After lying low, SSH botnet mushrooms and is harder than ever to take down

Rows of 1950s-style robots operate computer workstations.

Enlarge (credit: Aurich Lawson / Ars Technica)

Two years ago, researchers stumbled upon one of the Internet’s most intriguing botnets: a previously undiscovered network of 500 servers, many in well-known universities and businesses around the world, that was impervious to normal takedown methods. After lying low for 16 months, those researchers said, the botnet known as FritzFrog is back with new capabilities and a larger base of infected machines.

SSH servers, beware

FritzFrog targets just about anything with an SSH, or secure shell, server—cloud instances, data center servers, routers, and the like—and installs an unusually advanced payload that was written from scratch. When researchers from security firm Guardicore Labs (now Akamai Labs) reported it in mid-2020, they called it a “next-generation” botnet because of its full suite of capabilities and well-engineered design.

It was a decentralized, peer-to-peer architecture that distributed administration among many infected nodes rather than a central server, making it hard to detect or take it down using traditional methods. Some of its advanced traits included:

Read 14 remaining paragraphs | Comments

#biz-it, #botnets, #p2p, #peer-to-peer, #ssh

Drugs Are Tied to the Homelessness Crisis

A conversation about meth and social decline with Sam Quinones, author of “The Least of Us.”

#drug-abuse-and-traffic, #homeless-persons, #internal-sub-only-nl, #mental-health-and-disorders, #methamphetamines, #news-and-news-media, #p2p, #phenyl-2-propanone-meth, #quinones-sam-1958, #the-least-of-us-true-tales-of-america-and-hope-in-the-time-of-fentanyl-and-meth-book, #united-states

Nym gets $6M for its anonymous overlay mixnet to sell privacy as a service

Switzerland-based privacy startup Nym Technologies has raised $6 million, which is being loosely pegged as a Series A round.

Earlier raises included a $2.5M seed round in 2019. The founders also took in grant money from the European Union’s Horizon 2020 research fund during an earlier R&D phase developing the network tech.

The latest funding will be used to continue commercial development of network infrastructure which combines an old idea for obfuscating the metadata of data packets at the transport network layer (Mixnets) with a crypto inspired reputation and incentive mechanism to drive the required quality of service and support a resilient, decentralized infrastructure.

Nym’s pitch is it’s building “an open-ended anonymous overlay network that works to irreversibly disguise patterns in Internet traffic”.

Unsurprisingly, given its attention to crypto mechanics, investors in the Series A have strong crypto ties — and cryptocurrency-related use-cases are also where Nym expects its first users to come from — with the round led by Polychain Capital, with participation from a number of smaller European investors including Eden Block, Greenfield One, Maven11, Tioga, and 1kx.

Commenting in a statement, Will Wolf of Polychain Capital, said: “We’re incredibly excited to partner with the Nym team to further their mission of bringing robust, sustainable and permissionless privacy infrastructure to all Internet users. We believe the Nym network will provide the strongest privacy guarantees with the highest quality of service of any mixnet and thus may become a very valuable piece of core internet infrastructure.”

The Internet’s ‘original sin’ was that core infrastructure wasn’t designed with privacy in mind. Therefore the level of complicity involved in Mixnets — shuffling and delaying encrypted data packets in order to shield sender-to-recipient metadata from adversaries with a global view of a network — probably seemed like over engineering all the way back when the web’s scaffolding was being pieced together.

But then came Bitcoin and the crypto boom and — also in 2013 — the Snowden revelations which ripped the veil off the NSA’s ‘collect it all’ mantra, as Booz Allen Hamilton sub-contractor Ed risked it all to dump data on his own (and other) governments’ mass surveillance programs. Suddenly network level adversaries were front page news. And so was Internet privacy.

Since Snowden’s big reveal, there’s been a slow burn of momentum for privacy tech — with rising consumer awareness fuelling usage of services like e2e encrypted email and messaging apps. Sometimes in spurts and spikes, related to specific data breaches and scandals. Or indeed privacy-hostile policy changes by mainstream tech giants (hi Facebook!).

Legal clashes between surveillance laws and data protection rights are also causing growing b2b headaches, especially for US-based cloud services. While growth in cryptocurrencies is driving demand for secure infrastructure to support crypto trading.

In short, the opportunity for privacy tech, both b2b and consumer-facing, is growing. And the team behind Nym thinks conditions look ripe for general purpose privacy-focused networking tech to take off too.

Of course there is already a well known anonymous overlay network in existence: Tor, which does onion routing to obfuscate where traffic was sent from and where it ends up.

The node-hopping component of Nym’s network shares a feature with the Tor network. But Tor does not do packet mixing — and Nym’s contention is that a functional mixnet can provide even stronger network-level privacy.

It sets out the case on its website — arguing that “Tor’s anonymity properties can be defeated by an entity that is capable of monitoring the entire network’s ‘entry’ and ‘exit’ nodes” since it does not take the extra step of adding “timing obfuscation” or “decoy traffic” to obfuscate the patterns that could be exploited to deanonymize users.

“Although these kinds of attacks were thought to be unrealistic when Tor was invented, in the era of powerful government agencies and private companies, these kinds of attacks are a real threat,” Nym suggests, further noting another difference in that Tor’s design is “based on a centralized directory authority for routing”, whereas Nym fully decentralizes its infrastructure.

Proving that suggestion will be quite the challenge, of course. And Nym’s CEO is upfront in his admiration for Tor — saying it is the best technology for securing web browsing right now.

“Most VPNs and almost all cryptocurrency projects are not as secure or as private as Tor — Tor is the best we have right now for web browsing,” says Nym founder and CEO Harry Halpin. “We do think Tor made all the right decisions when they built the software — at the time there was no interest from venture capital in privacy, there was only interest from the US government. And the Internet was too slow to do a mixnet. And what’s happened is speed up 20 years, things have transformed.

“The US government is no longer viewed as a defender of privacy. And now — weirdly enough — all of a sudden venture capital is interested in privacy and that’s a really big change.”

With such a high level of complexity involved in what Nym’s doing it will, very evidently, need to demonstrate the robustness of its network protocol and design against attacks and vulnerabilities on an ongoing basis — such as those seeking to spot patterns or identify dummy traffic and be able to relink packets to senders and receivers.

The tech is open source but Nym confirms the plan is to use some of the Series A funding for an independent audit of new code.

It also touts the number of PhDs it’s hired to-date — and plans to hire a bunch more, saying it will be using the new round to more than double its headcount, including hiring cryptographers and developers, as well as marketing specialists in privacy.

The main motivation for the raise, per Halpin, is to spend on more R&D to explore — and (he hopes) — solve some of the more specific use-cases it’s kicking around, beyond the basic one of letting developers use the network to shield user traffic (a la Tor).

Nym’s whitepaper, for example, touts the possibility for the tech being used to enable users to prove they have the right to access a service without having to disclose their actual identity to the service provider.

Another big difference vs Tor is that Tor is a not-for-profit — whereas Nym wants to build a for-profit business around its Mixnet.

It intends to charge users for access to the network — so for the obfuscation-as-a-service of having their data packets mixed into a crowd of shuffled, encrypted and proxy node-hopped others.

But potentially also for some more bespoke services — with Nym’s team eyeing specific use-cases such as whether its network could offer itself as a ‘super VPN’ to the banking sector to shield their transactions; or provide a secure conduit for AI companies to carry out machine learning processing on sensitive data-sets (such as healthcare data) without risking exposing the information itself.

“The main reason we raised this Series A is we need to do more R&D to solve some of these use-cases,” says Halpin. “But what impressed Polychain was they said wow there’s all these people that are actually interested in privacy — that want to run these nodes, that actually want to use the software. So originally when we envisaged this startup we were imagining more b2b use-cases I guess and what I think Polychain was impressed with was there seemed to be demand from b2c; consumer demand that was much higher than expected.”

Halpin says they expect the first use-cases and early users to come from the crypto space — where privacy concerns routinely attach themselves to blockchain transactions.

The plan is to launch the software by the end of the year or early next, he adds.

“We will have at least some sort of chat applications — for example it’s very easy to use our software with Signal… so we do think something like Signal is an ideal use-case for our software — and we would like to launch with both a [crypto] wallet and a chat app,” he says. “Then over the next year or two — because we have this runway — we can work more on kind of higher speed applications. Things like try to find partnerships with browsers, with VPNs.”

At this (still fairly early) stage of the network’s development — an initial testnet was launched in 2019 — Nym’s eponymous network has amassed over 9,000 nodes. These distributed, crowdsourced providers are only earning a NYM reputation token for now, and it remains to be seen how much exchangeable crypto value they might earn in the future as suppliers of key infrastructure if/when usage takes off.

Why didn’t Mixnets as a technology take off before, though? After all the idea dates back to the 1980s. There’s a range of reasons, according to Halpin — issues with scalability being one of them one. And a key design “innovation” he points to vis-a-vis its implementation of Mixnet technology is the ability to keep adding nodes so the network is able to scale to meet demand.

Another key addition is that the Nym protocol injects dummy traffic packets into the shuffle to make it harder for adversaries to decode the path of any particular message — aiming to bolster the packet mixing process against vulnerabilities like correlation attacks.

While the Nym network’s crypto-style reputation and incentive mechanism — which works to ensure the quality of mixing (“via a novel proof of mixing scheme”, as its whitepaper puts it) — is another differentiating component Halpin flags.

“One of our core innovations is we scale by adding servers. And the question is how do we add servers? To be honest we added servers by looking at what everyone had learned about reputation and incentives from cryptocurrency systems,” he tells TechCrunch. “We copied that — those insights — and attached them to mix networks. So the combination of the two things ends up being pretty powerful.

“The technology does essentially three things… We mix packets. You want to think about an unencrypted packet like a card, an encrypted packet you flip over so you don’t know what the card says, you collect a bunch of cards and you shuffle them. That’s all that mixing is — it just randomly permutates the packets… Then you hand them to the next person, they shuffle them. You hand them to the third person, they shuffle them. And then they had the cards to whoever is at the end. And as long as different people gave you cards at the beginning you can’t distinguish those people.”

More generally, Nym also argues it’s an advantage to be developing mixnet technology that’s independent and general purpose — folding all sorts and types of traffic into a shuffled pack — suggesting it can achieve greater privacy for users’ packets in this pooled crowd vs similar tech offered by a single provider to only their own users (such as the ‘privacy relay’ network recently announced by Apple).

In the latter case, an attacker already knows that the relayed traffic is being sent by Apple users who are accessing iCloud services. Whereas — as a general purpose overlay layer — Nym can, in theory, provide contextual coverage to users as part of its privacy mix. So another key point is that the level of privacy available to Nym users scales as usage does.

Historical performance issues with bandwidth and latency are other reasons Halpin cites for Mixnets being largely left on the academic shelf. (There have been some other deployments, such as Loopix — which Nym’s whitepaper says its design builds on by extending it into a “general purpose incentivized mixnet architecture” — but it’s fair to say the technology hasn’t exactly gone mainstream.)

Nonetheless, Nym’s contention is the tech’s time is finally coming; firstly because technical challenges associated with Mixnets can be overcome — because of gains in Internet bandwidth and compute power; as well as through incorporating crypto-style incentives and other design tweaks it’s introducing (e.g. dummy traffic) — but also, and perhaps most importantly, because privacy concerns aren’t simply going to disappear.

Indeed, Halpin suggests governments in certain countries may ultimately decide their exposure to certain mainstream tech providers which are subject to state mass surveillance regimes — whether that’s the US version or China’s flavor or elsewhere —  simply isn’t tenable over the longer run and that trusting sensitive data to corporate VPNs based in countries subject to intelligence agency snooping is a fool’s game.

(And it’s interesting to note, for example, that the European Data Protection Supervisor is currently conducting a review of EU bodies use of mainstream US cloud services from AWS and Microsoft to check whether they are in compliance with last summer’s Schrems II ruling by the CJEU, which struck down the EU-US Privacy Shield deal, after again finding US surveillance law to be essentially incompatible with EU privacy rights… )

Nym is betting that some governments will — eventually — come looking for alternative technology solutions to the spying problem. Although government procurement cycles make that play a longer game.

In the near term, Halpin says they expect interest and usage for the metadata-obscuring tech to come from the crypto world where there’s a need to shield transactions from view of potential hackers.

“The websites that [crypto] people use — these exchanges — have also expressed interest,” he notes, flagging that Nym also took in some funding from Binance Labs, the VC arm of the cryptocurrency exchange, after it was chosen to go through the Lab’s incubator program in 2018.

The issue for crypto users is their networks are (relatively) small, per Halpin — which makes them vulnerable to deanonymization attacks.

“The thing with a small network is it’s easy for random people to observe this. For example people who want to hack your exchange wallet — which happens all the time. So what cryptocurrency exchanges and companies that deal with cryptocurrency are concerned about is typically they do not want the IP address of their wallet revealed for certain kinds of transactions,” he adds. “This is a real problem for cryptocurrency exchanges — and it’s not that their enemy is the NSA; their enemy could be — and almost always is — an unknown, often lone individual but highly skilled hacker. And these kinds of people can do network observations, on smaller networks like cryptocurrency networks, that are essentially are as powerful as what the NSA could do to the entire Internet.”

There are now a range of startups seeking to decentralize various aspects of Internet or common computing infrastructure — from file storage to decentralized DNS. And while some of these tout increased security and privacy as core benefits of decentralization — suggesting they can ‘fix’ the problem of mass surveillance by having an architecture that massively distributes data, Halpin argues that a privacy claim being routinely attached to decentralized infrastructure is misplaced. (He points to a paper he co-authored on this topic, entitled Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments.)

“Almost all of those projects gain decentralization at the cost of privacy,” he argues. “Because any decentralized system is easier to observe because the crowd has been spread out… than a centralized system — to a large extent. If the adversary is sufficiently powerful enough all the participants in the system. And historically we believe that most people who are interested in decentralization are not expects in privacy and underestimate how easy it is to observe decentalized systems — because most of these systems are actually pretty small.”

He points out there are “only” 10,000 full nodes in Bitcoin, for example, and a similar amount in Ethereum — while other, newer and more nascent decentralized services are likely to have fewer nodes, maybe even just a few hundred or thousand.

And while the Nym network has a similar amount of nodes to Bitcoin, the difference is it’s a mixnet too — so it’s not just decentralized but it’s also using multiple layers of encryption and traffic mixing and the various other obfuscation steps which he says “none of these other people do”.

“We assume the enemy is observing everything in our software,” he adds. “We are not what we call ‘security through obscurity’ — security through obscurity means you assume the enemy just can’t see everything; isn’t looking at your software too carefully; doesn’t know where all your servers are. But — realistically — in an age of mass surveillance, the enemy will know where all your services are and they can observe all the packets coming in, all the packets coming out. And that’s a real problem for decentralized networks.”

Post-Snowden, there’s certainly been growing interest in privacy by design — and a handful of startups and companies have been able to build momentum for services that promise to shield users’ data, such as DuckDuckGo (non-tracking search); Protonmail (e2e encrypted email); and Brave (privacy-safe browsing). Apple has also, of course, very successfully markets its premium hardware under a ‘privacy respecting’ banner.

Halpin says he wants Nym to be part of that movement; building privacy tech that can touch the mainstream.

“Because there’s so much venture capital floating into the market right now I think we have a once in a generation chance — just as everyone was excited about p2p in 2000 — we have a once in a generation chance to build privacy technology and we should build companies which natively support privacy, rather than just trying to bolt it on, in a half hearted manner, onto non-privacy respecting business models.

“Now I think the real question — which is why we didn’t raise more money — is, is there enough consumer and business demand that we can actually discover what the cost of privacy actually is? How much are people willing to pay for it and how much does it cost? And what we do is we do privacy on such a fundamental level is we say what is the cost of a privacy-enhanced byte or packet? So that’s what we’re trying to figure out: How much would people pay just for a privacy-enhanced byte and how much does just a privacy enhanced byte cost? And is this a small enough marginal cost that it can be added to all sorts of systems — just as we added TLS to all sorts of systems and encryption.”

#aws, #binance-labs, #blockchain, #cloud-services, #cryptocurrency, #cryptography, #encryption, #europe, #european-union, #machine-learning, #p2p, #polychain-capital, #privacy, #privacy-technology, #routing, #snowden, #surveillance-law, #tc, #tor, #vpn

Fintech all-star Nubank raises a $750M mega round

In 2013, Colombian businessman David Velez decided to reinvent the Brazilian banking system. He didn’t speak Portuguese, nor was he an engineer or a banker, but he did have the conviction that the system was broken and that he could fix it. And as a former Sequoia VC, he also had access to capital.

His gut instinct and market analysis were right. Today, Nubank announced a $750 million extension to its Series G (which rang in at $400 million this past January), bringing the round to a total of $1.15 billion and their valuation to $30 billion — $5 billion more than when we covered them in January.

The extension funding was led by Berkshire Hathaway, which put in $500 million, and a number of other investors.

Velez and his team decided now was a good time to raise again, because, “We saw a great opportunity in terms of growth rate and we’re very tiny when compared to the incumbents,” he told TechCrunch.”

Nubank is the biggest digital bank in the world by number of customers: 40 million. The company started as a tech company in Brazil that offered only a fee-free credit card with a line of credit of R$50 (about USD$10). 

It now offers a variety of financial products, including a digital bank account, a debit card, insurance, P2P payment via Pix (the Brazilian equivalent of Zelle), loans, rewards, life insurance and an account and credit card for small business owners. 

Nubank serves unbanked or underserviced citizens in Brazil — about 30% of the population — and this approach can be extremely profitable because there are many more clients available.

The banking system in Brazil is one of the few bureaucracies in the country that is actually quite skillful, but the customer service remains unbearable, and banks charge exorbitant fees for any little transaction. 

Traditionally, the banking industry has been dominated by five major traditional banks: Itaú Unibanco, Banco do Brasil, Bradesco, Santander and Caixa Economica Federal. 

While Brazil remains Nubank’s primary market, the company also offers services in Colombia and Mexico (services launched in Mexico in 2018). The company still only offers the credit card in both countries.

“The momentum we’re seeing in Mexico is terrific. Our Mexican credit card net promoter score (NPS) is 93, which is the highest we’ve had in Nubank history. In Brazil the highest we’ve had was 88,” Velez said.

The company has been on a hiring spree in the last few months, and brought on two heavyweight executives. Matt Swann replaced Ed Wible (the original CTO and co-founder). Wible continues to be an important player in the company, but more in a software developer capacity. Swann previously served as CTO at Bookings.com and StubHub, and as CIO of the Global Consumer Bank at Citi, so he brings years of experience of scaling tech businesses, which is what Nubank is focused on now, though Velez wouldn’t confirm which countries are next.

The other major hire, Arturo Nunez, fills the new role of chief marketing officer. Nunez was head of marketing for Apple Latin America, amongst other roles with Nike and the NBA. 

It may sound a little odd for a tech company not to have had a head of marketing, but Nubank takes pride in having a $0 cost of acquisition (CAC). Instead of spending money on marketing, they spend it on customer service and then rely on word of mouth to get the word out.

Since we last spoke with Velez in January regarding the $400 million Series G, the company went from having 34 million customers to now having 40 million in a span of roughly 6 months. The funds will be used to grow the business, including hiring more people.

“We’ve seen the entire market go digital, especially people who never thought they would,” Velez said. “There is really now an avalanche of all backgrounds [of people] who are getting into digital banking.”

#banking, #berkshire-hathaway, #bradesco, #brazil, #colombia, #credit-cards, #cto, #david-velez, #digital-banking, #engineer, #finance, #financial-services, #funding, #itau-unibanco, #life-insurance, #mexico, #nubank, #p2p, #santander, #tc

How Expensify got to $100M in revenue by hiring “stem cells” and not “cogs in a wheel”

The influence of a founder on their company’s culture cannot be overstated. Everything from their views on the product and business to how they think about people affects how their company’s employees will behave, and since behavior in turn informs culture, the consequences of a founder’s early decisions can be far-reaching.

So it’s not very surprising that Expensify has its own take on almost everything it does when you consider what its founder and CEO David Barrett learned early in his life: “Basically everyone is wrong about basically everything.” As we saw in part 1 of this EC-1, this led him to the revelation that it’s easier to figure things out for yourself than finding advice that applies to you. Eventually, these insights — and the adventurous P2P hacker attitude he nurtured alongside his colleagues and Travis Kalanick at Red Swoosh — would inform how he would go about shaping Expensify.

Expensify’s culture can’t be separated from its hiring and growth processes — by joining the company, employees self-select into a group that isn’t likely to get hung up about trade-offs.

It’s striking how Expensify has managed to maintain this character 13 years later, even on the threshold of an IPO. How did this happen? During a series of interviews in February and early March, we found the answer is tied to the level of thought and effort this expense management business puts into its culture.

You see, the people at Expensify are prepared to invent their own playbook, develop it and, if needed, rewrite it completely. Its HR policies and strategy are tailored to find people who would have fun building an expense management product. It has a unique growth and recognition scheme to offset the drawbacks of a flat organizational structure. It’s even got a “Senate” that vets all major decisions. No kidding.

All this, and more, has ultimately helped Expensify reach more than 10 million users and achieve $100 million in annual revenue with just 130 employees. Let’s take a closer look at how Expensify makes it happen.

“We want the fewest people necessary to get the job done”

It’s clear Expensify’s unusually high employee-to-revenue ratio is intentional: “We want the fewest people necessary to get the job done,” Barrett says. But how do you actually achieve it? How do you hire and keep people who can deliver such results? Barrett had to learn how the hard way.

Expensify’s first team was based in San Francisco and comprised Barrett’s old Red Swoosh and Akamai colleagues, who joined a few months after Akamai fired him. A small team was enough to get started, but it was much more difficult to hire additional people. Barrett is eager to clarify the Valley is not really the best place to recruit talent: “Sure, Silicon Valley has a ton of really awesome people, but all of them have jobs!,” he says.

#apps, #corporate-expense-management, #david-barrett, #ec-enterprise-applications, #ec-1, #enterprise, #expense-management, #expense-reporting, #expense-reports, #expensify, #expensify-ec-1, #extra-crunch-ec-1, #p2p, #red-swoosh, #saas, #travel-expenses, #travis-kalanick

The Expensify EC-1

Let’s make it clear from the outset that this story is about an expense management SaaS business called Expensify. As you’d expect, yes, this is about the expense management market and how Expensify has grown, its technology and all of that. Normally, that would make us change the channel. But this is also a story about pirates; peer-to-peer hackers who asked, “Why not work from Thailand and dozens of countries across the globe?” and actually did it using P2P hacker culture as a model for consensus-driven decision-making — all with pre-Uber Travis Kalanick in a guest-starring role.

Most interestingly, this is a story about just not giving a damn about what anyone goddamn thinks, an approach to life and business that led to more than $100 million in annual revenue, and an IPO incoming on what looks to be a very quick timetable. Prodigious revenues, 10 million users and only 130 employees running the whole shebang — that’s a hell of an achievement in only 13 years.

If you’re going a bit “WTF,” well, we’d concur. Expensify is as contradictory as they come in the enterprise world. It’s managed to take what might well be the most boring part of the corporate business stack and turn it into something special. It doesn’t borrow its culture from other startups, it built its own tech stack from the ground up, and even hires in a completely radical way. Oh, and no one really has job titles either, because why the hell bother with hierarchy anyway? They’re pirates after all.

If expense management is about avoiding corporate plunder, then letting the pirates and hackers run the ship is probably the best approach. And now, Expensify is plundering the corporate spend world one travel ticket and business meal at a time just as the world is rebuilding in the wake of COVID-19.

TechCrunch’s writer and analyst for this EC-1 is Anna Heim. Heim is a tech journalist and former startup founder who has written for different tech publications since 2011. She recently joined Extra Crunch as a daily reporter, where she will be sharing insights on startups, particularly in SaaS. The lead editor of this package was Ram Iyer, the series editor was Danny Crichton, the copy editor was Richard Dal Porto, and original illustrations were created by Nigel Sussman with art direction from Bryce Durbin.

Expensify had no say in the content of this analysis and did not get advance access to it. Heim has no financial ties to Expensify or other conflicts of interest to disclose.

The Expensify EC-1 will be a serialized sequence of five articles published over the course of the coming weeks. We interviewed the company in February and March, well before the company announced a confidential filing of its S-1 to the SEC. Let’s take a look:

  • Part 1: Origin storyHow a band of P2P hackers planted the seeds of a unique expense management giant” (2,400 words/10 minutes) — Explores the colorful history of the Expensify founders’ days with Travis Kalanick’s venture before Uber, a P2P content distribution startup called Red Swoosh, and how that experience would eventually influence what would one day become an expense management giant.
  • Parts 2-5: Upcoming shortly.

We’re always iterating on the EC-1 format. If you have questions, comments or ideas, please send an email to TechCrunch Managing Editor Danny Crichton at danny@techcrunch.com.

#concur, #david-barrett, #ec-enterprise-applications, #ec-1, #enterprise, #expense-management, #expensify, #expensify-ec-1, #p2p, #saas

Collabio lets you co-edit documents without the cloud

Meet Collabio Spaces: An office suite app with a cloudless co-authoring twist that looks helpful if you need to collaborate on documents without having to worry about losing control of your data or the thread of changes.

The p2p software lets multiple people co-edit a document locally — from a mobile device or desktop computer — without A) the risk of uploading sensitive information to the cloud (i.e. as you must if you’re using a shared document function of a service like Google Docs); or B) the tedium of emailing a text to multiple recipients and then having to collate and resolve changes manually, once all the contributions trickle back.  

There’s more coming down Collabio’s pipe too. Document collaborating will be possible from anywhere in the future, not only (as now) via a local network: A major release slated for next month will add p2p collaboration that works via the Internet — but still without the privacy risk of having a remote server in the loop.

Collabio’s app is MacOS and iOS only for now — but Android and Windows versions are in the works, slated for release this year.

Current supported text formats are DOCX, ODT, XLSX and ODS. Other features of Collabio’s office suite include the ability to scan and recognise texts and images using a camera; annotate and comment on PDFs (including via audio); e-sign text documents and PDFs; and view presentations.

Image credit: XCDS/Collabio

Its maker XCDS (aka “eXtended Collaboration Document Systems”), which is headquartered in London, UK with an R&D hub in Prague in the Czech Republic, has been in business for around a decade at this point — but working on office tools for some seven years, per CTO Egor Goroshko, who says they see Collabio as a startup in its own right.

The app is being funded by (an undisclosed amount of funding from undisclosed) private investors, with the team planning to take in further funding to continue development in the near future as they build momentum for the product.

With the coronavirus supercharging remote working over the past 12 months there is certainly opportunity to improve on the current crop of collaboration and productivity tools — and help to safely break down any unwelcome workflow barriers which have been erected as a result of scores of office workers no longer being co-located. Although the current version of Collabio is designed for nearby, rather than remote collaboration — so its next major release looks the most interesting from that perspective.

The early team behind Collabio included some devs who worked on Quickoffice but didn’t go to Google as part of that 2012 acquisition. Instead they focused on thinking about how to improve the user experience around documents — finally bringing their long-developed p2p document collaboration product to market last fall.

“When we started with Collabio we were ready for the long game,” Goroshko tells TechCrunch. “We knew that we would need to implement most of the features [office suite software] users were familiar with, before we could start developing our own ideas.”

“Long story short, our cloudless collaboration works exactly the same way as a cloud one. Of course there is some difference in the way you connect to the document but after that, you have exactly the same experience as if you work in the cloud,” he continues.

“We started with an iOS app in September 2020 and introduced a macOS version in October. With our early releases, we mainly concentrate on testing the app with real users and prove our ideas. Starting from our launch, we’ve got almost 15K of installs and valuable feedback on what users need and what can be improved. We pushed intensively on the market starting in February 2021 this year and got more than one thousand users during this month.”

There are some key differences between Collabio’s p2p cloudless collaboration and the (more typical) upload-to-a-server flavor that are worth flagging.

Notably, the lack of constant access to the document that you’re co-authoring/co-editing. Although that limitation may also be desirable if you want to tightly manage collaborative access to your data.

“In Collabio we call cloudless collaborative editing ‘Ad-Hoc collaboration’, because without a cloud your peers have no constant access to the document, so this thing is essential for occasional document discussion and updates,” Goroshko notes.

Another important difference he points to is that a shared document remains on the owner host devices only — and a copy can only be saved by the owner (at least for now).

“Other peers have session document access but the application does not upload/transfer files to collaborators’ devices,” he explains. “[The] session lasts til the host keeps the document open. As soon as you close the document, peers lose their access and can’t save the document locally. This is made for reasons of privacy but we are now considering giving users the option to allow connected peers to save a copy of the document.”

Given that all document work is done on devices on a local network there’s no need for an Internet connection to be able to collaborate via Collabio — which the team argues can itself be pretty useful, such as in situations like business travel (remember it?) when a stable Internet connection may not be readily available.

For this local p2p connectivity Goroshko says Collabio uses both wi-fi and Bluetooth — “to achieve better discovering quality”. “This is a common approach used, for example, in AirDrop technology. When peers’ addresses are identified, the application establishes connection via WiFi to achieve better speed and the quality of data exchange,” he says.

“All work is done only on devices in the local network so our Ad-Hoc collaboration does not need the Internet, the same way as you do not need the Internet to exchange files via AirDrop,” he goes on. “Just like with AirDrop, you do not need any specific configuration for Collabio Spaces, everything is done automatically. You start a session and peers see it on their devices, they simply connect to a selected document, and if they know the code, they can edit the document.”

Goroshko says Collabio’s team has been inspired by Apple’s technology — and the tech giant’s ‘it just works’ philosophy. But are committed to bringing the product to non-Apple platforms, aiming for a release later this year.

“It is a large, complex and ambitious project but we believe we can introduce game-changing approaches,” he continues. “The Office software market is quite conservative and market expectations from new software are really high. This is the reason why it has taken so much time to get to a public release stage. But with such a high entrance threshold and with slow innovations in the area of office document management and editing, this creates great opportunities.”

He argues that Collabio has been able to get efficiency gains vs office suites that had to bolt collaboration onto a legacy product exactly because it was being developed from scratch — with “collaborative editing in mind from the first step of proof of concept”. Hence its implementation of collaborative editing algorithms can work “with minimal resources consumption even on mobile phones”.

Goroshko says a Collabio user can have up to five peers simultaneously connected if they launch a collaboration session via a mobile device — with all participants able to edit the document. (Desktops support more connections.)

“You launch a collaboration session with a honeycomb icon, and any nearby devices with [the] Collabio Spaces app show shared documents,” he explains. “Under the hood, it works the similar way as sharing files through AirDrop or streaming audio/video through AirPlay. People nearby can join editing, if they know the security code assigned to the session.”

These p2p connections are encrypted with “standard end-to-end encryption”, according to Goroshko — who admits to “some tricks to allow trusted connections in the local network without access to the Internet”, adding: “We believe that this is enough for the start but in the future we will probably improve this approach.”

So — as with any nascent and non-independently security-tested product — prospective users should approach with caution, weighing up the sensitivity of any data they might wish to share for co-editing purposes before trusting it to Collabio’s novel implementation.

The startup, meanwhile, sees plenty of potential growth coming from frustrated office workers trying to find smarter ways to work remotely.

“Our goal is to create an editor specifically for team work, to help people get the most from collaboration,” says Goroshko. “Working together with others gives you a lot of advantages but requires more effort to sync with others. Planning, tracking, discussions, reviews — currently most of this work is performed separately from the document or locked inside the document. We want to cover this gap and give our users the most from collaboration with each other.”

“We consider two main types of competitors on the market,” he adds. “Classical office document editing suites like MS Office, Google Docs and Libre Office. We do not consider direct competition with them because their features set is enormous. However, many people simply do not use most of these features!

“And now a few newcomers have appeared on the market like Notion or Airtable, introducing smart ways how the document editing process can be integrated into your business. We see ourselves somewhere in between these products and classical office suites.”

A subscription payment is required to use Collabio Suites but a free trial version is available for up to a week.

We’re also told there’s an option for free of charge usage where the user is able to view and edit documents as a peer but can’t be the host of a collaboration session.

The major release that’s coming in May looks set to expand Collabio’s utility greatly — enabling it to tap into the remote work boom — by adding the ability to do p2p collaboration from anywhere via the Internet, also without the need for a remote server sitting in the loop.

How will that forthcoming functionality work? In a word: Math. Goroshko says the implementation will rely on an Operations Transformation algorithm keeping the document consistent “at any moment” during co-editing — avoiding the need for true real-time operations.

“It does not matter what co-editors type for in the end they all have absolutely the same content,” he says. “The algorithm does not guarantee that the result will be meaningful. If several people type in the same place, they will get an abracadabra. But this will be exactly the same abracadabra after all changes have been synced between all participants. This is the point. Operations Transformation does not require true real-time operations, changes can come early or later, even after sufficient delays. In either case they will be transformed to become inline with other changes. So regardless of cloud or cloudless collaboration mode, you do not need specific infrastructure or high speed processing to support collaborative editing.”

#apps, #collabio, #collaboration, #p2p, #productivity, #remote-work, #saas, #startups

Capsule gets $1.5M to build ‘super simple’ decentralized social media

Capsule‘s plan to launch a super simple decentralized social media platform which is safe from censorship by Big Tech has advanced another stage: The nascent startup has closed a seed round of funding ($1.5M) led by Beacon Fund, a dedicated crypto fund by Polychain Capital — which is itself focused on startups building on Dfinity’s decentralized network for next-gen ‘open’ apps (aka, the Internet Computer).

As we reported in January, the idea for Capsule started with a tweet that almost immediately pulled in a pre-seed raise of $100k. That’s now been topped up with seed financing to get a prototype to market later this month.

Mobile apps are also on the cards and the funding will be used to build out Capsule’s team as well (currently it’s around four people).

Capsule founder Nadim Kobeissi, a cryptography researcher who previously authored the open-source E2E-encrypted desktop chat app Cryptocat, says they’re on track to put out an MVP this month — once they’ve made a few tweaks to the infrastructure.

“The prototype is ready,” he tells TechCrunch. “We’re investigating switching some of the infrastructure from GUN to IPFS [InterPlanetary File System; aka a p2p hypermedia protocol], and improving the user interface. We could launch an MVP now but are choosing to hold off by a few weeks.”

Polychain Capital outted its Beacon Fund last September. The $14.5M investment vehicle is funded by Polychain, Andreessen Horowitz, and the Dfinity Foundation — and aims to support entrepreneurs and teams building on Dfinity’s the Internet Computer (TIC); aka a serverless architecture for natively hosting software and services (which it refers to as the “first blockchain computer that runs at web speed with infinite capacity”).

Kobeissi’s original concept for Capsule, meanwhile, was to create self-hosting microservices. He says that hasn’t changed — but sees potential for TIC to help solve some specific technical issues.

“The Internet Computer will hopefully be helping us build a ‘customized mini-blockchain’ to solve two issues with Capsule: Global authenticated timestamps for posts as well as a root of trust for user’s authentication keys for posts,” he says. “We were looking to solve these issues somehow before this investment and were already considering Dfinity as the potential solution given that it has a programming language that allows for building these ‘custom mini-blockchains’ as we see them.”

“The rest will still be a self-hosting, self-contained, precisely engineered micro-services concept, with IPFS (previously GUN) as a decentralized database/connectivity back-end,” he adds.

Given the intent with TIC is to hosts all sorts of decentralized apps it’s possible — indeed, likely — that a bunch of decentralized social media plays will emerge. Last year, for example, Dfinity launched a proof of concept for an ‘open’ version of the professional social network, LinkedIn — which it punningly called ‘LinkedUp’.

It went on to demo a TikTok clone — and to open TIC up to outside developers last summer. So there could soon be a bunch of apps built atop its network touting social networking services without the meddling hand of Big Tech. Where, then, does Kobeissi see Capsule’s USP — i.e. if/when there’s a sea of decentralized ‘mega-apps’ that can also claim resilience to censorship?

“We think Capsule’s value will lie in its exceptional user experience, quality, performance, ease of use and high quality engineering that draws on advanced technologies such as TIC and IPFS without saddling bloat,” he says. “Others may use the same technology but I think we can do a good job on building something simple that just works and that is a pleasure to use.”

“Ultimately, I think that Capsule will be to Facebook what healthy, vegetarian diets are to a McDonald’s diet,” he adds more generally of his intent for the service. “Capsule may be a social media service but its relationship with its users and developers will be fundamentally different than Big Tech platforms.”

Below are a few screenshots showing current mock-ups of the Capsule interface.

#apps, #beacon-fund, #blockchain, #capsule, #decentralized, #dfinity, #fundings-exits, #nadim-kobeissi, #p2p, #polychain-captial, #recent-funding, #social, #social-media, #startups

Cryptocat author gets insanely fast backing to build p2p tech for social media

The idea for Capsule started with a tweet about reinventing social media.

A day later cryptography researcher, Nadim Kobeissi — best known for authoring the open source e2e encrypted desktop chat app Cryptocat (now discontinued) — had pulled in a pre-seed investment of $100,000 for his lightweight mesh-networked microservices concept, with support coming from angel investor and former Coinbase CTO Balaji Srinivasan, William J. Pulte and Wamda Capital.

The nascent startup has a post-money valuation on paper of $10M, according to Kobeissi, who is working on the prototype — hoping to launch an MVP of Capsule in March (as a web app), after which he intends to raise a seed round (targeting $1M-$1.5M) to build out a team and start developing mobile apps.

For now there’s nothing to see beyond Capsule’s landing page and a pitch deck (which he shared with TechCrunch for review). But Kobeissi says he was startled by the level of interest in the concept.

“I posted that tweet and the expectation that I had was that basically 60 people max would retweet it and then maybe I’ll set up a Kickstarter,” he tells us. Instead the tweet “just completely exploded” and he found himself raising $100k “in a single day” — with $50k paid in there and then.

“I’m not a startup guy. I’ve been running a business based on consulting and based on academic R&D services,” he continues. “But by the end of the day — last Sunday, eight days ago — I was running a Delaware corporation valued at $10M with $100k in pre-seed funding, which is insane. Completely insane.”

Capsule is just the latest contender for retooling Internet power structures by building infrastructure that radically decentralizes social platforms to make speech more resilient to corporate censorship and control.

The list of decentralized/p2p/federated protocols and standards already out there is very long — even while usage remains low. Extant examples include ActivityPub, Diaspora, Mastodon, p2p Matrix, Scuttlebutt, Solid and Urbit, to name a few.

Interest in the space has been rekindled in recent weeks after mainstream platforms like Facebook and Twitter took decisions to shut down US president Donald Trump’s access to their megaphones — a demonstration of private power that other political leaders have described as problematic

Kobeissi also takes that view, while adding the caveat that he’s not “personally” concerned about Trump’s deplatforming. But he says he is concerned about giant private corporations having unilateral power to shape Internet speech — whether takedown decisions are being made by Twitter’s trust & safety lead or Amazon Web Services (which recently yanked the plug on right-wing social network Parler for failing to moderate violent views).

He also points to a lawsuit that’s been filed in US court seeking damages and injunctive relief from Apple for allowing Telegram, a messaging platform with 500M+ users, to be made available through its iOS App Store — “despite Apple’s knowledge that Telegram is being used to intimidate, threaten, and coerce members of the public” — raising concerns about “the odds of these efforts catching on”.

“That is kind of terrifying,” he suggests.

Capsule would seek to route around the risk of mass deplatforming via “easy to deploy” p2p microservices — starting with a forthcoming web app.

“When you deploy Capsule right now — I have a prototype that does almost nothing running — it’s basically one binary. And you get that binary and you deploy it and you run it, and that’s it. It sets up a server, it contacts Let’s Encrypt, it gets you a certificate, it uses SQLite for the database, which is a server-less database, all of the assets for the web server are within the binary,” he says, walking through the “really nice technical idea” which snagged $100k in pre-seed backing insanely fast.

“There are no other files — and then once you have it running, in that folder when you set up your capsule server, it’s just the Capsule program and a Capsule database which is a file. And that’s it. And that is so self-contained that it’s embeddable everywhere, that’s migratable — and it’s really quite impossible to get this level of simplicity and elegance so quickly unless you go this route. Then, for the mesh federation thing, we’re just doing HTTPS calls and then having decentralized caching of the databases and so on.”

Among the Twitter back-and-forth about how (or whether) Kobeissi’s concept differs to various other decentralized protocols, someone posted a link to this XKCD cartoon — which lampoons the techie quest to resolve competing standards by proposing a tech that covers all use-cases (yet is of course doomed to increase complexity by +1). So given how many protocols already offer self-hosted/p2p social media services it seems fair to ask what’s different here — and, indeed, why build another open decentralized standard?

Kobeissi argues that existing options for decentralizing social media are either: A) not fully p2p (Mastodon is “self-hosted but not decentralized”, per a competitive analysis on Capsule’s pitch deck, ergo its servers are “vulnerable to Parler-style AWS takedowns”); or B) not focused enough on the specific use-case of social media (some other decentralized protocols like Matrix aim to support many more features/apps than social media and therefore can’t be as lightweight is the argument); or C) simply aren’t easy enough to use to be more than a niche geeky option.

He talks about Capsule having the same level of focus on social media as Signal does on private messaging, for example — albeit intending it to support both short-form ‘tweet’ style public posts and long-form Medium-style postings. But he’s vocal about not wanting any ‘bloat’.

He also invokes Apple’s ‘design for usability’ philosophy. Albeit, it’s a lot easier to say you want to design something that ‘just works’ vs actually pulling off effortless mainstream accessibility. But that’s the bar Kobeissi is setting himself here.

“I always imagine Glenn Greenwald when I think of my user,” he says on the usability point, referring to the outspoken journalist and Intercept co-founder who recently left to launch his own newsletter-based offering on Substack. “He’s the person I see setting this up. Basically the way that this would work is he’d be able to set this up or get someone to set it up really easily — I think Capsule is going to offer automated deployments as also a way to make revenue, by the way, i.e. for a bit extra we deploy the server for you and then you’re self-hosting but we also make a margin off of that — but it’s going to be open source, you can set it up yourself as well and that’s perfectly okay. It’s not going to be hindered at all in that sense.

“In the case of Capsule, each content creator has their own website — has their own address, like Capsule.Greenwald.com — and then people go there and their first discovers of the mesh is through people that they’re interested in hearing from.”

Individual Capsules would be decentralized from the risk of platform-level censorship since they’d be beyond the reach of takedowns by a single centralizing entity. Although they would still be being hosted on the web — and therefore could be subject to a takedown by their own web host. That means illegal speech on Capsule could still be removed. However there wouldn’t be a universal host that could be hit up with the risk of a whole platform being taken down at a sweep — as Parler just was by AWS.

“For every takedown it is entirely between that Capsule user and their hosting provider,” says Kobeissi. “Capsule users are going to have different hosting providers that they’re able to choose and then every time that there is a takedown it is going to be a decision that is made by a different entity. And with a different — perhaps — judgement, so there isn’t this centralized focus where only Amazon Web Services decides who gets to speak or only Twitter decides.”

And while the business of web hosting at platform giant level involves just a handful of cloud hosting giants able to offer the required scalability, he argues that that censorship-prone market concentration goes away once you’re dealing with scores of descentralized social media instances.   

“We have the big hosting providers — like AWS, Azure, Google Cloud — but aside from that we have a lot of tiny hosting providers or small businesses… Sure if you’re running a big business you do get to focus on these big providers because they allow you to have these insane servers that are very powerful and deployable very easily but if you’re running a Capsule instance, as a matter of fact, the server resource requirements of running a Capsule instance are generally speaking quite small. In most instances tiny.”

Content would also be harder to scrub from Capsule because the mesh infrastructure would mean posts get mirrored across the network by the poster’s own followers (assuming they have any). So, for example, reposts wouldn’t just vanish the moment the original poster’s account was taken down by their hosting provider.

Separate takedown requests would likely be needed to scrub each reposted instance, adding a lot more friction to the business of content moderation vs the unilateral takedowns that platform giants can rain down now. The aim is to “spare the rest of the community from the danger of being silenced”, as Kobeissi puts it.

Trump’s deplatforming does seem to have triggered a major penny dropping moment for some that allowing a handful of corporate giants to own and operate centalized mass communication machines isn’t exactly healthy for democratic societies as this unilateral control of infrastructure gives them the power to limit speech. (As, indeed, their content-sorting algorithms determine reach and set the agenda of much public debate.)

Current social media infrastructure also provides a few mainstream chokepoints for governments to lean on — amplifying the risk of state censorship.

With concerns growing over the implications of platform power on data flows — and judging by how quickly Kobeissi’s tweet turned heads — we could be on the cusp of an investor-funded scramble to retool Internet infrastructure to redefine where power (and data) lies.

It’s certainly interesting to note that Twitter recently reupped its own decentralized social media open standard push, Bluesky, for example. It obviously wouldn’t want to be left behind any such shift.

“It seems to really have blown up,” Kobeissi adds, returning to his week-old Capsule concept. “I thought when I tweeted that I was maybe the only person who cared. I guess I live in France so I’m not really in tune with what’s going on in the US a lot — but a lot of people care.”

“I am not like a cypherpunk-style person these days, I’m not for full anonymity or full unaccountability online by any stretch,” he adds. “And if this is abused then sincerely it might even be the case that we would encourage — have a guidelines page — for hosting providers like on how to deal with instances of someone hosting an abusive Capsule instance. We do want that accountability to exist. We are not like a full on, crazy town ‘free speech’ wild west thing. We just think that that accountability has to be organic and decentralized — just as originally intended with the Internet.”

#capsule, #censorship, #cryptocat, #decentralized, #free-speech, #fundings-exits, #nadim-kobeissi, #p2p, #privacy, #social

African fintech startup Chipper Cash raises $30M backed by Jeff Bezos

African cross-border fintech startup Chipper Cash has raised a $30 million Series B funding round led by Ribbit Capital with participation of Bezos Expeditions — the personal VC fund of Amazon CEO Jeff Bezos.

Chipper Cash was founded in San Francisco in 2018 by Ugandan Ham Serunjogi and Ghanaian Maijid Moujaled. The company offers mobile-based, no fee, P2P payment services in seven countries: Ghana, Uganda, Nigeria, Tanzania, Rwanda, South Africa and Kenya.

Parallel to its P2P app, the startup also runs Chipper Checkout — a merchant-focused, fee-based payment product that generates the revenue to support Chipper Cash’s free mobile-money business. The company has scaled to 3 million users on its platform and processes an average of 80,000 transactions daily. In June 2020, Chipper Cash reached a monthly payments value of $100 million, according to CEO Ham Serunjogi .

As part of the Series B raise, the startup plans to expand its products and geographic scope. On the product side, that entails offering more business payment solutions, crypto-currency trading options, and investment services.

“We’ll always be a P2P financial transfer platform at our core. But we’ve had demand from our users to offer other value services…like purchasing cryptocurrency assets and making investments in stocks,” Serunjogi told TechCrunch on a call.

Image Credits: Chipper Cash

Chipper Cash has added beta dropdowns on its website and app to buy and sell Bitcoin and invest in U.S. stocks from Africa — the latter through a partnership with U.S. financial services company DriveWealth.

“We’ll launch [the stock product] in Nigeria first so Nigerians have the option to buy fractional stocks — Tesla shares, Apple shares or Amazon shares and others — through our app. We’ll expand into other countries thereafter,” said Serunjogi.

On the business financial services side, the startup plans to offer more API payments solutions. “We’ve been getting a lot of requests from people on our P2P platform, who also have business enterprises, to be able to collect payments for sale of goods,” explained Serunjogi.

Chipper Cash also plans to use its Series B financing for additional country expansion, which the company will announce by the end of 2021.

Jeff Bezos’s backing of Chipper Cash follows a recent string of events that has elevated the visibility of Africa’s startup scene. Over the past decade, the continent’s tech ecosystem has been one of the fastest growing in the world by year year-over-year expansion in venture capital and startup formation, concentrated in countries such as Nigeria, Kenya, and South Africa.

Africa Top VC Markets 2019

Image Credits: TechCrunch/Bryce Durbin

Bringing Africa’s large unbanked population and underbanked consumers and SMEs online has factored prominently. Roughly 66% of Sub-Saharan Africa’s 1 billion people don’t have a bank account, according to World Bank data.

As such, fintech has become Africa’s highest-funded tech sector, receiving the bulk of an estimated $2 billion in VC that went to startups in 2019. Even with the rapid venture funding growth over the last decade, Africa’s tech scene had been performance light, with only one known unicorn (e-commerce venture Jumia) a handful of exits, and no major public share offerings. That changed last year.

In April 2019, Jumia — backed by investors including Goldman Sachs and Mastercard — went public in an NYSE IPO. Later in the year, Nigerian fintech company Interswitch achieved unicorn status after a $200 million investment by Visa.

This year, Network International purchased East African payments startup DPO for $288 million and in August WorldRemit acquired Africa focused remittance company Sendwave for $500 million.

One of the more significant liquidity events in African tech occurred last month, when Stripe acquired Nigerian payment gateway startup Paystack for a reported $200 million.

In an email to TechCrunch, a spokesperson for Bezos Expeditions confirmed the fund’s investment in Chipper Cash, but declined to comment on further plans to back African startups. Per Crunchbase data, the investment would be the first in Africa for the fund. It’s worth noting Bezos Expeditions is not connected to Jeff Bezo’s hallmark business venture, Amazon.

For Chipper Cash, the $30 million Series B raise caps an event-filled two years for the San Francisco-based payments company and founders Ham Serunjogi and Maijid Moujaled. The two came to America for academics, met in Iowa while studying at Grinnell College and ventured out to Silicon Valley for stints in big tech: Facebook for Serunjogi and Flickr and Yahoo! for Moujaled.

Chipper Cash founders Ham Serunjogi (R) and Maijid Moujaled; Image Credits: Chipper Cash

The startup call beckoned and after launching Chipper Cash in 2018, the duo convinced 500 Startups and Liquid 2 Ventures — co-founded by American football legend Joe Montana — to back their company with seed funds. The startup expanded into Nigeria and Southern Africa in 2019, entered a payments partnership with Visa in April and raised a $13.8 million Series A in June.

Chipper Cash founder Ham Serunjogi believes the backing of his company by a notable tech figure, such as Jeff Bezos (the world’s richest person), has benefits beyond his venture.

“It’s a big deal when a world class investor like Bezos or Ribbit goes out of their sweet spot to a new area where they previously haven’t done investments,” he said. “Ultimately, the winner of those things happening is the African tech ecosystem overall, as it will bring more investment from firms of that caliber to African startups.”

#500-startups, #africa, #amazon, #america, #apple, #banking, #bezos-expeditions, #chipper-cash, #e-commerce, #facebook, #financial-services, #ghana, #goldman-sachs, #ham-serunjogi, #hsbc, #interswitch, #iowa, #jeff-bezos, #joe-montana, #kenya, #liquid-2-ventures, #maijid-moujaled, #mastercard, #mobile-payments, #nigeria, #online-payments, #p2p, #paystack, #ribbit, #ribbit-capital, #rwanda, #san-francisco, #series-b, #south-africa, #stripe, #tanzania, #tc, #tesla, #uganda, #united-states, #venture-capital, #visa, #worldremit, #yahoo

Google Pay gets a major redesign with a new emphasis on personal finance

Google is launching a major redesign of its Google Pay app on both Android and iOS today. Like similar phone-based contactless payment services, Google Pay — or Android Pay as it was known then — started out as a basic replacement for your credit card. Over time, the company added a few more features on top of that but the overall focus never really changed. After about five years in the market, Google Pay now has about 150 million users in 30 countries. With today’s update and redesign, Google is keeping all the core features intact but also taking the service in a new direction with a strong emphasis on helping you manage your personal finances (and maybe get a deal here and there as well).

Google is also partnering with 11 banks to launch a new kind of bank account in 2021. Called Plex, these mobile-first bank accounts will have no monthly fees, overdraft charges or minimum balances. The banks will own the accounts but the Google Pay app will be the main conduit for managing these accounts. The launch partners for this are Citi and Stanford Federal Credit Union.

Image Credits: Google

“What we’re doing in this new Google Pay app, think of it is combining three things into one,” Google director of product management Josh Woodward said as he walked me through a demo of the new app. “The three things are three tabs in the app. One is the ability to pay friends and businesses really fast. The second is to explore offers and rewards, so you can save money at shops. And the third is getting insights about your spending so you can stay on top of your money.”

Paying friends and businesses was obviously always at the core of Google Pay — but the emphasis here has shifted a bit. “You’ll notice that everything in the product is built around your relationships,” Caesar Sengupta, Google’s lead for Payments and Next Billion Users, told me. “It’s not about long lists of transactions or weird numbers. All your engagements pivot around people, groups, and businesses.”

It’s maybe no surprise then that the feature that’s now front and center in the app is P2P payments. You can also still pay and request money through the app as usual, but as part of this overhaul, Google is now making it easier to split restaurant bills with friends, for example, or your rent and utilities with your roommates — and to see who already paid and who is still delinquent. Woodward tells me that Google built this feature after its user research showed that splitting bills remains a major pain point for its users.

In this same view, you can also find a list of companies you have recently transacted with — either by using the Google Pay tap-and-pay feature or because you’ve linked your credit card or bank account with the service. From there, you can see all of your recent transactions with those companies.

Image Credits: Google

Maybe the most important new feature Google is enabling with this update is indeed the ability to connect your bank accounts and credit cards to Google Pay so that it can pull in information about your spending. It’s basically Mint-light inside the Google Pay app. This is what enables the company to offer a lot of the other new features in the app. Google says it is working with “a few different aggregators” to enable this feature, though it didn’t go into details about who its partners are. It’s worth stressing that this, like all of the new features here, is off by default and opt-in.

Image Credits: Google

The basic idea here is similar to that of other personal finance aggregators. At its most basic, it lets you see how much money you spent and how much you still have. But Google is also using its smarts to show you some interesting insights into your spending habits. On Monday, it’ll show you how much you spent on the weekend, for example.

“Think of these almost as like stories in a way,” Woodward said. “You can swipe through them so you can see your large transactions. You can see how much you spent this week compared to a typical week. You can look at how much money you’ve sent to friends and which friends and where you’ve spent money in the month of November, for example.”

This also then enables you to easily search for a given transaction using Google’s search capabilities. Since this is Google, that search should work pretty well and in a demo, the team showed me how a search for ‘Turkish’ brought up a transaction at a kebab restaurant, for example, even though it didn’t have ‘Turkish’ in its name. If you regularly take photos of your receipts, you can also now search through these from Google Pay and drill down to specific things you bought — as well as receipts and bills you receive in your Gmail inbox.

Also new inside of Google Pay is the ability to see and virtually clip coupons that are then linked to your credit card, so you don’t need to do anything else beyond using that linked credit card to get extra cashback on a given transaction, for example. If you opt in, these offers can also be personalized.

Image Credits: Google

The team also worked with the Google Lens team to now let you scan products and QR codes to look for potential discounts.

As for the core payments function, Google is also enabling a new capability that will let you use contactless payments at 30,000 gas stations now (often with a discount). The partners for this are Shell, ExxonMobil, Phillips 66, 76 and Conoco.

In addition, you’ll also soon be able to pay for parking in over 400 cities inside the app. Not every city is Portland, after all, and has a Parking Kitty. The first cities to get this feature are Austin, Boston, Minneapolis, and Washington, D.C., with others to follow soon.

It’s one thing to let Google handle your credit card transaction but it’s another to give it all of this — often highly personal — data. As the team emphasized throughout my conversation with them, Google Pay will not sell your data to third parties or even the rest of Google for ad targeting, for example. All of the personalized features are also off by default and the team is doing something new here by letting you turn them on for a three-month trial period. After those three months, you can then decide to keep them on or off.

In the end, whether you want to use the optional features and have Google store all of this data is probably a personal choice and not everybody will be comfortable with it. The rest of the core Google Pay features aren’t changing, after all, so you can still make your NFC payments at the supermarket with your phone just like before.

#android, #apps, #artificial-intelligence, #austin, #bank, #boston, #citi, #computing, #exxonmobil, #google, #google-pay, #minneapolis, #mobile-payments, #online-payments, #p2p, #portland, #product-management, #shell, #tc, #up, #washington, #washington-d-c

Rockstar stops hackers from spawning KKK members in Red Dead Online

Hackers had been spawning these character models from the single player version of <em>Red Dead Redemption 2</em> in the multiplayer Red Dead Online.

Enlarge / Hackers had been spawning these character models from the single player version of Red Dead Redemption 2 in the multiplayer Red Dead Online.

Rockstar has closed a loophole that let hackers spawn white-hooded Ku Klux Klan members in the “Red Dead Online” multiplayer portion of Red Dead Redemption 2, even as other hacking problems in the game persist.

The models for the KKK members come from the single-player portion of the game, where the Klan features in a number of in-game plotlines. But Red Dead Online players had been inserting the characters into the multiplayer game world through the use of mod menus. These tools essentially take full control of the PC version of the game, doing anything from spawning infinite items to changing weather patterns for entire lobbies.

Players using KKK spawning to grief and/or terrorize other players has been reported numerous times on Reddit and other forums in recent weeks. Screenshots also show hackers accompanying these spawns with racist invective broadcast to the game lobby by taking control of the “Rockstar message” channel.

Read 3 remaining paragraphs | Comments

#gaming-culture, #hacking, #kkk, #p2p, #red-dead, #red-dead-redemption-2, #red-ead-online, #rockstar

African payment startup Chipper Cash raises $13.8M Series A

African cross-border fintech startup Chipper Cash has closed a $13.8 million Series A funding round led by Deciens Capital and plans to hire 30 new staff globally.

The raise caps an event filled run for the San Francisco based payments company, founded two years ago by Ugandan Ham Serunjogi and Ghanaian Maijid Moujaled.

The two came to America for academics, met in Iowa while studying at Grinnell College and ventured out to Silicon Valley for stints in big tech: Facebook for Serunjogi and Flickr and Yahoo! for Moujaled.

The startup call beckoned and after launching Chipper Cash in 2018, the duo convinced 500 Startups and and Liquid 2 Ventures — co-founded by American football legend Joe Montana — to back their company with seed funds.

Two years and $22 million in total capital raised later, Chipper Cash offers its mobile-based, no fee, P2P payment services in seven countries: Ghana, Uganda, Nigeria, Tanzania, Rwanda, South Africa and Kenya.

“We’re now at over one and a half million users and doing over a $100 million dollars a month in volume,” Serunjogi told TechCrunch on a call.

Chipper Cash does not release audited financial data, but does share internal performance accounting with investors. Deciens Capital and Raptor Group co-led the startup’s Series A financing, with repeat support from 500 Startups and Liquid 2 Ventures .

Deciens Capital founder Dan Kimmerling confirmed the fund’s lead on the investment and review of Chipper Cash’s payment value and volume metrics.

Parallel to its P2P app, the startup also runs Chipper Checkout: a merchant-focused, fee-based mobile payment product that generates the revenue to support Chipper Cash’s free mobile-money business.

The company will use its latest round to hire up to 30 people across operations in San Francisco, Lagos, London, Nairobi and New York — according to Serunjogi.

Image Credits: Chipper Cash

Chipper Cash has already brought on a new compliance officer, Lisa Dawson, whose background includes stints with the U.S. Department of Treasury’s Financial Crimes Enforcement Network and Citigroup’s anti-money laundering department.

“You know in the world we live in the AML side is very important so it’s an area that we want to invest in from the get go,” said Serunjogi.

He confirmed Dawson’s role aligned with getting Chipper Cash ready to meet regulatory requirements for new markets, but declined to name specific countries.

With the round announcement, Chipper Cash also revealed a corporate social responsibility component to its business. Related to current U.S. events, the startup has formed the Chipper Fund for Black Lives.

“We’ve been huge beneficiaries of the generosity and openness of this country and its entrepreneurial spirit,” explained Serunjogi. “But growing up in Africa, we’ve were able to navigate [the U.S.] without the traumas and baggage our African American friends have gone through living in America.”

The Chipper Fund for Black Lives will give 5 to 10 grants of $5,000 to $10,000. “The plan is to give that to…people or causes who are furthering social justice reforms,” said Serunjogi.

In Africa, Chipper Cash has placed itself in the continent’s major digital payments markets. As a sector, fintech has become Africa’s highest funded tech space, receiving the bulk of an estimated $2 billion in VC that went to startups in 2019.

Africa Top VC Markets 2019

Image Credits: TechCrunch

Those ventures, and a number of the continent’s established banks, are in a race to build market share through financial inclusion.

By several estimates — including The Global Findex Database — the continent is home to the largest percentage of the world’s unbanked population, with a sizable number of underbanked consumers and SMEs.

Increasingly, Nigeria has become the most significant fintech market in Africa, with the continent’s largest economy and population of 200 million.

Chipper Cash expanded there in 2019 and faces competition from a number of players, including local payments venture Paga. More recently, outside entrants have jumped into Nigeria’s fintech scene.

In 2019, Chinese investors put $220 million into OPay (owned by Opera) and PalmPay — two fledgling startups with plans to scale first in West Africa and then the broader continent.

Over the next several years, expect to see market events — such as fails, acquisitions, or IPOs — determine how well funded fintech startups, including Chipper Cash, fare in Africa’s fintech arena.

#africa, #african-tech, #america, #chipper-cash, #citigroup, #deciens-capital, #entrepreneurship, #ghana, #ham-serunjogi, #iowa, #joe-montana, #kenya, #lagos, #liquid-2-ventures, #london, #nairobi, #new-york, #nigeria, #p2p, #paga, #private-equity, #rwanda, #san-francisco, #south-africa, #startup-company, #tanzania, #tc, #tech-in-africa, #uganda, #united-states, #west-africa, #yahoo

Automattic pumps $4.6M into New Vector to help grow Matrix, an open, decentralized comms ecosystem

Automattic, the open source force behind WordPress .com, WooCommerce, Longreads, Simplenote and Tumblr, has made a $4.6M strategic investment into New Vector — the creators of an open, decentralized communications standard called Matrix. They also develop a Slack rival (Riot) which runs on Matrix.

The investment by Automattic, which is at a higher valuation than the last tranche New Vector took in, extends an $8.5M Series A last year, from enterprise tech specialists Notion Capital and Dawn Capital plus European seed fund Firstminute Capital — and brings the total raised to date to $18.1M. (Which includes an earlier $5M in strategic investment from an Ethereum-based secure chat and crypto wallet app, Status).

New Vector’s decentralized tech powers instant messaging for a number of government users, including France — which forked Riot to launch a messaging app last year (Tchap) — and Germany, which just announced its armed forces will be adopting Matrix as the backbone for all internal comms; as well as for the likes of KDR, Mozilla, RedHat and Wikimedia, to name a few.

Getting Automattic on board is clearly a major strategic boost for Matrix — one that’s allowing New Vector to dream big.

“It’s very much a step forwards,” New Vector CEO and CTO and Matrix co-founder, Matthew Hodgson, tells TechCrunch. “We’re hopefully going to get the support from Automattic for really expanding the ecosystem, bringing Matrix functionality into WordPress — and all the various WordPress plugins that Automattic does. And likewise open up Matrix to all of those users too.”

A blog post announcing the strategic investment dangles the intriguing possibility of a decentralized Tumblr — or all WordPress sites automatically getting their own Matrix chatroom.

“This is huge news, not least because WordPress literally runs over 36% of the websites on today’s web – and the potential of bringing Matrix to all those users is incredible,” New Vector writes in the blog post. “Imagine if every WP site automatically came with its own Matrix room or community?  Imagine if all content in WP automatically was published into Matrix as well as the Web?… Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site?”

Those possibilities remain intriguing ideas for now. But as well as ploughing funding into New vector Automattic is opening up a job for a Matrix.org/WordPress integrations engineer — so the Matrix team has another tangible reason to be excited about future integrations.

“One of the best and the biggest open source guys really believes in what we’re doing and is interested in trying to open up the worlds of WordPress into the decentralized world of Matrix,” adds Hodgson. “In some ways it’s reassuring that a relatively established company like Automattic is keeping its eye on the horizon and putting their chips on the decentralized future. Whereas they could be ‘doing a Facebook’ and just sitting around and keeping everything centralized and as locked down as possible.”

“It’s a bit of a validation,” says Matrix co-founder and New Vector head of ops and products, Amandine le Pape. “The same way getting funding from VCs was validation of the fact it’s a viable business. Here it’s a validation it’s actually a mainstream open source project which can really grow.”

New Vector co-founders, Matthew Hodgson and Amandine le Pape

While the strategic investment offer from Automattic was obviously just a great opportunity to be seized by New vector, given ideological alignment and integration potential, it also comes at helpful time, per le Pape, given they’ve been growing their SaaS business.

“The business model that we’re looking at with New Vector to go and drive — both to fund Matrix and also to keep the lights on and grow the projects and the company — is very, very similar to what Automattic have successfully done with WordPress.com,” adds Hodgson. “So being able to compare notes directly with their board and our board to go and say to them how do you make this work between the WordPress.org and the WordPress.com split should be a really useful tool for us.”

While Matrix users can choose to host their own servers there’s obviously a high degree of complexity (and potential expense) involved in doing so. Hence New Vector’s business model is to offer a paid Matrix hosting service, called Modular, where it takes care of the complexity of hosting for a fee. (Marketing copy on the Modular website urges potential customers to: “Sign up and deploy your own secure chat service in seconds!”)

“Some of our highest profile customers like Mozilla could go and run it themselves, obviously. Mozilla know tech. But in practice it’s a lot easier and a lot cheaper overall for them to just go and get us to run it,” adds Hodgson. “The nice thing is that they have complete self sovereignty over their data. It’s their DNS. We give them access to the database. They could move off at any time… switch hosting provider or run it themselves. [Users] typically start off with us as a way to get up and running.”

Talking of moving, Hodgson says he expects Automattic to move over from Slack to Riot following this investment.

“I am very excited about what New Vector is doing with Matrix — creating a robust, secure, open protocol that can bring all flavors of instant messaging and collaboration together, in the way that the web or email has its foundation layer,” added Automattic founder, Matt Mullenweg, in a supporting statement. “I share New Vector’s passion for open source and the power of open standards. I’m excited to see how Automattic and New Vector can collaborate on our shared vision in the future.” 

Mullenweg was already a supporter of Matrix, chipping into its seed via Patreon back in 2017. At the time the team was transitioning from being incubated and wholly financed by Amdocs, a telco supplier where New Vectors’ co-founders used to work (running its unified comms division), to spinning out and casting around for new sources of funding to continue development of their decentralized standard.

Some three years on — now with another multi-million dollar tranche of funding in the bank — Hodgson says New Vector is able to contemplate the prospect of profitability ahead, with ~16.8 million users and 45,000 deployments at this point (up from 11M and 40k back in October).

“I think there’s also a high chance — touch wood — that this injection gives us a path straight through to profitability if needed,” he tells us. “Given the macroeconomic uncertainty thanks to the [COVID-19] pandemic, the opportunity to say we have this amount of cash in the bank, assuming our customers follow roughly the trajectory that we’d seen so far… this would be a way to get out the other side without having to depend on any further funding.

“If things are on track we probably would do additional funding next year in order to double down on the success. But right now this at least gives us a pretty chunky safety net.”

The coronavirus crisis has been accelerating interest in Matrix “significantly”, per Hodgson, as entities that might have been contemplating a switch to decentralized comms down the line feel far greater imperative to take control of their data — now that so many users are logging on from home.

“As lockdowns began we saw sign ups increase by a factor of about 10,” he says. “It’s tapered off a little bit but it was a real scaling drama overnight. We had to launch an entirely new set of videoconferencing deployments on Jitsi’s offering, as well as scaling up the hardware for the service which we run by several times over.

“We’re also seeing retention go up, which was nice. We assumed there would be a huge spike of users desperately trying to find a home and then they wouldn’t necessarily stick around. In practice they’ve stuck around more than the existing user base which is reassuring.”

In some cases, New Vector has seen customers radically shrink planned deployment timescales — from months to a matter of days.

“We literally had one [educational] outfit in German reach out and say that tender in September — we want you to go live on Monday,” says Hodgson, noting that in this instance the customer skipped the entire tendering process because of they felt they needed a secure system school kids could use. (And privacy concerns ruling out use of centralized options such as Zoom or Microsoft Teams.)

“The biggest impact from a New Vector perspective at least has been that a lot of our slower moving, bigger opportunities — particularly in the public sector with governments — have suddenly sped up massively,” he adds. “Because it was previously a nice to have premium thing — ‘wouldn’t it be good if we had our own encrypted messenger and if everybody wasn’t using Telegram or WhatsApp to run our country’ — and then suddenly, with the entire population of whichever country it might be suddenly having to work remotely it’s become an existential requirement to have high quality communication, and having that encrypted and self sovereign is a massive deal.”

In terms of competing with Slack (et al), the biggest consideration is usability and UX, according to Hodgson.

So, over the last year, New Vector has hired a dedicated in-house design team to focus on smoothing any overly geeky edges — though most of this work is yet to be pushed out to users.

“We’ve actually pivoted the entire development of Riot to be design led,” he says. “It’s no longer a whole bunch of developers, like myself, going and hacking away on it — instead the product owner and the product direction’s being laid by the design team. And it is an unrecognizable difference — in terms of focus and usability.

“Over the coming year we are expecting Riot to basically be rebuilt at least cosmetically to get rid of the complexity and the geekiness and the IRC hangovers which we have today in favor of something that can genuinely punch its weight against Slack and Discord.”

In another major recent development New Vector switched on end-to-end encryption across the piece in Riot, making it the default for all new non-public conversations (DMs and private chats).

“It’s the equivalent of email suddenly mandating PGP and managing not to break everything,” says Hodgson of that feat.

A key challenge was to “get parity” with users of the non-encrypted version of Matrix before it could be enabled everywhere — with associated problems to tackle, such as search.

“Typically we were doing search on the server and if the messages are encrypted the server obviously can’t index them — so we had to shift all of our search capabilities to run client side. We went and wrote a whole bunch of REST that allows you to basically embed a search engine into Riot on the client, including on the desktop version, so that people can actually reach their encrypted message history there and share it between devices,” he explains.

Another focus for the e2e was the verification process — which is also now built in by default.

“When you now log into Riot it forces you to scan a QR code on an existing login if you’ve already logged in somewhere. A bit like you do on WhatsApp web but rather than just using it to authenticate you it also goes and proves that you are a legitimate person on that account,” he says. “So everyone else then knows to trust that login completely — so that if there is an attack of some kind, if you admin tries to add a malicious device into your account to spy on you or if there’s a man-in-the-middle attack, or something like that, everybody can see that the untrusted device hasn’t been verified by you.

“It’s basically building out a simple web of trust of your devices and immediate contacts so that you have complete protection against ghost devices or other nastier attempts to go and compromise the account. The combination of using QR codes and also using emoji comparison rather than having to read out numbers to one another is I think almost unique now, in terms of creating really, really super robust end-to-end encryption.”

The e2e encryption Matrix uses is based on algorithms popularized by the Signal protocol. It was audited by NCC Group in 2016 but plans for the new funding include a full stack audit — once they’ve ironed out any teething issues with the new default e2e.

“[We want to] at least pick a path, a particular set of clients and servers — because we can’t do the whole thing, obviously, because Matrix has got 60-70 different apps on it now, or different clients. And there are at least four viable server implementations but we will pick the long term supported official path and at least find a set which we can then audit and recommend to governments,” says Hodgson of the audit plans.

They’re also working with Jitsi on a project to make the latter’s WebRTC-compatible videoconferencing platform e2e encrypted too — another key piece as Jitsi’s tech is what New Vector offers for video calling via Matrix.

“We partner with Jitsi for the videoconferencing side of things and we’re working with them on their e2e encrypted videoconferencing… They [recently] got the world’s first WebRTC -based e2e encrypted conferencing going. And they plan to use Matrix as the way to exchange the keys for that — using also all of the verification process [New Vector has developed for Riot]. Because end-to-end encryption’s great, obviously in terms of securing the data — but if you don’t know who you’re talking to, in terms of verifying their identity, it’s a complete waste of time,” adds Hodgson.

So when Jitsi’s e2e encryption launches New Vector will be able to include e2e encrypted videoconferencing as part of its decentralized bundle too.

How much growth is New Vector expecting for Matrix over the next 12 months? “We’ve tripled almost all of the sizing metrics for the network in the last year, and I think we tripled the year before that so I’m hoping that we can continue on that trajectory,” he says on that.

Another “fun thing” New Vector has been working on, since the end of last year, is a peer-to-peer version of Matrix — having developed a “sufficiently lightweight server implementation” that allows Matrix users to run ‘riot’ in a decentralized p2p space via a web browser (or via the app on a mobile device).

“We turned on the peer-to-peer network about a month ago now and they’re at the point right now of making it persistent — previously if all of the clients on the network went away then the entire network disappeared, whereas now it has the ability to persist even if people start restarting their browsers and apps. And it’s very much a mad science project but as far as I know nobody else is remotely in that ballpark,” he says.

“The nice thing is it looks and feels identical to Matrix today. You can use all of the clients, all of the bridges that people have already written… It just happens to be that the Riot is connecting to a server wedged into itself rather than talking to one sitting on the server… So it’s a total paradigm shift.”

“We weren’t sure it was going to work at all but in practice it’s working better than we could have hoped,” he adds. “Over the next year or so we’re going to expect to see more and more emphasis on peer-to-peer — possibly even by default. So that if you install Riot you don’t have to pick a server and go through this fairly clunky thing of figuring out what service provider to trust and do you want to buy one from us as New Vector or do you want to a Swiss ISP. Instead you can start off bobbing around the ocean in a pure peer-to-peer land, and then if you want to persist your data somewhere then you go and find a server to pin yourself to a home on the Internet. But it would be a completely different way of thinking about things.”

Those interested in dipping a toe in p2p decentralized IM can check out this flavor of Riot in a web browser via p2p.riot.im

#automattic, #decentralized, #e2e-encryption, #europe, #funding, #jitsi, #matrix, #new-vector, #open, #p2p, #privacy, #riot, #security, #signal-protocol, #tc, #webrtc, #wordpress

Germany ditches centralized approach to app for COVID-19 contacts tracing

Germany has U-turned on building a centralized COVID-19 contacts tracing app — and will instead adopt a decentralized architecture, Reuters reported Sunday, citing a joint statement by chancellery minister Helge Braun and health minister Jens Spahn.

In Europe in recent weeks, a battle has raged between different groups backing centralized vs decentralized infrastructure for apps being fast-tracked by governments which will use Bluetooth-based smartphone proximity as a proxy for infection risk — in the hopes of supporting the public health response to the coronavirus by automating some contacts tracing.

Centralized approaches that have been proposed in the region would see pseudonymized proximity data stored and processed on a server controlled by a national authority, such as a healthcare service. However concerns have been raised about allowing authorities to scoop up citizens’ social graph, with privacy experts warning of the risk of function creep and even state surveillance.

Decentralized contacts tracing infrastructure, by contrast, means ephemeral IDs are stored locally on device — and only uploaded with a user’s permission after a confirmed COVID-19 diagnosis. A relay server is used to broadcast infected IDs — enabling devices to locally compute if there’s a risk that requires notification. So social graph data is not centralized.

The change of tack by the German government marks a major blow to a homegrown standardization effort, called PEPP-PT, that had been aggressively backing centralization — while claiming to ‘preserve privacy’ on account of not tracking location data. It quickly scrambled to propose a centralized architecture for tracking coronavirus contacts, led by Germany’s Fraunhofer Institute, and claiming the German government as a major early backer, despite PEPP-PT later saying it would support decentralized protocols too.

As we reported earlier, the effort faced strident criticism from European privacy experts — including a group of academics developing a decentralized protocol called DP-3T — who argue p2p architecture is truly privacy preserving. Concerns were also raised about a lack of transparency around who is behind PEPP-PT and the protocols they claimed to support, with no code published for review.

The European Commission, meanwhile, has also recommended the use of decentralization technologies to help boost trust in such apps in order to encourage wider adoption.

EU parliamentarians have also warned regional governments against trying to centralize proximity data during the coronavirus crisis.

But it was Apple and Google jumping into the fray earlier this month by announcing joint support for decentralized contacts tracing that was the bigger blow — with no prospect of platform-level technical restrictions being lifted. iOS limits background access to Bluetooth for privacy and security reasons, so national apps that do not meet this decentralized standard won’t benefit from API support — and will likely be far less usable, draining battery and functioning only if actively running.

Nonetheless PEPP-PT told journalists just over a week ago that it was engaged in fruitful discussions with Apple and Google about making changes to their approach to accommodate centralized protocols.

Notably, the tech giants never confirmed that claim. They have only since doubled down on the principle of decentralization for the cross-platform API for public health apps — and system-wide contacts tracing which is due to launch next month.

At the time of writing PEPP-PT’s spokesman, Hans-Christian Boos, had not responded to a request for comment on the German government withdrawing support.

Boos previously claimed PEPP-PT had around 40 governments lining up to join the standard. However in recent days the momentum in Europe has been going in the other direction. A number of academic institutions that had initially backed PEPP-PT have also withdrawn support.

In a statement emailed to TechCrunch, the DP-3T project welcomed Germany’s U-turn.

“DP-3T is very happy to see that Germany is adopting a decentralized approach to contact tracing and we look forward to its next steps implementing such a technique in a privacy preserving manner,” the group told us.

Berlin’s withdrawal leaves France and the UK the two main regional backers of centralized apps for coronavirus contacts tracing. And while the German U-turn is certainly a hammer blow for the centralized camp in Europe the French government appears solid in its support — at least for now.

France has been developing a centralized coronavirus contacts tracing protocol, called ROBERT, working with Germany’s Fraunhofer Institute and others.

In an opinion issued Sunday, France’s data protection watchdog, the CNIL, did not take active issue with centralizing pseudonymized proximity IDs — saying EU law does not in principle forbid such a system — although the watchdog emphasized the need to minimize the risk of individuals being re-identified.

It’s notable that France’s digital minister, Cédric O, has been applying high profile public pressure to Apple over Bluetooth restrictions — telling Bloomberg last week that Apple’s policy is a blocker to the virus tracker.

Yesterday O was also tweeting to defend the utility of the planned ‘Stop Covid’ app.

We reached out to France’s digital ministry for comment on Germany’s decision to switch to a decentralized approach but at the time of writing the department had not responded.

In a press release today the government highlights the CNIL view that its approach is compliant with data protection rules, and commits to publishing a data protection impact assessment ahead of launching the app.

If France presses ahead it’s not clear how the country will avoid its app being ignored or abandoned by smartphone users who find it irritating to use. (Although it’s worth noting that Google’s Android platform has a substantial marketshare in the market, with circa 80% vs 20% for iOS, per Kantar.)

A debate in the French parliament tomorrow is due to include discussion of contacts tracing apps.

We’ve also reached out to the UK’s NHSX — which has been developing a COVID-19 contacts tracing app for the UK market — and will update this report with any response.

In a blog post Friday the UK public healthcare unit’s digital transformation division said it’s “working with Apple and Google on their welcome support for tracing apps around the world”, a PR line that entirely sidesteps the controversy around centralized vs decentralized app infrastructures.

The UK has previously been reported to be planning to centralize proximity data — raising questions about the efficacy of its planned app too, given iOS restrictions on background access to Bluetooth.

“As part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can ‘look under the bonnet’ and help us ensure the security is absolutely world class,” the NHSX’s Matthew Gould and Dr Geraint Lewis added in the statement.

#android, #api, #apple, #apps, #bluetooth, #contact-tracing, #coronavirus, #covid-19, #decentralization, #dp-3t, #europe, #european-commission, #european-union, #france, #germany, #google, #health, #ios, #mobile-app, #operating-systems, #p2p, #pepp-pt, #privacy, #smartphones, #surveillance, #united-kingdom

Leverice is a team messenger app that’s taking aim at information overload

Meet Leverice: A team messenger and collaboration platform that’s aiming to compete with b2b giants like Slack by tackling an issue that continues to plague real-time messaging — namely, ‘always-on’ information overload. This means these tools can feel like they’re eating into productivity as much as aiding it. Or else leave users stressed and overwhelmed about how to stay on top of the work comms firehose. 

Leverice’s pitch is that it’s been built from the ground up to offer a better triage structure so vital bits of info aren’t lost in rushing rivers of chatter than flow across less structured chat platforms.

It does this by giving users the ability to organize chat content into nested subchannels. So its theory is that hyper structured topic channels will let users better direct and navigate info flow, freeing them from the need to check everything or perform lots of searches in order to find key intel. Instead they can just directly drill down to specific subchannels, tuning out the noise.

The overarching aim is to bring a little asynchronicity to the world of real-time collaboration platforms, per co-founder and COO Daniel Velton.

“Most messaging and collaboration tools are designed for and built around synchronous communications, instant back-and-forth. But most members of remote teams communicate at their own pace — and there was no go-to messaging tool built around asynchronous communications,” he tells TechCrunch.

“We set out to solve that problem, to build a messenger and collaboration platform that breaks rivers down into rivulets. To do that, we needed a tech stack and unique architecture that would allow teams to efficiently work with hundreds of channels and subchannels distributed between scores of channel branches of varying depths. Having that granularity ensures that each little shelf maintains topical integrity.

“We’re not discussing Feature 2.1.1 and 2.1.2 and 2.1.3 and 2.1.4 inside a single ‘Features’ channel, where the discussions would blend together. Each has its own little home.”

Of course Slack isn’t blind to the info-overload issues its platform can generate. Last month it announced “a simpler, more organized Slack”, which includes the ability for users to organize channels, messages and apps into “custom, collapsible sections”. Aka folders.

So how is Leverice’s subchannel architecture a great leap forward on the latest version of Slack — which does let users organize themselves (and is now in the process of being rolled out across its user-base)?

“All structuring (including folders) on other popular messengers is essentially an individual preference setting,” says Velton. “It does not reflect on a teamwide channel tree. It’s definitely a step in the right direction but it’s about each user adding a tiny bit of structure to their own private interface, not having a structure that affects and improves the way an entire team communicates.

“Leverice architecture is based on structuring of channels and subchannels into branches of unlimited depth. This kind of deep structuring is not something you can simply ‘overlay’ on top of an existing messenger that was designed around a single layer of channels. A tremendous number of issues arise when you work with a directory-like structure of infinite depth, and these aren’t easily solved or addressed unless the architecture is built around it.”

“Sure, in Leverice you can build the ‘6-lane autobahns’,” he adds, using an analogy of vehicle traffic on roads to illustrate the concept of a hierarchy of topic channels. “But we are the only messenger where you can also construct a structured network of ‘country roads’. It’s more ‘places’ but each ‘place’ is so narrow and topical that working through it all becomes more manageable, quick and pleasant, and it’s something you can do at your own pace without fear of missing important kernels of information as they fly by on the autobahn.”

To be clear, while Slack has now started letting users self-organize — by creating a visual channel hierarchy that suits them — Leverice’s structure means the same structured tree of channels/subchannels applies for the whole team.

“At the end of the day, for communications to work, somebody on a team needs to be organized,” argues Velton. “What we allow is structuring that affects the channel tree for an entire team, not just an individual preference that reflects only on a user’s local device.”

Leverice has other features in the pipeline which it reckons will further help users cut through the noise — with a plan to apply AI-powered prioritization to surface the most pressing inbound comms.

There will also be automated alerts for conversation forks when new subchannels are created. (Though generating lots of subchannel alerts doesn’t sound exactly noise-free…)

“We have features coming that alert users to forks in a conversation and nudge the user toward those new subchannels. At this stage those forks are created manually, although our upcoming AI module will have nudges based on those forks,” says Velton.

“The architecture (deep structuring) also opens the door to scripting of automated workflows and open source plug-ins,” he adds.

Leverice officially launched towards the end of February after a month-long beta which coincided with the coronavirus-induced spike in remote work.

At this stage they have “members of almost 400 teams” registered on the platform, per Velton, with initial traction coming from mid-size tech companies — who he says are either unhappy with the costs of their current messaging platform or with distraction/burnout caused by “channel fatigue”; or who are facing info fragmentation as internal teams are using different p2p/messaging tools and lack a universal choice.

“We have nothing but love and respect for our competitors,” he adds. “Slack, Teams, WhatsApp, Telegram, Skype, Viber, etc.: each have their own benefits and many teams are perfectly content to use them. Our product is for teams looking for more focus and structure than existing solutions offer. Leverice’s architecture is unique on the market, and it opens the door to powerful features that are neither technically nor practically feasible in a messenger with a single layer containing a dozen or two dozen channels.”

Other differentiating features he highlights as bringing something fresh to the team messaging platform conversation are a whiteboard feature that lets users collaborate in the app for brainstorming or listing ideas, prorities; and a Jira integration for managing and discussing tasks in the project- and issue-tracking tool. The team is planning further integrations including with Zoom, Google Docs and “other services you use most”.

The startup — which was founded by CEO Rodion Zhitomirsky in Minsk but is now headquartered in San Jose, California, also with offices in Munich, Germany — has been bootstrapping development for around two years, taking in angel investment of around $600,000.

“We are three friends who managed complex project-based teams and personally felt the pains of all the popular messengers out there,” says Velton, discussing how they came to set up the business. “We used all the usual suspects, and even tried using p2p messengers as substitutes. They all led us and our teams to the same place: we couldn’t track large amounts of communications unless we were in “always-on” mode. We knew there had to be a better way, so we set out to build Leverice.”

The third co-founder is Dennis Dokutchitz.

Leverice’s business model is freemium, with a free tier, a premium tier, and a custom enterprise tier. As well as offering the platform as SaaS via the cloud, they do on-premise installations — for what Velton describes as “the highest level of security and privacy”.

On the security front the product is not end-to-end encrypted but he says the team is developing e2e encrypted channels to supplement the client-server encryption it applies as standard.

Velton notes these forthcoming channels would not support the usual search features, while AI analysis would be limited to “meta-information analysis”, i.e. excluding posts’ content.

“We don’t process customer or message data for commercial purposes, only for internal analytics and features to improve the product for users,” he adds when asked about any additional uses made of customer data. (Leverice’s Privacy Policy can be found here.)

With remote work the order of the day across most of the globe because of the COVID-19 pandemic, it seems likely there will be a new influx of collaboration tools being unboxed to help home workers navigate a new ‘professionally distant’ normal.

“We’ve only been on the market for 6 weeks and have no meaningful revenue to speak of as of yet,” adds Velton.

#apps, #artificial-intelligence, #collaboration-tools, #enterprise, #leverice, #messaging-apps, #messenger, #munich, #p2p, #san-jose, #slack, #telegram, #viber, #whatsapp, #windows-live-messenger

Africa Roundup: Africa’s tech ecosystem responds to COVID-19

In March, the virus gripping the world — COVID-19 — started to spread in Africa. In short order, actors across the continent’s tech ecosystem began to step up to stem the spread.

Early in March Africa’s coronavirus cases by country were in the single digits, but by mid-month those numbers had spiked leading the World Health Organization to sound an alarm.

“About 10 days ago we had 5 countries affected, now we’ve got 30,” WHO Regional Director Dr Matshidiso Moeti said at a press conference on March 19. “It’s has been an extremely rapid…evolution.” 

By the World Health Organization’s stats Tuesday there were 3671 COVID-19 cases in Sub-Saharan Africa and 87 confirmed deaths related to the virus — up from 463 cases and 8 deaths on March 18.

As the COVID-19 began to grow in major economies, governments and startups in Africa started measures to shift a greater volume of transactions toward digital payments and away from cash — which the World Health Organization flagged as a conduit for the spread of the coronavirus.

Africa’s leader in digital payment adoption — Kenya — turned to mobile-money as a public-health tool.

At the urging of the Central Bank and President Uhuru Kenyatta, the country’s largest telecom, Safaricom, implemented a fee-waiver on East Africa’s leading mobile-money product, M-Pesa, to reduce the physical exchange of currency.

The company announced that all person-to-person (P2P) transactions under 1,000 Kenyan Schillings (≈ $10) would be free for three months.

Kenya has one of the highest rates of digital finance adoption in the world — largely due to the dominance of M-Pesa  in the country — with 32 million of its 53 million population subscribed to mobile-money accounts, according to Kenya’s Communications Authority.

On March 20, Ghana’s central bank directed mobile money providers to waive fees on transactions of GH₵100 (≈ $18), with restrictions on transactions to withdraw cash from mobile-wallets.

Ghana’s monetary body also eased KYC requirements on mobile-money, allowing citizens to use existing mobile phone registrations to open accounts with the major digital payment providers, according to a March 18 Bank of Ghana release.

Growth in COVID-19 cases in Nigeria, Africa’s most populous nation of 200 million, prompted one of the country’s largest digital payments startups to act.

Lagos based venture Paga made fee adjustments, allowing merchants to accept payments from Paga customers for free — a measure “aimed to help slow the spread of the coronavirus by reducing cash handling in Nigeria,” according to a company release.

In March, Africa’s largest innovation incubator, CcHub, announced funding and engineering support to tech projects aimed at curbing COVID-19 and its social and economic impact.

The Lagos and Nairobi based organization posted an open application on its website to provide $5,000 to $100,000 funding blocks to companies with COVID-19 related projects.

CcHub’s CEO Bosun Tijani expressed concern for Africa’s ability to combat a coronavirus outbreak. “Quite a number of African countries, if they get to the level of Italy or the UK, I don’t think the system… is resilient enough to provide support to something like that,” Tijani said.

Cape Town based crowdsolving startup Zindi — that uses AI and machine learning to tackle complex problems — opened a challenge to the 12,000 registered engineers on its platform.

The competition, sponsored by AI4D, tasks scientists to create models that can use data to predict the global spread of COVID-19 over the next three months. The challenge is open until April 19, solutions will be evaluated against future numbers and the winner will receive $5,000.

Zindi will also sponsor a hackathon in April to find solutions to coronavirus related problems.

Image Credits: Sam Masikini via Zindi

On the digital retail front, Pan-African e-commerce company Jumia announced measures it would take on its network to curb the spread of COVID-19.

The Nigeria headquartered operation — with online goods and services verticals in 11 African countries — said it would donate certified face masks to health ministries in Kenya, Ivory Coast, Morocco, Nigeria and Uganda, drawing on its supply networks outside Africa.

The company has also offered African governments use of of its last-mile delivery network for distribution of supplies to healthcare facilities and workers.

Jumia is reviewing additional assets it can offer the public sector. “If governments find it helpful we’re willing to do it,” CEO Sacha Poignonnec told TechCrunch.

More Africa-related stories @TechCrunch

African tech around the ‘net

#africa, #articles, #artificial-intelligence, #bank, #bosun-tijani, #broadband, #ceo, #coronavirus, #e-commerce, #east-africa, #economy, #ghana, #italy, #jumia, #kenya, #lagos, #leader, #m-pesa, #machine-learning, #mobile-payment, #mobile-phone, #morocco, #nairobi, #nigeria, #p2p, #president, #sacha-poignonnec, #safaricom, #tc, #telecommunications, #uganda, #united-kingdom, #vodafone, #world-health-organization