posted 9 days ago on re/code
Are we another step closer to sentient computers? Google’s 2017 I/O keynote is happening now, where Google CEO Sundar Pichai is introducing new products and sharing more information about the company’s “AI first” future. Here’s a running list of what happened that matters. Google can now use your camera as an input device. Google announced a “Lens” feature for its Assistant service that will tell you information about what’s in front of your phone camera: What type of flower you’re looking at, info about the restaurant across the street, etc. This combines a bunch of tech buzzwords — AI, AR, machine learning, computer vision — into one feature, and highlights how Google’s massive collection of data about the world can be used together. It's also another example of how Google is trying to get ahead of the latest preference for photos versus text. Don’t like writing emails? Don’t have to. Gmail on Android and iOS is getting an automated-response feature called Smart Reply, which lets you choose up to three responses that are based on the received email. You can add more to a response after selecting it if you want, or can just send the automated response as-is. More Google in more places, in more languages. Google Assistant is rolling out to the iPhone — though it won’t (and can’t) replace Siri as the default assistant — and will be available in more languages like French and German. Hands-free calling on Google Home. “Hey Google, call mom.” Dial out with your personal number when it detects your voice. No setup required, according to today’s presentation. (Amazon launched calls for Alexa this week, too.)

Read More...
posted 9 days ago on re/code
“Hackers don’t think like normal people.” On this episode of Too Embarrassed to Ask, Recode’s Kara Swisher and The Verge’s Lauren Goode dive into Part 2 of the security- and privacy- (and Tony-) themed podcast. Part 1 featured Recode’s Politics and Policy Senior Editor Tony Romm; Part 2 brings in privacy and security expert Tony Gambacorta. The three discuss passwords, Internet of Things devices in the home and basic steps anyone can take to make their information more secure, and then answer questions from readers and listeners. You can read some of the highlights from their discussion at that link, or listen to it in the audio player above. Below, we’ve posted a lightly edited complete transcript of their conversation. Kara Swisher: Hi, I’m Kara Swisher, executive editor of Recode. Lauren Goode: I’m Lauren Goode, senior technology editor at The Verge. And you’re listening to Too Embarrassed to Ask, where we answer all of your embarrassing questions about tech. It could be anything, like what’s the future of Uber, given all of the drama that’s going on there. Or, is my smart speaker listening to every word that I say? Yes. Why did Sony just put out a $700 e-paper tablet that everyone’s talking about on the internet this morning? No idea. Did Kara miss me when I took the day off last Friday? Not even slightly. I didn’t even know you were gone. That’s it. The podcast is over. Good-bye. How can I miss you if you won’t go away? Good-bye. Oh, wait, you went away. I did miss you. Anyways, so send us your questions. We really do listen to them all. Find us on Twitter and tweet them to us at @Recode or to myself or to Lauren with a hashtag #tooembarrassed. Did you have a wild weekend? I did have a good weekend. You sound kind of throaty. No, I got a cold. It’s called a cold. I don’t have a wild life, Lauren. I have a very dull, boring life. Did you go to SoulCycle with Casey? Is that how you got sick? I did. So, you did. You actually did? I did. I was joking. That’s how you got this voice. No, I did a lot of stuff. I did many fun things this weekend. So it sounds like you had a wild weekend. Yeah, wild for me. Wild? No. All right. More of a dull, old-lady life. Well, yeah. So, tweet us your questions. Could be anything. Could be about Kara’s experience in SoulCycle. We also have an email address, [email protected], and a reminder, embarrassed has two Rs and two Ss. And while you’re at it, have a listen to our previous episodes too, which you can find on iTunes at iTunes.com/tooembarrassed. So last week, we had Recode reporter Tony Romm on for the first time. He was great, actually Great. We got a lot of feedback from listeners who really enjoyed the podcast with him. Yeah. But it was the first of a two-part series about privacy and security in light of some of the changes that have been happening with the new government administration. That would be the Trump administration. You said it. Not me. Okay, all right. We covered a lot of topics, Tony was amazing, and mostly about policy changes that could potentially impact how consumers use the internet. We covered net neutrality. We talked about the Trump administration’s attitude toward science and innovation, which is to say they don’t think science is good, apparently, because they haven’t appointed ... It’s a hoax. It’s a hoax. Science is fake news. And we talked a lot about these new policies they put into place, which give internet service providers an ability to get a lot of data on you. So, it’s a really interesting time. Right. Which, as Tony explained, you know, they’d had these rights before, but in some ways some things haven’t changed, but at the same time, everything has changed. Right. This is a more friendly administration to big business. Right. And so this week, as part of our two-part Tony podcast, this week we’re focused on security, things like encryption, VPNs, the internet of things and other potential vulnerabilities. We’ve been getting a lot of questions about all of these topics since Donald Trump came into office. Yeah. LG: So, we’re thrilled to have security expert Tony Gambacorta on the show. Tony is a private security consultant who’s worked for Citrix, SilverTail Systems, RSA Security and, most recently, he was at Synack, a Silicon Valley firm that crowdsources vulnerability testing. Now he’s running his own company. It’s called 1585 Security and he focuses a lot on the hacking of internet of things devices. Tony, thanks so much for joining us. Tony Gambacorta: Hey, thanks so much for having me. This is great. LG: Tony part two. KS: Big deal. LG: Little-known trivia: Tony is the person who taught me how to pick a lock and find my way out of handcuffs at one point. KS: I don’t even want to understand why you were looking to get out of handcuffs. LG: It’s a good thing to know how to do. KS: Yeah, I guess. LG: Thanks, Tony. KS: If you want to get out of them, you know. I do live in San Francisco. People want to get in them here. Anyway, Tony, let’s talk about these security issues, because I think one of the things that has happened is people are very worried about this administration. They should be worried about all administrations. I mean, I don’t think the Obama administration slathered itself in glory around security. Sure. KS: These issues, fighting Apple and others, people are very concerned about this. And as more hacking happens, it’s something that I think about, I think a lot of people think about. What would you say is the biggest security concern consumers should have right now, given the recent policy changes and the overall increasing sophistication of bad actors? I’d say probably the biggest issue is the fact that there’s such an information asymmetry out there, that the people who are on the carrier side know a lot about how this technology works. The consumers don’t know much about how it works. And perhaps even more terrifying, the legislators have no idea how the technology works. KS: Right, definitely. As a consequence, people can kind of pull one over on you from time to time. KS: What does that mean? What would be the ... Pull what over, exactly? So when you see laws, like we saw with the FCC, where it was a pretty commonsense approach. It’s an easy play for anybody who understands the space, but they were able to repeal it, because they use some sort of fallacious arguments that, "Hey, we just ...” KS: Explain that for regular people. The big argument they gave was they needed to be on equal footing with Google and other people out there that are on more of the application side. KS: Do they have to be equal footing to invade your privacy? Exactly. KS: Right. Right. The difference here being that I can opt out of using Google. So, if I have something embarrassing that I want to learn about, I don’t have to use Google to do it. I can go off and do something else. It’s not easy, but I can go do it with somebody else. But with my internet service provider, they’re the only game in town. So, they’re going to see all of my traffic all the time, and that’s a really big difference that seems to have been lost, kind of, in the commotion here, in the exchange. But there is a very big gap between policy and technical capability, and I think that’s an area where people can get, sort of, the power back on their side again. KS: All right. We’re going to talk about those tools in a minute, but what would you think are the biggest security concerns right now? Is it the invasion of all these devices into your homes or that your mobile phone is with you all the time or that cameras are everywhere? There’s so many things to be paranoid about. I would say that there’s a very fast ramp of adoption for things like IoT devices. There’s a gold rush happening. People are charging into it, and as a consequence, they don’t always understand how things work. And if you’re desperate to get a product to market as quickly as you can and kind of jam commodity sensors into it, you’re more focused on the commercial maybe than you are about the privacy aspects of it, and that’s definitely a concern. LG: So, IoT devices, you think right now, that’s the gold mine for companies, marketers, advertisers, but it’s also, you think, the biggest potential pitfall? It creates such a rich dataset. Especially, for a device like a wearable or something like that that’s with you all the time. For that to exist, you have no visibility in how it communicates, right? I mean, if you have a Fitbit or if you have any other sort of item on your person, you don’t get to see that it’s using HTTPS or HTTP, you just know that it’s on and trading information. But how it’s doing that, it’s totally a big deal. LG: Kara doesn’t use Fitbits ever. KS: Never. LG: She calls them her unwearables. KS: Yeah. LG: They all end up in a drawer. KS: See, I have this regular watch. LG: She’s more secure than the rest of us. KS: I’m sure some CIA agent has put something in here, but at least they had to make an effort to do so. So, talk about the IoT. First, let’s talk about wearables. So it could communicate anything back, voice or presumably ... Right now, they don’t do that, but they could, correct? Well, I think what people need to remember is that these are devices. They don’t know what they’re for, right? So, if you have something that’s got a camera and microphone on it and it’s running some embedded software, you could use it as a toy or you could use it as a weapon. It’s just all about the context of what’s happening there. KS: Right. Then in the home, these new ... The Amazon Echos, the Google Devices, and there’s one coming from Apple soon allegedly. All these things have these capabilities of just being present and you forgetting about them being there. I think so, yeah. When you think about, like, a device that’s got an always-on microphone ... these are exactly the sorts of things that people freak out about in the other context. My house is bugged, right? KS: Right. But when this happens to us because we paid for it, we love it. Now, as far as the FCC stuff goes, that stuff is generally encrypted when it’s going across the wire. The good news is that Comcast, everybody else, they’re not going to be able to intercept those communications. They’re not going to hear what you asked Alexa, for example. You know, the provider still will, but they’ll be blind to it. KS: Right. LG: By the provider, you mean, they’re not the internet service provider or the maker of the technology? Sorry. The maker of the technology is going to be able to receive and interpret, and they’re going to build a nice, big, rich dataset on all the things that you like and what you do and how often you use it. LG: Right. But your internet ... LG: Yeah, because right now, if I do a voice search through any of them, like, through Amazon Alexa, for example, or Google Home, you can then go into the mobile app and see a literal log of the things you’ve just asked. That’s exactly right. LG: I mean, it’s not encrypted. It’s just plain text. It’s right there. Well, you can see that there, but as it’s being transmitted back up to the cloud, so in other words, as it’s crossing through the carrier’s network, in that point it’s encrypted. KS: But it still gets to the company and who knows what ridiculous systems they have in place. Some guy named Phil is just happening to look at it. There’s actually, probably, a small army. KS: Yeah. There’s a reason why it’s so darn hard to hire data scientists and data engineers right now, right? Because we have such a rich dataset and no one is really quite sure how we’re going to, like, finagle it all into something that they can monetize. But they certainly don’t create something like that so they can just, “Aw, shucks,” make it easier to figure out what the weather is. KS: So, going back a little bit: Obviously, the first one is the phone that you’re carrying all the time, which you’ve become so comfortable with, it’s like an extension of yourself. Talk a little bit about where that is, and then we want to talk about what you can do, like, some of the things that you can do to protect against these things. But the phone, seems to me, is the first point of contact with everybody and how comfortable people are with it. Yeah, I think you nailed it. People are just very comfortable. When you have this big emotional response to something, eventually you get fatigued and you get tired of being in this state of awareness all the time and you let your guard down as a consequence. We tend to install apps and we don’t really think about what permissions they’re asking for, depending on the operating system you’re using. Sometimes it just doesn’t give you a choice, right? It just says, “You either are gonna take this or leave it.” I’m shocked by the permissions that are requested by a lot of different apps. I saw one the other day that was for watering a plant, but it still wanted to have access to my camera, my contact list, all my network information, my GPS, everything. So, I think that’s an area that’s going to get more and more interesting, because you’re not on a high alert there and you’re not thinking like, “Hey, this is an app that’s tracking me.” KS: Right. I actually go, “No. Fuck you. Fuck you. Fuck you,” every time. LG: And then you just don’t download the app. KS: No, I do. I do. I just don’t give it permissions. And then I turn on and off permissions constantly. LG: Yeah. KS: But I don’t think people are like me. I think the average person when they install it by default ... KS: They just let it go. They just flip the button and then that’s where it goes. LG: They just, yeah. And when you’re dealing with a targeted ... Let’s pretend for a moment these people are attackers as opposed to marketers. KS: Right. A targeted attacker is going to be frustrated by you turning things on and off. It’s going to try to figure out other ways to do it. These marketers, they’re opportunistic. They don’t want you or me. We don’t have a picture of ourselves up on bulletin boards somewhere, right? So, you’re not going to have to worry about them, because there’s so many people who are willing to swim into the net that, you know, you’re sort of immune that way. KS: Right. LG: I guess I wonder on a bigger scale right now, when we’re talking about what we should be most concerned about when it comes to online privacy and security, it seems like there are so many different ways or areas that we can be concerned about. We have a new administration, we see some policies changing. There’s that. We have these big, giant tech companies, these all-knowing tech companies, and they have access to specific information. Then there are marketers, advertisers, right? So we should be concerned about that to some extent. And then I guess there’s us in our own ignorance, we, the consumers. And then there are bad actors and there are hackers, right? So who’s the biggest concern right now, would you say? If you were telling people, “Yeah, you need to be concerned about privacy.” Why? I would say it depends very much on what kind of person you are. If you’re the kind of person who inherently does not trust your government, then I would be very, very concerned about what’s happening with the administration. We’re seeing time and time again, when there’s an opportunity to give themselves a little bit more power, they’re taking it. Does this mean that, to your point, that Obama was a saint about this? No. No president has been a saint about this. And that’s why I say it’s not about administration. It’s about your government. How much do you want them to actually have access to? If you’re worried more about your lifestyle and what’s going to happen there, then I would say be more worried about the marketing, the, you know, what does Apple know? What does everybody else know? Personally, I don’t let my kid interact with these devices, because I don’t feel like anybody really needs to have that. I don’t feel like she’s losing very much in her life by not signing information away to other people. It really comes down to how you think and feel about the problem. But ultimately, I do think that the greatest threat is our own ignorance, because we don’t understand how these systems work. Granted, you can get really deep in the weeds. You can really geek out on this stuff, but even just a high-level understanding of a lot of it will help people at least become more educated, make some more-informed decisions about it. LG: Honestly, there are some days where it seems like I’m not quite sure where I should direct my concern about my own online privacy and security. Yeah, it can be a scary thing. And again, my fear with that is that when you get scared by things, you tend to get fatigued by them and we relax after a while, right? Some things that become the new normal now are actually really weird and not okay. KS: All right. So, list those things, what people should do. Let’s think about just the very basics of security hygiene. The most proactive thing you could do is just to understand what’s going on. If you try to think about all the tech and all the moving parts, it gets really tough. Think of a more simple kind of a thought experiment. We all work in the same office building and there’s an old-school mail room that I work in, all right? So, by the nature of my position, I’m going to get to see a lot and learn a lot about what’s going on in the company, but what people do and how they interact with me influences the granularity of my knowledge, right? So when Lauren wants to send something in or out, all her stuff comes in as a loose pile of papers. I can rifle through it. I can read whatever I want. I have as much information about her comms as she does. When Eric comes in, he puts everything in an envelope and it’s signed. So I could try to sneak into the envelope and people would know, right? Now, I can’t see the details of what’s going on, I’m not totally blind. I can see how often he’s sending things, who he’s sending it to, right? How thick is the envelope, and everything else, but the actual details are gone. And then let’s say you, Kara, you don’t trust me even a little bit. KS: Not even slightly. Smart move. So, you’ve hired a courier. All I know now is like, “Hey, look, Dave the courier comes in here 16 times a day.” KS: Dave the courier is my cousin, too. Right. KS: Anyway, go ahead. You got to get the blood ties to keep the trust up. So, all I can know is, I can see how heavy his bag is. I can see how often he comes in, but I’m not going to have much more information. It’s exactly the same thing with your web traffic. If you’re sending stuff over HTTP, like when you’re web browsing, I can see all of it. I can rifle through it. I can monkey with it. If it’s HTTPS, can I intercept it? Sure I can, but it’s going to throw those warnings you see in Chrome that say, you know, hey, someone might be listening, and all that other kind of fun stuff. But if you use a VPN service like a courier, all I’m going to see is this traffic is going in and out. I could still measure it. I can create a traffic graph, bytes in, bytes out, but I can’t know anything about the content of what’s in there. KS: Sure. So, how does that manifest in ... You know, we’re talking about a mail room here. How does that manifest? The very first basic thing is not to be promiscuous on a public network. For example, don’t ever go on public networks? I use public Wi-Fi with a VPN. KS: Okay. LG: So, you’re at Starbucks, for example. If I go to Starbucks ... LG: And there’s public Wi-Fi ... KS: Walk through the steps very briefly. I would say, first of all, 99.9 percent of the time I’m using my phone or I’m tethered to it. If I can’t do that, I have a VPN that I bought. It costs me like $6 a month. And when I have to go into a public network like that, I just click on and then it routes all of my traffic. So basically it becomes opaque to anybody who also is on that network or anybody along the chain, right? Anybody else at Starbucks’ ISP. KS: This is on your computer. This is on my computer. KS: And on your phone? I don’t have the same protections on my phone. KS: What do you do then? Because that’s where you do get on public networks often. I tend to not for that very reason. Because there’s just not enough visibility in what’s going on. When I open up an app, I have no really good way of knowing, is this thing sending it encrypted or not? So I’m pretty judicious about it. KS: Is there anything you can do on the phone that protects it? There are minor changes you can make here and there, but if we’re being honest about it for the average consumer, no. There just isn’t that kind of control on visibility. KS: So don’t get on public networks with your mobile phone. I would be darn cautious about it. KS: And what happens? Explain to people what happens. If you’re lucky, you get out, nobody steals your stuff, but if you’re not lucky ... If I’m sitting in the same Starbucks as you and you’re using an open connection, I’ve got a little thing called an alpha card. It cost like 20 bucks on Amazon. I can just listen to all the traffics that’s going back and forth. And so I can see all the people that are there and I can monitor what’s happening. If they were sending, you know, privileged information, I’d be able to see it. If they were searching WebMD — which doesn’t even use HTTPS, crazily enough, with medical information, it’s HTTP. If you’re searching WebMD for a super-embarrassing thing, I’m going to be able to see what that is and what’s going on. KS: And will you be able to see into emails, for example? If those emails are going back and forth in plain text with no protection on them, I would be able to see it, yeah. Thankfully, most people are doing it right. The problem is for those times when, you know, they’re not doing it right. KS: Right. LG: So, you’re that guy in a plane ... When everyone is logged on via Wi-Fi in a plane, you’re that guy that’s like, “I know what everybody on this plane is looking at right now.” I would like to formally state for the record that under no circumstances do I do anything on aircraft and I love our friends at the FAA. KS: But you could. The fact is that anybody could. LG: Anybody could. There’s an initial investment — I would say probably about 100 hours or so if you’re already kind of technically inclined — to get up to that level where you can, like, “Oh, this is a protocol. It’s not dark magic. I can see how it all works.” And then it’s usually less than $100 to go out and buy the hardware that you would need to be able to do it. KS: And not be trackable, either. No, no, no. You’re completely dark. So when I, for example, when I use that Wi-Fi stuff, again, only for entertainment purposes, I actually change my hardware address. I can do so dynamically. So, you can’t even track that level of it. KS: Track you doing it. LG: So, the next level, I guess, is browsing, right? KS: Browsing. LG: Beyond that. So, you’re connected to the internet, and maybe you’re just connected securely, let’s hope, and maybe you’re not. But then you’re going to browse. Do you use Tor? Do you recommend using something like Tor? What I would say is, you got to think about what your trade-off is there. So, you’re saying, “I don’t trust this ISP. I don’t trust this environment, so I’m gonna route my traffic through a bunch of strangers’ networks and then I’m going to trust them more than I trust these other kinds of people.” That’s a personal choice that you have to make. I will say that — and I think we learned about some of this in some of the leaks that have happened — a lot of those Tor exit nodes ... If you’re in the I-fear-my-government side, it kind of made sense, right? KS: Right. They all went and took over those nodes and they own them anyway. KS: Right. So, does it matter in that regard? It’s kind of a mixed game there. KS: Right. If they really want to get to you in that way. But a VPN, before you mentioned, is advisable at least at the ... It’s like a basic lock. It’s like a pretty good lock to do that? And you pay for it. You do not take free VPNs. We want to stress that. If you didn’t pay for it, you are the product being sold. Full stop. KS: Right, right. So, yeah. Just like you are on Facebook, there’s a reason why it’s free. KS: Can you give us names of some? Yeah. American Private Internet is a great one. KS: American Private Internet. Yeah. That’s the one that I use. And there’s quite a few other ones that are out there. KS: Right, but paying for them is ... Paying for it. KS: Paying for it all the time. Yeah. KS: All right. So, that’s the first part. Second is, in your home, listening devices ... You’re right. You go paranoid about listening devices and then they’re there. I have an Amazon Echo. I keep it on the red mode almost all the time — and it’s bright, by the way, it’s bright red, so it’s irritating at the same time, but I’m fully aware that it’s not on. I don’t believe it’s not on. I keep thinking they’re probably secretly listening even though the red light is on. Talk about that when you’re using those. All right, I’m going to wrap the tin foil hat around like three or four times here, right? KS: Okay. When we really think about what happened there, that device turned on a little red LED and then we’ve been conditioned that that red light means that everything is okay and there’s nothing wrong. But unless there’s a physical switch that you’re doing that pushes the thing over to the side that actually breaks that circuit, then all bets are off. KS: That’s what I say. I unplug it now. Exactly, right? And hence the fact that I’ve got Band-Aids on my cameras and stuff. KS: Yeah, so do I. It’s like that all over my house. LG: Although, I do think there is a physical button on the Echo that you press to go from the red light non-listening mode to listening mode. KS: Right. You do. I just still don’t trust it. I know it sounds dumb, but I, just, I unplug it too. This is the glory of owning a soldering iron and having a lot of fun. You can, actually, if you’re the kind of person who wants to go in and look at these devices and say, “Hey, look, that button’s the only game in town,” you can do quite a bit with it. KS: Right, right, but if you don’t want to turn off all the way, the red button’s the way to go. But then again, I feel like it does make me think that it’s not on. I think that that’s probably fair. I would say if you’re going to bring a device like that into your home that there is a certain level of risk that you’re willing to trade off for the convenience of what you’re getting on the other side. KS: So what risk is that? The fact that it’s fallible, that it’s this thing that’s listening in your house and you are relying on the fact that the engineers that built it are doing the right thing. You’re relying on the fact that there isn’t an insider threat at that firm that’s then taking that information, doing something else with it. You’re relying on so many different things with something that’s extremely personal. What happens in your own home is kind of ... so that’s just the decision that you have to make. KS: Right. LG: What about smart TVs? I think we’ve seen that those things are a bit of a mess. LG: I think we have. I think anything you have, you have a lot of problems that come into play there. I think the one that really gets me about smart TVs is that there’s just such a low incidence of people having auto updates on the firmware, where if a vulnerability is discovered, that’s it. Like, it’s going to be out there for a very, very, very long time. And that means that, you know, the longer it’s out there, the more people know about it, the more ways people figure out ways to exploit it. KS: Again, what could people do with a smart TV, someone who sits outside your house? What could they do? So, you’re talking about the ability to ... It’s got eyes and ears, right? It’s got audio and video capabilities on it. Depending on the what the vulnerability is ... There’s an interesting one that came out a few months back. I could actually change the content of what you see. So, we saw an example where a guy used over the air to ... You know, you thought you were watching CNN when in fact you’re watching hacker CNN, and things like that. So you can do a lot to influence what’s happening. Again, it’s just wires plugged into other wires. Once you realize, hey, this is just a signal and signals are just carrying a bunch of frames in a row. What happens if I replace the frames? What happens if I freeze the frames? Or things like that. KS: But listening in is what the issue is. They could turn something on, like turn on your computer. Yeah. They could turn things on. They can listen to things. KS: So, unplugging remains ... Unplugging is a great way to do it. LG: Off the grid, Kara. KS: Off the grid. Off the grid. LG: All signs point to we should just go off the grid. KS: Okay, go off the grid. There’s also a great ... There’s a great app. It’s actually free for people who use Mac from Objective See, he spells it S-E-E, that just listens to what’s happening on your laptop and tells you when something turns the mic on or the camera on or whenever any peripheral is accessed, it gets brought on. And when he cranked that on and released it, people started sending back, “Hey, this is weird. I saw this. I saw this. I saw that.” And what they saw was that more than one application provider was cranking the mic on and then leaving it on. And to your point, even when it said, “Hey, it’s off,” there was a pretty well publicized case with Shazam, where if you click the button off, it didn’t actually turn off. KS: So, they’re like, “Oh, it’s easier for us and it’s easier for you.” That’s their excuse. Yeah, “Oops, we made a mistake. We wrote a bug.” KS: What do you think about putting cameras, covering up ... I got something from the Mr. Robot people, I love it. It’s not a Band-Aid. It’s the actual, like, on/off screen so people can’t see into my ... Yeah. It’s a camera. And if you don’t understand how the inside of it works, then the best thing you can do ... You do understand how covers work, right? KS: Yeah. So, we can do that. We can protect ourselves that way. LG: What about security cameras? KS: Yeah. LG: So, your old firm, Synack, had done a fair amount of testing around home security cameras, popular ones. We did. Yeah, we got in the news a couple of times for some of that stuff. One of the ones was ... Yeah, it was actually anesthetizing cameras and then also inserting fake frames, so making it look like everything was well at the house when something wasn’t. KS: Oh nice. Well done. Yeah. LG: I’m pretty sure my cat does that when we’re gone. KS: That’s like a “Mission Impossible” plot I recall. It’s fun. KS: Yeah. If I didn’t have this job, I’d be in jail. KS: Yeah, I know. So, yeah. There’s lot of things that we do where we think we’re making ourselves more safe, we are in fact introducing risk in another way. KS: Do you have a security camera in your home like a Dropcam or ... No, I don’t KS: I don’t either. I have probably the most low-tech house you’d ever see. KS: Yeah, they wanted to ... Comcast recently put in, I can’t believe I’m letting them do this, but they put in my security system. And they were like, “Cameras here.” I’m like, “No.” They’re like, “Everybody wants cameras.” I’m like, “Not this lady.” I don’t need ... KS: Like, “Do you want to see your cat all day?” I’m like, “Nope.” Exactly. KS: Nope. Nope. I don’t need the camera, and when the convenience it provides is nearly as ... Like, it doesn’t bounce out for me, and someone else could look at it. KS: Right. And I kind of know what I’m knowing. Like, I know how to configure these things. That’s what tools like Shodan are for. That’s why there’s such a playground where people can go out and you can really demonstrate the point that people who put these cameras in their house rarely know how they work, and so it’s incredibly easy to go off and just browse through other people’s networks. KS: What about your own cameras, like, you know, in the teddy bear, that kind of stuff? Are those also vulnerable factors? If it’s connected and it’s on the internet, then there’s a potential opportunity for a problem there. KS: Okay. Now, the thing here that you want to be careful about is, does it have any forward-emitting signals? So, in other words, if it’s sitting on the internet, is it like a black hole or is it making a bunch of noise? I tell people to think about submarines a lot, right? If a submarine is just sitting there quietly, it’s a hole in the ocean. There’s nothing to know about it. You wouldn’t know to go off and attack it. But if you can hear the guys in the kitchen and there’s all sorts of noise going on, then, okay, that’s giving them away. So whether it’s a toy or a camera or anything else, if it’s exposing something to the internet, you’re going to have a bad time. That’s why companies like Nest, companies like Ero, rather than having you connect into them, they connect out to the cloud, and then your mobile app also connects to the cloud. You do all your conversations there and they can keep things, you know, nice and tight. LG: Which means it’s off the device, specifically? Yes. Rather than having a web server sitting on the device, your device is connecting back out to the cloud and you’re connecting to the cloud via your mobile or however you want to ... KS: Then we just have to trust Google, which is not my favorite thing to do. LG: Trust cloud. Then, yeah, you have to go and trust those guys, yeah. KS: Yeah, I do. LG: Right. Nobody should trust anybody, honestly. KS: No. LG: No. KS: No. What about messaging apps? Because we talk a lot about Signal and others using them here for basic things. Like, I did have the Echo in my bedroom and then I removed it from my room, because I make a lot of calls, work calls and stuff like that, which also can be monitored, presumably. I use messaging apps now a lot and some of them ... I’m worried about some of them. So, if you’re talking about cryptography and being in the business of keeping secrets, it’s kind of counterintuitive. But the more open the cryptography is, the more secure it is, the better it is at keeping your secrets. Signal, I’m in love with because it’s open-source. You can know how that math works. You can know how they’re keeping the secrets. You can look at all of it. It still won’t help you, because it’s just the way that crypto works. LG: It still won’t help you as a hacker or as a consumer? As a hacker. It won’t do anything bad to you. As a consumer, honestly, you’re probably not going to do much with it. You know what makes me feel really good is that I know guys who know crypto really well and they look at it. I know guys like, you know, Schneier and all those other guys out there are looking at and they’ve got eyes on and they’re saying, “Okay. This is fair. This is legit.” And so, there’s not secrets that are going back and forth. Compare that with some of the other technology that’s out there or it’s like, “How is this working?” “It’s working ’cause I said it’s working.” KS: Right. That don’t ask so many questions. LG: You know there are apps that claim to encrypted? Oh, I’ve seen way more people roll their own crypto and sort of build their own, “Hey, I’ve got a great way of keeping secrets. This is gonna be awesome.” And it’s usually this really embarrassing, like ... Imagine a toddler hiding behind a broom kind of level of secrecy that they’re bringing in to this stuff. So, I’m a much bigger fan of, “Let’s keep this stuff out in the open.” If I want to keep it a secret ... KS: Right. I use that. And so, when I communicate and I don’t want people to know what I’m doing, I use Signal. KS: Would you do it all the time? No regular text over a phone? The thing about something like Signal is that people on the other end also have to have it, right? KS: Right. We need end-to-end encryption here. KS: What about basic texting? Basic texting, if you’re just saying, “Hey, I’m gonna be five minutes late,” yeah, I send that stuff in plain text. You can knock yourself out if you want to know more. KS: Right. LG: Via SMS or IM message? Again, it depends on who I’m talking to on the other side, so I don’t really rely on it either way. When you’re talking about SS7, I’m talking about that signaling network that’s underneath all that stuff. You know, that thing was built when we were like, “Oh God, please let’s get a connection going all the way through.” It wasn’t built for security, so it’s kind of Swiss cheese. But an opportunistic attacker doesn’t care what time I’m getting home. KS: Right. They don’t care about any of that kind of stuff. A targeted attacker does. So, if you’re getting, like, your multi-factor authentication codes through SMS and you’re a high-wealth person that’s likely to be targeted by an attacker, a place that’s doing a lot of wire transfers, that’s going to be bad. KS: So, what you should do is what then? Because it’s only a code that lasts for a second. That’s exactly right. That’s why the average consumer doesn’t worry about it. It’s opportunistic. They’re not really looking for that. They’re not going to go through all that effort it takes to get a control of your account and get your password and monitor your comms on the other side. You’re talking about someone being a must-in target, right? KS: Right. And most of us, again, we’re not must-in targets. KS: Right. Because most of them are ephemeral. I use Auth, Google Authenticator or something like that, because I feel like that’s more ... Yeah, I use the same. So yeah, I use it. It’s great. Again, the average consumer really overestimates how often they’re targeted by an attacker as opposed to just being an opportunity. KS: But not having two-factor authentication, it’s ridiculous not to have it. Yeah, yeah. KS: That’s a must-have, I think. It’s one of those things that just ... It’s an opportunistic issue. KS: Right. So if you have a password, chances are, just by the math, your password’s not great. So as a consequence, if you don’t have two-factor authentication, it’s a lot easier to get you. If I’m in organized crime and my bosses told me, “Go get a thousand accounts,” you’re going to be one of the thousand that I get. I’m not going to go expending extra calories to go catch the person that’s got the hard password or anything else, because I don’t need to. There’s just so much low-hanging fruit out there. LG: Which brings me to password managers. Do you use one? Absolutely. Yeah, yeah. I use 1Password. I can’t encourage it enough. KS: And you like their scrambled passwords versus ... I like their passwords. I like the fact that they give you the ability to have both super-high entropy ones, but then also they’ll generate just words. So, you know, hey, if it’s a password that I have to type in sometimes, like my iTunes password or something like that, I like the fact that I can have, this word dash that word dash another word and that’s really good on a lot of things. But I can also have these just, you know, high-entropy strings of 26 characters. KS: What about making up your own passwords? We’re not that smart. Don’t do it. Everyone thinks they’re creative. But, you know, if once you start playing with some of these things, like running like a horizontal password-guessing attack, you start to realize that everybody uses a date that’s from their lifetime. KS: I don’t. So it’s like from 1900 all the way to, you know, today. LG: Or an address or some type ... We don’t have very many different names for our dogs. Like, we all name them the same thing. LG: Yeah. So, a lot of things we think are creative and slick are in fact not. KS: Interesting. So, it’s just easier to outsource it. KS: I have a foolproof thing that no one would ever find out. LG: Really? Foolproof password or a system? KS: A system. LG: A system? KS: Yeah. LG: Oh, okay. KS: Yeah. I’m not going to tell you, but ... Because, again, it relies on the secret. And that’s when that’s the bad ... KS: I’m not telling you. LG: Well, yeah, no, you can tell us here. KS: No, I’m not going to tell you anything. LG: It’s just us listening to this podcast. KS: No, I’m not telling you anything. It’s ingenious. LG: I actually talked to someone this weekend who was asking for advice about an account that had been hacked and she no longer had access to it. And it was the email that was tied to her Facebook. And then she decided to create this, like, this whole mess. And I said, “Well, let me ask this, are you using the same password for all these accounts?” And she said, “Well, yeah.” KS: That’s bad. LG: And I said, “Oh God. Let’s just roll back and start at, you know, 101 here.” If you’re somebody in that world where you’re using your password over and over again, Google “Have I been pwned?” Go to that site and go type your email address in. Or go type your username in. So, for me, I type in TGambacorta@ or just Tony or whatever else I might have that’s out there, they’ve got all the credential dumps. So when LinkedIn got popped a few a years ago, Adobe also ... KS: Right. All those other guys. They got millions and millions of sets of creds. They have those. And they’ll say, “Yeah, you’re on the list,” or, “No, you’re not.” So, if you’ve got a loved one who does sort of silly stuff like that, throw their name in their and see what happens. It’s a great way to be like, “Hey, you really ... Please.” KS: Like Ashley Madison. LG: You’ve been pwned. So, we’ve just thrown a lot of terms out there, by the way. So to back it up a little bit, quickly explain when you said HTTPS earlier. Explain what that means for web users. And then, we’re going to be talking a lot more about VPNs. So, what does VPN actually stand for? Gosh, yes. So yeah, HTTP is the way that your browser is trading information back and forth. By default, there’s no security on it. So, you can use HTTPS, which adds a layer of encryption on top of it. And what that does is it basically sits between my machine and the machine I’m talking to. So, you know, my browser and Facebook, we’re gonna be able to have a trusted session there. VPN, on the other hand, is like creating a pipe. It’s a virtual project network between my internet connection and whoever my VPN provider is. So, my ISP, for example, with the Facebook thing would know that I was going to Facebook. They wouldn’t be able to see anything in there, but they’d see the traffic heading over that way. But with a VPN, all they would see is a bunch of traffic heading out to the VPN provider. LG: Okay. So that they’re blind to what the actual content is. LG: So, a little bit more, like, what you were saying earlier with the courier. You know that there’s traffic going back and forth but you don’t know what the package says. You don’t know what’s inside the package. That’s right. So yeah. So if I see somebody, you know, 90 minutes of data going across all at about the same rate, cool, that’s probably somebody watching a movie. I can make inferences like that, but actually knowing what movie they’re watching or if it was on Netflix or YouTube or something else. That’s all going to be totally ... I’m not going to have any idea. KS: Thanks, Tony. Stay tuned. We’re going to be answering all of our readers’ questions shortly. First, we’re going to take a quick break as Lauren reads a word from our sponsor. Ka-ching. LG: I was actually hoping you would read it today, because you have a breathy, wild-weekend voice. KS: No, that’s all right. No, thank you. It’s your job. LG: Okay. KS: One of the few jobs you do here. I carry most of the water, but this is your job too. LG: It’s true, as everyone knows. KS: Yes, so, please read. LG: Today’s show is brought to you by HostGator. If you’re ready to take your website to the next level- KS: More enthusiasm, Lauren, please. LG: More ... KS: Okay, keep going. LG: One more time with feeling. KS: All right. Okay. [ad] KS: Now, Lauren, can you just say pachow after every sentence? LG: Pachow. KS: Okay, good. Go ahead. Keep going. LG: Where did you come up with that? KS: I just did. LG: It’s lik, Paczkowski. I’m just going to say Paczkowski. KS: Pachow! I’ll tell you later where I came up with it. LG: Okay. See what HostGator can do for your website. Pachow! Right now, Recode listeners, get 60 percent off. I’m not going to keep saying that. KS: Pachow. LG: Paczkowski. We miss you, John Paczkowski. KS: Pa-tew! It’s the noise of fireworks, just so you know. LG: Why fireworks? KS: Pachow. People like fireworks. Who doesn’t like fireworks? LG: I don’t know. KS: Everybody. Oh, just you probably. All right. Anyway, so, we’re going to get to our readers’ questions right now. LG: You know it was my birthday this weekend? KS: No. I guess you told me. LG: No, you didn’t wish me happy birthday. KS: I think you told me. Oh, I have to just say happy birthday for that? Happy birthday. I’m sorry. How old are you? LG: Walt Mossberg wished me a very happy birthday. KS: All right. How old are you? LG: I’m not telling you. KS: All right. I’ll throw you a party this weekend, all right? LG: Yeah, I’m sure. KS: Yeah, I will. I’m serious. LG: Yeah, I’m not going to hold my breath. KS: I’m serious. I’m serious. I’m already having one and I’ll invite you and make it yours now. Okay, so, if you’ve been listening to the show, you know how it works. Every week, we take tech questions from our readers and listeners and we try to answer everything we can. This week, we’re answering your questions about internet security and privacy. First question, Lauren, please do the honors. LG: Okay. We should start off by giving credit to listener Delany Bisbee who emailed us. KS: That’s not a real name, is it? Delany Bisbee? All right, go ahead. LG: No. This person is obscuring their name, because they’re smart and do not want to be bothered or hacked. Delany emailed us shortly after the Senate voted to overturn the new FCC privacy rules that would’ve gone into effect later this year. And for more about that vote, you should definitely listen to last week’s episode with the other Tony, Tony Romm. But Delany wrote in to us to say, “I was curious if you have any suggestions for the tech-illiterate when it comes to privacy to protect themselves. I try to keep in touch with what’s going on in tech, but this one kind of befuddles me. I grew up and just until recently worked on a factory trawler. My sister and brother-in-law are farmers and a good portion of my friends are teachers, loggers, and work in service jobs. Do you have any suggestions for platform users who aren’t tech-literate and don’t work in tech?” KS: That’s everybody. LG: So, I guess if we just make it super basic, what would you say are maybe the three or five most important things people should be doing? So, yeah. A lot of my friends and family all come from the same world. KS: Yeah. Right? So I’ll tell you the same thing I tell them: Don’t gamble with what you can’t lose. So, every time that you put something out there, because you want to get a potential benefit, you want to possibly win the game. There’s also a chance you’re going to lose the information. So if you’re nervous about it and you’re worried about it, don’t put the camera on it. If you feel like you really have to have a camera at your house, maybe put the camera on the front porch as opposed to in your kid’s room. Just sort of commonsense things like that. KS: Right. Okay, and on your phone? Two-factor auth? If you have the opportunity to turn something on for two-factor auth, do it. If you don’t, use complex passwords. KS: But you always do. Don’t be a lazy so-and-so. Well, yeah. The sad thing is you don’t, really. A lot of banking apps, for example ... KS: No, I know. I yelled at banks and then they finally got it. It’s a bummer that more haven’t rolled it out. KS: Yeah, Wells Fargo does. Yeah, you have to fight tooth and nail to get Wells Fargo to do it. KS: Yeah. And my Twitter account was protected. KS: And I’ve been yelling at Comcast all the time. They’re going to introduce it soon, I think. I hope they do and I hope they make it the default. KS: It’s crazy they don’t. Because the people don’t know how all these things work, then they’re never going to ... KS: No, I write Brian Roberts, I’m like, “Hey, two-factor auth, how’s that going?” God damn. That’s the right way to do it. KS: “And by the way, my cable’s a little slow.” LG: So, it seems like what you need to do is if you buy an IoT device, something connected, maybe don’t put in the most sensitive part of your house. KS: Yeah. LG: The second thing to do is use ... I would say use a password manager. It’s going to be a little bit expensive. Something like 1Password, I think, charges around $65 per year. KS: They do. LG: But what they do is they make really secure passwords for you and they differentiate them from account to account. They store them for you securely and then you can just plug those in as you need them. It sounds like the third thing is, maybe, if you’re just really that nervous, like you said, there’s a cost-benefit analysis that goes on here. If you’re like, “I wanna buy this thing online, but the website looks kinda sketchy and I’m not really sure.” Buy it from people who you know and who you trust, right? Yeah. LG: Right. Just don’t do it then. KS: And a VPN. So if you found some really crazy deal out there, then it’s probably no good. If you’re not going to use a password manager, by the way, one thing that people often mess up is they think, “Oh, I’ve got to put lots of zeroes and exclamation points and everything else.” Go get three or four words that you know really well and put them in a row and add something in between. So, you know, cat-lawyer-boneyard. Great. KS: Boneyard? Whatever word pops into your head, the first thing that comes up. KS: All right. Those three words with a little bit of symbols between them, very easy for you to remember. And in terms of brute-force guessing a password ... KS: It’s just weird. Pretty darn hard to do. KS: Yeah. Right? It’s just the way the password works. KS: That’s one of my systems. The one thing that doesn’t work is “welcome” or “password” with an @ sign and zero and a bang at the end of it, right? KS: Right. LG: Right. It fits the need that your provider said it’s got to have all these special things, but it’s remarkably easy to guess. LG: Right. KS: Yeah. LG: I feel like Brute Force would be a good nickname for Kara. KS: That is a good nickname. That’s my password. LG: Yeah. KS: BruteForce1. LG: If you were in a Marvel Comic movie, your name would be Brute Force. Kara, get the knuckle tattoos. KS: Just totally got my password. Brute Force, you like that? That’s my porn name. Anyway, so, next question. Utterly Random Techie @UttrlyRndmTchie. “How to explain encryption to people who don’t follow technology a lot?” When Mr. Duck and Mr. Bunny want to talk to each other and they don’t want Mr. Dog to understand what’s going on, they use a special language and they use secrets between them. So, they don’t say, “We’re going to go to a party later, do you want to come?” They use code words and that’s it. And we’re just getting fancier and fancier versions of that. KS: Nice. Well done. I like that a lot. Mr. Duck and Mr. Bunny, those assholes. Anyway, another one, Lauren. LG: This is an email from Farzan KH. “As we all know, Facebook Messenger is not end-to-end encrypted by default. I’m wondering, how does Facebook use our chats in order to make money? My primary messaging app was WhatsApp, by the way also owned by Facebook. And I recently switched to Telegram. What messaging app do you use? What do you recommend?” Well, we talked about Signal earlier, but I guess if you want to address that ... KS: Telegram. Do you like Telegram? I mean, like I said, I love Signal for the fact that I know what’s going on in it. KS: Right. I can’t answer the question about Facebook Messenger, because we don’t get to see what’s on the inside of it. KS: Because Mark Zuckerberg knows best. Exactly, but the other thing is, hey, these guys didn’t create this thing for free, all right? They didn’t do it just to be fun. So, yeah. They’re probably using that information in ways that might make you a bit uncomfortable. KS: Yeah, yeah, absolutely. Early on in Facebook’s history, they, of course, had people look ... The people worked there looked into people’s accounts all the time. They fixed it. Of course. KS: All these companies fix it eventually, but there’s always that period of time where people ... I used to do the deep packet inspection that everybody’s worried about. I spent 10 years in that space, and I’ll tell you, the way that we would troubleshoot things is we would watch somebody’s internet activities. They went past the wire. “Hey, he’s browsing this, he’s browsing that.” KS: Right. “Oh, look, his internet connection stopped.” So, yeah, it’s just the nature of the beast. LG: Yeah. KS: Yeah. LG: That actually happens a lot when I’m testing wearable devices and I find something wrong with it. The data is not processing properly, things seem inaccurate and I’ll write to the company. And I’ll say, “I found this issue as I’ve been testing it.” And the first thing they always want to do is get access to my account to watch the flow of data and I just don’t let it happen. Maybe they go and they do it anyway. I’ve actually had companies write back to me, inadvertently admit it and say, “Well, we looked into your account and we could see this, this and this.” I’m saying, “I didn’t give you permission to do that.” KS: Yeah. LG: But I mean, it’s kind of crazy when you think about the level of granularity of data that some of us have access to. Oh, yeah. KS: And also, what people give up. I mean, I was on an airline and they were asking people’s birth dates, and everyone in front of me gave them their birthday, and they’re like, “What’s your birthday?” I’m like, “I’m not giving you my birthday.” They’re like, “You have to.” I go, “I don’t. What do you need it for? Like, if you tell me what you need it for, if there’s something special, and you have my license. I’ve already ...” It was really interesting, but very few resisted. I say, pollute the dataset. KS: Oh, I do. You can resist by saying, “No,” or you can be like, “Yeah, yeah, January 1st.” KS: That’s what I do. Yeah, yeah. LG: 1991. I always throw a monkey wrench. KS: I think it’s well known, and I have a dozen birthdays on the internet. I get birthday-wished a lot. LG: It’s true. Actually, it’s really hard to keep track of Kara’s actual birthday, yeah. She’s had parties before ... Like, you had a big milestone birthday party that’s completely not around your birthday. KS: Yes, my 50th birthday. Not near. Not even close. Excellent. KS: My real name is actually Eleanor. Anyway, “Without sounding too tinfoil hat,” — there’s nothing wrong with tinfoil hats, Raymond, by the way — “how much work would it be to have all my tech devices run through a VPN? Smartphones, computers, smart TV. Is that overkill?” And you can’t, right? You can’t. Actually, you can. KS: Okay. So, there’s a thing called, but it takes a lot of work, there’s a thing called a point-to-point VPN. KS: Oh wow. So, what you would do is you would set up a VPN on your home router, on your Wi-Fi router. KS: I see. Okay. And then that would send all the information out. But your smartphone is portable. It’s going to go in and out of that network, so that VPN’s not going to protect it there. KS: A smartphone. But it’s a huge hassle. I’m actually kind of excited about what the response is going to be to this change and consumers being upset about privacy. I think you’re probably going to see a couple of the router companies offer that as an add-on service. KS: Yeah. Of course, then you have to trust them. Exactly. LG: But so, you’re saying it’s a huge pain to do it yourself, kind of the turnkey solution now, but if it’s built into routers then it’s easier? I’m saying, yeah, if it’s something where I have to go and put a Raspberry Pi line on my network and also that kind of stuff, that’s going to stink. If somebody says, “I’ll charge you an extra $6 a month,” like Ero comes to me and says, “I’ll charge you six or eight or 10 bucks,” or whatever, and then I’ll pipe this off to somewhere like Germany where the privacy laws are really strict. That’s possibly an opportunity there. KS: What about naming a router? I’m just curious, because some people say, “Don’t name them your names either.” Does it matter? LG: Kara’s is named “Kara Swisher lives here.” KS: “Don’t hack me.” In my neighborhood there are some people that have some very distinct names for their stuff and it just makes it easier to tie information to you. My computer’s name is Computer, you know? My router’s name is ... KS: Well, now you just told everybody. Is just something else. I know, I’m doomed. But, you know, just don’t give information away that you don’t need to give away. KS: Yeah, yeah. I once had a router name called “John Lennon Just Died,” because he did and I just kept it for years and that’s not like that anymore. LG: Why? KS: I don’t know. It was just happening at the time, and so I just didn’t want my name on it. I didn’t want my name on it See? Now I know, but now I can date ... KS: It’s not there anymore. LG: It was happening at the time. But then you can date the firmware to when the name was on there and so ... KS: Yeah, but it’s not on there anymore. LG: Wait, when did John Lennon die? Didn’t he die in the ’80s? KS: Yeah, but it was an anniversary. LG: Oh okay, that makes sense. I’m like, “Kara.” KS: I do stuff like that. Whatever I’m hearing at the time, I name things. LG: Kara’s like, “I have an Ero in the ’80s.” That’s why the passwords get us. KS: What? LG: You can get so many scoops. You’re like, “I had this scoop on a router that didn’t exist.” KS: No, no, no, no, no, it was something like that. It’s a news event. Whatever the news event is. Something like that. Go ahead, next one, Lauren. LG: Next one is from Jonathan Tanzer. “When using a VPN, is the speed of a fast connection, like Google Fiber, reduced by the VPN provider’s connection?” KS: Oh, that’s the question. Yeah, I’m curious about that. Yeah, absolutely. So, you’re adding another hop into the network. Every hop introduces latency. And if you have, you know, 100 percent possible throughput that’s going on through this, but your VPN provider, say, can only handle half that rate, well, then all your traffic’s going to go through at half of that rate and it’s going to slow down. That’s why a lot of these VPN providers compete on things like, “Hey, I’ve got lots of endpoints. I’m really close to your house. I can move the traffic pretty quickly.” KS: And what about when you’re abroad? I used one in China. And they always stopped it. It was interesting. Yeah, they have a tendency to do that, don’t they? KS: It was almost useless and then I just ... LG: Kara’s like, “I was safe. I was using China’s VPN.” KS: I know, but it was. I used one. It was funny, because ... And then I just gave up and I got a Chromebook and I just threw it out. I just smashed it. Yeah, that’s what a lot of people do. KS: It was like $26. I have some friends that played a fun game where they knew that was going to happen, so they brought an instrument and a laptop in and then looked at what happened on the other side of it. KS: Yeah. And they had a good time with it. But, yeah. If you’re in a country where they’re going to block your internet access, they would’ve blocked you anyway, whether there was VPN or not, all right? They’ll block half the traffic, so ... KS: Right, right. That was interesting. What about, you’re in another country like China, for example, which is the problematic country that everyone talks about. Do you go in with your email and then just never sign on to it and just let them read your email, or do you ... What do you do? Well, so, as soon as you cross the border in there and you had the email on your phone to begin with or the creds or anything else, and they took it from you at the border crossing and said, “Hey, I want to see this for a minute.” That was so they could image it and then go off and do their own thing. So, you’re already burned. KS: Right. So, I would suggest if you’re going to go do something like that and you’re concerned about it that you not try to do it by yourself. If you’re a, you know, a consumer that’s traveling on business and then you go talk to somebody who can help you understand counter-espionage. KS: Right, so you can access your emails or whatever, because you have to access them. Yeah. KS: At the same time, you don’t want to type in a password or change the password. There’s a lot of things you can do for counter-espionage, but that’s not usually the kind of stuff you find under your kitchen sink kind of security. You need to put some thought into how you’re going to build it. KS: You put some thought in it. LG: Does it help at all if you just log out of all of your usual accounts and create a kind of dummy email address just to use for specific apps? KS: That’s what I did. LG: Or browsing or things like that? Yeah, yeah. It would certainly help. But if, again, if they take physical control of your device when you go through the airport, it’s already game over. So, it’s best to just sort of keep it nice and clean. I’ll tell you, like, if you were to tell me right now, “I got to get on a plane to go to China,” I’d just set up my Gmail account and use that for my communications while I was there. LG: Set up a new Gmail account. I’d set up a new Gmail account. LG: Yeah, a new dummy account. KS: And then have everything forward there that you want to forward there? Yeah, you can forward the email, too. You can do whatever you need to. LG: Yeah, right. KS: That’s what I did. I had a phone that I threw out and broke. LG: Yeah. KS: I just have to think ... LG: I used VPN when I was in Vietnam, but I’m pretty sure I was looking over things like where to find the best pho. KS: Yeah. LG: So, I wasn’t super concerned about ... I mean, I did have access to my work email, though, when I was there. KS: I’m watching on that one, yeah. And there’s actually a really good point to you bringing that up. Don’t forget, when you’re in one of these other countries and you are trying to actively evade another government, they might not think that’s funny. KS: Yeah. In this country, it’s your right to evade those sorts of controls. In other places, that’s not necessarily the case. So, anything that we think might be cute here could wind up with, “Ow, ow, the cuffs are hurting me.” KS: We’re a cute country, aren’t we? Yeah. KS: We’re a cute country, it’s not so cute elsewhere. Okay. FReed @2lowtech, who’s written in before, “How do you know who owns a particular VPN, thus, seeing your way of history?” How do we trust the VPNs? I’m feeling very paranoid. You don’t. Just don’t trust anybody. I mean, you know who they are ... KS: What’s the one you named? I’m sorry, say it again? American Private Internet. And you know who they are based on their ... No, the contract that you sign with them based on the privacy policy that you get from them and everything else. But yeah, if you sign up for a free VPN, again, there’s a reason why they made it free. KS: Sure. LG: Next one is from Will Pfeffer. KS: Pfeffer? LG: He’s at @pfffr, like, P-F-F-F-F-F-F-F-F-R, on Twitter. “A lot of people cover their laptop/phone camera. Why should I care if the mic and all of my data is not covered? #tooembarassed” It’s a device. You like to use it to FaceTime and Skype and everything else, but it doesn’t know that. So, if someone finds a way to get in there and access your camera or your microphone, they’re going to do it. The most common way they would do that would be with malware. So the same sort of thing that gets installed on your device when you click that email link or you go to that bad website or wherever else and they steal your bank information. Now you’ve gone from stealing your credentials to being able to see what you’re doing when you’re online. KS: Right. Yep. I think the camera’s probably the most critical. I mean, the camera’s pretty darn important. KS: How do you turn off the mic? You just turn off the mic, right? You just put a little bit of tape over it. KS: Tape over it? Yeah, you can turn it off, but you’re turning it off in software, so somebody can turn it back on, which is just like when you stay, you know, with your phone, when it’s like, “Hey, my phone’s turned off. They can’t listen anymore.” They can totally turn it on, because the screen is turned off but that doesn’t mean the internals are. KS: Right, so just cover the mic. You can’t really cover the mic on the phone. That would be a pain in the neck. Again, a little piece of tape if you’re that worried about it, or, like, you just shut your phone off, put it in your bag. KS: Yeah. And then I think the last question is, what is the weirdest thing that could happen to you? Like, what is the most ... you know, when you’re talking about the things that people are vulnerable to, but what is something they just don’t think about? For example, I’m thinking of putting an electronic lock at my house rather than a key. Is that stupid? Or like, things like that as you start to think about automating your home? I think that people ... The weird factor that comes from it goes in two directions. One is that hackers don’t think like normal people. Like, I can’t build something to save my life. I know how to come to problems in weird ways. So, when you talk about putting a lock in your house like that and you’ve also got a voice-controlled system on the other side, as soon I hear you’ve got something that or you’re using if this, then that, I start wondering what I could do, how could I control it in ways that you’re not anticipating. KS: Sure. Are those safe? More so than keys or not? Anyone can get into any house, let’s be honest. They can break a window. Exactly, right? So, like, look at Lauren. I showed Lauren how to pick some locks. If people want to get in and out of a house, they’re going to do it. In terms of level of difficulty, yeah, cracking a window is heck of a lot easier than popping your August lock or something like that and then write a zero day to get me into that special room. There’s just easier ways to skin that cat, so that’s probably not as likely. KS: Right. But, you know, if you were looking at that August lock and you thinking, “Oh, that looks really cool. I can’t afford it, but look, this one’s like 20 percent of the cost.” KS: I see. There’s a reason why it’s 20 percent of the cost. It’s probably using a lot of OEM parts. It’s probably using an old distribution of Linux and might have a bunch of vulnerabilities in it that you don’t know about. KS: Right. So, was there a good one in that area? I like August lock. I’ve seen them be pretty proactive about what they’re doing in their security. KS: Like Schlage, I think those people ... They have a whole ... I just was looking at them recently. So they’re in the business of manufacturing locks. They don’t know a thing about ... They don’t have any mobile developers. They don’t have any guys with any kind of EE background in it, which means one or two things. Either the guy who’s been there for 15 years building normal locks googled some stuff. LG: Or girl. KS: Probably not a girl. Could be the girl. KS: Probably not. Yeah, you wish it was the girl, because then, yeah, she’s probably thinking about it a little more carefully than the guy who’s been there for 15 years. But he’s sort of just trying to shoehorn some stuff in to get it to work. Or they went off to a third party, in which case they got a bunch of bids and they took the lowest possible bidder to go off and build this stuff. LG: Right. And the lock industry has shown time and time again that they’ll reuse things, even really dumb things. They’ll do it over and over and over again. KS: Well then none of that, then. LG: When we really we think about it, being in a fairly civilized society here, we all kind of have this false sense of security around what actually stops people from getting in. And for a long time it was these ... they were physical things, right? A door, the window, the things that we build. KS: They can still get in those. LG: People can still get in those, right? So it seems like the translation of the digital world is the same. There are these things in place, they’re sort of providing this sense of security, but really anyone can get in if they want to. We presume that they’re defenses when they’re really deterrents. Right? So, I mean, the lock on a front door or the camera, it’s not there to keep me out. I know how to knock out your camera. I know how to pick your lock. It’s there to keep the average person out. KS: Right. If they’re trying to decide and they’re 50/50, “Am I going to do something bad or not? Not this one. I’m gonna go somewhere else,” right? KS: Right, right. That’s really all that is. If we mistake the two things for deterrence and defenses, we get ourselves in a whole bunch of mess. LG: That’s a good point. KS: Till we get the energizer, then we’re all screwed. LG: I would just like to state for the record, by the way, that I’ve never picked a lock even though Tony taught me how to do this. KS: No, no. Thus, you have. LG: And I’ve never been in a position where I’ve had to get out of handcuffs, but I know now how to do this. And it’s funny, because in Hollywood movies, they often like ... KS: That’s so sad that you’ve never been in a position to get out of handcuffs, but I’m not going to go into why that’s sad. Anyway, so sorry for you. LG: I’ve never been in a ... I’m just not going to get into this. KS: Let’s just not get into that. LG: Back of a cop car. KS: Anyway ... All right. We didn’t get into cars or anything else, but you’ll be fine for a while with cars. This has been another great episode of Too Embarrassed to Ask. Tony, thank you for joining us. Thank you. LG: Yes, Tony, thank you so much. We really appreciate it. KS: Made us paranoid. LG: Right. KS: I’m going to change all my passwords right now. LG: You all should stop listening to this podcast and go change your passwords, please. KS: Change your passwords right now immediately. LG: Cover your microphones and your camera. KS: Send the list to Lauren. Send the list of your passwords. She’ll keep it safe for you.

Read More...
posted 9 days ago on re/code
But this update may not hurt publishers as much as before. Facebook is tweaking its News Feed algorithm to fight a familiar foe: Clickbait, or articles that Facebook says “withhold information intentionally” or “mislead people, forcing them to click to find out the answer.” If this sounds familiar, it should. This is the third time Facebook has tweaked its algorithm since late 2014 with the sole purpose of fighting clickbait stories. What’s different this time around? Facebook says it’s getting more specific about how to minimize the reach of a clickbait post without necessarily hurting a publisher’s other content. In an update from August, Facebook started punishing publisher Pages that routinely used clickbait headlines. Now it says it can detect clickbait on an individual story level, meaning it will suppress a specific article from gaining traction in News Feed, but won’t necessarily punish the publisher’s other posts. It’s also going to start categorizing clickbait headlines into two categories: Those that “withhold information” and those that “exaggerate information.” Neither offense is considered worse than the other, but headlines that fall into both categories will have an even tougher time gaining traction in News Feed. Facebook’s official stance here is that clickbait headlines run counter to its efforts to create an “informed community,” which was a pillar of CEO Mark Zuckerberg’s big manifesto back in February. But a simpler way to think of this is that Facebook is admitting that clickbait stories do more harm than good among users, even though some publishers obviously benefit from them. It’s the same reason Facebook is penalizing publishers that drive people to sites full of ads, or publishers that post false news. Facebook is still reeling from the aftereffects of last fall’s presidential election, when false news reports ran rampant in News Feed thanks in part to coordinated efforts meant to hurt specific candidates. Cracking down on false news, but also extreme headlines that encourage partisan sharing without any substance to back them up, has been a major company focus ever since.

Read More...
posted 9 days ago on re/code
GGV Capital is leading the round into New York City-based Slice. Staten Island, New York is not known for tech startups. Luckily for Ilir Sela, it is known for its pizza. The Staten Island resident got his start by building websites for local pizza shops owned by some friends and family. After years of bootstrapping, he recently raised $15 million for his startup Slice, which aims to help pizzerias convert from phone orders to digital orders, and battle back against the digital dominance of Domino’s along the way. The round is being led by GGV Capital, the investment firm that has taken stakes in fast-growing app-based marketplaces like Wish, OfferUp and Poshmark. Slice had previously raised a small A-round investment from Primary Venture Partners. “In order for independent pizzerias to thrive, they have to adapt to digital,” Sela said in an interview. “You have to allow your customers to order online.” Slice operates both a website and an app that lets people search for pizzerias in their area — over 6,000 nationwide — and place an order online. The pizzerias handle deliveries themselves and pay a flat fee of $1.95 per order to Slice, no matter the size, whereas many other online ordering services charge a percentage of the sale. With Slice, customers don’t pay anything extra, unless their local pizza shop charges a delivery fee. A common response — which I had — is to assume that sites like GrubHub and its subsidiary Seamless already do a good job in this category. But one piece of the argument Sela makes, which I sort of buy, is that when someone is either in the mood for pizza or wants the convenience of it for a big group, they’re specifically looking for pizza. So a standalone ordering app for that category of food can work. Pizza sales were expected to reach $45 billion in the U.S. alone last year. There are other differences. Part of the appeal of websites like GrubHub is that they allow customers to choose across a range of different cuisines, which leads to discovering new restaurants. But Slice’s main pitch to pizzerias is around increasing loyalty among current customers, not necessarily attracting new ones. We will make it easier for your current customers to order from you, the pitch goes, so they will order more frequently and also spend more per order. Many pizzerias Slice works with also are based in parts of the country where popular online-ordering websites haven’t yet reached. The challenge of any marketplace is building both the supply and demand sides. So Slice leans on its pizzeria partners to spread the word to their customers. But the startup also just hired industry veteran Ryan Scott as its chief marketing officer. He most recently was with Soul Cycle, but his prior experience is more relevant: He was chief marketing officer of Seamless, and later VP of marketing of GrubHub. “With my network,” he said, “I have the ability to bring in people who’ve done this before.”

Read More...
posted 9 days ago on re/code
Plus, a “Jurassic Park”-style tour of Apple’s new mothership, and the longest pizza in the world. President Donald Trump asked then-FBI director James Comey to shut down a federal investigation into former national security advisor Michael Flynn, according to a memo Comey wrote after the February meeting. Trump also reportedly asked Comey to jail journalists. Sen. John McCain: "We’ve seen this movie before. It’s reaching Watergate size and scale." [The New York Times] Google begins its annual I/O developers conference with keynotes by CEO Sundar Pichai and head of developer products Jason Titus; the company is expected to reveal more about its “AI-first” future, and may announce that its voice-based AI Assistant is coming to iPhones. Here’s how to watch the conference. [Tess Townsend / Recode] Here’s an inside look at Apple’s massive “mothership” campus in Cupertino. The circular Apple Park building was commissioned as one of Steve Jobs’s last projects as CEO. [Steven Levy / Wired] Twitter co-founder Biz Stone is returning to the company full-time to help rebuild the company's culture. Stone left Twitter in 2011 and has remained friendly with CEO Jack Dorsey; he recently sold his startup, Jelly, to Pinterest. [Kurt Wagner / Recode] San Francisco is considering legislation that would ban sidewalk delivery robots citywide; meanwhile, other states are passing laws broadly permitting their use. “Our streets and our sidewalks are made for people, not robots,” said an SF city supervisor. [April Glaser / Recode] Top stories from Recode Apple is overhauling hundreds of stores to try to create the “modern-day town square.” Retail chief Angela Ahrendts puts her stamp on the iconic Apple Store. Apple, eBay and Microsoft are reviving their support in a transgender rights court case. They’ve filed another amicus brief backing Virginia high school student Gavin Grimm. One of the tech industry’s loudest watchdogs, Color of Change, is getting a boost from Hillary Clinton. Clinton recently revealed plans for a new nonprofit called Onward Together that seeks to help Democratic candidates and causes. Mark Zuckerberg’s birthday photo shows the 20 Facebookers you should know not named Mark Zuckerberg. Who gets to celebrate with the boss? Instagram just added face filters, making its copy of Snapchat complete. Introduced and popularized by Snapchat, the augmented-reality filters let users turn themselves into dogs or tacos when taking a selfie. This is cool You can keep your unlimited breadsticks Italy currently holds the record for world’s longest pizza, setting the Guinness mark last year with a 1.15-mile-long Neapolitan pizza. Not to be outdone, a U.S. pizza entrepreneur is planning to create a 1.3 mile-long pizza at California’s Fontana Speedway on June 10, with the 7,000-foot pie ringing about 70 percent of the racetrack. The food will be donated to local charities and food banks. [Farley Elliott / Eater Los Angeles]

Read More...
posted 9 days ago on re/code
And also the 150 other talks streaming from the Shoreline Amphitheater in Mountain View this week. Can’t trek down — or up, or east, or west — to the Shoreline Amphitheater in Mountain View this year for Google’s annual developer conference? No worries, you can watch it live from the comfort of the internet. Google will stream the main Google I/O keynote featuring CEO Sundar Pichai, as well as other talks, from the Google Developers YouTube channel. We’ll embed the video below once it’s live; bookmark this page so you don’t miss it. You can find the various talks that are being streamed by visiting the schedule page for Google I/O and looking for events with a video camera icon next to them. (We counted more than 150.) Livestreamed talks can be found at their scheduled times on the Google Developers YouTube channel. Last year, you could also watch the keynote in 360-degree video. Not the case this year, but you should still expect virtual reality to be on the menu at I/O. Here are a few streaming highlights: Wednesday, May 17, 10 am PT / 1 pm ET / 6 pm London / 1 am (but on May 18) Hong Kong: Main keynote, featuring Google CEO Sundar Pichai Wednesday, May 17, 1 pm PT / 4 pm ET / 9 pm London / 4 am (again, May 18) Hong Kong: Developer keynote (less consumer-focused) Thursday, May 18, 9:30 am PT/ 12:30 pm ET/ 5:30 pm London / 11:30 pm Hong Kong: VR/AR presentation We’re expecting I/O this year to flesh out Google’s AI-first vision with announcements that the company is automating and enhancing its products with more artificial intelligence features and tools.

Read More...
posted 10 days ago on re/code
Meanwhile, other states are passing laws broadly permitting the robots statewide. States across the country are passing laws to permit the use of autonomous delivery robots statewide. But in San Francisco, a city globally renowned for its tech savvy residents, local politicians are now considering legislation that would ban the use of the nascent technology citywide. San Francisco supervisor Norman Yee proposed the new legislation today, following efforts his office made earlier this year to look into regulations that would govern the use of autonomous delivery robots. Yee worries that the robots aren’t safe, saying that seniors, people with disabilities and children won’t be able move out of the way quickly enough as these machines roll down city sidewalks at walking speed (around four miles per hour). Yee says his office has talked with various robot delivery companies, including Dispatch, Marble and Starship, but that his discussions with them weren’t convincing. “Our streets and our sidewalks are made for people, not robots,” said Supervisor Yee in an interview with Recode. “This is consistent with how we operate in the city, where we don’t allow bikes or skateboards on sidewalks.” Yee said he is also concerned about the delivery robots taking away jobs. One company, Marble, launched a pilot program with Yelp’s food delivery service, Yelp Eat24, last month and is already operating in San Francisco’s Mission and Potrero Hill districts. Another company, Starship Technologies, conducted a trial run in San Francisco’s Richmond district last fall. Although the robots are currently supervised by humans, the idea behind them is that one day they won’t be. Starship is already operating — with human supervisors — in Redwood City, Calif., a city in Silicon Valley about 30 miles south of San Francisco, and Washington, D.C., where the company’s robots deliver food for the on-demand ordering services DoorDash and Postmates. Recode reached out to three ground delivery robot makers, Dispatch, Marble and Starship Technologies, but none of the companies responded by the time of publication. The new robot ban proposal in San Francisco comes as a two states, Virginia and Idaho, recently passed laws to broadly permit the use of driverless delivery rovers. Other states, like Wisconsin and Florida, are currently considering near identical legislation, which allows sidewalk delivery robots to use crosswalks and sidewalks statewide without a person walking alongside them. Still, the laws all still require a person to be somewhere in the loop remotely in case something goes awry. The Idaho and Virginia legislation that has passed also permits municipalities to craft their own version of the law, like how fast the robots are allowed to go, or to ban them entirely, like what Supervisor Yee in San Francisco is proposing. The wave of state legislation condoning the use of ground is being championed by Starship Technologies, an Estonian company that was started by two Skype co-founders Ahti Heinla and Janus Friis, who announced in January that the company had raised $17.2 million in a funding round. Likewise, Marble shared it raised $4 million in its seed funding round this year, and Dispatch received $2 million in seed funding from Andreessen Horowitz last year. Yee said that he spoke with a representative from the San Francisco Police Department who had serious concerns about how the police department would enforce any regulations on the robots, like about how fast the the machines are allowed to travel or count how many are being used at any given time. “I came to the conclusion that if we can’t enforce regulations, then we should just ban them,” said Supervisor Yee. “I think these robots would make sense, like on a Google campus or a university campus, where it’s a pretty enclosed environment,” he continued.

Read More...
posted 10 days ago on re/code
Join Recode for live coverage on Wednesday. A year ago, Google CEO Sundar Pichai laid out a vision for an “AI first” future at Google, where the concept of computing is focused less on devices, with the computer taking the form of an omnipresent intelligent assistant. At this year’s annual Google I/O developers conference, which kicks off tomorrow in Mountain View, Calif., we’re hoping to get a clearer understanding of what Pichai meant. (The keynote starts Wednesday, May 17 at 10 am PT, 1 pm ET.) We’ve seen the concept of AI-first computing fleshed out a bit with Google’s Assistant software that runs on the Google Home device and later versions of Android. But for the most part, the idea of “AI first” remains abstract. Ideally, we’ll come out of I/O with a better big-picture understanding of what this new direction for Google means. At the very least, we’ll come back with a smattering of new details that point in the direction of where Google is headed. Don’t expect new hardware devices, as Google tends to save those announcements for its fall hardware event. (There are exceptions: Google did announce the Home device at last year’s I/O.) But we don’t think there will be a Home with a screen popping up, for example, to compete with Amazon’s new Echo Show. Here’s what we’re expecting: Google, Google, everywhere. Expect Google to announce that it’s pushing Assistant to more hardware. Bloomberg reported that Google will unveil integrations with the iPhone and GE home devices including dishwashers, ovens, washers and dryers. That means users will be able to talk to their appliances, telling the oven to preheat or asking if the laundry is done, for example. More Home features. The Information reported last month that Google planned to add Wi-Fi capabilities to Home so that the device can be used to extend a household’s Wi-Fi network. This may be an announcement at I/O. Tensorflow. For software developers, Google may have news pertaining to its open-source machine learning framework Tensorflow, which Google uses for AI capabilities like recognizing objects and people in photos and understanding language. This could include announcing that Tensorflow will be supported by more platforms, which would mean developers could have more flexibility in the devices on which they run programs they build with Tensorflow. More AI smarts in more places. In general, expect Google to announce that it is expanding its application of AI technology in more places, and that Google products are getting more automated. The whole point of AI is that it’s supposed to do most of the work. VR and AR. We may learn that more phone manufacturers are releasing or updating phones with features compatible with Google’s Daydream virtual reality platform. What would also be interesting is to find out whether Google plans to release more open-source VR or AR software. Google has already made its VR art software Tilt Brush open-source. Android O. Earlier this year, Google released a developer preview of Android O, the latest version of the Android operating system under development. We already know a little bit about O, which doesn’t yet have a full name: It’s being designed for improved battery life, and is expected to have simplified app-notification settings, for example. We may learn more about it at I/O. Enterprise. Pichai wrote in his founders’ letter last year that enterprise — cloud computing and workplace software and tools — is a prime place to see AI advances take hold. Automated features figured prominently in announcements earlier this year at Google’s cloud conference, Next. Some announcements could be focused on workplace productivity or cloud computing. Wild card. All of these predictions and hunches are pretty straightforward. But Google tends to have something more exciting at I/O than mere iteration of what we already know the company is doing. So, what’s the wild card here? One guess is that Google could announce a new operating system. Ars Technica published photos of a reported open-source smartphone OS from Google, supposedly called “Fuchsia.” Join Recode for live coverage of I/O beginning Wednesday, May 17 at 10 am PT, 1 pm ET.

Read More...
posted 10 days ago on re/code
Angela Ahrendts puts her stamp on the Apple Store. Apple began pushing a new retail concept on Tuesday aimed at getting customers to visit their stores to learn new skills and not only come through when they want to buy or fix something. Starting on Tuesday, people can sign up for free classes ranging from a photography session titled “Seeing Beauty in the Familiar” with the photographer Chris Ozer to “Producing Music on the iPhone” with the producer Steve Lacy. The programming, dubbed “Today at Apple” is going live this week in 271 U.S. Apple stores and 495 overall. The launch is part of a new store initiative called “Today at Apple” being led by the company’s retail chief, Angela Ahrendts. The goal, it seems, is to build a connection with current and potential customers outside of when they are simply looking for a new Macbook or visiting the Genius Bar because their iPhone screen shattered. The store re-invention comes as all types of retailers are looking for new ways to maintain or increase foot traffic in their stores as more buying moves online. Within the industry, retailers are talking about re-allocating existing square footage toward so-called in-store “experiences.” Apple previously hosted free “how to” classes that taught beginners how to use its products and apps. Those classes will continue under the new “Today at Apple” banner, a spokesman said, but their content has been redesigned. Other new classes will be related to coding, art and design skills, as well as Tuesday night sessions geared specifically for teachers.

Read More...
posted 10 days ago on re/code
Stone is re-joining to help build back Twitter’s culture. Twitter co-founder Biz Stone is rejoining the company. Stone, who left Twitter in 2011 and recently sold his startup Jelly to Pinterest, announced in a blog post Tuesday that he’s headed back to the company he founded full-time. It’s not exactly clear what Stone’s title will be, but a source familiar with the move says he’ll report to Twitter CMO Leslie Berland and help with internal communications and morale at the company. Stone has always been a positive, rah-rah kind of executive, and was responsible for helping to promote Twitter to the press and to celebrities in the company’s early days. It sounds like he’s trying to re-create some kind of spark that Twitter may have lost over what’s been a tough couple of years. “My top focus will be to guide the company culture, that energy, that feeling,” Stone wrote. “It’s important that everyone understands the whole story of Twitter and each of our roles in that story. I’ll shape the experience internally so it’s also felt outside the company.” Stone says he’s returning “full time,” which we assume means he won’t work part-time at Pinterest as an advisor, as was the plan earlier this year when Pinterest acquired his startup. We’ve reached out to Pinterest for clarification and will update when we hear back. In the meantime, Twitter now has two of its co-founders back in the building every day, with a third, Ev Williams, sitting on the board. According to Stone’s blog post, his decision to return was surprising, even to him. CEO Jack Dorsey apparently asked him to return while Stone was visiting at the company’s all-hands gathering, called Tea Time, a few weeks back. “I wasn’t really sure if he meant it,” Stone wrote. “After Tea Time, we spoke privately and Jack told me that he really did — he wanted me to come back and work at Twitter. The company I co-founded, the service I co-invented. I was stunned, but I knew the answer.” Stone and Dorsey have maintained a close relationship since founding the company together. The duo used to catch up weekly over tacos in San Francisco, are are still close friends. And now, apparently, co-workers once again.

Read More...
posted 10 days ago on re/code
Who gets to celebrate with the boss? Facebook CEO Mark Zuckerberg celebrated his 33rd birthday on Sunday, and on Monday his executive team surprised him with a special birthday cake shaped like pieces of meat. That is kinda fun, and bizarre, but even more interesting is the fact that Zuckerberg shared to his Facebook page this photo that includes nearly all of Facebook’s highest-ranking executives in the same place at the same time. It’s pretty rare to see so many top dogs from the company in one spot, so this feels like a good opportunity to look at which Facebookers are in Zuckerberg’s general orbit. Who are these lucky executives celebrating with the boss, and why should you care about them? We have answers. Mark Zuckerberg, birthday boy. Andrea Besmehn, Zuckerberg’s admin and frequent travel companion. It sounds like she was also the mastermind behind this meat cake. Will Cathcart, VP of product management and one of Facebook’s top product executives reporting directly to product boss Chris Cox. Cathcart has been at Facebook for seven years and is responsible for Facebook’s trending product, among other things. Kang-Xing Jin, known internally as “KX,” and another of Facebook’s top product execs; he’s been working on some of Facebook’s new camera features. KX joined Facebook over a decade ago as a software engineer and was a friend of Zuckerberg’s at Harvard before joining the company. Kevin Systrom, CEO of Instagram and avid road cyclist. Deb Liu, Facebook’s VP of platform and marketplace. Liu is credited with helping launch Facebook’s app install ads business, and also leads Facebook’s developer platform and efforts around commerce and payments. Chris Cox, head of all Facebook products and a near 12-year company veteran. If Sheryl Sandberg is Zuckerberg’s right hand, Cox is probably his left. Hiding back there is CFO Dave Wehner, the man responsible for explaining Facebook’s business operations to all those investors anxiously listening in on earnings calls. Caryn Marooney, head of all communications at Facebook and gatekeeper to Mark Zuckerberg’s press availability Mike Schroepfer, Facebook’s CTO and the man overseeing many of Facebook’s more ambitious tech efforts, like its artificial intelligence research and its connectivity projects. David Marcus, head of Facebook Messenger and the former president of PayPal. Naomi Gleit, one of Facebook’s longest-tenured employees and an early product manager on the growth team. She now runs Facebook’s social good products, which includes things like donation buttons on Pages. Jonny Thaw, one of Facebook’s top comms executives running PR for News Feed and product. He’s been at Facebook for seven years. Javier Olivan has been running Facebook’s growth team for the past decade. He’s been mildly successful ... Adam Mosseri, another top product exec at Facebook, now running News Feed. Sheryl Sandberg, Facebook COO who was recently on the Recode Decode podcast. Jay Parikh, Facebook’s VP of engineering and infrastructure who also works on cool tech projects at the company, like its internet beaming drone. Rob Goldman, VP of products for ads and Pages. According to his LinkedIn, Goldman is on a ton of boards. Andrew “Boz” Bosworth, VP of ads and Pages. Boz has been at Facebook more than a decade and also met Zuckerberg at Harvard. He’s still adding to his list of responsibilities. Boz also oversees Facebook’s efforts around local businesses, like food delivery and job postings. Mark Rabkin, VP of engineering for ads. Rabkin has been at Facebook for almost 10 years. Fidji Simo, another top product exec at Facebook. Simo is overseeing lots of Facebook’s video efforts, including live video, and is working with publishers on news products, too. This photograph is not exhaustive, of course. We imagine a few of Zuckerberg’s top lieutenants may have been off doing other things on meat-cake day. A few notable faces missing from this group: Elliot Schrage, VP of public policy and global communications David Fischer, VP of advertising and global operations Dan Rose, VP of partnerships Jan Koum, WhatsApp CEO and Facebook board member Hugo Barra, VP of VR (now running Oculus) Justin Osofsky, VP of global operations and media partnerships Ime Archibong, VP of product partnerships (and frequent Zuckerberg running companion)

Read More...
posted 10 days ago on re/code
Her new political nonprofit, Onward Together, gave a crucial shout-out to Color of Change. One of the most aggressive, vocal antagonists to Silicon Valley’s tech giants has received a big boost from a rather unexpected source: Former Democratic presidential contender Hillary Clinton. On Monday, Clinton revealed her plans for Onward Together, a new nonprofit that seeks to provide more financial ammunition to Democratic candidates and causes. Among the first organizations she plans to back is Color of Change, a liberal-leaning civil rights outfit that has consistently challenged the likes of Google, Microsoft and Uber on everything from their hiring practices to their work with President Donald Trump. In a tweet Monday, Clinton said her efforts through Onward Together are meant to “encourage people to get involved” out of a belief that “citizen engagement is vital to our democracy.” She praised Color of Change in particular because of its track record in “organizing for criminal justice reform, voter freedom, fairness and accuracy in media, and other racial justice issues.” But Color of Change has done much more than that: Last summer, for example, it launched a national campaign against Microsoft, Google and others, hoping to force them to abandon the Republican convention that officially nominated Trump as the party’s presidential candidate. More recently, it has targeted Eventbrite for allowing so-called alt-right leaders, like Richard Spencer, to sell “tickets to events hosted by hate groups.” Going forward, the group’s leader, Rashad Robinson, told Recode he doesn’t plan to lessen his tough scrutiny — and fierce criticism — of the tech industry. “We’ve had a lot of campaigns in the recent year, everything from corporates sponsoring the [Republican] convention to Uber being on the Trump business council, and those type of campaigns will continue,” he said. “We believe it’s important that companies that are saying they want to take us into the future do not have business practices that take us into the past.” For now, Robinson said his group has not received a check from Clinton’s new nonprofit, which previously said it plans to donate to the causes its supports. (Nor, he stressed, has Color of Change asked for cash.) In fact, Robinson said, his team only learned yesterday morning — hours before her tweet — that she supported their organization. Clinton’s praise is nonetheless striking, however, given her own presidential campaign, which devoted considerable time and effort to courting major tech donors. By Election Day, Clinton had raked in more than $6.2 million from internet-related companies, executives and outside groups, according to data compiled by the Center for Responsive Politics. A spokesman for Clinton’s Onward Together did not immediately respond to a request for comment on Tuesday. It is unclear if the nonprofit, which is not required to disclose its donors, has raised any money from those same tech titans. Trump, by contrast, fared far worse with the industry. He raised about $57,000 from internet-related donors, the Center’s data show. Ultimately, his gap in support appeared to be the result of his rhetoric: Often, Trump criticized the leaders of Amazon, Apple and others, and to many in the tech sector, his comments about immigrants, women and other minorities proved to be anathema. To that end, liberal groups like Color of Change spent much of 2016 targeting companies — including tech giants — that sought to boost the Republican candidate’s prospects. The group sent letters and petitions to the likes of AT&T, Adobe, Cisco and Microsoft, for example, urging them to withdraw any planned financial or technical support for the Republican presidential nominating event, held in Cleveland. At Google headquarters, Color of Change also led a small protest — and dispatched a plane to fly a banner above the company — in an attempt to pressure the search giant to #dumpTrump. Ultimately, some of those companies — like Amazon, Google and Microsoft — aided the convention anyway. But the early efforts by Color of Change and its allies helped galvanize opposition to Trump in the liberal-leaning Bay Area, which has continued protesting his presidency — and the tech executives who work with the White House — in the months since the election. This year, Color of Change has cast a wide net. The group targeted Uber CEO Travis Kalanick, for one, after he initially agreed to aid Trump as part of his business advisory council. Kalanick ultimately withdrew from the board before its first meeting, citing the outpouring of opposition from his own employees. Color of Change took similar aim at Elon Musk, the leader of SpaceX and Tesla, in a petition alongside other liberal groups, though Musk remains a regular if informal adviser to Trump. Uber found itself once again in Color of Change’s crosshairs this March, after it released its first-ever diversity report. At the time, the activist group blasted the company’s “workplace culture and business practices” for being “clearly unacceptable.” Before that, Robinson had spent years trying to force Airbnb to make similar changes to its business practices, citing reports of racial discrimination on the home-sharing site. In the day after Clinton’s announcement, Robinson said the group has noticed a “surge in social media and web traffic.” He said, though, even with the help of Onward Together, Color of Change itself would not change. “They have to invest in the mission,” he said, “and our mission continues.”

Read More...
posted 10 days ago on re/code
They’ve filed another amicus brief backing Virginia high school student Gavin Grimm. Apple, eBay, Microsoft, Twitter and a host of other tech giants joined 55 major U.S. businesses in asking a federal appeals court on Tuesday to allow a Virginia high school student to use the restroom that he chooses. For the second time this year, companies offered their legal aid to Gavin Grimm, whose case had been slated to be heard by the Supreme Court in March — until President Donald Trump ended a policy by his predecessor, former President Barack Obama, that essentially prevented schools from discriminating on the basis of gender identity. Given the federal policy change, the Supreme Court at the time changed course and declined to hear the case. It sent the matter back to the Fourth Circuit Court of Appeals for further argument, and it canceled that court’s previous ruling in favor of Grimm, who was born female but identifies as male. For that reason, his fight has to proceed on different legal terms — but on Tuesday, businesses sought to reprise their previous support. In an amicus brief filed with the court on Monday, a total of 59 companies said that a restroom ban “adversely affects [their] businesses, employees and customers, and undermines [companies’] ability to build and maintain the diverse and inclusive workplaces that are essential to the success of their companies.” The companies noted that they employ transgender workers, and some of their workers have transgender children. “Gender identity discrimination is a form of sex discrimination,” they continued in the brief. “Amici respectfully request that the Court consider the business consequences of such discrimination when rendering a decision in this case.” Other backers from the tech industry include Airbnb, Dropbox, Flipboard, IBM, Intel, Pandora, Salesforce, Spotify, Slack and Yahoo.

Read More...
posted 10 days ago on re/code
Instagram has copied yet another popular Snapchat feature. It was only a matter of time. Instagram, Facebook’s most powerful weapon in its battle to destroy Snapchat, is rolling out another popular Snapchat-like feature on Tuesday: Face filters, the augmented-reality camera features that let users turn themselves into dogs or zombies or tacos when taking a selfie. Those filters were first introduced and popularized by Snapchat, which calls them “lenses,” though Facebook acquired technology that does something similar a year ago, and has been slowly rolling it out inside its core Facebook app. But now it’s adding filters to Instagram, which is a big deal because Instagram is Facebook’s best chance to slow Snap’s momentum. (Perhaps it already has.) Instagram, Snapchat Instagram’s new face filters (L) v. Snapchat’s lenses. After Instagram stole Snapchat’s well-liked Stories product back in August, it took less than a year for Instagram Stories users to surpass Snapchat’s entire user base. [Edit: can we remind people of the numbers here? is there a chart we made?] There’s never a great time to have a competitor rip off one of your most popular products, but the timing here for Snap is particularly tough. It’s been less than a week since Snap reported earnings for the first time, a major disappointment for Wall Street investors who were expecting the company to have a bigger business and more dramatic user growth. It seems unlikely that Instagram’s new filters are going to steal away any Snapchat users, but that doesn’t seem to be the point of Facebook’s efforts. Instead, Facebook and Instagram seem content with putting a lid on Snapchat’s potential growth. Copying Snapchat’s best features probably won’t convert many 16-year-olds from Snapchat to Instagram, for example, but it also won’t give many 30-year-olds a reason to try Snapchat, either. Instagram’s new face filters are available worldwide as part of a free app update on iOS and Android.

Read More...
posted 10 days ago on re/code
Plus, cyber security stocks jump in the wake of that global hack attack, and the “Alien” sequel that never was. Donald Trump bragged about highly classified intelligence concerning an Islamic State plot during last week’s Oval Office meeting with the Russian foreign minister and ambassador. The Washington Post, which broke the story, notes that the Trump administration's denial of the story isn't really a denial. [The New York Times] As the Trump administration decides whether to ban laptops on some transatlantic flights, U.S. and European government officials will meet on Wednesday. European regulators have raised safety issues with storing such devices in planes’ cargo holds. [Tony Romm / Recode] Uber sources think executive Ryan Graves and CTO Thuan Pham will be fired as a result of the company's in-house investigation into workplace culture. Meanwhile, Uber can keep building and using its self-driving-car technology as long as former Alphabet/Waymo employee Anthony Levandowski is barred from any work related to the autonomous-car technology called lidar [Johana Bhuiyan / Recode] Valuation of cyber security stocks rose by billions in the wake of last week’s global ransomware attack, which infected 300,000 computers in more than 150 companies. U.S. companies FireEye, Cisco and Symantec were among those seeing a lift. [Lucinda Shen / Fortune] Shares of Snap jumped more than 8 percent after filings showed that several institutional investors had bought shares. Snap went public two weeks ago, and its stock had plunged 23 percent after its first earnings report. Reuters] Walt Disney CEO Bob Iger said hackers threatened to release a new Disney movie unless the studio paid a ransom in bitcoin. Disney is refusing to pay, and is working with federal investigators. Netflix recently experienced a similar exploit, with pirates threatening to release the new season of “Orange Is the New Black.” [Pamela McClintock / The Hollywood Reporter] Bill Gates tweeted up a storm on Monday: He had advice about career paths, success and happiness for the graduating class of 2017. [Megan Farnsworth / Recode] Top stories from Recode Amazon is now worth two Walmarts. On the 20th anniversary of its IPO, Amazon’s market cap stands at $459 billion. Walmart’s? $228 billion. Snap’s new AR ads are for overlaying objects onto stuff that isn’t your face. Snap had a tough earnings call last week. This could help. Google will now go easier on publishers that violate its ad policies. The company plans to discipline more lower-level violations, but consequences will start lower, too. Your data is probably safer with Facebook than with your hospital. So says Stripe CEO Patrick Collison on the latest episode of Recode Decode. This is cool Nerdvana Here’s the secret history of science-fiction author William Gibson’s never-filmed sequel to the “Alien” movie series — the film, which would have been called “Alien III” (David Fincher ended up directing “Alien 3”) was handicapped when Sigourney Weaver said she didn’t want to return as hero Ripley. [Abraham Riesman / Vulture]

Read More...
posted 10 days ago on re/code
Several sources suspect that board member and executive Ryan Graves and CTO Thuan Pham will be fired. Uber’s investigation into former Uber engineer Susan Fowler's claims of sexual harassment and general workplace hostility at the company will conclude by the end of the month. Key executives have come under scrutiny as part of the investigation, according to multiple people familiar with the matter. The two names we've heard time and time again: Board director Ryan Graves and CTO Thuan Pham. Former U.S. Attorney General Eric Holder and his partner, Tammy Albarran, who are leading the investigation, will make their recommendations to CEO Travis Kalanick and the board at the end of May, sources say. It's a tense time for the 12,000 or so employees who are waiting anxiously for the outcome, along with the additional stress of a massive lawsuit. Some employees who have sought positions elsewhere have been turned away because of Uber's win-all, take-all reputation, sources say. The reasons that Graves and Pham may come under pressure are fairly straightforward. During Fowler's tenure, Graves was the head of operations, with human resources falling under him. The head of human resources at the time, Renee Atwood, chafed at having to report to Graves, according to sources. She felt Graves wasn't equipped to handle the department, and she asked to report directly to Kalanick on several occasions. Graves also acted as interim head of HR between the time Atwood left and before Uber hired her replacement, former Google and SoftBank veteran Liane Hornsey. It’s not clear why Atwood left. As the former head of HR, Graves could be held responsible for the way in which Fowler’s allegations of sexual harassment went unchecked in spite of her repeatedly reporting these incidents to her superiors. There was no way that Graves would not have been aware of Fowler’s claims, several sources say. Uber declined to comment for this story. Graves, the company's first employee, has already been demoted twice. He was previously CEO, and then he stepped down from his position as president when Kalanick hired Jeff Jones from Target. Jones left the company in March. Graves was hired almost on a lark. He tweeted at Kalanick for a position and after meeting him briefly, Kalanick decided to bring him on board. He has already been frequently away from the office, sources say, and his absence is unlikely to have a huge impact on the day-to-day operations of the company. Even so, Graves was known as a Kalanick loyalist, one of three key allies on the board, including Garret Camp and Arianna Huffington; though she is a recent addition, Huffington has become a key advisor to the CEO. It's unclear whether Kalanick would be willing to lose Graves's vote, particularly as the ride-hail company continues to navigate rocky waters. That said, Graves and Kalanick’s relationship had begun to fall apart recently, three sources said. Kalanick has less frequently turned to the company’s first employee for help on making decisions the past year. The company could install whomever it hires for the COO position on its board. The role is seen as a means to ameliorate its recent public relations disasters. One source said that it would certainly give off the impression publicly that the COO has real influence in the company. Harder to lose would be Thuan Pham, the company's longtime CTO. In Fowler's account of her year at Uber, she says that she explicitly reported the incidents of sexual harassment directly to Pham when she ran out of clear remedies. Nothing came of her attempts, she wrote. This was confusing for many of those who served under Pham, who is generally well-liked at the company. At a company all-hands meeting in the days after Fowler’s post went viral, Pham called the way the company handled her allegations an “utter failure.” If Pham were let go, he would be the fifth C-level executive to depart since January. Uber’s head of public policy and communications, Rachel Whestone, left of her own accord in April, a month after company president Jones also resigned. VP of engineering Amit Singhal was forced out after the company learned he had been accused of sexual harassment at his previous employer without informing Uber higher-ups. And VP of operations Ed Baker stepped down after employees complained of questionable behavior on his part. Uber has previously trotted Pham out in front of the press to highlight his story as an example of one of their key leaders overcoming adversity. A Vietnamese refugee, Pham joined Uber in 2012 after an eight-year stint at VMware. According to an interview Pham gave GeekWire, he was recruited by Benchmark partner and Uber board member Bill Gurley, who set up a meeting with Kalanick. As a high-profile non-white engineering executive at a company that is under scrutiny for its lack of diversity among its technical employees, and as an important member of its leadership team, Pham’s departure might be harder on company morale. But it would certainly prove that Uber no longer rewards “high performers” in spite of human resources infractions. At most other companies there would be no question that someone would have to be fired or pushed out as a result of a situation similar to Fowler’s. But Uber isn’t most other companies.

Read More...
posted 11 days ago on re/code
The satellite weighs 13,500 pounds. Elon Musk’s interplanetary travel company, SpaceX, is launching another of its Falcon 9 rockets into space Monday night from Kennedy Space Center in Florida. The rocket will carry a massive telecoms satellite for the British company Inmarsat, which will be added to Inmarsat’s network of satellites already in space that beam broadband internet to ships at sea and airplanes that provide in-air Wi-Fi. This particular satellite, the Inmarsat-5 F4, is the one of the largest payloads SpaceX’s Falcon 9 has carried to date. It weighs nearly 13,500 pounds and has solar arrays that stretch out wider than 130 feet, surpassing the wingspan of a Boeing 737 airplane. Its body stands nearly 23 feet tall, about the length of a double-decker bus. Watch the rocket blast off live at 7:21 pm ET tonight right here: Unlike previous launches with the Falcon 9, this time SpaceX isn’t planning to attempt a landing on one of its robotic ships. That’s because the satellite SpaceX is heaving into space tonight is supposed to hit a high orbit over 22,000 miles above Earth’s surface, and that will take a lot of fuel, meaning there won’t likely be enough left to also make a landing upon return. Landing and reusing rockets is core to SpaceX’s mission to one day make space flight more affordable. Rockets are typically too damaged after launching to be used again, and building a new rocket can cost hundreds of millions of dollars. SpaceX is also finally starting to get to its desired pace of sending a rocket into space every two to three weeks. SpaceX president Gwynne Shotwell told Reuters she hoped the company would get to a point where it was launching rockets that regularly in February. Its last rocket launch was two weeks ago, when the Falcon 9 successfully landed after sending a military satellite into space. The next blast off is scheduled for two weeks from now on June 1, when yet another Falcon 9 will venture into space to restock supplies for the International Space Station.

Read More...
posted 11 days ago on re/code
You should probably follow the advice of the richest man in the world. Bill Gates is one of the richest and most successful men in the world; Forbes puts his wealth above $87.5 billion. On Monday, he tweeted out advice to the graduating class of 2017. Needless to say, it’s probably wise to follow his advice, especially his last tweet: “This is an amazing time to be alive. I hope you make the most of it.” 1/ New college grads often ask me for career advice. At the risk of sounding like this guy…https://t.co/C68mjJ5g44— Bill Gates (@BillGates) May 15, 2017 2/ AI, energy, and biosciences are promising fields where you can make a huge impact. It's what I would do if starting out today.— Bill Gates (@BillGates) May 15, 2017 3/ Looking back on when I left college, there are some things I wish I had known.— Bill Gates (@BillGates) May 15, 2017 4/ E.g. Intelligence takes many different forms. It is not one-dimensional. And not as important as I used to think.— Bill Gates (@BillGates) May 15, 2017 5/ I also have one big regret: When I left school, I knew little about the world’s worst inequities. Took me decades to learn.— Bill Gates (@BillGates) May 15, 2017 6/ You know more than I did when I was your age. You can start fighting inequity, whether down the street or around the world, sooner.— Bill Gates (@BillGates) May 15, 2017 7/ Meanwhile, surround yourself with people who challenge you, teach you, and push you to be your best self. As @MelindaGates does for me.— Bill Gates (@BillGates) May 15, 2017 .@melindagates 8/ Like @WarrenBuffett I measure my happiness by whether people close to me are happy and love me, & by the difference I make for others.— Bill Gates (@BillGates) May 15, 2017 .@melindagates @WarrenBuffett 9/ If I could give each of you a graduation present, it would be this--the most inspiring book I've ever read. pic.twitter.com/P67BuvpELJ— Bill Gates (@BillGates) May 15, 2017 .@melindagates @WarrenBuffett 10/ @SAPinker shows how the world is getting better. Sounds crazy, but it’s true. This is the most peaceful time in human history.— Bill Gates (@BillGates) May 15, 2017 .@melindagates @WarrenBuffett @sapinker 11/ That matters because if you think the world is getting better, you want to spread the progress to more people and places.— Bill Gates (@BillGates) May 15, 2017 .@melindagates @WarrenBuffett @sapinker 12/ It doesn’t mean you ignore the serious problems we face. It just means you believe they can be solved.— Bill Gates (@BillGates) May 15, 2017 .@melindagates @WarrenBuffett @sapinker 13/ This is the core of my worldview. It sustains me in tough times and is the reason I love my work. I think it can do same for you.— Bill Gates (@BillGates) May 15, 2017 .@melindagates @WarrenBuffett @sapinker 14/ This is an amazing time to be alive. I hope you make the most of it.— Bill Gates (@BillGates) May 15, 2017

Read More...
posted 11 days ago on re/code
The EU, meanwhile, has raised safety issues with storing large devices in planes’ cargo holds. U.S and European government officials will huddle on Wednesday as the Trump administration decides whether to ban large electronic devices like laptops on some transatlantic flights. At the meeting, the two sides will “assess any new threats and work towards a common approach to address them,” an EU official said at a press conference today. Beginning in March, the U.S. Department of Homeland Security prohibited cameras, DVD players, tablets and other devices larger than a smartphone from the cabins of flights headed to the United States from airports in North Africa and the Middle East. At the time, U.S. officials cited fears that terrorists could turn those tech tools into bombs — so they required passengers to check them in their luggage. But DHS in recent weeks has contemplated expanding that ban to include countries in Europe, potentially even the United Kingdom. Asked about the potential policy change last week, a spokesman for the U.S. government’s travel agency stressed to Recode that “no final decisions have been made,” but confirmed the idea “is under consideration.” “DHS continues to evaluate the threat environment and will make changes when necessary to keep air travelers safe,” the spokesman added. For its part, Europe’s aviation regulators last month raised safety issues with storing devices — many of which contain lithium-ion batteries — in planes’ cargo holds. For one thing, they said, flight attendants wouldn’t be able to “react quickly” to address potential incidents, including fires caused by “spontaneous combustion.”

Read More...
posted 11 days ago on re/code
Snap had a tough earnings call last week. This could help. Snapchat is rolling out a new augmented reality ad unit that lets marketers pay so that users can see images or words overlaid on the world around them through their phone’s camera. It’s similar to the face-distorting filter ads that Snapchat sells, like when Taco Bell paid so that users could turn their faces into tacos. These new ads, called “Sponsored World Lenses,” are not specific to taking selfies and work with the phone’s outward-facing camera. Snapchat Warner Brothers is Snap’s first advertiser for the new unit, promoting its new upcoming movie “Everything, Everything.” Snap says Netflix and Dunkin Donuts will run these ads soon. Snap argued last week on its first earnings call that the company is going to succeed through creativity and quality products, not massive scale. Launching new ad formats that marketers can’t find on other networks like Facebook or Twitter falls into that quality argument. Snap missed Wall Street revenue estimates in its first test as a public company last week. New ad units — which theoretically means more money — can’t hurt. Snap is also rolling out a few additional ad updates on Monday, including the ability to target the face-distorting “Lenses.” U.S. advertisers can now pay to get those lenses in front of users based on age, gender or the content they watch in Snapchat’s Discover section. Previously those ads were sold nationwide.

Read More...
posted 11 days ago on re/code
In a move that formalizes Anthony Levandowski’s recusal, a judge granted Alphabet a partial injunction in its case against Uber. A judge in Alphabet’s case against Uber has determined that the ride-hail company can continue operating its autonomous efforts as is so long as Anthony Levandowski, the executive at the center of the suit, is barred from any and all work related to the radar in question. This simply formalizes Levandowski’s decision to voluntarily recuse himself from all work on lidar — the specific type of radar Alphabet claims he stole the designs for — ahead of the injunction hearing. However, Uber will now face legal ramifications if Levandowski violates this court order. The court will appoint a “special master” to review and monitor communications and operations to ensure Levandowski is truly removed from all lidar work. The court order reads: The bottom line is the evidence indicates that Uber hired Levandowski even though it knew or should have known that he possessed over 14,000 confidential Waymo files likely containing Waymo’s intellectual property; that at least some information from those files, if not the files themselves, has seeped into Uber’s own LiDAR development efforts. As part of its bid for an injunction, Alphabet asked that the court order Uber to stop using any and all technology that included allegedly stolen trade secrets in developing its driverless cars. Uber made clear that none of its semi-autonomous cars on the road today use its in-house radars, so regardless of what the judge’s decision ended up being, it’s not likely the company would have had to stop operating the cars on the road. The judge also said that Alphabet “overreached” when it asked for protection of 121 of what it believed qualified as trade secrets. “General approaches dictated by well-known principles of physics, however, are not ‘secret,’ since they consist essentially of general engineering principles that are simply part of the intellectual equipment of technical employees,” Judge William Alsup wrote. As part of this partial injunction, Uber must account for any and all conversations — written or oral — that Levandowski had with any company employee discussing or related to the radar Alphabet claims he stole. Importantly, Alphabet’s legal counsel and an expert will also be able to inspect any and all of Uber’s current work with this specific type of lidar radar, regardless of whether that results in a prototype. This is part of what is called “expedited discovery,” which the judge granted Alphabet so that the company could ask for additional preliminary relief or other additions to the injunction. Alphabet has also been granted depositions of seven more Uber employees. Alphabet is suing Uber for stealing proprietary information, claiming Levandowski downloaded 14,000 files before leaving Alphabet to start a new autonomous company that the ride-hail company eventually acquired. “Competition should be fueled by innovation in the labs and on the roads, not through unlawful actions,” a Waymo spokesperson said. “We welcome the order to prohibit Uber’s use of stolen documents containing trade secrets developed by Waymo through years of research, and to formally bar Mr Levandowski from working on the technology. The court has also granted Waymo expedited discovery and we will use this to further protect our work and hold Uber fully responsible for its misconduct.” In a statement, Uber said: “We are pleased with the court’s ruling that Uber can continue building and utilizing all of its self-driving technology, including our innovation around LiDAR. We look forward to moving toward trial and continuing to demonstrate that our technology has been built independently from the ground up.”

Read More...
posted 11 days ago on re/code
So says Stripe CEO Patrick Collison on the latest episode of Recode Decode. The online payments company Stripe has a new head of security, Peiter Zatko — and it’s worth noting that Zatko and another recently hired security expert, Jon Kaltwasser, used to work for DARPA and the NSA, respectively. “Having both Peiter and Jon join, part of what makes us so glad they’re here, is that they have such extensive experience seeing the most advanced adversaries in the world,” Stripe CEO Patrick Collison said on the latest episode of Recode Decode, hosted by Kara Swisher. “Nation-states have been some of the most active attackers over the past couple of years; having people who’ve been on the defense side of that is powerful.” Collison made those remarks in an interview we recorded before the massive ransomware attack last week that crippled large numbers of hospitals and businesses across Europe. And he presciently observed that those targets were sitting ducks. “I think the broader public should be worried about legacy systems,” he said. “I, too, am also a consumer, and my personal data resides in all sorts of systems — not just financial systems. Health care, communications, the phone system, what have you. And I think, just speaking personally as a consumer, I feel pretty good about the information I have that resides with Facebook, with Google, with these technology companies.” You can listen to Recode Decode on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud. Collison went on to say that companies like Facebook and Google are savvy enough to “understand the threats,” but that their biggest strength is being young organizations. “They don’t have these enormous, impossible-to-comprehend systems from 1970, that have points of connection that someone forgot about,” he said. “Or [they’re not] using encryption technologies that were broken 20 years ago, but no one has had the chance to go upgrade yet.” Last week’s cyber attack, which made around 75,000 computers unusable unless their owners paid a $300 ransom to unlock them, was linked directly to old versions of Windows XP, which Microsoft had stopped supporting. As Microsoft Chief Legal Officer Brad Smith noted in a blog post Sunday, the exploit was “stolen from the National Security Agency,” one of many such vulnerabilities the NSA had knowledge of. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith wrote. “And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today — nation-state action and organized criminal action.” On the new podcast, Collison said he believed a “legacy system” like those affected in Europe would be the most likely danger to his private data. “I assume that when my information — if my information is breached, as part of some hacking, it’ll be from some 20- or 30-year-old corporation that hasn’t kept pace with the broader industry,” he said. “The fixed costs of this investment are large; many small companies just can’t afford to make the investment. If you do not have a big security team, there are too many things to do.” “The second thing to care about is, ‘Are they a modern technology company?’” he added. “If they aren’t, if they have systems from 40 years ago — and no one will say this on the record, of course. But if you talk to anyone off the record who’s dealing with technology systems that have been around for 40 years, it is almost impossible to make it truly secure.” If you like this show, you should also sample our other podcasts: Recode Media with Peter Kafka features no-nonsense conversations with the smartest and most interesting people in the media world, with new episodes every Thursday. Use these links to subscribe on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud. Too Embarrassed to Ask, hosted by Kara Swisher and The Verge's Lauren Goode, answers the tech questions sent in by our readers and listeners. You can hear new episodes every Friday on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud. And Recode Replay has all the audio from our live events, including the Code Conference, Code Media and the Code Commerce Series. Subscribe today on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn and Stitcher. If you like what we’re doing, please write a review on Apple Podcasts — and if you don’t, just tweet-strafe Kara.

Read More...
posted 11 days ago on re/code
Plus, a techie for California governor? And the guiltiest pleasure. Lyft and Waymo are working together on self-driving cars, via pilot projects and product development efforts, The deal has competitive implications for Uber, which is being sued by Waymo’s parent company, Alphabet, over trade secrets. Reminder: Alphabet is also an Uber investor. [Johana Bhuiyan and Tess Townsend / Recode] Twenty years ago today, a money-losing online bookstore went public in an IPO that valued it at a modest $438 million. Today that little startup — you know it as Amazon — is worth nearly $460 billion. Here’s Amazon’s run explained in five charts. [Jason Del Rey / Recode] Y Combinator president Sam Altman may run for governor of California as soon as 2018, according to former San Francisco mayor Willie Brown. Altman, 32, had previously told "Vice News Tonight" that he wanted to see a techie run for governor, but didn’t see himself in office. [Tess Townsend / Recode] Hillary Rodham Clinton is coming to the Code Conference, where she will be interviewed onstage by Kara Swisher and Walt Mossberg This will be one of Clinton’s first major public appearances since the 2016 election; she is joining a stellar roster of speakers. [Kara Swisher / Recode] The global cyberattack that began on Friday is likely to worsen in a second wave of ransomware. The U.S. was largely unaffected, and the massive attack was stopped Friday night, but hackers revised the computer worm over the weekend — this time without a killswitch in the code. [The New York Times] Google has outmaneuvered Apple and Microsoft in a five-year race for dominance in U.S. classrooms, with low-cost Chromebooks and free apps like Classroom, Docs and Gmail used by more than 30 million children. [Natasha Singer / The New York Times] Lots of people like to watch videos of other people playing video games and making food. NBCUniversal is betting that how-to videos of arts and crafts will be a moneymaking business, too. It bought Craftsy, a seven-year-old Denver-based startup, for $230 million. [Jason Del Rey / Recode] America's immigration policies are hurting startups, says Stripe CEO Patrick Collison on the latest episode of Recode Decode, hosted by Kara Swisher. Collison and his brother John were born in Ireland, and founded the online payments platform — now valued at more than $9 billion — while they were students at MIT and Harvard. [Eric Johnson / Recode]Top stories from Recode The "Blade Runner 2049" trailer offers a glimpse into our techtopian future. Oh good, humans are now genetically engineered in plastic bags. Google has bigger challenges with Home than just recognizing different voices. Okay Google, how are you going to make money with this? Sheryl Sandberg and other Silicon Valley daughters and sons recognize their moms on Mother's Day. Tech execs share their thoughts on the women who raised them. Watch this "SNL" skit about an Amazon Echo Silver for senior citizens. You can buy it with a check or money order. Three things we learned from Snap’s no good, very bad week. Snap’s stock was down 17 percent after a tough first earnings report. This is cool The guiltiest pleasure A private terminal for the mega-rich at Los Angeles International Airport features video screens that show pampered passengers the world of pain they’re missing in the main terminal. [Rory Carroll / The Guardian]

Read More...
posted 11 days ago on re/code
Collison says the U.S. has all but destroyed the conditions that led to a flurry of innovation in Silicon Valley. How America welcomes — or doesn’t — outsiders who want to work for American companies is “an even bigger deal than we think,” Stripe CEO Patrick Collison says. Speaking on the latest episode of Recode Decode, hosted by Kara Swisher, he declaimed against the “needless barriers in the way” of the U.S. remaining a destination for immigrants. Collison and his brother/co-founder John were born in Ireland, but founded Stripe, an online payments platform now valued at more than $9 billion, while they were students at MIT and Harvard, respectively. “The insane, crazy benefit — the tailwind that the U.S. has, for decades and decades, gained from — is the fact that we are the preeminent destination for high-potential people all around the world,” Collison said. “It’s at multiple stages in their careers: The universities are the best in the world, so people want to study here and come here for that, and then the companies are among the most innovative companies in the world, and they want to hire the best people in the world.” “Broadly speaking, the U.S. has not quite done its best to undermine that, but all but,” he added. “To the extent that universities can help students come here, or that companies can enable the best and brightest to move here, it is ‘despite’ rather than ‘because of’ U.S. immigration policy.” You can listen to Recode Decode on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud. On the new podcast, Collison also criticized land and housing policies in the San Francisco Bay Area that have made it harder for people to live and work in the heart of America’s tech scene. “Here in Silicon Valley, it’s almost like there was a devious spy who got here 30 or 40 years ago and was charged with the mission, ‘There’s too much innovation happening in Silicon Valley and San Francisco, how do you undermine it?’” Collison said. He said most people forget that zoning laws are a product of the second half of the 20th century, and that before then, the cost of new housing was roughly equivalent to the cost of construction. “This is not how American cities have worked for the vast majority of their history,” Collison said. “When you look back at American history, in the periods of growth in Chicago in the early 20th century and so on, they did not see the housing price increases that we are seeing in the Bay Area today. We are doing something historically unprecedented, deliberately doing our best to asphyxiate this growth.” “I think it has a kind of symmetry to the immigration stuff,” he added. “Immigration policy prevents foreigners from coming here. And housing policy prevents Americans from coming here. We’re doing everything we can to make sure the spoils and the gains accrue to the existing landowners.” If you like this show, you should also sample our other podcasts: Recode Media with Peter Kafka features no-nonsense conversations with the smartest and most interesting people in the media world, with new episodes every Thursday. Use these links to subscribe on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud. Too Embarrassed to Ask, hosted by Kara Swisher and The Verge's Lauren Goode, answers the tech questions sent in by our readers and listeners. You can hear new episodes every Friday on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud. And Recode Replay has all the audio from our live events, including the Code Conference, Code Media and the Code Commerce Series. Subscribe today on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn and Stitcher. If you like what we’re doing, please write a review on Apple Podcasts — and if you don’t, just tweet-strafe Kara.

Read More...
posted 11 days ago on re/code
On the 20th anniversary of its IPO, Amazon’s market cap stands at $459 billion. Walmart’s? $228 billion. It took Amazon 18 years as a public company to catch Walmart in market value. It took less than another two years for Amazon to be worth twice as much. On the 20th anniversary of Amazon’s IPO, Amazon’s market cap stands at $459 billion before the market opens for trading. Walmart’s? $228 billion. Walmart has well more than three times Amazon’s annual revenue, and five times its net income. But Jeff Bezos and Amazon have sold a vision of revenue growth over huge net income figures — and Wall Street has largely bought in. With that freedom, Amazon has continued to consistently grow its revenue north of 20 percent, while pumping cash into big new business areas like AWS — which some have estimated is already worth $160 billion — and the Alexa voice computing platform. For Amazon’s next act, it’s taking on Walmart on its own turf: Brick-and-mortar retail.

Read More...