Security flaw in French government messaging app exposed confidential conversations

    Summary
    The French government just launched its own messaging app called Tchap in order to protect conversations from hackers, private companies and foreign entities. But Elliot Alderson, also known as Baptiste Robert, immediately found a security flaw. He was able to create an account even though the service is supposed to be restricted to government officials. Tchap wasn’t built from scratch. The DINSIC, France’s government agency in charge of all things digital, forked an open source project called Riot, which is based on an open source protocol called Matrix. In a few words, Matrix is a messaging protocol that features end-to-end encryption. It competes with other protocols, such as the Signal Protocol that is widely used by consumer apps, such as WhatsApp, Signal, Messenger’s secret conversations and Google Allo’s incognito conversions — Messenger and Allo conversations aren’t end-to-end encrypted by default. Riot is a Matrix client that works on desktop and mobile. You can join rooms, start private conversations, share photos and do everything you’d expect from a modern messaging app. Here’s what it looks like: Developing Tchap became essential as Emmanuel Macron’s campaign team relied heavily on Telegram — the French government still uses Telegram and WhatsApp for many sensitive conversations. By default, Telegram *doesn’t* use end-to-end encryption. In other words, people working for Telegram could easily read Macron’s conversations. It’s a serious security weakness. Similarly, you don’t want the Ministry of Defense to use Slack to talk about sensitive operations. The U.S. government could potentially issue a warrant to access those conversations on Slack’s servers. Tchap features end-to-end encryption, and encrypted messages are stored on French servers. Access is restricted to government officials as you need to have an active email address that ends in @something.gouv.fr, or in @elysee.fr. Yesterday, Alderson found out that you can create an account and access public channels even if you don’t have an official address. Adding @elysee.fr at the end of his email address was enough to receive the confirmation email to his real email address. Alderson quickly disclosed the bug to the Matrix team. Matrix quickly issued a fix and deployed it. It was related to the identification system used by the French government. We provided a fix which was deployed around 13:00 CET; the issue had not been exploited other than by @fs0c131y. We’re currently doublechecking for any instances of the same problem in other deployments. — Matrix (@matrixdotorg) April 18, 2019 According to Alderson, there’s a bug in the parsing method used in a well-known Python module. The bug hasn’t been fixed since July 2018. The good news is that Tchap is officially launching today. The DINSIC managed to fix this security flaw just in time before the official launch and somebody could leverage it. In its press release, the government says that the DINSIC will launch a bug bounty program to identify other vulnerabilities.

    Sequoia reveals first cohort for its ‘Surge’ accelerator program in India and Southeast Asia

    Summary
    Back in January, Sequoia India announced plans for its first early-stage startup accelerator program in India and Southeast Asia, and today the firm announced its first cohort of 17 startups. To recap, the program — which is called Surge — gives each startup a $1.5 million check and participation in a four-month program that’s split across India and Singapore, as well as the wider Sequoia global presence in China and San Francisco. The program kicked off last month, but the startups were only unveiled for the first time today — here they are: - Azani Sports: a ‘full stack’ sports clothing startup based in India that sells online and through selected high street retails - Bobobox: a capsule hotel company based in Indonesia - Bulbul: a live-streaming service with a focus on e-commerce across India - DancingMind: a Singapore startup that uses VR to enable remote for stroke victims and patients of debilitating diseases like Parkinson’s - Doubtnut: an India-based education startup that uses photos, videos and AI - Flynote: a travel booking service with a focus on personalized trips - Hippo Video: a platform developing, editing and analyzing marketing and sales videos - InterviewBit Academy: a computer science training and development platform in India — that’s not unlike recent Y Combinator graduate Skill-Lync - Khatabook: an accounting service for SMEs in India that already claims 120,000 weekly users - Qoala: a micro-insurance startup based in Indonesia, which competes with rivals like PasarPolis — which is backed by three of Indonesia’s unicorns - ShopUp: a social commerce startup that helps sellers in Bangladesh do business through Facebook — that’s a similar concept to established Indian startups Meesho (another YC alum) and LimeRoad which enable sellers on WhatsApp - Skillmatics: a startup headquartered in India that develops learning games for pre-school and primary school kids aged under 10 - Telio: a b2b commerce platform that aims to digitize the process of brands and wholesalers selling to retailers - Uiza: a Singapore-Vietnam startup that lets publishers and companies develop their own video infrastructure independent of platforms like YouTube - Vybes: an e-commerce platform for social media influencers that’s based out of Singapore - Zenyum: a startup that provides invisible braces for consumers in Southeast Asia at a lower cost than traditional alternatives There’s one additional startup which is being kept ‘under the radar’ for now, Sequoia said. Sequoia India managing director Shailendra Singh previously told TechCrunch that Surge would support a ‘curated’ selections of fellow VCs who could invest alongside in the cohort alongside the firm, and Sequoia said that the 17 startups have attracted a total of $36 million in investment. A spokesperson also pointed out that five of the selection have at least one female co-founders, which is almost certainly above average for the region although it is tricky to get reliable data covering India and (in particular) Southeast Asia. Surge is an interesting effort for Sequoia, which has traditionally played in post-seed and growth stages of the investment cycle. Sequoia closed its most recent fund for India and Southeast Asia at $695 million last year, and it also has access to a globally active ‘growth’ fund that is targeted at $8 billion. Reports have suggested that Surge will get its own sparkling new $200 million fund, which would make a lot of sense given the potential conflict and confusion of investing via its main fund. But the firm is declining to comment on that possibility for now. One major addition to the program that has been confirmed, however, is Rajan Anandan, the executive who previously ran Google’s business in India and Southeast Asia and is a well-known angel investor. His arrival was announced earlier this month and he will lead the Surge initiative. His recruitment is a major win for Sequoia, which is betting that Surge’s early stage push will reap it richer dividends in India and Southeast Asia. That part remains to be seen, but certainly, there is a dearth of early-stage programs in both regions compared to other parts of the world. Sequoia goes after early-stage with an accelerator program in India and Southeast Asia

    Uber’s self-driving car unit raises $1B from Toyota, Denso and Vision Fund ahead of spin-out

    Summary
    Uber’s has confirmed it will spin out its self-driving car business after the unit closed $1 billion in funding from Toyota, auto-parts maker Denso and SoftBank’s Vision Fund. The development has been speculated for some time — as far back as October — and it serves to both remove a deeply-unprofitable unit from the main Uber business: helping Uber scale back some of its losses, while giving Uber’s Advanced Technologies Group (known as Uber ATG) more freedom to focus on the tough challenge of bringing autonomous vehicles to market. The deal values Uber ATG at $7.25 billion, the companies announced. In terms of the exact mechanics of the investment, Toyota and Denso are providing $667 million with the Vision Fund throwing in the remaining $333 million. The deal is expected to close in Q3, and it gives investors a new take on Uber’s imminent IPO, which comes with Uber ATG. The company posted a $1.85 billion loss for 2018, but R&D efforts on ‘moonshots’ like autonomous cars and flying vehicles dragged the numbers down by accounting for over $450 million in spending. Moving those particularly capital-intensive R&D plays into a new entity will help bring the core Uber numbers down to earth, but clearly there’s still a lot of work to reach break-even or profitability. Still, those crazy numbers haven’t dampened the mood. Uber is still seen as a once-in-a-generation company, and it is tipped to raise around $10 billion from the IPO, giving it a reported valuation of $90 billion-$100 billion. Like the spin-out itself, the identity of the investors is not a surprise. The Vision Fund (and parent SoftBank) have backed Uber since a January 2018 investment deal closed, while Toyota put $500 million into the ride-hailing firm last August. Toyota and Uber are working to bring autonomous Sienna vehicles to Uber’s service by 2021 while, in further proof of their collaborative relationship, SoftBank and Toyota are jointly developing services in their native Japan which will be powered by self-driving vehicles. The duo also backed Grab — the Southeast Asian ride-hailing company that Uber owns around 23 percent of — perhaps more aggressively. SoftBank has been an investor since 2014 and last year Toyota invested $1 billion into Grab, which it said was the highest investment it has made in ride-hailing. “Leveraging the strengths of Uber ATG’s autonomous vehicle technology and service network and the Toyota Group’s vehicle control system technology, mass-production capability, and advanced safety support systems, such as Toyota Guardian, will enable us to commercialize safer, lower cost automated ridesharing vehicles and services,” said Shigeki Tomoyama, the executive VP who leads Toyota’s ‘connected company’ division, said in a statement. Here’s Uber CEO Dara Khosrowshahi’s shorter take on Twitter Excited to announce Toyota, Denso and the SoftBank Vision Fund are making a $1B investment in @UberATG, as we work together towards the future of mobility. pic.twitter.com/JdqhLkV7uU — dara khosrowshahi (@dkhos) April 19, 2019 Uber files for IPO

    Boston Dynamics debuts the production version of SpotMini

    Summary
    Last year at our TC Sessions: Robotics conference, Boston Dynamics announced that SpotMini will be its first commercially available product. A revamped version of the product would use the company’s decades of quadrupedal robotics learnings as a basis for a robot designed to patrol office spaces. At today’s event, founder and CEO Marc Raibert took to the stage to debut the production version of the electric robot. As noted last year, the company plans to produce around 100 models this year. Raibert said the company is aiming to start production in July or August. There are robots coming off the assembly line now, but they are betas being used for testing, and the company is still doing redesigns. Pricing details will be announced this summer. New things about the SpotMini as it moves closer to production include redesigned components to make it more reliable, skins that work better to protect the robot if it falls and two sets of cameras on the front and one on each side and the back, so it can see in all directions. The SpotMini also has an arm (with a hand that’s often mistaken for its head) that is stabilized in space, so it stays in the same place even when the rest of the robot moves, making it more flexible for different applications. Raibert says he hopes the SpotMini becomes the “Android of robots” (or Android of androids), with navigation software and developers eventually writing apps that can run in and interact with the controls on the robot. SpotMini is the first commercial robot Boston Dynamics is set to release, but as we learned earlier, it certainly won’t be the last. The company is looking to its wheeled Handle robot in an effort to push into the logistics space. It’s a super-hot category for robotics right now. Notably, Amazon recently acquired Colorado-based start up Canvas to add to its own arm of fulfillment center robots. Boston Dynamics made its own acquisition earlier this month — a first for the company. The addition of Kinema will bring advanced vision systems to the company’s robots — a key part in implementing these sorts of systems in the field.

    Netflix to open a production hub in New York and invest up to $100 million in the city

    Summary
    Start spreading the news. Netflix is coming to New York City in a big way. The streaming media service has committed to invest up to $100 million to build a production hub and hire hundreds of new staffers in the Big Apple, according to a statement from Governor Andrew M. Cuomo. Netflix’s new production hub will include an expanded Manhattan office and six sound stages in Brooklyn that could bring hundreds of executive positions and thousands of production crew jobs to New York within the next five years, according to a statement from the Empire State Development Corp. “New York has created a film-friendly environment that’s home to some of the best creative and executive talent in the world, and we’re excited to provide a place for them at Netflix with our production hub,” said Jason Hariton, director of Worldwide Studio Operations & Real Estate at Netflix, in a statement. The new corporate offices Netflix has planned will occupy 100,000 square feet in Manhattan at 888 Broadway, housing 127 new executive content acquisition, development, production, legal, publicity and marketing positions. They’ll join the 32 employees Netflix currently has in New York. Netflix already produces Orange Is the New Black, Unbreakable Kimmy Schmidt, She’s Gotta Have It, The Irishman, Someone Great, Private Life and Russian Doll in New York and has leased 161,000 square feet to build sound stages and support spaces in Brooklyn’s East Williamsburg neighborhood. To sweeten the pot for Netflix, the Empire State Development Corp. has offered $4 million in performance-based Excelsior Tax Credits over 10 years, which the corporation says are tied to real job creation. To receive the incentive, Netflix must create 127 jobs by 2024 at its executive production office and retain those jobs for another five years.

    Chipzel has spent a decade making incredible music with Game Boys

    Summary
    [image: Chipzel at Blip Fest in 2011.] When Niamh Houston was around four years old, she and her sister received a Game Boy and a copy of *Super Mario Land* for Christmas. Along with the game and handheld, they also had a tiny speaker that plugged into the Game Boy’s headphone jack, amplifying the sound. For Houston, her earliest memories aren’t of collecting coins in the game or exploring the Mushroom Kingdom. “I remember the music the most,” she says. “It was really raw and beautiful, and unlike anything else that you’d hear.” That little speaker would have a big impact on her. Today, Houston is better known by her stage name Chipzel; she’s one of the most iconic performers in the chiptune scene, where musicians make new songs using old video game hardware. Today she travels... Continue reading…

    How to protect your privacy on YouTube

    Summary
    YouTube has become a ubiquitous part of our online world, one where privacy is an issue. Your video-watching habits may be open for the world to see, along with your likes, dislikes, and more. If you create and upload videos, you could accidentally give away private information like your address or phone number. Here’s how to protect your privacy as much as possible when using the popular video site. Instructions are here for using YouTube on the web and via a mobile app; I used the mobile app on an iPhone, but the Android version should work about the same. Hide your video preferences Start off by controlling two of your most important privacy settings: your watching habits and likes. On the web - Go to your YouTube... Continue reading…

    How the Mueller report indicts social networks

    Summary
    [image: U.S. Attorney General William Barr speaks about the release of the redacted version of the Mueller report at the Department of Justice this week.] In many ways, our cultural reckoning over social networks and the internet in general began at the end of 2016. Russia had waged information warfare against the United States during our presidential election, and Donald Trump won a surprising victory over Hillary Clinton. Much of that warfare took place on our social platforms, and while we will never be able to quantify their precise effect on the outcome, a forensic analysis of the election by one of our foremost political scientists concluded that Russia very likely delivered a victory to Trump. Partisan rancor has prevented a serious investigation of Russian interference from taking place at the Congressional level. And so the world has waited for the next-best thing: the arrival of... Continue reading…

    Foxconn insists it’ll start building Wisconsin LCD plant this summer

    Summary
    [image: <em>President Trump and CEO Terry Gou at the groundbreaking for the Foxconn plant in Wisconsin.</em>] Foxconn on Friday reiterated its plans to build an LCD display manufacturing plant in Wisconsin starting this summer, two days after the state’s governor said he wanted to revisit the deal. “Foxconn remains committed to our contract,” the company said. The news, first reported by *Reuters*, comes after Wisconsin governor Tony Evers cast doubt on the deal that includes giving Foxconn $4 billion in tax breaks. “Foxconn’s commitment to job creation in Wisconsin remains long term and will span over the length of the WEDC (Wisconsin Economic Development Corporation) contract and beyond,” the company said in a statement. “The present contract deals with a situation that no longer exists” On Wednesday, Governor Evers raised doubts about Foxconn... Continue reading…

    Uber’s self-driving unit gets $1 billion investment from SoftBank and Japan’s auto industry

    Summary
    Uber CEO Dara Khosrowshahi announced this evening a $1 billion investment from Japanese conglomerate SoftBank’s Vision Fund, car maker Toyota, and automative component supplier Denso. The news confirms an article from *The Wall Street Journal* published earlier this week reporting that Uber was close to securing funding for its autonomous division, called Uber Advanced Technologies Group, or UberATG. Khosrowshahi announced the investment with a tweet, which included a photo of the chief executive alongside executives from SoftBank, Toyota, and Denso. According to the accompanying press release, the capital injection values Uber’s self-driving unit at $7.25 billion, ahead of the company’s official initial public offering likely later this... Continue reading…

    BlackBerry's marginally upgraded, red-accented KEY2 is out today

    Summary
    The BlackBerry KEY2 Red Edition lands in the US today with double the storage out of the box (128GB). More of a stop-gap than a sequel, the handset also packs Hub+ software improvements and refreshed versions of the BlackBerry Hub and BlackBerry Cale...

    Facebook AI turns real people into controllable game characters

    Summary
    Facebook's AI Research team has created an AI called Vid2Play that can extract playable characters from videos of real people, creating a much higher-tech version of '80s full-motion video (FMV) games like Night Trap. The neural networks can analyze...

    Netflix experiments with a random play button

    Summary
    Sometimes you just don't want to think. Who cares if it makes no narrative sense, let's just watch a random episode of your favorite show. For some Netflix users, they can throw caution to the wind. As spotted by Android Police, the streaming service...

    The Morning After: The Weather Channel got hacked

    Summary
    Hey, good morning! You look fabulous. Add The Weather Channel to the list of ransomware victims, and we have some news about the Google vs. Amazon tiff. Also, the Child's Play remake will have Chucky terrorizing people via their smart-home devices....

    Google will block embedded browser log-ins to fight phishing

    Summary
    Embedded browsers within apps can be useful if you want to use an existing account from another service -- say, your Gmail log-in -- to access their features. However, they're also really easy to weaponize for man-in-the-middle types of phishing atta...

    Galaxy Note 10: Rumors, price, release date, specs and everything else - CNET

    Summary
    All the rumors swirling around Samsung's upcoming, ultra-luxe phone

    Beyoncé documentary Homecoming hits Netflix - CNET

    Summary
    Did you know there's a film about Beyoncé's 2018 Coachella performance? Yup.

    Man asks for Pixel 3 refund, gets 10 pink replacements instead - CNET

    Summary
    Talk about a shipping screwup.

    Boeing completes test flights for 737 Max software fix - CNET

    Summary
    The company's CEO says the updated MCAS software is in its final form after 127 test flights.

    Lyft sued by investors over sinking stock - CNET

    Summary
    The ride-hailing company's share price has dropped from $78 to $58 since its IPO kicked off.

    Live streaming is overdue for an overhaul. Here’s why.

    Summary
    For a while, it seemed like live streaming was going to be the future. Social media platforms like Facebook introduced a way for people to share their experiences in the moment, and some dedicated streaming platforms arose purely to satisfy the world’s demands for live streaming. Now, a variety of technical limitations, content problems, and user preferences are pressuring major tech companies to give live streaming a major overhaul. The question is, will this be enough to maintain live streaming’s trajectory as a visual medium of choice in the online world? Defining live streaming First, note that “live streaming” is… This story continues at The Next Web

    BlackBerry Messenger is shutting down after nearly 14 years (unless you pay)

    Summary
    Before there was WhatsApp, Facebook Messenger, or WeChat, there was BlackBerry Messenger. Launched in August of 2005, BBM was the first popular mobile chat to pull people away from text messages or desktop clients. Nearly 14 years later, the service will meet its end – unless you pay up. Since 2016, BBM has been managed by Emtek, which today announced the service would be shuttering on May 31 – at least the consumer version most people use. You can download the enterprise version of the app in the Play Store – and Apple’s App Store soon – but it’ll cost you… This story continues at The Next Web Or just read more coverage about: Blackberry

    Women in AI need better allies. Here’s how we can all help

    Summary
    Lin Classon, Director of Public Cloud Product at managed cloud provider Ensono and former Googler, has spent her entire career attending technology conferences – places where, unlike the public restrooms at most events, women tend to have the toilet all to themselves. The reason? Only about 25 percent of the speakers and audience of the average tech conference are female. That the science, technology, engineering, and mathematics fields have a problem with discrimination, harassment, and inequality towards women is a well-documented and almost universally known fact. But in the field of AI, where a lack of representation directly leads to… This story continues at The Next Web

    Facebook exposed millions more Instagram passwords than we realized

    Summary
    Facebook today revealed it’d discovered millions of improperly secured passwords on its server. So, you know… business as usual. Facebook revealed in March it’d discovered a cache of Facebook passwords being stored in plain text form — meaning several thousand Facebook employees who had access could have read them at any time. The company stated then that the passwords included those of “hundreds of millions of Facebook Lite users” and only (only?) “tens of thousands of Instagram users.” The company today updated the same post with this: “Since this post was published, we discovered additional logs of Instagram passwords being… This story continues at The Next Web Or just read more coverage about: Facebook,Instagram

    Scientists take DNA test, learn they’re cousins who’ve collaborated in science journal

    Summary
    When people submit their DNA to companies such as 23andMe for testing, they’re usually not too surprised to find out they have relatives they haven’t met. But, it’s a bit different when you realize you have a cousin who works in the same field, shares some colleagues and friends, and once collaborated with you on research that appeared in a science journal back in the 1970s. Byron Rubin and Bruce Gaber aren’t your average, run-of-the-mill septuagenarians. Rubin’s a PhD scientist and an incredible sculptor who works with metal to produce amazing recreations of molecular structures. Gaber is a gifted scientific… This story continues at The Next Web

    How to Cook With Weed—and a Dash of Tasty, Tasty Science

    Summary
    Mac and cheese. Peanut butter and jelly. Asparagus and … cannabis oil with a citrusy terpene profile? Welcome to the heady world of cannabis cuisine.

    Elon Musk’s Boring Company Inches Closer to Making Hyperloop a Reality

    Summary
    The company filed a sprawling environmental report for the Loop, a proposed network of tunnels that would move people from Baltimore to Washington in 15 minutes.

    The Nintendo Switch Is Finally Coming to China

    Summary
    The console is headed to shelves in the region thanks to technology company Tencent.

    You’re Not Getting Enough Sleep—and It’s Killing You

    Summary
    At TED 2019, neuroscientist Matthew Walker argued that sleep deprivation is having a catastrophic effect on our health and safety—here are all the ways.

    Moto G7 Review (All 3 Models): Which Moto G is Best?

    Summary
    We review the Motorola Moto G7, Moto G7 Power, and Moto G7 Play, three good reasons to consider a cheaper phone this year.

    Robot dogs pull truck and other tech news

    Summary
    BBC Click's Jen Copestake looks at some of the week's best technology stories.

    Robot news presenter causes a stir on Russian TV

    Summary
    The humanoid, named Alex, causes a stir as he makes his debut on state news channel Rossiya 24.

    Elon Musk swaps shots with Museum of English Rural Life

    Summary
    The Museum of English Rural Life now appears as Elon Musk on Twitter after he used their sheep picture.

    Facebook bans UK far right groups and leaders

    Summary
    A dozen named groups and individuals will be purged from the social network, it said.

    Facebook copied email contacts of 1.5 million users

    Summary
    The social network was grabbing email contacts of some new users for almost three years, it says.

`