Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.
Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems, in a blog post announcing the change. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”
Facebook has previously notified third-party developers of vulnerabilities, but the policy shift formally codifies the company’s policy towards disclosing and revealing security vulnerabilities.
Vulnerability disclosure programs, or VDPs, allow companies to set the rules of engagement for finding and disclosing security bugs. VDPs also help guide the disclosure and publication of vulnerabilities once a bug is fixed. Companies often use a bug bounty to pay hackers who follow the company’s reporting and disclosure rules.
The policy change is not entirely altruistic. Facebook, like many other tech companies, rely on a ton of third-party code and open-source libraries. But by putting the change in writing, it also puts third-party developers on notice if they don’t fix vulnerabilities in a timely fashion.
Casey Ellis, founder and chief technology officer at vulnerability disclosure platform Bugcrowd, said the policy shift was becoming increasingly popular for companies with a “large, user-centric, third-party attack surface,” and echoes similar efforts by Atlassian, Google, and Microsoft.
Facebook said when it finds a vulnerability, it will give third-party developers 21 days to respond to report and 90 days to fix the issues, a widely accepted timeframe to report and remediate security issues. The company says it will make a reasonable effort to find the right contact for reporting a vulnerability including, but not limited to, emailing security reporting emails, filing bugs without confidential details in bug trackers, or filing support tickets. But the company said it reserves the right to disclose sooner if the vulnerability is actively being exploited by hackers, or delay its disclosure if it’s agreed that more time is needed to fix an issue.
Facebook said it will generally sign an non-disclosure agreement (NDA) specific to the security issues it reports.
Katie Moussouris, founder of Luta Security, told TechCrunch that the “devil will be in the details.”
“The test will be the first time they have to pull the trigger and drop a zero-day — with mitigation guidance — on a competitor,” she said, referring to unpatched vulnerabilities where companies have zero days to patch them.
The new policy is focused specifically on how Facebook handles disclosure of issues in third-party code. If researchers find a security vulnerability on Facebook, or within its family of apps, they will continue to report it through the existing Bug Bounty Program.
As part of the policy change, Facebook said it would also disclose vulnerabilities once they are fixed. In a separate blog post, Facebook, which owns WhatsApp, disclosed six vulnerabilities in the messaging app — since fixed.
Snapchat’s parental control features spotted in development – TechCrunch
Snapchat is preparing to introduce a new parental control feature dubbed “Family Center,” which will allow parents to see who their teen is friends with on the app as well as who they’ve been messaging with over the past seven days, and more.
Snap’s CEO Evan Spiegel first teased the planned offering during an interview in October, where he explained the feature would give parents better visibility into how teens use its service and, hopefully, make them feel more comfortable with the app.
Snap is one of the last Big Tech social platforms to address the need for parental monitoring tools, though its app sees heavy use among younger users. At Snap’s NewFronts presentation to advertisers earlier this month, the company noted the Snapchat app now reaches more than 75% of 13-34-year-olds in over 20 countries, and 80% of the U.S. Gen Z population had watched at least one of its Snap Original shows.
According to new screenshots of Snapchat’s forthcoming Family Center shared with TechCrunch by the product intelligence firm Watchful, the new Family Center feature allows parents to see who their teen is friends with on the app. This is useful for parents because, unlike many social networks, Snapchat’s friend lists aren’t public. Parents will also have visibility into who their teen has chatted with over the past seven days — but not the contents of those conversations. The screenshots additionally explain that parents will be able to assist their teen in reporting abuse and harassment, if needed.
The parental control feature works by allowing parents to invite their teen (or teens) to the new in-app Family Center in order to begin the monitoring. The recipient of that invitation has the option of either accepting or declining the invitation.
This is, arguably, an appropriate approach to parental controls involving teens, as it respects their privacy. Instead of allowing parents to surreptitiously spy on their teens, it ensures the parent and child will instead have a conversation about parental monitoring, where they agree to a set of rules appropriate for their own household.
The images provided by Watchful represent early designs of Snapchat’s feature, which is still in development and not yet live or being tested. We should note that products at this stage often change before their launch to the general public. That means the final product could look quite different. (The U.K. spelling of the word “Center,” too, suggests that we’re not seeing a global version of the Family Center product here.)
Other large social platforms have already launched their parental control features and other age-appropriate experiences for their younger users. Snap is running a little behind.
TikTok, for example, has continued to develop its parental controls offerings following the debut of its in-app Family Pairing tool back in 2020. The tool allows parents to pair their TikTok account with a child’s in order to control the account’s privacy, whether it’s suggested to other TikTok users, whether the child can use search, and who, if anyone, can view, comment or interact with the child’s content, among other things. There’s also a toggle to put the account into an even safer mode for under-13 users.
YouTube also launched parental control features into testing last year that allow parents to select between different levels of YouTube access for teen or tween users. And Instagram arrived even later with its new safety tools for parents, also called Family Center, which didn’t roll out until March 2022. Its tools let parents monitor time spent on the app, who has followed the child’s account and more.
Although all platforms compete broadly in the social media space, they all operate a bit differently, which informs what type of parental control features are actually needed. In Snapchat’s case, minors on the app have to mutually accept each other as friends before they can begin messaging. Minors’ accounts also aren’t shown in search results or as friend suggestions to another user — unless they have friends in common. And minors are not able to have public profiles. That means Snap wouldn’t need to roll out parental control features to control these types of experiences.
Snap declined to comment on the Family Center screenshots, but the company had previously said the offering would arrive in the coming months.
We (skim)read Meta’s metaverse manifesto so you don’t have to… – TechCrunch
Meta’s recently crowned president of global affairs, Nick Clegg — who, in a former life, was literally the deputy prime minister of the U.K. — has been earning his keep in California by penning an approximately 8,000-word manifesto to promo “the metaverse”: aka, the sci-fi-inspired vapourware the company we all know as Facebook fixed on for a major rebranding last fall.
Back then, founder and CEO Mark Zuckerberg, pronounced that the new entity (Meta) would be a “metaverse-first” company “from now on”. So it’s kinda funny that the key question Clegg says he’s addressing in his essay is “what is the metaverse” — and, basically, why should anyone care? But trying to explain such core logic is apparently keeping Meta’s metamates plenty busy.
The Medium post Clegg published yesterday warns readers it will require 32 minutes of their lives to take in. So few people may have cared to read it. As a Brit, I can assure you, no one should feel obliged to submit to 32 minutes of Nick Clegg — especially not bloviating at his employer’s behest. So TechCrunch took that bullet for the team and read (ok, skim-read) the screed so you don’t have to.
What follows is our bullet-pointed digest of Clegg’s metaverse manifesto. But first we invite you to chew over this WordCloud (below), which condenses his ~7,900-word essay down to 50 — most boldly featuring the word “metaverse” orbiting “internet”, thereby grounding the essay firmly in our existing digital ecosystem.
Glad we could jettison a few thousand words to arrive at that first base. But, wait, there’s more!
Fun found word pairs that leap out of the CleggCloud include “companies rules” (not democratic rules then Clegg?); “people technologies” (possibly just an oxymoron; but we’re open to the possibility that it’s a euphemistic catch-all for ill-fated startups like HBO’s Silicon Valley‘s (satirical) ‘Human Heater’); “around potential” (not actual potential then?); “meta physical” (we lol’d); and — squint or you’ll miss it! — “privacy possible” (or possibly “possible privacy”).
The extremely faint ink for that latter pairing adds a fitting layer of additional uncertainty that life in the Zuckerberg-Clegg metaverse will be anything other than truly horrific for privacy. (Keen eyed readers may feel obligated to point out that the CleggCloud also contains “private experience” as another exceptionally faint pairing. Albeit, having inhaled the full Clegg screed, we can confirm he’s envisaging “private experience” in exceptional, siloed, close-friend spaces — not that the entire metaverse will be a paradise for human privacy. Lol!)
Before we move on to the digest, we feel it’s also worth noting a couple of words that aren’t used in Clegg’s essay — and so can only be ‘invisibly inked’ on our wordcloud (much like a tracking pixel) — deserving a mention by merit of their omission: Namely, “tracking” and “profiling”; aka, how advertising giant Meta makes its money now. Because, we must assume, tracking and profiling is how Meta plans to make its money in the mixed reality future Clegg is trying to flog.
His essay doesn’t spare any words on how Meta plans to monetize its cash-burning ‘pivot’ or reconfigure the current “we sell ads” business model in the theoretical, mixed reality future scenario he’s sketching, where the digital commerce playground is comprised of a mesh of interconnecting services owned and operated by scores of different/competing companies.
But perhaps — and we’re speculating wildly here — Meta is envisaging being able to supplement selling surveillance-targeted ads by collecting display-rents from the cottage industry of “creators” Clegg & co. hope will spring up to serve these spaces by making digital items to sell users, such as virtual threads for their avatars, or virtual fitting rooms to buy real threads… (‘That’s a nice ‘Bored Ape T-Shirt’ you’re planning to sell — great job! — but if you want metamates to be able to see it in full glorious color you’ll want to pay our advanced display fees’, type thing. Just a thought!)
Now onwards to our digest of Clegg’s screed — which we’ve filleted into a series of bulleted assertions/suggestions being made by the Meta president (adding our commentary alongside in bold-italics). Enjoy how much time we’ve saved you.
- There won’t be ‘a’ or ‘the metaverse’, in the sense of a single experience/owned entity; there will be “metaverse spaces” across different devices, which may — or may not — interoperate nicely [so it’s a giant rebranding exercise of existing techs like VR, AR, social gaming etc?]
- But the grand vision is “a universal, virtual layer that everyone can experience on top of today’s physical world” [aka total intermediation of human interaction and the complete destruction of privacy and intimacy in service of creating limitless, real-time commercial opportunities and enhanced data capture]
- Metaverse spaces will over index on ephemerality, embodiment and immersion and be more likely to centre speech-based communication vs current social apps, which suggests users may act more candid and/or forget they’re not actually alone with their buddies [so Meta and any other mega corporates providing “metaverse spaces” can listen in to less guarded digital chatter and analyze avatar and/or actual body language to derive richer emotional profiles for selling stuff]
- The metaverse could be useful for education and training [despite the essay’s headline claim to answer “why it matters”, Clegg doesn’t actually make much of a case for the point of the metaverse or why anyone would actually want to fritter their time away in a heavily surveilled virtual shopping mall — but he includes some vague suggestions it’ll be useful for things like education or healthcare training. At one one point he enthuses that the metaverse will “make learning more active” — which implies he was hiding under a rock during pandemic school shutdowns. He also suggests metaverse tech will remove limits on learning related to geographical location — to which one might respond have you heard of books? Or the Internet? etc]
- The metaverse will create new digital divides — given those who can afford the best hardware will get the most immersive experience [not a very equally distributed future then is it Clegg?]
- It’s anyone’s guess how much money the metaverse might generate — or how many jobs it could create! [🤷]
- But! Staggeringly vast amounts of labor will be required to sustain these interconnected metaverse spaces [i.e. to maintain any kind of suspension of disbelief that it’s worth the time sink and to prevent them from being flooded with toxicity]
- Developers especially there will be so much work for you!!! [developers, developers, developers!]
- Unlike Facebook, there won’t be one set of rules for the metaverse — it’s going to be a patchwork of ToS [aka, it’ll be a confusing mess. Plus governments/states may also be doing some of the rule-making via regulation]
- A lack of interoperability/playing nice between any commercial entities that build “metaverse experiences” could fatally fragment the seamless connectivity Meta is so keen on [seems inevitable tbh; thereby threatening the entire Meta rebranding project. Immersive walled gardens anyone?]
- Meta’s metaverse might let you create temporary, siloed private spaces where you can talk with friends [but only in the same siloed way that FB Messenger offers E2EE via “Secret Conversations” — i.e. surveillance remains Meta’s overarching rule]
- Bad metaverse experiences will probably be even more horrible than 2D-based cyberbullying etc [yep, virtual sexual assault is already a thing]
- There are big challenges and uncertainties ahead for Meta [no shit]
- It’s going to take at least 10-15 years for anything resembling Meta’s idea of connected metaverse/s to be built [Clegg actually specified: “if not longer”; imagine entire decades of Zuckerberg-Clegg!]
- Meta hopes to work with all sorts of stakeholders as it develops metaverse technologies [aka, it needs massive buy-in if there’s to be a snowflake’s chance in hell of pulling off this rebranding pivot and not just sinking billions into a metaverse money-hole]
- Meta names a few “priority areas” it says are guiding its metaverse development — topped by “economic opportunity” [just think of all those developer/creator jobs again! Just don’t forget who’s making the mega profits right now… All four listed priorities offer more PR soundbite than substance. For example, on “privacy” — another of Meta’s stated priorities — Clegg writes: “how we can build meaningful transparency and control into our products”. Which is a truly rhetorical ask from the former politician, since Facebook does not give users meaningful control over their privacy now — so we must assume Meta is planning a future of more of the same old abusive manipulations and dark patterns so it can extract as much of people’s data as it can get away with… Ditto “safety & integrity” and “equity & inclusion” under the current FB playbook.]
- “The metaverse is coming, one way or another” [Clegg’s concluding remark comes across as more of a threat than bold futuregazing. Either way, it certainly augurs Meta burning A LOT more money on this circus]
Voicy wants to pwn gamers with audio memes – TechCrunch
If meme stocks can be a thing, what’s to stop audio meme sharing from going viral!? Hoping to storm the ear-bending arena of social audio and win friends amid the gamer/creator crowd is Voicy — a Netherlands-based startup that’s building a platform for user-generated audio snippets (typically a few seconds long), offering tools to create emotive samples for reaction sharing to spice up your messaging/streams.
It’s not hard to predict where this idea goes: Straight to gross out fart sfx and pwning troll clips — which are indeed plentiful on this fledgling platform for user-generated (or, well, sampled) audio. Dank audio memes anyone?
Other viral noises are available. Borat clips, for example, or Squid Game sounds. Plus a cacophony of over-enthusiastic Internet memes in audio form. John Oliver screaming “GOOGLE IT!” repeatedly, or Epic Sax Guy’s epic saxing, and so on.
The typical Voicy user is, unsurprisingly, young and trigger happy, per the startup — which envisages gamer voice chat as a key target for a pipelines of social integrations it hopes to build out. So far it has one integration inked with messaging app, Viber — but it’s offering a “simple universal API” to encourage other platforms to sign up.
Zooming out, Voicy’s stated mission is to do for sound clips what Giphy has done for GIFs.
“We want to create a new way for people to express themselves creatively in how they communicate. In areas such as gaming, where communicating with images or text doesn’t work as well — there’s a huge gap for audio to really enhance the experience,” suggest co-founders Xander Kanon, Joey de Kruis and Milan Kokir via email.
“As we’ve seen with memes and GIFs, people love to create their own very creative content. Audio has the capacity to have the same, if not bigger impact on modern communications. We’ve seen from instant chat, to emoticons to GIFs that people all over the world want to experiment with and simply have fun with how they communicate — it’s one of the things we all have in common. In addition to this, the competition among apps and platforms is immense and all of them are working hard to make their offering more sticky, fun and engaging. This is where Voicy comes into play.”
“From the ground up, we have developed our platform to give users the express ability to create,” they add. “Our technology directly serves that purpose through an open-source approach to content, with safeguards layered in to moderate. With integrations, our approach has been to connect our platform with other platforms and give users wider accessibility to sharing content. With the addition of public API, further integrations and a strong foundation within the platform, we believe our impact can be exponential.”
The platform fully launched in October 2020, per the founders, and they’ve grown usage to 1.1 million monthly active users at this stage (although that’s including usage via Viber, not just ears they’re pulling into their own platform).
Other usage metrics they share include that users have created some 145,000 sound clips so far, with an average of 10k more being added per month. They also say a Voicy user plays, on average, 20 sound clips and shares one per visit.
While, following their recent partnership with Viber, users there have sent over 20 million audio messages — which have been played 100M times in just three months.
The startup is planning to build out a pipeline of third party integrations to drive for further growth, with the help of a €1.2 million pre-seed raise being announced today — eyeing potential love-ins across social messaging, streaming and gaming platforms. Or basically anywhere where noisy memes might find an appreciative audience.
“There are a lot of potential integrations within social messaging, for example WhatsApp, FB Messenger; social video — Instagram, Snapchat, TikTok, YouTube; gaming — Roblox, Ubisoft, Xbox, Discord; and streaming — Twitch, Streamlabs and Corsair,” they suggest, reeling off the tier one consumer platform list.
Voicy’s pre-seed raise is led by Oliver Samwer’s Global Founders Capital, with a number of tech senior execs also participating from companies including Twitch, Spotify, Deezer, Snapchat, Booking, Uber, Reddit, Acast and Tesla.
Commenting in a statement, Global Founders Capital’s Soheil Mirpour said: “Voicy is a very exciting new startup. In short order, their strong team has grown a huge community of very active users who are creating hundreds of pieces of new audio content every day. There’s a massive amount of potential for short audio in social communication. A Discord user spends on average 285 minutes a day in a Discord voice chat, people share 7 billion voice messages per day on WhatsApp alone and billions of people use short audio in their TikTok or Instagram videos. Voicy brings a new concept to the table, which is ready to disrupt an enormous market — we knew we had to invest.”
But why do web users need audio memes when there are already, er, audio GIFs? Isn’t this a rather niche proposition — given existing overlap, plus the general (broad) competition from other reaction ‘shareables’ consumers can easily use to express themselves, from ye olde emoji, to customizable stickers to viral GIFs?
Soundless reaction formats (like GIFs) are also essentially an advantage to the sizeable ‘never turn up the volume’ mobile crew — whose silence-loving (voice-message hating) existence explains why even short video clips which are made to be shared on social typically come with captions to provide an baked in alternative to engaging any ear. (And, well, an audio meme with the sound off is just some sad-looking pixels, right? … Quite possibly, though, this is an older vs younger Internet user generation thang 😬)
Surprising no one, Voicy users so far are Gen Z or Gen Alpha, with a strong following amid the TikTok/Roblox generation, per the founders. (“Our users use us for gaming, creation, and messaging. Across our user base, most users are located in the USA (60%). The majority of users are aged below 35 years old (75%+),” they also confirm.)
“The advantage of a sound clip over a GIF/sound GIF is the wider applicability of it,” argue Voicy’s founders. “Practically, you can use a sound clip in your stream, during gaming, or to edit your video or your TikTok video/Youtube Short as well as use it in messaging. You simply cannot do this with an audio GIF due to user experience and practical constraints.”
“Audio memes are funny, iconic and unique shareable audio bites that can be used in any form of online communication to express thoughts or feelings in a specific context,” add the trio — who are self professed avid gamers themselves.
What about risks around copyright? How are they managing that issue? Voicy is not licensing any audio content currently but the founders suggest they may do in future. For now they’re relying on fair use to recirculate samples (plus their platform supports a DCMA reporting and takedowns procedure). They say they’re also using a third party service to stop protected samples from being piped onto any third party platforms they integrate with.
While it’s early for such a consumer-focused product to be focused on monetization, the team says they’re building Voicy as a marketplace — and ultimately intend to focus on the needs of the creator community.
“We believe that our long term opportunity lies at enabling creators to monetise their content,” they tell TechCrunch. “With the creator’s economy continuing to grow at a rapid speed, we provide them a platform to create, clipify, distribute, earn, and build a community around their sonic identity. With a large integration network and a platform as an end-destination for consuming and engaging with sounds and sound-creators, Voicy can monetise its library and integrations. Voicy can provide a ton of value both for the supply side and the demand side.”
“More specifically, our business model will be focused around the sub-licensing of clips, and by providing additional premium features for creators to do what they do best: creating content. Content will have the possibility to be sub-licensed to integration partners, fans, other creators, and premium consumers,” they add.
The Real Reason Canada Is Banning Huawei Technology
In an official statement, Canada’s Minister of Innovation, Science and Industry, Francois-Phillipe Champagne mentioned that the move ensures the long-term...
Review: New Chip ‘N Dale movie hilariously spoofs classic games, cartoons
Enlarge / When there’s danger! Disney Traditionally, when Disney films skip theaters and go straight to video, it’s not a...
Realme’s Next Premium Tablet Looks To Have An Unusual Design
Even though we still have six days before the Realme Pad X launches in China, some of the specs of...
The Most Expensive NFTs Ever Purchased
One of the earliest examples of an NFT collection on the Ethereum blockchain, CryptoPunks have grown to be among the...
New USB-C dock triples M1 Mac external monitor support, Anker says
If you have an M1-based Mac, Apple says you’re limited to just one external monitor. But Anker, which makes power...
Social2 years ago
CrashPlan for Small Business Review
Social1 month ago
Web.com website builder review
Gadgets4 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile4 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Social4 years ago
iPhone XS priciest yet in South Korea
Security3 years ago
Google latest cloud to be Australian government certified
Social4 years ago
Apple’s new iPad Pro aims to keep enterprise momentum