Connect with us

Mobile

Every secure messaging app needs a self-destruct button – TechCrunch

Published

on

The growing presence of encrypted communications apps makes a lot of communities safer and stronger. But the possibility of physical device seizure and government coercion is growing as well, which is why every such app should have some kind of self-destruct mode to protect its user and their contacts.

End to end encryption like that you see in Signal and (if you opt into it) WhatsApp is great at preventing governments and other malicious actors from accessing your messages while they are in transit. But as with nearly all cybersecurity matters, physical access to either device or user or both changes things considerably.

For example, take this Hong Kong citizen who was forced to unlock their phone and reveal their followers and other messaging data to police. It’s one thing to do this with a court order to see if, say, a person was secretly cyberstalking someone in violation of a restraining order. It’s quite another to use as a dragnet for political dissidents.

This particular protestor ran a Telegram channel that had a number of followers. But it could just as easily be a Slack room for organizing a protest, or a Facebook group, or anything else. For groups under threat from oppressive government regimes it could be a disaster if the contents or contacts from any of these were revealed to the police.

Just as you should be able to choose exactly what you say to police, you should be able to choose how much your phone can say as well. Secure messaging apps should be the vanguard of this capability.

There are already some dedicated “panic button” type apps, and Apple has thoughtfully developed an “emergency mode” (activated by hitting the power button five times quickly) that locks the phone to biometrics and will wipe it if it is not unlocked within a certain period of time. That’s effective against “Apple pickers” trying to steal a phone or during border or police stops where you don’t want to show ownership by unlocking the phone with your face.

Those are useful and we need more like them — but secure messaging apps are a special case. So what should they do?

The best-case scenario, where you have all the time in the world and internet access, isn’t really an important one. You can always delete your account and data voluntarily. What needs work is deleting your account under pressure.

The next best-case scenario is that you have perhaps a few seconds or at most a minute to delete or otherwise protect your account. Signal is very good about this: The deletion option is front and center in the options screen, and you don’t have to input any data. WhatsApp and Telegram require you to put in your phone number, which is not ideal — fail to do this correctly and your data is retained.

Signal, left, lets you get on with it. You’ll need to enter your number in WhatsApp (right) and Telegram.

Obviously it’s also important that these apps don’t let users accidentally and irreversibly delete their account. But perhaps there’s a middle road whereby you can temporarily lock it for a preset time period, after which it deletes itself if not unlocked manually. Telegram does have self-destructing accounts, but the shortest time you can delete after is a month.

What really needs improvement is emergency deletion when your phone is no longer in your control. This could be a case of device seizure by police, or perhaps being forced to unlock the phone after you have been arrested. Whatever the case, there need to be options for a user to delete their account outside the ordinary means.

Here are a couple options that could work:

  • Trusted remote deletion: Selected contacts are given the ability via a one-time code or other method to wipe each other’s accounts or chats remotely, no questions asked and no notification created. This would let, for instance, a friend who knows you’ve been arrested remotely remove any sensitive data from your device.
  • Self-destruct timer: Like Telegram’s feature, but better. If you’re going to a protest, or have been “randomly” selected for additional screening or questioning, you can just tell the app to delete itself after a certain duration (as little as a minute perhaps) or at a certain time of the day. Deactivate any time you like, or stall for the five required minutes for it to trigger.
  • Poison PIN: In addition to a normal unlock PIN, users can set a poison PIN that when entered has a variety of user-selectable effects. Delete certain apps, clear contacts, send prewritten messages, unlock or temporarily hard-lock the device, etc.
  • Customizable panic button: Apple’s emergency mode is great, but it would be nice to be able to attach conditions like the poison PIN’s. Sometimes all someone can do is smash that button.

Obviously these open new avenues for calamity and abuse as well, which is why they will need to be explained carefully and perhaps initially hidden in “advanced options” and the like. But overall I think we’ll be safer with them available.

Eventually these roles may be filled by dedicated apps or by the developers of the operating systems on which they run, but it makes sense for the most security-forward app class out there to be the first in the field.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Mobile

DoorDash is ending its delivery partnership with Walmart – TechCrunch

Published

on

DoorDash is ending its partnership with Walmart after more than four years of delivering the retail giant’s products to customers. The news was first reported by Business Insider. Sources familiar with the matter told Insider that DoorDash decided to end its partnership with Walmart because it was no longer mutually beneficial and because the delivery company wanted to focus on “its long-term customer relationships.”

A spokesperson for Walmart told Insider that the two companies “have agreed to part ways.”

DoorDash is said to have sent Walmart a 30-day notice and a letter earlier this month to end their partnership. The termination will go into effect in September.

“We’d like to thank Walmart for their partnership and are looking forward to continuing to build and provide support for merchants in the years ahead with our leading Marketplace and Platform offerings,” a spokesperson from DoorDash told TechCrunch in an email.

The termination will end a partnership that began in April 2018 as a pilot to deliver Walmart groceries to customers in the Atlanta metro area. Since then, the partnership expanded to states across the country.

Although Walmart has partnered with third-party delivery services like DoorDash, the retail giant has also been focused on building out its own delivery efforts. For instance, Insider reported on Thursday that Walmart is acquiring Delivery Drivers, which is the company behind Walmart’s Spark platform that sees gig workers deliver orders to customers. A Walmart spokesperson told Insider that the Spark platform has grown to become the company’s largest delivery service provider and that it accounts for 75% of Walmart deliveries.

DoorDash, on the other hand, has been building out its DoorDash Drive platform, its business-to-business service that provides drivers to merchants through their own website or app.

While DoorDash’s partnership with Walmart is coming to a close, the company has geared up to collaborate with another notable brand, Facebook parent Meta. DoorDash confirmed earlier this week that DoorDash Drive is now in the early stages of testing a service that will allow DoorDash drivers to pick up and drop off Facebook Marketplace items to customers. DoorDash and Meta are currently offering the test service in several cities in the United States.

It’s worth noting that DoorDash has also been testing a package return feature since March that allows customers to return items to the post office, UPS or FedEx.

Walmart did not respond to TechCrunch’s request for comment.

Update 08/19/2022 11:50 AM ET: The story was updated to include a statement from DoorDash.

Continue Reading

Mobile

Snap, HBO Max partner to launch AR experiences for ‘House of the Dragon’ premiere – TechCrunch

Published

on

To celebrate the premiere of HBO’s highly anticipated “Game of Thrones” prequel, “House of the Dragon,” HBO Max is partnering with Snap to give users access to in-app AR experiences. For the show’s premiere on August 21, Snap and HBO Max are releasing a new selfie and worldview Lens, along with Landmarker Lenses, that let you immerse yourself into the show’s fantasy world.

The selfie Lens transforms you into a fire-breathing dragon. In the worldview mode, the Lens leverages sky segmentation technology to unleash flying, fire-breathing dragons above you so you can pretend to be part of the Game of Thrones world. Snap says the Lens will go live in regions around the world, including Australia, Europe, India, the Middle East and Northern Africa, North America and more. The Lens can be accessed via the Lens Carousel in the app.

As for the Landmarker Lenses, Snap and HBO Max have coordinated with Lens creators from around the world to build custom AR experiences in their local markets. The Landmarker Lenses will offer users another way to engage with the show, as they will reveal AR renderings of the show’s dragons over local landmarks all over the globe.

The first Lenses will launch for the premiere in Los Angeles at Venice Beach Grand Canals, in Rio De Janeiro at the Princess Isabel Statue, in London at the Tower Bridge, in Chennai at the Sankagiri Fort, in Mumbai at the CST Station and in Prague at the Charles Bridge. The Lenses will be unlockable via the Lens Carousel when users are near a Landmarker location.

Snap and HBO Max Lens for House of the Dragon

Image Credits: Snap

There will be around 20 new Landmarker Lenses released throughout the season from creators in more than 10 countries. Snap says as new dragons are introduced over the course of the season, Landmarker experiences featuring those dragons will be made available. The Lenses will focus on three key show moments: the series premiere, pivotal mid-season episodes and the season finale.

The launch comes as Snap says more than 250 million users engage with augmented reality every day on average on the app and that Snapchat sees over 6 billion AR Lens plays every day on average. The company also says more than 250,000 Lens Creators have built 2.5 million Lenses through its AR creation tool, Lens Studio. In addition, Snap says over 300 developers have reached more than a billion views on their Lenses that and Lenses built by its community have been viewed more than 5 trillion times.

“House of the Dragon” is set 200 years before the events of “Game of Thrones. The series will focus on the beginning of the end of House Targaryen, as the infamous Dance of Dragons will take center stage as family members of House Targaryen fight for the Iron Throne.

HBO is going all in with AR experiences for “House of the Dragon,” as the series has its own companion AR app called DracARys. The app rolled out globally on July 25 across iOS and Android devices and lets fans raise their own virtual dragon.

Continue Reading

Mobile

How W4 plans to monetize the Godot game engine using Red Hat’s open-source playbook – TechCrunch

Published

on

A new company from the creators of the Godot game engine is setting out to grab a piece of the $200 billion global video game market — and to do so, it’s taking a cue from commercial open source software giant Red Hat.

Godot, for the uninitiated, is a cross-platform game engine first released under an open source license back in 2014, though its initial development pre-dates that by several years. Today, Godot claims some 1,500 contributors, and is considered one of the world’s top open source projects by various metrics. Godot has been used in high-profile games such as the Sonic Colors: Ultimate remaster, published by Sega last year as the first major mainstream game powered By Godot. But Tesla, too, has apparently used Godot to power some of the more graphically-intensive animations in its mobile app.

Among Godot’s founding creators is Juan Linietsky, who has served as head of development for the Godot project for the past 13 years, and who will now serve as CEO of W4 Games, a new venture that’s setting out to take Godot to the next level.

W4 quietly exited stealth last week, but today the Ireland-headquartered company has divulged more details about its goals to grow Godot and make it accessible for a wider array of commercial use-cases. On top of that, the company told TechCrunch that it has raised $8.5 million in seed funding to make its mission a reality, with backers including OSS Capital; Lux Capital; Sisu Game Ventures; and — somewhat notably — Bob Young, the cofounder and former CEO of Red Hat, an enterprise-focused open-source company that IBM went on to acquire for $34 billion in 2019.

But first… what is a game engine, exactly?

Game plan

Godot editor demo

In simple terms, a game engine serves up the basic building blocks required for developers to create games, and may include anything from renderers for 2D or 3D graphics, to scripting and memory management. It’s basically a software framework that developers can use and reuse without having to redesign the wheel with each new game they create.

“This allows developers to utilize pre-made functionality that is common to most games when creating their own, and only create the parts that make the game unique,” Linietsky explained to TechCrunch.

While many companies, particularly larger game studios, develop their own engines in-house, as games and the associated development processes have become more complex, third-party general purpose game engines have grown in popularity. This includes long-established incumbents such as Unity, developed by tech powerhouse Unity Software, which is currently in the process of merging with IronSource.

One reason why a studio might use a third-party game engine is to cut down on in-house development costs, but a trade-off here is that it then has to work with a gargantuan code-base which it has limited control over. And that is why Godot has gained some fans through the years — as an open-source project, it gives developers an oven-baked game engine that they can tweak and fine-tune to their own needs, with improvements pushed back to the development community for everyone to benefit from.

“The result is reduced development costs and more freedom to innovate,” Linietsky said. “Godot brings to the game industry the same benefits that enterprise software has been enjoying from it [open source software] for decades.”

The open source factor

Red Hat Inc. signage is displayed outside the New York Stock Exchange (NYSE)

Anyone who has even remotely paid attention to the technology sphere over the past decade or so will have noticed that open source is now big business. The likes of Elastic and Cockroach Labs have built billion-dollar businesses off the back of open source projects, while Aiven recently hit double-unicorn status for a business that helps enterprises make the most of open source technologies in cloud environments.

But Red Hat, arguably, remains one of the biggest success stories from the open source world, selling enterprises premium support and services for some of the world’s biggest community-driven projects, from Linux to Kubernetes.

“Companies like Red Hat have proven that with the right commercial offerings on top, the appeal of using open source in enterprise environments is enormous,” Linietsky said. “W4 intends to do this very same thing for the game industry.”

It’s an interesting parallel, for sure, and one that seems pretty obvious when presented with such a comparison. Linux’s open source credentials were what led it to become the leading operating system for web servers, while Android’s mobile market share dominance can substantively be attributed to its Linux kernel base. Elsewhere, other open source projects such as Kubernetes are powering enterprise adoption of microservices and container technologies.

In truth, Godot is nowhere near having the kind of impact in gaming that Linux has had in the enterprise, but it’s still early days — and this is exactly where W4 could make a difference.

“We expect Godot to take the same route in the game industry as other open source software has taken in the enterprise, which is to slowly become the de facto standard,” Linietsky continued. “It is very difficult for companies that create proprietary software to compete with the massive talent pool that popular open source projects have, and unappealing for software users to concede the freedom to use software as they please to a third-party entity.”

On top of that, having one of Red Hat’s original founders on board as an investor can only be construed as a major coup for a startup that is just eight months old.

“Bob is an incredible human being who helped create a whole new type of business where nobody expected it was possible,” Linietsky continued. “He identified the opportunity for Godot and W4 as very similar to Linux and Red Hat two decades ago, and has been very kind to share his wisdom with us, as well as becoming an investor in our company.”

Support and services

Concept illustration depicting technical support

Concept illustration depicting technical support

W4’s core target market will be broad — it’s gunning for independent developers and small studios, as well as medium and large gaming companies. The problem that it’s looking to solve, ultimately, is that while Godot is popular with hobbyists and indie developers, companies are hesitant to use the engine on commercial projects due to its inherent limitations — currently, there is no easy way to garner technical support, discuss the product’s development roadmap, or access any other kind of value-added service.

But perhaps more importantly, while Godot is touted as a cross-platform game engine spanning the web, mobile, and desktop, it has hitherto lacked direct support for games consoles. The reason for this is that as an open source project served under a permissive MIT license, Godot can’t provide support for consoles because it wouldn’t be allowed to publish the code required to interact with the proprietary hardware — game studios that develop for consoles have to sign strict non-disclosure agreements. Plus, console makers will only work with registered legal entities, which Godot is not.

Put simply, Godot can’t be a community-driven open source project and support consoles at the same time. But there are ways around this, which is why W4 hopes to make money by offering a porting service to help developers convert their existing games into a console-compatible format. 

“W4 will offer console ports to developers under very accessible terms,” Linietsky said. “Independent developers won’t need to pay upfront to publish, while for larger companies there will be commercial packages that include support.”

Elsewhere, W4 is developing a range of products and services which it’s currently keeping under wraps, with Linietsky noting that they will most likely be announced at Game Developers Conference (GDC) in San Francisco next March.

“The aim of W4 is to help developers overcome any problem developers may stumble upon while trying to use Godot commercially,” Linietsky added.

It’s worth noting that there are a handful of commercial companies out there already, such as Lone Wolf Technology and Pineapple Works, that help developers get the most out of Godot — including console porting. But Linietsky was keen to highlight one core difference between W4 and these incumbents: it’s expertise.

“The main distinctive feature of W4 is that it has been created by the Godot project leadership, which are the individuals with the most understanding and insight about Godot and its community,” he said.

Distributed

Of Godot’s 1,500 or so contributors, 10 are more-or-less permanent hires, paid via community donations. Similarly, W4’s current team of 12 largely consists of long-standing Godot contributors, spread across eight different countries in the Americas and Europe. This is much like how other companies built on an open source foundation started out, including Red Hat and WordPress.com’s parent Automattic, which was one of the most well-known “distributed” company out there, long before the remote-work revolution came along in 2020.

Indeed, distributed work is one of the core defining characteristics of open source software development. By way of example, Linietsky is based in Spain, while cofounder and COO Rémi Verschelde works from Denmark. The other two founders, CTO Fabio Alessandrelli and CMO Nicola Farronato, operate from different locations in Italy.

But every legal entity needs to choose somewhere as its corporate home. And similar to many tech companies, W4 elected Dublin, Ireland as its official HQ — though this presence is really just on paper, only.

“We are based in Ireland because two of the cofounders have previously established there, have relatives, and are very familiar with the Irish ecosystem,” Linietsky said.

Continue Reading

Trending