Millions of WordPress sites get forced update to patch critical plugin flaw

Millions of WordPress sites get forced update to patch critical plugin flaw

Enlarge (credit: Getty Images)

Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus.

The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted subscribers, customers, and others to download the site’s private database as long as they have an account on the vulnerable site. Databases frequently include sensitive information about customers or the site’s security settings, leaving millions of sites susceptible to serious data breaches that spill passwords, user names, IP addresses, and more.

Bad outcomes, easy to exploit

UpdraftPlus simplifies the process of backing up and restoring website databases and is the Internet’s most widely used scheduled backup plugin for the WordPress content management system. It streamlines data backup to Dropbox, Google Drive, Amazon S3, and other cloud services. Its developers say it also allows users to schedule regular backups and is faster and uses fewer server resources than competing WordPress plugins.

Read 9 remaining paragraphs | Comments

#biz-it, #content-management-systems, #databases, #hacking, #vulnerabilities, #wordpress

Top 7 Best WordPress Plugin Of All Time

 

If you are looking for the best wordpress plugins, then you are at the right place. Here is the list of best wordpress plugins that you should use in your blog to boost SEO, strong your security and know every aspects of your blog . Although creating a good content is one factor but there are many wordpress plugins that perform different actions and add on to your success. So let’s  start

1.Yoast SEO

Those users who are serious about SEO, Yoast SEO will do the work for them to reach their goals. All they need to do is select a keyword, and the plugin will then optimize your page according to the specified keyword

Yoast offers many popular SEO WordPress plugin functions. It gives you real-time page analysis to optimize your content, images, meta descriptions, titles, and kewords. Yoast also checks the length of your sentences and paragraphs, whether you’re using enough transition words or subheadings, how often you use passive voice, and so on. Yoast tells Google whether or not to index a page or a set of pages too.

Let me summarize these points in bullets:

  • Enhance the readability of your article to reduce bounce rate
  • Optimize your articles with targetted keywords
  • Let Google know who you are and what your site is about
  • Improve your on-page SEO with advanced, real-time guidance and advice on keyword usage, linking, and external linking.
  • Keep your focus keywords consistent to help rank better on  Google.
  • Preview how your page would appear in the search engine results page (SERP)
  • Crawl your site daily to ensure Google indexes it as quickly as possible.
  • Rate your article informing you of any mistakes you might have made so that you can fix them before publishing.
  • Stay up-to-date with Google’s latest algorithm changes and adapt your on-page SEO as needed with smartsuggestionss from the Yoast SEO plugin. This plugin is always up-to-date.
  • Free Version is available 

Pricing

  • Premium version=$89/year that comes with extra functions, allowing you to optimize your content up to five keywords, among other benefits.


2. WP Rocket

A website running WordPress can put a lot of strain on a server, which increases the chances that the website will crash and harm your business. To avoid such an unfortunate situation and ensure that all your pages load quickly, you need a caching plugin like WP Rocket.

WP Rocket plugin designed to increases your website speed. Instead of waiting for pages to be saved to cache, WP Rocket turns on desired caching settings, like page cache and gzip compression. The plugin also activates other features, such as CDN support and llazy image loadding, to enhance your site speed.

Features in bullets:

  • Browser Catching
  • Preloading the cache of pages
  • Reducing the number of HTTP requests allows websites to load more quickly.
  • Decreasing bandwidth usage with GZIP compression
  • Apply optimal browser caching headers (expires)
  • Minifying and combining JavaScript and CSS files
  • Remove Unused CSS
  • Deferred loading of images (LazyLoad)
  • WebP compatibility
  • Deferred loading of JavaScript files
  • Delay JavaScript Execution
  • Critical Path CSS generation and deferred loading of CSS files
  • Database optimization
  • WordPress Heartbeat API control
  • DNS prefetch
  • CDN integration
  • Cloudflare integration
  • Sucuri integration
  • Easy import/export of settings
  • Easy roll back to a previous version


Pricing

  • Single License =$49/year for one website
  • Plus License =$99/year for 3 websites
  • Infinite License =$249/year for unlimited websites


3.Wordfence Security

Wordfence Security is a WordPress firewall and security scanner that keeps your site safe from malicious hackers, spam, and other online threats. This Plugin comes with a web application firewall (WAF) called tthread Defence  Feed  that helps to prevents brute force attacks by ensuring you set stronger passwords and limiting login attempts. It searches for malware and compares code, theme, and plugin files with the records in the WordPress.org repository to verify their integrity and reports changes to you.

Wordfence security scanner provides you with actionable insights into your website’s security status and will alert you to any potential threats, keeping it safe and secure. It also includes login security features that let you activate reCAPTCHA and two-factor authentication for your website.

Features in Bullets.

  • Scans your site for vulnerabilities.
  • Alerts you by email when new threats are detected.
  • Supports advanced login security measures.
  • IP addresses may be blocked automatically if suspicious activity is detected.

Pricing

  • Premium Plan= $99/Year that comes with extra security features like the real time IP backlist and country blocking option and also support from highly qualified experts.

4. Akismet

Akismet can help prevent spam from appearing on your site. Every day, it automatically checks every comment against a global database of spam to block malicious content. With Akismet, you also won’t have to worry about innocent comments being caught by the filter or false positives. You can simply tell Akismet about those and it will get better over time. It also checks your contact form submissions against its global spam database and weed out unnecessary fake information.

Features in Bullets:

  • The program automatically checks comments and filters out spam.
  • Hidden or misleading links are often revealed in the comment body. 
  • Akismet tracks the status of each comment, allowing you to see which ones were caught by Akismet and which ones were cleared by a moderator.
  • A spam-blocking feature that saves disk space and makes your site run faster.
  • Moderators can view a list of comments approved by each user.

Pricing

  • Free to use for personal blog 

5. Contact Form 7

Contact Form 7 is a plug-in that allows you to create contact forms that make it easy for your users to send messages to your site. The plug-in was developed by Takayuki Miyoshi and lets you create multiple contact forms on the same site; it also integrates Akismet spam filtering and lets you customize the styling and fields that you want to use in the form. The plug-in provides CAPTCHA and Ajax submitting.

Features in bullets:

  • Create and manage multiple contact forms
  • Easily customize form fields
  • Use simple markup to alter mail content
  • Add Lots of third-party extensions for additional functionality
  • Shortcode offers a way to insert content into pages or posts.
  • Akismet spam filtering, Ajax-powered submitting, and CAPTCHA are all features of this plugin.

Pricing

  • Free to use

6. Monster Insights

When you’re looking for an easy way to manage your Google Analytics-related web tracking services, Monster Insights can help. You can add, customize, and integrate Google Analytics data with ease so you’ll be able to see how every webpage performs, which online campaigns bring in the most traffic, and which content readers engage with the most. It’s same as Google Analytics

It is a powerful tool to keep track of your traffic stats. With it, you can view stats for your active sessions, conversions, and bounce rates. You’ll also be able to see your total revenue, the products you sell, and how your site is performing when it comes to referrals.

MonsterInsights offers a free plan that includes basic Google Analytics integration, data insights, and user activity metrics.

Features in bullets:

  • Demographics and interest reports:
  • Anonymize the  IPs of visitor
  • See the results of how far visitors Scroll down
  • Show the insights of multiple links to the same page and show you which links get more clicks
  • See sessions of two related sites as a single session
  • Google AdSense tracking
  • Send you weekly analytics report of your blog you can download it as pdf

Pricing

  • Premium plan= $99.50/year that comes with extra features like page and post tracking, Adsense tracking,  custom tracking and reports.

7. Pretty Links

Pretty Links is a powerful WordPress plugin that enables you to easily cloak affiliate links on your websiteIt even allows you to easily redirect visitors based on a specific request, including permanent 301 and temporary 302/307 redirects.

Pretty links also helps you to automatically shorten your url for your post and pages.

You can also enable auto-linking feature to automatically add affiliate links for certain keywords

Features

  •  Create clean, easy-to-remember URLs on your website (301, 302, and 307 redirects only)
  • Random-generator or custom URL slugs
  • Track the number of clicks
  • Easy to understand reports
  • View click details including ip address, remote host, browser, operating system, and referring site
  • You can pass custom parameters to your scripts when using pretty permalinks, and still have full tracking capability.
  • Exclude IP Addresses from Stats
  • Cookie-based system to track your activity across clicks
  • Create nofollow/noindex links
  • Toggle tracking on / off on each link.
  • Pretty Link Bookmarklet
  •  Update redirected links easily to new URLs!

Pricing

  • Beginner Plan=$79/year that can be used on 1 site
  • Marketer Plan: $99/year – that can be used on upto 2 sites
  • Super Affiliate Plan: $149/year – that can be use on upto 5 sites


We hope you’ve found this article useful. We appreciate you reading and welcome your feedback if you have it.

#wordpress

Tumblr’s subscription product Post+ enters open beta after much scrutiny from users

Tumblr is entering open beta for its subscription product Post+, meaning that all U.S. users can now try out the monetization feature. The product launched in closed beta in July, allowing users hand-picked by Tumblr to place some of their content behind a monthly paywall. This marked the first time that Tumblr allowed bloggers to monetize their content directly on the platform, but the feature was met with backlash from users who worried about how the feature would change the site’s culture.

Now, Tumblr has responded to user feedback by removing the blue Post+ badge that appeared next to the names of users who enabled the feature. Tumblr differentiates itself from other sites by not revealing users’ follower and following counts, so users were concerned that this distinction, which looked like a Twitter verification badge, contradicted that key aspect of Tumblr culture. Tumblr is also adding a $1.99/month price point in open beta — before, subscriber-only content could be priced at $3.99, $5.99, and $9.99. Tumblr will only take 5% of creator profits — comparatively, Patreon takes between 5% and 12% depending on the tier. Payments will be processed through Stripe.

Still, Tumblr users were dismayed by the way Post+ was rolled out. Many bloggers were concerned that in the closed beta, Post+ users didn’t have the ability to block paying subscribers without first contacting support — this could potentially expose users to harassment without the tools to manage it. Tumblr corrected that mistake in the open beta, so now, users can block subscribers themselves. Creators can also put existing content behind the Post+ paywall.

Some users upset with the Post+ rollout staged a protest, which — with over 98,000 notes — is the first thing that shows up when you search “post plus” on Tumblr. Many people on Tumblr have amassed followings by posting iterative fan content, like fanfiction. Tumblr cited fanfiction as an example of the kind of content that creators can put behind a paywall, but users remain concerned that they will be subject to legal action if they were to do so. Archive of Our Own, a major fanfiction site, prohibits its users from linking to sites like Patreon or Ko-Fi, since some intellectual property rights holders can be litigious about the monetization of fanfiction. While it’s considered fair use to make fan content, profiting from it can be considered a violation of copyright.

When Tumblr banned pornographic content in 2018, monthly page views decreased by 29% — to date, the blogging platform hasn’t regained that traffic. After being sold to Automattic in 2019, Tumblr has committed to capturing the attention of Gen Z audiences, who the platform says make up about 48% of its users. Tumblr says it’s catering Post+ to serve Gen Z audiences, but the results of the open beta will begin to reveal whether or not this is what users on the platform want.

#apps, #automattic, #blogging, #computing, #monetization, #patreon, #paywall, #post, #social-media, #tumblr, #united-states, #website, #wordpress, #world-wide-web

Trouble in fandom paradise: Tumblr users lash out against its beta subscription feature

The Tumblr community often refers to itself as the Wild West of the internet, and they’re not wrong. A text post with over 70,000 notes puts it best: “Tumblr is my favorite social media site because this place is literally uninhabitable for celebrities. No verification system, no algorithm that boosts their posts, it’s a completely lawless wasteland for them.”

But like any social media company, Tumblr needs to keep itself afloat in order for its users to continue sharing esoteric fan art, incomprehensible shitposts, and overly personal diary entries hidden beneath a “Read More” button. Yesterday, Tumblr announced the limited beta test of its Post+ subscription feature, which — if all goes as planned — will eventually let Tumblr users post paywalled content to subscribers that pay them $3.99, $5.99 or $9.99 per month.

Image Credits: Tumblr

Tumblr is far from the first social media platform to seek revenue this way — Twitter is rolling out Super Follows and a Tip Jar feature, and this week, YouTube announced a tipping feature too. Even Instagram is working on its own version of Twitter’s Super Follows that would let users create “exclusive stories.” But on a website with a community that prides itself as being a “completely lawless wasteland” for anyone with a platform (save for Wil Wheaton and Neil Gaiman, who are simply just vibing), the move toward paywalled content was not welcomed with open arms.

Monetization is a double-edged sword. It’s not considered uncool for a Tumblr artist to link to a third-party Patreon or Ko-fi site on their blog, where their most enthusiastic followers can access paywalled content or send them tips. So Post+ seems like an obvious way for Tumblr to generate revenue — instead of directing followers to other websites, they could build a way for fans to support creators on their own platform while taking a 5% cut. This isn’t unreasonable, considering that Twitter will take 3% revenue from its new monetization tools, while video-centric platforms like YouTube and Twitch take 30% and 50%, respectively. But Tumblr isn’t Twitter, or YouTube, or Twitch. Unlike other platforms, Tumblr doesn’t allow you to see other people’s follower counts, and no accounts are verified. It’s not as easy to tell whether the person behind a popular post has 100 followers or 100,000 followers, and the users prefer it that way. But Post+ changes that, giving bloggers an icon next to their username that resembles a Twitter blue check.

A Tumblr Post+ creator profile

Tumblr rolled out Post+ this week to a select group of hand-picked creators, including Kaijuno, a writer and astrophysicist. The platform announced Post+ on a new blog specific to this product, rather than its established staff blog, which users know to check for big announcements. So, as the most public user who was granted access, the 24-year-old blogger was the target of violent backlash from angry Tumblrites who didn’t want to see their favorite social media site turn into a hypercapitalist hellscape. When Kaijuno received death threats for beta testing Post+, Tumblr’s staff intervened and condemned harassment against Post+ users.

“We want to hear about what you like, what you love, and what concerns you. Even if it’s not very nice. Tell us. We can take it,” Tumblr wrote on its staff blog. “What we won’t ever accept is the targeted harassment and threats these creators have endured since this afternoon. […] all they’re doing is testing out a feature.”

Before making their post, a representative from Tumblr’s staff reached out to Kaijuno directly to check in on them regarding the backlash, but there’s only so much that Tumblr can do after a user has already been threatened for using their product.

“I felt like the sacrificial lamb, because they didn’t announce Post+ beforehand and only gave it to a few people, which landed me in the crosshairs of a very pissed off user base when I’m just trying to pay off medical bills by giving people the option to pay for content,” Kaijuno told TechCrunch. “I knew there’d be some backlash because users hate any sort of change to Tumblr, but I thought that the brunt of the backlash would be at the staff, and that the beta testers would be spared from most of it.”

Why do Tumblr users perceive monetization as such a threat? It’s not a question of whether or not it’s valuable to support creators, but rather, whether Tumblr is capable of hosting such a service. Multiple long-time, avid Tumblr users that spoke to TechCrunch referenced an incident in late 2020 when people’s blogs were being hacked by spam bots that posted incessant advertisements for a Ray-Ban Summer Sale.

“Tumblr is not the most well-coded website. It’s easy to break features,” Kaijuno added. “I think anything involving trusting Tumblr with your financial information would have gotten backlash.”

Tumblr users also worried about the implications Post+ could have on privacy — in the limited beta, Post+ users only have the ability to block people who are subscribed to their blog if they contact Tumblr support. In cases of harassment by a subscriber, this could leave a blogger vulnerable in a potentially dangerous situation.

“Ahead of our launch to all U.S.-based creators this fall, Post+ will allow creators to block subscribers directly,” a Tumblr spokesperson told TechCrunch.

Still, the Extremely Online Gen Z-ers who now make up 48% of Tumblr know that they can’t expect the platform to continue existing if it doesn’t pull in enough money to pay for its staff and server fees. In 2018, Tumblr lost almost one-third of its monthly page views after all NSFW content was banned — since then, the platform’s monthly traffic has remained relatively stagnant.

Image Credits: SimilarWeb

A former Tumblr employee told TechCrunch that the feature that became Post+ started out as a Tip Jar. But higher-ups at Tumblr — who do not work directly with the community — redirected the project to create a paywalled subscription product.

“I think a Tip Jar would be a massive improvement,” said the creator behind the Tumblr blog normal-horoscopes. Through the core audience they developed on Tumblr, they make a living via Patreon, but they don’t find Post+ compelling for their business. “External services [like Patreon] have more options, more benefits, better price points, and as a creator I get to choose how I present them to my audience.”

But a paywalled subscription service is different in the collective eyes of Tumblr. For a site that thrives on fandom, creators that make fan art and fanfiction worry that placing this derivative work behind a paywall — which Post+ encourages them to do — will land them in legal trouble. Even Archive of Our Own, a major fanfiction site, prohibits its users from linking to sites like Patreon or Ko-Fi.

“Built-in monetization attracts businesses, corporate accounts, people who are generally there to make money first and provide content second,” said normal-horoscopes. “It changes the culture of a platform.”

Across Tumblr, upset users are rallying for their followers to take Post+’s feedback survey to express their frustrations. The staff welcomes this.

“As with any new product launch, we expect our users to have a healthy discussion about how the feature will change the dynamics of how people use Tumblr,” a Tumblr spokesperson told TechCrunch. “Not all of this feedback will be positive, and that’s ok. Constructive criticism fuels how we create products and ultimately makes Tumblr a better place.”

Tumblr’s vocal community has been empowered over the years to question whether it’s possible for a platform to establish new revenue streams in a way that feels organic. The protectiveness that Tumblr’s user base feels for the site — despite their lack of faith in staff — sets it apart from social media juggernauts like Facebook, which can put ecommerce front and center without much scrutiny. But even three years after the catastrophic porn ban, it seems hard for Tumblr to grow without alienating the people that make the social network unique.

Platforms like Reddit and Discord have remained afloat by selling digital goods, like coins to reward top posters, or special emojis. Each company’s financial needs are different, but Tumblr’s choice to monetize with Post+ highlights the company’s lack of insight into its own community’s wishes.

#apps, #artist, #automattic, #facebook, #instagram, #neil-gaiman, #operating-systems, #post, #select, #social, #social-media, #social-network, #software, #spokesperson, #tumblr, #twitch, #twitter, #video-hosting, #wordpress, #world-wide-web, #writer, #youtube

WebOps platform Pantheon raises $100M from SoftBank Vision Fund

WebOps SaaS platform Pantheon, which started out as a Drupal and WordPress hosting service many years ago, today announced that it has raised a $100 million Series E round solely funded by the Softbank Vision Fund. With this round, Pantheon has now reached unicorn status, with a valuation of over $1 billion.

Pantheon co-founder and CEO Zack Rosen told me that the company wasn’t under any pressure to raise. “It really just helps us accelerate everything that we’re doing,” he said. “We didn’t need the funding. We had plenty of cash in the bank. We were planning to raise in a year or two years down the road. But we have a lot of conviction in and where this industry is going and our customers’ needs are pretty apparent, so we just used this as an opportunity to pull things in by six months to a year and accelerate all the things that were already on our operational plans for the company.”

Image Credits: Pantheon

As Rosen noted, the role of company websites has changed quite a bit since Pantheon launched almost a dozen years ago. While originally, they were mostly about brand building and having a publishing channel, these days, they are directly tied to revenue. “The majority of buying decisions get made before anyone talks to a customer these days,” Rosen said. “All the research is getting done — hopefully — on your company’s website. Any link in an advertisement or link in an email is going to route that customer back to the website. That’s your most important digital product. And so marketers are really starting to think about it like that.”

So while hosting and publishing may be solved problems, driving revenue through a company’s website — and measuring that — is where Pantheon sees a lot of opportunities going forward. Though at the core of the company’s offering, of course, is still its serverless hosting platform and developers remain its core audience. But it’s the collaboration between the marketing teams and developers that is driving a lot of what the company is now investing in. “In order to deliver a best-in-class digital experience — and be able to iterate it every single day and work with designers and developers and website owners and project managers — you need a system of record for that work. You need a solid workflow for those teams,” Rosen noted.

Companies, he argues, are looking for a solid SaaS platform that provides them with those workflows, in addition to the high-performance hosting, CDNs and everything else that is now table stakes for hosting websites. “[Teams] want to stop thinking about this stuff,” he said. “They just want a partner — like any other SaaS application, whether it’s Stripe, Twilio or Salesforce. They just want it to work and not to worry about it. And then, once you have that taken care of, then you can move up into the things that really drive the outcomes these teams care about.”

As for raising from the SoftBank Vision Fund, which features the likes of ByteDance, Perch, Redis Labs, Slack and Arm among its investments (and, infamously, WeWork), Rosen said that Pantheon had its choice of firms, but at the end of the day, SoftBank’s team turned out to be “huge believers in this category,” he said, and could help Pantheon reach the scale it needs to define the WebOps category.

“Digital transformation has accelerated the movement to the cloud for essential business infrastructure. By automating workflows and do-it-yourself with its SaaS offering, we believe Pantheon’s leading platform is transforming how modern website experiences are created,” said Vikas Parekh, Partner at SoftBank Investment Advisers. “We are excited to partner with Zack and the Pantheon team to support their ambition of helping organizations embrace a new and better way of building websites that deliver results.”

#as-a-service, #bank, #club-penguin, #computing, #drupal, #pantheon, #partner, #redis-labs, #saas, #salesforce, #serverless-computing, #softbank-vision-fund, #software, #software-as-a-service, #stripe, #tc, #technology, #twilio, #wework, #wordpress, #zack

WordPress.com owner Automattic acquires journaling app Day One

Automattic is expanding its lineup of online writing platforms with its acquisition of Day One, a popular journaling app for Mac and Apple mobile devices. The app has been downloaded more than 15 million times since its March 2011 launch on the Mac and iTunes App Store, offering users a private place to share their thoughts. Since then, it’s been awarded the App Store Editor’s Choice, App of the Year, and the Apple Design Award, along with praise from various reviewers.

Deal terms were not immediately available. The companies were asked for comment.

The addition makes for an interesting expansion of Automattic’s now growing collection of online writing tools, which today include blogging platforms WordPress.com and Tumblr — the latter as of 2019, when Automattic took the aging social blogging network off parent company Verizon’s hands for a fraction of its earlier $1 billion acquisition price. (Verizon still owns TechCrunch, too…for now.)

Unlike WordPress and Tumblr, which tend to focus on publishing to a public audience, Day One’s focus has been on privacy. The app offers end-to-end encryption for all your journal entries, which can include text, media and even audio recordings. It has also offered advanced features like automatic backups, auto-import of Instagram posts, voice transcriptions, templates, rich text formatting, location history, optional printed books, as well as integrations with other platforms like Spotify, YouTube, Facebook, Twitter and more.

With its addition to Automattic, Day One will allow users to choose to publish select journal entries to WordPress.com and Tumblr, and soon, import content from either platform back into Day One, too. The app may also make sense as a way for existing Tumblr users to sync their private entries over to a more protected and backed up writing tool — instead of accidentally publishing them to their main blog.

Automattic, in an announcement, notes Day One CEO Paul Mayne will continue to lead the development of Day One following the acquisition. The team will also remain intact.

Meanwhile, in a blog post, Mayne hints at why he sold the app, noting the deal will allow Day One access to same technological, financial, and security benefits that help power WordPress.com and Tumblr.

“This is incredibly exciting news. For the past 10 years since I started Day One, I’ve worked to not only create the best digital journaling experience in the world, but one that will last,” shares Mayne. “By joining Automattic, I’m now more confident than ever that the preservation and longevity of Day One is sure,” he adds.

Mayne also noted there were no current plans to change the private nature of Day One, but the app would integrate with other Automattic products going forward, while continuing to sustain itself via a subscription model.

#apple, #apps, #automattic, #day-one, #fundings-exits, #journal, #microblogging, #tumblr, #wordpress

Facebook now lets users export posts and notes to Google Docs, Blogger and WordPress.com

Facebook today announced a new feature that will allow users to export their Facebook posts and notes to a number of third-party services. Although the company has long since offered tools that let you download the information you’ve posted to Facebook, the tool launching today offers a more practical way of saving that data — by allowing you to export your notes and posts to popular services like Google Docs, Blogger, or WordPress.com.

Facebook users will find this latest feature under the “Your Facebook Information” menu in Settings, where you’ll then click “Transfer Your Information.” A series of prompts will walk you through the process to transfer you data to the one of the available destinations.

To protect the data, Facebook says it will ask users to re-enter their password before the transfer begins, which it also does with other exports. The process will encrypt the data as it moves between Facebook and the other service, the company notes.

The move to support the export of text-based content is interesting, as it’s been reported Facebook is developing a competitor to newsletter platform Substack. The social network aims to capitalize on the growing momentum in the newsletter industry, which has recently seen a number of top writers leave larger publications in order to connect with their audience directly, via paid newsletters. Twitter also acquired a newsletter business, Revue, to pursue the same goals. While Facebook didn’t say if it’s upcoming product would be included in the export procedure announced today, it makes for a good hedge against any sort of anti-competitive claims if and when Facebook rolls out the new service.

Today’s addition is part of Facebook’s larger Data Transfer Project, a collaboration between tech giants designed to give users more ways to move their content between services. Last year, for example, Facebook added a feature that gave users a way to export their Facebook photos and videos to Google Photos, as a result of the team-up. Users can now also export photos and videos to Backblaze, Dropbox, and Koofr, as well.

Alongside news of its announcement, Facebook argued for regulation in the area of data portability. It said there should be laws that determine which data should be made portable, and who is responsible for protecting the data once it has been transferred. The company also pointed to comments it filed with the FTC last year as well as a white paper that explored the privacy questions that surround the development of data portability tools.

 

#blogger, #data-portability, #data-transfer-project, #export-data, #facebook, #facebook-data-portability, #google-docs, #social, #social-media, #wordpress

Big data VC OpenOcean hits $111.5M for third fund, appoints Ekaterina Almasque to GP

OpenOcean, a European VC which has tended to specialise in big data-oriented startups and deep tech, has reach the €92 million ($111.5 million) mark for its third main venture fund, and is aiming for a final close of €130 million by mid-way this year. LPs in the new fund include the European Investment Fund (EIF), Tesi, pension funds, major family offices and Oxford University’s Corpus Christi College.

Ekaterina Almasque — who has already led investments in IQM (superconducting quantum machines) and Sunrise.io (multi-cloud hyper-converged infrastructure) and is leading the London team and operations for the firm — has been appointed as general partner. Before joining, Almasque was a managing director at Samsung Catalyst Fund in Europe, led investments in Graphcore’s processor for Artificial Intelligence, Mapillary’s layer for rapid mapping and AIMotive’s autonomous driving stack.

The enormous wealth of data in the modern world means the next generation of software is being built at the infrastructure. Thus, the fund said it would invest primarily at the Series A level with initial investments of €3 million to €5 million, across OpenOcean’s principle areas of artificial intelligence, application-driven data infrastructure, intelligent automation and open source.

OpenOcean’s team includes Michael “Monty” Widenius, the “spiritual father” of MariaDB, and one of the original developers of MySQL, the predecessor to MariaDB; Tom Henriksson, who invested in MySQL and MariaDB; as well as Ralf Wahlsten and Patrik Backman.

Tom Henriksson, general partner at OpenOcean, commented: “Ekaterina… brings an immense amount of expertise to the team and exemplifies the way we want to support our founders. Fund 2020 is an important step for OpenOcean, with prestigious LPs trusting our approach and our knowledge, and believing in our ability to identify the very best data solutions and infrastructure technologies in Europe.”

Almasque said: “The next five years will be critical for digital infrastructure, as breakthrough technologies are currently being constrained by the capabilities of the stack. Enabling this next level of infrastructure innovation is crucial to realising digitisation projects across the economy and will determine what the internet of the future looks like. We’re excited by the potential of world-leading businesses being built across Europe and are looking forward to supporting the next generation of software leaders.”

Speaking to TechCrunch she added: “It’s very rare to find such a VC so deep in the stack which also invested in one of the first unicorns in Europe and really built the open source ecosystem globally. So for me, this was absolutely an interesting team to join. And what OpenOcean was doing since inception in 2011 was very unique among pioneering ecosystems, such as big data analytics… and it remains very pioneering, pushing the frontiers in artificial intelligence and now quantum computing. This is what really attracts me, and I think there is a very, very big future.”

In an interview Henriksson told me: “What we are seeing is that our economy is shifting more and more towards the digital, data-driven economy. It started with few industries, but now we see a larger shift, including new industries like healthcare, like manufacturing.”

Asked about the effects of the pandemic on the sector, he said: “Obviously we see a lot of startups who are plugging into things like the UiPath platform. This is very relevant for the pandemic. Because the companies that had started automating strongly before the pandemic hit… they’ve actually accelerated and they find benefits for their teams and organisations and actually the people are happier because they have better automation technologies in place. The ones that didn’t start before [the pandemic hit] they’re a little behind now.”

#aria, #artificial-intelligence, #big-data, #computing, #data-management, #databases, #drupal, #europe, #european-investment-fund, #infrastructure, #london, #manufacturing, #mapillary, #mariadb, #mysql, #openocean, #tc, #venture-capital, #wordpress

Automattic acquires analytics company Parse.ly

Automattic, the for-profit company tied to open source web publishing platform WordPress, is announcing that it has acquired analytics provider Parse.ly.

Specifically, Parse.ly is now part of WPVIP, the organization within Automattic that offers enterprise hosting and support to publishers including TechCrunch. (We use Parse.ly, too.)

WPVIP CEO Nick Gernert described this as the organization’s first large enterprise software acquisition, reflecting a strategy that has expanded beyond news and media organizations — businesses like Salesforce (whose venture arm invested $300 million in Automattic back in 2019), the NBA, Condé Nast, Facebook and Microsoft now use WPVIP for their content and marketing needs.

Both companies, Gernert said, come from similar backgrounds, with “roots” in digital publishing and a “heavy focus on understanding the impact of content.”

“We’ve really to shift more towards content marketing and starting to think more deeply beyond just what traditional page analytics provide,” he continued. That means doing more than measuring pageviews and time on site and “really starting to look more deeply at things like conversation, attribution, areas … that from a marketer’s perspective are impactful.”

WordPress and Parse.ly already work well together, but the plan is to make WPVIP features available to Parse.ly customers while also making more Parse.ly data available to WPVIP publishers. And Gernert said there also opportunities to add more commerce-related data to Parse.ly, since Automattic also owns WooCommerce.

The goal, he said, is to “make Parse.ly better for WordPress and best for WPVIP.”

At the same time, he added, “There’s no plans here to make Parse.ly the only analytics solution that runs on our platform. We want to preserve the flexibility and interoperability [of WordPress], and we want to make sure from a Parse.ly perspective that it still exists as a standalone product. That’s key to its future and we will continue to invest in it.”

Parse.ly was founded in 2009 and has raised $12.9 million in funding from investors including Grotech Ventures and Blumberg Capital, according to Crunchbase. Parse.ly founders Sachin Kamdar and Andrew Montalenti are joining WPVIP, with Kamdar leading go-to-market strategy for Parse.ly and Montalenti leading product.

“We’ve always had deep admiration for WPVIP’s market position as the gold standard for enterprise content teams, and we’re thrilled to be able to join together,” Kamdar said in a statement. “From the culture and people, to the product, market and vision, we’re in lockstep to create more value for our customers. This powerful combination of content and intelligence will push the industry forward at an accelerated pace.”

The financial terms of the acquisition were not disclosed.

#automattic, #blumberg-capital, #content-management-systems, #enterprise, #facebook, #media, #parse-ly, #salesforce, #startups, #woocommerce, #wordpress

WordPress can now turn blog posts into tweetstorms automatically

Earlier this year, WordPress .com introduced an easier way to post your Twitter threads, also known as tweetstorms, to your blog with the introduction of “unroll” option for Twitter embeds. Today, the company is addressing the flip side of tweetstorm publication — it’s making it possible to turn your existing WordPress blog post into a tweetstorm with just a couple of clicks.

The new feature will allow you to tweet out every word of your post, as well as the accompanying images and videos, the company says. These will be automatically inserted into the thread where they belong alongside your text.

To use the tweetstorm feature, a WordPress user will first click on the Jetpack icon on the top right of the page, then connect their Twitter account to their WordPress site, if that hadn’t been done already.

Image Credits: WordPress.com

 

The option also supports multiple Twitter accounts, if you want to post your tweetstorms in several places.

Once Twitter is connected, you’ll select the account or accounts where you want to tweet, then choose the newly added option to share the post as a Twitter thread instead of a single post with a link.

Image Credits: WordPress.com

In the box provided, you’ll write an introductory message for your tweetstorm, so Twitter users will know what your Twitter thread will be discussing.

When you then click on the “publish” button, the blog post will be shared as a tweetstorm automatically.

Image Credits: WordPress.com

The feature was also designed with a few thoughtful touches to make the tweetstorm feel more natural, as if it had been written directly on Twitter.

For starters, WordPress says it will pay attention to the blog post’s formatting in order to determine where to separate the tweets. Instead of packing the first tweet with as many words as possible, it places the break at the end of the first sentence, for example. And when a paragraph is too long for a single tweet, it’s automatically split out into as many tweets as needed, instead of being cut off. A list block, meanwhile, will be formatted as a list on Twitter.

To help writers craft a blog post that will work as a tweetstorm, you can choose to view where the tweets will be split in the social preview feature. This allows WordPress users to better shape the post to fit Twitter’s character limit as they write.

Image Credits: WordPress.com

At the end of the published tweetstorm, Twitter followers will be able to click a link to read the post on the WordPress site.

This addresses a common complaint with Twitter threads. While it’s useful to have longer thoughts posted to social media for attention, reading through paragraphs of content directly on Twitter can be difficult. But as tweetstroms grew in popularity, tools to solve this problem emerged. The most popular is a Twitter bot called @ThreadReaderApp, which lets users read a thread in a long-form format by mentioning the account by name within the thread along with the keyword “unroll.”

With the launch of the new WordPress feature, however, Twitter users won’t have to turn to third-party utilities — they can just click through on the link provided to read the content as a blog post. This, in turn, could help turn Twitter followers into blog subscribers, allowing the WordPress writer to increase their overall reach.

WordPress’ plans to introduce the tweetstorm feature had been announced last month as coming in the Jetpack 9.0 release, arriving in early October.

The feature is now publicly available, the company says.

#automattic, #blog, #social, #social-media, #tweetstorm, #twitter, #wordpress

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

WordPress logos in various colors.

Enlarge (credit: StickerGiant / Flickr)

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday. Word of the attacks came a few hours after the security flaw was patched.

Attackers are using the exploit to upload files that contain webshells that are hidden in an image. From there, they have a convenient interface that allows them to run commands in plugins/wp-file-manager/lib/files/, the directory where the File Manager plugin resides. While that restriction prevents hackers from executing commands on files outside of the directory, hackers may be able to exact more damage by uploading scripts that can carry out actions on other parts of a vulnerable site.

NinTechNet, a website security firm in Bangkok, Thailand, was among the first to report the in-the-wild attacks. The post said that a hacker was exploiting the vulnerability to upload a script titled hardfork.php and then using it to inject code into the WordPress scripts /wp-admin/admin-ajax.php and /wp-includes/user.php.

Read 8 remaining paragraphs | Comments

#biz-it, #exploits, #file-injection, #plugins, #vulnerabilities, #website, #wordpress

Apple apologizes to WordPress, no longer requires free app to add purchases

Screenshot of App Store icon.

Enlarge (credit: Silas Stein/picture alliance via Getty Images)

WordPress for iOS is a free app that connects to the company’s free open source content management system, which millions of sites around the Web use for some part of their structure. WordPress the company also sells domain names and an array of personal, business, and enterprise Web hosting packages. Apple, unfortunately, seems to have mixed the two up over the weekend and briefly forced WordPress to add in-app purchases that it otherwise wouldn’t have, so it could take a cut.

“Heads up on why @WordPressiOS updates have been absent… we were locked by App Store,” WordPress founder Matt Mullenweg explained in a series of Tweets on Friday. “To be able to ship updates and bug fixes again, we had to commit to support in-app purchases for .com plans. I know why this is problematic, open to suggestions.”

WordPress opted for the path of least resistance, as The Verge reported, and agreed to add paths inside their iOS app for users to purchase premium offerings including domain names. Because of the agreements developers make with Apple to have their apps approved for the App Store, 30 percent of any purchases made through the WordPress app after that functionality was added would have gone to Apple.

Read 8 remaining paragraphs | Comments

#antitrust, #app-store, #apple, #biz-it, #competition, #ios, #policy, #wordpress

WordPress.com launches new P2 to take on internal communication tools

WordPress.com, a division of Automattic, is launching a new product called P2. And this time, it’s all about improving internal communications for private groups. As a remote company, Automattic has been using P2 internally for years to communicate asynchronously. It’s a place to share long-form posts, a repository to keep onboarding documents and other important ever-green documents.

P2 is built on top of WordPress . You can view it as a sort of WordPress for teams that is heavily customized around the concept of sharing ideas with other team members. Companies now rely on multiple internal communication tools. P2 can replace some of them but doesn’t want to reinvent the wheel altogether.

For instance, P2 isn’t a Slack competitor. You can’t use it for real-time chat. But P2 can be used to share important announcements — the kind of announcements that you can find on an intranet portal.

Image Credits: WordPress.com

You can also use it for long-term projects and create your own P2 for your team in particular. In that case, P2 competes more directly with Workplace by Facebook or Yammer. In order to make it more useful for asynchronous communications, P2 has some features that make it more useful than a simple WordPress blog.

For instance, you can @-mention your coworkers to send them a notification and follow posts to receive updates. You can also create checklists, embed PDF documents, stick important posts at the top of the homepage and stay on top of what happened while you were gone. There are dedicated menus to view new posts, new comments and mentions you’ve received.

While you can theoretically access the classic WordPress back-end, you can write new posts, edit existing posts and write comments without ever leaving P2. The company uses the new block editor that lets you add headings, lists, video embeds and media in a visual way. It works a bit like Squarespace’s editor or Notion, and it makes a ton of sense to leverage the new editor right next to content you’re viewing, commenting on, etc.

For content that always remains relevant, you can create documents, which are pages without a specific publishing date and without comments. These documents are sorted in their own category and can be easily shared across a company. You can use documents for internal policies, guides or important contact information. Many companies rely on Google Docs and shared folders in Google Drive for this kind of documents. P2 could potentially replace those shared folders and become the main information repository.

By default, P2 sites are private but you can make them public in case you want to share updates on your product with clients or use P2 for public events.

If you’re familiar with the WordPress ecosystem, you might already know a WordPress theme called P2. The new P2 announced today is a new product that takes that idea to the next level. Automattic has been iterating on the concept and using it widely with its 1,300 employees across 912 internal P2 sites.

WordPress.com is going to offer hosted P2 instances. Anybody can create a P2 for free and invite other people. Eventually, WordPress.com plans to offer paid subscriptions for advanced features. In other words, P2 is going to be a software-as-a-service product. But there will be a self-hostable, open source version in the future as well.

I played around with a few P2 instances, and the overall impression is that the complexity of WordPress remains hidden by default, which is a good thing. It’s a clean and focused product that would work particularly well in that spot between company-wide emails and announcements getting lost in Slack.

Image Credits: WordPress.com

#automattic, #enterprise, #p2, #wordpress, #wordpress-com

Automattic pumps $4.6M into New Vector to help grow Matrix, an open, decentralized comms ecosystem

Automattic, the open source force behind WordPress .com, WooCommerce, Longreads, Simplenote and Tumblr, has made a $4.6M strategic investment into New Vector — the creators of an open, decentralized communications standard called Matrix. They also develop a Slack rival (Riot) which runs on Matrix.

The investment by Automattic, which is at a higher valuation than the last tranche New Vector took in, extends an $8.5M Series A last year, from enterprise tech specialists Notion Capital and Dawn Capital plus European seed fund Firstminute Capital — and brings the total raised to date to $18.1M. (Which includes an earlier $5M in strategic investment from an Ethereum-based secure chat and crypto wallet app, Status).

New Vector’s decentralized tech powers instant messaging for a number of government users, including France — which forked Riot to launch a messaging app last year (Tchap) — and Germany, which just announced its armed forces will be adopting Matrix as the backbone for all internal comms; as well as for the likes of KDR, Mozilla, RedHat and Wikimedia, to name a few.

Getting Automattic on board is clearly a major strategic boost for Matrix — one that’s allowing New Vector to dream big.

“It’s very much a step forwards,” New Vector CEO and CTO and Matrix co-founder, Matthew Hodgson, tells TechCrunch. “We’re hopefully going to get the support from Automattic for really expanding the ecosystem, bringing Matrix functionality into WordPress — and all the various WordPress plugins that Automattic does. And likewise open up Matrix to all of those users too.”

A blog post announcing the strategic investment dangles the intriguing possibility of a decentralized Tumblr — or all WordPress sites automatically getting their own Matrix chatroom.

“This is huge news, not least because WordPress literally runs over 36% of the websites on today’s web – and the potential of bringing Matrix to all those users is incredible,” New Vector writes in the blog post. “Imagine if every WP site automatically came with its own Matrix room or community?  Imagine if all content in WP automatically was published into Matrix as well as the Web?… Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site?”

Those possibilities remain intriguing ideas for now. But as well as ploughing funding into New vector Automattic is opening up a job for a Matrix.org/WordPress integrations engineer — so the Matrix team has another tangible reason to be excited about future integrations.

“One of the best and the biggest open source guys really believes in what we’re doing and is interested in trying to open up the worlds of WordPress into the decentralized world of Matrix,” adds Hodgson. “In some ways it’s reassuring that a relatively established company like Automattic is keeping its eye on the horizon and putting their chips on the decentralized future. Whereas they could be ‘doing a Facebook’ and just sitting around and keeping everything centralized and as locked down as possible.”

“It’s a bit of a validation,” says Matrix co-founder and New Vector head of ops and products, Amandine le Pape. “The same way getting funding from VCs was validation of the fact it’s a viable business. Here it’s a validation it’s actually a mainstream open source project which can really grow.”

New Vector co-founders, Matthew Hodgson and Amandine le Pape

While the strategic investment offer from Automattic was obviously just a great opportunity to be seized by New vector, given ideological alignment and integration potential, it also comes at helpful time, per le Pape, given they’ve been growing their SaaS business.

“The business model that we’re looking at with New Vector to go and drive — both to fund Matrix and also to keep the lights on and grow the projects and the company — is very, very similar to what Automattic have successfully done with WordPress.com,” adds Hodgson. “So being able to compare notes directly with their board and our board to go and say to them how do you make this work between the WordPress.org and the WordPress.com split should be a really useful tool for us.”

While Matrix users can choose to host their own servers there’s obviously a high degree of complexity (and potential expense) involved in doing so. Hence New Vector’s business model is to offer a paid Matrix hosting service, called Modular, where it takes care of the complexity of hosting for a fee. (Marketing copy on the Modular website urges potential customers to: “Sign up and deploy your own secure chat service in seconds!”)

“Some of our highest profile customers like Mozilla could go and run it themselves, obviously. Mozilla know tech. But in practice it’s a lot easier and a lot cheaper overall for them to just go and get us to run it,” adds Hodgson. “The nice thing is that they have complete self sovereignty over their data. It’s their DNS. We give them access to the database. They could move off at any time… switch hosting provider or run it themselves. [Users] typically start off with us as a way to get up and running.”

Talking of moving, Hodgson says he expects Automattic to move over from Slack to Riot following this investment.

“I am very excited about what New Vector is doing with Matrix — creating a robust, secure, open protocol that can bring all flavors of instant messaging and collaboration together, in the way that the web or email has its foundation layer,” added Automattic founder, Matt Mullenweg, in a supporting statement. “I share New Vector’s passion for open source and the power of open standards. I’m excited to see how Automattic and New Vector can collaborate on our shared vision in the future.” 

Mullenweg was already a supporter of Matrix, chipping into its seed via Patreon back in 2017. At the time the team was transitioning from being incubated and wholly financed by Amdocs, a telco supplier where New Vectors’ co-founders used to work (running its unified comms division), to spinning out and casting around for new sources of funding to continue development of their decentralized standard.

Some three years on — now with another multi-million dollar tranche of funding in the bank — Hodgson says New Vector is able to contemplate the prospect of profitability ahead, with ~16.8 million users and 45,000 deployments at this point (up from 11M and 40k back in October).

“I think there’s also a high chance — touch wood — that this injection gives us a path straight through to profitability if needed,” he tells us. “Given the macroeconomic uncertainty thanks to the [COVID-19] pandemic, the opportunity to say we have this amount of cash in the bank, assuming our customers follow roughly the trajectory that we’d seen so far… this would be a way to get out the other side without having to depend on any further funding.

“If things are on track we probably would do additional funding next year in order to double down on the success. But right now this at least gives us a pretty chunky safety net.”

The coronavirus crisis has been accelerating interest in Matrix “significantly”, per Hodgson, as entities that might have been contemplating a switch to decentralized comms down the line feel far greater imperative to take control of their data — now that so many users are logging on from home.

“As lockdowns began we saw sign ups increase by a factor of about 10,” he says. “It’s tapered off a little bit but it was a real scaling drama overnight. We had to launch an entirely new set of videoconferencing deployments on Jitsi’s offering, as well as scaling up the hardware for the service which we run by several times over.

“We’re also seeing retention go up, which was nice. We assumed there would be a huge spike of users desperately trying to find a home and then they wouldn’t necessarily stick around. In practice they’ve stuck around more than the existing user base which is reassuring.”

In some cases, New Vector has seen customers radically shrink planned deployment timescales — from months to a matter of days.

“We literally had one [educational] outfit in German reach out and say that tender in September — we want you to go live on Monday,” says Hodgson, noting that in this instance the customer skipped the entire tendering process because of they felt they needed a secure system school kids could use. (And privacy concerns ruling out use of centralized options such as Zoom or Microsoft Teams.)

“The biggest impact from a New Vector perspective at least has been that a lot of our slower moving, bigger opportunities — particularly in the public sector with governments — have suddenly sped up massively,” he adds. “Because it was previously a nice to have premium thing — ‘wouldn’t it be good if we had our own encrypted messenger and if everybody wasn’t using Telegram or WhatsApp to run our country’ — and then suddenly, with the entire population of whichever country it might be suddenly having to work remotely it’s become an existential requirement to have high quality communication, and having that encrypted and self sovereign is a massive deal.”

In terms of competing with Slack (et al), the biggest consideration is usability and UX, according to Hodgson.

So, over the last year, New Vector has hired a dedicated in-house design team to focus on smoothing any overly geeky edges — though most of this work is yet to be pushed out to users.

“We’ve actually pivoted the entire development of Riot to be design led,” he says. “It’s no longer a whole bunch of developers, like myself, going and hacking away on it — instead the product owner and the product direction’s being laid by the design team. And it is an unrecognizable difference — in terms of focus and usability.

“Over the coming year we are expecting Riot to basically be rebuilt at least cosmetically to get rid of the complexity and the geekiness and the IRC hangovers which we have today in favor of something that can genuinely punch its weight against Slack and Discord.”

In another major recent development New Vector switched on end-to-end encryption across the piece in Riot, making it the default for all new non-public conversations (DMs and private chats).

“It’s the equivalent of email suddenly mandating PGP and managing not to break everything,” says Hodgson of that feat.

A key challenge was to “get parity” with users of the non-encrypted version of Matrix before it could be enabled everywhere — with associated problems to tackle, such as search.

“Typically we were doing search on the server and if the messages are encrypted the server obviously can’t index them — so we had to shift all of our search capabilities to run client side. We went and wrote a whole bunch of REST that allows you to basically embed a search engine into Riot on the client, including on the desktop version, so that people can actually reach their encrypted message history there and share it between devices,” he explains.

Another focus for the e2e was the verification process — which is also now built in by default.

“When you now log into Riot it forces you to scan a QR code on an existing login if you’ve already logged in somewhere. A bit like you do on WhatsApp web but rather than just using it to authenticate you it also goes and proves that you are a legitimate person on that account,” he says. “So everyone else then knows to trust that login completely — so that if there is an attack of some kind, if you admin tries to add a malicious device into your account to spy on you or if there’s a man-in-the-middle attack, or something like that, everybody can see that the untrusted device hasn’t been verified by you.

“It’s basically building out a simple web of trust of your devices and immediate contacts so that you have complete protection against ghost devices or other nastier attempts to go and compromise the account. The combination of using QR codes and also using emoji comparison rather than having to read out numbers to one another is I think almost unique now, in terms of creating really, really super robust end-to-end encryption.”

The e2e encryption Matrix uses is based on algorithms popularized by the Signal protocol. It was audited by NCC Group in 2016 but plans for the new funding include a full stack audit — once they’ve ironed out any teething issues with the new default e2e.

“[We want to] at least pick a path, a particular set of clients and servers — because we can’t do the whole thing, obviously, because Matrix has got 60-70 different apps on it now, or different clients. And there are at least four viable server implementations but we will pick the long term supported official path and at least find a set which we can then audit and recommend to governments,” says Hodgson of the audit plans.

They’re also working with Jitsi on a project to make the latter’s WebRTC-compatible videoconferencing platform e2e encrypted too — another key piece as Jitsi’s tech is what New Vector offers for video calling via Matrix.

“We partner with Jitsi for the videoconferencing side of things and we’re working with them on their e2e encrypted videoconferencing… They [recently] got the world’s first WebRTC -based e2e encrypted conferencing going. And they plan to use Matrix as the way to exchange the keys for that — using also all of the verification process [New Vector has developed for Riot]. Because end-to-end encryption’s great, obviously in terms of securing the data — but if you don’t know who you’re talking to, in terms of verifying their identity, it’s a complete waste of time,” adds Hodgson.

So when Jitsi’s e2e encryption launches New Vector will be able to include e2e encrypted videoconferencing as part of its decentralized bundle too.

How much growth is New Vector expecting for Matrix over the next 12 months? “We’ve tripled almost all of the sizing metrics for the network in the last year, and I think we tripled the year before that so I’m hoping that we can continue on that trajectory,” he says on that.

Another “fun thing” New Vector has been working on, since the end of last year, is a peer-to-peer version of Matrix — having developed a “sufficiently lightweight server implementation” that allows Matrix users to run ‘riot’ in a decentralized p2p space via a web browser (or via the app on a mobile device).

“We turned on the peer-to-peer network about a month ago now and they’re at the point right now of making it persistent — previously if all of the clients on the network went away then the entire network disappeared, whereas now it has the ability to persist even if people start restarting their browsers and apps. And it’s very much a mad science project but as far as I know nobody else is remotely in that ballpark,” he says.

“The nice thing is it looks and feels identical to Matrix today. You can use all of the clients, all of the bridges that people have already written… It just happens to be that the Riot is connecting to a server wedged into itself rather than talking to one sitting on the server… So it’s a total paradigm shift.”

“We weren’t sure it was going to work at all but in practice it’s working better than we could have hoped,” he adds. “Over the next year or so we’re going to expect to see more and more emphasis on peer-to-peer — possibly even by default. So that if you install Riot you don’t have to pick a server and go through this fairly clunky thing of figuring out what service provider to trust and do you want to buy one from us as New Vector or do you want to a Swiss ISP. Instead you can start off bobbing around the ocean in a pure peer-to-peer land, and then if you want to persist your data somewhere then you go and find a server to pin yourself to a home on the Internet. But it would be a completely different way of thinking about things.”

Those interested in dipping a toe in p2p decentralized IM can check out this flavor of Riot in a web browser via p2p.riot.im

#automattic, #decentralized, #e2e-encryption, #europe, #funding, #jitsi, #matrix, #new-vector, #open, #p2p, #privacy, #riot, #security, #signal-protocol, #tc, #webrtc, #wordpress