Apps
Auto Added by WPeMatico
Lyft’s app code reveals unlaunched bike or scooter feature
Lyft hasn’t acquired a bike-sharing startup or gotten a scooter permit yet, but it’s already preparing its app for them with a feature codenamed “last mile.” Code and screenshots dug out of Lyft’s Android app reveal a way to search a map for last-mile vehicles, and scan a QR code or enter a pin to unlock them.
These materials come to TechCrunch from Jane Manchun Wong, who’s recently established herself as a prolific app code investigator. Her work has led to TechCrunch scoops on Instagram video calling and Usage Insights, Twitter encrypted DMs and Facebook’s personalized emoji Avatars that were confirmed by the companies.
Lyft’s entrance into last-mile vehicles could win customers looking for quick, cheap and exciting transportation beyond the longer car trips it already offers. Renting scooters or bikes from the same app as its car rideshare options would allow it to compete with dedicated last-mile provides like LimeBike and Bird that don’t benefit from the customer cross-pollination. It would also help it keep up with Uber, which recently acquired electric bike-share startup JUMP.
The screenshots show a map you can browse to find nearby vehicles plus a “Scan to ride” button. That brings up a barcode scanner for unlocking the vehicle, though there’s also an option to enter four-digit pin code on your phone for unlocking. Code reveals that vehicles can have a status of “Idle, Unlocking, In Ride, Locked, or Post Ride.”
Lyft is one of a dozen companies the SF Chronicle reports have applied for five dockless scooter permits from San Francisco Municipal Transportation Agency. Regarding these new in-app materials, a Lyft spokesperson told TechCrunch, “As has been reported I can confirm that we’ve submitted an application to the SFMTA but we aren’t sharing any further details at this time.”
Lyft is vying for a permit alongside Uber, Spin, LimeBike, Bird, Razor, Scoot, Ofo, Skip, CycleHop, Ridecell, and USSCooter. SF recently banned scooter rentals after an unregulated invasion by several of these companies saw the vehicles strewn on sidewalks, obstructing pedestrians.
Lyft’s Android code includes new “last mile” features
Meanwhile, The Information reports that Lyft is in talks to acquire Mobike, offering $250 million or more for the startup that operates NYC’s Citi Bikes, and SF’s Ford GoBikes. But Axios reports Uber is trying to muscle in with its own bid, which could block Lyft or at least force it to pay a higher price. Lyft already offers bike rentals in Baltimore, but only through the Baltimore Bike Share app, not its own.
Some might see all this as premature, with scooter rentals existing in few cities and considerable backlash from some citizens. But given the alternatives are either slow walking, or ridesharing that can increase traffic congestion, create more carbon emissions and be quite expensive for short trips, many who give scooters a shot are finding them quite pleasant.
A driver displays Uber and Lyft ridesharing signs in his car windscreen in Santa Monica, California, U.S., May 23, 2016. About a half dozen ride-hailing firms have rushed into Texas tech hub Austin after market leaders Uber and Lyft left the city a little over a month ago in a huff over municipal requirements that they fingerprint drivers. REUTERS/Lucy Nicholson/Files
Hopefully, cities will focus on giving permits to dockless bike and scooter companies willing to incentivize proper parking, bike lane riding and helmet usage, and that build reliable hardware that doesn’t end up broken or out of battery on the streets. Given Lyft’s more cooperative brand in comparison to Uber’s more confrontational style, it could leverage its public perception to gain access to markets with these vehicles.
If those permits or acquisitions come through, Lyft clearly wants to move fast to get last-mile transportations in customers’ hands and under their feet.
Powered by WPeMatico
Bet money on yourself with Proveit, the 1-vs-1 trivia app
Pick a category, wager a few dollars and double your money in 60 seconds if you’re smarter and faster than your opponent. Proveit offers a fresh take on trivia and game show apps by letting you win or lose cash on quick 10-question, multiple choice quizzes. Sick of waiting to battle a million people on HQ for a chance at a fraction of the jackpot? Play one-on-one anytime you want or enter into scheduled tournaments with $1,000 or more in prize money, while Proveit takes around 10 percent to 15 percent of the stakes.
“I’d play Jeopardy all the time with my family and wondered ‘why can’t I do this for money?’ ” says co-founder Prem Thomas.
Remarkably, it’s all legal. The Proveit team spent two years getting approved as “skill-based gaming” that exempts it from some laws that have hindered fantasy sports betting apps. And for those at risk of addiction, Proveit offers players and their loved ones a way to cut them off.
The scrappy Florida-based startup has raised $2.3 million so far. With fun games and a snackable format, Proveit lets you enjoy the thrill of betting at a moment’s notice. That could make it a favorite amongst players and investors in a world of mobile games without consequences.
“I could spend $50 for a three-hour experience in a movie theater, or I could spend $2 to enter a Proveit Movies tournament that gives me the opportunity to compete for several thousand dollars in prize money,” says co-founder Nathan Lehoux. “That could pay for a lot of movies tickets!”
Proving it as outsiders
St. Petersburg, Fla. isn’t exactly known as an innovation hub. But outside Tampa Bay, far from the distractions, copycatting and astronomical rent of Silicon Valley, the founders of Proveit built something different. “What if people could play trivia for money just like fantasy sports?” Thomas asked his friend Lehoux.
That’s the same pitch that got me interested when Lehoux tracked me down at TechCrunch’s SXSW party earlier this year. Lehoux is a jolly, outgoing fella who became interested in startups while managing some angel investments for a family office. Thomas had worked in banking and health before starting a yoga-inspired sandals brand. Neither had computer science backgrounds, and they’d raised just a $300,000 seed round from childhood friend Hilt Tatum who’d co-founded beleaguered real money gambling site Absolute Poker.
Yet when he Lehoux thrust the Proveit app into my hand, even on a clogged mobile network at SXSW, it ran smoothly and I immediately felt the adrenaline rush of matching wits for money. They’d initially outsourced development to an NYC firm that burned much of their initial $300,000 seed funding without delivering. Luckily, the Ukrainian they’d hired to help review that shop’s code helped them spin up a whole team there that built an impressive v1 of Proveit.
Meanwhile, the founders worked with a gaming lawyer to secure approvals in 33 states including California, New York, and Texas. “This is a highly regulated and highly controversial space due to all the negative press that fantasy sports drummed up,” says Lehoux. “We talked to 100 banks and processors before finding one who’d work with us.”
Proveit founders (from left): Nathan Lehoux, Prem Thomas
Proveit was finally legal for the three-fourths of the U.S. population, and had a regulatory moat to deter competitors. To raise launch capital, the duo tapped their Florida connections to find John Morgan, a high-profile lawyer and medical marijuana advocate, who footed a $2 million angel round. A team of grad students in Tampa Bay was assembled to concoct the trivia questions, while a third-party AI company assists with weeding out fraud.
Proveit launched early this year, but beyond a SXSW promotion, it has stayed under the radar as it tinkers with tournaments and retention tactics. The app has now reached 80,000 registered users, 6,000 multi-deposit hardcore loyalists and has paid out $750,000 total. But watching HQ trivia climb to more than 1 million players per game has proven a bigger market for Proveit.
Quiz for cash
“We’re actually fans of HQ. We play. We think they’ve revolutionized the game show,” Lehoux tells me. “What we want to do is provide something very different. With HQ, you can’t pick your category. You can’t pick the time you want to play. We want to offer a much more customized experience.”
To play Proveit, you download its iOS-only app and fund your account with a buy-in of $20 to $100, earning more bonus cash with bigger packages (no minors allowed). Then you play a practice round to get the hang of it — something HQ sorely lacks. Once you’re ready, you pick from a list of game categories, each with a fixed wager of about $1 to $5 to play (choose your own bet is in the works). You can test your knowledge of superheroes, the ’90s, quotes, current events, rock ‘n roll, Seinfeld, tech and a rotating selection of other topics.
In each Proveit game you get 10 questions, 1 at a time, with up to 15 seconds to answer each. Most games are head-to-head, with options to be matched with a stranger, or a friend via phone contacts. You score more for quick answers, discouraging cheating via Google, and get penalized for errors. At the end, your score is tallied up and compared to your opponent, with the winner keeping both player’s wagers minus Proveit’s cut. In a minute or so, you could lose $3 or win $5.28. Afterwards you can demand a rematch, go double-or-nothing, head back to the category list or cash out if you have more than $20.
The speed element creates intense, white-knuckled urgency. You can get every question right and still lose if your opponent is faster. So instead of second-guessing until locking in your choice just before the buzzer like on HQ, where one error knocks you out, you race to convert your instincts into answers on Proveit. The near instant gratification of a win or humiliation of a defeat nudge you to play again rather than having to wait for tomorrow’s game.
Proveit will have to compete with free apps like Trivia Crack, prize games like student loan repayer Givling and virtual currency-based Fleetwit, and the juggernaut HQ.
“The large tournaments are the big draw,” Lehoux believes. Instead of playing one-on-one, you can register and ante up for a scheduled tournament where you compete in a single round against hundreds of players for a grand prize. Right now, the players with the top 20 percent of scores win at least their entry fee back or more, with a few geniuses collecting the cash of the rest of the losers.
Just like how DraftKings and FanDuel built their user base with big jackpot tournaments, Proveit hopes to do the same… then get people playing little one-on-one games in-between as they wait for their coffee or commute home from work.
Gaming or gambling?
Thankfully, Proveit understands just how addictive it can be. The startup offers a “self-exclusion” option. “If you feel that you need to take greater control of your life as it relates to skill-gaming,” users can email it to say they shouldn’t play any more, and it will freeze or close their account. Family members and others can also request you be frozen if you share a bank account, they’re your dependant, they’re obligated for your debts or you owe unpaid child support.
“We want Proveit to be a fun, intelligent entertainment option for our players. It’s impossible for us to know who might have an issue with real-money gaming,” Lehoux tells me. “Every responsible real-money game provides this type of option for its users.
That isn’t necessarily enough to thwart addiction, because dopamine can turn people into dopes. Just because the outcome is determined by your answers rather than someone else’s touchdown pass doesn’t change that.
Skill-based betting from home could be much more ripe for abuse than having to drag yourself to a casino, while giving people an excuse that they’re not gambling on chance. Zynga’s titles like Farmville have been turning people into micro-transaction zombies for a decade, and you can’t even win money from them. Simultaneously, sharks could study up on a category and let Proveit’s random matching deliver them willing rookies to strip cash from all day. “This is actually one of the few forms of entertainment that rewards players financially for using their brain,” Lehoux defends.
With so much content to consume and consequence-free games to play, there’s an edgy appeal to the danger of Proveit and apps like it. Its moral stance hinges on how much autonomy you think adults should be afforded. From Coca-Cola to Harley-Davidson to Caesar’s Palace, society has allowed businesses to profit off questionably safe products that some enjoy.
For better and worse, Proveit is one of the most exciting mobile games I’ve ever played.
Powered by WPeMatico
Photomyne raises $5 million for its A.I.-powered photo scanning app
Tel Aviv-based Photomyne, an A.I.-powered app that helps you bring your old photo prints online, has been benefitting from the subscription app boom to the tune of $5 million in Series A funding. Today, the app is used by a million people every month, and 250,000 people pay the $20 annual subscription for the expanded service. This adds a handful of additional features, including the option to build a family website where all your photos are uploaded immediately after being scanned.
There is something of a limited lifetime for apps that convert physical media to digital – at some point, everyone who wants to transition their old media to the web will have done so. Another issue is that some people will make scanning photos a one-time project. They’ll then save all their photos to their own device and cloud storage, and cancel their subscription.
And as those users drop off, physical media will continue to die out.
For those reasons, Photomyne will eventually need to expand into other areas – perhaps scanning other things beyond photos. As it has a couple of patents for things like scanning business cards, documents, and sticky notes, it’s clearly thinking about this, too.
But in the meantime, there’s still an audience of self-appointed family historians, who are making old photos available to their extended families, as well as older folks who grew up in the pre-smartphone era and now want to bring their memories online, too.
By leveraging A.I. technology which runs locally, in real-time, on mobile devices, Photomyne is able to speed up the fairly tedious process of photo scanning using a handheld device. That is, instead of having to focus on one photo – as with Google’s PhotoScan, for example – Photomyne lets you scan multiple photos in a single shot as you flip through the pages of old albums.
It then breaks those up into individual photos by auto-detecting the boundaries.
It also auto-rotates sideways photos, crops the photos, corrects the photo perspective, and saves them in a digital album where you can further filter them, share, or – with the subscription – save locally, backup to the cloud, sync to other devices, or publish to a family website.
The ability to scan more photos in one shot makes the app appealing to those who want to upload their entire collection of old photos to the web, instead of picking and choosing specific photos to import.
In addition, the app’s A.I.-based technology improves over time the more you use it, says Photomyne’s co-founder and CFO Yair Segalovitz.
And soon, the company plans to roll out other advanced features, too, he notes.
“We are focused on a new set of exciting features that we expect to release in the very near future. We intend to offer automatic color correction – such as fixing color decay – and the ability to search interesting photos in our 70 million-plus photo archive,” says Segalovitz.
To date, Photomyne has been downloaded 7 million times and is largely used in the U.S. and in Western Europe, though it’s starting to see growth in China, too.
The Series A round was led by Luxembourg-based Maor, a co-investment tech fund from Philippe Guez and Eric Elalouf. It also included participation from Israeli investors and others from its seed round a couple of years ago.
With the new funding, the company plans to expand its team of 16 to around 25 and scale the business in Japan and South East Asia, in particular.
Photomyne is a free download on iOS and Android, but the full range of feature is only available to subscribers.
Powered by WPeMatico
Google’s Datally app adds more ways to limit mobile data usage
In November, Google introduced Datally, a data-saving app largely aimed at emerging markets where users often rely on prepaid SIM cards, and don’t have access to all-you-can-eat unlimited data plans. The app lets users granularly control which apps can use data, which resulted in a 30% savings on data usage during pilot testing and now saves users 21%, on average. Today, Google is giving Datally an upgrade with several new features that will help users cut data usage even further.
One key feature is the introduction of daily limits, which allow you to control your data usage on a per-day basis. This one is more about creating better habits around data consumption, so you don’t accidentally burn through too much data in a day, then end up without any data left before the month ends.
This also ties into to Google’s larger push to give users more insights into their own behavior when using mobile devices, and more tools to combat the addictive nature of smartphones.
The company in May announced new time management features for Android users, as well as new features to help users silence their phones and wind down at bedtime. It also has software for parents to limit screen time for their children.
While the Datally feature is primarily about conserving data, it acknowledges that it’s often easy to get sucked into your smartphone and lose track of how much time – and then, consequently, how much mobile data – you want to spend.
Another new Datally feature lets you enable a guest mode where you control how much data someone borrowing your phone can use – helpful in those situations where phones are shared among family members.
The “Unused Apps” feature, meanwhile, highlights those apps you’ve stopped using but could still be leaking data. Google notes that, for many people, 20 percent of mobile data is from apps using data in the background that haven’t been opened for over a month. Unused Apps will find those culprits so you can uninstall them, it says.
And finally, a new Wi-Fi Map shows all the nearby Wi-Fi networks so you can find those with a good signal and stop using your mobile data.
Though Datally is aimed at helping the “Next Billion Users” come online, it’s not limited to emerging markets. Anyone concerned with data usage can give it a shot.
The new additions are rolling out to Datally today, says Google.
The Android app, which has been downloaded over 10 million times, is free on Google Play.
Powered by WPeMatico
First look at Instagram’s self-policing Time Well Spent tool
Are you Overgramming? Instagram is stepping up to help you manage overuse rather than leaving it to iOS and Android’s new screen time dashboards. Last month after TechCrunch first reported Instagram was prototyping a Usage Insights feature, the Facebook sub-company’s CEO Kevin System confirmed its forthcoming launch.
Tweeting our article, Systrom wrote “It’s true . . . We’re building tools that will help the IG community know more about the time they spend on Instagram – any time should be positive and intentional . . . Understanding how time online impacts people is important, and it’s the responsibility of all companies to be honest about this. We want to be part of the solution. I take that responsibility seriously.”
Now we have our first look at the tool via Jane Manchun Wong, who’s recently become one of TechCrunch’s favorite sources thanks to her skills at digging new features out of apps’ Android APK code. Though Usage Insights might change before an official launch, these screenshots give us an idea of what Instagram will include. Instagram declined to comment, saying it didn’t have any more to share about the feature at this time.
This unlaunched version of Instagram’s Usage Insights tool offers users a daily tally of their minutes spent on the app. They’ll be able to set a time spent daily limit, and get a reminder once they exceed that. There’s also a shortcut to manage Instagram’s notifications so the app is less interruptive. Instagram has been spotted testing a new hamburger button that opens a slide-out navigation menu on the profile. That might be where the link for Usage Insights shows up, judging by this screenshot.
Instagram doesn’t appear to be going so far as to lock you out of the app after your limit, or fading it to grayscale which might annoy advertisers and businesses. But offering a handy way to monitor your usage that isn’t buried in your operating system’s settings could make users more mindful.
Instagram has an opportunity to be a role model here, especially if it gives its Usage Insights feature sharper teeth. For example, rather than a single notification when you hit your daily limit, it could remind you every 15 minutes after, or create some persistent visual flag so you know you’ve broken your self-imposed rule.
Instagram has already started to push users towards healthier behavior with a “You’re all caught up” notice when you’ve seen everything in your feed and should stop scrolling.
I expect more apps to attempt to self-police with tools like these rather than leaving themselves at the mercy of iOS’s Screen Time and Android’s Digital Wellbeing features that offer more drastic ways to enforce your own good intentions.
Both let you see overall usage of your phone and stats about individual apps. iOS lets you easily dismiss alerts about hitting your daily limit in an app but delivers a weekly usage report (ironically via notification), while Android will gray out an app’s icon and force you to go to your settings to unlock an app once you exceed your limit.
For Android users especially, Instagram wants to avoid looking like such a time sink that you put one of those hard limits on your use. In that sense, self-policing shows both empathy for its users’ mental health, but is also a self-preservation strategy. With Instagram slated to launch a long-form video hub that could drive even longer session times this week, Usage Insights could be seen as either hypocritical or more necessary than ever.
New time management tools coming to iOS (left) and Android (right). Images via The VergeInstagram is one of the world’s most beloved apps, but also one of the most easily abused. From envy spiraling as you watch the highlights of your friends’ lives to body image issues propelled by its endless legions of models, there are plenty of ways to make yourself feel bad scrolling the Insta feed. And since there’s so little text, no links, and few calls for participation, it’s easy to zombie-browse in the passive way research shows is most dangerous.
We’re in a crisis of attention. Mobile app business models often rely on maximizing our time spent to maximize their ad or in-app purchase revenue. But carrying the bottomless temptation of the Internet in our pockets threatens to leave us distracted, less educated, and depressed. We’ve evolved to crave dopamine hits from blinking lights and novel information, but never had such an endless supply.
There’s value to connecting with friends by watching their days unfold through Instagram and other apps. But tech giants are thankfully starting to be held responsible for helping us balance that with living our own lives.
Powered by WPeMatico
Lemonade files lawsuit against wefox for IP infringement
Lemonade, the insurance platform based out of NYC, has filed a lawsuit against German company ONE Insurance, its parent company wefox, and founder Julian Teicke.
The complaint, filed in the U.S. District Court Southern District of NY, alleges that wefox reverse engineered Lemonade to create ONE, infringing Lemonade’s intellectual property, violating the Computer Fraud and Abuse Act, and breaching its contractual obligations to Lemonade not to “copy content… to provide any service that is competitive…or to…create derivative works.”
In the filing (which you can see on Pacer or here), Lemonade alleges that Teicke repeatedly registered for insurance on Lemonade under various names and for various addresses, some of which do not exist. Teicke also allegedly filed claims in what appeared to be an attempt to assess and copy the arrangement of those flows.
Lemonade’s counsel says Teicke started seven claims over the course of 20 days, prompting Lemonade to cancel his policy.
Alongside Teicke, a number of other executives and members of leadership at wefox also filed fake claims, says the complaint, despite having opted in to Lemonade’s user agreement and taking an honesty pledge, which is required of all Lemonade users.
This, according to Lemonade, violates the Computer Fraud and Abuse act. Lemonade also alleges that the ONE app infringes Lemonade’s IP, and that in assessing the Lemonade app and building a competitor, Teicke also violated Lemonade’s TOS.
Lemonade has changed the insurance business in two key ways: First, it made the process of actually buying insurance as easy as a few clicks on your smartphone. Digitizing the process makes the issue of getting home or renters insurance far less daunting and more approachable to consumers. Secondly, Lemonade rethought the business model of insurance.
Normally, insurance providers charge you a certain monthly rate based on the value of the property/items looking to be insured. But at the end of the year, the money remaining in that policy becomes profit, putting the insurance company in direct opposition to the consumer any time a claim is filed.
Lemonade takes its profit directly out of each payment, and if a file isn’t claimed, it sends the rest of the leftover money to the charity of your choice, ensuring that Lemonade and the consumer are on the same page when a claim is filed.
In keeping with that thesis, any proceeds generated from this lawsuit will go directly to Code.org.
“We’re not trying to enrich ourselves by poking another startup,” said Lemonade CEO Daniel Schreiber . “We’re not anti-competition. We’re just saying ‘Play by the rules, play fair and square.’”
Update: A wefox spokesperson offered up the following statement:
At wefox Group, we have 160 talented people whose hard work has created a unique business that is challenging the status quo every day. These allegations have no merit and ultimately appear to be an attempt to disrupt our business rather than a serious dispute. Lemonade actually raised these questions with us nine months ago, and – as we explained at the time – the concerns are meritless and we further received no answer. We have not been served any paper from Lemonade: if we are, we intend to defend ourselves vigorously. This lawsuit appears to be an attempt to bait the media into covering a non-issue.
Powered by WPeMatico
Gmail proves that some people hate smart suggestions
Gmail has recently introduced a brand new redesign. While you can disable or ignore most of the new features, Gmail has started resurfacing old unanswered emails with a suggestion that you should reply. And this is what it looks like:
The orange text immediately grabs your attention. By bumping the email thread to the top of your inbox, Gmails also breaks the chronological order of your inbox.
Gmail is also making a judgement by telling you that maybe you should have replied and you’ve been procrastinating. Social networks already bombard us constantly with awful content that makes us sad or angry. Your email inbox shouldn’t make you feel guilty or stressed.
Even if the suggestions can be accurate, it’s a bit creepy, it’s poorly implemented and it makes you feel like you’re no longer in control of your inbox.
There’s a reason why Gmail lets you disable all the smart features. Some users don’t want smart categories, important emails first and smart reply suggestions. Arguably, the only smart feature everyone needs is the spam filter.
A pure chronological feed of your email messages is incredibly valuable as well. That’s why many Instagram users are still asking for a chronological feed. Sure, algorithmic feeds can lead to more engagement and improved productivity. Maybe Google conducted some tests and concluded that you end up answering more emails if you let Gmail do its thing.
But you may want to judge the value of each email without an algorithmic ranking.
VCs could spot the next big thing without any bias. Journalists could pay attention to young and scrappy startups as much as the new electric scooter startup in San Francisco. Universities could give a grant to students with unconventional applications. The HR department of your company could look at all applications without following Google’s order.
When the Gmail redesign started leaking, a colleague of mine said “I look forward to digging through settings to figure out how to turn this off.” And the good news is that you can turn it off.
There are now two options to disable nudges in the settings on the web version of Gmail. You can tick off the boxes “Suggest emails to reply to” and “Suggest emails to follow up on” if you don’t want to see this orange text ever again. But those features should have never been enabled by default in the first place.
The new look of gmail has this new little reminder and I keep reading it as “Received 4 days ago. Really?” And this is stress I just don’t need. pic.twitter.com/IHp9wATORl
— Mary Kate McDevitt (@MaryKateMcD) June 11, 2018
Ooh, new Gmail has an incredibly annoying feature where it bumps a message ending in a question to the top of your inbox with a banner saying “Received 2 days ago. Reply?”
— Seb Patrick (@sebpatrick) June 8, 2018
Switching back to classic @gmail. I REALLY don’t need these “Received 6 days ago. Reply?” notes. I have four jobs connected to six email accounts. I’ll manage my own productivity, thanks. #oldmanyellingatthesky #leavemealone
— mitchell bloom (@bloomin_onions) June 13, 2018
Wtf Gmail on mobile now resurfacing emails I haven’t replied to with a “received two days ago. Reply?” Label. Insane. Can’t seem to turn it off. Breaks my entire inbox.
— Tom Critchlow (@tomcritchlow) May 18, 2018
I’m not really a fan of gmail’s new feature that hounds you if you don’t reply to emails. ‘Received 2 days ago. Reply?’ I don’t need to technologically enhance anxiety.
— Thomas Lynch (@thomasjlynch) January 11, 2018
Hey @gmail,
One message in my inbox suddenly has a garish red message.
“Received 2 days ago. Reply?”
Never seen this happen and never want this suggestion. pic.twitter.com/HkEgkcKS3E
— Brendan Falkowski (@Falkowski) June 8, 2018
Powered by WPeMatico
Tainted, crypto-mining containers pulled from Docker Hub
Security companies Fortinet and Kromtech found seventeen tainted Docker containers that were essentially downloadable images containing programs that had been designed to mine cryptocurrencies. Further investigation found that they had been downloaded 5 million times, suggesting that hackers were able to inject commands into insecure containers to download this code into otherwise healthy web applications. The researchers found the containers on Docker Hub, a repository for user images.
“Of course, we can safely assume that these had not been deployed manually. In fact, the attack seems to be fully automated. Attackers have most probably developed a script to find misconfigured Docker and Kubernetes installations. Docker works as a client/server architecture, meaning the service can be fully managed remotely via the REST API,” wrote researcher David Maciejak.
The containers are now gone, but the hackers may have gotten away with up to $90,000 in cryptocurrency, a small but significant amount for such a hack.
“Today’s growing number of publicly accessible misconfigured orchestration platforms like Kubernetes allows hackers to create a fully automated tool that forces these platforms to mine Monero,” said a writer of a report by Kromtech. “By pushing malicious images to a Docker Hub registry and pulling it from the victim’s system, hackers were able to mine 544.74 Monero, which is equal to $90,000.”
“As with public repositories like GitHub, Docker Hub is there for the service of the community. When dealing with open public repositories and open source code, we recommend that you follow a few best practices including: know the content author, scan images before running and use curated official images in Docker Hub and certified content in Docker Store whenever possible,” wrote Docker’s head of security David Lawrence in a Threatpost report.
Interestingly, of late hackers have moved from attacking AWS Elastic Compute servers on Amazon’s platform to Docker and other container-based systems. While there are security systems available to manage Docker and Kubernetes containers, users should remain vigilant and assess their vulnerabilities before hackers get more of an upper hand.
Powered by WPeMatico
Snapchat launches privacy-safe Snap Kit, the un-Facebook platform
Today Snapchat finally gets a true developer platform, confirming TechCrunch’s scoop from last month about Snap Kit. This set of APIs lets other apps piggyback on Snap’s login for sign up, build Bitmoji avatars into their keyboards, display public Our Stories and Snap Map content, and generate branded stickers with referral links users can share back inside Snapchat.
Snap Kit’s big selling point is privacy — a differentiator from Facebook. It doesn’t even let you share your social graph with apps to prevent a Cambridge Analytica-style scandal.
Launch partners include Tinder bringing Bitmojis to your chats with matches, Patreon letting fans watch creators’ Stories from within its app, and Postmates offering order ETA stickers you can share in Snapchat that open the restaurant’s page in the delivery app. Developers that want to join the platform can sign up here.
Snap Kit could help the stumbling public company colonize the mobile app ecosystem with its buttons and content, which might inspire Snapchat signups from new users and reengagement from old ones. “Growth is one of our three goals for 2018, so we absolutely hope it can contribute to that, and continue to strengthen engagement, which has always been a key metric for us” Snap’s VP of product Jacob Andreou tells me. That’s critical since Snapchat sunk to its lowest user growth rate ever last quarter under the weight of competition from Instagram and WhatsApp.
“There have been areas inside of our products where we’ve really set standards” Andreou explains. “Early, that was seen in examples like Stories, but today with things like how we treat user data, what we collect, what we share when people login and register for our service . . . Snap Kit is a set of developer tools that really allow people to take the best parts of our products and the standards that we’ve set in a few of these areas, and bring them into their apps.”
This focus on privacy manifests as a limit of 90 days of inactivity before your connection with an app is severed. And the login feature only requires you bring along your changeable Snapchat display name, and optionally, your Bitmoji. Snap Kit apps can’t even ask for your email, phone number, gender, age, location, who you follow, or who you’re friends with.
“It really became challenging for us to see our users then use other products throughout their day and have to lower their expectations. . . having to be okay with the fact that all of their information and data would be shared” Andreou gripes. This messaging is a stark turnaround from four years ago when it took 10 days for CEO Evan Spiegel to apologize for security laziness causing the leak of 4 million users’ phone numbers. But now with Facebook as everyone’s favorite privacy punching bag, Snapchat is seizing the PR opportunity.
“I think one of the parts that [Spiegel] was really excited about with this release is how much better our approach to our users in that way really is — without relying on things like policy or developer’s best intentions or them writing perfect bug free code, but instead by design, not even exposing these things to begin with.”
Yet judging by Facebook’s continued growth and recovered share price, privacy is too abstract of a concept for many people to grasp. Snap Kit will have to win on the merits of what it brings other apps, and the strength of its partnerships team. Done right, Snapchat could gain an army of allies to battle the blue menace.
Snapvengers Assemble
Snap’s desire to maintain an iron grip on its ‘cool’ brand has kept its work with developers minimal until now. Its first accidental brush with a developer platform was actually a massive security hazard.
Third-party apps promising a method to secretly screenshot messages asked users to login with their Snapchat usernames and passwords, then proceeded to get hacked, exposing some users’ risqué photos. Snap later cut off an innocent music video app called Mindie for finding a way to share to users’ Stories. Last year I wrote how A year ago I urged it to build a platform in my article “Snap’s anti-developer attitude is an augmented liability”, as it needs help to populate the physical world with AR.
2017 saw Snap cautiously extend the drawbridge, inviting in ads, analytics, and marketing developer partners to help brands be hip, and letting hacker/designers make their own AR lenses. But the real transition moment was when Spiegel said on the Q4 2017 earnings call that “We feel strongly that Snapchat should not be confined to our mobile application—the amazing Snaps created by our community deserve wider distribution so they can be enjoyed by everyone.”
At the time that meant Snaps on the web, embedded in news sites, and on Jumbotrons. Today it means in other apps. But Snap will avoid one of the key pitfalls of the Facebook platform: over-promising. Snap Deputy General Counsel for Privacy Katherine Tassi tells me “It was also very important to us that there wasn’t going to be the exchange of the friends graph as part of the value proposition to third party developers.”
How Snap Kit Works
Snap Kit breaks down to four core pieces of functionality that will appeal to different apps looking to simplify signup, make communication visual, host eye-catching content, or score referral traffic. Developers that want access to Snap Kit must pass a human review and approval process. Snap will review their functionality to ensure they’re not doing anything shady.
Once authorized, they’ll have access to these APIs:
- Login Kit is the foundation of Snap Kit. It’s an OAuth-style alternative to Facebook Login that lets users skip creating a proprietary username and password by instead using their Snapchat credentials. But all the app gets is their changeable, pseudonym-allowed Snapchat display name, and optionally, their Bitmoji avatar to use as a profile pic if the user approves. Getting that login button in lots of apps could remind people Snapchat exists, and turn it into a fundamental identity utility people will be loath to abandon.
- Creative Kit is how apps will get a chance to create stickers and filters for use back in the Snapchat camera. Similar to April’s F8 launch of the ability to share from other apps to Instagram and Facebook Stories, developers can turn content like high scores, workout stats and more into stickers that users can overlay on their Snaps to drive awareness of the source app. Developers can also set a deep link where those stickers send people to generate referral traffic, which could be appealing to those looking to tap Snap’s 191 million teens.
- Bitmoji Kit lets developers integrate Snapchat’s personalized avatars directly into their app’s keyboard. It’s an easy path to making chat more visually expressive without having to reinvent the wheel. This follows the expansion of Friendmoji that illustrate you and a pal rolling out to the iOS keyboard. But Bitmoji Kit means developers do the integration work instead of having to depend on users installing anything extra.
- Story Kit allows developers to embed Snapchat Stories into their apps and websites. Beyond specific Stories, apps can also search through public Stories submitted to Our Story or Snap Map by location, time, or captions. A journalism app could surface first-hand reports from the scene of breaking news or a meme app could pull in puppy Snaps. The company will add extra reminders to the Our Story submission process to ensure users know their Stories could appear outside of Snapchat’s own app.
One thing that’s not in Snap Kit, at least yet, is the ability to embed Snapchat’s whole software camera into other apps which TechCrunch erroneously reported. Our sources mistakenly confused Creative Kit’s ability to generate stickers as opposed to sharing whole stories, which Andreou called “an interesting first step” for making Snapchat the broadcast channel for other apps.
Additional launch partners include bringing Bitmoji to Quip’s word processor, RSVP stickers from Eventbrite, GIF-enhanced Stories search in Giphy, Stories from touring musicians in Bands In Town, storytelling about your dinner reservation on Quandoo, music discovery sharing from SoundHound, and real-time sports score sharing from ScoreStream.
While other platforms have escaped their host’s control, like Facebook’s viral game spam outbreak in 2009 or Twitter having to shut down errant clients, Snapchat’s approval process will let it direct the destiny of its integrations.
Bitmoji Kit in Tinder
When asked why Snapchat was building Snap Kit, Andreou explained that “We think that giving people more tools to be able to express themselves freely, have fun and be creative, both on Snapchat and other apps is a good thing. We also think that helping more people outside of Snapchat learn about our platform and our features is a good thing. And most importantly, being able to do this in a way that doesn’t compromise our users’ privacy is very good thing.”
Without much data sharing, there’s a lot less risk here for Snapchat. But the platform won’t have the same draw that Facebook can dangle with its massive user base and extensive personal info access. Instead, Snapchat will have to leverage the fear of being left out of the visual communication era and tout itself as the catalyst for apps to evolve. The biggest driver of the platform might be youngins demanding their Bitmoji everywhere.
Snap needs all the help it can get right now. If other apps are willing to be a billboard for it in exchange for some of its teen-approved functionality, Snapchat could find new growth channels amidst stiff competition. Platforms can entrench apps. And after its user count shrunk in March, Snap has to find a way to keep from disappearing
Powered by WPeMatico
VR helps us remember
Researchers at the University of Maryland have found that people remember information better if it is presented in VR vs. on a two-dimensional personal computer. This means VR education could be an improvement on tablet or device-based learning.
“This data is exciting in that it suggests that immersive environments could offer new pathways for improved outcomes in education and high-proficiency training,” said Amitabh Varshney, dean of the College of Computer, Mathematical, and Natural Sciences at UMD.
The study was quite complex and looked at recall in forty subjects who were comfortable with computers and VR.
To test the system they created a “memory palace” where they placed various images. This sort of “spatial mnemonic encoding” is a common memory trick that allows for better recall.
“Humans have always used visual-based methods to help them remember information, whether it’s cave drawings, clay tablets, printed text and images, or video,” said lead researcher Eric Krokos. “We wanted to see if virtual reality might be the next logical step in this progression.”
From the study:
Both groups received printouts of well-known faces–including Abraham Lincoln, the Dalai Lama, Arnold Schwarzenegger and Marilyn Monroe–and familiarized themselves with the images. Next, the researchers showed the participants the faces using the memory palace format with two imaginary locations: an interior room of an ornate palace and an external view of a medieval town. Both of the study groups navigated each memory palace for five minutes. Desktop participants used a mouse to change their viewpoint, while VR users turned their heads from side to side and looked up and down.
Next, Krokos asked the users to memorize the location of each of the faces shown. Half the faces were positioned in different locations within the interior setting–Oprah Winfrey appeared at the top of a grand staircase; Stephen Hawking was a few steps down, followed by Shrek. On the ground floor, Napoleon Bonaparte’s face sat above majestic wooden table, while The Rev. Martin Luther King Jr. was positioned in the center of the room.
Similarly, for the medieval town setting, users viewed images that included Hillary Clinton’s face on the left side of a building, with Mickey Mouse and Batman placed at varying heights on nearby structures.
Then, the scene went blank, and after a two-minute break, each memory palace reappeared with numbered boxes where the faces had been. The research participants were then asked to recall which face had been in each location where a number was now displayed.
The key, say the researchers, was for participants to identify each face by its physical location and its relation to surrounding structures and faces–and also the location of the image relative to the user’s own body.
Desktop users could perform the feat but VR users performed it statistically better, a fascinating twist on the traditional role of VR in education. The researchers believe that VR adds a layer of reality to the experience that lets the brain build a true “memory palace” in 3D space.
“Many of the participants said the immersive ‘presence’ while using VR allowed them to focus better. This was reflected in the research results: 40 percent of the participants scored at least 10 percent higher in recall ability using VR over the desktop display,” wrote the researchers.
“This leads to the possibility that a spatial virtual memory palace–experienced in an immersive virtual environment–could enhance learning and recall by leveraging a person’s overall sense of body position, movement and acceleration,” said researcher Catherine Plaisant.
Powered by WPeMatico