Timesdelhi.com

December 15, 2018
Category archive

digital media

JioSaavn becomes India’s answer to Spotify and Apple Music

in alibaba/Amazon/Android/apple music/Asia/China/computing/Delhi/Dhingana/digital audio/digital media/executive/funding/Fundings & Exits/India/Internet/Media/New York/Pandora/pandora radio/Politics/rdio/Reliance Jio/saavn/Software/Spotify/Tencent/tencent music/tiger global/Times Internet/Walmart by

India finally has its answer to Spotify after Reliance Jio merged its music service with Saavn, the startup it acquired earlier this year.

The deal itself isn’t new — it was announced back in March — but it has reached its logical conclusion after two apps were merged to create a single entity, JioSaavn, which is valued at $1 billion. For the first time, India has a credible rival to global names like Spotify and Apple Music through the combination of a venture capital-funded business — Saavn — and good old-fashioned telecom, JioMusic from Reliance’s disruptive Jio operator brand.

This merger deal comes days after reports suggested that Spotify is preparing to (finally) enter the Indian market, a move that has been in the planning for over a year as we have reported.

That would set up an interesting battle between global names Spotify and Apple and local players JioSaavn and Gaana, a project from media firm Times Internet which is also backed by China’s Tencent.

It isn’t uncommon to see international firms compete in Asia — Walmart and Amazon are the two major e-commerce players while Chinese firms Alibaba and Tencent have busily snapped up stakes in promising internet companies for the past couple of years — but that competition has finally come to the streaming space.

There have certainly been misses over the years.

Early India-based pioneer Dhingana was scooped by Rdio back in 2014 having initial shut down its service due to financial issues. Ultimately, though, Rdio itself went bankrupt and was sold to Pandora, leaving both Rdio and Dhingana in the startup graveyard.

Saavn, the early competitor too Dhingana, seemed destined to a similar fate, at least from the outside. But it hit the big time in 2015 when it raised $100 million from Tiger Global, the New York hedge fund that made ambitious bets on a number of India’s most promising internet firms. That gave it the fuel to reach this merger deal with JioMusic.

Unlike Dhingana’s fire sale, Saavn’s executive team continues on under the JioSaavn banner.

The coming-together is certainly a far more solid outcome than the Rdio deal. JioSaavn has some 45 million songs — including a slate of originals started by Saav — and access to the Jio network, which claims over 250 million subscribers.

JioSaavn is available across iOS, Android, web and Reliance Jio’s own app store

The JioMusic service will be freemium but Jio subscribers will get a 90-day trial of the ad-free ‘Pro’ service. The company maintains five offices — including outposts in Mountain View and New York — with over 200 employees while Reliance has committed to pumping $100 million into the business for “growth and expansion of the platform.”

While it is linked to Reliance and Jio, JioMusic is a private business that counts Reliance as a stakeholder. You’d imagine that remaining private is a major carrot that has kept Saavn founders — Rishi Malhotra, Paramdeep Singh and Vinodh Bhat — part of the business post-merger.

The window certainly seems open for streaming IPOs — Spotify went public this past April through an unconventional listing that valued its business around $30 billion while China’s Tencent Music is in the process of a listing that could raise $1.2 billion and value it around that $30 billion mark, too. JioSaavn might be the next streamer to test the public markets.

News Source = techcrunch.com

Let’s meet in Poland this month

in Delhi/digital media/Europe/India/matter/poland/Politics/San Francisco/Startups/TC/TechCrunch/warsaw/WeWork/world wide web/wroclaw by

I’ll be heading back to Europe on December 18th to run a pitch-off in Wroclaw, Poland. It’s a bit out of the way but well worth a visit if only for the sausages.

The event called In-Ference is happening on December 17 and you can submit to pitch here. The team will notify you if you have been chosen to pitch. The winner will receive a table at TC Disrupt in San Francisco.

I’m also thinking about an event in Warsaw on the 21st but WeWork didn’t look doable (and I don’t like co-working spaces). If anyone has thoughts on a new venue drop me a line at john@techcrunch.com. Otherwise, I’ll see you in Wroclaw! Wesołych Świat!

News Source = techcrunch.com

Facebook bug let websites read ‘likes’ and interests from a user’s profile

in Delhi/digital media/Facebook/Hack/Imperva/India/Politics/Security/Social/social media/world wide web by

Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge.

That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, a website could quietly siphon off certain bits of data from your logged-in Facebook profile in another tab.

Masas demonstrated how a website acting in bad faith could embed an IFRAME — used to nest a webpage within a webpage — to silently collect profile information.

“This allowed information to cross over domains — essentially meaning that if a user visits a particular website, an attacker can open Facebook and can collect information about the user and their friends,” said Masas.

The malicious website could open several Facebook search queries in a new tab, and run queries that could return “yes” or “no” responses — such as if a Facebook user likes a page, for example. Masas said that the search queries could return more complex results — such as returning all a user’s friends with a particular name, a user’s posts with certain keywords, and even more personal demographics — such as all of a person’s friends with a certain religion in a named city.

“The vulnerability exposed the user and their friends’ interests, even if their privacy settings were set so that interests were only visible to the user’s friends,” he said.

A snippet from a proof-of-concept built by Masas to show him exploiting the bug. (Image: Imperva/supplied)

In fairness, it’s not a problem unique to Facebook nor is it particularly covert. But given the kind of data available, Masas said this kind of data would be “attractive” to ad companies.

Imperva privately disclosed the bug in May. Facebook fixed the bug days later by adding CSRF protections and paid out $8,000 in two separate bug bounties.

Facebook told TechCrunch that the company hasn’t seen any abuse.

“We appreciate this researcher’s report to our bug bounty program,” said Facebook spokesperson Margarita Zolotova in a statement. “As the underlying behavior is not specific to Facebook, we’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications.”

It’s the latest in a string of data exposures and bugs that have put Facebook user data at risk after the Cambridge Analytica scandal this year, which saw a political data firm vacuum up profiles on 87 million users to use for election profiling — including users’ likes and interests.

Months later, the social media giant admitted millions of user account tokens had been stolen from hackers who exploited a chain of bugs.

News Source = techcrunch.com

Bots Distorted the 2016 Election. Will the Midterms Be a Sequel?

in botnet/bots/california/Column/computing/Delhi/digital media/Facebook/Governor/India/internet research agency/Jamal Khashoggi/jerry brown/journalist/National Football League/nfl/Pew Research Center/Politics/president/presidential election/Saudi Arabia/social media/social media platforms/Software/the wall street journal/Trump/Twitter/United Kingdom/United States/wall-street-journal by

The fact that Russian-linked bots penetrated social media to influence the 2016 U.S. presidential election has been well documented and the details of the deception are still trickling out.

In fact, on Oct. 17 Twitter disclosed that foreign interference dating back to 2016 involved 4,611 accounts — most affiliated with the Internet Research Agency, a Russian troll farm. There were more than 10 million suspicious tweets and more than 2 million GIFs, videos and Periscope broadcasts.

In this season of another landmark election — a recent poll showed that about 62 percent of Americans believe the 2018 midterm elections are the most important midterms in their lifetime – it is natural to wonder if the public and private sectors have learned any lessons from the 2016 fiasco. And about what is being done to better protect against this malfeasance by nation-state actors.

There is good news and bad news here. Let’s start with the bad.

Two years after the 2016 election, social media still sometimes looks like a reality show called “Propagandists Gone Wild.” Hardly a major geopolitical event takes place in the world without automated bots generating or amplifying content that exaggerates the prevalence of a particular point of view.

In mid-October, Twitter suspended hundreds of accounts that simultaneously tweeted and retweeted pro-Saudi Arabia talking points about the disappearance of journalist Jamal Khashoggi.

On Oct. 22, the Wall Street Journal reported that Russian bots helped inflame the controversy over NFL players kneeling during the national anthem. Researchers from Clemson University told the newspaper that 491 accounts affiliated with the Internet Research Agency posted more 12,000 tweets on the issue, with activity peaking soon after a Sept. 22, 2017 speech by President Trump in which he said team owners should fire players for taking a knee during the anthem.

The problem hasn’t persisted only in the United States. Two years after bots were blamed for helping sway the 2016 Brexit vote in Britain, Twitter bots supporting the anti-immigration Sweden Democrats increased significantly this spring and summer in the leadup to that country’s elections.

These and other examples of continuing misinformation-by-bot are troubling, but it’s not all doom and gloom.  I see positive developments too.

Photo courtesy of Shutterstock/Nemanja Cosovic

First, awareness must be the first step in solving any problem, and cognizance of bot meddling has soared in the last two years amid all the disturbing headlines.

About two-thirds of Americans have heard of social media bots, and the vast majority of those people are worried bots are being used maliciously, according to a Pew Research Center survey of 4,500 U.S. adults conducted this summer. (It’s concerning, however, that much fewer of the respondents said they’re confident that can actually recognize when accounts are fake.)

Second, lawmakers are starting to take action. When California Gov. Jerry Brown on Sept. 28 signed legislation making it illegal as of July 1, 2019 to use bots – to try to influence voter opinion or for any other purpose — without divulging the source’s artificial nature, it followed anti-ticketing-bot laws nationally and in New York State as the first bot-fighting statutes in the United States.

While I support the increase in awareness and focused interest by legislators, I do feel the California law has some holes. The measure is difficult to enforce because it’s often very hard to identify who is behind a bot network, the law’s penalties aren’t clear, and an individual state is inherently limited it what it can do to attack a national and global issue. However, the law is a good start and shows that governments are starting to take the problem seriously.

Third, the social media platforms — which have faced congressional scrutiny over their failure to address bot activity in 2016 – have become more aggressive in pinpointing and eliminating bad bots.

It’s important to remember that while they have some responsibility, Twitter and Facebook are victims here too, taken for a ride by bad actors who have hijacked these commercial platforms for their own political and ideological agendas.

While it can be argued that Twitter and Facebook should have done more sooner to differentiate the human from the non-human fakes in its user rolls, it bears remembering that bots are a newly acknowledged cybersecurity challenge. The traditional paradigm of a security breach has been a hacker exploiting a software vulnerability. Bots don’t do that – they attack online business processes and thus are difficult to detect though customary vulnerability scanning methods.

I thought there was admirable transparency in Twitter’s Oct. 17 blog accompanying its release of information about the extent of misinformation operations since 2016. “It is clear that information operations and coordinated inauthentic behavior will not cease,” the company said. “These types of tactics have been around for far longer than Twitter has existed — they will adapt and change as the geopolitical terrain evolves worldwide and as new technologies emerge.”

Which leads to the fourth reason I’m optimistic: technological advances.

In the earlier days of the internet, in the late ‘90s and early 00’s, networks were extremely susceptible to worms, viruses and other attacks because protective technology was in its early stages of development. Intrusions still happen, obviously, but security technology has grown much more sophisticated and many attacks occur due to human error rather than failure of the defense systems themselves.

Bot detection and mitigation technology keeps improving, and I think we’ll get to a state where it becomes as automatic and effective as email spam filters are today. Security capabilities that too often are siloed within networks will integrate more and more into holistic platforms better able to detect and ward off bot threats.

So while we should still worry about bots in 2018, and the world continues to wrap its arms around the problem, we’re seeing significant action that should bode well for the future.

The health of democracy and companies’ ability to conduct business online may depend on it.

News Source = techcrunch.com

Campaign tool supplied to UK’s governing party by Trump-Pence app dev quietly taken out of service

in Apps/Cambridge Analytica/Conservative Campaigner/Conservative Party/data protection/DCMS committee/Delhi/digital media/electoral law/Europe/European Union/Facebook/General Election/Government/India/information commissioner's office/Malta/Politics/privacy/republican national committee/Social/social media/social network/terms of service/uCampaign/United Kingdom by

An app that the UK’s governing party launched last year — for Conservative Party activists to gamify, ‘socialize’ and co-ordinate their campaigning activity — has been quietly pulled from app stores.

Its vanishing was flagged to us earlier today, by Twitter user Sarah Parks, who noticed that, when loaded, the Campaigner app now displays a message informing users the supplier is “no longer supporting clients based in Europe”.

“So we’re taking this opportunity to refresh our campaigning app,” it adds. “We will be back with a new and improved app early next year – well in time for the local elections.”

(Bad luck, then, should there end up being another very snap, Brexit-induced UK General Election in the meanwhile, as some have suggested may yet come to pass. But I digress… )

The supplier of the Conservative Campaigner app is — or was — a US-based add developer called uCampaign, which had also built branded apps for Trump-Pence 2016; the Republican National Committee; and the UK’s Vote Leave Brexit campaign, to name a few of the political campaigns it has counted as customers.

Here’s a few more: The (pro-gun) National Rife Association and the (anti-abortion) SBA List.

We know the name of the Conservative Campaigner app’s supplier because this summer we raised privacy concerns about the app — on account of its use of uCampaign’s boilerplate privacy policy, if you clicked to read the app’s privacy policy earlier this year.

The wording of uCampaign’s privacy policy suggested the Conservative Campaigner app could be harvesting users’ mobile phone contacts — if they chose to sync their contacts book with it.

The privacy policy for the app was subsequently changed to point to the Conservative Party’s own privacy policy — with the change of privacy policy taking place just before a tough new EU-wide data protection framework, GDPR, came into force on May 25 this year.

Prior to May 23, the privacy policy of the Conservatives’ digital campaigning app suggests it was harvesting contacts data from users — and potentially sharing non-users’ personal information with entities of uCampaign’s choosing (given, for example, the company’s privacy policy gave itself the right to “share your Personal Information with other organizations, groups, causes, campaigns, political organizations, and our clients that we believe have similar viewpoints, principles or objectives as us”).

This sort of consentless scraping of large amounts of networked personal data — by sucking up information on users’ friend groups and other personal connections — has of course had a massive spotlight thrown on it this year, as a result of the Facebook Cambridge Analytica data misuse scandal in which the personal data of tens of millions of Facebook users was extracted from the social network via a quiz app that used a (now defunct) Facebook friends API to grab data on non-users who would not have even had the chance to agree to the app’s terms.

Safe to say, this modus operandi wasn’t cool then — and it’s certainly not cool now.

Politicians all over the globe have been shaken awake by the Cambridge Analytica scandal, and are now raising all sorts of concerns about how data and digital tools are being used (and or misused and abused).

The EU parliament recently called for an independent audit of Facebook, for example.

In the UK, a committee that’s been probing the impact of social media-accelerated disinformation on democratic processes published a report this summer calling for a levy on social media to defend democracy. Its lengthy preliminary report also suggested urgent amendments to domestic electoral law to reflect the use of digital technologies for political campaigning.

Though the UK’s Conservative minority government — and the party behind the now on-pause Conservative Campaigner app — apparently disagrees on the need for speed, declining in its response last week to accept most of the committee’s laundry list of recommended changes.

The DCMS committee’s inquiry into political campaigns’ use (and misuse) of personal data continues — now at a transnational level.

An ethical pause?

Shortly after we published our privacy concerns about the Conservative Campaigner app, the UK’s data protection watchdog issued its own a lengthy report detailing extensive concerns about how UK political parties were misusing personal data — and calling for an ethical pause on the use of microtargeting for election campaigning purposes.

Which does rather beg the question whether the Conservative Campaigner app going AWOL now, until a reboot under a new supplier (presumably) next year, might not represent just such an ‘ethical pause’.

The app is, after all, only just over a year old.

We asked the Conservative Party a number of questions about the Campaigner app via email — after a press office spokeswoman declined to discuss the matter on the telephone.

Five hours later it emailed the following brief statement, attributed to a Conservative spokesperson:

We work with a number of different suppliers and all Conservative party campaigning is compliant with the relevant data protection legislation including GDPR.

The spokesperson did not engage with the substance of the vast majority of our concerns — such as those relating to the app’s handling of people’s data and the legal bases for any transfers of UK voter data to the US.

Instead the spokesperson reiterated the in-app notification which claims “the supplier” is no longer supporting clients based in Europe.

They also said the party is currently reviewing its campaigning tools, without providing any further detail.

We’ve included our full list of questions at the bottom of this post.

We’ve also reached out to the ICO to ask if it had any concerns related to how the Conservative Campaigner app was handling people’s data.

Similarly, the former deputy director & head of digital strategy for the Conservative party, Anthony Hind, declined to engage with the same data protection concerns when we raised them with him directly, back in July.

According to his LinkedIn profile he’s since moved on from the Conservatives to head up social media for the Confederation of British Industry.

For this report we also reached out to uCampaign’s founder and CEO, Thomas Peters, to ask for confirmation on the company’s situation vis-a-vis European clients.

At the time of writing Peters had not responded to our emails. We’ll update this story with any uCampaign response.

The company’s website still includes the UK Conservative Party listed as a client — though the language used on the webpage does not make it explicit whether or not the party is a current client…

Another graphic on the same page plots the UK flag on a world map depicting what uCampaign dubs its “global platform”, where it’s marked along with several other European flags — including Ireland, France, Germany and Malta, suggesting uCampaign has — or had — multiple European clients.

Here’s the full list of questions we put to the Conservatives about their campaigner app. To our eye it has answered just one of them:

Can you confirm — on the record — the reasons for the app being pulled?

Does the Conservative Party intend to continue working with uCampaign for the new campaign app that will relaunch next year? Or does the party have a new supplier?

If the latter, where is the new supplier based? In the UK or in the US?

Did the Conservative Party have any concerns at all related to using uCampaigner as a supplier? (Given, for example, concerns flagged about its data privacy practices by one of the DCMS committee’s recent reports — following an inquiry investigating digital campaigning.)

If the Conservative Party was aware of data privacy concerns pertaining to uCampaign’s practices can you confirm when the party became aware of such concerns?

Was the party aware that the privacy policy it used for the app prior to May 23, 2018 was uCampaign’s own privacy policy?

This privacy policy stated that the app could harvest data from users’ mobile phone contacts and share that data with unknown third parties of the developer’s choosing — including other political campaigns. Is the Conservative Party comfortable with having its supporters’ data shared with other political campaigns?

What due diligence did the Conservative Party carry out before it selected uCampaign as its app supplier?

After signing up the supplier, did the Conservative Party carry out a privacy impact assessment related to how the app operates?

Please confirm all the data points that the app was collecting from users, and what each of those data points was being used for

Where was app user data being processed? In the US, where uCampaign is based, or in the UK where potential voters live?

If the US, what was the legal basis for any transfer of data from UK users to the US?

Is the Conservative Party confident its use of the campaigner app did not breach UK data protection law?

Earlier this year the former Cabinet Minister Dominic Grieve suggested that the bosses of tech giants involved in the Cambridge Analytica data misuse scandal should be jailed for their part in abusing online data for political and financial gain. Does the Conservative Party support Grieve’s position on online data abuse?

Has anyone been sacked or sanctioned for their part in procuring uCampaign as the app supplier — and/or overseeing the operation of the Conservative Campaigner app itself?

Will the Conservative Party commit to notifying all individuals whose data was shared with uCampaign without their explicit consent?

Can the Conservative Party confirm how many individuals had their personal data shared with uCampaign?

Has the Information Commissioner’s Office raised any concerns with the Conservative Party about the Campaigner app?

Has the Conservative Party itself reported any concerns about the app/uCampaign to the ICO?

News Source = techcrunch.com

1 2 3 8
Go to Top