Firefly forges on after co-founder murdered by Hamas

by with No Comment Tech

Image Credits: Firefly

A startup called Firefly that’s tackling the thorny and growing issue of cloud asset management with an “infrastructure as code” solution has raised $23 million in funding. That comes on the heels of strong demand for its tech and increasing revenue fourfold in 2023.

The firm’s latest success also comes on the heels of tragedy, as co-founder CTO Joseph “Sefi” Genis was among the hundreds killed by Hamas in October 2023 at the now-infamous Nova music festival.

The firm finds itself at the intersection of technology and major world events for the second time. Firefly was hatched in 2021 in the wake of the COVID-19 outbreak, amid a huge burst of “digital transformation.” Suddenly faced with remote workforces, organizations turned to the cloud in a big way to manage those workers and to launch new services.  

Those migrating into the cloud seized on a big opportunity to work more flexibly and efficiently, but their move also carries risk. As companies spread their work across multiple containers, clouds, apps and devices, ops teams have trouble tracking their digital assets — living or dormant — and that can have major implications for cost, security, and operations.

“How do you handle so much complexity?” asks Firefly CEO Ido Neeman (sitting in the center in the picture above). “You can’t. The proliferation of tools is too overwhelming.”

Firefly’s services address this, with tech that can scan assets in clouds from major providers, including Google, Microsoft Azure and Amazon Web Services, along with private clouds, containers, apps and more. 

Using AI technology, the company creates a snapshot of the situation and immediately begins to highlight what might appear to conflict with something else, along with suggestions for how to remediate the problems.

Firefly’s remediations are delivered in the form of “infrastructure as code,” which is used by DevOps and related teams as a way to provision and manage cloud resources, using code rather than physical or interactive tooling. 

“We do this by automatically and instantly discovering your entire cloud footprint across all the clouds, all the technologies, all the infrastructure’s code,” Neeman explained. “We discover everything on your cloud footprint. Then we scan it to detect which part of your cloud is properly controlled and qualified. You control it, you own it, it’s well-governed versus unmanaged, misconfigured, or inefficient. Once we find such chaos, we’ll give you automatic remedies to fix it.” 

The company had recently launched an AI that suggested and could execute the code automatically, but it disabled that feature for some bigger customers, who were concerned about hallucinations and simply getting things wrong. We still have a ways to go before everyone signs up for all AI, all the time.

Regardless, just as HubSpot might be used for marketing assets, or ServiceNow for infrastructure resources, Firefly wants to be “the source of truth, the cloud control pane” for the cloud, Neeman said. The company’s remediation by default comes in the form of suggestions, and it’s ultimately up to DevOps to decide whether these should be implemented. 

Vertex, a previous backer, led this Series A with participation from two other returning investors — Hanaco and SoftBank — as well as new strategic backer InMotion Ventures (the investment arm of Jaguar Land Rover) and Redseed, a fund created by ex-DST partners and founders. Firefly had previously raised $6.5 million, and it’s not disclosing its valuation.

Human chaos

Raising money as a successful startup these days can feel like a major win in itself. But it’s even more of an achievement when the funding comes after a crushing blow.

The startup has headquarters in Foster City in the Bay Area, and most of its customers are in the U.S., but it was founded and retains significant operations in Israel, which put it on the front lines of tragedy when Genis was murdered. (He is on the right side in the photo above.)

Genis’ death came after a protracted attempt to evade the attackers, an effort he shared through text messages with his wife. Ultimately, Genis and a friend went into hiding. Cornered, they could see that there was no escaping a particular armed Hamas attacker. Without an option to flee further, the pair tried to overtake him. They both died. But the effort had a heroic ending: The distraction they provided saved the lives of others who had been hiding with Genis and his friend. 

“Thanks to the fact that they attacked the terrorist, they prevented him from entering the shelter and seeing that there were other people there,” one of the survivors said in a TV interview.

The attack at the Nova festival and surrounding villages kicked off a protracted and controversial war in Gaza, resulting in tens of thousands more casualties amid the destruction of an entire territory. 

Firefly represents the contradictions and complexities of the situation for the people and businesses in Israel and Gaza, many of whom are inherently involved in a conflict bigger than themselves, whether they want to be or not. Some will try to find a way to a brighter place despite that.

Neeman, who co-founded Firefly with Genis and CPO Eran Bibi (pictured far left), said that the startup had been planning to raise money before this happened — a plan that was paused in the immediate aftermath.

“We needed to handle this awful, awful situation,” Neeman explained. “He was not just the CTO, not just the co-founder, of Firefly. He was a very close friend to me, to Eran, to the entire team. Sefi was such a beautiful soul, just smiling and happy and honestly, a genius. So it was hard.”

They delayed funding for months, but also thought of how to soldier on (short of becoming soldiers in the literal sense).

“I think that the entire team became stronger out of it,” he said. “We are now all committed to making his vision come true. Sefi wanted to solve cloud complexity, so for us, his legacy lives on through making Firefly a big, successful company.”

Growth began to accelerate, with the company growing fourfold over 2023 and doubling sales and customer counts in the last six months. 

“We signed some of the largest logos in the Fortune 500, and we created some amazing new capabilities to make cloud operations much more simple. We’ve added some great team members. We know we will always remember our good friend, but we’re optimistic. We’re seeing the future.”

Apple app store icon

Apple revises its DMA rules after pressure, but keeps the Core Technology Fee intact

by with No Comment Tech

Apple app store icon

Image Credits: Bryce Durbin / TechCrunch

No, Apple’s new and controversial “Core Technology Fee” isn’t going away for EU app developers who opt into the iPhone maker’s new business terms designed to comply with the region’s Digital Markets Act. However, today Apple is announcing a handful of smaller concessions driven by feedback from its app developer community, it says. Notably, the company will now no longer require that corporate entities must sign up for the new DMA terms along with all their sub-accounts, nor will it require a standby letter of credit. In addition, the move to opt into the DMA terms is no longer a one-way switch. Instead, developers under certain circumstances will have the option for a one-time switch back to the existing terms — meaning the standard 15% to 30% commission, not the reduced one under the new rules.

However, these changes don’t address the major complaints with Apple’s DMA rules, which involve reducing commissions on App Store purchases in favor of other new fees. At issue is Apple’s institution of a new “Core Technology Fee,” which requires developers to pay Apple €0.50 for each first annual install per year over a 1 million threshold for apps distributed outside its App Store.

Larger developers like Spotify and Epic Games have lashed out at Apple’s plans to “comply” with the DMA, calling its plan “extortion” and “bad-faith” compliance, among other things. Other tech companies, including  Meta, Mozilla, and Microsoft have also criticized Apple’s DMA rules, with Meta CEO Mark Zuckerberg saying the requirements were “so onerous” he didn’t see how any developer would be able to adopt them. A consortium of developers, led by Epic and Spotify, also penned an open letter to the European Commission, asking the government to assess Apple’s compliance and take “swift, timely, and decisive action” against the tech company to protect developers.

Apple didn’t make any move to adjust its fee structure with these new changes. Rather, it’s adjusting some of the more obviously less compliant terms — like the rule that said that marketplace app developers would need a €1,000,000 letter of credit from an A-rated financial institution to receive the DMA entitlement. That would prevent individual and smaller developers from signing up, which would mean Apple wasn’t fully in line with the law.

The other change will allow a larger corporate entity to pick and choose which of its developer accounts opt into the DMA rules, and which do not at the developer account level. Before, Apple was requiring that corporations sign up each membership it controls if it chose to opt into the DMA rules. That also doesn’t make sense, as various arms of a larger corporation should be able to make their own business decisions and act accordingly.

Apple may have known in advance that these sorts of rules wouldn’t fly and chose to pull them back ahead of a directive to do so as a gesture of compliance and “listening” to its community.

Another change sounds like it would make it easier for developers to test the DMA rules and then switch back, but that’s not necessarily the case.

Instead, Apple says developers can terminate the DMA Addendum one time without terminating their Developer Agreement — but only if “you have never had an Application be an Alternative App Marketplace (EU), be distributed through an Alternative App Marketplace (EU), use Linking Out, or use Alternative Payment Processing.”

In other words, if the developer never actually began to do business under the new terms.

Signing the agreement doesn’t give developers the ability to terminate their agreement a second time if they have already done so, the company says. Plus, Apple says it will still invoice the developer terminating its agreement for the Core Technology Fee, which has to be paid within 30 days. They can then choose to opt back into the DMA rules at a later date, if desired.

Apple announced these changes to its DMA rules alongside the launch of Xcode 15.3 and the latest SDKs for iOS 17.4, iPadOS 17.4, macOS 14.4, tvOS 17.4, visionOS 1.1, and watchOS 10.4. Developers can now begin to submit apps under the DMA terms, Apple says, and can now measure the number of first annual installs their apps have accumulated.

The company additionally updated its App Review Guidelines to include references to the new DMA rules, including that app developers cannot copy the names, icons, or imagery of other mobile platforms or alternative marketplaces. It also says that alternative app marketplaces cannot compile personal information on users unless they specifically consent, nor can they use public databases to collect that personal information. It also says apps that don’t comply with its guidelines will be blocked from installation — including via alternative app marketplaces.

Spotify, Epic Games and others pen letter to EC, claiming Apple has made a ‘mockery’ of the DMA

a pattern of red eyes on a darkened background

Spyware makers express concern after US sanctions spyware veteran

by with No Comment Tech

a pattern of red eyes on a darkened background

Image Credits: Sudowoodo / Getty Images

Earlier this week, the U.S. government announced sanctions against the founder of a controversial government spyware maker, Tal Dilian, and his business associate, Sara Aleksandra Fayssal Hamou.

In announcing the sanctions, U.S. Treasury officials accused Dilian and Hamou of developing and selling spyware that was then used to target Americans, including U.S. government employees, as well as policy experts and journalists — actions that enabled human rights violations around the world.

The move was the first of its kind. Until now, the U.S. government had targeted spyware companies — not the individuals who head them — putting them on blocklists and imposing sanctions that prevent any U.S. person or company from financing or transacting with them. But from now on, it seems like the gloves are off. If the U.S. government thinks someone sold spyware to authoritarians and dictators, or their company’s spyware was used against the wrong targets, it will go directly after the people running those spyware companies.

And people who used to work in the government spyware industry expressed concern.

“Wow. That’s big,” said a former head of a spyware maker that sold to governments, when TechCrunch shared the news of the sanctions with him.

The person, who like others quoted in this story spoke on the condition of anonymity, said that he was concerned, but at the same time he was confident his former company followed regulations and did things the right way, unlike Dilian, the founder of Intellexa, which the Treasury also sanctioned.

“He sold to anyone who was willing to pay,” said the former spyware head.

The person also added that — in his opinion — Dilian made a mistake when trying to get around the restrictions previously imposed on his company by the U.S. government. In 2023, the Biden administration put Dilian’s companies Intellexa and Cytrox on a blocklist called the “entities list.” Once a company is on this list, U.S. businesses and individuals to export certain goods, which can include software, to the blocklisted company anymore.

“I think this is what pissed off the Americans,” said the former spyware head.

Another person who used to work in the spyware industry said that Dilian “moves like an elephant in a crystal shop,” implying Dilian’s activities were not concealed, if not brazen.

“In that particular space of spyware sellers you have to be extremely balanced and attentive…but he didn’t care,” the person said.

At the same time, the person said he is happy to have left the industry, because the times have changed.

According to a third person working in the spyware industry, the sanctions against Dilian and his business associate Hamou should make the whole market have a moment of reflection.

“If I had to come back to work actively in this industry, and I couldn’t find an exclusive customer that is extremely trustworthy, [sanctions] would be a risk,” the third person said. “A company, however serious, can never be 100% sure about how its customers act, and the political developments that can embroil them.”

Before this week’s sanctions, the last action the U.S. government took against spyware makers was to announce that the State Department could impose travel bans and visa restrictions for people involved in facilitating or enabling abuses with spyware.

Contact Us

Do you know more about spyware providers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

Prior to this in 2021, the U.S. Department of Commerce added to its blocklist NSO Group, an Israel-based spyware maker whose tools have been documented to have been used against journalists, politicians, dissidents and human rights defenders in several countries like Hungary, Mexico, Poland, Saudi Arabia and Spain. Two years later, in 2023, Cytrox and Intellexa were also put on the same list as NSO Group.

Given that, just like Intellexa, NSO Group and Candiru — another Israeli spyware maker — were put on the denylist, it would make sense for the U.S. government to target the founders and executives of these two other companies.

But it’s unclear if the people running those companies are concerned.

Dilian could not be reached for comment. Hamou did not respond to a request for comment.

A previous version of this story mischaracterized the impact when a company is added to the entities list.

US sanctions founder of spyware maker Intellexa for targeting Americans

Bumble's Interim General Counsel, Elizabeth Monteleone, speaking at SXSW

A third of Bumble's Texas workforce moved after state passed restrictive 'Heartbeat Act' abortion bill

by with No Comment Tech

Bumble's Interim General Counsel, Elizabeth Monteleone, speaking at SXSW

Image Credits: SXSW

Bumble has lost a third of its Texas workforce in the months since the state passed the controversial abortion SB 8 (Senate Bill 8), also known as the Texas Heartbeat Act, over a year ago. This new data point was shared by Bumble’s Interim General Counsel, Elizabeth Monteleone, speaking on a panel this afternoon at the SXSW conference in Austin, Texas. The panel focused on the “healthcare crisis in Post-Roe America” and featured women who had both sued and spoken out about the need to have doctors, not politicians, involved in their healthcare decisions.

What’s more, Monteleone noted that Bumble is no longer requiring employees to join the business in its Austin location, even though the dating app maker is headquartered there.

“We are a remote-first company. We’ve supported employees who’ve chosen to move out of state,” Monteleone added.

“We — since SB 8 — have seen a reduction in our Texas workforce by about a third. Those employees are choosing to move elsewhere,” she told the audience at the event. “There are a variety of laws in Texas that I think many people find incompatible with living a healthy life and being their authentic self,” added Monteleone, suggesting that not all the departures may be tied directly to this specific piece of legislation, but possibly to several other Texas laws or proposed laws that don’t sit well with Bumble’s employees.

The dating app maker became the first business to join an amicus brief in support of a lawsuit against the Texas abortion law, Zurawski v. State of Texas, filed by the Center for Reproductive Rights. The suit claims that the law puts the lives of pregnant women in jeopardy because doctors are afraid to offer abortion care for fear of losing their licenses, facing hefty fines, or even prison terms. Women involved in the case are suing the state for being forced to carry out their pregnancies because of the state’s abortion law, despite risks to their health. Some women had to travel out of state to get health care, increasing their health risks. Others sued because they had to carry non-viable pregnancies to term. Several Texas doctors signed onto the lawsuit, as well, saying they could no longer properly practice medicine.

While the SXSW panel largely focused on the political aspects of this and other laws, including those that now seek to restrict access to IVF, as well as their personal and emotional toll on women, Bumble’s lawyer additionally pointed to the business impact these sorts of laws have.

“We know that abortion has an impact on individuals, but there’s a profound negative impact on society as a whole and particularly for businesses,” Monteleone said. “We were looking at the lens and what we are putting forth in the brief was talking about the increased cost to us to attract and retain talent in Texas, the increased costs for us to provide healthcare benefits to our employees…We found that because of our position, having been founded with women at the forefront, from the beginning, and having that voice and that legitimacy, to begin with, we could combine that with this very business-centric argument and help support the case,” she said.

Since Bumble’s signing, businesses from across Texas have also signed onto the amicus brief, including rival Match Group and SXSW, some saying they fear they will have similar challenges in attracting and retaining talent, as well.

“These are considerations of [prospective employees] when they’re thinking about if they’re going to accept a job, if they’re going to stay at a job. That consideration about location is a very real factor,” noted Monteleone.

Since the law’s passing, Bumble has introduced enhanced healthcare benefits that include covering the costs for individuals who “seek the full spectrum of reproductive rights,” she said, including abortion, IVF, surrogacy, egg freezing and also gender-affirming care. Other companies have offered similar benefits, at their own expense.

These issues are even more pressing for a company like Bumble which is currently struggling with growth and appealing to a younger audience that seems less interested in dating apps than their older counterparts. The dating app maker posted a weak Q4, with a $32 million net loss and $273.6 million in revenue. It also announced it was letting go of 350 employees after other organizational shifts that saw founder Whitney Wolfe Herd stepping down as CEO and a shake-up in the C-suite, which included the appointment of former Slack CEO Lidiane Jones as its new CEO.

Block Party's Tracy Chou at SXSW

After losing access to Twitter's API, Block Party pivots to privacy

by with No Comment Tech

Block Party's Tracy Chou at SXSW

Image Credits: Block Party

Block Party, a startup developed by software engineer and tech diversity advocate Tracy Chou, was among the victims of Twitter’s (now X’s) API changes earlier this year, forcing it to pivot its business. At the SXSW conference in Austin this weekend, Chou presented a glimpse of what Block Party is now up to with its new product, Privacy Party, designed to help people more easily navigate and adjust their privacy settings across social networks like Facebook, Instagram, LinkedIn, Reddit, X and others.

The original version of Block Party was built on top of Twitter’s API to automate the process of blocking bad actors, trolls, harassers and others. The company raised $4.8 million in seed funding in 2022, a year after launch, with the goal of expanding its automated blocking to more platforms.

However, Twitter’s API crackdown meant that Block Party’s ability to operate was immediately impacted. That product, now on hiatus, has since been rebranded Block Party Classic.

Chou touched on the product’s demise at SXSW, saying that the Block Party Classic had allowed Twitter users to filter out “all the spam and harassment from their mentions” and made Twitter more usable and more pleasant without being a full-on content moderation solution (because the content itself remained on Twitter’s platform). Instead, it functioned more like middleware, she said.

“Sadly, Twitter ownership changes also meant we lost access to the API,” Chou explained.

“Regulation that requires open APIs would allow us to bring it back, not subject to the whims of an erratic owner or shifting business trends and priorities. And, in general, it would open up markets and consumer choice for social media experiences across so many platforms,” she added.

Given the unknown future for API regulation, the company is focused on Privacy Party’s development going forward.

Chou said the idea for the new product came from talking to newsroom security teams who wanted more tools to help their journalists stay safe online.

“In addition to getting a lot of harassment, journalists sometimes have to face threats like doxing, stalking, [and] death threats. Personal social media creates a lot of surface areas for vulnerability so the security recommendation is always to lock things down,” she noted.

Other people may simply want to clean up their social profiles to keep old photos and posts from coming back to haunt them or because they were from a different era. For example, college party photos probably shouldn’t pop up for potential employers.

However, going through the security settings on the various platforms is time-consuming, tedious and complicated. The platforms often make their user interface and experience unwieldy, or change the location of settings often, to thwart users from locking down their valuable data or to appease regulators.

Privacy Party will also act like middleware here, allowing users to interact with platforms and services to adjust their privacy settings with fewer clicks.

In one example demoed at SXSW,  Block Party’s Head of Product Design Deonne Castaneda explained that it took at least six clicks on Facebook to find the setting to make a single photo album private.

“It was very clear that there was an unmet privacy need for this kind of photo control and protection that saves time and effort,” she said.

The way Privacy Party works is to offer users recommendations for different social media platforms.

In its beta form, the browser extension will customize its recommendations based on users’ current settings. The extension will navigate through Facebook, or another social app, learning about your settings in a scan that runs in the background. You will keep your browser tab open while the scan completes, and then receive an alert when it finishes. (In some cases, the scan may be paused by 2FA needs). Then, you can review your settings — like the content you’re tagged in, or the public nature of your photos and posts, and are given the ability to change the settings to be safer or skip, if you prefer.

Image Credits: Block Party

The extension also focuses on other areas that could enable bad actors or stalkers, like who can contact you, who can see your activity, what apps have access to your data, who can see personal info like your location or hometown, what older content is available and to who, and more. As you make your changes, Privacy Party’s extension will update the settings on your behalf. It’s like having a privacy expert walk you through the different settings and give you feedback about what needs to be changed and why.

The beta version of Privacy Party works across Facebook, Instagram, LinkedIn, Reddit, Strava, X and Venmo, with scans that take anywhere from just a minute to as long as eight minutes, depending on how many settings need to be locked down. The browser extension is free to use while in beta.

Image Credits: Block Party

“Each recommendation gives you transparency about what’s happening with your data and relevant potential tradeoffs,” said Castaneda. “They also present controls that you have including an additional level of control that automates finding and fixing privacy settings for you.”

Chou did not say when Privacy Party would exit beta, but it’s free to use for the time being.

The TikTok logo is seen on an iPhone 11 Pro max

TikTok fined in Italy after 'French scar' challenge led to consumer safety probe

by with No Comment Tech

The TikTok logo is seen on an iPhone 11 Pro max

Image Credits: Nur Photo (opens in a new window) / Getty Images

Italy’s competition and consumer authority, the AGCM, has fined TikTok €10 million (almost $11 million) following a probe into algorithmic safety concerns.

The authority opened an investigation last year into a “French scar” challenge in which users of the platform were reported to have shared videos of marks on their faces made by pinching their skin.

In a press release Thursday, the AGCM said three regional companies in the ByteDance group, Ireland-based TikTok Technology Limited, TikTok Information Technologies UK Limited and TikTok Italy Srl, had been sanctioned for what it summarized as an “unfair commercial practice.”

“The company has failed to implement appropriate mechanisms to monitor content published on the platform, particularly those that may threaten the safety of minors and vulnerable individuals. Moreover, this content is systematically re-proposed to users as a result of their algorithmic profiling, stimulating an ever-increasing use of the social network,” the AGCM wrote.

The authority said its investigation confirmed TikTok’s responsibility in disseminating content “likely to threaten the psycho-physical safety of users, especially if minor and vulnerable,” such as videos related to the “French scar” challenge. It also found the platform did not take adequate measures to prevent the spread of such content and said it failed to fully comply with its own platform guidelines.

The AGCM also criticized how TikTok applies the guidelines — which it says are applied “without adequately accounting for the specific vulnerability of adolescents.” It pointed out, for example, that teens’ brains are still developing and young people may be especially at risk as they can be prone to peer pressure to emulate group behavior to try to fit in socially.

The authority’s remarks particularly highlight the role of TikTok’s recommendation system in spreading “potentially dangerous” content, pointing out the platform’s incentive to drive engagement and increase user interactions and time spent on the service to boost ad revenue. The system powers TikTok’s “For You” and “Followed” feeds and is, by default, based on algorithmic profiling of users, tracking their digital activity to determine what content to show them.

“This causes undue conditioning of users who are stimulated to increasingly use the platform,” the AGCM suggested in another remark that’s notable for being critical of engagement driven by profiling-based content feeds.

We’ve reached out to the authority with questions. But its negative assessment of the risks of algorithmic profiling looks interesting in light of renewed calls by some lawmakers in Europe for profiling-based content feeds to be off by default.

Civil society groups, such as the ICCL, also argue this would shut off the outrage tap that ad-funded social media platforms monetize through engagement-focused recommender systems, which have a secondary effect of amplifying division and undermining societal cohesion for profit.

TikTok disputes the AGCM’s decision to issue a penalty.

In a statement, the platform sought to play down its assessment of the algorithmic risks posed to minors and vulnerable individuals by framing the intervention as related to a single controversial but small-scale challenge. Here’s what TikTok told us:

We disagree with this decision. The so-called “French Scar” content averaged just 100 daily searches in Italy prior to the AGCM’s announcement last year, and we long ago restricted visibility of this content to U18s, and also made it ineligible for the For You feed.

While the Italian enforcement is limited to one EU member state, the European Commission is responsible for overseeing TikTok’s compliance with algorithmic accountability and transparency provisions in the pan-EU Digital Services Act (DSA) — where penalties for noncompliance can scale up to 6% of global annual turnover. TikTok was designated as a very large platform under the DSA back in April last year, with compliance expected by late summer.

One notable change as a result of the DSA is TikTok offering users non-profiling based feeds. However, these alternative feeds are off by default — meaning users remain subject to AI-based tracking and profiling unless they take action themselves to shut them off.

Last month the EU opened a formal investigation of TikTok, citing addictive design and harmful content and the protection of minors as among its areas of focus. That procedure remains ongoing.

TikTok has said it looks forward to the opportunity to provide the Commission with a detailed explanation of its approach to safeguarding minors.

However, the company has had a number of earlier run-ins with regional enforcers concerned about child safety in recent years, including a child safeguarding intervention by the Italian data protection authority; a fine of €345 million last fall over data protection failures also related to minors; and long-running complaints from consumer protection groups that are worried about minor safety and profiling.

TikTok also faces the possibility of increasing regulation by member state–level agencies applying the bloc’s Audiovisual Media Services Directive. Such as Ireland’s Coimisiún na Meán, which has been considering applying rules to video sharing platforms that would require recommender algorithms based on profiling to be turned off by default.

The picture is no brighter for the platform over in the U.S., either, as lawmakers have just proposed a bill to ban TikTok unless it cuts ties with Chinese parent ByteDance, citing national security and the potential for the platform’s tracking and profiling of users to provide a route for a foreign government to manipulate Americans.

TikTok ‘French Scar’ challenge triggers safety probe in Italy

Coming soon to TikTok in Europe: A ‘For You’ feed without the TikTok algorithm

A screenshot of an Apex Legends competitive game, where a player appears to get hacked, and gets a cheat all of a sudden.

Esports league postponed after players hacked midgame

by with No Comment Tech

A screenshot of an Apex Legends competitive game, where a player appears to get hacked, and gets a cheat all of a sudden.

Image Credits: YouTube/APEX Streamers (opens in a new window)

On Sunday, two competitive esports players appeared to get hacked during a live-streamed game, prompting the organizers to postpone the tournament.

Players were competing in the Apex Legends Global Series, a competitive esports tournament for the popular shooter game Apex Legends, which has a $5 million total prize pool.

During two separate games, two different players suddenly gained cheats in the middle of their matches.

“Wait, what the fuck? I’m getting hacked, I’m getting hacked bro, I’m getting hacked,” said Genburten, holding his hands up during the game, according to a video they posted on X, which was also posted on multiple YouTube channels.

A screenshot of an Apex Legends player, during a game in which he appeared to get hacked mid-game.
A screenshot of an Apex Legends player, during a game in which he appeared to get hacked mid-game.

In the video, it’s clear that at one point — abruptly — Genburten starts seeing other players highlighted on the map, even those behind walls. This is what is called “wallhack,” essentially a cheat that allows hackers to see opponents through in-game obstacles.

Before that, for a split moment, a window appears on their screen, with what looks like a menu for a tool to enable cheats, titled “TSM HALAL HOOK.”

A screenshot of a window, showing cheating modes, that suddenly appears in a competitive Apex Legends game.
A screenshot of a window, showing cheating modes, that suddenly appears in a competitive Apex Legends game.

At the same time, the game’s chatbot shows a message that appears to come from the hackers: “Apex hacking global series, by Destroyer2009 &R4andom.”

In the other match, something similar happens to another competitive Apex Legends player, ImperialHal, who also posted the sequence on their X account.

“I’m cheating, I’m cheating, I’m cheating, I’m fucking cheating,” said ImperialHal. “I got aimbot!” said ImperialHal repeatedly, referring to a common cheating technique that allows players to automatically aim at enemies, essentially getting the ability to hit opponents and other players without aiming at them. “What if I just don’t shoot? What if I just don’t shoot?”

Following these hacks, the organizers of the tournament announced they were suspending and postponing the tournament.

“Due to the competitive integrity of this series being compromised, we have made the decision to postpone the [North America] finals at this time. We will share more information soon,” announced the official Apex Legends Esports account on X.

Contact Us

Do you know more about this hack? Or other video game hacking incidents? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

At this point, it’s unclear exactly what happened. Electronic Arts, the publisher of Apex Legends, did not immediately respond to emails from TechCrunch requesting comment. Neither did Genburten and ImperialHal.

On Monday, the makers of the anti-cheat system on Apex Legends and other games, Easy Anti-Cheat, ruled out the possibility that there is a remote code execution (RCE) bug in the anti-cheat system. An RCE is a security flaw that allows a remote hacker to run malicious code on a target’s device.

“We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time – we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed,” the official Easy Anti-Cheat account posted on X.

Alternative browsers report uplift after EU's DMA choice screen mandate

by with No Comment Tech

Image Credits: 07_av / Getty Images

A flagship European Union digital market regulation appears to be shaking up competition in the mobile browser market.

It’s been a little over a month since the Digital Markets Act (DMA) came into application and there are early signs it’s having an impact by forcing phone makers to show browser choice screens to users.

On Wednesday, Reuters reported growth data shared by Cyprus-based web browser Aloha and others that it said suggests the new law is stirring the competitive pot and helping smaller browser makers gain share or at least grab more attention than they were.

But it’s early days for DMA implementation, with choice screen rollouts still a work in progress, and many EU users haven’t even seen one yet. While Aloha is not the only other browser reporting a boost in interest since the DMA compliance deadline kicked in on March 7 — Brave, Opera and Vivaldi also shared positive stories of increased interest — several others, including DuckDuckGo and Firefox, told us it’s too soon for them to be able to assess the regulation’s effect.

TechCrunch reached out to 16 alternative browser makers with questions, as well as Apple and Google, to inform our reporting. We also contacted the European Commission to ask about its own tracking of the DMA’s impact in this area — but it declined to share any data.

Neither Apple nor Google responded to questions asking about any changes in regional usage of their own browsers since the choice screens began being shown to mobile users.

Opting for choice screens

The EU’s goal for the DMA is to boost competition against internet “gatekeepers” whose control of dominant platforms gives them many operational advantages over smaller rivals. The regulation does this through a list of “dos and don’ts” that tech giants must comply with. In the case of browsers, it obliges the likes of iOS maker Apple and Google’s Android to display browser choice screens — forcing them to point users to alternatives to Apple’s Safari and Google’s Chrome.

Choice screens are intended to work against platform dominance and self-serving defaults by alerting consumers there are other options. But users do still need to decide to switch to an alternative app in order for choice screens to boost competition. The design of screens is also important.

Some alternative browser makers remain concerned the design of choice screens isn’t where it needs to be. We suspect this is leading to reluctance by some underdogs to share data on early impact, especially as the EU is currently investigating Apple’s choice screen design for suspected noncompliance.

In other words, some browser makers may be playing a waiting game in the hopes of encouraging Commission enforcers to push for a stronger implementation. At the same time, some really small browser players may see more gains to be had from good old-fashioned publicity — for example, sending out a press release trumpeting early interest — as a tactic to raise their profile to try to drive more downloads through increased awareness.

Overall, it’s still very early. Many regional mobile users may not have even seen a choice screen appear on their handset yet. Google, for instance, says screens are being displayed on newly launched Android devices but for existing Android handsets it’s up to the makers of the devices to push out the choice screens to their users. So there isn’t a clear implementation timeline on Android.

While in the case of iOS, Apple says it’s been displaying choice screens to users of iOS since iOS 17.4. But users who haven’t updated to this version also won’t have seen any yet.

Mozilla, maker of the Firefox browser, told us it estimates that less than a fifth of iOS users have been shown a choice screen so far. It reckons even fewer Android users have seen one in the wild as yet.

With this patchy Android rollout picture in mind, it seems likely that more iOS users will have seen choice screens than Android users so far — even though Google’s platform has a larger regional market share.

Measuring the impact of the DMA on alternative browsers’ market share is further complicated by variations in the apps that mobile users see in different EU countries. Some alternatives, such as Firefox, can appear on the iOS choice screen in every EU market. Whereas others are far more limited: Vivaldi, for example, can only appear in eight countries. So exposure to potential users can vary substantially depending on the browser. (Apple lists the options it’s currently showing in each market here.)

Alt browsers on the up?

Aloha, a browser that focuses on privacy and claims not to track users, told us it’s seen 250% growth in new users (i.e., app downloads) since the DMA came into effect last month. It reports having approximately 10 million active monthly users globally — and estimates that around 1 million of those are located in the EU. So it remains a very small player.

However, since Aloha says it does not collect any personal data, including location data, it told us it cannot be precise about where its users are located. Yet it told Reuters the EU had moved up from being its fourth largest market to its second largest since the DMA compliance deadline kicked in.

Aloha also claimed to have seen an uptick in users in the U.S. since the DMA came into effect — yet the regulation does not apply in the U.S. market so U.S. users aren’t encountering it via browser choice screens. Aloha told TechCrunch it believes privacy awareness is rising generally, but also suggested growth in new installs in the EU may be helping to raise its position in the U.S. App Store.

Norway-based Opera, meanwhile, is also claiming market share gains since the DMA started to bite on March 7. Per new metrics shared with TechCrunch Wednesday, Opera said new user growth from February to the end of March was 63% — so it’s reporting a substantial uptick in people downloading Opera and giving it a try.

It is also reporting a 39% growth in users on iOS selecting its browser as their default specifically, from March 3 until April 4.

Previously (as of March 18), Opera reported 164% growth in the inflow of new EU users on iOS after the deadline for Apple to implement the DMA-enforced choice screen. So there actually appears to have been a drop in the growth rate it’s seen over this period — that is, after a bigger initial spike of interest.

Regardless, Opera is sounding very happy with the extra level of interest it’s seeing. In a statement, Jørgen Arnesen, its EVP of mobile, said the DMA “is working to even the playing field,” adding: “We’re excited to see that it has become easier for users to express their browser choice and for that choice to be respected.”

Another browser maker with a positive experience since DMA compliance day is Vivaldi, which is also developed out of Norway.

It told TechCrunch it’s seen an increase of 36.7% in downloads in the EU (in total) since the iOS choice screen came into effect. But the boost in downloads is even bigger when you look at the eight markets where Vivaldi is actually being shown on iOS choice screens. In those markets it said downloads have increased 69.6% since the choice screen started being pushed at users.

Despite this uptick in downloads, Vivaldi is unhappy with the current design of Apple’s choice screen.

“There are significant flaws with its implementation, including when it is shown and what is shown,” a company spokesperson told us. “Users can only see the choice screen when they click Safari. The list of browsers does not show additional information and that does not help users to make a meaningful choice. If the user has already selected a browser of their own choice, the choice screen can actively try to push them away from it, and may not even include it in the list that it presents to the user.”

“We think the priority should be given to cross-platform browsers, so that the same browser can be used on all of the user’s devices,” she added. “Apple looks at it very narrowly, per platform and country. We believe the main browser choices should be visible and we are not. And we should be on the list for all countries.”

We also heard positive things from Brave. The U.S.-based privacy-focused browser said it’s seen “a significant uptick” in installs since the DMA came into effect. (Although it does not report users per region so declined to break out total usage figures for the EU.)

“The daily installs for Brave on iOS in the EU went from around 7,500 to 11,000 with the new browser panel this past March,” per a company spokesperson. “In the past few days, we have seen a new all time high spike of 14,000 daily installs, nearly doubling our pre-choice screen numbers.”

“Regarding retention, users who are choosing Brave from the DMA screen are being retained equally to or better than our average,” she added, arguing that, overall, the uptick in interest it’s seeing “confirms that users want choice.”

On the flip side, three other alternative browsers that we contacted — DuckDuckGo, Ecosia and Firefox — suggested it’s too early to tell whether the DMA is helping them.

Veteran privacy-focused browser maker DuckDuckGo declined to share any data, saying it’s too soon to draw meaningful conclusions.

“While we’ve seen some positive signs, the choice screen rollout is ongoing and for a competitor like us that sees billions of searches and millions of downloads a month, we need more time to make an accurate impact assessment at scale,” it said in a statement.

DuckDuckGo also told us it lacks access to “key information” to be able to assess the DMA’s impact, saying, for example, that it has no way of knowing how many people have seen a search engine or browser choice screen.

“This is key because it would help us understand our selection rate on a choice screen and how widespread the rollout has been,” it noted, adding: “We’re at the beginning of this journey, not the end.”

Another alt player, the not-for-profit, tree-planting and eco-action focused Ecosia, also told us it doesn’t have enough data to make an accurate assessment of the regulation’s impact. “We have not received selection rates or any other meaningful datasets, so it is hard for us to solidly report on the effectiveness of the choice screen at this stage,” said Sophie Dembinski, its head of public policy and climate action.

She emphasized Ecosia isn’t happy with the current iOS choice screen, which it believes is hampering potential growth — also pointing to the Commission’s open case investigating Apple’s implementation.

“While Ecosia has jumped to second and third position in some European markets for utility apps in the Apple App Store, our search numbers have barely changed,” she said. “This is due to several design issues within Apple’s choice screen — such as showing the choice screen to users who have already selected an alternative choice to Safari; an overly complex installation process which loses a large number of users; and keeping the Safari browser app in the best position on the home screen.”

Another veteran browser player, Firefox, is also keeping its powder dry when it comes to assessing early impact.

“We are not currently sharing absolute numbers, both because we have some serious concerns about the current choice screens and because we estimate that less than 20% of users on iOS and likely less on Google have been exposed to them thus far,” said Mozilla’s Kush Amlani, global competition and regulatory counsel.

“The DMA represents a once-in-a-generation opportunity to create competition and choice for EU consumers. Whether that potential is realized depends on the gatekeepers’ compliance and the European Commission’s enforcement,” he emphasized, also referencing the Commission’s probes into suspected gatekeeper non-compliance.

“While we’re seeing many thousands of people select Firefox on the choice screens, we don’t think this should distract from the fact that the iOS choice screen has significant flaws that block people from making genuine choices,” Amlani added. “The critical challenge is that powerful and deep-pocketed gatekeepers are incentivized to protect their existing closed ecosystems and fight the implementation of the DMA, which will open them up to competition.”

TechCrunch’s outreach to browser makers that may benefit from the DMA choice screens also yielded one report of no meaningful impact since the requirement kicked in: Yandex, a Russia-based browser that can appear on the iOS choice screen anywhere in the EU, told us it hasn’t seen “any meaningful changes in the user metrics in the region so far.”

In Yandex’s case, its possible disinterest in switching could be linked to consumer concerns about using or supporting software that’s developed in Russia in light of the Ukraine war.

Apple, Google and Meta face first formal investigations under EU’s DMA

Europe’s DMA rules for Big Tech explained

Protests outside Google's offices

Google fires 28 employees after sit-in protest over controversial Project Nimbus contract with Israel

by with No Comment Tech

Protests outside Google's offices

Image Credits: Justice Speaks

Google has terminated the employment of 28 staff following a prolonged sit-in protest at the company’s Sunnyvale and New York offices.

The employees were protesting against Project Nimbus, a $1.2 billion cloud computing contract inked by Google and Amazon with the Israeli government and its military three years ago. The controversial project, which reportedly also provides Israel with the full suite of Google Cloud’s artificial intelligence and machine learning technology, allegedly has strict contractual stipulations that prevent Google and Amazon from bowing to boycott pressure. This effectively means that they must continue providing services to Israel no matter what.

Conflict

Employees at Google have protested and publicly chastised the contract since 2021, but as the Israel-Palestine conflict continues to escalate in the wake of last October’s attacks by Hamas, this unrest is spilling further into the workforces of corporations deemed not only to be helping Israel, but also actively profiteering from the conflict.

While the latest rallies included demonstrations outside Google’s Sunnyvale and New York offices, as well as Amazon’s Seattle HQ, protestors went one step further by going inside the buildings, including the office of Google Cloud CEO Thomas Kurian.

In a statement issued to TechCrunch via anti-Big Tech advocacy firm Justice Speaks, Hasan Ibraheem, a Google software engineer participating in the New York City sit-in protest, said that by providing cloud and AI infrastructure to the Israeli military, Google is “directly implicated in the genocide of the Palestinian people.”

“It’s my responsibility to do everything I can to end this contract even while Google pretends nothing is wrong,” Ibraheem said. “The idea of working for a company that directly provides infrastructure for genocide makes me sick. We’ve tried sending petitions to leadership but they’ve gone ignored. We will make sure they can’t ignore us anymore. We will make as much noise as possible. So many workers don’t know that Google has this contract with the IOF [Israel Offensive Forces]. So many don’t know that their colleagues have been facing harassment for being Muslim, Palestinian and Arab and speaking out. So many people don’t realize how complicit their own company is. It’s our job to make sure they do.”

Nine Google workers were also arrested and forcibly removed from the company’s offices — four in New York and five in Sunnyvale. A separate statement issued by Justice Speaks on behalf of the “Nimbus nine” protestors, said that they had demanded to speak with Kurian, but their request was denied.

The statement reads in full:

Last night, Google made the decision to arrest us, the company’s own workers — instead of engaging with our concerns about Project Nimbus, the company’s $1.2 billion cloud computing contract with Israel. Those of us sitting in Thomas Kurian’s office repeatedly requested to speak with the Google Cloud CEO, but our requests were denied. Throughout the past three years, since the contract’s signing, we have repeatedly attempted to engage with Google executives about Project Nimbus through company channels, including town halls, forums, petitions signed by over a thousand workers, and direct outreach from concerned workers.

Google executives have ignored our concerns about our ethical responsibility for the impact of our technology as well as the damage to our workplace health and safety caused by this contract, and the company’s internal environment of retaliation, harassment, and bullying. At every turn, instead, Google is repressing speech inside the company, and condoning harassment, intimidation, bullying, silencing, and censorship of Palestinian, Arab, and Muslim Googlers.

Workers have the right to know how their labor is being used, and to have a say in ensuring the technology they build is not used for harm. Workers also have the right to go to work without fear, anxiety, and stress due to the potential that their labor is being used to power a genocide. Google is depriving us of these basic rights, which is what led us to sit-in at offices across the country yesterday.

Meanwhile, Google continues to lie to its workers, the media, and the public. Google continues to claim, as of yesterday, that Project Nimbus is “not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services.” Yet, reporting from TIME Magazine proves otherwise. Google has built custom tools for Israel’s Ministry of Defense, and has doubled down on contracting with the Israeli Occupational Forces, Israel’s military, since the start of its genocide against Palestinians in Gaza. By continuing its lies, Google is disrespecting and disregarding consumers, the media, as well as, most importantly, us — its workers.

We will not stay silent in light of Google’s bare-faced lies. Hundreds and thousands of Google workers have joined No Tech for Apartheid’s call for the company to Drop Project Nimbus. Despite Google’s attempts to silence us and disregard our concerns, we will persist. We will continue to organize and fight until Google drops Project Nimbus and stops aiding and abetting Israel’s genocide and apartheid state in Palestine.

A Google spokesperson confirmed to TechCrunch that 28 employees were fired and that it will “continue to investigate and take action” if needed.

“These protests were part of a longstanding campaign by a group of organizations and people who largely don’t work at Google,” the spokesperson said. “A small number of employee protesters entered and disrupted a few of our locations. Physically impeding other employees’ work and preventing them from accessing our facilities is a clear violation of our policies, and completely unacceptable behavior. After refusing multiple requests to leave the premises, law enforcement was engaged to remove them to ensure office safety.”