Since the dawn of the internet, the titans of this industry have fought to win the “starting point” — the place that users start their online experiences. In other words, the place where they begin “browsing.” The advent of the dial-up era had America Online mailing a CD to every home in America, which passed the baton to Yahoo’s categorical listings, which was swallowed by Google’s indexing of the world’s information — winning the “starting point” was everything.
As the mobile revolution continues to explode across the world, the battle for the starting point has intensified. For a period of time, people believed it would be the hardware, then it became clear that the software mattered most. Then conversation shifted to a debate between operating systems (Android or iOS) and moved on to social properties and messaging apps, where people were spending most of their time. Today, my belief is we’re hovering somewhere between apps and operating systems. That being said, the interface layer will always be evolving.
The starting point, just like a rocket’s launchpad, is only important because of what comes after. The battle to win that coveted position, although often disguised as many other things, is really a battle to become the starting point of commerce.
Google’s philosophy includes a commitment to get users “off their page” as quickly as possible…to get that user to form a habit and come back to their starting point. The real (yet somewhat veiled) goal, in my opinion, is to get users to search and find the things they want to buy.
Facebook, on the other hand, has become a starting point through its monopolization of users’ time, attention and data. Through this effort, it’s developed an advertising business that shatters records quarter after quarter.
Google and Facebook, this famed duopoly, represent 89 percent of new advertising spending in 2017. Their dominance is unrivaled… for now.
Change is urgently being demanded by market forces — shifts in consumer habits, intolerable rising costs to advertisers and through a nearly universal dissatisfaction with the advertising models that have dominated (plagued) the U.S. digital economy. All of which is being accelerated by mobile. Terrible experiences for users still persist in our online experiences, deliver low efficacy for advertisers and fraud is rampant. The march away from the glut of advertising excess may be most symbolically seen in the explosion of ad blockers. Further evidence of the “need for a correction of this broken industry” is Oracle’s willingness to pay $850 million for a company that polices ads (probably the best entrepreneurs I know ran this company, so no surprise).
As an entrepreneur, my job is to predict the future. When reflecting on what I’ve learned thus far in my journey, it’s become clear that two truths can guide us in making smarter decisions about our digital future:
Every day, retailers, advertisers, brands and marketers get smarter. This means that every day, they will push the platforms, their partners and the places they rely on for users to be more “performance driven.” More transactional.
Paying for views, bots (Russian or otherwise) or anything other than “dollars” will become less and less popular over time. It’s no secret that Amazon, the world’s most powerful company (imho), relies so heavily on its Associates Program (its home-built partnership and affiliate platform). This channel is the highest performing form of paid acquisition that retailers have, and in fact, it’s rumored that the success of Amazon’s affiliate program led to the development of AWS due to large spikes in partner traffic.
When thinking about our digital future, look down and look east. Look down and admire your phone — this will serve as your portal to the digital world for the next decade, and our dependence will only continue to grow. The explosive adoption of this form factor is continuing to outpace any technological trend in history.
Now, look east and recognize that what happens in China will happen here, in the West, eventually. The Chinese market skipped the PC-driven digital revolution — and adopted the digital era via the smartphone. Some really smart investors have built strategies around this thesis and have quietly been reaping rewards due to their clairvoyance.
China has historically been categorized as a market full of knock-offs and copycats — but times have changed. Some of the world’s largest and most innovative companies have come out of China over the past decade. The entrepreneurial work ethic in China (as praised recently by arguably the world’s greatest investor, Michael Moritz), the speed of innovation and the ability to quickly scale and reach meaningful populations have caused Chinese companies to leapfrog the market cap of many of their U.S. counterparts.
The most interesting component of the Chinese digital economy’s growth is that it is fundamentally more “pure” than the U.S. market’s. I say this because the Chinese market is inherently “transactional.” As Andreessen Horowitz writes, WeChat, China’s most valuable company, has become the “starting point” and hub for all user actions. Their revenue diversity is much more “Amazon” than “Google” or “Facebook” — it’s much more pure. They make money off the transactions driven from their platform, and advertising is far less important in their strategy.
The obsession with replicating WeChat took the tech industry by storm two years ago — and for some misplaced reason, everyone thought we needed to build messaging bots to compete.
What shouldn’t be lost is our obsession with the purity and power of the business models being created in China. The fabric that binds the Chinese digital economy and has fostered its seemingly boundless growth is the magic combination of commerce and mobile. Singles Day, the Chinese version of Black Friday, drove $25 billion in sales on Alibaba — 90 percent of which were on mobile.
The lesson we’ve learned thus far in both the U.S. and in China is that “consumers spending money” creates the most durable consumer businesses. Google, putting aside all its moonshots and heroic mission statements, is a “starting point” powered by a shopping engine. If you disagree, look at where their revenue comes from…
Google’s recent announcement of Shopping Actions and their movement to a “pay per transaction model” signals a turning point that could forever change the landscape of the digital economy.
Google’s multi-front battle against Apple, Facebook and Amazon is weighted. Amazon is the most threatening. It’s the most durable business of the four — and its model is unbounded on two fronts that almost everyone I know would bet their future on, 1) people buying more online, where Amazon makes a disproportionate amount of every dollar spent, and 2) companies needing more cloud computing power (more servers), where Amazon makes a disproportionate amount of every dollar spent.
To add insult to injury, Amazon is threatening Google by becoming a starting point itself — 55 percent of product searches now originate at Amazon, up from 30 percent just a year ago.
Google, recognizing consumer behavior was changing in mobile (less searching) and the inferiority of their model when compared to the durability and growth prospects of Amazon, needed to respond. Google needed a model that supported boundless growth and one that created a “win-win” for its advertising partners — one that resembled Amazon’s relationship with its merchants — not one that continued to increase costs to retailers while capitalizing on their monopolization of search traffic.
Google knows that with its position as the starting point — with Google.com, Google Apps and Android — it has to become a part of the transaction to prevail in the long term. With users in mobile demanding fewer ads and more utility (demanding experiences that look and feel a lot more like what has prevailed in China), Google has every reason in the world to look down and to look east — to become a part of the transaction — to take its piece.
A collision course for Google and the retailers it relies upon for revenue was on the horizon. Search activity per user was declining in mobile and user acquisition costs were growing quarter over quarter. Businesses are repeatedly failing to compete with Amazon, and unless Google could create an economically viable growth model for retailers, no one would stand a chance against the commerce juggernaut — not the retailers nor Google itself.
As I’ve believed for a long time, becoming a part of the transaction is the most favorable business model for all parties; sources of traffic make money when retailers sell things, and, most importantly, this only happens when users find the things they want.
Shopping Actions is Google’s first ambitious step to satisfy all three parties — businesses and business models all over the world will feel this impact.
Good work, Sundar.
As Lydia Polgreen sees it, society is currently divided into media haves and have nots, and it’s important for HuffPost to remain mostly free for its readers so that it can serve a group that mostly consumes content for free.
In a wide-ranging conversation covering the role of consolidation in the current media marketplace and platforms that have performed the best for HuffPost, Polgreen was most emphatic on the need for free or low-cost content online.
“I am very committed to the idea of free to no-cost consumer news,” Polgreen told Recode’s Kara Swisher and Peter Kafka onstage at the Code Media conference in Huntington Beach, Calif. “One of the reasons I wanted to take this job was what I saw as the stratification of society into media haves and have nots.”
One way to support that independence is to have the big corporate parent that HuffPost enjoys in Verizon (also the owner of TechCrunch through its acquisition and merger of AOL and Yahoo into Oath).
“Any content company has to be thinking about the fact that all content consumption is converging on mobile devices. In 2018 probably the best owner you can have is a phone company,” Polgreen says.
Polgreen said that Verizon hasn’t interfered in the creation of stories, which was her biggest concern when joining the organization. “Our journalistic independence has been intact,” Polgreen says. “Looking ahead at a world in which the device we’re getting our content also is owned by the people making that content, there are real questions around free speech and net neutrality.”
News, it turns out, occupies a central place in the media landscape and in Verizon’s approach to content online. “News is the dial tone of media,” Polgreen quoted one of our bosses as saying.
Increasingly that dial tone is being accessed on different platforms, which Polgreen also had some strong thoughts on. For her, Facebook’s declining importance has been counterbalanced by rising new distribution sources like Apple News and Google Amp.
“Like most publishers who are creating original content,” says Polgreen, “we’ve seen a significant decline in traffic coming from Facebook. For us, Apple News is a more important platform.”
Beyond that, Facebook doesn’t have the best history of being a great partner. “Facebook from a monetization perspective and as a place for us to connect with our audience has not necessarily been a reliable partner,” says Polgreen. “We’ve sought out other ways we can connect with our audience in meaningful ways. [But] we have invested heavily in community pages.”
As HuffPost expands, Polgreen does have three areas on her wish list that she’d like to invest more heavily in. Those areas — investigative journalism, service journalism and great video platforms — represent strategic goals where the site hasn’t had a tradition of strength (outside of service journalism).
In this episode of Technotopia I talk to Jeremy Ring, a former Florida state senator and author of We Were Yahoo!, a meditation on his career as one of the first employees at Yahoo . Ring has a lot to say about the search giant – including plenty of complaints about how things were run over the years – and some insights into technology and modern politics.
His book is available now and it’s a fascinating look at some of the first steps and missteps he saw while working in the red-hot dot-com bubble.
[protected-iframe id=”74b0915d64014acdf30f50d078abdc2e-24588526-12084649″ info=”//embeds.audioboom.com/posts/6633805-former-state-senator-jeremy-ring-talks-about-politics-and-yahoo/embed/v4?eid=AQAAAJCTgVpNOWUA” width=”100%” height=”300″ frameborder=”0″ style=”background-color:transparent; display:block; padding: 0; max-width: 700px;” scrolling=”no”]
[protected-iframe id=”3d101d7ca4052d9495155dd478007fef-24588526-321129″ info=”https://www.yahoo .com/markets-summit-crypto-213249996.html?format=embed®ion=US&lang=en-US&site=finance&player_autoplay=true” width=”640″ height=”360″ frameborder=”0″]
The Yahoo Finance All Markets Summit: Crypto will examine the growing market and investor interest in crypto and the technology behind it. Specifically, where are these digital assets heading, and how can everyday investors buy in safely? From bitcoin and blockchain to ethereum and ICOs, we’ll discuss crypto investing with CEOs, engineers, policy makers and legal experts. Watch the live stream on the player above beginning at 9 a.m. ET.
Yahoo Finance today launched a new app called Tanda that allows small groups of either five or nine people to save money together for short-term goals. The app uses the concept of a “money pool” – that is, everyone participating in one Tanda’s collaborative savings circles will pay a fixed amount to the group’s savings pot every month. And every month, one member gets to take home the full pot.
But Tanda is not a gambling app. That is, users are not contributing in the hopes of “winning” the pot of money – everyone in the savings circle gets a chance to take home the full pot at some point.
The app is based on the age-old “rotating savings and credit associations” (ROSCA) concept, which pushes people to save through the use of collective pressure.
In other words, while it’s true that you could just set aside a set a fixed amount of money on your own, Tanda’s makes saving a more collaborative and social construct.
The other difference between saving in Tanda and saving on your own is how the app handles payouts. The first two people to receive their money pay a fee, but the last payout position receives a 2 percent cash bonus. This rewards users who are willing to wait to receive their turn at the pot, though some will want higher positions in order to get the large payout sooner.
A higher position is obviously more desirable if you have a more immediate need for the funds – like buying books for school or replacing a dead laptop, for example. Of course, you still have to pay into Tanda to take money out, so it’s not a direct replacement for a credit card. But, with some planning, it could used as an alternative to charging larger purchases.[gallery ids="1588800,1588801,1588802,1588803,1588799,1588798"]
As a user participates in Tanda by making contributions, their “Tanda score” increases. With higher scores, the user gains access to higher value savings circles and earlier payout positions. These savings circles can reach up to $2,000.
And if someone drops out, Tanda will step in to cover their positions.
Tanda is also working with its partner Dwolla to vet users before they can begin saving, the company says. Users will be required to submit a valid ID and have a U.S. bank account.
Yahoo says that the app is designed to help individuals achieve their financial goals without racking up more debt.
The company hopes this will allow Tanda to attract a millennial audience, which is already drawn to social apps in the finance space, like Venmo. In addition, this younger demographic is facing a variety of financial struggles, like higher costs of living, difficulties in finding work, and they often struggle to save on their own.
“Thirteen months ago, a national outlet reported 46 percent of our nation can’t come up with a $400 emergency expense,” Simon Khalaf, Head of Media Business & Products, told TechCrunch, when explaining why the company wanted to develop this app.
(The figure he’s citing comes from this 2016 Federal Reserve survey of more than 5,000 Americans about their financial situation. According to its findings, approximately 46 percent of Americans said they would not be able to come up with $400 in an emergency situation.)
“This inspired us to start building Tanda, a mobile world version of a centuries old
community savings tool that we hope provides a solution to many,” Khalaf explained.
The new app is being released under the Yahoo Finance brand.
Yahoo, like (disclosure!) TechCrunch parent company AOL, combined to form Oath, which is now owned by Verizon. But Yahoo continues to maintain its own app store presence through apps like Yahoo Finance, Yahoo Weather, Yahoo Newsroom, Yahoo Sports, Yahoo Fantasy Football, Yahoo Mail, and many others.
Verizon will no longer be the exclusive U.S. mobile carrier for watching NFL games on smartphones and tablets. According to an announcement this morning, the company – and TechCrunch’s parent, by way of Oath – says that it has closed a new deal with the National Football League that will allow it to stream live games to fans regardless of mobile network.
The deal includes in-market and national games, including national pre-season, regular season, playoff games, and the Super Bowl nationwide. It doesn’t include the Sunday afternoon out-of-market games, which AT&T’s DirecTV has through the end of the 2022-23 season.
However, thanks to the new deal, nearly all NFL games will now be available across a number of digital and media platforms, including Yahoo, Yahoo Sports, AOL, Verizon’s g90 streaming app, and the NFL mobile app.
In addition to the live games themselves, the new agreement will also include NFL highlights and other weekly content, plus jointly developed original content.
The full deal goes into effect in the 2018-19 season, but some NFL postseason games will hit Yahoo, Yahoo Sports, go90 and the NFL Mobile app in January, 2018.
Verizon says its combination of digital and mobile properties reach over 200 million monthly unique users in the U.S. – an increased reach for the NFL, while also serving as a way for Verizon to better take advantage of the platforms it acquired via AOL and Yahoo (the combination that’s now called Oath).
And notably, the NFL is paying more for that expanded reach, too, according to reports. Recode’s sources say the new deal will cost Verizon over $1.5 billion over five years. The WSJ says the deal is worth more than $2 billion, and that Verizon’s annual rights and sponsorship fee to the NFL will rise from its current $250 million to more than $450 million.
Verizon says that it will continue to be an Official Sponsor of the NFL, and is also working with NFL teams on Smart Stadium technology to improve stadium operations.
The move comes at a time when the NFL, along with other sports leagues, are trying to reach the new, younger audience who often don’t watch live sports through traditional pay TV. The cord cutters and “cord nevers” instead turn to over-the-top streaming services like Sling TV to catch sports on ESPN, for example, or they might hook up a digital antenna for local channels. Some streaming services are even betting on the fact that many would prefer to pay less for access to TV by removing the costly channels carrying live sports, as is the case with newcomer Philo.
Meanwhile, social media platforms like Facebook and Twitter are also trying to snag some of that sports action for themselves. Facebook, for instance, did a deal with the NFL earlier this year to distribute highlights and recaps. Other big tech companies are vying for NFL games, too, like Amazon, which paid $50 million to stream 10 games for Prime members.
“We’re making a commitment to fans for Verizon’s family of media properties to become the mobile destination for live sports,” said Lowell McAdam, Chairman and CEO of Verizon Communications, in a statement. “The NFL is a great partner for us and we are excited to take its premier content across a massive mobile scale so viewers can enjoy live football and other original NFL content where and how they want it. We believe that partnerships like this are a win for fans, but also for partners and advertisers looking for a mobile-first experience,” he said.
Firefox’s default search engine has become the subject of a hotly contested legal battle, a few weeks after Mozilla announced it would be moving from Yahoo to Google. Yahoo’s new parent Oath filed a complaint against Mozilla in a California court on December 1, alleging a breach of contract. Now Mozilla has filed a counter complaint, stating that the switch back was in line with a deal struck between the two companies.
Sounds like a small thing, sure, but we’re talking hundreds of millions of dollars here. Back in 2014, Yahoo struck a deal that would make its search engine the default for Mozilla’s popular, if struggling, browser, to the tune of $375 million a year.
Details of the deal were only made public last year, as CEO Marissa Mayer’s time at the company came under the microscope while it prepared to sell itself to Verizon. For its many faults, the Verizon deal went through, of course, forming Oath in the process (the Yahoo/AOL hybrid under which TechCrunch resides). Along with it, Verizon inherited an annual payment of $375 million through 2019.
Not a bad deal for Mozilla, especially when one considers this little gem: Yahoo (or whoever owns Yahoo) is obligated to continue payments, even if Mozilla were to, say, drop the search engine as its default. Mozilla was given a contractual right to terminate the agreement, if Yahoo was found unacceptable for some reason.
That precise thing occurred just a few weeks back, as the company launched its new Quantum browser, switching back to Google in the process. The latest version of Firefox has been warmly regarded by many as a return to form for a company that had previously been lost in the woods, rapidly losing marketshare to Chrome in the process. Naturally, Oath/Yahoo want a piece of that action.
In yesterday’s counter-complaint, Mozilla explains that it took another long look at the deal post-Verizon acquisition and was no longer in love with its choice of Yahoo as the default engine.
“Immediately following Yahoo’s acquisition, we undertook a lengthy, multi-month process to seek assurances from Yahoo and its acquirers with respect to those factors,” the company explained in a blog post yesterday. “When it became clear that continuing to use Yahoo as our default search provider would have a negative impact on all of the above, we exercised our contractual right to terminate the agreement and entered into an agreement with another provider.”
Oath has not yet issued an official response to Mozilla’s official response.
A Canadian citizen has pleaded guilty to aiding Russian intelligence officers in a 2014 hack of Yahoo that exposed as many as 500 million accounts. The defendant, 22-year-old Karim Baratov, is the only arrest to come out of the Yahoo hack as the three other individuals facing charges live in Russia, which obviously has no interest in extraditing them to the United States.
Prosecutors have stated that two of those charged are officers in Russia’s spy agency, the FSB, while the other is known Russian hacker Alexsey Belan. They believe that FSB officers Dmitry Dokuchaev and Igor Sushchin directed the hack and contracted Baratov when their targets used email accounts outside of Yahoo’s system. The summary issued by the Northern District of California’s U.S. Attorney’s Office details the scope of these charges:
According to his plea agreement, Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts’ passwords to Dokuchaev in exchange for money. As alleged in the indictment, Dokuchaev, Sushchin, and Belan compromised Yahoo’s network and gained the ability to access Yahoo accounts. When they desired access to individual webmail accounts at a number of other internet service providers, such as Google and Yandex (based in Russia), Dokuchaev tasked Baratov to compromise such accounts.
According to his testimony, Baratov placed ads for his services on Russian-language websites. Once contracted, he gained access to his victims’ accounts by spearphishing them with faked correspondences designed to appear as though they were sent from the relevant email host.
Baratov pleaded guilty to one count of conspiring to violate the Computer Fraud and Abuse Act and eight counts of aggravated identity theft.
Verizon has initiated another round of layoffs as a result of its acquisition of Yahoo and subsequent combining of the company with its existing business property AOL to form a new division — called Oath, led by CEO Tim Armstrong. (Reminder: TechCrunch was owned by AOL which makes Oath our new parent company too.)
We understand the latest job cuts affect less than four per cent of Oath staff globally — which suggests fewer than 560 jobs are being cut in this round as it’s also our understanding that Oath has in the region of 14,000 staff globally at this point.
As well as being spread across the division’s global footprint, the job cuts affect different Oath business units — including ad sales, engineering and product development.
Yesterday Business Insider also reported that editorial staff had been affected at Oath’s UK business.
Adding in the latest round of layoffs, it looks like ~2,600 jobs have been lost so far as Verizon works to integrate the two businesses and merge their respective company cultures and media brands into a single, streamlined unit. No small task, clearly.
Asked for comment on the latest layoffs at Oath, a spokesperson provided the following statement:
Oath’s strategy is to build brands one billion users around the world love. We’re about four months post-close of Verizon’s acquisition of Yahoo, and we’ve made these changes to our team to further align our global organization to our 2018 roadmap. Oath remains committed to building a company talent loves and we continue to hire across our priority business units.
With the launch of Firefox Quantum, Mozilla released what’s probably the most important update to its browser in recent years. It’s faster, lighter and you should give it a try. And as you do so, you’ll notice another change: Google is now the default search engine again — at least if you live in the U.S., Canada, Hong Kong and Taiwan.
In 2014, Mozilla struck a deal with Yahoo to make it the default search engine provider for users in the U.S., with Google, Bing, DuckDuckGo and others as options. While it was a small change, it was part of a number of moves that turned users against Firefox because it didn’t always feel as if Mozilla had the user’s best interests in mind. Firefox Quantum (aka, Firefox 57), is the company’s effort to correct its mistakes and it’s good to see that Google is back in the default slot (Disclaimer: TechCrunch is part of Oath, Verizon’s roll-up of AOL and Yahoo, though nobody at TechCrunch that I know has ever willingly used Yahoo Search).
When Mozilla announced the Yahoo deal in 2014, it said that this was a five-year deal. Those five years are obviously not up yet. We asked Mozilla for a bit more information about what happened here.
“We exercised our contractual right to terminate our agreement with Yahoo! based on a number of factors including doing what’s best for our brand, our effort to provide quality web search, and the broader content experience for our users. We believe there are opportunities to work with Oath and Verizon outside of search,” Mozilla Chief Business and Legal Officer Denelle Dixon said in a statement. “As part of our focus on user experience and performance in Firefox Quantum, Google will also become our new default search provider in the United States, Canada, Hong Kong and Taiwan. With over 60 search providers pre-installed as defaults or secondary options across more than 90 language versions, Firefox has more choice in search providers than any other browser.”
As Recode reported last year, there was a clause in the Mozilla deal that would have the potential Yahoo acquirer pay $375 million per year through 2019 if Mozilla didn’t want to work with the buyer. This clause also allowed Mozilla to walk away at its sole discretion. We don’t know if Mozilla invoked this clause to terminate the agreement, but it seems likely.
This move makes Google Mozilla’s default search engine in most of the world, with the exception of China, where the default is Baidu, and Russia, Turkey, Belarus and Kazakhstan, where Yandex is the default.
Historically, search engine royalties have been the main revenue driver for Mozilla. Back in 2014, the last year of the Google deal, that agreement brought in $323 million of the foundation’s $330 million in total revenue. Neither Google nor Mozilla discussed the financial details of this new deal, though once Mozilla releases its annual financial statement, we’ll get a better idea of what that looks like.
One of the biggest upsides of the internet is that people from all over the world now have access to virtually anyone anywhere. Everyone is just an email away.
That’s also the problem. That same accessibility has left people, businesses and organizations open to attack.
In headline after headline, crippling cyberattacks are highlighting in bright neon the new insecurity of our digital era.
One of the most preferred methods of attack is phishing — a.k.a. spear phishing. That is, by sending fraudulent e-mails with legitimate-seeming details, hackers can now impersonate almost anyone’s identity — and they are.
People on the receiving end of these phishing attacks, such as HR managers and company executives, have been tricked into sending fraudsters employee W-2s or wiring tens of millions of dollars into the attacker’s bank account, not to mention giving away access to their inboxes and every one of their contacts.
Here’s the thing: There’s a readily available tool to fix the problem. And it’s mind-boggling that, despite the increasing severity of the problem, we’re not using it enough.
It’s time for that to change. The internet has to shift from its default mode of not authenticating emails to authenticating them.
Do that, and we’ll solve a whole host of problems.
The scope (and stakes) of the problem
Consider some of the biggest international news stories of the past year stemming from successful phishing attacks.
With the intent to affect both election outcomes, hackers used email phishing to hack the presidential campaigns of Hillary Rodham Clinton and Emmanuel Macron in France.
In business, Leoni, one of Europe’s biggest companies, got taken for $45 million in an e-mail scam. Here in Silicon Valley, Coupa had its W-2 forms hacked this past March. And phishing attacks will continue. The Anti-Phishing Working Group reported a 10 percent increase in phishing attacks between 2015 and 2016, and experts expect the number of attacks to increase even more. And, the IRS recently disclosed that the number of companies, schools, universities, and nonprofits victimized by W-2 scams (a kind of phishing attack) increased from 50 last year to 200 this year.
What’s at stake? A lot of money. Customer relationships. Consumer anxiety and potential election outcomes. A recent report in Infosecurity Magazine found the average cost of a spear phishing incident is $1.6 million. The FBI uncovered that phishing costs companies billions each year in a combination of lost funds, data breaches and irrecoverable consumer confidence. Plus, when a company is hacked via e-mail, it loses one of its prime methods for contacting its customers. The damage can remain unchecked for quite some time.
When it comes to phishing attacks, the problem isn’t just one person clicking the wrong link or opening the wrong attachment. The problem lies with the fact that hackers and cyber gangs can trick employees into responding in the first place.
One of the most important steps to prevent this kind of attack is to enable e-mail authentication, which will stop the most common kinds of phishing attacks before they can cause damage. Authentication screens out fraudulent e-mails before folks even receive them.
Everything else is authenticated. Why not email?
In the physical world, a building with a security camera system, a doorman or a security guard ensures that visitors are who they claim to be. In many cases, a visitor presents a valid ID for verification. Anyone who doesn’t match is turned away – no excuses.
The same logic should be applied to email. According to Technalysis’ most recent study, e-mail is still the number one form of business communication – whether inside the company or outside. Yet if the source of the e-mails is not authenticated, then no one knows for sure if the memo from your company’s CEO is really from her or if it’s sent by a cybercriminal in Macedonia spoofing her e-mail address.
Today, when most companies have switched their websites to HTTPS by default, locked down their Wi-Fi networks, and insist on access cards to identify and grant access to every employee who wants to come in through the front door, can we really still be relying on non-authenticated emails? Everything else is authenticated. Why aren’t we doing the same with email?
The good news is there’s an industry standard
Fortunately, every company can have a security guard for their emails, through a widely-accepted standard called DMARC (Domain-based Message Authentication, Reporting and Conformance). DMARC protects against phishing and e-mail spam by analyzing each incoming e-mail and making sure that the sender is authorized by the domain that appears in the “From” field of the e-mail.
It also allows organizations to block fraudulent activity by specifying that emails from any non-authorized senders be automatically deleted or sent to spam. For those looking for more detail into how DMARC works, here’s an overview piece or a very in-depth blog series I’d recommend.
The good news is DMARC has become a nearly universal standard of authentication, which means that once a domain publishes a DMARC policy, it applies to all incoming email received by almost every major email service provider around the world. Email service providers such as Google, Yahoo, Microsoft and AOL have publicly adopted the standard. And according to DMARC.org, 2.7 billion email inboxes worldwide are using DMARC.
As effective as DMARC is, it’s hard to implement and when installed manually, it’s easy to make errors that make the configuration ineffective. It’s important to note that Google and Microsoft have implemented DMARC on the receiving side (meaning they check DMARC records for inbound messages, if the apparent sending domain has published a DMARC record) but they do not automatically implement it for senders. If you own a domain, take the additional steps to authenticate email sent from that domain, even if you’re using Google or Microsoft.
Flickr, the once Yahoo-owned photo-sharing site that’s now a part of Verizon*, is getting out of the photo book printing business, and is shutting down the feature that allowed users to turn photos into professional-quality wall art. In an email sent to users this week, Flickr said that it was turning over photo books to publishing service Blurb as of October 16, 2017, but the wall art service was simply being terminated.
An older internet brand, Flickr over the years has suffered from a lack of attention and resources, while other companies began stepping up their efforts in the photo-hosting and photo-sharing space, including Facebook, Google, Apple, and Amazon, among others.
But under Yahoo CEO Marissa Mayer, there was a renewed investment in Flickr, following the acquisition of several companies, including Ghostbird, IQ Engines and LookFlow, aimed at improving Flickr’s software and its image recognition smarts, among other things.
In 2013, Flickr announced the introduction of photo books as a native feature of its platform – you could just hover over a Flickr set to generate your book. Before, Flickr had allowed third-party sites to enable photo book creation using its photos, but this effort was the first time Flickr had created its own in-house tool for the process.
The following year, Flickr expanded on its photo book offering to allow users to turn personal photos into wall art. Shortly after, it opened this up to pro photographers, too, so they could sell their photography as wall art to other Flickr users, making Flickr more competitive with sites like 500px, for example.
It’s unclear how successful either of these two programs have been, but it’s worth noting that offering photo books today seems to be a baseline feature for any photo-hosting and sharing service today.
For example, Apple offers a suite of print products via Photos and iPhoto for Mac, including photo books, calendars, cards, and prints. Amazon last fall took on Shutterfly with its own photo printing service, and Google upgraded its Photos app with support for photo book creation earlier this year.
However, the fact that there is now so much competition could also have contributed to Flickr’s decision to shut down its print businesses. There are plenty of other places today to order prints and wall art. Plus, Flickr’s own service was a little pricey ($35 for 20 pages, higher than Apple’s books), but without key advantages in terms of customization or ease-of-use to really differentiate it as better than alternative offerings.
The company says it’s offering Flickr Pro members a $35 credit towards their first Blurb order and another $35 towards a second order of $70 or more when they renew. Meanwhile, users who had started a photo book or wall art order on Yahoo but hadn’t yet finished it will have until December 1, 2017 to wrap things up. Order history will also disappear after that date.
In Flickr’s user forums, members don’t seem too upset about the shutdowns, saying that the news is “not surprising” or that they “understand the move.” Others noted photo printing was just not something they do, or not something they turned to Flickr for.
*Disclosure: TechCrunch parent Oath is also owned by Verizon.
Internet giant Yahoo’s massive 2013 security breach has dealt the company yet another blow.
Today Yahoo sent out a notice disclosing that a further investigation of the 2013 breach has produced new evidence. The company now believes that all of its three billion accounts were impacted, not 1 billion as it previously thought. This will include all people who have Yahoo emails, and all people who had registered for any other Yahoo service like Flickr or fantasy sports.
The company, now a part of Oath after it was acquired by Verizon for $4.5 billion and merged with AOL (which also owns TechCrunch), said that it discovered the new evidence while integrating the companies.
It tried to mitigate the blow today by noting that when the 2013 breach was discovered and disclosed — in 2016 — the company “took action to protect all accounts.”
Those measures involved directly notifying impacted users “identified at the time,” requiring password changes and invalidating unencrypted security questions and answers so that they could not be used to access an account. Because Yahoo said it took action to protect all accounts previously, “No additional notifications regarding the cookie forging activity are being sent in connection with this update.”
This is not just a major blow to public confidence in Yahoo, but to Verizon, which had already received a discount of $350 million on its acquisition price for the company because of the initial findings from the breach.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
For affected accounts, Yahoo said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.
“The investigation indicates that the information that was stolen did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected,” said the company. More details here.
Coupled with the revelation in September of the Equifax breach, today’s developments tell a dark story about how some of the biggest and oldest institutions on the web are some of the most vulnerable to malicious hackers.
Yahoo’s provided a list of guidelines for what to do to secure your account. And whether you are still sticking with the company after all this, or whether you are using other services, they are generally good rules of thumb if you don’t follow them already:
Apps that provide account keys to eliminate you needing to use passwords at all can also be useful.
The full notice from Yahoo is below:
NEW YORK, N.Y., October 3, 2017-Yahoo, now part of Oath, today announced that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016. At that time, Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected. In 2016, Yahoo took action to protect all accounts, including directly notifying impacted users identified at the time, requiring password changes and invalidating unencrypted security questions and answers so that they could not be used to access an account. Yahoo also notified users via a notice on its website.Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”Additional information regarding this issue is available on the Yahoo 2013 Account Security Update FAQs page, https://yahoo.com/security-update.
AtScale, a four-year old startup that helps companies get a big-picture view of their big data inside their BI tools, announced a $25 million Series C investment today.
The round was led by Atlantic Bridge with participation from new investors Wells Fargo and Industry Ventures along with returning investors Storm Ventures, UMC, Comcast and XSeed Capital. With today’s investment, the company has raised $45 million.
AtScale founder and CEO Dave Mariani was one of the big data pioneers at Yahoo in the 2009 and 2010 timeframe and he saw a big problem with big data. He was able to use Hadoop, which was originally developed at Yahoo about that time, to extract big data, but when it came to translating that much data for business users, there was a problem.
It required taking the data and reducing the scope to make it useable for the business intelligence tools that line of business employees were using. “I spent my time making data small for analytics. It was like sipping data through a straw,” Mariani explained. He felt it was a wrong-headed approach, and as more companies faced the same issue, he saw a business opportunity if he could figure out a solution.
“A sense of urgency comes from [big data] pioneers who took a leap to big data and implemented Hadoop. They have this ‘Oh shit!’ moment where they realize none of their BI tools can talk to this, and they can’t provide any value. They are looking for a solution to that problem,” he said.
AtScale purports to solve all of that by providing a middleware type of solution. It allows companies who have been dealing with data snapshots, instead of the whole picture, to present the data to BI tools in such a way that they don’t have to settle for that small data view.
“We take a bunch of data silos and put a semantic layer across the data platforms and expose them in a consistent way,” Mariani said. That allows companies to see all of the data without cutting it into small chunks to make it work across these disparate sources.
While data is the lifeblood of any organization, Mariani says that companies like Home Depot, Allstate, Kraft-Heinz and American Express have been willing to take a chance with a startup because there simply are no big companies solving this problem right now and there is a real pain point inside these companies.
The company launched in 2013, and they have been selling the solution since 2016. They currently have 95 employees, but that is likely to increase over the next given the new influx of capital.
Having successfully founded and exited a couple of software companies, Tomfoolery (sold to Yahoo) and Rally Up (sold to AOL), Sol Lipman has made his move into dog wellness with the launch of YaDoggie.
YaDoggie aims to help dog parents take a holistic approach to caring for their pups. And it has an impressive group of tech investors on board, including Oath CEO Tim Armstrong (my boss’s boss) and Jacqueline Reses, Square’s chief human resources officer. But instead of defining itself as a dog tech company, YaDoggie is positioning itself as a dog wellness company using technology to make things better.
“We have a responsibility to think of ourselves as a dog and pet wellness company first,” Lipman said.
YaDoggie’s core offerings are healthy, grain-free kibble, treats and a smart scoop, which will cost $49. The food comes in three recipes, buffalo/duck, lamb and sweet potato and limited ingredient turkey and pea — none of which include rice, corn, wheat or soy.
Lipman, a dog parent himself, knows about the complexities of having a dog and not knowing if someone else in the house has already fed it. In his house, he connected a SmartThings Hub and motion monitor to let him know when the dog was getting fed.
“We’re literally feeding our dogs to death in the U.S.,” Lipman said.
The bluetooth-enabled smart scoop, which will launch in November, connects with your smartphone to let everyone in the house know when the dog has been fed. When you pick up the scoop, an LED light will flash green if the dog needs to be fed or red if the dog has already been fed.
“We thought to build a device to measure food, notify people in the household that the dog has been fed and allow them to know they’re about to run out of food,” Lipman said.
He calls this “predictive shipping” in contrast to the type of automated shipping you see from startups like Blue Apron. Instead of shipping automatically, YaDoggie’s algorithms predict when you’re about to run out of food and then proceeds to ship it. The dog parent can, of course, make adjustments online and either delay, expedite or pause shipments.
For a 40-pound dog, a subscription to Ya Doggie costs $50 a month, including shipping. Pricing, of course, varies on the size of the dog. Down the road, YaDoggie would be open to selling its products at retail locations, like a Blue Bottle Coffee location for pre-existing YaDoggie customers, but that’s not on the roadmap as of now.
“Pet retail,” Lipman said. “I don’t think it’s where we want to be.”
Looking at the roster of tech’s most notable acquisitions is like opening a time capsule not just of companies, but of the attitudes that surrounded them. For example, Facebook’s purchase of WhatsApp makes total sense now, but when the deal was announced in 2014, a lot of people, especially in the U.S., didn’t quite grasp why a messaging app was worth $19 billion. This is a list of tech deals from the past half decade that were surprising because of their size, impact or seeming randomness. Some have paid off, while others (cough*Microsoft-Nokia*cough) remain head-scratchers.
U.S. carrier Verizon has launched a new rewards program as it pushes for more lucrative ways to eke money out of a subscriber base that’s not growing as easily as it once was. (Disclosure: Verizon is the parent company of TechCrunch’s parent, Oath (formerly AOL; Oath being formed from the merging of AOL and Yahoo)
As the WSJ notes, the more than 600,000 subscribers the company added in the last quarter had to be wooed with cut prices and revived unlimited data offerings — so that type of growth is more costly to its bottom line. While revenue generated by the company’s core wireless business in 2016 was 2.7 per cent down on the year before.
Verizon is therefore intent on transforming into an “information company” which sells “experiences” on top of connectivity, and looks for ways to “optimize the monetization” — including making use of machine learning and AI, as the company’s EVP and president, Ronan Dunne, put it in comments at a conference last month. (For “optimize the monetization” read: target ads to our existing subscriber-base to ramp up our share of the digital advertising market.)
In a promo video for Verizon Up, as the new program is called, the wireless giant claims its motivation for giving customers who sign up for the program one credit (which is good for one reward) for every $300 they spend on their monthly bill — which they can redeem on a variety of offers from Starbucks coffee to TV shows to movie premiers to concert tickets — is “just because you’re with Verizon”. “Because, thanks,” they add.
Of course the truth is rather less one-sided.
A legal disclaimer on the Verizon Up sign up page notes that only those customers who sign up for Verizon Select are eligible for the rewards program. So what is Verizon Selects? It’s Verizon’s ad-targeting program, which targets marketing based on users’ personal data.
So, in plain English, Verizon is saying: let us use your browsing, location, interests and other personal data for marketing purposes — and we’ll let you participate in our earn-rewards program.
Verizon Selects targets ads based on users’ web browsing, app usage, device location, use of Verizon services and “other information about you (such as your postal/email addresses, demographics, and interests)” — sharing this information with Oath (aka the digital media entity formed after the recent merging of Verizon acquisitions, AOL and Yahoo) in order to power wider ad-targeting of Verizon users across its devices and services.
The data is also being used to personalize the rewards individual users see in Verizon Up, the company’s FAQ says.
The wider context here is that Oath is Verizon’s bid to better compete for digital ad spend with the personal-data-harvesting ad-targeting specialists of the Internet: aka Google and Facebook.
Regulation of how telcos can use personal data has typically been tighter than for Internet services but earlier this year the FCC reversed tighter privacy rules for broadband providers — thereby giving giants like Verizon more room for their data-harvesting, ad-tracking manoeuvres.
Interestingly, Verizon is not auto-enrolling all users in the rewards/data-sharing program — so is evidently taking things a little more cautiously than it could technically, given the current lack of a robust regulatory framework covering U.S. ISP privacy.
As TechCrunch wrote in March, when the broadband privacy rules were reversed —
— with only the potential possibility of the FTC regaining privacy oversight of ISPs in future to provide some pause for thought in how wireless providers go about sucking up and sharing their customers’ data.
Writing in the Hill in March, at the time of the broadband privacy rule reversal, FTC commissioner Terrell McSweeny warned of what she couched as “part of a larger effort to substantially shift the risks of data security from companies to consumers and to weaken consumer privacy choices”.
Even so, ISPs face the risk of losing customers’ trust if they are perceived to be playing fast and loose with their privacy — so perhaps a sense of needing to balance these sorts of trust issues is feeding into Verizon’s decision to make the program opt-in, as well as wider regulatory considerations.
On the latter, earlier this year Verizon agreed to paid a $1.35M fine to the FCC which had been investigating its user of so-called “supercookies” to target ads — and also agreed it would ask users to opt-in before sharing data with third parties. So that penalty is serving as a recent ‘regulatory considerations’ reminder.
Commenting about the new Verizon Up program to the WSJ, Diego Scotti, Verizon’s chief marketing officer, pointed to tech giants like Google and Facebook, saying: “Some of our competitors, they have exactly the same thing, it’s just buried in the terms and conditions of the service. We are not hiding anything.”
Although there’s still at least a technical difference between an Internet application that people choose to use, like Facebook, and an ISP that provides Internet connectivity, with only limited alternatives for accessing the Internet if someone wants to ditch their ISP (even if lots of web users might feel they cannot easily ditch Facebook or Google, either).
Verizon users opting to share their personal data with Oath for ad-targeting purposes can withdraw their consent (via logging in to a preferences page) — however an FAQ on the program suggests that users’ data is unlikely to be immediately deleted. “Information used for Verizon Selects while you are a participant may be kept for up to three years,” it states.
“Information previously collected may continue to be used for analytics and modeling purposes,” the FAQ further notes.
We’ve reached out to Verizon with questions and will update this post with any response.
(US) Dynamite Studio - Join the Loyalty Program and Receive 30% off 1 Regular Price Item on Your Birthday!
Start: 17 Aug 2017 | End: 01 May 2018
Limited Time Markdowns! Classic Suit Jackets and Pants Now 60% Off! Get This Deal Before it's Too Late!
Start: 20 Oct 2017 | End: 31 Jan 2018