Safety

Auto Added by WPeMatico

Google unveils its proposed ‘safety section’ for apps on Google Play

In the wake of Apple’s advances into consumer privacy with initiatives like App Tracking Transparency and App Store privacy labels, Google recently announced its own plans to introduce a new “safety section” on Google Play that offers more information about the data apps collect and share, and other security and privacy details. Today, the company is sharing for the first time what the new section’s user interface will look like, along with other requirements for developers.

In May, Google explained the safety section would be designed to easily communicate to users how apps are handling their data so they could make informed choices. It said app developers would need to disclose to users whether their app uses security practices like data encryption, whether it follows Google Play’s Families policy for apps aimed at kids, whether users have a choice in data sharing, whether the app’s safety section had been verified by a third party, and if the app allowed users to request data deletion at the time of uninstalling, among other things.

In the user interface concept Google debuted today, developers are now able to see how this feature will look to the end user.

Image Credits: Google

In the safety section, users will be able to see the developer’s explanation of what data the app collects followed by those other details, each with its own icon to serve as a visual indicator.

When users tap into the summary, they’ll be able to then see other details like what data is collected or shared — such as location, contacts, personal information (e.g., name, email address), financial information and more.

They’ll also be able to see how the data is used — for app functionality, personalization, etc. — and whether data collection is optional. 

Image Credits: Google

Google says it wants to give developers plenty of time to prepare for these Play Store changes, which is why it’s now sharing more information about the data type definitions, user journey and policy requirements of the new feature. 

It notes that all developers will have to provide a privacy policy by April 2022. Before, only apps that collected personal and sensitive user data were required to do so. Developers will also be required to share accurate and complete information about all the data in their safety section, including how it’s used by the app’s third-party libraries and SDKs. This is in line with what Apple demands for its apps.

Image Credits: Google

In October 2021, developers will be able to submit their information in the Google Play Console for review ahead of the planned launch of the safety section in Google Play, which is scheduled for the first quarter of 2022.

The company also notes it’s offering some buffer time after the section’s launch before apps must have their safety section approved by Google. However, the company says apps will have to be approved by Q2 2022 or risk having their app submissions or app updates rejected. And if an app doesn’t provide an approved safety section, the app will say “No information available.”

The change will help highlight how many active developers are present on Google Play, because those will be the ones who will adopt the new policy and showcase how their apps collect and use data.

The question that remains is how stringent Google will be about enforcing its new guidelines and how carefully apps will be reviewed. One interesting note here is that conscientious developers will be able to submit their safety section for a third-party review and then be able to promote that to users concerned about app data privacy and security.

This could help to address some potential criticism that these safety sections aren’t factual. That’s been a problem for Apple since the launch of its App Store privacy labels. The Washington Post discovered that a number of apps were displaying false information, making them less helpful to the users whose data they aimed to protect.

When reached for comment, however, Google declined to share more details about how the third-party verification process will work.

Powered by WPeMatico

Following Apple’s launch of privacy labels, Google to add a ‘safety’ section in Google Play

Months after Apple’s App Store introduced privacy labels for apps, Google announced its own mobile app marketplace, Google Play, will follow suit. The company today pre-announced its plans to introduce a new “safety” section in Google Play, rolling out next year, which will require app developers to share what sort of data their apps collect, how it’s stored and how it’s used.

For example, developers will need to share what sort of personal information their apps collect, like users’ names or emails, and whether it collects information from the phone, like the user’s precise location, their media files or contacts. Apps will also need to explain how the app uses that information — for example, for enhancing the app’s functionality or for personalization purposes.

Developers who already adhere to specific security and privacy practices will additionally be able to highlight that in their app listing. On this front, Google says it will add new elements that detail whether the app uses security practices like data encryption; if the app follows Google’s Families policy, related to child safety; if the app’s safety section has been verified by an independent third party; whether the app needs data to function or allows users to choose whether or not to share data; and whether the developer agrees to delete user data when a user uninstalls the app in question.

Apps will also be required to provide their privacy policies.

While clearly inspired by Apple’s privacy labels, there are several key differences. Apple’s labels focus on what data is being collected for tracking purposes and what’s linked to the end user. Google’s additions seem to be more about whether or not you can trust the data being collected is being handled responsibility, by allowing the developer to showcase if they follow best practices around data security, for instance. It also gives the developer a way to make a case for why it’s collecting data right on the listing page itself. (Apple’s “ask to track” pop-ups on iOS now force developers to beg inside their apps for access user data.)

Another interesting addition is that Google will allow the app data labels to be independently verified. Assuming these verifications are handled by trusted names, they could help to convey to users that the disclosures aren’t lies. One early criticism of Apple’s privacy labels was that many were providing inaccurate information — and were getting away with it, too.

Google says the new features will not roll out until Q2 2022, but it wanted to announce now in order to give developers plenty of time to prepare.

Image Credits: Google

There is, of course, a lot of irony to be found in an app privacy announcement from Google.

The company was one of the longest holdouts on issuing privacy labels for its own iOS apps, as it scrambled to review (and re-review, we understand) the labels’ content and disclosures. After initially claiming its labels would roll out “soon,” many of Google’s top apps then entered a lengthy period where they received no updates at all, as they were no longer compliant with App Store policies.

It took Google months after the deadline had passed to provide labels for its top apps. And when it did, it was mocked by critics — like privacy-focused search engine DuckDuckGo — for how much data apps like Chrome and the Google app collect.

Google’s plan to add a safety section of its own to Google Play gives it a chance to shift the narrative a bit.

It’s not a privacy push, necessarily. They’re not even called privacy labels! Instead, the changes seem designed to allow app developers to better explain if you can trust their app with your data, rather than setting the expectation that the app should not be collecting data in the first place.

How well this will resonate with consumers remains to be seen. Apple has made a solid case that it’s a company that cares about user privacy, and is adding features that put users in control of their data. It’s a hard argument to fight back against — especially in an era that’s seen too many data breaches to count, careless handling of private data by tech giants, widespread government spying and a creepy adtech industry that grew to feel entitled to user data collection without disclosure.

Google says when the changes roll out, non-compliant apps will be required to fix their violations or become subject to policy enforcement. It hasn’t yet detailed how that process will be handled, or whether it will pause app updates for apps in violation.

The company noted its own apps would be required to share this same information and a privacy policy, too.

Powered by WPeMatico

Tinder makes it easier to report bad actors using ‘unmatch’ to hide from victims

Last month, Bumble introduced a new feature that would prevent bad actors from using the dating app’s “unmatch” feature to hide from victims. Now Tinder has done something similar. The company announced on Friday it will soon roll out an update to its app that will make it easier for users to report someone who has used the unmatch feature in an effort to get away with their abuse. But in Tinder’s case, it’s only making it easier for users to learn how to report the violation, rather than giving the victims a button in the chat interface to report the abuse more directly.

Tinder notes that users have always been able to report anyone on the app at any time — even if the person had used the unmatch feature. But few users likely knew how to do so, as there weren’t obvious explanations in the app’s user interface about how to report a chat after it disappeared.

With the update, Tinder says it will soon add its “Safety Center” shield icon within the Match List, where the chats take place. This will direct users to the Safety Center in the app, where they can learn how to report users who aren’t displayed on the Match List because they used the unmatch feature.

Image Credits: Tinder

The updates to both Tinder and Bumble came about following an investigation by the Australian Broadcasting Corporation, which found that 48 out of 231 survey respondents who had used Tinder said they had reported other users for some kind of sexual offense. But only 11 of those reports had received any replies, and even fewer offered specific information about what was being done.

The story had also explained how bad actors would take advantage of the dating app’s “unmatch” feature to hide from their victims. After unmatching, their chat history would disappear from the victim’s phone, which would have allowed the user to more easily report the abuse to Tinder or even to law enforcement, if needed.

Though Tinder was the focus of the story, Bumble quickly followed up to say it was changing how unmatching on its app would work. Instead of having the chat disappear when unmatched, Bumble users are now shown a message that says the other person has ended the chat. Here, they’re given the option to also either delete the chat or report it.

The ability to report the chat directly from the messaging inbox is what makes Bumble’s solution more useful. Tinder, on the other hand, is just redirecting users to what’s essentially its help documentation — the Tinder Safety Center — to learn how to go about making such a report. The addition of this extra step could end up being a deterrent to making these reports, as it’s less straightforward than simply clicking a button that reads “Report.”

Tinder also didn’t address the other issues raised by the investigation, which said many reports lacked follow-up or clear information about what actions Tinder was taking to address the issues.

Instead, the company says that it will continue to acknowledge when reports are received to let the member making the report know an appropriate action will be taken. Tinder added it will also direct users to trained resources for crisis counseling and survivor support; remove accounts if it finds account holders have been reported for violent crimes; and will continue to work with law enforcement on investigations, when required. These actions, however, should be baseline features for any dating app, not points of pride.

Tinder stressed, too, that it would not remove the unmatch feature, which is necessary for safety and privacy of its members. That seems to miss the point of what users’ complaints were about. Tinder users were not angry or concerned that an unmatching feature existed in the first place, but that it was being used by bad actors to avoid repercussions for their abuse.

The company didn’t say precisely when the changes to the dating app would roll out, beyond the “coming weeks.”

Today, Tinder’s parent company also announced a partnership with RAINN, a large anti-sexual violence organization, to conduct “a comprehensive review of sexual misconduct reporting, moderation, and response across Match Group’s dating platforms” and “to work together to improve current safety systems and tools.”

The organization will review Tinder, Hinge and Plenty of Fish to determine what best practices should be. Match says the partnership begins today and will continue through 2021.

“Every person deserves safe and respectful experiences, and we want to do our part to create safer communities on our platforms and beyond,” said Tracey Breeden, head of Safety and Social Advocacy for Match Group, in a statement. “By working together with courageous, thought-leading organizations like RAINN, we will up level safety processes and strengthen our responses for survivors of sexual assault. Safety challenges touch every corner of society. We are committed to creating actionable solutions by working collaboratively with experts to innovate on meaningful, industry-led safety approaches,” she added.

 

Powered by WPeMatico

D-ID, the Israeli company that digitally de-identifies faces in videos and still images, raises $13.5 million

If only Facebook had been using the kind of technology that TechCrunch Startup Battlefield alumnus D-ID was pitching, it could have avoided exposing all of our faces to privacy destroying software services like Clearview AI.

At least, that’s the pitch that D-ID’s founder and chief executive, Gil Perry, makes when he’s talking about the significance of his startup’s technology.

D-ID, which stands for de-identification, is a pretty straightforward service that’s masking some highly involved and very advanced technology to blur digital images so they can’t be cross-referenced to determine someone’s identity.

It’s a technology whose moment has come as governments and private companies around the world ramp up their use of surveillance technologies as the world adjusts to a new reality in the wake of the COVID-19 epidemic.

“Governments around the world and organizations have used this new reality basically as an excuse for mass surveillance,” says Perry. His own government has used a track and trace system that monitors interactions between Israeli citizens using cell phone location data to determine whether anyone had been in contact with a person who had COVID-19.

While awareness of the issue may be increasing among consumers and regulators alike, the damage has, in many cases, already been done. Social media companies have already had their troves of images scraped by companies like Clearview AI, ClearView, HighQ and NTechLabs, and much of our personal information is already circulating online.

D-ID is undeterred. Founded by Perry and two other members of the Israeli army’s cybersecurity and offensive cyber unit, 8200, Sella Blondheim and Eliran Kuta, D-ID thinks the need for anonymizing technologies will continue to expand — thanks to new privacy legislation in Europe and certain states in the U.S. 

Meanwhile, the company is also exploring other applications for its technology. The services that D-ID uses to mask and blur faces can also be used to create deepfakes of images and video.

The market for these types of digital manipulations are still in their earliest days, according to Perry. Still, the company’s pitch managed to intrigue new lead investor AXA Ventures, which joined backers including Pitango, Y Combinator, AI Alliance, Hyundai, Omron, Maverick (U.S.) and Mindset, to participate in the company’s $13.5 million round.

D-ID already sees demand coming from automakers who want to use the technology to anonymize their driving monitoring systems — enabling them to record drivers’ reactions, but not any public identifying information. Security technologies that monitor for threats are another potential customer, according to the company. While closed circuit television monitors a physical space, it doesn’t need to collect the identifying information of people entering and exiting buildings.

“The convergence of increased surveillance and individual privacy protection places enterprises in a position where they must either anonymize their stored footage or risk violating privacy laws and face costly penalties.” said Blondheim.  

The technical wizardry that D-ID has mastered is impressive — and a necessary defensive tool to ensure privacy in the modern world, according to its founders. Consumers are demanding it, according to D-ID’s chief executive.

“Privacy awareness and the importance of privacy enhancing technologies have increased,” Perry said.

Powered by WPeMatico

Twitch announces a new Safety Advisory Council to guide its decision-making

Amazon-owned game-streaming site Twitch announced today the formation of a new group that will guide decision-making around new policies and products: the Twitch Safety Advisory Council. The eight-person council consists of both online experts and Twitch creators, who have a deep understanding of the Twitch platform, its content and community, the company says.

“When developing this council we felt it was essential to include both experts who can provide an external perspective, as well as Twitch streamers who deeply understand creators’ unique challenges and viewpoints,” Twitch explained, in an announcement introducing the new council members. “Each member of the council was carefully selected based on their familiarity with the Twitch community and their relevant personal and professional experiences.”

Twitch says it felt the need to create a group like this to allow communities to thrive on Twitch, particularly at a time its platform is seeing record levels of engagement. Due to the coronavirus outbreak, streaming services have seen sizable increases in usage — and Twitch has been no exception.

According to recent data from Arsenal.gg, StreamElements’ analytics partner, Twitch saw 48% month-over-month growth in hours watched between March and April, including game streams and non-gaming content combined, reaching 1.65 billion hours watched last month. Year-over-year, Twitch was up by 101% in hours watched as of April, thanks to sizable growth of Twitch’s “Just Chatting” category of non-game content that alone climbed 138% year-over-year.

Twitch confirmed some of these metrics, noting hours watched were up over 50% in the past four weeks since social distancing began. It also said that, in 2019, it was seeing an average of over 4 million unique streamers per month, totaling 10 billion hours watched.

But the growth in viewers and content means there’s also a lot more to manage to keep the community safe, which is where the advisory council is meant to help.

The group will offer their input on the drafting of new policies and policy updates; the development of new products and features aimed at improving safety and moderation; the promotion of healthy streaming and “work-life balance” habits; the protection of interests from marginalized groups; and the identification of emerging trends that could impact the Twitch experience.

In its announcement, Twitch introduced the new members as follows (its words):

Alex Holmes

Alex is Deputy CEO at non-profit The Diana Award, which is a legacy to Princess Diana’s belief that young people have the power to change the world. He is the founder of the peer to peer support program Anti-Bullying Ambassadors, a network of trained young people dedicated to preventing peer on peer violence (on and offline) and bullying, particularly in schools. Alex sits on the global safety advisory boards of a number of the major social media and tech companies advising them on their approach to safety and online harms.

CohhCarnage

CohhCarnage is a Twitch Partner and one of the original variety streamers on Twitch. He plays most major releases and indie darlings and is well known for his 100% franchise playthroughs leading up to major game releases. He is also a regular host on Dropped Frames, which covers the hottest news and games on the streaming scene. CohhCarnage is known for his positive community “The Cohhilition” and his slogan “happy, helpful, respectful.”

Cupahnoodle

Cupahnoodle is a partnered Twitch Ambassador and host/commentator, the Mayor of Cupton, a lover of zombies, and a music connoisseur. Her streams range from playing games, to hosting conventions and on site interviews, to providing colorful commentary at esports events.

Emma Llansó

Emma is the Director of the Center for Democracy & Technology’s Free Expression Project and leads CDT’s work to promote law and policy that support Internet users’ free expression rights in the United States, the European Union, and around the world. The Project’s work spans many subjects, including human trafficking, privacy and online reputation issues, counter-terrorism and “radicalizing” content, disinformation, and online harassment. Emma’s areas of focus include intermediary liability law, the capabilities and limitations of automated content analysis, transparency reporting, and best practices in content moderation for empowering users and online communities.

FerociouslySteph

Steph has been a full time streamer since her debut playing competitive collegiate Heroes of the Storm in 2016. She was one of the first transgender streamers to ever be partnered on Twitch, and the first to bring a transgender pride flag emote to the platform. Her fight for inclusivity includes creating a competitive team composed entirely of marginalized gamers, and vehemently opposing non inclusive mechanics such as voice chat.

Dr. Sameer Hinduja

Dr. Hinduja is a Professor in the School of Criminology and Criminal Justice at Florida Atlantic University and Co-Director of the Cyberbullying Research Center. He is recognized internationally for his groundbreaking work on the subjects of cyberbullying, sexting, and social media abuse, concerns that have paralleled the exponential growth in online communication by young people. As a noted speaker and expert on teens and social media use, Dr. Hinduja also trains students, educators, parents, mental health professionals, and other youth workers on how to promote the positive use of technology. Dr. Hinduja is also the Co-Founder and Co-Editor-in-Chief of the International Journal of Bullying Prevention, a new peer-reviewed journal from Springer.

T.L. Taylor

T.L. Taylor is Professor of Comparative Media Studies at MIT and co-founder and Director of Research for AnyKey, an organization dedicated to supporting and developing fair and inclusive esports. She is a qualitative sociologist who has focused on internet and game studies for over two decades. Dr. Taylor’s research explores the interrelations between culture and technology in online leisure environments. Her 2018 book, Watch Me Play: Twitch and the Rise of Game Live Streaming, is the first of its kind to chronicle the emerging media space of online game broadcasting.

Zizaran

Zizaran is a Twitch Partner who has been streaming since 2015. His streams mostly focus on ARPGs, particularly Path of Exile. He believes that Twitch has a culture you can’t find anywhere else and looks forward to helping Twitch make rules clearer and reducing community confusion, specifically when it comes to bans and suspensions on the platform.

The council’s launch isn’t just about keeping Twitch safe and welcoming. It’s also arriving at a time when Twitch is pitching itself to advertisers, whose marketing efforts have been impacted due to the cancellations of live events and sports amid the pandemic. Advertisers, burned by YouTube in the past, are looking for brand safety.

This coronavirus pandemic has increased demand from clients who have accelerated their interest in Twitch, the company recently told The Drum in an interview. In addition, the game-streaming site can help address viewers’ demand for sports content through its sports sims, and their demand for competitions to watch through esports.

On the latter front, Twitch just weeks ago launched an esports directory on its site to cater to its growing streaming audience. It also recently partnered with Comscore to bring gaming and esports stats to advertisers.

The site generated $230 million ad revenue in 2018, which increased to $300 million in 2019, according to a report by The Information. But ad rates are down in 2020 due to the pandemic. That means Twitch may gain more interest and more advertisers, but not see a significant jump in revenue to reflect that until further down the road.

Powered by WPeMatico

Teen hit Yolo raises $8M to let you Snapchat anonymously

It wasn’t a fad. Yolo became the country’s No. 1 app just a week after launch by letting teens ask for anonymous replies to questions they posted on Snapchat. But nine months later, Yolo is still in the top 100 iOS apps and has 10 million active users. Now it’s safeguarding the app from predators while revealing a smart new feature for spinning up anonymous group chats, powered by $8 million in fresh funding.

“What we are trying to build is a new kind of network where there’s a fluidity to identity,” Yolo co-founder Greg Henrion tells me. “We weren’t sure if Yolo was here to stay, but we’re still ranking well and there seems to be a real opportunity in anonymity starting with Snapchat Q&A.”

Yolo is the first big win for Snapchat’s Snap Kit platform that lets developers piggyback on its login, Bitmoji avatars, stickers and Stories. This lets tiny development teams build apps that hundreds of millions of people, teens in particular, can instantly sign up for in just a few taps. Another Snap Kit app for meeting new people called Hoop recently spiked to No. 2 on the charts

We haven’t seen this kind of social platform success since Zynga’s empire rose atop Facebook. Spawning more blockbusters like Yolo could ensure that a Snapchat account is a must-have utility for the next generation.

Sleepless nights atop the charts

“For two weeks we basically didn’t sleep,” Henrion recalls about the chaos he and co-founder Clément Raffenoux endured after Yolo shot to No. 1 last May. “You’re trying to stay afloat. It was very, very wild.”

The basic premise of Yolo is that you write a question like, “Who’s my celebrity look alike?”, “What do people really think of me?” or “How could I be nicer?” You’re then switched over to Snapchat, where you can post the question in your Story or messages with a link back to Yolo. There, people can anonymously leave a response; you can post that and your reply with another post on Snapchat.

Yolo co-founder and CEO Greg Henrion, in real life and Bitmoji

The result is that friends and followers feel comfortable giving you real talk. They don’t have to sugarcoat their answers. And that makes people race to open Yolo each time they get a message. Yolo has seen 26 million downloads across iOS and Android globally, with nearly 70% in the U.S, according to Sensor Tower.

Other anonymous apps like tbh (acquired by Facebook) and Sarahah (kicked off the app stores) quickly faded, and others eventually imploded due to bullying, like Secret and YikYak. Although tbh hit No. 1 in September 2017, it was out of the top 500 by November. It seems a combination of inherent virality via Snapchat, easy user acquisition via Snap Kit and sharp product design has given Yolo some staying power. It still managed 2.2 million downloads last month versus a peak of 5.5 million in its first month back in May 2019.

That June, Yolo quietly raised a $2 million seed round thanks to its sudden success. The team had been grinding since 2017 on a video reactions app called Popshow funded by a small pre-seed round from SV Angel, Shrug Capital and Product Hunt’s Ryan Hoover. They’d previously built music video-making app Mindie that eventually sold to influencer collective Shots Studios. Popshow never caught on, so the team began experimenting on Snap Kit, building a more official Q&A feature for Snapchat than predecessors like Sarahah and Polly. Then, boom. Days after launch, Yolo’s usage exploded.

But to keep users interested, Yolo needed to evolve. That would require more funding for the eight-person team split between Snapchat’s home of Los Angeles and Henrion’s home of Paris.

An honest way to chat

The concept of a social app where users could shift between full anonymity and representation via avatar attracted its $8 million Series A to invest in product and engineering. The round was led by Thrive Capital, Ron Conway’s A.Capital, former TechCrunch editor Alexia Tsotsis’ Dream Machine (also in the seed round), Shrug, Day One, Goodwater, Knight VC, ex-Facebooker Bobby Goodlatte, Twitter co-founder Biz Stone and SV Angel’s Brian Pokorny.

That cash fueled the release of Yolo’s new group chat feature. You can set up a chat room, give it a name and generate an invite URL or sticker you can post on Snapchat, just like its previous question feature. Friends or friends of friends that are already in can join the group chat, represented by their Bitmoji instead of their name. Yolo suggests people join the more open “party mode” chats where their friends are active.

What makes this special is that once an hour, users can tap the Yolo Superpowers button to send  a totally anonymous message to the group. More Superpowers are coming, but there’s also an anonymous “Someone has a crush on [name]” message so you can secretly profess your affection to anyone or someone else in the chat.

“The limits of Q&A is that it doesn’t generate real conversation. It’s an ice breaker, but we also want conversations to happen,” Henrion stresses. “‘What do you think about this dress?’ The group chat is more about ‘let’s talk about the dress.’” The chats could be focused on people you actually know offline, or those you share interests with. The option to restrict group chats to either just your contacts or friends of friends “limits the amount of meeting strangers,” Henrion explains. “This is very different from the public communities like Reddit or the dating apps.”

Can “anonymous” be synonymous with “safe”?

Still, anonymous apps have consistently proven to be havens for cyberbullying and unsafe behavior. Without the accountability of having your name attached, people are free to say awful things. That can be even worse amongst teenagers who might get in trouble for being mean at school but not on an app.

Yolo first focused on messages blocking 10% of overall messages that contained offensive content. That meant blatant hate speech and trolling couldn’t spread through the app. “We’re strict on moderation. When looking at the reviews about bullying, it’s like nothing compared to any other anonymous app. I think we solved 90% of the problem.”

Now it’s working with Snapchat to safeguard the group chats feature. The goal is to ensure Yolo doesn’t actively recommend chat amongst adults to minors and vice-versa. Henrion says this update should roll out soon.

“It’s 2020 and we need to be very responsible” Henrion tells me. “Moderation and growth are the most difficult things to balance. It’s moderation first for sure. We don’t care about growth if it’s not healthy or sustainable.” The new funding also gives Yolo the luxury of pushing back monetization while it focuses on safely adding more users.

By making anonymity more private, Yolo has a chance to sidestep some of the worst elements of human behavior. Making fun of someone has less appeal if there’s no wider audience like trolls exploited in the feeds and comment reels of Secret and YikYak.

That could let the brighter side of anonymity shine through: vulnerability, honesty and deep connections that are enhanced by the absence of embarrassment. With all the change, uncertainty and anxiety that’s part of growing up, teens deserve a place where they can be open with each other and speak their minds. After all, you only live once.

Powered by WPeMatico

AntiToxin sells safetytech to clean up poisoned platforms

The big social networks and video games have failed to prioritize user well-being over their own growth. As a result, society is losing the battle against bullying, predators, hate speech, misinformation and scammers. Typically when a whole class of tech companies have a dire problem they can’t cost-effectively solve themselves, a software-as-a-service emerges to fill the gap in web hosting, payment processing, etc. So along comes AntiToxin Technologies, a new startup that wants to help web giants fix their abuse troubles with its safety-as-a-service.

It all started on Minecraft. AntiToxin co-founder Ron Porat is cybersecurity expert who’d started ad blocker Shine. Yet right under his nose, one of his kids was being mercilessly bullied on the hit children’s game. If even those most internet-savvy parents were being surprised by online abuse, Porat realized the issue was bigger than could be addressed by victims trying to protect themselves. The platforms had to do more, research confirmed.

A recent Ofcom study found almost 80% of children had a potentially harmful online experience in the past year. Indeed, 23% said they’d been cyberbullied, and 28% of 12 to 15-year-olds said they’d received unwelcome friend or follow requests from strangers. A Ditch The Label study found of 12 to 20-year-olds who’d been bullied online, 42% were bullied on Instagram.

Unfortunately, the massive scale of the threat combined with a late start on policing by top apps makes progress tough without tremendous spending. Facebook tripled the headcount of its content moderation and security team, taking a noticeable hit to its profits, yet toxicity persists. Other mainstays like YouTube and Twitter have yet to make concrete commitments to safety spending or staffing, and the result is non-stop scandals of child exploitation and targeted harassment. Smaller companies like Snap or Fortnite-maker Epic Games may not have the money to develop sufficient safeguards in-house.

“The tech giants have proven time and time again we can’t rely on them. They’ve abdicated their responsibility. Parents need to realize this problem won’t be solved by these companies” says AntiToxin co-founder and CEO Zohar Levkovitz, who previously sold his mobile ad company Amobee to Singtel for $321 million. “You need new players, new thinking, new technology. A company where ‘Safety’ is the product, not an after-thought. And that’s where we come-in.” The startup recently raised a multimillion-dollar seed round from Mangrove Capital Partners and is allegedly prepping for a double-digit millions Series A.

AntiToxin’s technology plugs into the backends of apps with social communities that either broadcast or message with each other and are thereby exposed to abuse. AntiToxin’s systems privately and securely crunch all the available signals regarding user behavior and policy violation reports, from text to videos to blocking. It then can flag a wide range of toxic actions and let the client decide whether to delete the activity, suspend the user responsible or how else to proceed based on their terms and local laws.

Through the use of artificial intelligence, including natural language processing, machine learning and computer vision, AntiToxin can identify the intent of behavior to determine if it’s malicious. For example, the company tells me it can distinguish between a married couple consensually exchanging nude photos on a messaging app versus an adult sending inappropriate imagery to a child. It also can determine if two teens are swearing at each other playfully as they compete in a video game or if one is verbally harassing the other. The company says that beats using static dictionary blacklists of forbidden words.

AntiToxin is under NDA, so it can’t reveal its client list, but claims recent media attention and looming regulation regarding online abuse has ramped up inbound interest. Eventually the company hopes to build better predictive software to identify users who’ve shown signs of increasingly worrisome behavior so their activity can be more closely moderated before they lash out. And it’s trying to build a “safety graph” that will help it identify bad actors across services so they can be broadly deplatformed similar to the way Facebook uses data on Instagram abuse to police connected WhatsApp accounts.

“We’re approaching this very human problem like a cybersecurity company, that is, everything is a Zero-Day for us” says Levkowitz, discussing how AntiToxin indexes new patterns of abuse it can then search for across its clients. “We’ve got intelligence unit alums, PhDs and data scientists creating anti-toxicity detection algorithms that the world is yearning for.” AntiToxin is already having an impact. TechCrunch commissioned it to investigate a tip about child sexual imagery on Microsoft’s Bing search engine. We discovered Bing was actually recommending child abuse image results to people who’d conducted innocent searches, leading Bing to make changes to clean up its act.

AntiToxin identified publicly listed WhatsApp Groups where child sexual abuse imagery was exchanged

One major threat to AntiToxin’s business is what’s often seen as boosting online safety: end-to-end encryption. AntiToxin claims that when companies like Facebook expand encryption, they’re purposefully hiding problematic content from themselves so they don’t have to police it.

Facebook claims it still can use metadata about connections on its already encrypted WhatApp network to suspend those who violate its policy. But AntiToxin provided research to TechCrunch for an investigation that found child sexual abuse imagery sharing groups were openly accessible and discoverable on WhatsApp — in part because encryption made them hard to hunt down for WhatsApp’s automated systems.

AntiToxin believes abuse would proliferate if encryption becomes a wider trend, and it claims the harm that it  causes outweighs fears about companies or governments surveiling unencrypted transmissions. It’s a tough call. Political dissidents, whistleblowers and perhaps the whole concept of civil liberty rely on encryption. But parents may see sex offenders and bullies as a more dire concern that’s reinforced by platforms having no idea what people are saying inside chat threads.

What seems clear is that the status quo has got to go. Shaming, exclusion, sexism, grooming, impersonation and threats of violence have started to feel commonplace. A culture of cruelty breeds more cruelty. Tech’s success stories are being marred by horror stories from their users. Paying to pick up new weapons in the fight against toxicity seems like a reasonable investment to demand.

Powered by WPeMatico

Freedom Mobile server leak exposed customer data

A security lapse at Canada’s fourth largest cell network, Freedom Mobile, exposed customer data.

Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data.

Rotem and Locar, who shared their findings exclusively with TechCrunch and published a report at vpnMentor, said it took the cell giant a week to secure the leaking database after first reaching out.

The database is believed to be part of a logging system used by the company to determine errors and glitches in the company’s systems. The database recorded any errors and the plaintext data associated with it, including customer data.

Data seen by TechCrunch reveals customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types and Freedom Mobile account numbers.

The logs also contain answers to credit checks filed through Equifax, including details if an application was accepted or rejected — along with the reason why.

We also found full credit card numbers, expiry dates and verification numbers stored in plaintext.

None of the data was encrypted.

Freedom Mobile has more than 1.5 million customers across Canada, according to its latest financial earnings. Chethan Lakshman, a spokesperson for Freedom Mobile’s parent company Shaw Communications, said about 15,000 customers were affected.

“We have discovered that the data that was exposed was contained to a very small number of customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations from March 25 to April 15, and any customers who made changes or opened accounts on April 16,” he said. “Our investigation has revealed that a very limited amount of Freedom Mobile customer data was exposed as the result of a misconfigured server managed by Apptium, a new third-party service provider Freedom Mobile has engaged to streamline our retail customer support processes.”

A forensic investigation is underway, the spokesperson said.

Apptium did not return a request for comment.

It’s the latest in a string of data exposures following security lapses that failed to secure databases with basic security measures. Earlier this year, Rotem and Locar found Chinese online shopping giant Gearbest inadvertently exposed millions of customer orders. Now, the researchers say the Freedom Mobile data leak could be one of Canada’s largest. The closest was Bell Canada’s data breach in 2017, in which hackers took more than 1.9 million customer records.

Access to credit card data and credit score data would be a boon for fraudsters and identity thieves wanting to cash in.

A spokesperson for Canada’s data protection authority, the Office of the Privacy Commissioner, confirmed it “received a breach report related to Freedom Mobile,” and “will be examining the report in order to determine next steps.”

Read more:

Powered by WPeMatico

TikTok is launching a series of online safety videos in its app

On the heels of news that TikTok has reached 1 billion downloads, the company today is launching a new initiative designed to help inform users about online safety, TikTok’s various privacy settings and other controls they can use within its app, and more. Instead of dumping this information in an in-app FAQ or help documentation, the company will release a series of video tutorials that are meant to be engaging and fun, in order to better resemble the other content on TikTok itself.

The safety series, called “You’re in Control,” will star TikTok users and make use of popular memes, in-app editing tricks and other effects, just like other TikTok videos do. The videos will appear in the app and be available through the new @tiktoktips account. 

The videos will focus on a range of privacy, safety and well-being settings and other safety-related policies. This includes TikTok’s Community Guidelines, how in-app reporting works, plus other settings for protecting your privacy, how to control comments, settings to manage your screen time and more.

They’re not exactly your traditional how-to videos, however.

Instead, the videos showcase what’s often more serious issues — like being overrun with unwanted messages — in a humorous fashion. For example, in the video about configuring your message controls, angry commenters are depicted as shouting passengers on an airplane while the user is depicted by an overwhelmed flight attendant.

“Too many DMs?,” the video asks. The flight attendant snaps his fingers, which causes most of the passengers to disappear. The scene returns to peace and quiet. It’s a simple enough analogy for TikTok’s younger user base to understand.

This is then followed by a screen recording that shows you how to turn off messaging within the TikTok app’s settings.

Other videos have a similar style.

A barking, growling dog is used to demonstrate Restricted Mode, for instance. A noisy crowd overlooking someone’s shoulder is the intro on the video about using comment controls.

Another video encourages the use of screen time controls, asking “can’t put your phone down?” and shows someone so wrapped up in their phone they aren’t watching where they’re walking.

But the video about the Community Guidelines is maybe the most cringe-y, as it feels a bit like your parents reminding you to “play nice.” However, it still manages to set a tone for what TikTok wants to promote — a community for “positive vibes” where everyone feels “safe and comfortable.”

At launch, there are seven of these short-form videos in the safety series, which will launch in the TikTok app in the U.S. and U.K on Wednesday. In time, the company plans to add other tutorials and expand the series across its global markets, it says.

Of course, TikTok needs more than a series of videos to make its app a safe and welcoming community, the way it desires. It also needs a combination of policies, settings, controls, technology, moderation and more, the company says. And it needs to comply with COPPA laws – which it’s basically skirting.

That said, a focus on user education is an important aspect to this larger goal — and it stands in stark contrast to how Facebook intentionally made its privacy settings so complex and difficult to find and use for so many of its earlier years that people gave up trying.

How well TikTok can execute on user privacy and safety as the app grows still remains to be seen. For now, it tends to be talked about as either a wholesome and fun video experience, or an online cesspool filled with hateful content and child predators. It’s an app on the internet, so both versions of this story are likely true.

There is no large user-generated content site — even those run by Facebook, Twitter and YouTube — that has figured out how to properly police the hatefulness and evil contained in humanity. But TikTok, at least, takes care not to showcase that content in its main feed — you have to seek it out directly (or train its algorithm by never clicking on anything wholesome).

But, so far, TikTok has been better reviewed by child safety advocates than you might expect. For instance, Common Sense Media — a nonprofit that provides unbiased and trusted advice about all sorts of media, including apps — said that the app, used with parental supervision, can be “a kid-friendly experience.”

The launch of the video series comes at a time when TikTok’s growth is surging. The app recently surpassed a billion installs across the iOS App Store and Google Play, including Lite versions and regional variations, but excluding Android installs in China, according to data from Sensor Tower.

Roughly 25 percent of those installs are from India, the report said. And around 663 million of TikTok’s total installs occurred in 2018, which made the app the No. 4 most downloaded non-game for the year.

However, installs alone don’t tell the story of how many people actually use the app or how often. And a chunk of these could be the same user installing the app on multiple devices, or even bots used to push the app up the charts. In addition, parents often download the app their tween or teen is using for monitoring purposes, but don’t engage with the app or its content on a regular basis.

Below, is a compilation of all the new videos launching today:

Powered by WPeMatico

Want to reduce fraud? Make a better password, dummy!

Researchers at Indiana University have confirmed that stringent password policies – aside from being really annoying – actually work. The research, led by Ph.D. student Jacob Abbott, IU CIO Daniel Calarco, and professor L. Jean Camp. They published their findings in a paper entitled “Factors Influencing Password Reuse: A Case Study.”

“Our paper shows that passphrase requirements such as a 15-character minimum length deter the vast majority of IU users (99.98 percent) from reusing passwords or passphrases on other sites,” said Abbott. “Other universities with fewer password requirements had reuse rates potentially as high as 40 percent.”

To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including their home institution, IU. Next, they extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to a university’s domain, passwords were compiled and compared against a university’s official password policy.

The findings were clear: Stringent password rules significantly lower a university’s risk of personal data breaches.

In short, requiring longer passwords and creating a truly stringent password policy reduced fraud and password reuse by almost 99%. Further, the researchers found that preventing users from adding their name or username inside passwords it’s also pretty helpful. Ultimately, having a stringent password policy is far better than have none at all. It’s a no-brainer but it could be an important data point for your next tech project.

Powered by WPeMatico