Google unveils auto-delete for location, Web activity, and app usage data

A large Google sign seen on a window of Google's headquarters.

Enlarge / Mountain View, Calif.—May 21, 2018: Exterior view of a Googleplex building, the corporate headquarters of Google and parent company Alphabet. (credit: Getty Images | zphotos)

Google will soon let users automatically delete location history and other private data in rolling intervals of either three months or 18 months.

“Choose a time limit for how long you want your activity data to be saved—3- or 18-months—and any data older than that will be automatically deleted from your account on an ongoing basis,” Google announced yesterday. “These controls are coming first to Location History and Web & App Activity and will roll out in the coming weeks.”

Google location history saves locations reported from mobile devices that are logged into your Google account, while saved Web and app activity includes “searches and other things you do on Google products and services, like Maps; your location, language, IP address, referrer, and whether you use a browser or an app; Ads you click, or things you buy on an advertiser’s site; [and] Information on your device like recent apps or contact names you searched for.”

Read 11 remaining paragraphs | Comments

Waymo is gearing up to put a lot more self-driving cars on the road

Waymo is opening another technical service center in the Phoenix area, an expansion that will allow the autonomous-vehicle technology startup to double its capacity in the area as it prepares to grow its commercial fleet.

The new 85,000-square-foot center will be located in Mesa and is expected to open sometime in the second half of the year. The company’s existing 60,000-square-foot facility in the Phoenix suburb of Chandler will remain.

The former Google self-driving project that spun out to become a business under Alphabet opened its first location in Chandler, Arizona in 2016. Since then the company has ramped up its testing, launched an early rider program and slowly crept toward commercial deployment. The early rider program, which launched in April 2017, had more than 400 participants the last time Waymo shared figures on the program.

In December, the company launched Waymo One, a commercial self-driving car service and accompanying app. The service isn’t widely available yet and Waymo-trained test drivers are still behind the wheel. (Waymo does have driverless vehicles on public roads in Phoenix.)

This latest announcement signals that Waymo is still committed to its initial plan to eventually cover a large portion of the sprawling metropolis of Phoenix, which is about 600 square miles. Waymo currently operates in Chandler, Tempe, Gilbert and Mesa. It also means local residents will likely encounter more Waymo self-driving vehicles on public roads — an experience that hasn’t exactly sparked joy for some. (There have been several reports recounting fits of road rage directed at these autonomous vehicles.)

Waymo’s global fleet is about 600 cars, the large majority of which are in the Phoenix area. The new technical center will act as a second dispatch center as well as a place to maintain, clean and manage the fleet, according to the company.

It also means Waymo will hire more people in the months ahead. As Waymo noted in a blog posted Tuesday, this is not the first time it has grown its operations in Phoenix. Waymo expanded its full-service center in Chandler last year to 60,000 square feet, a facility that houses its operations and support teams, including fleet technicians, fleet dispatch, fleet response and rider support.

Sebastian Thrun initiates aggressive plan to transform Udacity

“I’m a fighter. I believe in our people, I believe in our mission, and I believe that it should exist and must exist.”

Sebastian Thrun is talking animatedly about Udacity, the $1 billion online education startup that he co-founded nearly eight years ago. His tone is buoyant and hopeful. He’s encouraged, he says over an occasionally crackly phone call, about the progress the company has made in such a short time. There’s even a new interim COO, former HP and GE executive Lalit Singh, who joined just days ago to help Thrun execute this newly formed strategy.

That wasn’t the case four weeks ago.

In a lengthy email, obtained by TechCrunch, Thrun lobbed an impassioned missive to the entire company, which specializes in “nanodegrees” on a range of technical subjects that include AI, deep learning, digital marketing, VR and computer vision.

It was, at times, raw, personal and heartfelt, with Thrun accepting blame for missteps or admitting he was sleeping less than four hours a night; in other spots the email felt like a pep talk delivered by a coach, encouraging his team by noting their spirit and tenacity. There were moments when he exhibited frustration for the company’s timidness, declaring “our plans are ridden of fear, of trepidation, we truly suck!” And moments just as conciliatory, where he noted that “I know every one of you wants to double down on student success. I love this about us.”

Thrun has sent spirited emails before. Insiders say it’s not uncommon and that as a mission-driven guy he often calls on employees to take risks and be creative. But this one stood out for its underlying message.

If there was a theme in the email, it was an existential one: We must act, and act now or face annihilation.

“It was a rallying cry, to be honest,” Thrun told TechCrunch. “When I wrote this email, I really wanted to wake up people to the fact that our trajectory was not long-term tenable.”

“I can tell you that I woke up the troops, that is absolutely sure,” he said later. “Whether my strategy is sound, only time can tell.”

Udacity founder Sebastian Thrun speaks onstage during TechCrunch Disrupt SF 2017 at Pier 48 on September 19, 2017 in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)

Thrun said the past month has been transformative for the company. “It was a tough moment when I had to look at the business, look at the financials, look at the people in the company,” Thrun said, adding, “And the people in the company are amazing. I really believe in them, and I believe that they’re all behind the mission.”

A tough year

Part of Udacity’s struggles were borne out of its last funding round in 2015, when it raised $105 million and became a unicorn. That round and the valuation set high expectations for growth and revenue.

But the company started hitting those targets and 2017 became a breakout year.

After a booming 2017 — with revenue growing 100 percent year-over-year thanks to some popular programs like its self-driving car and deep learning nanodegrees and the culmination of a previous turnaround plan architected by former CMO Shernaz Daver — the following year fizzled. Its consumer business began to shrink, and while the production quality of its educational videos increased, the volume slowed.

“In 2018, we didn’t have a single a blockbuster,” Thrun said. “There’s nothing you can point to and say, ‘Wow, Udacity had a blockbuster.’ “

By comparison, the self-driving car engineering nanodegree not only was a hit, it produced a successful new company. Udacity vice president Oliver Cameron spun out an autonomous vehicle company called Voyage.

Udacity CEO Vishal Makhijani left in October and Thrun stepped in. He took over as chief executive and the head of content on an interim basis. Thrun, who founded X, Google’s moonshot factory, is also CEO of Kitty Hawk Corp., a flying-car startup.

His first impression upon his return was a company that had grown too quickly and was burdened by its own self-inflicted red tape. Staff reductions soon followed. About 130 people were laid off and other open positions were left vacant, Thrun said.

Udacity now has 350 full-time employees and another 200 full-time contractors. The company also has about 1,000 people contracted as graders or reviewers.

An emphasis, when I rejoined, was to cut complexity and focus the company on the things that are working,” he said. 

One area where Udacity seemed to excel had also created an impediment. The quality of Udacity’s video production resulted in Hollywood-quality programming, Thrun said. But that created a bottleneck in the amount of educational content Udacity could produce.

Udacity’s content makers — a staff of about 140 people — released nearly 10 nanodegrees in 2018. Today, as a result of cuts, only 40 content creators remain. That smaller team completed about five nanodegrees in the first quarter of 2019, Thrun said.

Last year, it took between 10 to 12 people, and more than $1 million, to build one nanodegree, Thrun said. “Now it’s less than 10 percent of that.”

The company was able to accomplish this, he said, by changing its whole approach to video with taping, edits and student assessments happening in real time.

Udacity, under Thrun’s direction, has also doubled down on a technical mentorship program that will now match every new student with a mentor. Udacity has hired about 278 mentors who will work between 15 and 20 hours a week on a contract basis. The company is targeting about 349 mentors in all.

Students are also assigned a cohort that is required to meet (virtually) once a week.

Thrun described the new mentor program as the biggest change in service in the entire history of Udacity. “And we literally did this in two weeks,” he said. 

The strategy has met with some resistance. Some employees wanted to test the mentorship program on one cohort, or group of students, and expand from there. Even since these recent changes, some employees have expressed doubts that it will be enough, according to unnamed sources connected to or within the company.

Even Thrun admits that the “fruit remains to be seen,” although he’s confident that they’ve landed on the right approach, and one that will boost student graduation rates and eventually make the company profitable.

“If you give any student a personalized mentor that fights for them, and that’s the language I usually use, then we can bring our graduation rate, which is at about 34 percent to 60 percent or so,” he said. “And for online institutions 34 percent is high. But we have programs in that graduate more than 90 percent of our students.”

Udacity doesn’t share exact numbers on post-graduation hiring rates. But the company did say thousands of Udacity alumni have been hired by companies like Google, AT&T, Nvidia and others in the U.S., Europe, India and China.

In the U.S. and Canada, graduates with new jobs reported an annual salary increase of 38 percent, a Udacity spokesperson shared.

Indeed, Udacity has had some successes despite its many challenges.

Bright spots

Udacity has continued to increase revenue, although at a slower rate than the previous year-over-year time period. Udacity said it generated $90 million in revenue in 2018, a 25 percent year-over-year increase from 2017.

Udacity had informally offered enterprise programs to clients like AT&T. But in September, the company made enterprise a dedicated product and hired a VP of sales to bring in new customers.

Udacity has added 20 new enterprise clients from the banking, insurance, telecom and retail sectors, according to the company. There are now 70 enterprise customers globally that send employees through Udacity programs to gain new skills.

It continues to expand its career services and launched 12 free courses, built in collaboration with Google, with nearly 100,000 enrollments. It has also funded more than 1.1 million new partial and full scholarships to its programs for students across North America, Europe, the Middle East and Asia. About 21% of all Udacity Nanodegree students in the Grow with Google program in Europe have received job offers, according to Google.

The company also has a new initiative in the Middle East, where it teaches almost a million young Arab people how to code, Thrun said, an accomplishment he says is core to his mission.

Udacity isn’t profitable yet on an EBITDA basis, Thrun shared, but the “unit economics per students, and on a gross margin basis, are good.”

Now, it comes down to whether Thrun’s push to become faster, more efficient and nimble, all while investing in student services and its enterprise product, will be enough to right the ship.

“I really believe if you can get to the point that students come to us and we bend over backwards to ensure their success, we will be a company that has a really good chance of lasting for a lifetime,” he said. 

And if it doesn’t work, then we’ll adjust, like any other company. We can always shift.”

Sebastian Thrun initiates aggressive plan to transform Udacity

“I’m a fighter. I believe in our people, I believe in our mission, and I believe that it should exist and must exist.”

Sebastian Thrun is talking animatedly about Udacity, the $1 billion online education startup that he co-founded nearly eight years ago. His tone is buoyant and hopeful. He’s encouraged, he says over an occasionally crackly phone call, about the progress the company has made in such a short time. There’s even a new interim COO, former HP and GE executive Lalit Singh, who joined just days ago to help Thrun execute this newly formed strategy.

That wasn’t the case four weeks ago.

In a lengthy email, obtained by TechCrunch, Thrun lobbed an impassioned missive to the entire company, which specializes in “nanodegrees” on a range of technical subjects that include AI, deep learning, digital marketing, VR and computer vision.

It was, at times, raw, personal and heartfelt, with Thrun accepting blame for missteps or admitting he was sleeping less than four hours a night; in other spots the email felt like a pep talk delivered by a coach, encouraging his team by noting their spirit and tenacity. There were moments when he exhibited frustration for the company’s timidness, declaring “our plans are ridden of fear, of trepidation, we truly suck!” And moments just as conciliatory, where he noted that “I know every one of you wants to double down on student success. I love this about us.”

Thrun has sent spirited emails before. Insiders say it’s not uncommon and that as a mission-driven guy he often calls on employees to take risks and be creative. But this one stood out for its underlying message.

If there was a theme in the email, it was an existential one: We must act, and act now or face annihilation.

“It was a rallying cry, to be honest,” Thrun told TechCrunch. “When I wrote this email, I really wanted to wake up people to the fact that our trajectory was not long-term tenable.”

“I can tell you that I woke up the troops, that is absolutely sure,” he said later. “Whether my strategy is sound, only time can tell.”

Udacity founder Sebastian Thrun speaks onstage during TechCrunch Disrupt SF 2017 at Pier 48 on September 19, 2017 in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)

Thrun said the past month has been transformative for the company. “It was a tough moment when I had to look at the business, look at the financials, look at the people in the company,” Thrun said, adding, “And the people in the company are amazing. I really believe in them, and I believe that they’re all behind the mission.”

A tough year

Part of Udacity’s struggles were borne out of its last funding round in 2015, when it raised $105 million and became a unicorn. That round and the valuation set high expectations for growth and revenue.

But the company started hitting those targets and 2017 became a breakout year.

After a booming 2017 — with revenue growing 100 percent year-over-year thanks to some popular programs like its self-driving car and deep learning nanodegrees and the culmination of a previous turnaround plan architected by former CMO Shernaz Daver — the following year fizzled. Its consumer business began to shrink, and while the production quality of its educational videos increased, the volume slowed.

“In 2018, we didn’t have a single a blockbuster,” Thrun said. “There’s nothing you can point to and say, ‘Wow, Udacity had a blockbuster.’ “

By comparison, the self-driving car engineering nanodegree not only was a hit, it produced a successful new company. Udacity vice president Oliver Cameron spun out an autonomous vehicle company called Voyage.

Udacity CEO Vishal Makhijani left in October and Thrun stepped in. He took over as chief executive and the head of content on an interim basis. Thrun, who founded X, Google’s moonshot factory, is also CEO of Kitty Hawk Corp., a flying-car startup.

His first impression upon his return was a company that had grown too quickly and was burdened by its own self-inflicted red tape. Staff reductions soon followed. About 130 people were laid off and other open positions were left vacant, Thrun said.

Udacity now has 350 full-time employees and another 200 full-time contractors. The company also has about 1,000 people contracted as graders or reviewers.

An emphasis, when I rejoined, was to cut complexity and focus the company on the things that are working,” he said. 

One area where Udacity seemed to excel had also created an impediment. The quality of Udacity’s video production resulted in Hollywood-quality programming, Thrun said. But that created a bottleneck in the amount of educational content Udacity could produce.

Udacity’s content makers — a staff of about 140 people — released nearly 10 nanodegrees in 2018. Today, as a result of cuts, only 40 content creators remain. That smaller team completed about five nanodegrees in the first quarter of 2019, Thrun said.

Last year, it took between 10 to 12 people, and more than $1 million, to build one nanodegree, Thrun said. “Now it’s less than 10 percent of that.”

The company was able to accomplish this, he said, by changing its whole approach to video with taping, edits and student assessments happening in real time.

Udacity, under Thrun’s direction, has also doubled down on a technical mentorship program that will now match every new student with a mentor. Udacity has hired about 278 mentors who will work between 15 and 20 hours a week on a contract basis. The company is targeting about 349 mentors in all.

Students are also assigned a cohort that is required to meet (virtually) once a week.

Thrun described the new mentor program as the biggest change in service in the entire history of Udacity. “And we literally did this in two weeks,” he said. 

The strategy has met with some resistance. Some employees wanted to test the mentorship program on one cohort, or group of students, and expand from there. Even since these recent changes, some employees have expressed doubts that it will be enough, according to unnamed sources connected to or within the company.

Even Thrun admits that the “fruit remains to be seen,” although he’s confident that they’ve landed on the right approach, and one that will boost student graduation rates and eventually make the company profitable.

“If you give any student a personalized mentor that fights for them, and that’s the language I usually use, then we can bring our graduation rate, which is at about 34 percent to 60 percent or so,” he said. “And for online institutions 34 percent is high. But we have programs in that graduate more than 90 percent of our students.”

Udacity doesn’t share exact numbers on post-graduation hiring rates. But the company did say thousands of Udacity alumni have been hired by companies like Google, AT&T, Nvidia and others in the U.S., Europe, India and China.

In the U.S. and Canada, graduates with new jobs reported an annual salary increase of 38 percent, a Udacity spokesperson shared.

Indeed, Udacity has had some successes despite its many challenges.

Bright spots

Udacity has continued to increase revenue, although at a slower rate than the previous year-over-year time period. Udacity said it generated $90 million in revenue in 2018, a 25 percent year-over-year increase from 2017.

Udacity had informally offered enterprise programs to clients like AT&T. But in September, the company made enterprise a dedicated product and hired a VP of sales to bring in new customers.

Udacity has added 20 new enterprise clients from the banking, insurance, telecom and retail sectors, according to the company. There are now 70 enterprise customers globally that send employees through Udacity programs to gain new skills.

It continues to expand its career services and launched 12 free courses, built in collaboration with Google, with nearly 100,000 enrollments. It has also funded more than 1.1 million new partial and full scholarships to its programs for students across North America, Europe, the Middle East and Asia. About 21% of all Udacity Nanodegree students in the Grow with Google program in Europe have received job offers, according to Google.

The company also has a new initiative in the Middle East, where it teaches almost a million young Arab people how to code, Thrun said, an accomplishment he says is core to his mission.

Udacity isn’t profitable yet on an EBITDA basis, Thrun shared, but the “unit economics per students, and on a gross margin basis, are good.”

Now, it comes down to whether Thrun’s push to become faster, more efficient and nimble, all while investing in student services and its enterprise product, will be enough to right the ship.

“I really believe if you can get to the point that students come to us and we bend over backwards to ensure their success, we will be a company that has a really good chance of lasting for a lifetime,” he said. 

And if it doesn’t work, then we’ll adjust, like any other company. We can always shift.”

Sebastian Thrun initiates aggressive plan to transform Udacity

“I’m a fighter. I believe in our people, I believe in our mission, and I believe that it should exist and must exist.”

Sebastian Thrun is talking animatedly about Udacity, the $1 billion online education startup that he co-founded nearly eight years ago. His tone is buoyant and hopeful. He’s encouraged, he says over an occasionally crackly phone call, about the progress the company has made in such a short time. There’s even a new interim COO, former HP and GE executive Lalit Singh, who joined just days ago to help Thrun execute this newly formed strategy.

That wasn’t the case four weeks ago.

In a lengthy email, obtained by TechCrunch, Thrun lobbed an impassioned missive to the entire company, which specializes in “nanodegrees” on a range of technical subjects that include AI, deep learning, digital marketing, VR and computer vision.

It was, at times, raw, personal and heartfelt, with Thrun accepting blame for missteps or admitting he was sleeping less than four hours a night; in other spots the email felt like a pep talk delivered by a coach, encouraging his team by noting their spirit and tenacity. There were moments when he exhibited frustration for the company’s timidness, declaring “our plans are ridden of fear, of trepidation, we truly suck!” And moments just as conciliatory, where he noted that “I know every one of you wants to double down on student success. I love this about us.”

Thrun has sent spirited emails before. Insiders say it’s not uncommon and that as a mission-driven guy he often calls on employees to take risks and be creative. But this one stood out for its underlying message.

If there was a theme in the email, it was an existential one: We must act, and act now or face annihilation.

“It was a rallying cry, to be honest,” Thrun told TechCrunch. “When I wrote this email, I really wanted to wake up people to the fact that our trajectory was not long-term tenable.”

“I can tell you that I woke up the troops, that is absolutely sure,” he said later. “Whether my strategy is sound, only time can tell.”

Udacity founder Sebastian Thrun speaks onstage during TechCrunch Disrupt SF 2017 at Pier 48 on September 19, 2017 in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)

Thrun said the past month has been transformative for the company. “It was a tough moment when I had to look at the business, look at the financials, look at the people in the company,” Thrun said, adding, “And the people in the company are amazing. I really believe in them, and I believe that they’re all behind the mission.”

A tough year

Part of Udacity’s struggles were borne out of its last funding round in 2015, when it raised $105 million and became a unicorn. That round and the valuation set high expectations for growth and revenue.

But the company started hitting those targets and 2017 became a breakout year.

After a booming 2017 — with revenue growing 100 percent year-over-year thanks to some popular programs like its self-driving car and deep learning nanodegrees and the culmination of a previous turnaround plan architected by former CMO Shernaz Daver — the following year fizzled. Its consumer business began to shrink, and while the production quality of its educational videos increased, the volume slowed.

“In 2018, we didn’t have a single a blockbuster,” Thrun said. “There’s nothing you can point to and say, ‘Wow, Udacity had a blockbuster.’ “

By comparison, the self-driving car engineering nanodegree not only was a hit, it produced a successful new company. Udacity vice president Oliver Cameron spun out an autonomous vehicle company called Voyage.

Udacity CEO Vishal Makhijani left in October and Thrun stepped in. He took over as chief executive and the head of content on an interim basis. Thrun, who founded X, Google’s moonshot factory, is also CEO of Kitty Hawk Corp., a flying-car startup.

His first impression upon his return was a company that had grown too quickly and was burdened by its own self-inflicted red tape. Staff reductions soon followed. About 130 people were laid off and other open positions were left vacant, Thrun said.

Udacity now has 350 full-time employees and another 200 full-time contractors. The company also has about 1,000 people contracted as graders or reviewers.

An emphasis, when I rejoined, was to cut complexity and focus the company on the things that are working,” he said. 

One area where Udacity seemed to excel had also created an impediment. The quality of Udacity’s video production resulted in Hollywood-quality programming, Thrun said. But that created a bottleneck in the amount of educational content Udacity could produce.

Udacity’s content makers — a staff of about 140 people — released nearly 10 nanodegrees in 2018. Today, as a result of cuts, only 40 content creators remain. That smaller team completed about five nanodegrees in the first quarter of 2019, Thrun said.

Last year, it took between 10 to 12 people, and more than $1 million, to build one nanodegree, Thrun said. “Now it’s less than 10 percent of that.”

The company was able to accomplish this, he said, by changing its whole approach to video with taping, edits and student assessments happening in real time.

Udacity, under Thrun’s direction, has also doubled down on a technical mentorship program that will now match every new student with a mentor. Udacity has hired about 278 mentors who will work between 15 and 20 hours a week on a contract basis. The company is targeting about 349 mentors in all.

Students are also assigned a cohort that is required to meet (virtually) once a week.

Thrun described the new mentor program as the biggest change in service in the entire history of Udacity. “And we literally did this in two weeks,” he said. 

The strategy has met with some resistance. Some employees wanted to test the mentorship program on one cohort, or group of students, and expand from there. Even since these recent changes, some employees have expressed doubts that it will be enough, according to unnamed sources connected to or within the company.

Even Thrun admits that the “fruit remains to be seen,” although he’s confident that they’ve landed on the right approach, and one that will boost student graduation rates and eventually make the company profitable.

“If you give any student a personalized mentor that fights for them, and that’s the language I usually use, then we can bring our graduation rate, which is at about 34 percent to 60 percent or so,” he said. “And for online institutions 34 percent is high. But we have programs in that graduate more than 90 percent of our students.”

Udacity doesn’t share exact numbers on post-graduation hiring rates. But the company did say thousands of Udacity alumni have been hired by companies like Google, AT&T, Nvidia and others in the U.S., Europe, India and China.

In the U.S. and Canada, graduates with new jobs reported an annual salary increase of 38 percent, a Udacity spokesperson shared.

Indeed, Udacity has had some successes despite its many challenges.

Bright spots

Udacity has continued to increase revenue, although at a slower rate than the previous year-over-year time period. Udacity said it generated $90 million in revenue in 2018, a 25 percent year-over-year increase from 2017.

Udacity had informally offered enterprise programs to clients like AT&T. But in September, the company made enterprise a dedicated product and hired a VP of sales to bring in new customers.

Udacity has added 20 new enterprise clients from the banking, insurance, telecom and retail sectors, according to the company. There are now 70 enterprise customers globally that send employees through Udacity programs to gain new skills.

It continues to expand its career services and launched 12 free courses, built in collaboration with Google, with nearly 100,000 enrollments. It has also funded more than 1.1 million new partial and full scholarships to its programs for students across North America, Europe, the Middle East and Asia. About 21% of all Udacity Nanodegree students in the Grow with Google program in Europe have received job offers, according to Google.

The company also has a new initiative in the Middle East, where it teaches almost a million young Arab people how to code, Thrun said, an accomplishment he says is core to his mission.

Udacity isn’t profitable yet on an EBITDA basis, Thrun shared, but the “unit economics per students, and on a gross margin basis, are good.”

Now, it comes down to whether Thrun’s push to become faster, more efficient and nimble, all while investing in student services and its enterprise product, will be enough to right the ship.

“I really believe if you can get to the point that students come to us and we bend over backwards to ensure their success, we will be a company that has a really good chance of lasting for a lifetime,” he said. 

And if it doesn’t work, then we’ll adjust, like any other company. We can always shift.”

Everything you need to know about Facebook, Google’s app scandal

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a day of downtime at the two tech giants.

Confused about what happened? Here’s everything you need to know.

How did all this start, and what happened?

On Monday, we revealed that Facebook was misusing an Apple-issued enterprise certificate that is only meant for companies to use to distribute internal, employee-only apps without having to go through the Apple App Store. But the social media giant used that certificate to sign an app that Facebook distributed outside the company, violating Apple’s rules.

The app, known simply as “Research,” allowed Facebook unparalleled access to all of the data flowing out of a device. This included access to some of the users’ most sensitive network data. Facebook paid users — including teenagers — $20 per month to install the app. But it wasn’t clear exactly what kind of data was being vacuumed up, or for what reason.

It turns out that the app was a repackaged app that was effectively banned from Apple’s App Store last year for collecting too much data on users.

Apple was angry that Facebook was misusing its special-issue enterprise certificates to push an app it already banned, and revoked it — rendering the app unable to open. But Facebook was using that same certificate to sign its other employee-only apps, effectively knocking them offline until Apple re-issued the certificate.

Then, it turned out Google was doing almost exactly the same thing with its Screenwise app, and Apple’s ban-hammer fell again.

What’s the controversy over these enterprise certificates and what can they do?

If you want to develop Apple apps, you have to abide by its rules — and Apple expressly makes companies agree to its terms.

A key rule is that Apple doesn’t allow app developers to bypass the App Store, where every app is vetted to ensure it’s as secure as it can be. It does, however, grant exceptions for enterprise developers, such as to companies that want to build apps that are only used internally by employees. Facebook and Google in this case signed up to be enterprise developers and agreed to Apple’s developer terms.

Each Apple-issued certificate grants companies permission to distribute apps they develop internally — including pre-release versions of the apps they make, for testing purposes. But these certificates aren’t allowed to be used for ordinary consumers, as they have to download apps through the App Store.

What’s a “root” certificate, and why is its access a big deal?

Because Facebook’s Research and Google’s Screenwise apps were distributed outside of Apple’s App Store, it required users to manually install the app — known as sideloading. That requires users to go through a convoluted few steps of downloading the app itself, and opening and trusting either Facebook or Google’s enterprise developer code-signing certificate, which is what allows the app to run.

Both companies required users after the app installed to agree to an additional configuration step — known as a VPN configuration profile — allowing all of the data flowing out of that user’s phone to funnel down a special tunnel that directs it all to either Facebook or Google, depending on which app you installed.

This is where the Facebook and Google cases differ.

Google’s app collected data and sent it off to Google for research purposes, but couldn’t access encrypted data — such as the content of any network traffic protected by HTTPS, as most apps in the App Store and internet websites are.

Facebook, however, went far further. Its users were asked to go through an additional step to trust an additional type of certificate at the “root” level of the phone. Trusting this Facebook Research root certificate authority allowed the social media giant to look at all of the encrypted traffic flowing out of the device — essentially what we call a “man-in-the-middle” attack. That allowed Facebook to sift through your messages, your emails and any other bit of data that leaves your phone. Only apps that use certificate pinning — which reject any certificate that isn’t its own — were protected, such as iMessage, Signal and additionally any other end-to-end encrypted solutions.

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone (Image: supplied)

Google’s app might not have been able to look at encrypted traffic, but the company still flouted the rules — and had its separate enterprise developer code-signing certificate revoked anyway.

What data did Facebook have access to on iOS?

It’s hard to know for sure, but it definitely had access to more data than Google.

Facebook said its app was to help it “understand how people use their mobile devices.” In reality, at root traffic level, Facebook could have accessed any kind of data that left your phone.

Will Strafach, a security expert with whom we spoke for our story, said: “If Facebook makes full use of the level of access they are given by asking users to install the certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”

Remember: this isn’t “root” access to your phone, like jailbreaking, but root access to the network traffic.

How does this compare to the technical ways other market research programs work?

In fairness, these aren’t market research apps unique to Facebook or Google. Several other companies, like Nielsen and comScore, run similar programs, but neither ask users to install a VPN or provide root access to the network.

In any case, Facebook already has a lot of your data — as does Google. Even if the companies only wanted to look at your data in aggregate with other people, it can still hone in on who you talk to, when, for how long and, in some cases, what about. It might not have been such an explosive scandal had Facebook not spent the last year cleaning up after several security and privacy breaches.

Can they capture the data of people the phone owner interacts with?

In both cases, yes. In Google’s case, any unencrypted data that involves another person’s data could have been collected. In Facebook’s case, it goes far further — any data of yours that interacts with another person, such as an email or a message, could have been collected by Facebook’s app.

How many people did this affect?

It’s hard to know for sure. Neither Google nor Facebook have said how many users they have. Between them, it’s believed to be in the thousands. As for the employees affected by the app outages, Facebook has more than 35,000 employees and Google has more than 94,000 employees.

Why did internal apps at Facebook and Google break after Apple revoked the certificates?

You might own your Apple device, but Apple still gets to control what goes on it.

Apple can’t control Facebook’s root certificates, but it can control the enterprise certificates it issues. After Facebook was caught out, Apple said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” That meant any app that relied on Facebook’s enterprise certificate — including inside the company — would fail to load. That’s not just pre-release builds of Facebook, Instagram and WhatsApp that staff were working on, but reportedly the company’s travel and collaboration apps were down. In Google’s case, even its catering and lunch menu apps were down.

Facebook’s internal apps were down for about a day, while Google’s internal apps were down for a few hours. None of Facebook or Google’s consumer services were affected, however.

How are people viewing Apple in all this?

Nobody seems thrilled with Facebook or Google at the moment, but not many are happy with Apple, either. Even though Apple sells hardware and doesn’t use your data to profile you or serve you ads — like Facebook and Google do — some are uncomfortable with how much power Apple has over the customers — and enterprises — that use its devices.

In revoking Facebook and Google’s enterprise certificates and causing downtime, it has a knock-on effect internally.

Is this legal in the U.S.? What about in Europe with GDPR?

Well, it’s not illegal — at least in the U.S. Facebook says it gained consent from its users. The company even said its teenage users must obtain parental consent, even though it was easily skippable and no verification checks were made. It wasn’t even explicitly clear that the children who “consented” really understood how much privacy they were really handing over.

That could lead to major regulatory headaches down the line. “If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime,” wrote TechCrunch’s Natasha Lomas.

Who else has been misusing certificates?

Don’t think that Facebook and Google are alone in this. It turns out that a lot of companies might be flouting the rules, too.

According to many finding companies on social media, Sonos uses enterprise certificates for its beta program, as does finance app Binance, as well as DoorDash for its fleet of contractors. It’s not known if Apple will also revoke their enterprise certificates.

What next?

It’s anybody’s guess, but don’t expect this situation to die down any time soon.

Facebook may face repercussions with Europe, as well as at home. Two U.S. senators, Mark Warner and Richard Blumenthal, have already called for action, accusing Facebook of “wiretapping teens.” The Federal Trade Commission may also investigate, if Blumenthal gets his way.

Sequoia goes after early-stage with an accelerator program in India and Southeast Asia

Sequoia India is going deep into early-stage investing after it announced an accelerator program, Surge, which is focused on fledging startups in India and Southeast Asia, the two regions that it covers.

It’s been nearly six months since Sequoia India closed its newest $695 million fund — its fifth since its establishment 12 years ago — and with over 200 deals under its belt, it is going earlier than ever before. The Surge program is designed to work with a mix of companies; that could include founders with just an idea, to those at pre-launch or pre-seed, businesses with an existing product-market fit or even startups intending to pivot, Sequoia India managing director Shailendra Singh told TechCrunch.

“It’s a bold attempt to try to create a better program for seed to Series A,” Singh said in an interview. “We think founders are underserved. There is quality early-stage talent but we are trying to find a way to serve them better.”

Singh explained that the program is a result of extensive research. He said Sequoia India talked to startups, founders and investors, and that a series of Twitter polls he conducted last year show founders in India and Southeast Asia are too frequently under-capitalized, over-diluted and forced to spend too much time on the fundraising trail.

“We decided there is a better way,” Singh said.

So what is the Sequoia India solution?

Surge is aiming to recruit 10-20 companies per batch, with two cohorts running each year for four months each. Perhaps the most notable feature is that selected companies will receive a $1.5 million investment from Sequoia, with the option to raise more from the firm and other co-investors in a final “UpSurge” demo week that concludes the program. Participants will, however, need to pay a “program fee” although that is being waived for the first cohort.

On its website, the firm describes Surge as being designed to give founders an “unfair advantage, right out of the gate.”

That first program is scheduled to run in March and applications are open now, although Sequoia has already picked a small selection for the first program. While the focus is local startups, China-based startups looking at India and Southeast Asia and U.S. startups seeking an Asia will also be considered, the firm said.

Singh said equity will be negotiated on a company-by-company basis, but he anticipates that valuations will be will be in the range of “high single-digit to high-teens” pre-money. There’s no obligation for a Sequoia follow-on, and Singh stressed that a “curated” selection of investors will be invested to invest in the post-program round and even alongside the initial $1.5 million check.

Shailendra Singh, Sequoia India managing director

The program is quite unusual in being globally distributed. That’s to say that it is split into five ‘modules,’ each of which is hosted in a different city which taps into Sequoia’s global presence. That’ll include Singapore, China, India and Silicon Valley. Singh said each module will require founder presence for a week, when they will work together with Sequoia — including the firm’s AMP program — Surge mentors and others, before taking the learnings back to their company for the remainder of the month. The only exception is the final month, which will include an additional week for the demo segment.

Sequoia India has tapped its portfolio companies and other Sequoia investees to pull an initial list of mentors that include Nadiem Makarim (Go-Jek), Rajan Ananadan (Google), Byju Raveendran (Byju’s), Neeraj Arora (WhatsApp) and Kunal Shah (Freecharge and now Cred). Singh said more will be added after the public launch.

He added that Sequoia India is hiring dedicated Surge staff to work exclusively on the program. For now, the budget for the program will come from the India fund but, in the long term, Singh said a dedicated Surge fund could be created. That could be necessary given the potential costs from the program.

The focus is fairly vertical agnostic, Sequoia said, with a focus on the teams behind companies.

“The single biggest focus is on being founder-centric,” Singh told TechCrunch. “We want to assemble a group of founders who are quite special. We expect founders to learn a lot from each other.”

When I put it to Singh that Sequoia’s move into early stage puts it into competition with the very up-stream, seed investors that it works with to get Series A deal flow, he argued that Sequoia is already very present in that segment.

Pointing to a recent LinkedIn post — which reads like a precursor to today’s announcement — Singh said one-quarter of its deals have been with startups valued at $5 million or lower, with 64 percent at $10 million or lower.

“We’ve made seed investments and collaborated with other firms in the past. We’ve already spoken to a few friendly firms and they are excited to be involved,” Singh said.

Sequoia is well known for later-stage deals, but Sequoia’s Singh shared data showing that it is well invested in early-stage deals, too

That may well be true for some firms, but I can’t help but feel that others may be intimated at a deep-pocketed investor playing in their backyard. In such a case, there’s little more than you can do other than play along. That said, Singh seems genuinely keen to build links between Surge and other VCs at all levels.

“It’s not about us or them but what’s good for founders,” he explained, adding that Sequoia will “actively” work with firms to involve them in the program.

It’s definitely a fascinating move, and it is certainly one of Sequoia’s boldest strategies worldwide. It is too early to say if it will be replicated by Sequoia other global funds, but they will certainly be watching, as Singh himself admitted.

You can find more information about Surge here.

Why Silicon Valley needs more visas

When I hear protesters shout, “Immigrants are welcome here!” at the San Francisco immigration office near my startup’s headquarters, I think about how simple a phrase that is for a topic that is so nuanced, especially for me as an immigrant entrepreneur.

Growing up in Brazil, I am less familiar with the nuances of the American debate on immigration legislation, but I know that immigrants here add a lot of jobs and stimulate the local economy. As an immigrant entrepreneur, I’ve tried to check all of those boxes, and really prove my value to this country.

My tech startup Brex has achieved a lot in a short period of time, a feat which is underscored by receiving a $1 billion dollar valuation in just one year. But we didn’t achieve that high level of growth in spite of being founded by immigrants, but because of it. The key to our growth and to working towards building a global brand is our international talent pool, without it, we could never have gotten to where we are today.

So beyond Brex, what do the most successful Silicon Valley startups have in common? They’re also run by immigrants. In fact, not only are 57% of the Bay Area’s STEM tech workers immigrants, they also make up 25% of business founders in the US. You can trace the immigrant entrepreneurial streak in Silicon Valley from the founders of SUN Microsystems and Google to the Valley’s most notorious Twitter User, Tesla’s Elon Musk.

Immigrants not only built the first microchips in Silicon Valley, but they built these companies into the tech titans that they are known as today. After all, more than 50% of billion dollar startups are founded by immigrants, and many of those startups were founded by immigrants on H-1B visas.

Photo courtesy of Flickr/jvoves

While it might sound counterintuitive, immigrants create more jobs and make our economy stronger. Research from the National Foundation of American Policy (NFAP) has shown that immigrant-founded billion-dollar companies doubled their number of employees over the past two years. According to the research, “WeWork went from 1,200 to 6,000 employees between 2016 and 2018, Houzz increased from 800 to 1,800 employees the last two years, while Cloudflare went from 225 to 715 employees.”

We’ve seen the same growth at Brex. In just one year we hired 70 employees and invested over $6 million dollars in creating local jobs. Our startup is not alone, as Inc. recently reported, “50 immigrant-founded unicorn startups have a combined value of $248 billion, according to the report [by NFAP], and have created an average of 1,200 jobs each.”

One of the fundamental drivers of our success is our international workforce. Many of our key-hires are from all over Latin America, spanning from Uruguay to Mexico. In fact, 42% of our workforce is made up of immigrants and another 6% are made up of children of immigrants. Plenty of research shows that diverse teams are more productive and work together better, but that’s only part of the reason why you should bet on an international workforce. When you’re working with the best and brightest from every country, it inspires you to bring forth your most creative ideas, collaborate, and push yourself beyond your comfort zone. It motivates you to be your best.

With all of the positive contributions immigrants bring to this country, you’d think we’d have less restrictive immigration policies. However, that’s not the case. One of the biggest challenges that I face is hiring experienced, qualified engineers and designers to continue innovating in a fast-paced, competitive market.

This is a universal challenge in the tech industry. For the past 10 years, software engineers have been the #1 most difficult job to fill in the United States. Business owners are willing to pay 10-20 percent above the market rate for top talent and engineers. Yet, we’re still projected to have a shortage of two million engineering jobs in the US by 2022. How can you lead the charge of innovation if you don’t have the talent to do it?

What makes matters worse is that there are so few opportunities and types of visas for qualified immigrants. This is limiting job growth, knowledge-sharing, and technological breakthroughs in this country. And we risk losing top talent to other nations if we don’t loosen our restrictive visa laws.

H1-B visa applications fell this year, and at the same time, these visas have become harder to obtain and it has become more expensive to acquire international talent. This isn’t the time to abandon the international talent pool, but to invest in highly specialized workers that can give your startup a competitive advantage.

Already, there’s been a dramatic spike in engineering talent moving to Canada, with a 40% uptick in 2017. Toronto, Berlin, and Singapore are fastly becoming burgeoning tech hubs, and many fear (rightfully) that they will soon outpace the US in growth, talent, and developing the latest technologies.

This year, U.S. based tech companies generated $351 billion of revenue in 2018. The U.S. can’t afford to miss out on this huge revenue source. And, according to Harvard Business School Professor William R. Kerr and the author of The Gift of Global Talent: How Migration Shapes Business, Economy & Society, “Today’s knowledge economy dictates that your ability to attract, develop, and integrate smart minds governs how prosperous you will be.”

Immigrants have made Silicon Valley the powerhouse that it is today, and severely limiting highly-skilled immigration benefits no-one. Immigrants have helped the U.S. build one of the best tech hubs in the world— now is the time for startups to invest in international talent so that our technology, economy, and local communities can continue to thrive.

Silicon Valley’s year of reckoning

Tech companies have always branded themselves as the good guys. But 2018 was the year that the long-held belief that Silicon Valley is on the right side of progress and all things good was called into question by a critical mass.

As startups grow bigger and richer, amassing more power and influence outside of the Valley, a reckoning has played out in government and business. Mission statements like “connecting the world” and “don’t be evil” no longer hold water.

A look at a few of this year’s most impactful news themes underscore why; we’ve racked up too many examples to the contrary.

Android co-creator Andy Rubin’s $90 million payout and sexual misconduct revealed

Since the #MeToo movement opened the floodgates on the importance of fighting for gender equality and fair treatment of women and underrepresented minorities at a large scale, the tech industry was rightfully singled out as a microcosm for rampant misconduct.

In October, a New York Times investigation detailed how Android co-creator Andy Rubin was paid out a $90 million exit package when he left Google in 2014. At the time, Google concealed that the executive had multiple relationships with Google staffers and that credible accounts of sexual misconduct had been filed against him during his time at the company. It was an all-too-familiar story recounting how women in tech aren’t safe at work and misbehaved executives are immune from penalty. Google employees didn’t stand for it. 

At a rally in San Francisco, Google staffers read off their list of demands, which included an end to forced arbitration in cases of harassment and discrimination, a commitment to end pay and opportunity inequity and a clear, inclusive process for reporting sexual misconduct safely and anonymously, reported Kate Clark.

Rubin has since taken leave from his smartphone company, Essential.

The first self-driving car fatality occurred when an Uber SUV struck and killed a woman in Arizona

Dara Khosrowshahi, chief executive officer of Uber, arrives for a morning session at the Allen & Co. Media and Technology Conference in Sun Valley, Idaho, U.S., on Wednesday, July 10. Photographer: Scott Eells/Bloomberg via Getty Images

In March, the first self-driving car fatality occurred in Tempe, Arizona when 49-year-old pedestrian Elaine Herzberg was struck by an Uber autonomous test SUV. The car was in self-driving mode, and there was a safety driver behind the wheel who failed to intervene.

Investigators determined the driver had looked down at a phone 204 times during a 43-minute test drive, and that the driver was streaming “The Voice” on Hulu, according to a police report released by the Tempe Police Department. Law enforcement determined her eyes were off the road for 3.67 miles of the 11.8 total miles driven, or about 31 percent of the time.

Uber paused all of its AV testing operations in Pittsburgh, Toronto, San Francisco and Phoenix as a result, and released a safety report detailing how it will add precautions to its testing of self-driving cars. Two employees will be required to sit in the front seat at all times, and an automatic braking system will be enabled.

The incident immediately raised questions about insurance and liability, along with the investigation from the National Transportation Safety Board. As mobility companies charge full speed ahead in developing solutions that will shape the future of urban transportation, tragedies like this remind us that while AVs and humans share the roads, these programs are rife with risk. Has Uber learned a lesson? We’ll find out soon, as the company received permission by the state of Pennsylvania to resume autonomous vehicle testing.

Jamal Khashoggi was assassinated by Saudi agents, prompting Silicon Valley to think about how it got so rich

JIM WATSON/AFP/Getty Images

Silicon Valley companies are used to getting away with a lot. Larger orgs like Uber, Tesla and Facebook rotate in and out of the hot seat as security breaches wreak havoc and sexual harassment scandals are exposed, only to be washed out of the news cycle by a viral image of Elon Musk sampling marijuana the next day.

But one story shocked the public for weeks, after agents of the Saudi government assassinated Washington Post columnist Jamal Khashoggi at the Saudi Arabian consulate in Istanbul as he was trying to obtain marriage license papers.

The tech industry was collectively upset by its proximity to a government and funding source that blatantly misused its power. Silicon Valley gets most of its money through SoftBank’s Vision Fund and by proxy the Saudi kingdom. About half of SoftBank’s massive $93 billion tech-focused fund is powered by a $45 billion commitment from the Saudi kingdom. This means the total invested by the kingdom alone into U.S. startups is far greater than the total raised by any single VC fund. Did we see a single example of a startup that refused to work with SoftBank in the aftermath? No. Will we? Probably not. Because Silicon Valley players are mostly only political and activist when it’s convenient for them.

Silicon Valley companies that have accepted money from this source have a vested interest in keeping the peace with Saudi Arabia and its Crown Prince Mohammed bin Salman — the leader known for getting friendly with tech CEOs in the past. But where does this leave us now as Saudi Arabian money continues to distort American venture? SoftBank has sustained countless startups with round after round of funding as it plunges into debt.

With SoftBank money inflating round sizes and therefore valuations, tech founders and CEOs are faced with the age-old question of whether or not it’s okay to use dirty money to do “good things.” SoftBank’s 2018 culminated in a record IPO that saw a 15 percent drop in value on its debut. Regardless, the aftermath of the Khashoggi assassination could signify the end of an era in American venture if founders begin to think critically about the source of their funding — and act on it. 

Facebook’s struggle

UNITED STATES – APRIL 11: Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee in Rayburn Building on the protection of user data on April 11, 2018. (Photo By Tom Williams/CQ Roll Call)

Facebook’s 2018 kicked off with Zuckerberg’s wishful, vague post about his personal challenge to “fix Facebook.” The social network bowed out of 2017 with critics saying Zuckerberg hadn’t done enough to combat the proliferation of fake news on Facebook or block Russian interference in the 2016 U.S. election. Online abuse had never been so bad. All of this was happening just as people started to realize that mindlessly browsing the newsfeed — Facebook’s core product — is a total waste of time.

What better timing for not one, but two massive security scandals?

Zuckerberg answered to Congress after Facebook was infiltrated by Cambridge Analytica, a data organization with ties to the Trump administration. In the beginning of 2014, the organization obtained data on 50 million Facebook users in a way that deceived both the users and Facebook itself. 

If that weren’t enough, just months later Facebook revealed at least 30 million users’ data were confirmed to be at risk after attackers exploited a vulnerability allowing them access to users’ personal data. Zuckerberg said that the attackers were using Facebook developer APIs to obtain information, like “name, gender, and hometowns” linked to a user’s profile page. Queue #deletefacebook

A Pew report detailed how Facebook users are becoming more cautious and critical, but they still can’t quit. News and social networking are like oil and water — they can’t blend into coexistence on the same news feed. In 2018, Facebook was caught in a perfect storm. Users started to understand Facebook for what it actually is: powered by algorithms that coalesce fact, opinion and malicious fake content on a platform designed to financially profit off the addictive tendencies of its users. The silver lining is that as people become more cautious and critical of Facebook, the market is readying itself for a new, better social network to be designed off the pioneering mistakes of its predecessors.

Apple hits a $1 trillion market cap and celebrates the anniversary of the iPhone with design changes

SAN FRANCISCO, CA – OCTOBER 22: Apple CEO Tim Cook speaks during an Apple announcement. (Photo by Justin Sullivan/Getty Images)

This was a hardware-heavy year for Apple. The MacBook Air got Retina Display. The Apple Watch got a big redesign. The iPad Pro said farewell to the home button. We met the new mac Mini and an updated Apple Pencil. In September, Apple held its annual hardware event in Cupertino to announce three new iPhone models, the XS (the normal one), XR (the cheap one) and the XS Max (the big one). We also learned that the company went back to the drawing board on the Mac Pro.

In August, Apple won the race to $1 trillion in market cap. It wasn’t the frayed cords or crappy keyboards that boosted the company past this milestone, but rather price hikes in its already high-margin iPhone sales. But while Apple remains wildly profitable, growth is slowing notably.

Tech stocks took a beating toward the end of the year, and although Apple seems to have weathered the storm better than most companies, it may have reached a threshold for how much it can innovate on its high-end hardware. It may be wise for the company to focus on other methods of bringing in revenue like Apple Music and iCloud if it wants to shoot for the $2 trillion market cap.

As the biggest, richest companies get bigger and richer, questions about antitrust and regulation rise to ensure they don’t hold too much economic power. Tim Cook has more authority than many political leaders. Let’s hope he uses it for good.

Tesla CEO Elon Musk sued by the SEC for securities fraud

CHICAGO, IL – JUNE 14: Engineer and tech entrepreneur Elon Musk of The Boring Company listens as Chicago Mayor Rahm Emanuel talks about constructing a high speed transit tunnel at Block 37 during a news conference on June 14, 2018 in Chicago, Illinois. Musk said he could create a 16-passenger vehicle to operate on a high-speed rail system that could get travelers to and from downtown Chicago and O’Hare International Airport under twenty minutes, at speeds of over 100 miles per hour. (Photo by Joshua Lott/Getty Images)

In August, Tesla CEO Elon Musk announced in a tweet heard around the internet that he was considering taking Tesla private for $420 per share and that he’d secured funding to do so. The questioning started. Was it legit? Was it a marijuana joke? The tweet caused Tesla’s stock price to jump by more than 6 percent on August 7. Musk also complained that being a public company “subjects Tesla to constant defamatory attacks by the short-selling community, resulting in great harm to our valuable brand.”

Turns out, Musk had indeed met with representatives from the Saudi sovereign wealth fund, and that the fund’s lead rep told Musk that they’d bought about 5 percent of Tesla’s stock at a stake worth $2 billion, were interested in taking the company private and confirmed that this rep had the power to make these kinds of investment decisions for the fund. However, nothing was written on paper, and Musk did not notify the Nasdaq — an important requirement.

At the end of September, the SEC filed a lawsuit against Musk for securities fraud in regards to his “false and misleading” tweets, seeking to remove him from Tesla. Musk settled with the SEC two days after being charged, resigning from his chairman position but remaining CEO. Musk and Tesla were also ordered to pay separate $20 million fines to “be distributed to harmed investors under a court-approved process,” according to the SEC.

Public companies are supposed to value the interests of their shareholders. Pulling the trigger on an impulsive tweet breaks that trust — and in Musk’s case, cost $40 million and a board seat. This is why we should never put too much fear or faith in our leaders. Musk is brilliant and his inventions are changing the world. But he is human and humans are flawed and the Tesla board should have done more to balance power at the top. 

The great Amazon HQ2 swindle

Chief Executive Officer of Amazon, Jeff Bezos, tours the facility at the grand opening of the Amazon Spheres, in Seattle, Washington on January 29, 2018. Amazon opened its new Seattle office space which looks more like a rainforest. The company created the Spheres Complex to help spark employee creativity. (Photo: JASON REDMOND/AFP/Getty Images)

Tech jobs bring new wealth to cities. Amazon set out on a roadshow across America in what the company described as a search for its second headquarters, or “HQ2.” The physical presence of Amazon’s massive retail and cloud businesses would undoubtedly bring wealth, innovation, jobs and investment into a region.

There was initial hope that the retail giant would choose a city in the American heartland, serving as a catalyst for job growth in a burgeoning tech hub like Columbus, Ohio, Detroit, Mich., or Birmingham, Ala. But in the end, Amazon split the decision between two locations: New York (Long Island City) and Arlington, Virginia, as the sites for its new offices. The response? Outrage.

Jon Shieber noted that cities opened their books to the company to prove their viability as a second home for the retailing giant. In return, Amazon reaped data on urban and exurban centers that it could use to develop the next wave of its white-collar office space, and more than $2 billion worth of tax breaks from the cities that it will eventually call home for its new offices.

Danny Crichton argued that Amazon did exactly what it should have with its HQ2 process. Crichton wrote that Amazon is its own entity and therefore has ownership of its decisions. It allowed cities to apply and provide information on why they might be the best location for its new headquarters. Maybe the company ignored all of the applications. Maybe it was a ploy to collect data. Maybe it wanted publicity. Regardless, it allowed input into a decision it has complete and exclusive control over.

Let’s hope that in 2019, Silicon Valley will hold on to some of its ethos as a venture-funded sandbox for brilliant entrepreneurs who want to upend antiquated industries with proprietary tech inventions. But let it be known that sleeping at the wheel while your company gets breached, turning a blind eye to the evil doings of your largest funding sources and executive immunity from sexual misconduct violations no longer have their place here. 

Facebook is not equipped to stop the spread of authoritarianism

After the driver of a speeding bus ran over and killed two college students in Dhaka in July, student protesters took to the streets. They forced the ordinarily disorganized local traffic to drive in strict lanes and stopped vehicles to inspect license and registration papers. They even halted the vehicle of the chief of Bangladesh Police Bureau of Investigation and found that his license was expired. And they posted videos and information about the protests on Facebook.

The fatal road accident that led to these protests was hardly an isolated incident. Dhaka, Bangladesh’s capital, which was ranked the second least livable city in the world in the Economist Intelligence Unit’s 2018 global liveability index, scored 26.8 out of 100 in the infrastructure category included in the rating. But the regional government chose to stifle the highway safety protests anyway. It went so far as raids of residential areas adjacent to universities to check social media activity, leading to the arrest of 20 students. Although there were many images of Bangladesh Chhatra League, or BCL men, committing acts of violence on students, none of them were arrested. (The BCL is the student wing of the ruling Awami League, one of the major political parties of Bangladesh.)

Students were forced to log into their Facebook profiles and were arrested or beaten for their posts, photographs and videos. In one instance, BCL men called three students into the dorm’s guest room, quizzed them over Facebook posts, beat them, then handed them over to police. They were reportedly tortured in custody.

A pregnant school teacher was arrested and jailed for just over two weeks for “spreading rumors” due to sharing a Facebook post about student protests. A photographer and social justice activist spent more than 100 days in jail for describing police violence during these protests; he told reporters he was beaten in custody. And a university professor was jailed for 37 days for his Facebook posts.

A Dhaka resident who spoke on the condition of anonymity out of fear for their safety said that the crackdown on social media posts essentially silenced student protesters, many of whom removed from their profiles entirely photos, videos and status updates about the protests. While the person thought that students were continuing to be arrested, they said, “nobody is talking about it anymore — at least in my network — because everyone kind of ‘got the memo,’ if you know what I mean.”

This isn’t the first time Bangladeshi citizens have been arrested for Facebook posts. As just one example, in April 2017, a rubber plantation worker in southern Bangladesh was arrested and detained for three months for liking and sharing a Facebook post that criticized the prime minister’s visit to India, according to Human Rights Watch.

Bangladesh is far from alone. Government harassment to silence dissent on social media has occurred across the region, and in other regions as well — and it often comes hand-in-hand with governments filing takedown requests with Facebook and requesting data on users.

Facebook has removed posts critical of the prime minister in Cambodia and reportedly “agreed to coordinate in the monitoring and removal of content” in Vietnam. Facebook was criticized for not stopping the repression of Rohingya Muslims in Myanmar, where military personnel created fake accounts to spread propaganda, which human rights groups say fueled violence and forced displacement. Facebook has since undertaken a human rights impact assessment in Myanmar, and it also took down coordinated inauthentic accounts in the country.

UNITED STATES – APRIL 10: Facebook CEO Mark Zuckerberg testifies during the Senate Commerce, Science and Transportation Committee and Senate Judiciary Committee joint hearing on “Facebook, Social Media Privacy, and the Use and Abuse of Data” on Tuesday, April 10, 2018. (Photo By Bill Clark/CQ Roll Call)

Protesters scrubbing Facebook data for fear of repercussion isn’t uncommon. Over and over again, authoritarian-leaning regimes have utilized low-tech strategies to quell dissent. And aside from providing resources related to online privacy and security, Facebook still has little in place to protect its most vulnerable users from these pernicious efforts. As various countries pass laws calling for a local presence and increased regulation, it is possible that the social media conglomerate doesn’t always even want to.

“In many situations, the platforms are under pressure,” said Raman Jit Singh Chima, policy director at Access Now. “Tech companies are being directly sent takedown orders, user data requests. The danger of that is that companies will potentially be overcomplying or responding far too quickly to government demands when they are able to push back on those requests,” he said.

Elections are often a critical moment for oppressive behavior from governments — Uganda, Chad and Vietnam have specifically targeted citizens — and candidates — during election time. Facebook announced just last Thursday that it had taken down nine Facebook pages and six Facebook accounts for engaging in coordinated inauthentic behavior in Bangladesh. These pages, which Facebook believes were linked to people associated with the Bangladesh government, were “designed to look like independent news outlets and posted pro-government and anti-opposition content.” The sites masqueraded as news outlets, including fake BBC Bengali, BDSNews24 and Bangla Tribune and news pages with Photoshopped blue checkmarks, according to the Atlantic Council’s Digital Forensic Research Lab.

Still, the imminent election in Bangladesh doesn’t bode well for anyone who might wish to express dissent. In October, a digital security bill that regulates some types of controversial speech was passed in the country, signaling to companies that as the regulatory environment tightens, they too could become targets.

More restrictive regulation is part of a greater trend around the world, said Naman M. Aggarwal, Asia policy associate at Access Now. Some countries, like Brazil and India, have passed “fake news” laws. (A similar law was proposed in Malaysia, but it was blocked in the Senate.) These types of laws are frequently followed by content takedowns. (In Bangladesh, the government warned broadcasters not to air footage that could create panic or disorder, essentially halting news programming on the protests.)

Other governments in the Middle East and North Africa — such as Egypt, Algeria, United Arab Emirates, Saudi Arabia and Bahrain — clamp down on free expression on social media under the threat of fines or prison time. And countries like Vietnam have passed laws requiring social media companies to localize their storage and have a presence in the country — typically an indication of greater content regulation and pressure on the companies from local governments. In India, WhatsApp and other financial tech services were told to open offices in the country.

And crackdowns on posts about protests on social media come hand-in-hand with government requests for data. Facebook’s biannual transparency report provides detail on the percentage of government requests with which the company complies in each country, but most people don’t know until long after the fact. Between January and June, the company received 134 emergency requests and 18 legal processes from Bangladeshi authorities for 205 users or accounts. Facebook turned over at least some data in 61 percent of emergency requests and 28 percent of legal processes.

Facebook said in a statement that it “believes people deserve to have a voice, and that everyone has the right to express themselves in a safe environment,” and that it handles requests for user data “extremely carefully.”

The company pointed to its Facebook for Journalists resources and said it is “saddened by governments using broad and vague regulation or other practices to silence, criminalize or imprison journalists, activists, and others who speak out against them,” but the company said it also helps journalists, activists and other people around the world to “tell their stories in more innovative ways, reach global audiences, and connect directly with people.”

But there are policies that Facebook could enact that would help people in these vulnerable positions, like allowing users to post anonymously.

“Facebook’s real names policy doesn’t exactly protect anonymity, and has created issues for people in countries like Vietnam,” said Aggarwal. “If platforms provide leeway, or enough space for anonymous posting, and anonymous interactions, that is really helpful to people on the ground.”

BERLIN, GERMANY – SEPTEMBER 12: A visitor uses a mobile phone in front of the Facebook logo at the #CDUdigital conference on September 12, 2015 in Berlin, Germany. (Photo by Adam Berry/Getty Images)

A German court in February found the policy illegal under its decade-old privacy law. Facebook said it plans to appeal the decision.

“I’m not sure if Facebook even has an effective strategy or understanding of strategy in the long term,” said Sean O’Brien, lead researcher at Yale Privacy Lab. “In some cases, Facebook is taking a very proactive role… but in other cases, it won’t.” In any case, these decisions require a nuanced understanding of the population, culture, and political spectrum in various regions — something it’s not clear Facebook has.

Facebook isn’t responsible for government decisions to clamp down on free expression. But the question remains: How can companies stop assisting authoritarian governments, inadvertently or otherwise?

“If Facebook knows about this kind of repression, they should probably have… some sort of mechanism to at the very least heavily try to convince people not to post things publicly that they think they could get in trouble for,” said O’Brien. “It would have a chilling effect on speech, of course, which is a whole other issue, but at least it would allow people to make that decision for themselves.”

This could be an opt-in feature, but O’Brien acknowledges that it could create legal liabilities for Facebook, leading the social media giant to create lists of “dangerous speech” or profiles on “dissidents,” and could theoretically shut them down or report them to the police. Still, Facebook could consider rolling a “speech alert” feature to an entire city or country if that area becomes volatile politically and dangerous for speech, he said.

O’Brien says that social media companies could consider responding to situations where a person is being detained illegally and potentially coerced into giving their passwords in a way that could protect them, perhaps by triggering a temporary account reset or freeze to prevent anyone from accessing the account without proper legal process. Some actions that might trigger the reset or freeze could be news about an individual’s arrest — if Facebook is alerted to it, contact from the authorities, or contact from friends and loved ones, as evaluated by humans. There could even be a “panic button” type trigger, like Guardian Project’s PanicKit, but for Facebook — allowing users to wipe or freeze their own accounts or posts tagged preemptively with a code word only the owner knows.

“One of the issues with computer interfaces is that when people log into a site, they get a false sense of privacy even when the things they’re posting in that site are widely available to the public,” said O’Brien. Case in point: this year, women anonymously shared their experiences of abusive co-workers in a shared Google Doc — the so-called “Shitty Media Men” list, likely without realizing that a lawsuit could unmask them. That’s exactly what is happening.

Instead, activists and journalists often need to tap into resources and gain assistance from groups like Access Now, which runs a digital security helpline, and the Committee to Protect Journalists. These organizations can provide personal advice tailored to their specific country and situation. They can access Facebook over the Tor anonymity network. Then can use VPNs, and end-to-end encrypted messaging tools, and non-phone-based two-factor authentication methods. But many may not realize what the threat is until it’s too late.

The violent crackdown on free speech in Bangladesh accompanied government-imposed internet restrictions, including the throttling of internet access around the country. Users at home with a broadband connection did not feel the effects of this, but “it was the students on the streets who couldn’t go live or publish any photos of what was going on,” the Dhaka resident said.

Elections will take place in Bangladesh on December 30.

In the few months leading up to the election, Access Now says it’s noticed an increase in Bangladeshi residents expressing concern that their data has been compromised and seeking assistance from the Digital Security hotline.

Other rights groups have also found an uptick in malicious activity.

Meenakshi Ganguly, South Asia director at Human Rights Watch, said in an email that the organization is “extremely concerned about the ongoing crackdown on the political opposition and on freedom of expression, which has created a climate of fear ahead of national elections.”

Ganguly cited politically motivated cases against thousands of opposition supporters, many of which have been arrested, as well as candidates that have been attacked.

Human Rights Watch issued a statement about the situation, warning that the Rapid Action Battalion, a “paramilitary force implicated in serious human rights violations including extrajudicial killings and enforced disappearances,” and has been “tasked with monitoring social media for ‘anti-state propaganda, rumors, fake news, and provocations.’” This is in addition to a nine-member monitoring cell and around 100 police teams dedicated to quashing so-called “rumors” on social media, amid the looming threat of news website shutdowns.

“The security forces continue to arrest people for any criticism of the government, including on social media,” Ganguly said. “We hope that the international community will urge the Awami League government to create conditions that will uphold the rights of all Bangladeshis to participate in a free and fair vote.”