Google’s Project Fi wireless service is getting a major update today that introduces an optional always-on VPN service and a smarter way to switch between WiFi and cellular connections.
By default, Fi already uses a VPN service to protect users when they connect to the roughly two million supported WiFi hotspots. Now, Google is expanding this to cellular connections as well. “When you enable our enhanced network, all of your mobile and Wi-Fi traffic will be encrypted and securely sent through our virtual private network (VPN) on every network you connect to, so you’ll have the peace of mind of knowing that others can’t see your online activity,” the team writes in today’s announcement.
Google notes that the VPN also shields all of your traffic from Google itself and that it isn’t tied to your Google account or phone number.
The VPN is part of what Google calls its “enhanced network” and the second part of this announcement is that this network now also allows for a faster switch between WiFi and mobile networks. When you enable this — and both of these features are currently in beta and only available on Fi-compatible phones that run Android Pie — your phone will automatically detect when your WiFi connection gets weaker and fill in those gaps with cellular data. The company says that in its testing, this new system reduces a user’s time without a working connection by up to 40 percent.
These new features will start rolling out to Fi users later this week. They are off by default, so you’ll have to head to the Fi Network Tools in the Project Fi app and turn them on to get started. One thing to keep in mind here: Google says your data usage will likely increase by about 10 percent when you use the VPN.
For weeks, a small team of security researchers and developers have been putting the finishing touches on a new privacy app, which its founder says can nix some of the hidden threats that mobile users face — often without realizing.
Phones track your location, apps siphon off our data, and aggressive ads try to grab your attention. Your phone has long been a beacon of data, broadcasting to ad networks and data trackers, trying to build up profiles on you wherever you go to sell you things you’ll never want.
Will Strafach knows that all too well. A security researcher and former iPhone jailbreaker, Strafach has shifted his time digging into apps for insecure, suspicious and unethical behavior. Last year, he found AccuWeather was secretly sending precise location data without a user’s permission. And just a few months ago, he revealed a list of dozens of apps that were sneakily siphoning off their users’ tracking data to data monetization firms without their users’ explicit consent.
Now his team — including co-founder Joshua Hill and chief operating officer Chirayu Patel — will soon bake those findings into its new “smart firewall” app, which he says will filter and block traffic that invades a user’s privacy.
“We’re in a ‘wild west’ of data collection,” he said, “where data is flying out from your phone under the radar — not because people don’t care but there’s no real visibility and people don’t know it’s happening,” he told me in a call last week.
At its heart, the Guardian Mobile Firewall — currently in a closed beta — funnels all of an iPhone or iPad’s internet traffic through an encrypted virtual private network (VPN) tunnel to Guardian’s servers, outsourcing all of the filtering and enforcement to the cloud to help reduce performance issues on the device’s battery. It means the Guardian app can near-instantly spot if another app is secretly sending a device’s tracking data to a tracking firm, warning the user or giving the option to stop it in its tracks. The aim isn’t to prevent a potentially dodgy app from working properly, but to give users’ awareness and choice over what data leaves their device.
Strafach described the app as “like a junk email filter for your web traffic,” and you can see from of the app’s dedicated tabs what data gets blocked and why. A future version plans to allow users to modify or block their precise geolocation from being sent to certain servers. Strafach said the app will later tell a user how many times an app accesses device data, like their contact lists.
But unlike other ad and tracker blockers, the app doesn’t use overkill third-party lists that prevent apps from working properly. Instead, taking a tried-and-tested approach from the team’s own research. The team periodically scans a range of apps in the App Store to help identify problematic and privacy-invasive issues that are fed to the app to help improve over time. If an app is known to have security issues, the Guardian app can alert a user to the threat. The team plans to continue building machine learning models that help to identify new threats — including so-called “aggressive ads” — that hijack your mobile browser and redirect you to dodgy pages or apps.
Screenshots of the Guardian app, set to be released in December (Image: supplied)
Strafach said that the app will “err on the side of usability” by warning users first — with the option of blocking it. A planned future option will allow users to go into a higher, more restrictive privacy level — “Lockdown mode” — which will deny bad traffic by default until the user intervenes.
What sets the Guardian app from its distant competitors is its anti-data collection.
Whenever you use a VPN — to evade censorship, site blocks or surveillance — you have to put more trust in the VPN server to keep all of your internet traffic safe than your internet provider or cell carrier. Strafach said that neither he nor the team wants to know who uses the app. The less data they have, the less they know, and the safer and more private its users are.
“We don’t want to collect data that we don’t need,” said Strafach. “We consider data a liability. Our rule is to collect as little as possible. We don’t even use Google Analytics or any kind of tracking in the app — or even on our site, out of principle.”
The app works by generating a random set of VPN credentials to connect to the cloud. The connection uses IPSec (IKEv2) with a strong cipher suite, he said. In other words, the Guardian app isn’t a creepy VPN app like Facebook’s Onavo, which Apple pulled from the App Store for collecting data it shouldn’t have been. “On the server side, we’ll only see a random device identifier, because we don’t have accounts so you can’t be attributable to your traffic,” he said.
“We don’t even want to say ‘you can trust us not to do anything,’ because we don’t want to be in a position that we have to be trusted,” he said. “We really just want to run our business the old fashioned way. We want people to pay for our product and we provide them service, and we don’t want their data or send them marketing.”
“It’s a very hard line,” he said. “We would shut down before we even have to face that kind of decision. It would go against our core principles.”
I’ve been using the app for the past week. It’s surprisingly easy to use. For a semi-advanced user, it can feel unnatural to flip a virtual switch on the app’s main screen and allow it to run its course. Anyone who cares about their security and privacy are often always aware of their “opsec” — one wrong move and it can blow your anonymity shield wide open. Overall, the app works well. It’s non-intrusive, it doesn’t interfere, but with the “VPN” icon lit up at the top of the screen, there’s a constant reminder that the app is working in the background.
It’s impressive how much the team has kept privacy and anonymity so front of mind throughout the app’s design process — even down to allowing users to pay by Apple Pay and through in-app purchases so that no billing information is ever exchanged.
The app doesn’t appear to slow down the connection when browsing the web or scrolling through Twitter or Facebook, on neither LTE or a Wi-Fi network. Even streaming a medium-quality live video stream didn’t cause any issues. But it’s still early days, and even though the closed beta has a few hundred users — myself included — as with any bandwidth-intensive cloud service, the quality could fluctuate over time. Strafach said that the backend infrastructure is scalable and can plug-and-play with almost any cloud service in the case of outages.
In its pre-launch state, the company is financially healthy, scoring a round of initial seed funding to support getting the team together, the app’s launch, and maintaining its cloud infrastructure. Steve Russell, an experienced investor and board member, said he was “impressed” with the team’s vision and technology.
“Quality solutions for mobile security and privacy are desperately needed, and Guardian distinguishes itself both in its uniqueness and its effectiveness,” said Russell in an email.
He added that the team is “world class,” and has built a product that’s “sorely needed.”
Strafach said the team is running financially conservatively ahead of its public reveal, but that the startup is looking to raise a Series A to support its anticipated growth — but also the team’s research that feeds the app with new data. “There’s a lot we want to look into and we want to put out more reports on quite a few different topics,” he said.
As the team continue to find new threats, the better the app will become.
The app’s early adopter program is open, including its premium options. The app is expected to launch fully in December.
This clever – if expensive – product is called the BoxLock and it is a keyless padlock that lets your package delivery person scan and drop off your packages into a locked box. The system essentially watches for a shipping event and then waits for the right barcode before opening. Once the delivery person scans the package, the lock opens, the delivery person sticks the package in a box or shed (not included) and locks it back up. You then go and grab your package at your leisure.
The lock costs $129.
The company appeared on everyone’s favorite show, Shark Tank, where they demonstrated the system with a fake door and fake UPS dude.
The internal battery lasts 30 days on one charge and it connects to your phone and house via Wi-Fi. While the system does require a box – it’s called BoxLock, after all, not LockBox – it’s a clever solution to those pesky porch pirates who endlessly steal my YorkieLoversBox deliveries.
A lot of secure sites are set to grind to a halt with security error messages in the next version of Google Chrome, after the browser will drop trust for a major HTTPS certificate provider following a series of security incidents.
Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites that run older Symantec certificates issued before June 2016, including legacy branded Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates.
Yet despite more than a year to prepare, many popular sites are not ready.
You can check any website by pulling up the console in Chrome on any website. (Image: TechCrunch)
HTTPS certificates encrypt the data between your computer and the website or app you’re using, making it near-impossible for anyone — even on your public Wi-Fi hotspot — to intercept your data. Not only that, HTTPS certificates prove the integrity of the the site you’re visiting by ensuring the pages haven’t been modified in some way by an attacker.
Most websites obtain their HTTPS certificates from a certificate authority, which abide by certain rules and procedures that over time become trusted by web browsers.
If you screw that up and lose their trust, the browsers can pull the plug on all of the certificates from that authority.
That’s exactly why Google called it quits on Symantec certificates last year. The search giant, and others, accused Symantec of issuing misleading and wrong certificates — and later, it was discovered that Symantec allowed non-trusted organizations to issue certificates without the required rigorous oversight. That has forced thousands of sites to trash their paid-for certificates and replace them with new ones to prevent their site from flagging up with error messages once the Chrome 70 deadline hits.
But, just as much as browsers can lose trust in a certificate authority, it can also gain the trust of new ones.
Let’s Encrypt, a provider of free HTTPS certificates, gained trust from all the major browser makers — including Apple, Google, Microsoft and Mozilla — earlier this year. To date, the non-profit has issued more than 380 million certificates.
Nigerian digital payments startup Paga is gearing up for international expansion with a $10 million round led by the Global Innovation Fund.
The company is exploring the release of its payments product in Ethiopia, Mexico, and the Philippines—CEO Tayo Oviosu told TechCrunch.
Paga looks to go head to head with regional and global payment players, such as PayPal, Alipay, and Safaricom according to Oviosu.
“We are not only in a position to compete with them, we’re going beyond them,” he said of Kenya’s href=”https://crunchbase.com/organization/m-pesa” data-saferedirecturl=”https://www.google.com/url?q=https://crunchbase.com/organization/m-pesa&source=gmail&ust=1538690131434000&usg=AFQjCNFh9TKfy2mvIHjw_XVc1R63-ggIJg”>M-Pesa mobile money product. “Our goal is to build a global payment ecosystem across many emerging markets.”
Launched in 2012, Paga has created a multi-channel network and platform to transfer money, pay-bills, and buy things digitally 9 million customers in Nigeria—including 6000 businesses.
Since inception, the startup has processed 57 million transactions worth $3.6 billion, according to Oviosu. He joined Cellulant CEO Ken Njoroge and Helios Investment Partners’ Fope Adelowo at Disrupt San Francisco to discuss fintech and Africa’s tech ecosystem.
South African fintech startup Jumo raised a $52 million round (led by Goldman Sachs) to bring its fintech services to Asia. The company—that offers loans to the unbanked in Africa—has opened an office in Singapore to lead the way.
The new round takes Jumo to $90 million raised from investors and also saw participation from existing backers that include Proparco — which is attached to the French Development Agency — Finnfund, Vostok Emerging Finance, Gemcorp Capital, and LeapFrog Investments.
Launched in 2014, Jumo specializes in social impact financial products. That means loans and saving options for those who sit outside of the existing banking system, and particularly small businesses.
To date, it claims to have helped nine million consumers across its six markets in Africa and originated over $700 million in loans. The company, which has some 350 staff across 10 offices in Africa, Europe and Asia, was part of Google’s Launchpad accelerator last year. Jumo is led by CEO Andrew Watkins-Ball, who has close to two decades in finance and investing.
Lagos based Paystack raised an $8 million Series A round led by Stripe.
In Nigeria the company’s payment API integrates with tens of thousands of businesses, and in two years it has grown to process 15 percent of all online payments.
In 2016, Paystack became the first startup from Nigeria to enter Y Combinator, and the incubator is doing some follow-on investing in this round.
Other strategic investors in this Series A include Visa and the Chinese online giant Tencent, parent of WeChat and a plethora of other services. Tencent also invested in Paystack’s previous round: the startup has raised $10 million to date.
Paystack integrates a wide range of payment options (wire transfers, cards, and mobile) that Nigerians (and soon, those in other countries in Africa) use both to accept and make payments. There’s more about the company’s platform and strategy in this TechCrunch feature.
South African startup Yoco raised $16 million in a new round of funding to expand its payment management and audit services for small and medium sized businesses as it angles to become one of Africa’s billion dollar businesses.
To get there the company that “builds tools and services to help SMEs get paid and manage their business” plans to tap $20 billion in commercial activity that the company’s co-founder and chief executive, Katlego Maphai estimates is waiting to move from cash payments to digital offerings.
Yoco offers a point of sale card reader that links to its proprietary payment and performance software at an entry cost of just over $100.
With this kit, cash based businesses can start accepting cards and tracking metrics such as top selling products, peak sales periods, and inventory flows.
Yoco has positioned itself as a missing link to “solving an access problem” for SMEs. Though South Africa has POS and business enterprise providers — and relatively high card (75 percent) and mobile penetration (68 percent) — the company estimates only 7 percent of South African businesses accept cards.
Yoco says it is already processing $280 million in annualized payment volume for just under 30,000 businesses.
The startup generates revenue through margins on hardware and software sales and fees of 2.95 percent per transaction on its POS devices.
Yoco will use the $16 million round on product and platform development, growing its distribution channels, and acquiring new talent.
Emerging markets credit startup Mines.io closed a $13 million Series A round led by The Rise Fund, and looks to expand in South America and Asia.
Mines provides business to consumer (B2C) “credit-as-a-service” products to large firms.
“We’re a technology company that facilitates local institutions — banks, mobile operators, retailers — to offer credit to their customers,” Mines CEO and co-founder Ekechi Nwokah told TechCrunch.
Most of Mines’ partnerships entail white-label lending products offered on mobile phones, including non-smart USSD devices.
With offices in San Mateo and Lagos, Mines uses big-data (extracted primarily from mobile users) and proprietary risk algorithms “to enable lending decisions,” Nwokah explained.
Mines started operations in Nigeria and counts payment processor Interswitch and mobile operator Airtel as current partners. In addition to talent acquisition, the startup plans to use the Series A to expand its credit-as-a-service products into new markets in South America and Southeast Asia “in the next few months,” according to its CEO.
Nwokah wouldn’t name specific countries for the startup’s pending South America and Southeast Asia expansion, but believes “this technology is scalable across geographies.”
As part of the Series A, Yemi Lalude from TPG Growth (founder of The Rise Fund) will join Mines’ board of directors.
Digital infrastructure company Liquid Telecom is betting big on African startups by rolling out multiple sponsorships and free internet across key access points to the continent’s tech entrepreneurs.
The Econet Wireless subsidiary is also partnering with local and global players like Afrilabs and Microsoft to create a cross-border commercial network for the continent’s startup community.
“We believe startups will be key employers in Africa’s future economy. They’re also our future customers,” Liquid Telecom’s Head of Innovation Partnerships Oswald Jumira told TechCrunch.
With 13 offices on the continent, Liquid Telecom’s core business is building the infrastructure for all things digital in Africa.
The company provides voice, high-speed internet, and IP services at the carrier, enterprise, and retail level across Eastern, Central, and Southern Africa. It operates data centers in Nairobi and Johannesburg with 6,800 square meters of rack space.
Liquid Telecom has built a 50,000 kilometer fiber network, from Cape Town to Nairobi and this year switched on the Cape to Cairo initiative—a land based fiber link from South Africa to Egypt.
Though startups don’t provide an immediate revenue windfall, the company is betting they will as future enterprise clients.
“Step one…in supporting startups has been….supporting co-working spaces and events with sponsorships and free internet,” Liquid Telecom CTO Ben Roberts told TechCrunch. “Step two is helping startups to adopt…business services.”
Liquid Telecom provides free internet to 30 hubs in seven countries and is active sponsoring startup related events.
On the infrastructure side, it’s developing commercial services for startups to plug into.
“At the early stage and middle stage, we’re offering startups connectivity, skills development, and access to capital through the hubs,” said Liquid Telecom’s Oswald Jumira.
“When they reach the more mature level, we’re focused on how we can scale them up…and be a go to market partner for them. To do that they’ll need to leverage…cloud services.”
Microsoft and Liquid Telecom announced a partnership in 2017 to offer cloud services such as Microsoft’s Azure, Dynamics 365, and Office 365 to select startups through free credits—and connected to comp packages of Liquid Telecom product offerings.
On the venture side, Liquid Telecom doesn’t have a fund but that could be in the cards.
“We haven’t yet started investing in startups, but I’d like to see that we do,” said chief technology officer Ben Roberts. “That can be the next move onwards… from having successful business partnerships.”
And finally, tickets are now available here for Startup Battlefield Africa in Lagos this December. The first two speakers were also announced, TLcom Capital senior partner and former minister of communication technology for Nigeria Omobola Johnson and Singularity Investment’s Lexi Novitske will discuss keys to investing across Africa’s startup landscape.