Menu

Timesdelhi.com

June 25, 2019
Category archive

reporter

Why your CSO, not your CMO, should pitch your security startup

in computer security/computing/cryptography/Delhi/encryption/Entrepreneurship/executive/India/law enforcement/national security/Politics/reporter/Security/snake oil/Startup company/Startups by

Whenever a security startup lands on my desk, I have one question: Who’s the chief security officer (CSO) and when can I get time with them?

Having a chief security officer is as relevant today as a chief marketing officer (CMO) or chief revenue boss. Just as you need to make sure your offering looks good and the money keeps rolling in, you need to show what your security posture looks like.

Even for non-security startups, having someone at the helm is just as important — not least given the constant security threats that all companies face today, they will become a necessary part of interacting with the media. Regardless of whether your company builds gadgets or processes massive amounts of customer data, security has to be at the front of mind. It’s no good simply saying that you “take your privacy and security seriously.” You have to demonstrate it.

A CSO has several roles and they will wear many hats. Depending on the kind of company you have, they will work to bolster your company’s internal processes and policies on keeping not only your corporate data safe but also the data of your customers. They also will be consulted on security practices of your app or product or service to make sure you’re complying with consumer-expected privacy expectations — and not the overbearing and all-embracing industry standards of vacuuming up as much data as there is.

But for the average security startup, a CSO should also act as the point-person for all technical matters associated with their company’s product or service. A CSO can be an evangelist for the infosec professional who can speak to their company’s offering — and to reporters, like me.

In my view, no startup of any size — especially a security startup — should be without a CSO.

The reality is about 95 percent of the world’s wealthiest companies don’t have one. Facebook hasn’t had someone running the security shop since August. It may be a coincidence that the social networking giant has faced breach after exposure after leak after scandal, and it shows — the company is running around headless without a direction of where to go.

Grocery delivery startup Honestbee is running out of money and trying to sell

in alibaba/Asia/asia pacific/bangkok/bank transfers/Brian Koo/countries/Delhi/eCommerce/executive/Exit/Food/food delivery/Formation Group/Formation8/go-jek/grab/Honestbee/India/Indonesia/Japan/LG/Malaysia/online food ordering/online marketing/Philippines/Politics/reporter/Singapore/Southeast Asia/Startups/taiwan/TechCrunch/Thailand/Viber/vietnam/Vision Fund/world wide web/Yahoo by

Honestbee, the online grocery delivery service in Asia, is nearly out of money and trying to offload its business.

The company has held early conversations with a number of suitors in Asia, including ride-hailing giants Grab and Go-Jek, over the potential acquisition of part, or all, of its business, according to two industry sources with knowledge of the talks.

Founded in 2015, Honestbee works with supermarkets and retailers to deliver goods to customers using its store pickers, delivery fleet and mobile apps. The company is based in Singapore and operates in eight markets across Asia: Hong Kong, Singapore, Taiwan, Thailand, Indonesia, Malaysia, Philippines and Japan. In some markets it has expanded to food deliveries and, in Singapore, it operates an Alibaba-style online/offline store called Habitat.

The company makes its money by taking a cut of transactions from consumer transactions, while it also monetizes delivery services separately.

Despite looking impressive from the outside, the company is currently in crisis mode due to a cash crunch — there’s a lot happening right now.

From talking to several former and current staff, TechCrunch has come to learn that Honestbee is laying off employees, it has a range of suppliers who are owed money, it has “paused” its business in the Philippines, it has closed R&D centers in Vietnam and India, it isn’t going to make payroll in some markets and a range of executives have quit the firm in recent months.

Honestbee’s Habitat store includes a cashless and automated checkout experience, among other online-offline services

The issue is that the company is running out of money thanks to a business model with tight margins that’s largely unproven in Asia Pacific.

One source told TechCrunch that the company doesn’t currently have the funds to pay its staff this month. A source inside the company confirmed that Honestbee has told Singapore-based staff that they won’t be paid in time, but it isn’t clear about employees based in other markets. Previously, staff have been paid inconsistently — with late salary payments sent as bank transfers happening twice this year, according to the source.

One reason that the Philippines business has closed temporarily — as Tech In Asia first reported this week — is that it is out money, and waiting on Honestbee HQ in Singapore to provide further capital. Already, the saga has proven to be too much for Honestbee’s head of the Philippines — Crystal Gonzalez — who has quit the company, according to a source within Honestbee Philippines.

Gonzalez helped build Viber’s business in the Philippines, where it is a top messaging player, and she was previously with Yahoo before launching Honestbee. She is said to have grown frustrated at a lack of funds when the Philippines is the company’s best-performing market on paper.

Indeed, the situation is so dire that suppliers and partners have been paid late, or left unpaid entirely, in the Philippines and other markets. Honestbee takes payment for grocery deliveries, after which it is supposed to provide the transaction, minus its cut, to its supermarket partners. But it has been slow to pay vendors, with two in Singapore — FairPrice and U Stars — cutting ties with the startup.

Unclear financing

On the subject of financials, Honestbee looks to be toward the end of its runway.

The company has always taken a fairly secretive line on its financing. On launch, it announced a $15 million Series A investment from Formation8, a Korean firm where Honestbee CEO Joel Sng was a co-founder, but it has said nothing more since. Tech In Asia dug up filings last year that show it has raised a further $46 million from more Korean investors, but the startup declined to comment on its financing when contacted by TechCrunch.

It looks like that capital is nearly gone, at least based on what has been declared.

Internal numbers for Honestbee in December 2018, seen by TechCrunch, show that it lost nearly $6.5 million, with around $2.5 million in net revenue for the month. GMV — the total amount of transactions on its platform before deductions to partners — reached nearly $12.5 million in December, but costs — chiefly discounts to lure new customers and online marketing spend — dragged the company down. A former employee said that monthly retention is often single-digit percent in some markets because of the “outrageous” use of coupons to hit short-term revenue goals.

That internal data showed that the Philippines business accounted for around 40 percent of Honestbee’s overall GMV, which backs up Gonzalez’ apparent frustration at a lack of investment. That said, the Philippines unit remains some way from profitability, with a net loss of more than $1 million in December.

High burn rate

Three markets — Singapore, the Philippines and Taiwan — accounted for more than 80 percent of GMV and net income, making it unclear why Honestbee continues to operate in other countries, including the expensive Japanese market, when its funding level is perilously low.

Brian Koo, whose family controls LG, is listed as a shareholder for both of Honestbee’s ventures registered in Singapore. His Formation 8 VC firm has provided significant funding for the startup.

More pertinently, operating at that burn rate would give Honestbee less than 10 months of runway if it used the $61 million capital float that it is known to have raised. That suggests that the company has raised more money; however, none of the sources who spoke to TechCrunch were able to verify whether there has been additional fundraising.

Current and former employees explained that Honestbee doesn’t have a CFO and that all high-level decisions, and particularly those around budgets and spending, are managed by CEO Sng and his right-hand man, Roger Koh, whose LinkedIn lists his current job as a principal with Formation 8.

Filings in Singapore indicate that Honestbee has $55.9 million in assets through two registered companies. A common shareholder across the two is Brian Koo, a member of the LG family that founded Formation Group, the parent behind the Formation 8 fund.

Layoffs and a potential sale

While the financials are hazy, it is very clear that Honestbee is up against it right now.

The company released a statement earlier this week that makes some admissions around layoffs and restructuring but still glosses over current struggles:

In 2014, honestbee started in Singapore with the mission of providing a positive social and financial impact on the lives and businesses that we touch. Today, we are a regional business with footprints in Hong Kong, Thailand, Indonesia, Taiwan, Philippines, Japan and Malaysia.

Over the years, we have continued to be committed to our staff, partners and consumers. We have made good progress to implement new process and ways of working to remain efficient and relevant in the ever-changing business environment. The launch of habitat by honestbee in Singapore was a valuable lesson for us where it showed the potential growth in the O2O business and *it has been voted one of the must-see retail innovations in the world this year.

Following a strategic review of our company’s business, we are temporarily suspending our food verticals in Hong Kong and Thailand to simplify what we do and how we do it to better meet what our consumers want. Some roles within the organization will no longer be available. Approximately 6% of our global headcount in the organization are affected.

The status of honestbee in the remaining markets remain unchanged as we evaluate and we will continue to operate and contribute to honestbee Pte Ltd.

Sources close to the company told TechCrunch that more job losses are likely to come beyond the six percent in this statement. Executives who saw the writing on the wall have left in recent months, including the heads of business for Japan and Indonesia, a senior member of the team behind Habitat and the company’s head of people. One executive hired to raise capital for Honestbee quit within a month; he declined to comment and doesn’t list the company on his LinkedIn bio.

Secondly, Honestbee’s temporary suspension of food services in Hong Kong and Thailand isn’t likely to have a huge impact on its overall business, as groceries are the primary focus and neither market is particularly huge for the company. While Habitat has gotten attention for its forward-thinking, a physical retail store will require significant capital and it is likely, in its early days, to only increase the burn rate. Sources in the company told TechCrunch that, already, it has switched suppliers for some items as invoices went unpaid.

Despite the chaos, the potential of a sale is real.

Fresh from a recent $1.5 billion Vision Fund investment with the promise of $2 billion more this year, Grab — which is valued at $14 billion — is on a spending spree.

The Singapore-based company has pledged to make at least half a dozen acquisitions in 2019 and a deal to boost its nascent food and grocery play in Southeast Asia has some merit. Grab has the challenge of competing with Go-Jek, its $9.5 billion-valued rival that built a strong offering in Indonesia and is expanding across Southeast Asia with an emphasis on its food delivery. Grab, meanwhile, is active in eight markets across Southeast Asia and is now actively expanding from transportation services to food and more.

Likely adding to the frustration for Honestbee, its rival HappyFresh this week announced a $20 million investment. HappyFresh has undergone tough times, too. It pulled out of markets in 2016 to make its business more sustainable and today its CEO Guillem Segarra told TechCrunch that it is now operationally profitable.

Honestbee declined to respond to a range of questions from TechCrunch on whether it has plans to sell its business, its financing history and whether it has delayed paying employees.


If you have a tip about this story or others, you can contact TechCrunch reporter Jon Russell in the following ways:

  • DM to @jonrussell on Twitter
  • Email jr@techcrunch.com
  • For PGP use the public key listed on MIT’s keyserver (here) or jonrussell@protonmail.com
  • Contact directly for WhatsApp or Signal number

100 Car2go Mercedes hijacked in Chicago crime spree

in Automotive/car2go/carsharing/chicago/Daimler AG/Delhi/India/law enforcement/Politics/reporter/TC/Transportation by

Car2go, free-floating car-sharing service owned by Daimler, temporarily shut down its service in Chicago on Wednesday after dozens of Mercedes-Benz vehicles were stolen using the app.

The Chicago Police Department was alerted by Car2Go that some of their vehicles may have been rented by deceptive or fraudulent means through a mobile  app, a spokesperson wrote in an emailed statement to TechCrunch.

The news was first reported via tweet by Brad Edwards, a reporter with CBS Chicago. Edwards reported that sources said that many of the vehicles were allegedly used to commit other crimes. CPD did not provide any details about how the vehicles were used and said the investigation was ongoing.

Car2go launched in Chicago last June, the first time in four years that the company added a U.S. city to its ranks. The car-sharing company lets customers rent out vehicles on a short-term basis. Daimler’s diminutive Smart cars were once the lone option for Car2go customers. The company has expanded its offerings in recent years and now offers Mercedes-Benz CLA and GLA, as well as the two-door Smartfortwo vehicles.

CPD said 100 vehicles are still unaccounted for. It is believed that 50 vehicles, all of them Mercedes-Benz remain in the greater Chicago area. Police are questioning more than a dozen persons of interest.

CPD said it’s working with Car2go to determine whether there are any other vehicles whose locations cannot be accounted for.  At this time the recoveries appear to be isolated to the West Side, CPD said.

While the perpetrators appear to have gained access to the vehicles through “fraudulent means,” Car2go emphasized that no personal or confidential member information has been compromised.

TechCrunch received a tip from a user who received this “temporary pause in service” message when trying to use the app. Car2go confirmed the shut down and added that it will provide an update as soon as possible.

 

Car2go is going through a branding and organizational transition. Daimler  AG and BMW Group officially agreed to merge their urban mobility services into a single holding company back in March 2018 with a 50 percent stake each. In February, the companies announced plans to unify their services under five categories by creating five joint ventures — Reach Now, Charge Now, Park Now, Free Now and Share Now.

Transportation Weekly: Waymo unleashes laser bear, Bird spreads its wings, Lyft tightens its belt

in alex roy/api/articles/Artificial Intelligence/austin/Automotive/AV/Barcelona/Cabify/california/Canada/ceo/China/Chris Urmson/Delhi/driver/DroneDeploy/Elon Musk/Emerging-Technologies/eurolines/Ford/France/General Partner/geneva/Google/India/Ingrid Lunden/internet connectivity/Kirsten Korosec/laser/latin america/Lidar/lucas matney/Lyft/Malcolm Gladwell/mercedes/mobike/Natasha Lomas/New Zealand/nvidia/operating system/OurCrowd/Ouster/Pandora/Politics/Quanergy/reporter/sacramento/Samsung/san jose/self-driving cars/simulation/spain/subscription services/TechCrunch/Technology/Tesla/transport/Transportation/Transportation Weekly/Travis VanderZanden/Uber/United Kingdom/United States/Velodyne/viper/VOI Technology/volkswagen/waymo/willows/zack Whittaker/Zipcar by

Welcome back to Transportation Weekly; I’m your host Kirsten Korosec, senior transportation reporter at TechCrunch . This is the fifth edition of our newsletter and we love the reader feedback. Keep it coming.

Never heard of TechCrunch’s Transportation Weekly? Catch up here, here and here. As I’ve written before, consider this a soft launch. Follow me on Twitter @kirstenkorosec to ensure you see it each week. (An email subscription is coming). 

This week, we explore the world of light detection and ranging sensors known as LiDAR, young drivers, trouble in Barcelona, autonomous trucks in California, and China among other things.


ONM …

There are OEMs in the automotive world. And here, (wait for it) there are ONMs — original news manufacturers. (Cymbal clash!) This is where investigative reporting, enterprise pieces and analysis on transportation lives.

This week, we’re going to put our on analysis hats as we explore the world of LiDAR, a sensor that measures distance using laser light to generate highly accurate 3D maps of the world around the car. LiDAR is considered by most in the self-driving car industry (Tesla CEO Elon Musk being one exception) a key piece of technology required to safely deploy robotaxis and other autonomous vehicles.

There are A LOT of companies working on LiDAR. Some counts track upwards of 70. For years now, Velodyne has been the primary supplier of LiDAR sensors to companies developing autonomous vehicles. Waymo, back when it was just the Google self-driving project, even used Velodyne LiDAR sensors until 2012.

Dozens of startups have sprung up with Velodyne in its sights. But now Waymo has changed the storyline.

To catch you up: Waymo announced this week that it will start selling its custom LiDAR sensors — the technology that was at the heart of a trade secrets lawsuit last year against Uber.

Waymo’s entry into the market doesn’t necessarily upend other companies’ plans. Waymo is going to sell its short range LiDAR, called Laser Bear Honeycomb, to companies outside of self-driving cars. It will initially target robotics, security and agricultural technology.

It does put pressure on startups, particularly those with less capital or those targeting the same customer base. Pitchbook ran the numbers for us to determine where the LiDAR industry sits at the moment. There are two stories here: there are a handful of well capitalized startups and we may have reached “peak” LiDAR. Last year, there were 28 VC deals in LiDAR technology valued at $650 million. The number of deals was slightly lower than in 2017, but the values jumped by nearly 34 percent.

The top global VC-backed LiDAR technology companies (by post valuation) are Quanergy, Velodyne (although mostly corporate backed), Aurora (not self-driving company Aurora Innovation), Ouster, and DroneDeploy. The graphic below, also courtesy of Pitchbook, shows the latest figures as of January 31, 2019.

Dig In

Researchers discovered that two popular car alarm systems were vulnerable to a manipulated server-side API that could be abused to take control of an alarm system’s user account and their vehicle.

The companies — Russian alarm maker Pandora and California-based Viper (or Clifford in the U.K.) — have fixed the  security vulnerabilities that allowed researchers to remotely track, hijack and take control of vehicles with the alarms installed. What does this all mean?

Our in-house security expert and reporter Zack Whittaker digs in and gives us a reality check. Follow him @zackwhittaker.

Since the first widely publicized car hack in 2015 proved hijacking and controlling a car was possible, it’s opened the door to understanding the wider threat to modern vehicles.

Most modern cars have internet connectivity, making their baseline surface area of attack far greater than a car that doesn’t. But the effort that goes into remotely controlling a vehicle is difficult and convoluted, and the attack — often done by chaining together a set of different vulnerabilities — can take weeks or even longer to develop.

Keyfob or replay attacks are far more likely than say remote attacks over the internet or cell network. A keyfob sends an “unlock” signal, a device captures that signal and replays it. By replaying it you can unlock the car.

This latest car hack, featuring flawed third-party car alarms, was far easier to exploit, because the alarm systems added a weakness to the vehicles that weren’t there to begin with. Car makers, with vast financial and research resources, do a far greater job at securing their vehicle than the small companies that focus on functionality over security. For now, the bigger risk comes from third parties in the automobile space, but the car makers can’t afford to drop their game either.


A little bird …

We hear a lot. But we’re not selfish. Let’s share.

blinky-cat-bird

The California Department Motor Vehicles is the government body that regulates autonomous vehicle testing on public roads. The job of enforcement falls to the California Highway Patrol.

In an effort to gauge the need for more robust testing guidelines, the California Highway Patrol decided to hold an event at its headquarters in Sacramento. Eight companies working on autonomous trucking technology were invited. It was supposed to be a large event with local and state politicians in attendance. And it was supposed to validate autonomous trucking as an emerging industry.

There’s just one problem: only one AV trucking company is willing and able to complete this course. We hear that this AV startup actually already went ahead and completed the test course.

The California Highway Patrol has postponed event, for now, presumably until more companies can join.

Got a tip or overheard something in the world of transportation? Email me or send a direct message to @kirstenkorosec.


Deal of the week

Instead of highlighting one giant deal, let’s step back and take a broader view of mobility this week. The upshot: 2018 saw a decline in total investments in the sector and money moved away from ride-hailing and towards two-wheeled transportation.

According to new research from EY, mobility investments in 2018 reached $39.1 billion, down from $55.2 billion in the previous year. (The figures EY provided was through November 2018).

Ride-hailing companies raised $7.1 billion in 2018, a 73 percent decline from the previous year when $26.7 billion poured into this sector.

Investors, it seems, are shifting their focus to other business models, notably first and last-mile connectivity. EY estimates $7 billion was invested in two-wheeler mobility companies such as bike-sharing and electric scooters in 2018. The U.S. and China together have contributed to more than 80 percent of overall two-wheeler mobility investments this year alone, according to EY research shared with TechCrunch.

Other deals:


Snapshot

Let’s talk about Generation Z, that group of young people born 1996 to the present, and one startup that is focused on turning that demographic into car owners.

There’s lots of talk and hand wringing about young people choosing not to get a driver’s license, or not buying a vehicle. In the UK, for instance, about 42 percent of young drivers aged 17 to 24, hold a driver’s license. That’s about 2.7 million people, according to the National Travel Survey 2018 (NTS) of the UK government’s department of transport. An additional 2.2 million have a provisional or learner license. Combined, that amounts to about 13 percent of the car driving population of the UK.

In the UK, evidence suggests that a rise in motoring costs have discouraged young people from learning. And there lies one opportunity that a new startup called Driver1 is targeting.

Driver 1 is a car subscription service designed exclusively for first car drivers aged 17 to 24. The company has been in stealth mode for about a year and is just now launching.

“The young driver market is being underserved by the car industry, Driver1 founder Tim Hammond told TechCrunch. “And primarily it’s the financing that’s not available for that age group. It’s also something that’s not really affordable for any of the car subscription models like Fair.com and it’s not suitable for the OEM subscription services either financially or from an age perspective for young drivers.”

The company’s own research has found this group wants a newer car for 12 to 15 months.

“The car is the extension of their device,” Hammond said, noting these drivers don’t want the old junkers. “They want their iPhones and they want the car that goes with it.”

The company is working directly with leasing companies — not dealerships — to provide young drivers with 3 to 5-year-old cars that have lost 60 percent or so of their value. Driver1 is targeting under $120 a month for the customer and has a partnership with remarketing company Manheim, which is owned by Cox Automotive.

The startup is focused on the UK for now and has about 600 members who have reserved their cars for purchase. Driver1 is aiming to capture about 10 percent of the 1 million or so young people in the UK who pass their learners permit each year. The company plans it expand to France and other European countries in the fall.


Tiny but mighty micromobility

Bird Rocking Out GIF - Find & Share on GIPHY

Ca-caw, ca-caw! That’s the sound of Bird gearing up to launch Bird Platform in New Zealand, Canada and Latin America in the coming weeks. The platform is part of Bird’s mission to bring its scooters across the world “and empower local entrepreneurs in regions where we weren’t planning to launch to run their own electric-scooter sharing program with Bird’s tech and vehicles,” Bird CEO Travis VanderZanden told TechCrunch.

MRD’s two cents: Bird Platform seems like a way for Bird to make extra cash without having to do any of the work i.e. charging the vehicles, maintaining them and working with city officials to get permits. Smart!

Meanwhile, the dolla dolla bills keep pouring into micromobility. European electric scooter startup Voi Technology raised an additional $30 million in capital. That was on top of a $50 million Series A round just three months ago.

Oh, and because micromobility isn’t just for startups, Volkswagen decided to launch a kind of weird-looking electric scooter in Geneva. Because, why not?

Megan Rose Dickey

One more thing …

Lyft is trimming staff to prepare for its IPO. TechCrunch’s Ingrid Lunden learned that the company has laid off about 50 staff in its bike and scooter division. It appears most of these folks are people who joined the Lyft through its acquisition of  electric bike sharing startup Motivate a deal that closed about three months ago.


Notable reads

It’s probably not smart to suggest another newsletter, but if you haven’t checked out Michael Dunne’s  The Chinese Are Coming newsletter, you should. Dunne has a unique perspective on what’s happening in China, particularly as it related to automotive and newer forms of mobility such as ride-hailing. One interesting nugget from his latest edition: there are more than 20 other new electric vehicle makers in China.

“Most will fall away within the next 3 to 4 years as cash runs out,” Dunne predicts.

Other quotable notables:

Here’s a fun read for the week. TechCrunch’s Lucas Matney wrote about a YC Combinator startup Jetpack Aviation.The startup has launched pre-orders this week for the moonshot of moonshots, the Speeder, a personal vertical take-off and landing vehicle with a svelte concept design that looks straight out of Star Wars or Halo.


Testing and deployments

Spanish ride-hailing firm Cabify is back operating in Barcelona, Spain despite issuing dire warnings that new regulations issued by local government would crush its business and force it to fire thousands of drivers and leave forever. Turns out forever is one month.

The Catalan Generalitat issued a decree last month imposing a wait time of at least 15 minutes between a booking being made and a passenger being picked up. The policy was made to ensure taxis and ride-hailing firms are not competing for the same passengers, following a series of taxi strikes, which included scenes of violence. Our boots on the ground reporter Natasha Lomas has the whole story.

Sure, Barcelona is just one city. But what happened in Barcelona isn’t an isolated incident. The early struggles between conventional taxis and ride-hailing operations might be over, but that doesn’t mean the matter has been settled altogether.

And it’s not likely to go away. Once, robotaxis actually hit the road en masse — and yes, that’ll be awhile — these same struggles will pop up again.

Other deployments, or, er, retreats ….

Bike share pioneer Mobike retreats to China

On the autonomous vehicle front:

China Post, the official postal service of China, and delivery and logistics companies Deppon Express, will begin autonomous package delivery services in April. The delivery trucks will operate on autonomous driving technologies developed by FABU Technology, an AI company focused on intelligent driving systems.


On our radar

There is a lot of transportation-related activity this month. Come find me.

SXSW in Austin: TechCrunch will be at SXSW. And there is a lot of mobility action here. Aurora CEO and co-founder Chris Urmson was on stage Saturday morning with Malcolm Gladwell. Mayors from a number of U.S. cities as well as companies like Ford and Mercedes are on the scene. Here’s where I’ll be. 

  • 2 p.m. to 6:30 p.m. (local time) March 9 at the Empire Garage for the Smart Mobility Summit, an annual event put on by Wards Intelligence and C3 Group. The Autonocast, the podcast I co-host with Alex Roy and Ed Niedermeyer, will also be on hand.
  • 9:30 a.m. to 10:30 a.m. (local time) March 12 at the JW Marriott. The Autonocast and founding general partner of Trucks VC, Reilly Brennan will hold a SXSW podcast panel on automated vehicle terminology and other stuff.
  • 3:30 p.m (local time) over at the Hilton Austin Downtown, I’ll be moderating a panel Re-inventing the Wheel: Own, Rent, Share, Subscribe. Sherrill Kaplan with Zipcar, Amber Quist, with Silvercar and Russell Lemmer with Dealerware will join me on stage.
  • TechCrunch is also hosting a SXSW party from 1 pm to 4 pm Sunday, March 10, 615 Red River St., that will feature musical guest Elderbrook. RSVP here

Nvidia GTC

TechCrunch (including yours truly) will also be at Nvidia’s annual GPU Technology Conference from March 18 to 21 in San Jose.

Self Racing Cars

The annual Self Racing Car event will be held March 23 and March 24 at Thunderhill Raceway near Willows, California.

There is still room for participants to test or demo their autonomous vehicles, drive train innovation, simulation, software, teleoperation, and sensors. Hobbyists are welcome. Sign up to participate or drop them a line at contact@selfracingcars.com.

Thanks for reading. There might be content you like or something you hate. Feel free to reach out to me at kirsten.korosec@techcrunch.com to share those thoughts, opinions or tips. 

Nos vemos la próxima vez.

Facebook won’t let you opt-out of its phone number ‘look up’ setting

in Alex Stamos/computing/Delhi/Facebook/India/photo sharing/Politics/privacy/reporter/Security/social media/Software/terms of service by

Users are complaining that the phone number Facebook hassled them to use to secure their account with two-factor authentication has also been associated with their user profile — which anyone can use to “look up” their profile.

Worse, Facebook doesn’t give you an option to opt-out.

Last year, Facebook was forced to admit that after months of pestering its users to switch on two-factor by signing up their phone number, it was also using those phone numbers to target users with ads. But some users are finding out just now that Facebook’s default setting allows everyone — with or without an account — to look up a user profile based off the same phone number previously added to their account.

The recent hubbub began today after a tweet by Jeremy Burge blew up, criticizing Facebook’s collection and use of phone numbers, which he likened to “a unique ID that is used to link your identity across every platform on the internet.”

Although users can hide their phone number on their profile so nobody can see it, it’s still possible to “look up” user profiles in other ways, such as “when someone uploads your contact info to Facebook from their mobile phone,” according to a Facebook help article. It’s a more restricted way than allowing users to search for user profiles using a person’s phone number, which Facebook restricted last year after admitting “most” users had their information scraped.

Facebook gives users the option of allowing users to “look up” their profile using their phone number to “everyone” by default, or to “friends of friends” or just the user’s “friends.”

But there’s no way to hide it completely.

Security expert and academic Zeynep Tufekci said in a tweet: “Using security to further weaken privacy is a lousy move — especially since phone numbers can be hijacked to weaken security,” referring to SIM swapping, where scammers impersonate cell customers to steal phone numbers and break into other accounts.

Tufekci’s argued that users can “no longer keep keep private the phone number that [they] provided only for security to Facebook.”

Facebook spokesperson Jay Nancarrow told TechCrunch that the settings “are not new,” adding that, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.”

Gizmodo reported last year that when a user gives Facebook a phone number for two-factor, it “became targetable by an advertiser within a couple of weeks.”

If a user doesn’t like it, they can set up two-factor without using a phone number — which hasn’t been mandatory for additional login security since May 2018.

But even if users haven’t set up two-factor, there are well documented cases of users having their phone numbers collected by Facebook, whether the user expressly permitted it or not.

In 2017, one reporter for The Telegraph described her alarm at the “look up” feature, given she had “not given Facebook my number, was unaware that it had found it from other sources, and did not know it could be used to look me up.”

WhatsApp, the messaging app also owned by Facebook (alongside Messenger and Instagram), uses your phone number as the primary way to create your account and connect you to its service. Facebook has long had a strategy to further integrate the two services, although it has run into some bumps along the way.

To the specific concerns by users, Facebook said: “We appreciate the feedback we’ve received about these settings and will take it into account.”

Concerned users should switch their “look up” settings to “Friends” to mitigate as much of the privacy risk as possible.

When asked specifically if Facebook will allow users to users to opt-out of the setting, Facebook said it won’t comment on future plans. And, asked why it was set to “everyone” by default, Facebook said the feature makes it easier to find people you know but aren’t yet friends with.

Others criticized Facebook’s move to expose phone numbers to “look ups,” calling it “unconscionable.”

Alex Stamos, former chief security officer and now adjunct professor at Stanford University, also called out the practice in a tweet. “Facebook can’t credibly require two-factor for high-risk accounts without segmenting that from search and ads,” he said.

Since Stamos left Facebook in August, Facebook has not hired a replacement chief security officer.

1 2 3
Go to Top