Europe-based cloud storage startup Tresorit, which mainly focuses on selling to small to medium size businesses, has added a file restore feature to its e2e encrypted cloud storage platform. It’s touting this as a helpful feature if you’re trying to recover from a ransomware attack.
Or, more prosaically, if you’ve accidentally deleted something.
Here’s a GIF showing the file recovery feature in action:
The file restore feature covers files stored in Tresorit’s cloud and files synced locally to a user’s devices.
Obviously, if files are only stored locally and not backed up or synced to Tresorit’s cloud there’s no fallback restoration in the event of a ransomware infection. (While files stored in Tresorit’s cloud that not synced locally would not be affected by any local ransomware infection.)
Tresorit already had a file versioning feature, which allows users to recover any previously saved versions of their files. But it says the addition of file restore helps mitigate the types of ransomware attacks that encrypt files without deleting them first.
There’s no time limitation on the file restore option. Files can always be recovered so long as the user hasn’t confirmed permanent deletion.
Which does mean, over time, the feature may end up eating into your storage limit — at least if you don’t tidy up and fully delete files you no longer need.
“Non-permanently deleted items count towards the storage space of a user. So, it requires some ‘housekeeping’ from the user,” confirms a Tresorit spokeswoman. “But it is easy to get rid of all these deleted items that a user doesn’t need by selecting ‘Remove deleted items’.”
Also helpful: Tresorit has announced it’s doubling the amount of storage space it offers for individual plans — with its premium (aimed at individuals) and solo (freelancers and professionals) plan users now getting 200GB and 200TB respectively.
Today it’s also introduced a new basic plan which it describes as a “more capable” free version — intended to help external collaboration between its business users and their clients or partners (who may not be Tresorit users).
Last year it launched free subscriptions for NGOs and activists for whom strong privacy is not just a nice to have. And the spokeswoman tells us more than 100,000 people are now using its tools — which includes both consumer (so some non-paying) and business users.
“Almost two-thirds of our customers are European, led by the traditionally security and privacy conscious countries like Germany and Switzerland. The next biggest European markets are the UK and the Benelux-states. The second largest region is North-America (mostly the US),” she says, adding that Europe’s incoming update to its data protection framework is also driving local uptake.
“With only a few months to go until the GDPR, we are seeing an even higher demand for secure, end-to-end encrypted online services with European data centers. A lot of smaller companies are just starting the preparation for the GDPR, and looking for secure services they can easily switch to.”
Tresorit’s zero-knowledge e2e encryption architecture means that, unlike cloud storage giants like Dropbox, it cannot decrypt and access users’ files. So it cannot be subpoenaed to hand over content data itself.
Although it can provide some user and service activity data in exchange to lawful requests — such as names, email addresses, billing details and so on. The company recently started publishing a Transparency Report to list any government data requests it receives and provide details on how it handles such requests.
“During the period covered in this (from September 24, 2013, to November 30, 2017), we received one informal request from a Swiss police authority to retain certain user data, however, as there was no official decision by Swiss authorities on this case, in the end, we didn’t hand over any data,” the spokeswoman tells us.
“As a Swiss company, Tresorit is primarily subject to Swiss jurisdiction regarding data protection and criminal procedures. Without an official decision by a Swiss cantonal or federal authority, no information can be provided to foreign requests.”
Another blow for Facebook in Europe: Judges in Belgium have once again ruled the company broke privacy laws by deploying technology such as cookies and social plug-ins to track Internet users across the web.
The social media giant failed to make it sufficiently clear how people’s digital activity was being recorded, the court ruled.
Facebook faces fines of up to €100 million (~$124M), at a rate of €250,000 per day, if it fails to comply with the court ruling to stop tracking Belgians’ web browsing habits. It must also destroy any illegally obtained data, the court said.
Facebook expressed disappointment at the judgement and said it will appeal.
“The cookies and pixels we use are industry standard technologies and enable hundreds of thousands of businesses to grow their businesses and reach customers across the EU,” said Facebook’s VP of public policy for EMEA, Richard Allan, in a statement. “We require any business that uses our technologies to provide clear notice to end-users, and we give people the right to opt-out of having data collected on sites and apps off Facebook being used for ads.”
The privacy lawsuit dates back to 2015 when the Belgium privacy watchdog brought a civil suit against Facebook for its near invisible tracking of non-users via social plugins and the like. This followed an investigation by the agency that culminated in a highly critical report touching on many areas of Facebook’s data handling practices.
The same year, after failing to obtain adequate responses to its concerns, the Belgian Privacy Commission decided to take Facebook to court over one of them: How it deploys tracking cookies and social plug-ins on third party websites to track the Internet activity of users and non-users.
Following its usual playbook for European privacy challenges, Facebook first tried to argue the Belgian DPA had no jurisdiction over its European business, which is headquartered in Ireland. But local judges disagreed.
The crux of the issue here is the pervasive background surveillance of Internet activity for digital ad targeting purposes which is enabled by a vast network of embedded and at times entirely invisible tracking technologies — and, specifically in this lawsuit, whether Facebook and the network of partner companies feeding data into its ad targeting system, have obtained adequate consent from their users to be so surveilled when they’re not actually using Facebook.
“Facebook collects information about us all when we surf the Internet,” explains the Belgian privacy watchdog, referring to findings from its earlier investigation of Facebook’s use of tracking technologies. “To this end, Facebook uses various technologies, such as the famous “cookies” or the “social plug-ins” (for example, the “Like” or “Share” buttons) or the “pixels” that are invisible to the naked eye.It uses them on its website but also and especially on the websites of third parties.Thus, the survey reveals that even if you have never entered the Facebook domain, Facebook is still able to follow your browsing behavior without you knowing it, let alone, without you wanting it, thanks to these invisible pixels that Facebook has placed on more than 10,000 other sites.”
But given that some of these trackers are literally invisible, coupled with the at times dubious quality of ‘consents’ being gathered — say, for example, if there’s only a pre-ticked opt-in at the bottom of a lengthy and opaque set of T&Cs that actively discourage the user from reading and understanding what data of theirs is being gathered and why — there are some serious questions over the sustainability of this type of ‘pervasive background surveillance’ ad tech in the face of legal challenges and growing consumer dislike of ads that stalk them around the Internet (which has in turn fueled growth of ab-blocking technologies).
Facebook will also face a similar complaint in a lawsuit in Austria, filed by privacy campaigner and lawyer Max Schrems. In January Schrems prevailed against Facebook’s attempts to stall that privacy challenge after Europe’s top court threw out the company’s claim that his campaigning activities cancelled out his individual consumer rights. (Though the CJEU’s decision did not allow Schrems to pursue a class action style lawsuit against Facebook as he had originally hoped.)
Europe also has a major update to its data protection laws incoming in May, called the GDPR, which beefs up the enforcement of privacy rights by introducing a new system of penalties for data protection violations that can scale as high as 4% of a company’s global turnover.
GDPR means that ignoring the European Union’s fundamental right to privacy — by relying on the fact that few consumers have historically bothered to take companies to court over legal violations they may not even realize are happening — is going to get a lot more risky in just a few months’ time. (On that front, Schrems has crowdfunded a not-for-profit to pursue strategic privacy litigation once GDPR is in place — so start stockpiling the popcorn.)
It’s also worth noting that GDPR strengthens the EU’s consent requirements for processing personal data — so it’s certainly not going to be easier for Facebook to obtain consents for this type of background tracking under the new framework. (The still being formulated ePrivacy Regulation is also relevant to cookie consent, and aims to streamline the rules across the EU.)
And indeed such tracking will necessarily become far more visible to web users, who may then be a lot less inclined to agree to being ad-stalked almost everywhere they go online primarily for Facebook’s financial benefit. (The rise of tools offering tracker blocking offers another route for irate consumers to thwart online mass surveillance by ad targeting giants.)
It’s still not fully clear how Facebook will comply with GDPR — though it’s announced a new global privacy settings hub is incoming. It’s also running a series of data protection workshops in Europe this year, aimed at small and medium businesses — presumably to try to ensure its advertisers don’t find themselves shut out of GDPR Compliance City and on the hook for major privacy legal liabilities themselves, come May 25.
Of course Facebook’s ad business not only relies on people’s web browsing habits to fuel its targeting systems, it relies on advertisers liberally dollars pumping in. Which is another reason consumer trust is so vital. Yet Facebook is facing myriad challenges on that frontthese days.
In a statement on its website, the Belgium Privacy Commission said it was pleased with the ruling.
“We are of course very satisfied that the court has fully followed our position.For the moment, Facebook is conducting a major advertising campaign where it shares its attachment to privacy.We hope he will put this commitment into practice,” it said.
In the age of altcoins, at least one news site is taking a novel approach to making ends meet. Salon announced today that it would give readers a choice between turning off ad-blocking software or “allowing Salon to use your unused computing power” in order to access their content. If you say yes to the latter deal, Salon will then invite you to install Coinhive, a software plugin that mines the cryptocurrency known as Monero.
Salon explains its program, which it calls a beta, like so:
“… Like most media sites, ad-blockers cut deeply into our revenue and create a more one-sided relationship between reader and publisher.
We realize that specific technological developments now mean that it is not merely the reader’s eyeballs that have value to our site — it’s also your computer’s ability to make calculations, too. Indeed, your computer itself can help support our ability to pay our editors and journalists.”
The offering is a clever if controversial way to recoup lost ad revenue. It’s no secret that digital media companies are hurting, and crowdsourcing the process that generates some virtual currencies is certainly an innovative solution, though definitely an experimental one.
Still, running software like this, which is often inserted onto unsuspecting machines via malware, is a big ask from readers and it’s important that less technical readers know what they’re getting into. Salon sets this up as an opt-in process which is good, though it only mentions Coinhive’s name in the small opt-in box (“powered by Coinhive”) and not in its full FAQ page. Coinhive gets a bad rap because it can be used for illicit purposes, though the software is widely regarded as legitimate, as is the coin that it mines. Readers should have a chance to make up their own minds and be provided with all of the specifics.
While Bitcoin soaks up most of the spotlight, some virtual currency projects are specifically looking to reshuffle the stacked relationships between platforms and content creators. One called Steemit actually launched its own platform to pair with its coin, and users there built up a healthy, cryptocurrency-centric social network, upvoting one another and earning actual money in the process. Like Salon’s proposition, some other projects including Siacoin and MaidSafeCoin seek to pay people for spare computing cycles or hard drive space.
On the whole, Salon sounds surprisingly bullish on blockchain technology, announcing that it “[plans] to further use any learnings from this to help support the evolution and growth of blockchain technology, digital currencies and other ways to better service the value exchange between content and user contribution.”
Like publishers, plenty of internet users are waking up to the raw deal of modern day social media use and looking for novel ways to make a little passive income or otherwise get paid for the content they push out to the world. Blockchain projects that aren’t too busy overhyping ICO gains to actually build something cool could have a shot at democratizing the online content game.
While that might be idealistic, Salon sounds like it understands that emerging technologies offer some unique opportunities for anyone who isn’t afraid to rock the big blue boat. Since it’s clear that the model we have now isn’t working for anyone outside the high walls of tech’s major platforms, there’s no shame in that game.
A court in Germany has ruled that Facebook’s default privacy settings and some of its terms and conditions breached local laws. The Berlin court passed judgement late last month but the verdict was only made public this week.
The legal challenge, which dates back to 2015, was filed by a local consumer rights association, the vzbv. It successfully argued Facebook’s default privacy settings breach local consent rules by not providing clear enough information for the company to gather ‘informed consent’ from users when they agreed to its T&Cs.
“Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient information about this when users register,” said Heiko Dünkel, litigation policy officer at vzbv, in a statement. “This does not meet the requirement for informed consent.”
Pre-formulated declarations of consent are clearly on borrowed time in the European Union, as the bloc will shortly have an updated data protection framework — GDPR — which strengthens and clarifies the rules around obtaining consent to process personal data.
And pre-ticked consent boxes buried at the end of lengthy, opaque and vague T&Cs will not pass muster under the new standard. So the regional court’s finding on that aligns with wider incoming personal data processing consent standards that will be enforced across the entire EU from this May.
The vzbv also successfully challenged Facebook’s real names policy — which the Berlin regional court agreed was unlawful. This was partly down to local laws, with the German Telemedia Act requiring providers of online services to allow users to use services anonymously.
But also again on consent grounds; vzbv said the court took the view that Facebook’s requirement for users to use their real names was a covert way of obtaining their consent to the use of this data — which it asserts was “reason enough” to rule it unlawful.
The group also sought to argue that Facebook’s claim that its service is ‘free and always will be’ is misleading, on the grounds that consumers are ‘paying’ with their data.
However the court dismissed that argument.
Facebook confirmed that it will also appeal against the portions of the ruling where vzbv did prevail. It also made the point that its approach to privacy has changed — and will change further — since the case was originally filed.
In a statement, a company spokesperson told us:
We are reviewing this recent decision carefully and are pleased that the court agreed with us on a number of issues. Our products and policies have changed a lot since this case was brought, and further changes to our terms and Data Policy are anticipated later this year in light of upcoming changes to the law. We work hard to ensure that our policies are clear and easy to understand, and that all aspects of the Facebook Service are in compliance with applicable law.
The GDPR, which gives EU data protection agencies powers to fine companies up to 4% of the annual global turnover, will apply across the bloc from May 25.
According to Dünkel, a ruling from the Berlin Appeals Court could take a further one to three years. So GDPR will certainly be in force by the time there’s another decision in this legal saga.
“Since core principles of the old data protection regime are by and large enshrined in Art 5 -11 GDPR as well, we will most certainly check on these things after the GDPR coming into force,” Dünkel added.
Location tracking can seem pretty creepy if you’re the consumer being watched. But there’s big and growing business in tracking human movements and behavior, thanks to the ubiquity of smartphones. To wit: Unacast, a location data startup from Norway, has today announced a $17.5 million Series B round — to fuel business expansion, including into his home turf of Europe.
The round has been led by White Star Capital, with European telco Telia joining as a strategic investor. Existing investors Open Ocean Capital and the Norwegian government-backed investment company, Investinor, both also participated.
Unacast is actually headquartered in New York, with its founders moving to the US early to be close to the initial target market. It now has 25+ US clients at this point, says co-founder and CEO Thomas Walle, which are using its location data platform for all sorts of purposes — from targeted marketing to footfall mapping for city, real estate and retail planning, and even for shorting stock. Existing clients include Amobee, Blis, SITO Mobile, Cognitiv, Qualia, and TVadSync.
Hedge funds are also among its clients, according to Walle — using insights derived from Unacast’s platform to underpin stock bets by being able to collate dynamic footfall data and estimate a company’s quarterly performance ahead of its earnings report.
“There are two companies out there that collect a huge amount of location data — and that is Google and Facebook,” says Walle, discussing the business’ competitive positioning. “They have their proprietary location data sets. However they never, ever sell that data. That is theirs. So, for the rest of the industry or multiple industries that are looking to understand where people move around, where they live, where they work, where they shop, where they dine and how they commute, they need to get access to this data from another party in a structured and suitable manner. And that is the company that Unacast is striking to become.”
And while a business wanting to conduct location-targeted marketing at scale could just use Facebook’s and Google’s platforms to do so, Walle argues there are advantages to going outside those walled gardens. “If you want to do very clever, sophisticate advertising based on the person’s location, not on Facebook and Google, we are that data provider that allows other platforms to get access to this data,” he argues.
Marketing use-cases make up Unacast’s main customer base for now, according to Walle, but he says it’s also seeing growing adoption on the research and insights side.
“This could be everything from understanding insights like how far do people drive if they’ve visited a Wal-Mart. If you work out at Equinox twice a week how do you also eat? Do you go to burger shops, do you go to taco shops or do you eat healthy — kale and juice, etc. So those insights is something we are able to provide and we’re doing that now to a handful of research and insights companies in the US.”
Where is Unacast getting human movement and behavior data from, given that it does not operate its own platforms for users to pervasively feed with intel — as Facebook and Google do. The answer is “hundreds” of data supplier partners, many app makers pulling on GPS signals from the ubiquitous cell phones that people in Western markets now carry with them everywhere.
This approach might not be able to deliver location data that’s as accurate as fixed beacon tech can, Walle concedes, but it has the scale that beacons do not.
The lion’s share of Unacast’s new funding will be going towards further developing the technologies (including machine learning) which it uses for refining GPS signals and improving location data accuracy — so that it can say with greater confidence whether someone was really at a particular place or not.
“Cell phones today collect GPS data, apps collect GPS data, that is a trend that has boomed in the last three, four years. So we do licensing and partnership and agreements with everything from app companies to location companies to app aggregators, SDK companies — anyone that for some reason collects location data but don’t know how to use it, how to make advantage of it, how to structure it,” says Walle. “We take that on board to our platform and we build what we call the Real World Graph — how people are connected to places.”
“What we really focus on is to make sure that we enable other companies to use our structured location data-set,” he adds. “So they can make the right decisions and build great products,” he adds. “Our position in this whole ecosystem is to take all this very raw and unfiltered and unstructured data signals from multiple parties and then create a layer of analytics on top of it — so we understand who has been to what places. And then we allow our clients to decide if they’re using it for retargeting, if they’re using it for insights, if they’re using it for real estate analysis and so on.
“We see that clients are becoming way more demanding when it comes to the quality of the data, they want more transparency, they want to understand how this data has been [processed] before they use this data to build their products or to use this data to make their decisions.”
So do all the smartphone users who are being tracked know they’re being pervasively watched? Walle says yes, though he concedes that some of the historical consents obtained by some of Unacast’s data suppliers — perhaps via lengthy and opaque T&Cs with pre-ticked opt-ins — might not survive the European Union’s incoming updated privacy framework, GDPR, which requires more explicit consent to be obtained from users (or else an alternative legal basis to collect and process their data).
“All the data we collect is based on opt-in consent from the user,” he says. “This is going to be even more strengthened going forward as GDPR is going to be rolled out into Europe [in May]. We also believe that will have an effect in the US as well.
“Which means that we have to ensure that there is a clear opt in consent to collect this location data, there’s a legitimate interest for the reason why we can process this data and we have to be completely transparent together with our partners, why we are collecting it, how we are using it.”
“I’m a huge believer that GDPR will help the industry as a whole because it will wipe out a lot of the smaller players that don’t treat privacy in the right way,” he adds. “Coming from Norway it’s always been something that’s been part of the DNA of the company and myself personally.”
But why, once the average consumer is made plainly aware their movements are being pervasively tracked so that businesses which they might have nothing to do with can benefit, well, why should people agree to being stalked wherever they go?
That will come down to the individual apps, says Walle — apps that may currently be harvesting location from their users as the trade-off for offering a free restaurant guide app or navigation app, for example. Though he does believe there will be some supplier shrinkage as a direct result of GDPR.
“If they want to collect location data they have to find a reason and a legitimate interest to collect such data sources and have the reason to share it with third parties such as Unacast,” he says of app location data suppliers.
“There’s no limitations in GDPR that will restrict the business or the ecosystem per se because location is such a vital piece in both understanding consumers and providing a better user experience. But what you will see, and this I am confident of, it will be way more challenging to collect location data — because you have to be up front, you have to be transparent with your users, which I think is very needed.”
“I believe that going forward we might see a bit less location data in the market but the data that is available will be of higher quality,” he adds. “With GDPR coming in Europe, I expect us to see smaller companies, apps, not taking privacy and data collection seriously will get wiped out because they can’t keep up with the standards that GDPR is enforcing.”
Discussing bringing on board a carrier, Sweden’s Telia, as a strategic investor in the Series B, Walle says the aim is not to use the telco as another data supplier but rather to work together on data accuracy via things like applying machine learning algorithms to derive better intelligence from the fragmented data-sets it needs to structure and contextualize.
In terms of its positioning, Walle says Unacast is aiming to be the middle layer — or “the pipe” — that connects a fragmented app ecosystem with any companies looking to provide an end service to users which could benefit from location intelligence. So he argues many other companies that are seeking to provide a location-powered service — Teralytics is one that springs to mind which is also working with carriers, or Nauta-backed Geoblink — could also be customers rather than competitors.
“We are the middle layer that provides all the data in a transparent and quality way,” he says. “This is what we are excited about — making sure we can empower other companies with this data.”
Commenting on the funding in a statement, Christian Hernandez Gallardo, managing partner at White Star Capital, said: “Location is a complex data set to interpret and understand, and as the segment grows and businesses require not just data, but the context to extract value from it, they will have a greater need of partners that can support them. Both the industry and Unacast have grown substantially in a relatively short time, and we believe Unacast is primed to extend its leadership position throughout.”
One competitive advantage Walle touts Unacast offering in the US vs other local employers is that it’s sought to carry its cultural values by offering Norwegian-levels of welfare benefits to staff, via a “generous” health insurance, maternity and paternity package.
Following other recent bans on the controversial practice of AI-generated, face-swapped porn, Reddit too has brought the ban hammer down. On Wednesday, the social platform shut down r/deepfakes and r/deepfakeNSFW, two popular hubs for the fake videos, which use algorithmic software to create virtual pornography depicting the likeness of unwilling participants. Reddit also updated its policy around involuntary pornography and the sexualization of minors. The move follows similar crackdowns on Pornhub, Discord and Twitter.
As Reddit’s new language states:
“Reddit prohibits the dissemination of images or video depicting any person in a state of nudity or engaged in any act of sexual conduct apparently created or posted without their permission, including depictions that have been faked.
Images or video of intimate parts of a person’s body, even if the person is clothed or in public, are also not allowed if apparently created or posted without their permission and contextualized in a salacious manner (e.g., “creepshots” or “upskirt” imagery). Additionally, do not post images or video of another person for the specific purpose of faking explicit content or soliciting “lookalike” pornography.”
Unrelatedly, Reddit co-founder Alexis Ohanian announced today that he would be stepping aside at Reddit to focus on a full-time role at Initialized Capital, the early-stage VC firm that he co-founded.
Before the time of the ban, r/deepfakes had a subscriber base of more than 92,000 members. A screenshot from before the ban reveals recent posts of AI-generated porn featuring Taylor Swift, Selena Gomez and Olivia Wilde. A pinned post shares info about software called FakeApp that anyone can use to splice together porn with celebrity videos, resulting in a manipulated end product that can depict public figures (or anyone else) engaging in sex acts that never happened. TechCrunch has reached out to Reddit for more details on how they plan to enforce the content ban elsewhere on the platform and will update this story when we hear back.
The controversy around this kind of video blew up when Motherboard reported on Reddit user “deepfakes” who recreated a fake AI-powered porn featuring Wonder Woman star Gal Gadot. The story, appropriately titled “AI-Assisted Fake Porn Is Here and We’re All Fucked,” is a good primer on the whole thing.
The trend is disturbing on a few levels. Obviously it’s unsettling and extremely creepy for anyone to be able to create sexual content — essentially on-demand revenge porn — without its virtual subject’s consent. But even beyond the porn angle, the machine learning technology that makes these kind of manipulated videos work will only grow more sophisticated over time, making it even harder for internet-goers to determine what’s real and what’s fabricated.
If you think we have a fake news problem now, well, it’s going to get worse before it gets better.
This will come as no surprise to those who’ve been following the news of the past couple of weeks, but it appears that Strava’s disabled at least one top feature as it works to get to the bottom of recent privacy concerns over its mapping features. The app’s Segments feature looks to be at least temporarily offline, as first noted by The Verge by way of Reddit.
We reached out to the company company to determine whether that specific feature was a casualty of the company’s recent privacy woes. Without confirming the shuttering of any specific features, a spokesperson for Strava confirmed that certain functionality was, indeed, under review.
“We are reviewing features that were originally designed for athlete motivation and inspiration to ensure they cannot be compromised by people with bad intent,” Strava told TechCrunch in a statement. The note echoes a recent statement from Strava CEO James Quarles issued shortly after news broke that the company’s heat map functionality could be use to determine the location of military facilities.
“Many team members at Strava and in our community, including me, have family members in the armed forces, Quarles wrote. “Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us.”
Segments, which is used to locate fellow worker-outers in a user’s vicinity, appears to be among those features under investigation. The aforementioned Reddit users have noted that clicking into it simply drops them back on the app’s dashboard.