Tresorit adds file restore to its e2e encrypted cloud storage service


Europe-based cloud storage startup Tresorit, which mainly focuses on selling to small to medium size businesses, has added a file restore feature to its e2e encrypted cloud storage platform. It’s touting this as a helpful feature if you’re trying to recover from a ransomware attack.

Or, more prosaically, if you’ve accidentally deleted something.

Here’s a GIF showing the file recovery feature in action:

The file restore feature covers files stored in Tresorit’s cloud and files synced locally to a user’s devices.

Obviously, if files are only stored locally and not backed up or synced to Tresorit’s cloud there’s no fallback restoration in the event of a ransomware infection. (While files stored in Tresorit’s cloud that not synced locally would not be affected by any local ransomware infection.)

Tresorit already had a file versioning feature, which allows users to recover any previously saved versions of their files. But it says the addition of file restore helps mitigate the types of ransomware attacks that encrypt files without deleting them first.

There’s no time limitation on the file restore option. Files can always be recovered so long as
the user hasn’t confirmed permanent deletion.

Which does mean, over time, the feature may end up eating into your storage limit — at least if you don’t tidy up and fully delete files you no longer need.

“Non-permanently deleted items count towards the storage space of a user. So, it requires some ‘housekeeping’ from the user,” confirms a Tresorit spokeswoman. “But it is easy to get rid of all these deleted items that a user doesn’t need by selecting ‘Remove deleted items’.”

Also helpful: Tresorit has announced it’s doubling the amount of storage space it offers for individual plans — with its premium (aimed at individuals) and solo (freelancers and professionals) plan users now getting 200GB and 200TB respectively.

Today it’s also introduced a new basic plan which it describes as a “more capable” free version —  intended to help external collaboration between its business users and their clients or partners (who may not be Tresorit users).

Last year it launched free subscriptions for NGOs and activists for whom strong privacy is not just a nice to have. And the spokeswoman tells us more than 100,000 people are now using its tools — which includes both consumer (so some non-paying) and business users.

“Almost two-thirds of our customers are European, led by the traditionally security and privacy conscious countries like Germany and Switzerland. The next biggest European markets are the UK and the Benelux-states. The second largest region is North-America (mostly the US),” she says, adding that Europe’s incoming update to its data protection framework is also driving local uptake.

“With only a few months to go until the GDPR, we are seeing an even higher demand for secure, end-to-end encrypted online services with European data centers. A lot of smaller companies are just starting the preparation for the GDPR, and looking for secure services they can easily switch to.”

Tresorit’s zero-knowledge e2e encryption architecture means that, unlike cloud storage giants like Dropbox, it cannot decrypt and access users’ files. So it cannot be subpoenaed to hand over content data itself.

Although it can provide some user and service activity data in exchange to lawful requests — such as names, email addresses, billing details and so on. The company recently started publishing a Transparency Report to list any government data requests it receives and provide details on how it handles such requests.

“During the period covered in this (from September 24, 2013, to November 30, 2017), we received one informal request from a Swiss police authority to retain certain user data, however, as there was no official decision by Swiss authorities on this case, in the end, we didn’t hand over any data,” the spokeswoman tells us.

“As a Swiss company, Tresorit is primarily subject to Swiss jurisdiction regarding data protection and criminal procedures. Without an official decision by a Swiss cantonal or federal authority, no information can be provided to foreign requests.”

Tandem launches a credit card that offers cashback and no fees when spending abroad


Tandem, the U.K. challenger bank that recently acquired the banking arm of the famous Harrods department store partly in order to get its banking license back on track, has launched its first banking product: a credit card that offers cashback on every purchase and no exchange fees when spending abroad.

The new card is designed to work with Tandem’s Personal Finance Manager (PFM) app, which you plug into your existing bank accounts and credit cards to get spending insights and set budgeting goals to help you better manage your money.

The challenger bank, like many other consumer-facing fintechs, wants to become your financial control centre from which it can connect to and offer financial services, either products of its own, such as the newly launched Tandem credit card, or through partnerships with other fintech startups or bigger providers. On that note, Tandem says it plans to offer a savings account in the near future.

Specifically, Tandem says its new credit card brings customers a competitive combination of cashback on all purchases (0.5 percent), no overseas transaction fees, a “market leading” exchange rate, and real time updates when you purchase.

It isn’t the only credit card of its ilk in the U.K. — there are a number of cashback-styled credit cards — although Tandem isn’t charging a monthly fee, which is certainly a draw. (Its APR of 18.9 percent isn’t the lowest on the market, however).

It also points to the startup bank’s initital “attack vector” (as Monzo’s Tom Blomfield calls each fintech’s entrance point): come for the cashback credit card and zero fees when spending abroad, and stay for the PFM and soon-to-launch savings deposit accounts.

The latter, of course, means as a licensed bank Tandem can begin lending out a portion of those deposits, which would begin to form the basis of a proven business model.

To that end, Tandem says it chose to launch with a credit card for multiple reasons. A credit card gives customers free protection on purchases over £100, so you’ll get your money back if, for example, a retailer goes bust. “On top of this, everyone needs some extra cash once in a while. Tandem want to be there when you need some money to cover an emergency cost,” says the self-described “Good Bank”.

Adds Ricky Knox, Tandem’s CEO, in a statement: “With our new banking license, our banking app and our new credit card, 2018 is going to be a great year for Tandem. We are looking forward to getting our colourful cards into the hands of customers – I can’t wait to start seeing customers tapping around town”.

Homie raises $4M to help London’s ‘Generation Rent’ find their next property


So bad is London’s housing crisis, which sees house prices make homeownership a pipe dream for many, a 2015 report by PWC reckons that by 2025 more than half of under 40 year olds will be living into rental properties.

The answer, of course, is to build more affordable and/or social housing, but that hot political potato is continually kicked to into the long grass and, even at its most optimistic, will take a generation to fix. In other words, so-called ‘Generation Rent’ is real and here to stay.

But one societal crisis is another startup’s opportunity, and we’ve already seen a number of companies crop up to serve the rental needs of Londoners and people living in other housing stock-starved cities.

These include consumer-facing apps like Acasa, which wants to make it easy to move from one houseshare to another, B2B services like the recently troubled Goodlord, which is digitising the rental process on behalf of lettings agencies, and a plethora of online estate agents, such as Open Rent, Home Made and Rentify, that help home owners rent out their property.

Another nascent proptech startup targeting ‘Generation Rent’ is London-based Homie, which might best be described as a concierge-style service that promises to save Londoner’s time, hassle and money when going in search of their next rental property. Today the company is disclosing that it has raised a further $4 million in Seed funding in a round led by Connect Ventures, with participation from Venture Friends, Seedcamp, and The Family. It brings total funding raised to date by Homie to $6 million since being founded in 2016.

Claiming to help renters “find, view and agree the homes they want in as little as three days,” the way Homie works is as follows:

You first enter your home search details and then get assigned your own Homie, a ‘personal agent’ that runs your home search and sends you a curated list of properties that matches your needs. That’s about as #Lazyweb as it comes.

Next up you’re asked to choose your favourites via the web-app and book viewings online at your preferred date and time. The Homie then schedules all viewings with multiple agencies into one tour. They then act as the your agent, accompanying you on a cab journey across London to visit your top ten properties, whilst offering “unbiased advice” on the area.

At this point you are probably wondering how all of this is viable from a unit economics point of view. Founder and CEO Alex Eid tells me Homie generates revenue by acting as a broker between renters and real-estate agents. “We make introductory fees from the agents we place the tenants in. Very much like the Deliveroo model,” he says.

Typical Homie customers are said to be students (“first time renters who don’t understand the real estate market, need to organise the logistics to move in with their friends, and need to find a solution that best fits their limited budget”), young professionals who have limited time to go house hunting, and millennial expats who need help figuring out the best place to live and navigating the market for the best value homes.

“Our direct competition are relocation agents, expensive private agents used by corporates to find accommodation for their employees moving from one city to another. An unaffordable option for most people,” says Eid.

“The main competition however is renters doing it themselves. They have no other option but to search multiple property sites and go through the hassle of contacting real estate agencies one by one to book single viewings. Homie is a first of its kind consumer brand for real estate services; provides a complete and tailored home search across the whole market, property scheduling, transportation and guidance”.

Facebook’s tracking of non-users ruled illegal again


Another blow for Facebook in Europe: Judges in Belgium have once again ruled the company broke privacy laws by deploying technology such as cookies and social plug-ins to track Internet users across the web.

Facebook uses data it collects in this way to sell targeted advertising.

The social media giant failed to make it sufficiently clear how people’s digital activity was being recorded, the court ruled.

Facebook faces fines of up to €100 million (~$124M), at a rate of €250,000 per day, if it fails to comply with the court ruling to stop tracking Belgians’ web browsing habits. It must also destroy any illegally obtained data, the court said.

Facebook expressed disappointment at the judgement and said it will appeal.

“The cookies and pixels we use are industry standard technologies and enable hundreds of thousands of businesses to grow their businesses and reach customers across the EU,” said Facebook’s VP of public policy for EMEA, Richard Allan, in a statement. “We require any business that uses our technologies to provide clear notice to end-users, and we give people the right to opt-out of having data collected on sites and apps off Facebook being used for ads.”

The privacy lawsuit dates back to 2015 when the Belgium privacy watchdog brought a civil suit against Facebook for its near invisible tracking of non-users via social plugins and the like. This followed an investigation by the agency that culminated in a highly critical report touching on many areas of Facebook’s data handling practices.

The same year, after failing to obtain adequate responses to its concerns, the Belgian Privacy Commission decided to take Facebook to court over one of them: How it deploys tracking cookies and social plug-ins on third party websites to track the Internet activity of users and non-users.

Following its usual playbook for European privacy challenges, Facebook first tried to argue the Belgian DPA had no jurisdiction over its European business, which is headquartered in Ireland. But local judges disagreed.

Subsequently, Belgian courts have twice ruled that Facebook’s use of cookies violates European privacy laws. If Facebook keeps appealing the case could end up going all the way to Europe’s supreme court, the CJEU.

The crux of the issue here is the pervasive background surveillance of Internet activity for digital ad targeting purposes which is enabled by a vast network of embedded and at times entirely invisible tracking technologies — and, specifically in this lawsuit, whether Facebook and the network of partner companies feeding data into its ad targeting system, have obtained adequate consent from their users to be so surveilled when they’re not actually using Facebook.

“Facebook collects information about us all when we surf the Internet,” explains the Belgian privacy watchdog, referring to findings from its earlier investigation of Facebook’s use of tracking technologies. “To this end, Facebook uses various technologies, such as the famous “cookies” or the “social plug-ins” (for example, the “Like” or “Share” buttons) or the “pixels” that are invisible to the naked eye. It uses them on its website but also and especially on the websites of third parties. Thus, the survey reveals that even if you have never entered the Facebook domain, Facebook is still able to follow your browsing behavior without you knowing it, let alone, without you wanting it, thanks to these invisible pixels that Facebook has placed on more than 10,000 other sites.”

Facebook claims its use of cookie tracking is transparent and argues the technology benefits Facebook users by letting it show them more relevant content. (Presumably, it would argue non-Facebook users ‘benefit’ from being shown ads targeted at their interests.) “Over recent years we have worked hard to help people understand how we use cookies to keep Facebook secure and show them relevant content. We’ve built teams of people who focus on the protection of privacy — from engineers to designers — and tools that give people choice and control,” said Allan in his response statement to the court ruling.

But given that some of these trackers are literally invisible, coupled with the at times dubious quality of ‘consents’ being gathered — say, for example, if there’s only a pre-ticked opt-in at the bottom of a lengthy and opaque set of T&Cs that actively discourage the user from reading and understanding what data of theirs is being gathered and why — there are some serious questions over the sustainability of this type of ‘pervasive background surveillance’ ad tech in the face of legal challenges and growing consumer dislike of ads that stalk them around the Internet (which has in turn fueled growth of ab-blocking technologies).

Facebook will also face a similar complaint in a lawsuit in Austria, filed by privacy campaigner and lawyer Max Schrems. In January Schrems prevailed against Facebook’s attempts to stall that privacy challenge after Europe’s top court threw out the company’s claim that his campaigning activities cancelled out his individual consumer rights. (Though the CJEU’s decision did not allow Schrems to pursue a class action style lawsuit against Facebook as he had originally hoped.)

Europe also has a major update to its data protection laws incoming in May, called the GDPR, which beefs up the enforcement of privacy rights by introducing a new system of penalties for data protection violations that can scale as high as 4% of a company’s global turnover.

GDPR means that ignoring the European Union’s fundamental right to privacy — by relying on the fact that few consumers have historically bothered to take companies to court over legal violations they may not even realize are happening — is going to get a lot more risky in just a few months’ time. (On that front, Schrems has crowdfunded a not-for-profit to pursue strategic privacy litigation once GDPR is in place — so start stockpiling the popcorn.)

It’s also worth noting that GDPR strengthens the EU’s consent requirements for processing personal data — so it’s certainly not going to be easier for Facebook to obtain consents for this type of background tracking under the new framework. (The still being formulated ePrivacy Regulation is also relevant to cookie consent, and aims to streamline the rules across the EU.)

And indeed such tracking will necessarily become far more visible to web users, who may then be a lot less inclined to agree to being ad-stalked almost everywhere they go online primarily for Facebook’s financial benefit. (The rise of tools offering tracker blocking offers another route for irate consumers to thwart online mass surveillance by ad targeting giants.)

“We are preparing for the new General Data Protection Regulation with our lead regulator the Irish Data Protection Commissioner. We’ll comply with this new law, just as we’ve complied with existing data protection law in Europe,” added Facebook’s Allan.

It’s still not fully clear how Facebook will comply with GDPR — though it’s announced a new global privacy settings hub is incoming. It’s also running a series of data protection workshops in Europe this year, aimed at small and medium businesses — presumably to try to ensure its advertisers don’t find themselves shut out of GDPR Compliance City and on the hook for major privacy legal liabilities themselves, come May 25.

Of course Facebook’s ad business not only relies on people’s web browsing habits to fuel its targeting systems, it relies on advertisers liberally dollars pumping in. Which is another reason consumer trust is so vital. Yet Facebook is facing myriad challenges on that front these days.

In a statement on its website, the Belgium Privacy Commission said it was pleased with the ruling.

“We are of course very satisfied that the court has fully followed our position. For the moment, Facebook is conducting a major advertising campaign where it shares its attachment to privacy. We hope he will put this commitment into practice,” it said. 

Featured Image: Tekke/Flickr UNDER A CC BY-ND 2.0 LICENSE

Sqreen wants to become the IFTTT of web app security


French startup Sqreen recently launched a Security Hub with dozens of plugins to put you in control of the security of your web app. In many ways, it feels like enabling tasks on popular automation service IFTTT.

Sqreen participated in TechCrunch’s Startup Battlefield and Y Combinator’s current batch. The vision of the product hasn’t changed. Sqreen lets you protect your web service with little effort from your side.

Big companies have dedicated security teams that protect services, try to run attacks to find weaknesses and more. Smaller companies don’t necessarily have enough time and money to build a dedicated team. But your product is still vulnerable to SQL injections, XSS attacks and brute-force attacks.

Sqreen isn’t a firewall. You just have to install a library package on your server and add a couple of lines at the top your source code to require the Sqreen module in your application.

Once this is done, Sqreen monitors attacks in real time without a big performance hit — the startup says there’s a 4 percent CPU overhead. Sqreen now works for web apps in Node.js, Ruby, PHP, Python or Java.

In addition to protecting you against common attacks, Sqreen makes security recommendations so that you can regularly fix vulnerabilities. And with GDPR coming soon, tech companies have a greater responsibility when it comes to protecting customer data and disclosing hacks.

Customers wanted to know more about what Sqreen was doing. That’s why Sqreen launched a security hub with documented plugins.

“All security vendors are very secretive,” Sqreen co-founder and CEO Pierre Betouin. “Usually, you can’t test the product and you have no information on what they do. We were like this at the beginning of Sqreen. Our positioning was really ‘install our library and we’ll cover a range of security features.’”

“We had a big push back. So we wondered how we could be more transparent, provide something more rational. We explain each plugin completely.”

You can find a plugin to protect you against SQLite injections, vulnerable dependencies, XSS Javascript injections in various frameworks, bot activity, etc.

Sqreen will recommend plugins for your app depending on the technologies and frameworks you’re using. You can then enable or disable each plugin and configure notifications on Slack or PagerDuty for instance.

In the future, you can imagine that third-party companies could contribute to this marketplace and add new plugins. Sqreen is also working on other plugins related to email abuse and payment page protection.

In addition to those new features, Betouin is moving to San Francisco and opening an office there. Companies like Front, Mindbody, BlaBlaCar, Triplebyte, Toptal and Algolia are now using Sqreen.

Online estate agency Home Made raises £850K seed at £4.3M post-money valuation


You’d be forgiven for thinking that the online estate agency market was a done deal in the U.K., evidenced by a plethora of proptech startups and more established companies that help you sell your home or help you list and manage it for rent. But apparently not, if one London startup and its new backers are to be believed.

Home Made, which is focused exclusively on London lettings for properties in the £500,000-plus range, has raised £850,000 in seed funding. The round is led by private equity firm Tethys Equity and is said to give the young company a £4.3 million post-money valuation.

Home Made claims to be the only estate agency in the U.K. that offers a premium service akin to a high-end traditional estate agent — including accompanied property viewings and working until 10 pm at night, on weekends and bank holidays — for a low online fee starting at £948 +VAT.

That said, competitor Rentify also occupies a more upmarket space, but charges a monthly fee and is fully-managed and provides a ‘rent guarantee’. At the lower end are startups like Open Rent and uPad that operate more of a pile ‘em high, sell ‘em cheap à la carte model with various services to help you rent out your property.

Founded in 2016 by Asaf Navot, a former Bain strategy consultant and INSEAD graduate, and Nick Binnington, a former British Army Captain and LBS graduate, Home Made’s proposition is based on the premise that the letting agent model is broken: “High-street agents offer average service and extortionate fees, while online agents offered low fees, but even worse service,” says the startup.

To remedy this, Home Made claims to be a new estate agency operating model, one that is driven by data analytics and technology, with better efficiencies and lower costs. A very familar pitch, you might conclude.

In terms of tech, I’m told the company has developed a proprietary online platform that allows landlords to manage their properties from marketing to move-in. This includes full control during the marketing phase – landlords can add or remove marketing photos on the portals, write or enhance existing descriptions and change the price – and visibility of progress during tenancy progression.

“Together with the support of a dedicated account manager, this provides a level of asset management not currently available in the residential letting sector,” a Home Made spokesperson tells me.

Additional tech is being built to ensure the operations side of Home Made runs smoothly. “Serving landlords throughout London from a single hub is operationally complex, increasing exponentially as property numbers increase,” says the startup. “We overcome this by giving our sales and operations teams access to a bespoke CRM as well as proprietary planning and route optimisation tools, allowing us to provide an outstanding customer experience in a highly efficient way”.

Meanwhile, Home Made says it is on track to make £1 million in revenues in 2018, with over 1,000 properties rented. Another online agency in the space that offers a full letting-introduction service is PurpleBricks, which Home Made expects to pass next month for number of new properties listed in London.

Assur.com is an insurance aggregator without all the clutter


French startup Assur.com lets you find and compare all sorts of insurance products without having to enter all your personal information. While insurance aggregators are nothing new, they usually ask you for your email address, phone number and more. And chances are those companies are going to spam you with offers.

But Assur.com has a different approach as you don’t have to enter any information in a text field. It’s all about browsing a well-organized database of insurance products. For now, Assur.com is focusing on the French market and French insurance products.

An insurance aggregator makes a lot of sense now that you can subscribe to insurance products without having to go to a brick-and-mortar store to sign a contract. It’s often as easy as signing up to Facebook.

The startup has categorized over 600 insurance products from dozens of companies. You can find an insurance product for your car, your home, your next trip or even a healthcare insurance.

Chances are you might care a lot about your health but not so much about your old and dusty car. There are usually three different levels of coverage for each category.

You can then click on different insurance products. You’ll be redirected to the insurer’s website and Assur.com is going to get some referral revenue.

You can feel that Assur.com is still quite young as you can’t find all the information you need. Eventually, the company wants to automate the listings as much as possible and build an AI-powered search engine for insurance products. It sounds like a promising start with an interesting vision.