a similar complaint.

Per its statement today, the DPC said it has now completed the investigation phase of this complaint-based inquiry which it said is focused on “Facebook Ireland’s obligations to establish a lawful basis for personal data processing”.

“This inquiry is now in the decision-making phase at the DPC,” it added.

In further related developments it said it’s sent draft inquiry reports to the complainants and companies concerned for the same set of complaints for (Facebook owned) Instagram and WhatsApp. 

Doyle declined to give any firm timeline for when any of these additional inquiries might yield final decisions. But a summer date would, presumably, be the very earliest timeframe possible.

The regulator’s hope looks to be that once the first cross-border decision has made it through the GDPR’s one-stop-shop mechanism — and yielded something all DPAs can sign up to — it will grease the tracks for the next tranche of decisions.

That said, not all inquiries and decisions are equal clearly. And what exactly the DPC decides in such high profile probes will be key to whether or not there’s disagreement from other data protection agencies. Different EU DPAs can take a harder or softer line on applying the bloc’s rules, with some considerably more ‘business friendly‘ than others. Albeit, the GDPR was intended to try to shrink differences of application.

If there is disagreement among regulators on major cross border cases, such as the Facebook ones, the GDPR’s one-stop-shop mechanism will require more time to work through to find consensus. So critics of the regulation are likely to have plenty of attack area still.

Some of the inquiries the DPC is leading are also likely to set standards which could have major implications for many platforms and digital businesses so there will be vested interests seeking to influence outcomes on all sides. But with GDPR hitting its second birthday — and still hardly any decision-shaped lumps taken out of big tech — the regional pressure for enforcements to get flowing is massive.

Given the blistering pace of tech developments — and the market muscle of big tech being applied to steamroller individual rights — EU regulators have to be able to close the gap between investigation and enforcement or watch their flagship framework derided as a paper tiger…

Schrems II

Summer is also shaping up to be an interesting time for privacy watchers for another reason, with a landmark decision due from Europe’s top court on July 16 on the so called ‘Schrems II’ case (named for the Austrian lawyer, privacy rights campaigner and noyb founder, Max Schrems, who lodged the original complaint) — which relates to the legality of Standard Contractual Clauses (SCC) as a mechanism for personal data transfers out of the EU.

The DPC’s statement today makes a point of flagging this looming decision, with the regulator writing: “The case concerns proceedings initiated and pursued in the Irish High Court by the DPC which raised a number of significant questions about the regulation of international data transfers under EU data protection law. The judgement from the CJEU on foot of the reference made arising from these proceedings is anticipated to bring much needed clarity to aspects of the law and to represent a milestone in the law on international transfers.”

A legal opinion issued at the end of last year by an influential advisor to the court emphasized that EU data protection authorities have an obligation to step in and suspend data transfers by SCC if they are being used to send citizens’ data to a place where their information cannot be adequately protected.

Should the court hold to that view, all EU DPAs will have an obligation to consider the legality of SCC transfers to the US “on a case-by-case basis”, per Doyle.

“It will be in every single case you’d have to go and look at the set of circumstances in every single case to make a judgement whether to instruct them to cease doing it. There won’t be just a one size fits all,” he told TechCrunch. “It’s an extremely significant ruling.”

(If you’re curious about ‘Schrems I’, read this from 2015.)

Social network for women Peanut raises $12M Series A amid pandemic

Peanut, an app that began as a tool for finding new mom friends, has evolved into a social network now used by 1.6 million women to discuss a range of topics, from pregnancy and parenthood to marriage and menopause, and everything in between. On the heels of significant growth in online networking fueled by the COVID-19 pandemic, the company is today announcing the close of a $12 million Series A round of funding, led by EQT Ventures, a multi-stage VC firm that invests in companies across Europe and the U.S.

Index Ventures and Female Founders Fund also participated, bringing Peanut’s total raise to date to $21.8 million.

The round itself closed just weeks ago — arriving at a time when the coronavirus pandemic is impacting the startup world, often drying up venture capital for emerging companies. Some startups, as a result, have laid off employees to self-sustain, while others have sought exits or even folded.

Peanut, on the other hand, has seen rapid growth for its platform as women looked for a supportive online environment to discuss their own concerns over how COVID-19 was impacting their lives.

Many women participating in Peanut’s newer “Trying to Conceive” group, for example, worried about their canceled IVF rounds and how to plan for the future. Current moms-to-be wanted to hear from others about how COVID-19 would impact their hospital delivery plans. And others stuck working at home with kids looked for advice and coping strategies.

Since the outbreak, Peanut has seen engagement across its app increase by 30% and content consumption increase by 40%. Its total community also grew from 1 million users in December 2019 to now 1.6 million, as of April.

“We’re really lucky in that we’re growing and that we are, for the most part, untouched by what’s happening,” says Peanut founder and CEO Michelle Kennedy. “And actually, if anyone needed community more, it’s now,” she added.

Though the pandemic has sent the app’s usage skyrocketing, it has also readjusted Peanut’s priorities with regard to its roadmap.

Most notably, its friend-finding feature needs a rethink.

Peanut originally worked as a sort of “Tinder for mom friends” — an idea that arose from Kennedy’s personal experience with how difficult it was to forge female friendships after motherhood. As the former deputy CEO at dating app Badoo and an inaugural board member at Bumble, she brought her extensive experience in matchmaking apps to Peanut, which uses a similar swipe-based mechanism.

But COVID-19 has up-ended this side of Peanut’s business. Today, Peanut users are meeting in Zoom chat rooms to hangout or play games, but not in person.

Kennedy says the company will try to meet these users where they are with the development of more video networking features, potentially with technology built in-house. Other plans for the new capital include improvements to the social discovery aspects of its app, the development of a web version of Peanut, and the creation of more groups beyond those focused on fertility and motherhood, which have so far been core to the Peanut experience.

Specifically, the company soon plans to launch a new community focused on women living with menopause, an experience that will reach more than a billion women by 2025. Despite the fact that all women with ovaries will go through menopause, there are relatively few online communities dedicated to it — which Peanut sees as an untapped market.

Peanut’s real strength, however, is not in the types of communities it grows on its platform, but how they’re created.

There has not yet been a social network that focused on “building a platform for women, thinking about women’s needs and built by a women,” explains Kennedy. “So what we end up doing is using things that already exist — trying to twist them and mold them into what we need, and never getting it exactly right,” she says. “We can do better than that.”

One small example of this is the recent launch of Peanut’s “Mute Keywords” feature that allows women to remove certain types of discussions from their feeds and notifications. Some women used this to create a coronavirus-free news feed that focused on other aspects of motherhood. Others who were trying to conceive muted conversations around “pregnancy,” which they found emotionally triggering.

With the Series A’s close, Peanut says Naza Metghalchi from EQT Ventures joins the company’s majority-female board, alongside Hannah Seal from existing investor Index Ventures.

“Peanut’s user engagement metrics are a testament to the app’s ability to act as a true emotional companion throughout women’s journeys,” said Naza Metghalchi, venture lead and investment advisor at EQT Ventures, in a statement. “The EQT Ventures team is excited to partner with Michelle and continue to grow Peanut into a platform that serves all women at different life milestones, exploring topics beyond fertility and motherhood which have already seen such huge traction.”

The additional funding allows London-based Peanut to expand its business and hire more engineers to join its current team of just 16.

“I think having closed a round in this climate is great for the team,” says Kennedy. “It’s also great for the community because it means that we can grow the team, build quicker, build faster and develop the product more quickly,” she adds.

Facebook to launch ‘virtual dating’ over Messenger for Facebook Dating users

Facebook will soon allow users to go on “virtual dates,” the company announced today. The social network is planning to introduce a new video calling feature that will allow users of its Facebook Dating service to connect and video call over Messenger, as an alternative to going on a real-world date. This sort of feature is much in demand amid the coronavirus pandemic, which has forced people to stay home and practice social distancing.

But for online dating apps, which aim to connect people in the real world, it’s a significant challenge for their business.

For the time being, government lockdowns have limited the places where online daters could meet up for their first date. Restaurants, malls, bars and other retail establishments are closed across regions impacted by the coronavirus outbreak. But even when those restrictions lift, many online dating app users will be wary of meeting up with strangers for those first-time, getting-to-know-you dates. Video chat offers a safer option to explore potential connections with their matches.

When the new Facebook Dating feature goes live, online daters will be able to invite a match to a virtual date. The recipient can either choose to accept or decline the offer via a pop-up that appears.

If they accept, the Facebook Dating users will be connected in a video chat powered by Facebook Messenger in order to get to know one another.

As the feature is still being developed, Facebook declined to share more specific details about how it will work, in terms of privacy and security features.

Facebook is not the first online dating service to pivot to video as a result of the pandemic. But many rival dating apps were adopting video features well before the coronavirus struck, as well.

Bumble, for example, has offered voice and video calling in its app for roughly a year. The feature there works like a normal phone call or Apple’s FaceTime. However, users don’t have to share their phone number or other private information, like an email address, which makes it safer.

The company says use of the feature has spiked over the last two months as users embrace virtual dating.

Meanwhile, Match Group has more recently rolled out video across a number of the dating apps it operates.

This month, the Match app added video chat that allows users who have already matched to connect over video calls. Match-owned Hinge also rolled out a “Dating from Home” prompt and is preparing its own live video date feature, as well, Match says. Plenty of Fish (PoF), another Match property, launched live-streaming in March, giving singles a new way to hang out with friends and potential matches.

Match Group’s flagship app Tinder has not yet embraced live video dates, but still offers a way for users to add video to their profiles. The company couldn’t comment on whether or not video dating was in the works for Tinder, but in the post-COVID era, it would be almost bizarre to not offer such feature.

Other dating apps have also launched video dating, including eHarmony and a number of lesser-known dating apps hoping to now gain traction for their video dating concepts.

Facebook says the feature will roll out in the months ahead and will be available everywhere Facebook Dating is available.

What does a pandemic say about the tech we’ve built?

There’s a joke* being reshared on chat apps that takes the form of a multiple choice question — asking who’s the leading force in workplace digital transformation? The red-lined punchline is not the CEO or CTO but: C) COVID-19.

There’s likely more than a grain of truth underpinning the quip. The novel coronavirus is pushing a lot of metaphorical buttons right now. ‘Pause’ buttons for people and industries, as large swathes of the world’s population face quarantine conditions that can resemble house arrest. The majority of offline social and economic activities are suddenly off limits.

Such major pauses in our modern lifestyle may even turn into a full reset, over time. The world as it was, where mobility of people has been all but taken for granted — regardless of the environmental costs of so much commuting and indulged wanderlust — may never return to ‘business as usual’.

If global leadership rises to the occasional then the coronavirus crisis offers an opportunity to rethink how we structure our societies and economies — to make a shift towards lower carbon alternatives. After all, how many physical meetings do you really need when digital connectivity is accessible and reliable? As millions more office workers log onto the day job from home that number suddenly seems vanishingly small.

COVID-19 is clearly strengthening the case for broadband to be a utility — as so much more activity is pushed online. Even social media seems to have a genuine community purpose during a moment of national crisis when many people can only connect remotely, even with their nearest neighbours.

Hence the reports of people stuck at home flocking back to Facebook to sound off in the digital town square. Now the actual high street is off limits the vintage social network is experiencing a late second wind.

Facebook understands this sort of higher societal purpose already, of course. Which is why it’s been so proactive about building features that nudge users to ‘mark yourself safe’ during extraordinary events like natural disasters, major accidents and terrorist attacks. (Or indeed why it encouraged politicians to get into bed with its data platform in the first place — no matter the cost to democracy.)

In less fraught times, Facebook’s ‘purpose’ can be loosely summed to ‘killing time’. But with ever more sinkholes being drilled by the attention economy that’s a function under ferocious and sustained attack.

Over the years the tech giant has responded by engineering ways to rise back to the top of the social heap — including spying on and buying up competition, or directly cloning rival products. It’s been pulling off this trick, by hook or by crook, for over a decade. Albeit, this time Facebook can’t take any credit for the traffic uptick; A pandemic is nature’s dark pattern design.

What’s most interesting about this virally disrupted moment is how much of the digital technology that’s been built out online over the past two decades could very well have been designed for living through just such a dystopia.

Seen through this lens, VR should be having a major moment. A face computer that swaps out the stuff your eyes can actually see with a choose-your-own-digital-adventure of virtual worlds to explore, all from the comfort of your living room? What problem are you fixing VR? Well, the conceptual limits of human lockdown in the face of a pandemic quarantine right now, actually…

Virtual reality has never been a compelling proposition vs the rich and textured opportunity of real life, except within very narrow and niche bounds. Yet all of a sudden here we all are — with our horizons drastically narrowed and real-life news that’s ceaselessly harrowing. So it might yet end up wry punchline to another multiple choice joke: ‘My next vacation will be: A) Staycation, B) The spare room, C) VR escapism.’

It’s videoconferencing that’s actually having the big moment, though. Turns out even a pandemic can’t make VR go viral. Instead, long lapsed friendships are being rekindled over Zoom group chats or Google Hangouts. And Houseparty — a video chat app — has seen surging downloads as barflies seek out alternative night life with their usual watering-holes shuttered.

Bored celebs are TikToking. Impromptu concerts are being livestreamed from living rooms via Instagram and Facebook Live. All sorts of folks are managing social distancing and the stress of being stuck at home alone (or with family) by distant socializing — signing up to remote book clubs and discos; joining virtual dance parties and exercise sessions from bedrooms. Taking a few classes together. The quiet pub night with friends has morphed seamlessly into a bring-your-own-bottle group video chat.

This is not normal — but nor is it surprising. We’re living in the most extraordinary time. And it seems a very human response to mass disruption and physical separation (not to mention the trauma of an ongoing public health emergency that’s killing thousands of people a day) to reach for even a moving pixel of human comfort. Contactless human contact is better than none at all.

Yet the fact all these tools are already out there, ready and waiting for us to log on and start streaming, should send a dehumanizing chill down society’s backbone.

It underlines quite how much consumer technology is being designed to reprogram how we connect with each other, individually and in groups, in order that uninvited third parties can cut a profit.

Back in the pre-COVID-19 era, a key concern being attached to social media was its ability to hook users and encourage passive feed consumption — replacing genuine human contact with voyeuristic screening of friends’ lives. Studies have linked the tech to loneliness and depression. Now we’re literally unable to go out and meet friends the loss of human contact is real and stark. So being popular online in a pandemic really isn’t any kind of success metric.

Houseparty, for example, self-describes as a “face to face social network” — yet it’s quite the literal opposite; you’re foregoing face-to-face contact if you’re getting virtually together in app-wrapped form.

While the implication of Facebook’s COVID-19 traffic bump is that the company’s business model thrives on societal disruption and mainstream misery. Which, frankly, we knew already. Data-driven adtech is another way of saying it’s been engineered to spray you with ad-flavored dissatisfaction by spying on what you get up to. The coronavirus just hammers the point home.

The fact we have so many high-tech tools on tap for forging digital connections might feel like amazing serendipity in this crisis — a freemium bonanza for coping with terrible global trauma. But such bounty points to a horrible flip side: It’s the attention economy that’s infectious and insidious. Before ‘normal life’ plunged off a cliff all this sticky tech was labelled ‘everyday use’; not ‘break out in a global emergency’.

It’s never been clearer how these attention-hogging apps and services are designed to disrupt and monetize us; to embed themselves in our friendships and relationships in a way that’s subtly dehumanizing; re-routing emotion and connections; nudging us to swap in-person socializing for virtualized fuzz that designed to be data-mined and monetized by the same middlemen who’ve inserted themselves unasked into our private and social lives.

Captured and recompiled in this way, human connection is reduced to a series of dilute and/or meaningless transactions. The platforms deploying armies of engineers to knob-twiddle and pull strings to maximize ad opportunities, no matter the personal cost.

It’s also no accident we’re also seeing more of the vast and intrusive underpinnings of surveillance capitalism emerge, as the COVID-19 emergency rolls back some of the obfuscation that’s used to shield these business models from mainstream view in more normal times. The trackers are rushing to seize and colonize an opportunistic purpose.

Tech and ad giants are falling over themselves to get involved with offering data or apps for COVID-19 tracking. They’re already in the mass surveillance business so there’s likely never felt like a better moment than the present pandemic for the big data lobby to press the lie that individuals don’t care about privacy, as governments cry out for tools and resources to help save lives.

First the people-tracking platforms dressed up attacks on human agency as ‘relevant ads’. Now the data industrial complex is spinning police-state levels of mass surveillance as pandemic-busting corporate social responsibility. How quick the wheel turns.

But platforms should be careful what they wish for. Populations that find themselves under house arrest with their phones playing snitch might be just as quick to round on high tech gaolers as they’ve been to sign up for a friendly video chat in these strange and unprecedented times.

Oh and Zoom (and others) — more people might actually read your ‘privacy policy‘ now they’ve got so much time to mess about online. And that really is a risk.

*Source is a private Twitter account called @MBA_ish

Rallyhood exposed a decade of users’ private data

Rallyhood says it’s “private and secure.” But for some time, it wasn’t.

The social network designed to help groups communicate and coordinate left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade’s worth of user files.

Rallyhood boasts users from Girl Scout and Boy Scout troops, and Komen, Habitat for Humanities, and YMCA factions. The company also hosts thousands of smaller groups, like local bands, sports teams, art clubs, and organizing committees. Many flocked to the site after Rallyhood said it would help migrate users from Yahoo Groups, after Verizon (which also owns TechCrunch) said it would shut down the discussion forum site last year.

The bucket contained group data as far back to 2011 up to and including last month. In total, the bucket contained 4.1 terabytes of uploaded files, representing millions of users’ files.

Some of the files we reviewed contained sensitive data, like shared password lists and contracts or other permission slips and agreements. The documents also included non-disclosure agreements and other files that were not intended to be public.

Where we could identify contact information of users whose information was exposed, TechCrunch reached out to verify the authenticity of the data.

A security researcher who goes by the handle Timeless found the exposed bucket and informed TechCrunch, so that the bucket and its files could be secured.

When reached, Rallyhood chief technology officer Chris Alderson initially claimed that the bucket was for “testing” and that all user data was stored “in a highly secured bucket,” but later admitted that during a migration project, “there was a brief period when permissions were mistakenly left open.”

It’s not known if Rallyhood plans to warn its users and customers of the security lapse. At the time of writing, Rallyhood has made no statement on its website or any of its social media profiles of the incident.

Snap accelerator names its latest cohort

Yellow, the accelerator program launched by Snap in 2018, has selected ten companies to join its latest cohort.

The new batch of startups coming from across the U.S. and international cities like London, Mexico City, Seoul and Vilnius are building professional social networks for black professionals and blue collar workers, fashion labels, educational tools in augmented reality, kids entertainment, and an interactive entertainment production company.

The list of new companies include:

  • Brightly — an Oakland, Calif.-based media company angling to be the conscious consumer’s answer to Refinery29.
  • Charli Cohen — a London-based fashion and lifestyle brand.
  • Hardworkersa Cambridge, Mass.-based professional digital community built for blue-collar workers.
  • Mogul Millennial — this Dallas-based company is a digital media platform for black entrepreneurs and corporate leaders.
  • Nuggetverse — Los Angeles-based Nuggetverse is creating a children’s media business based on its marquee character, Tubby Nugget.
  • SketchAR — this Lithuanian company is developing an AI-based mobile app for teaching drawing using augmented reality.
  • Stipop — a Seoul-based sticker API developer with a library of over 100,000 stickers created by 5,000 artists.
  • TRASH — using this machine learning-based video editing toolkit, users can quickly create and edit high-quality, short-form video. The company is backed by none other than the National Science Foundation and based in Los Angeles.
  • Veam — another Seoul-based social networking company, Veam uses Airdrop as a way to create persistent chats with nearby users as a geolocated social network.
  • Wabisabi Design, Inc. — hailing from Mexico City, this startup makes mini games in augmented reality for brands and advertisers.

The latest cohort from Snap’s Yellow accelerator

Since launching the platform in 2018, startups from the Snap accelerator have gone on to acquisition (like Stop, Breathe, and Think, which was bought by Meredith Corp.) and to raise bigger rounds of funding (like the voiceover video production toolkit, MuzeTV, and the animation studio Toonstar).

Every company in the Yellow portfolio will receive $150,000 mentorship from industry veterans in and out of Snap, creative office space in Los Angeles and commercial support and partnerships — including Snapchat distribution.

“Building from the momentum of our first two Yellow programs, this new class approaches mobile creativity through the diverse lenses of augmented reality, platforms, commerce and media, yet each company has a clear vision to bring their products to life,” said Mike Su, Director of Yellow. “This class shows us that there’s no shortage of innovation at the intersection of creativity and technology, and we’re excited to be part of each company’s journey.”

Facebook Dating launch blocked in Europe after it fails to show privacy workings

Facebook has been left red-faced after being forced to call off the launch date of its dating service in Europe because it failed to give its lead EU data regulator enough advanced warning — including failing to demonstrate it had performed a legally required assessment of privacy risks.

Late yesterday Ireland’s Independent.ie newspaper reported that the Irish Data Protection Commission (DPC) had sent agents to Facebook’s Dublin office seeking documentation that Facebook had failed to provide — using inspection and document seizure powers set out in Section 130 of the country’s Data Protection Act.

In a statement on its website the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3.

“We were very concerned that this was the first that we’d heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, 13 February,” the regulator writes. “Our concerns were further compounded by the fact that no information/documentation was provided to us on 3 February in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland.”

Facebook announced its plan to get into the dating game all the way back in May 2018, trailing its Tinder-encroaching idea to bake a dating feature for non-friends into its social network at its F8 developer conference.

It went on to test launch the product in Colombia a few months later. And since then it’s been gradually adding more countries in South American and Asia. It also launched in the US last fall — soon after it was fined $5BN by the FTC for historical privacy lapses.

At the time of its US launch Facebook said dating would arrive in Europe by early 2020. It just didn’t think to keep its lead EU privacy regulator in the loop — despite the DPC having multiple (ongoing) investigations into other Facebook-owned products at this stage.

Which is either extremely careless or, well, an intentional fuck you to privacy oversight of its data-mining activities. (Among multiple probes being carried out under Europe’s General Data Protection Regulation, the DPC is looking into Facebook’s claimed legal basis for processing people’s data under the Facebook T&Cs, for example.)

The DPC’s statement confirms that its agents visited Facebook’s Dublin office on February 10 to carry out an inspection — in order to “expedite the procurement of the relevant documentation”.

Which is a nice way of the DPC saying Facebook spent a whole week still not sending it the required information.

“Facebook Ireland informed us last night that they have postponed the roll-out of this feature,” the DPC’s statement goes on.

Which is a nice way of saying Facebook fucked up and is being made to put a product rollout it’s been planning for at least half a year on ice.

The DPC’s head of communications, Graham Doyle, confirmed the enforcement action, telling us: “We’re currently reviewing all the documentation that we gathered as part of the inspection on Monday and we have posed further questions to Facebook and are awaiting the reply.”

“Contained in the documentation we gathered on Monday was a DPIA,” he added.

This begs the question why Facebook didn’t send the DPIA to the DPC on February 3 — unless of course this document did not actually exist on that date…

We’ve reached out to Facebook for comment — and to ask when it carried out the DPIA.

We’ve also asked the DPC to confirm its next steps. The regulator could ask Facebook to make changes to how the product functions in Europe if it’s not satisfied it complies with EU laws. So a delay may mean many things.

Under GDPR there’s a requirement for data controllers to bake privacy by design and default into products which are handling people’s information. And a dating product clearly is.

While a DPIA — which is a process whereby planned processing of personal data is assessed to consider the impact on the rights and freedoms of individuals — is a requirement under the GDPR when, for example, individual profiling is taking place or there’s processing of sensitive data on a large scale.

Again, the launch of a dating product on a platform such as Facebook — which has hundreds of millions of regional users — would be a clear-cut case for such an assessment to be carried out ahead of any launch.

Facebook won’t ban political ads, prefers to keep screwing democracy

It’s 2020 — a key election year in the US — and Facebook is doubling down on its policy of letting people pay it to fuck around with democracy.

Despite trenchant criticism — including from US lawmakers accusing Facebook’s CEO to his face of damaging American democracy the company is digging in, announcing as much today by reiterating its defence of continuing to accept money to run microtargeted political ads.

Instead of banning political ads Facebook is trumpeting a few tweaks to the information it lets users see about political ads — claiming it’s boosting “transparency” and “controls” while leaving its users vulnerable to default settings that offer neither.  

Political ads running on Facebook are able to be targeted at individuals’ preferences as a result of the company’s pervasive tracking and profiling of Internet users. And ethical concerns about microtargeting led the UK’s data protection watchdog to call in 2018 for a pause on the use of digital ad tools like Facebook by political campaigns — warning of grave risks to democracy.

Facebook isn’t for pausing political microtargeting, though. Even though various elements of its data-gathering activities are also subject to privacy and consent complaints, regulatory scrutiny and legal challenge in Europe, under regional data protection legislation.

Instead, the company made it clear last fall that it won’t fact-check political ads, nor block political messages that violate its speech policies — thereby giving politicians carte blanche to run hateful lies, if they so choose.

Facebook’s algorithms also demonstrably select for maximum eyeball engagement, making it simply the ‘smart choice’ for the modern digitally campaigning politician to run outrageous BS on Facebook — as long time Facebook exec Andrew Bosworth recently pointed out in an internal posting that leaked in full to the NYT.

Facebook founder Mark Zuckerberg’s defence of his social network’s political ads policy boils down to repeatedly claiming ‘it’s all free speech man’ (we paraphrase).

This is an entirely nuance-free argument that comedian Sacha Baron Cohen expertly demolished last year, pointing out that: “Under this twisted logic if Facebook were around in the 1930s it would have allowed Hitler to post 30-second ads on his solution to the ‘Jewish problem.’”

Facebook responded to the take-down with a denial that hate speech exists on its platform since it has a policy against it — per its typical crisis PR playbook. And it’s more of the same selectively self-serving arguments being dispensed by Facebook today.

In a blog post attributed to its director of product management, Rob Leathern, it expends more than 1,000 words on why it’s still not banning political ads (it would be bad for advertisers wanting to reaching “key audiences”, is the non-specific claim) — including making a diversionary call for regulators to set ad standards, thereby passing the buck on ‘democratic accountability’ to lawmakers (whose electability might very well depend on how many Facebook ads they run…), while spinning cosmetic, made-for-PR tweaks to its ad settings and what’s displayed in an ad archive that most Facebook users will never have heard of as “expanded transparency” and “more control”. 

In fact these tweaks do nothing to reform the fundamental problem of damaging defaults.

The onus remains on Facebook users to do the leg work on understanding what its platform is pushing at their eyeballs and why.

Even as the ‘extra’ info now being drip-fed to the Ad Library is still highly fuzzy (“We are adding ranges for Potential Reach, which is the estimated target audience size for each political, electoral or social issue ad so you can see how many people an advertiser wanted to reach with every ad,” as Facebook writes of one tweak.)

The new controls similarly require users to delve into complex settings menus in order to avail themselves of inherently incremental limits — such as an option that will let people opt into seeing “fewer” political and social issue ads. (Fewer is naturally relative, ergo the scale of the reduction remains entirely within Facebook’s control — so it’s more meaningless ‘control theatre’ from the lord of dark pattern design. Why can’t people switch off political and issue ads entirely?)

Another incremental setting lets users “stop seeing ads based on an advertiser’s Custom Audience from a list”.

But just imagine trying to explain WTF that means to your parents or grandparents — let alone an average Internet user actually being able to track down the ‘control’ and exercise any meaningful agency over the political junk ads they’re being exposed to on Facebook.

It is, to quote Baron Cohen, “bullshit”.

Nor are outsiders the only ones calling out Zuckerberg on his BS and “twisted logic”: A number of Facebook’s own employees warned in an open letter last year that allowing politicians to lie in Facebook ads essentially weaponizes the platform.

They also argued that the platform’s advanced targeting and behavioral tracking tools make it “hard for people in the electorate to participate in the public scrutiny that we’re saying comes along with political speech” — accusing the company’s leadership of making disingenuous arguments in defence of a toxic, anti-democratic policy. 

Nothing in what Facebook has announced today resets the anti-democratic asymmetry inherent in the platform’s relationship to its users.

Facebook users — and democratic societies — remain, by default, preyed upon by self-interested political interests thanks to Facebook’s policies which are dressed up in a self-interested misappropriation of ‘free speech’ as a cloak for its unfettered exploitation of individual attention as fuel for a propaganda-as-service business.

Yet other policy positions are available.

Twitter announced a total ban on political ads last year — and while the move doesn’t resolve wider disinformation issues attached to its platform, the decision to bar political ads has been widely lauded as a positive, standard-setting example.

Google also followed suit by announcing a ban on “demonstrably false claims” in political ads. It also put limits on the targeting terms that can be used for political advertising buys that appear in search, on display ads and on YouTube.

Still Facebook prefers to exploit “the absence of regulation”, as its blog post puts it, to not do the right thing and keep sticking two fingers up at democratic accountability — because not applying limits on behavioral advertising best serves its business interests. Screw democracy.

“We have based [our policies] on the principle that people should be able to hear from those who wish to lead them, warts and all, and that what they say should be scrutinized and debated in public,” Facebook writes, ignoring the fact that some of its own staff already pointed out the sketchy hypocrisy of trying to claim that complex ad targeting tools and techniques are open to public scrutiny.