We’re down to the last 2 days to save up to $600 on TechCrunch Disrupt 2024 tickets! Prices will rise after August 23 at 11:59 p.m. PT. Don’t miss your chance to save big on one of the most epic tech events of the year, happening October 28-30 at Moscone West in San Francisco.
Why attend Disrupt 2024?
Connect with over 10,000 attendees, founders, and investors across 300+ Roundtable and Breakout Sessions, dive into 1:1 or small group Braindates, and extend your networking at receptions and post-Disrupt Side Events hosted by participating businesses.
Witness top-tier VCs in action as they assess startups and reveal what it takes to succeed at the highly anticipated Startup Battlefield. A few chosen startups will pitch to VC heavyweights, vying for the $100,000 equity-free prize and the coveted Disrupt Cup.
Gain invaluable insight from industry leaders
A major highlight of Disrupt is the wealth of knowledge shared by our speakers. With six stages featuring industry thought leaders and innovators, Disrupt 2024 is your chance to learn from the best.
AI Stage presented by Google Cloud
Amit Jain, CEO, Luma AIAravind Srinivas, Co-Founder and CEO, PerplexityMichael Shulman, Co-Founder and CEO, SunoMeet the rest of the AI Stage speakers.
Builders Stage
Andy Dunn, Founder, PieMartin Casado, General Partner, Andreessen HorowitzTamar Yehoshua, President of Product and Technology, GleanMeet the rest of the Builders Stage speakers.
Fintech Stage
Jason Wilk, CEO, DaveJesse Pollak, Creator of Base, BaseMadhu Muthukumar, Chief Product Officer, ChimeMeet the rest of the Fintech Stage speakers.
SaaS Stage
Chet Kapoor, Chairman and CEO, DataStaxDenise Dresser, CEO, Slack from SalesforceGeorge Gerchow, Head of Trust, MongoDBMeet the rest of the SaaS Stage speakers.
Space Stage presented by Aerospace
Bridgit Mendler, CEO, Northwood SpaceMelissa Quinn, Managing Director, Slingshot Aerospace, Ltd.Peter Beck, Founder and CEO, Rocket LabMeet the rest of the Space Stage speakers.
Lock in your ticket discount
Time is running out! Only 48 hours left to grab your discounted Disrupt 2024 tickets. Save up to $600 by registering before August 23. Secure your savings here.
More and more hackers are targeting regular people with the goal of stealing their crypto, perhaps getting into their bank accounts or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s important to know what you can do to protect yourself if you suspect someone got into your email or social media account.
A few years ago, I wrote a guide to help people protect themselves, and understand that most of the companies you have an account with already offer you tools to take control of your accounts’ security, even before you contact them for help, which in some cases you still should do.
Here we break down what you can do on several different online services.
Just like in the previous guide, there’s an important caveat. You should know that these methods don’t guarantee that you haven’t been compromised. If you still aren’t sure, you should contact a professional, especially if you are a journalist, a dissident or activist, or otherwise someone who has a higher risk of being targeted. In those cases, the nonprofit Access Now has a digital security helpline that will connect you to one of their experts.
Another caveat, if you don’t do this already, you should enable multi-factor authentication on all your accounts, or at least the most important ones (email, banking, social media). This directory is a great resource that teaches you how to enable multi-factor authentication on more than 1,000 websites. (Note that you don’t have to use the multi-factor app promoted on that site, there are plenty of other alternatives.)
Increasingly some online services offer the use of a physical security key or a passkey stored in your password manager, which is one of the highest safeguards to prevent account intrusions that rely on password-stealing malware or phishing.
Gmail lists all the places your account is active
The first thing you should do if you suspect someone has broken into your Gmail account (and by extension all the other Google services linked to it) is to scroll all the way down in your inbox until you see “Last account activity” in the bottom right corner.
Click on “Details.” You will then see a pop-up window that looks like this:
A list of recent account activity on Google’s account page.Image Credits: TechCrunch
These are all the places where your Google account is active. If you don’t recognize one of them, for example if it comes from a different location, like a country you haven’t visited recently or have never been, then click on “Security Checkup.” Here you can see on which devices your Google account is active.
Google’s Security Checkup Page, including a view that shows “where you’re signed in.”Image Credits: TechCrunch
If you scroll down, you can also see “Recent security activity.”
Recent security activity on Google’s Security Checkup Page.Image Credits: TechCrunch
Check this list to see if there are any devices that you don’t recognize. If in any of these places above you see something suspicious, click on “See unfamiliar activity?” and change your password:
Changing your Google account password.Image Credits: TechCrunch
After you change your password, as Google explains here, you will be signed out of every device in every location, except on the “devices you use to verify that it’s you when you sign in,” and some devices with third-party apps that you’ve granted account access to. If you want to sign out there too, go to this Google Support page and click on the link to “View the apps and services with third-party access.”
Removing third-party access to your Google account.Image Credits: TechCrunch
Finally, we also suggest considering turning on Google’s Advanced Protection on your account. This enhanced security protection makes phishing your password and hacking into your Google account even harder. The drawback is that you need to purchase security keys, hardware devices that serve as a second-factor. But we think this method is important and a must-use for people who are at a higher risk.
Also, remember that your email account is likely linked to all your other important accounts, so getting into it could turn out to be the first step into hacking into other accounts. That’s why securing your email account is more important than virtually any other account.
Outlook and Microsoft logins are in the account settings
If you are concerned about hackers having accessed your Microsoft Outlook account, you can check “when and where you’ve signed in,” as Microsoft puts it in the account settings.
To go to that page, go to your Microsoft Account, click on Security on the left-hand menu, and then under “Sign-in activity” go to “View my activity.”
Checking recent sign-in activity on your Microsoft account.Image Credits: TechCrunch
At this point, you should see a page that shows recent logins, which platform and device was used to log in, the type of browser and the IP address.
Checking recent activity on your Microsoft account.Image Credits: TechCrunch
If something looks off, click on “Learn how to make your account more secure,” where you can change your password, check “how to recover a hacked or compromised account” and more.
Microsoft also has a support portal with information on the Recent activity page.
As we noted above, your email account is the cornerstone of your online security, given that it’s likely that most of your important accounts — think social media, bank and healthcare provider, etc. — are linked to it. It’s a popular target for hackers who want to then compromise other accounts.
Keep your LinkedIn account locked down
LinkedIn has a support page detailing the steps you can follow to check if your account is logged into a device or location on the web, iOS and Android that you don’t recognize.
LinkedIn has a specific page on its website where you can check the places where you are logged in.
A screenshot showing all the places where your LinkedIn account is logged in around the web.Image Credits: TechCrunch
If you don’t recognize one of those sessions, click on “End” to log out of that particular session, and enter your password when prompted. If you click on “End these sessions,” you will be logged out of all the devices other than the device that you are using.
On iOS and Android, the process is the same. In the LinkedIn app, tap on your profile picture on the top, tap on “Settings,” then “Sign in & Security,” then “Where you’re signed in.” At that point you will see a page that is essentially identical to the one you can see on the web.
LinkedIn also has a security feature that requires you to confirm on your app if someone tries to log into another device.
A sign-in request notification on a LinkedIn account set up on an iPhone.Image Credits: TechCrunch
If you tap on the sign-in request notification, you will see a page that asks you to confirm that it was you who just attempted to login. There you can confirm the log in, or block the attempt.
A LinkedIn message detailing a sign-in request from another device.Image Credits: TechCrunch
Yahoo offers email tools to help
Like other email providers, Yahoo (which owns TechCrunch) also offers a tool to check your account and sign-in activity with the goal of allowing you to see any unusual activity that could be a sign of compromise.
To access this tool, go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, and click on “Manage your account.”
Accessing your Yahoo account information.Image Credits: TechCrunch
Once there, click on “Review recent activity.” On this page you will be able to see recent activity on your account, including password changes, phone numbers added and which devices are connected to your account, as well as their corresponding IP addresses.
Checking recent account activity on your Yahoo account.Image Credits: TechCrunchChecking recent account activity on your Yahoo account.Image Credits: TechCrunch
Given that it is likely that you have linked your email address to sensitive websites like your bank, your social media accounts and healthcare portals, among others, you should make an extra effort to secure it.
Ensure your Apple ID is safe
Apple allows you to check which devices your Apple ID is logged in directly through the iPhone and Mac system settings, as the company explains here.
On an iPhone or iPad, go to “Settings,” tap your name, and scroll down to see all the devices that you are signed in on.
A screenshot on an iPhone showing all the logged-in devices on an Apple account.Image Credits: Apple
On a Mac, click on the Apple logo on the top left corner, then “System Settings,” then click on your name, and you will also see a list of devices, just like on an iPhone or iPad.
A screenshot on a Mac showing all the logged-in devices on an Apple account.Image Credits: Apple
If you click on any device, Apple says, you will be able to “view that device’s information, such as the device model, serial number” and operating system version.
On Windows, you can use Apple’s iCloud app to check which devices are logged into your account. Open the app, and click on “Manage Apple ID.” There you can view the devices and get more information on them.
Finally, you can also get this information through the web, going to your Apple ID account page, then clicking on “Devices” in the left hand menu.
A screenshot on a browser view showing all the logged-in devices on an Apple account.Image Credits: Apple
How to check Facebook and Instagram security
The social networking giant offers a feature that lets you see where your account is logged in. Head to Facebook’s “Password and Security” settings and click on “Where you’re logged in.”
Account login activity for a Facebook account.Image Credits: TechCrunch
In the same interface you can also see where you are logged in with your Instagram account, provided it’s linked to your Facebook account. If the accounts are not linked, or you just don’t have a Facebook account, go to Instagram’s “Account Center” to manage your Instagram account and click on Password and Security, and then “Where you’re logged in.”
Here you can choose to log out from specific devices, perhaps because you don’t recognize them, or because they are old devices you don’t use anymore.
Just like Google, Facebook offers an Advanced Protection feature as well as for Instagram, which essentially makes it harder for malicious hackers to log onto your account. “We’ll apply stricter rules at login to reduce the chances of unauthorized access to your account,” the company explains. “If we see anything unusual about a login to your account, we’ll ask you to complete extra steps to confirm it’s really you.”
If you are a journalist, a politician or otherwise someone who is more likely at risk to be targeted by hackers, you may want to switch on this feature.
It’s easy to see whether your WhatsApp is safe
In the past, it was only possible to use WhatsApp on one mobile device only. Now, Meta has added functionalities for WhatsApp users to use the app on computers, and also directly via browser.
Checking where you logged in with your WhatsApp account is simple. Open the WhatsApp app on your mobile phone. On iPhones and iPads, tap on the Settings icon in the bottom right corner, then tap on “Linked devices.”
There, you will be able to see a list of devices, and by clicking on one of them you can log them out.
Checking linked devices on a WhatsApp account.Image Credits: TechCrunchChecking linked devices on a WhatsApp account.Image Credits: TechCrunch
On Android, tap on the three dots in the top-right corner of the WhatsApp app, then tap “Linked devices” and you will see a page that’s very similar to what you would see on Apple devices.
Signal also lets you check for anomalies
Like WhatsApp, Signal now lets you use the app via dedicated Desktop apps for macOS, Windows, as well as Linux.
Looking for linked devices attached to a Signal account.Image Credits: TechCrunch
From this screen of Linked Devices, you can tap on “Edit” and remove the devices, which means your account will be logged out and unlinked from those devices.
X (Twitter) lets you see what sessions are open
To see where you are logged into X (formerly Twitter), go to X Settings, then click on “More” on the left-hand menu, click on “Settings and privacy,” then “Security and account access” and finally “Apps and sessions.”
From this menu, you can see which apps you have connected to your X account, what sessions are open (such as where you are logged in) and the access history of your account.
You can revoke access to all other devices and locations by hitting the “Log out of all other sessions” button.
Looking at the logged-in sessions on an X account.Image Credits: TechCrunchLooking at the account access history on an X account.
Securing your Snap account
Snap has a feature that allows you to check where you are logged in. A Snapchat support page details the steps you can follow to check. You can use both the app on iOS and Android, or Snapchat’s website.
On iOS and Android, open the app, tap on your profile icon, then the settings (gear) icon, then tap on “Session Management.” At that point you will be able to see a list of sessions your account is logged into. It looks like this:
Snap’s session management feature found in the iOS app.Image Credits: TechCrunch
On the web, go to Snapchat Accounts, then click on “Session Management.” There you will see a list of logged-in sessions that looks essentially the same as the image above. Both on the web and in the app, you can log out of sessions that seem suspicious or you don’t recognize.
Snapchat also has a security feature that alerts you on your phone when someone is logging into your account, whether it’s you or a would-be intruder.
A sign-in request notification on a Snap account set up on an iPhone.Image Credits: TechCrunch
TechCrunch tested this sign-in flow on different devices. The notification above may not display if you log back into a device you had already logged into. But if Snapchat thinks a login is “suspicious” — perhaps because the person logging in is using a different device or IP address — the app will show whoever is attempting to log in a new screen asking them to verify the phone number associated with the account, showing only the last four digits.
If the person attempting the login then taps “Continue,” the account owner will receive a text message on their phone number with a code, which prevents the other person from logging in.
However, you will only get this alert after the person has entered your correct password. That’s all the more reason to make sure you use a long and unique password, which makes passwords harder to guess, and enable multi-factor authentication with an authenticator app, rather than your phone number.
First published on July 14, 2024 and updated on August 26, 2024 to include Snap and LinkedIn.
Are you a Series A or B startup ready to make waves in the tech industry? The ScaleUp Startups Exhibitor Program at TechCrunch Disrupt 2024 can be your launchpad to success. This program offers unparalleled exposure, connecting you with top industry leaders, investors, and potential partners.
Don’t miss out — less than a week left to apply before the August 30 deadline. Get started on your application here.
Why sign up for the ScaleUp Startup Program?
Broaden your reach: Showcase your innovative startup on the bustling Disrupt Expo Floor, where 10,000+ tech leaders, investors, and media converge. This is your chance to highlight your startup and build connections that could drive your business forward.
Amplify your impact: With four full conference passes, your team can dive deep into the Disrupt experience. Attend key sessions, network with industry leaders, and present your startup to a diverse audience, fostering important relationships.
Maximize your exposure: Secure significant exposure through the Disrupt website, exhibitor lists, and event app. With access to the exclusive Disrupt press list and comprehensive marketing support, your startup will capture the attention of key investors and partners.
Cost-effective and high-value: For just $3,500, the ScaleUp Startup Exhibitor Package provides unmatched value with comprehensive visibility, networking, and marketing support. If your application is not accepted, you will receive a full refund, making this a risk-free investment.
The ultimate startup package
Exhibition space: One 6’ x 30” table with table linen and chairs, providing a professional setup to showcase your startup.Exhibition day: One full day to exhibit, strategically chosen by TechCrunch to ensure maximum exposure.Team passes: Four startup exhibit team-member passes, allowing your team to engage fully with the event.Branding: An 11” x 14” tabletop sign with your startup’s logo, enhancing your presence.Lead generation: Access to lead-generation services, helping you capture valuable contacts.Connectivity: Complimentary partner Wi-Fi network access, ensuring seamless communication.Visibility: Your logo and company profile featured in the TechCrunch Disrupt mobile app, amplifying your reach.Press access: Access to the exclusive TechCrunch Disrupt press list, increasing your media exposure.Guest passes: Ten Expo+ passes for your network and supporters, broadening your audience.
Explore all of this program’s offerings.
Unlock your startup’s growth potential
Accelerate your startup’s growth at one of the most anticipated tech events of the year, taking place in San Francisco from October 28-30.
Apply by August 30 to ensure you don’t miss out on this opportunity. Secure your ScaleUp Startup package before applications close.
Image Credits: Antonio Pagano (opens in a new window)
The human brain has long been a subject of fascination for art and science, which are now both mixed into “Brainstorms: A Great Gig in the Sky,” a new live interactive experience to the tune of Pink Floyd.
Interactivity is optional, but memorable. Exhibition visitors can opt in (and pay extra) to have their brain activity recorded while listening to Pink Floyd’s classic album “The Dark Side of the Moon” — and later on, displayed as a mesmerizing cloud synced to that same soundtrack in a very large room of London’s immersive art gallery Frameless.
Immersive art venues have been popping up across the world, often featuring popular painters whose works blend walls, ceilings and floors around the visitors. But combining the concept with music and a live element brings “Brainstorms” closer to “ABBA Voyage,” for instance.
That’s not their only thing in common: Both shows similarly use technology as an enabler, not a focus.
This makes “Brainstorms” different from last year’s groundbreaking experiment in which neuroscientists were able to re-create Pink Floyd’s “Another Brick in the Wall, Part 1” using AI to decipher the brain’s electrical activity. This time, it is a spectacle.
In “Aurora,” brain recordings from relaxed volunteers are displayed in “a calming blue.”Image Credits: Antonio Pagano
While advanced technology is involved behind the scenes, from Emotiv EEG headsets and spatial audio to Unreal-powered visualizations, the starting point of the Brainstorms project was very much music — more precisely, that of late Pink Floyd keyboardist Richard Wright.
Wright’s daughter, Gala, wanted to do something special for the 50th anniversary of the album featuring “The Great Gig in the Sky,” the iconic tune composed by her father, with no less memorable vocal composition by Clare Torry. “So we started to put together ideas,” composer and music technologist JJ Wiesler told TechCrunch during the premiere.
Wiesler is the co-founder of Pollen Music Group, a San Francisco-based creative outlet renowned for its music scores and sound design. With both a music studio and a lab where it works with VR/XR headsets, phones, home devices and more, Pollen isn’t new to experimenting. But “this is a bit of a change to take it into the exhibition world,” he said.
It was Gala Wright who had the idea to focus on neuroscience and the study of the human brain’s reaction to music. This led her and Pollen to partner with Dolby to record the brain activity of 125 volunteers listening to “The Great Gig in the Sky,” synced with ad hoc software, Wiesler said.
Conducted last year, the experiment forms the basis of “Aurora,” a creation in which the moon casts a glow over the arctic tundra, progressing into an aurora borealis.
“Aurora” takes up the entirety of Frameless’s largest gallery, but there are four in total, which wasn’t part of the original plan. With 30,000 square feet at its disposal, the Brainstorms team came up with more than fillers. Keeping “great gigs in the sky” as its overarching theme, it took on a room of its own with “Eclipse” and enlisted London-based music artist Imogen Heap for a bird-inspired room.
Get off my cloud
A musician known for engaging with technology, Heap is doubly featured in “Murmur,” which is set to her ambient track Cumulus, while two starling flocks — murmurations — represent her brain activity and her daughter dancing in the sunset.
In “Murmur,” starling flocks represent musician Imogen Heap’s brain waves and her daughter dancing in the sunset.Image Credits: Antonio Pagano
Perhaps more clearly than in any other room, this visualization gives us a glimpse of how the same music can affect different people. That’s the science part of Brainstorms: During the visit, participants will learn that visualizations reflect what others felt while listening to Pink Floyd.
In “Aurora,” engagement triggers red aurora hues, relaxation adds “a calming blue,” and excitement enlivens the movement of the aurora, exhibition panels explain. Meanwhile, in “Eclipse,” raw electrical power from the brain fuels solar activity, driving flares and ejections, while regional activity of the brain is aligned spatially with the sun’s surface activity.
For visitors who opt into EEG readings, it goes more personal: A couple of days after their visit, they’ll receive a summary of their brain activity. It comes with science-based explanations on gamma, beta, alpha and theta brain waves and what it says about one’s state of mind, but it’s arguably the personalized visualization that they will remember the most.
“We created a visualization engine that was about how clouds form, because Richard Wright was an amateur photographer who took thousands of pictures of clouds,” Wiesler said. Cross that with data and neuroscience, and you get the Cloud Gallery.
The Cloud Gallery is one of Brainstorms’ four rooms at London’s immersive art venue Frameless.Image Credits: Antonio Pagano
“Enjoy your cloud,” the PR person tells me before I wander into the vast room to watch my brain on-screen, moments after Imogen Heap did just the same. Because of steps taken to preserve anonymity, only you will know which cloud is yours, but the look in your eyes might be a tell.
From ASMR to brain-themed museum exhibitions, there’s rising interest in what music does to our brains, but there’s something about Pink Floyd’s music that makes it a perfect fit for such a display. “Due to popular demand,” “Brainstorms” already added new dates to its London residency, its organizers said, and I won’t be surprised if it eventually makes its way to other cities and immersive venues around the world.
Once upon a time, in a galaxy not so far away (this one, in fact), a few internet rebels decided that they were tired of the corporate overlords controlling their online lives. Thus, the fediverse was born — an attempt to wrest control of microblogging services, such as Twitter and its ilk, away from centralized powers and into the hands of the people.
The term “fediverse” combines “federation” and “universe.” In a nutshell, it’s a collection of social networking services that can communicate with each other (formally known as federation).
The fediverse roots trace back to the 2000s, with the rise of projects like StatusNet, which later evolved into GNU social. The big bang happened in 2016 when Mastodon, an open-source microblogging platform, entered the scene. Since then, myriad decentralized platforms have sprouted, including Bluesky (although that one falls in a slightly different category – more about that in just a moment), Threads, and Pleroma, each with its unique flavor, all united by their disdain for Big Tech’s centralized control.
GNU Social and StatusNet were the pioneers. They aimed to create a more open and free web, where users controlled their data and interactions. StatusNet’s most notable instance, identi.ca, was an early example of a federated social network. However, these platforms struggled to gain mainstream traction due to technical complexity and limited user bases – kinda like the early days of crypto, come to think of it.
Then, in 2016, Mastodon entered the scene. It was created by Eugen Rochko, a Russia-born software developer who decamped to Germany. With a familiar interface and an emphasis on user experience, Mastodon quickly became the poster child of the fediverse. Its success lay in balancing decentralization with usability, attracting users tired of Twitter’s toxic environment and draconian policies. Mastodon’s growth was exponential, sparking interest and spawning numerous other fediverse projects.
Why the fediverse could be the next big thing in social media
The fediverse isn’t just another social media platform; it’s a rallying cry and a manifesto of sorts. Here are a few reasons why its fans believe it’s the next big thing:
Power to the people: With decentralization as its rallying cry, no single entity controls the fediverse. It’s like the Wild West but with fewer guns and (a lot) more memes. This decentralization means users have more control over their data and interactions. Each server operates independently yet can still communicate with others, creating a vast, interconnected network. This structure prevents the concentration of power and mitigates the risks associated with data breaches and surveillance.
Your data, your rules: Privacy often plays a big part in the conversation around the fediverse. Unlike certain social media giants, fediverse platforms claim they don’t sell your data to the highest bidder. Many instances prioritize user privacy, with policies prohibiting data mining and tracking. Users can choose servers with privacy-focused practices and even host their own instances for maximum control. This approach appeals to those concerned about their digital footprint and the pervasive surveillance of corporate social media.
Like the OG internet: The fediverse fosters small, tight-knit communities where you can actually have meaningful conversations instead of screaming into the void. Each server often caters to specific interests or values, enabling users to find like-minded individuals. This community-centric approach contrasts sharply with the global, often chaotic nature of platforms like Twitter and Facebook, where meaningful interactions are buried under a deluge of noise.
Have it your way: If your perfect blend of spices doesn’t exist, you can make your own: The software is open-source, so you can go ham with the hacking. Want a purple interface where all posts are automatically translated into Klingon? You do you, boo. The fediverse’s flexibility allows users to customize their experiences, from interface design to functionality. Developers can create and share modifications, enhancing the platform’s capabilities and fostering innovation. This adaptability — at least in theory — ensures that the fediverse evolves with its users, staying relevant and responsive to their needs.
Key players in the fediverse
The fediverse is kinda like “Being John Malkovich” in that there are a lot of actors, but they all kind of look alike. This is where a lot of the confusion comes from. Here are some of the key players worth being aware of:
Mastodon is an open-source, decentralized social network within the broader fediverse. It enables users to create and join independent, interconnected communities or instances governed by rules and moderation policies. This structure promotes user autonomy and content diversity while reducing reliance on centralized control. By offering a more user-centric alternative to traditional social media platforms, Mastodon has long been a key player and plays a crucial role in the fediverse, fostering a collaborative and resilient digital landscape emphasizing privacy, free expression, and community-driven interaction.
Threads is Meta’s runner in the fediverse race. It uses the ActivityPub protocol, which lets Threads fly the platform interoperability flag the fediverse is known for – although Meta has received some criticism for being slow to fully participate. Still, with the weight of Meta behind it, Threads positions itself as a key player in the evolution of a more connected and diverse online ecosystem.
Pleroma is another microblogging platform, similar to Mastodon but lighter and more customizable. Developed by Lain and based on the Elixir programming language, Pleroma offers greater flexibility and performance. It’s a favorite among tech-savvy users who want more control over their social media experience. Pleroma’s modularity allows it to integrate various features from other platforms, making it a versatile choice for those looking to escape the mainstream.
For those who love Instagram but hate its corporate antics, Pixelfed is the answer. This photo-sharing platform focuses on privacy and user control. It offers a familiar interface, complete with filters and photo albums, but without the ads and algorithms pushing sponsored content. Pixelfed is perfect for photographers, artists and anyone who wants to share visual content without the noise of traditional social media.
Friendica, meanwhile, is a versatile platform that can connect with almost any other social network. It supports many protocols, including ActivityPub (used by Mastodon and Pleroma), Diaspora, and even old-school protocols like RSS. Friendica is a great choice for users who want to bridge the gap between the fediverse and traditional social media platforms. Its flexibility and integration capabilities make it the ultimate social network aggregator.
YouTube’s video-sharing dominance is undeniable, but PeerTube offers a decentralized alternative. Developed by Framasoft, PeerTube enables users to host their own video servers, interconnecting with other instances to share content. This decentralization ensures that no single entity controls the platform, promoting free speech and diverse content. PeerTube is often held up as the ideal for creators who value independence and want to escape the ad-driven, algorithmic world of YouTube.
Bluesky (bsky among friends) is an interesting player in this space. As a brainchild of Twitter founder Jack Dorsey, Bluesky’s focus on open protocols aims to dismantle the monopolistic hold of major social media companies, although, interestingly, Bluesky chose to use the AT protocol, which is similar, but adds account portability (the ability to take your account from one platform to another). Is it technically part of the fediverse? Many say it isn’t – but given its popularity, we figured we’d include it here for completeness.
Wait, are there really no downsides to the fediverse?
Welllll… Of course, it’s not all rainbows and unicorns. The fediverse has its own set of issues and growing pains
Too many cooks. With great power comes great responsibility. In this case, a million tiny servers, each with its own rules. This fragmentation can make the fediverse feel disjointed, with varying levels of quality and user experience. Navigating this landscape can confuse newcomers who may struggle to find the right instance or understand the platform’s nuances. While diversity is a strength, it also presents challenges regarding coherence and user adoption.
Only the tech-savvy need apply? Setting up and maintaining your own server can be a headache unless you’re a tech wizard, and the “only nerds may apply” vibe runs strong. The technical barrier to entry can be daunting, deterring less tech-savvy users from fully engaging with the fediverse. While user-friendly instances exist, the overall complexity remains a hurdle for widespread adoption. Simplifying the user experience and lowering technical barriers will be crucial for the fediverse’s growth.
The popular kid on the block. Some platforms struggle under the weight of their own popularity. Growing pains, they call it, which makes sense, but it doubles down on the tech-savvy vibe from above: Instances can become overwhelmed by a sudden influx of users, leading to performance issues and downtime for folks who are least likely to tolerate (or know what to do with) sudden downtime. This scalability problem highlights the challenges of maintaining decentralized networks without the resources of corporate giants. Balancing growth and stability will be essential for the fediverse’s sustainability — and continue to be one of its biggest stumbling blocks.
Wait, what’s with all the racism? Without a central authority, content moderation can be hit or miss. And let’s be honest, especially in the early days, users are experiencing more misses than hits. Each instance sets its own moderation policies, leading to inconsistencies and potential conflicts. While this allows for diverse community standards, it also means that harmful content can proliferate on poorly moderated servers. Anyone who’s run a popular social network knows that effective and consistent moderation is critical to ensuring safe and welcoming environments, but achieving this across a decentralized network is… let’s call it “an unsolved challenge.”
What’s next for the fediverse?
Lemme bust out the crystal ball and see if I can come up with some predictions. Will it overthrow the social media titans and usher in a new era of digital utopia? Probably not — or at least not for a while. But there is hope for it to play to its strengths and continue to grow as a haven for those tired of being commodified by Big Tech.
I expect more platforms to join the fray, each more niche than the last. The fediverse’s open nature encourages innovation, and we can anticipate a proliferation of new projects catering to specific communities and interests. This diversity will enrich the ecosystem, offering users more choices and fostering a vibrant digital culture. However, it will also exacerbate the challenges of fragmentation and interoperability.
Indeed, the way that these platforms talk to each other is through various protocols, which, let’s be frank, only a handful of people will understand or care about. ActivityPub currently dominates the fediverse, but other protocols like Zot and Diaspora have their proponents. In the future, we will likely see ongoing efforts to improve and standardize these protocols, enhancing cross-platform communication and integration. This technical evolution will be crucial for the fediverse’s cohesion and growth.
Mainstream adoption remains a significant challenge. There is a handful of extremely popular microblogging platforms, all of which are significant competitors to the fediverse. Its complex nature and decentralized ethos may deter the average user accustomed to the simplicity and familiarity of corporate social media. To attract a broader audience, the fediverse will have to find a way to streamline its user experience, improve accessibility and offer compelling alternatives to mainstream platforms. Collaboration with privacy advocates, open-source communities and digital rights organizations could also help raise awareness and drive adoption.
In the long run, it’s going to be interesting to see how the tech giants respond. As the fediverse gains traction, it’s only a matter of time before the usual suspects start to pay notice (Meta, Google, X, Amazon – yes, I’m looking at y’all). While this could bring resources and attention, it also risks undermining the very principles that define the fediverse. The community will have to navigate these waters carefully, balancing growth with integrity.
All we are is another click in the wall
In the end, the fediverse will probably remain a quirky, fragmented and occasionally frustrating part of the internet. But it’s a digital home worth exploring for those who value privacy, community and control. Don’t forget to bring your sense of adventure — and maybe a manual on setting up servers.
The most exciting thing about the fediverse is that it ain’t about perfection; it’s about possibilities and counter-culture. It’s a grand experiment in what the internet could be — free from the monopolistic tendencies of Big Tech, driven by community values, and open to endless innovation. So, whether you’re a tech enthusiast, a privacy advocate or just someone tired of the same old social media grind, give the fediverse a shot. The potential win is the chance of finding your digital tribe among the chaos.
Despite years of claims that the “death of email” is fast approaching, the decades-old communication method continues to thrive in business. In particular, the business of hacking.
An email containing a link that looks legitimate but is actually malicious remains one of the most dangerous yet successful tricks in a cybercriminal’s handbook and has led to some of the largest hacks in recent years, including the 2022 breach of communications giant Twilio and last year’s hack of social media platform Reddit.
While these emails are sometimes easy to spot, be it thanks to bad spelling or an unusual email address, it is becoming increasingly difficult to identify a dodgy email from a legitimate one as hackers’ tactics become increasingly sophisticated.
Take business email compromise (or BEC), for example, a type of email-borne attack that targets organizations large and small with the aim of stealing money, critical information, or both. In this type of scam, hackers impersonate or compromise someone familiar to the victim, such as a co-worker, boss or business partner, to manipulate them into unknowingly disclosing sensitive information.
The risk this poses to businesses, particularly startups, can’t be overstated. Individuals in the U.S. lost close to $3 billion in BEC scams last year alone, according to the latest data from the FBI. And these attacks are showing no signs of slowing down.
How to spot a business email compromise scam
Look for the warning signs
While cybercriminals have become more advanced in their email-sending tactics, there are some simple red flags that you can — and should — look out for. These include an email sent outside of typical business hours, misspelled names, a mismatch between the sender’s email address and the reply-to address, unusual links and attachments, or an unwarranted sense of urgency.
Contact the sender directly
The use of spear phishing — where hackers use personalized phishing emails to impersonate high-level executives within a company or outside vendors — means it can be near-impossible to tell whether a message has come from a trusted source. If an email seems unusual — or even if it doesn’t — contact the sender directly to confirm the request, rather than replying via any email or any phone number provided in the email.
Check with your IT folks
Tech support scams are becoming increasingly common. In 2022, Okta customers were targeted by a highly sophisticated scam that saw attackers send employees text messages with links to phishing sites that imitated the look and feel of their employers’ Okta login pages. These login pages looked so much like the real deal that more than 10,000 people submitted their work credentials. Chances are, your IT department isn’t going to contact you via SMS, so if you receive a random text message out of the blue or an unexpected pop-up notification on your device, it’s important to check if it’s legitimate.
Be (even more) wary of phone calls
Cybercriminals have long used email as their weapon of choice. More recently, criminals rely on fraudulent phone calls to hack into organizations. A single phone call reportedly led to last year’s hack of hotel chain MGM Resorts, after hackers successfully deceived the company’s service desk into granting them access to an employee’s account. Always be skeptical of unexpected calls, even if they come from a legitimate-looking contact, and never share confidential information over the phone.
Multi-factor all the things!
Multi-factor authentication — which typically requires a code, PIN, or fingerprint for logging in along with your regulator username and password — is by no means foolproof. However, by adding an extra layer of security beyond hack-prone passwords, it makes it far more difficult for cybercriminals to access your email accounts. Take one security step even further by rolling out passwordless technology, like hardware security keys and passkeys, which can prevent password and session token theft from info-stealing malware.
Implement stricter payment processes
With any type of cyberattack, a criminal’s ultimate goal is to make money, and the success of BEC scams often hinges on manipulating a single employee into sending a wire transfer. Some financially motivated hackers pretend to be a vendor requesting payment for services performed for the company. To lessen the risk of falling victim to this type of email scam, roll out strict payment processes: Develop a protocol for payment approvals, require that employees confirm money transfers through a second communication medium, and tell your financial team to double-check every bank account detail that changes.
You can also ignore it
Ultimately, you can minimize the risk of falling for most BEC scams by simply ignoring the attempt and moving on. Not 100% sure that your boss actually wants you to go out and buy $500 worth of gift cards? Ignore it! Getting a call you weren’t expecting? Hang up the phone! But for the sake of your security team and helping your co-workers, don’t stay quiet. Report the attempt to your workplace or IT department so that they can be on higher alert.
Microsoft emails that warned customers of Russian hacks criticized for looking like spam and phishing
More and more hackers are targeting regular people with the goal of stealing their crypto, perhaps getting into their bank accounts or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s important to know what you can do to protect yourself if you suspect someone got into your email or social media account.
A few years ago, I wrote a guide to help people protect themselves, and understand that most of the companies you have an account with already offer you tools to take control of your accounts’ security, even before you contact them for help, which in some cases you still should do.
Here we break down what you can do on several different online services.
Just like in the previous guide, there’s an important caveat. You should know that these methods don’t guarantee that you haven’t been compromised. If you still aren’t sure, you should contact a professional, especially if you are a journalist, a dissident or activist, or otherwise someone who has a higher risk of being targeted. In those cases, the nonprofit Access Now has a digital security helpline that will connect you to one of their experts.
Another caveat, if you don’t do this already, you should enable multi-factor authentication on all your accounts, or at least the most important ones (email, banking, social media). This directory is a great resource that teaches you how to enable multi-factor authentication on more than 1,000 websites. (Note that you don’t have to use the multi-factor app promoted on that site, there are plenty of other alternatives.)
Increasingly some online services offer the use of a physical security key or a passkey stored in your password manager, which is one of the highest safeguards to prevent account intrusions that rely on password-stealing malware or phishing.
Gmail lists all the places your account is active
The first thing you should do if you suspect someone has broken into your Gmail account (and by extension all the other Google services linked to it) is to scroll all the way down in your inbox until you see “Last account activity” in the bottom right corner.
Click on “Details.” You will then see a pop-up window that looks like this:
A list of recent account activity on Google’s account page. Image Credits: TechCrunch
These are all the places where your Google account is active. If you don’t recognize one of them, for example if it comes from a different location, like a country you haven’t visited recently or have never been, then click on “Security Checkup.” Here you can see on which devices your Google account is active.
Google’s Security Checkup Page, including a view that shows “where you’re signed in.” Image Credits: TechCrunch.
If you scroll down, you can also see “Recent security activity.”
Check this list to see if there are any devices that you don’t recognize. If in any of these places above you see something suspicious, click on “See unfamiliar activity?” and change your password:
Changing your Google account password. Image Credits: TechCrunch
After you change your password, as Google explains here, you will be signed out of every device in every location, except on the “devices you use to verify that it’s you when you sign in,” and some devices with third-party apps that you’ve granted account access to. If you want to sign out there too, go to this Google Support page and click on the link to “View the apps and services with third-party access.”
Removing third-party access to your Google account. Image Credits: TechCrunch
Finally, we also suggest considering turning on Google’s Advanced Protection on your account. This enhanced security protection makes phishing your password and hacking into your Google account even harder. The drawback is that you need to purchase security keys, hardware devices that serve as a second-factor. But we think this method is important and a must-use for people who are at a higher risk.
Also, remember that your email account is likely linked to all your other important accounts, so getting into it could turn out to be the first step into hacking into other accounts. That’s why securing your email account is more important than virtually any other account.
Outlook and Microsoft logins are in the account settings
If you are concerned about hackers having accessed your Microsoft Outlook account, you can check “when and where you’ve signed in,” as Microsoft puts it in the account settings.
To go to that page, go to your Microsoft Account, click on Security on the left-hand menu, and then under “Sign-in activity” go to “View my activity.”
Checking recent sign-in activity on your Microsoft account. Image Credits: TechCrunch
At this point, you should see a page that shows recent logins, which platform and device was used to log in, the type of browser and the IP address.
Checking recent activity on your Microsoft account. Image Credits: TechCrunch
If something looks off, click on “Learn how to make your account more secure,” where you can change your password, check “how to recover a hacked or compromised account” and more.
Microsoft also has a support portal with information on the Recent activity page.
As we noted above, your email account is the cornerstone of your online security, given that it’s likely that most of your important accounts — think social media, bank and healthcare provider, etc. — are linked to it. It’s a popular target for hackers who want to then compromise other accounts.
Yahoo offers email tools to help
Like other email providers, Yahoo (which owns TechCrunch) also offers a tool to check your account and sign-in activity with the goal of allowing you to see any unusual activity that could be a sign of compromise.
To access this tool, go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, and click on “Manage your account.”
Accessing your Yahoo account information. Image Credits: TechCrunch
Once there, click on “Review recent activity.” On this page you will be able to see recent activity on your account, including password changes, phone numbers added and which devices are connected to your account, as well as their corresponding IP addresses.
Checking recent account activity on your Yahoo account. Image Credits: TechCrunchChecking recent account activity on your Yahoo account. Image Credits: TechCrunch
Given that it is likely that you have linked your email address to sensitive websites like your bank, your social media accounts and healthcare portals, among others, you should make an extra effort to secure it.
Ensure your Apple ID is safe
Apple allows you to check which devices your Apple ID is logged in directly through the iPhone and Mac system settings, as the company explains here.
On an iPhone or iPad, go to “Settings,” tap your name, and scroll down to see all the devices that you are signed in on.
A screenshot on an iPhone showing all the logged-in devices on an Apple account. Image Credits: Apple
On a Mac, click on the Apple logo on the top left corner, then “System Settings,” then click on your name, and you will also see a list of devices, just like on an iPhone or iPad.
A screenshot on a Mac showing all the logged-in devices on an Apple account. Image Credits: Apple
If you click on any device, Apple says, you will be able to “view that device’s information, such as the device model, serial number” and operating system version.
On Windows, you can use Apple’s iCloud app to check which devices are logged into your account. Open the app, and click on “Manage Apple ID.” There you can view the devices and get more information on them.
Finally, you can also get this information through the web, going to your Apple ID account page, then clicking on “Devices” in the left hand menu.
A screenshot on a browser view showing all the logged-in devices on an Apple account. Image Credits: Apple
How to check Facebook and Instagram security
The social networking giant offers a feature that lets you see where your account is logged in. Head to Facebook’s “Password and Security” settings and click on “Where you’re logged in.”
Account login activity for a Facebook account. Image Credits: TechCrunch
In the same interface you can also see where you are logged in with your Instagram account, provided it’s linked to your Facebook account. If the accounts are not linked, or you just don’t have a Facebook account, go to Instagram’s “Account Center” to manage your Instagram account and click on Password and Security, and then “Where you’re logged in.”
Here you can choose to log out from specific devices, perhaps because you don’t recognize them, or because they are old devices you don’t use anymore.
Just like Google, Facebook offers an Advanced Protection feature as well as for Instagram, which essentially makes it harder for malicious hackers to log onto your account. “We’ll apply stricter rules at login to reduce the chances of unauthorized access to your account,” the company explains. “If we see anything unusual about a login to your account, we’ll ask you to complete extra steps to confirm it’s really you.”
If you are a journalist, a politician or otherwise someone who is more likely at risk to be targeted by hackers, you may want to switch on this feature.
It’s easy to see whether your WhatsApp is safe
In the past, it was only possible to use WhatsApp on one mobile device only. Now, Meta has added functionalities for WhatsApp users to use the app on computers, and also directly via browser.
Checking where you logged in with your WhatsApp account is simple. Open the WhatsApp app on your mobile phone. On iPhones and iPads, tap on the Settings icon in the bottom right corner, then tap on “Linked devices.”
There, you will be able to see a list of devices, and by clicking on one of them you can log them out.
Checking linked devices on a WhatsApp account. Image Credits: TechCrunchChecking linked devices on a WhatsApp account. Image Credits: TechCrunch
On Android, tap on the three dots in the top-right corner of the WhatsApp app, then tap “Linked devices” and you will see a page that’s very similar to what you would see on Apple devices.
Signal also lets you check for anomalies
Like WhatsApp, Signal now lets you use the app via dedicated Desktop apps for macOS, Windows, as well as Linux.
Looking for linked devices attached to a Signal account. Image Credits: TechCrunch
From this screen of Linked Devices, you can tap on “Edit” and remove the devices, which means your account will be logged out and unlinked from those devices.
X (Twitter) lets you see what sessions are open
To see where you are logged into X (formerly Twitter), go to X Settings, then click on “More” on the left-hand menu, click on “Settings and privacy,” then “Security and account access” and finally “Apps and sessions.”
From this menu, you can see which apps you have connected to your X account, what sessions are open (such as where you are logged in) and the access history of your account.
You can revoke access to all other devices and locations by hitting the “Log out of all other sessions” button.
Looking at the logged-in sessions on an X account. Image Credits: TechCrunchLooking at the account access history on an X account. Image Credits: TechCrunch
The CrowdStrike outage that hit early Friday morning and knocked out computers running Microsoft Windows has grounded flights globally.
Major U.S. airlines including United Airlines, American Airlines and Delta Air Lines have halted flight operations around the world. According to FlightAware, which is tracking the cancellations live, 7% of United Airlines flights, 8% of American Airlines flights and 12% of Delta flights have been canceled. By comparison, the airlines had canceled Thursday 3%, 4% and 1% of flights, respectively.
FlightAware’s tracker also shows that, as of 6:30 p.m. ET, nearly 4,434 flights have been canceled today, with total flight delays surpassing 40,000. Not all of those cancellations and delays will be linked to the CrowdStrike outage.
U.S. Secretary of Transportation Pete Buttigieg, who addressed the widespread outage during an interview on CNBC, said that while the issue has been identified, his agency expects a “ripple or cascade effect” to continue today as airlines try to get their systems back to normal.
“These flights, they run so tightly, so back-to-back, that even after a root cause is addressed, you can still be feeling those impacts throughout the day,” said Buttigieg. “I will say we have no indication of an impact to our own systems, in terms of FAA operational systems like air traffic control, or most systems within the U.S. Department of Transportation, but as far as the airlines themselves, we’re going to definitely be expecting more there.”
Buttigieg also noted that shipping ports have been affected due to issues at gates letting trucks in and out. Local California news reported that at Long Beach and Los Angeles ports, shipments were disrupted and delayed amid the outage as hundreds of trucks were stuck waiting for cargo to be released or loaded.
The Federal Aviation Administration posted on X and Facebook that it is closely monitoring the issue, and that several airlines have requested assistance with ground stops until the issue is resolved. A ground stop is an air traffic control measure that slows or halts the flow of an aircraft coming into a given airport.
“We continue to work closely with airlines as they work to resume normal operations,” wrote the FAA. “Ground stops and delays will be intermittent at various airports as the airlines work through residual technology issues. Contact the airlines for more information.”
According to the FAA’s website, airports like Boston Logan International Airport, Harry Reid International Airport in Las Vegas, Milwaukee Mitchell International, Charles M. Schulz-Sonoma County Airport and LaGuardia Airport in New York have closed to “non-scheduled transient general aviation aircraft, or flights that aren’t a part of a regular schedule (like charter or private flights) and aircraft that are just passing through and not based at the airport.”
Airports including Atlanta International, Detroit Metropolitan, Minneapolis Saint-Paul, Salt Lake City International Airport and Henry E. Rohlsen Airport in Saint Croix are experiencing ground delays due to unspecified reasons that could also be linked to the CrowdStrike outage.
Airlines react to CrowdStrike outage
Virtually every airline has experienced communications issues due to the CrowdStrike outage, including global airlines such as Qantas, Air France, Ryanair, Air Asia, Air India and others.
The FAA’s Air Traffic Control System Command Center posted Friday that all United Airlines flights regardless of destination and subs have been grounded due to a communication issue.
United Airlines posted on its website that flights going in and out of the following airports today have been affected: Cleveland, OH (CLE); Newark, NJ (EWR); Frankfurt, Germany (FRA); Guam (GUM); Honolulu, HI (HNL); Washington, D.C. (IAD); Houston, TX (IAH); Los Angeles, CA (LAX); London, Great Britain (LHR); Orlando, FL (MCO); Chicago, IL (ORD); San Francisco, CA (SFO).
A United spokesperson told TechCrunch that the issue affected many separate systems, including those used for calculating aircraft weight, checking in customers and phone systems at the airline’s call centers.
Frontier Airlines, an American ultra low-cost carrier, was also affected, but appears to have resumed, or is in the process of resuming, normal flight operations. Spirit Airlines, another budget airline, said the outage is impacting its reservations system and flight operations.
“Due to the outage, we are currently unable to rebook Guests whose travel plans have been disrupted. We will assist these Guests as soon as possible when our vendor restores service,” Spirit posted on Facebook.
American Airlines also confirmed that a technical issue with a vendor impacted multiple carriers. The airline said as of 5 a.m. ET it has been able to “safely re-establish our operation.” However, current social media posts still show customers whose flights are canceled or continue to be delayed.
Despite the fact that Delta was able to resume some flight departures, as of Friday afternoon, more than 1,200 Delta mainline and Delta Connection flights had been canceled due to the outage. Delta also said additional delays and cancellations are expected Friday and potentially through the weekend.
According to a ground delay alert from the FAA, Delta flights departing for Hartsfield-Jackson Atlanta International Airport are seeing an average delay of 174 minutes at the time of this writing. The delay affects departures from 30 airlines across the U.S. and Canada.
Citi analyst Stephen Trent said that because the outage wasn’t the fault of the airlines themselves, he doesn’t believe there will be penalties for flight cancellations.
“Today’s disruption should not have a material earnings impact as long as significant improvements continue throughout the day,” Trent said.
Consumer rights
Most of the airlines with delayed or canceled flights are working on ways to help customers rebook their flights.
United, American Airlines and Delta have all waived change fees and fare differences for customers whose flights were canceled on Friday. Customers need to rebook today to take advantage of the waiver, and their new flights must be departing between Friday and July 25, 2024. Tickets also must be in the same cabin and between the same cities as originally booked.
The airlines told the DOT that they’d provide meals for customer delayed by three hours and hotel rooms for customers that have to wait overnight for a new flight. Delta also said on its website that it would provide meal vouchers and hotel accommodations to impacted customers.
Tomasz Pawliszyn, CEO of air passenger rights company AirHelp, said that passengers who have been affected by delays and cancellations should understand their rights and know what options are available to them during disruptions.
“Although this incident is beyond the control of airlines and airports, passengers still have certain rights under U.S. Department of Transportation (DOT) regulations,” Pawliszyn told TechCrunch. “The passengers are entitled to assistance from the airline. This can include rebooking on the next available flight and, in some cases, meal vouchers and accommodation if the delay extends overnight.”
Pawliszyn noted that the “right to care” is for all delays above two hours. He recommends that passengers retain all boarding passes and receipts for any expenses incurred during the delay, such as food, drink and accommodation, to facilitate any potential reimbursement claims
Trains largely unaffected by CrowdStrike outage
Most trains appear to be unaffected by the outage, including Amtrak, but some apps for managing train times are down. The New York City public transit system, the MTA, is still running, but the MTA app that shows subway and bus scheduling and route planning was down for much of the day. As of 6:30 pm ET, the MTA app was working again.
Washington, D.C.’s Metro public transit system, however, was affected by the outage. As of 5:45 am ET, the service said that all Metrorail stations opened on time and service is running as scheduled. Buses are also operating as scheduled.
Auto industry mildly affected
The outage has affected businesses around the world, including retailers, brokerage houses, media companies and more.
Automakers GM and Ford told TechCrunch their manufacturing operations were not affected by the outage and that their consumer-facing apps, which owners use to unlock and lock their vehicles and control other information, are working as normal. OnStar, the GM subsidiary that handles in-vehicle communications including emergency services, is also working as normal.
Some automotive suppliers have been affected by the outage, including Magna, which is experiencing “varying levels of operational disruptions,” according to the company.
“Our dedicated IT teams are working closely with all effected providers to expedite recovery and ensure continuity of service across our locations,” Magna spokesperson Tracy Fuerst said in an email. “We have also been in close contact with our customers and suppliers to mitigate any potential impact.”
Fuerst added that due to the quick response of its global IT team and providers the majority of its operations are now running. “We are getting closer to more stability which is expected yet today still,” she said.
CrowdStrike’s CEO, George Kurtz, confirmed that a defect in a software update for Windows hosts caused the outage. He ruled out a cyberattack, adding that the firm was rolling out a fix and that Mac and Linux hosts were not affected.
This story is developing but was originally published at 8:22 a.m. PT. Article has been updated to include new information on flight delays and show that the MTA app is now working.
Let’s start with the premise that many people take notes as they work with customers as part of their jobs. As they take notes, they may need to access a customer record in Salesforce or open a Jira ticket to get IT involved with a customer problem, but to do that, they must undertake the dreaded task switching, where you switch out of the application you’re working in and open another application to complete a different job or access additional information.
Noded AI, a new startup, wants to change that by making all your work tools available from where you take notes in an automated fashion, eliminating the need to task switch. Today, the company emerged from stealth with a $4 million investment.
“We are reinventing the note-taking space and using AI and a bit of automation data science to basically put notes at the center of the enterprise,” Noded CPO and co-founder Steve Wood told TechCrunch.
The Noded name, aside from a clever play on words, comes from the fact that the company sees notes not as a large document, but as bits of information that fit together in a knowledge graph. “The note becomes a graph where each fragment of information is a node on the graph, so if I were say, in a meeting with you, I can see all the tasks and context around you, and it would just filter through all of my notes across weeks, months, whatever,” he said.
And you can access all the information you need from within Noded without having to switch programs because it’s all designed to bring the apps you need to you automatically within the context of your work.” So rather than having your notes in one place, and all your applications in another, it’s making your notes part of the flow of work where, as you type your notes, Noded will help you get it into the right system. So you don’t have to double enter all the time,” he said.
Wood was previously VP of product and platform at Slack, another company that has tried to be the center of work, but using communications instead of notes as the centering mechanism. Wood says that one of the things he realized helping build the Slack platform, was it required more context, and he feels like the notes metaphor provides that.
“Part of the realization from Slack was that without having the context around the customer or the other business objects, all we could do was just push alerts to you, which kind of just made your life more confusing because it’s hard to track,” he said. “Why do I care about that Zendesk ticket? Oh, yeah, it’s because Acme was asking about it. So we can give you that context, it makes it easier for you to do your work, but it also makes things a lot less noisy.”
AI plays a role in the way work is pulled from the notes and linked to an application, but for their purposes, Wood says it doesn’t have to be super sophisticated. “Today’s LLMs are perfectly fine for our purposes,” he said. “It’s kind of like having an administrator who’s sitting there doing the really tedious work that you don’t want to do,” he said.
His co-founder and CEO, Chris Port, came from Dell Boomi. The two co-founders actually worked together at Boomi, prior to Wood joining Slack in 2020.
It’s early days. The company launched in September and began building in earnest after the first of the year. “And this will be our ‘Hello World’ moment where we announced the company,” Port said. The startup is working with some early customers and working toward a formal beta some time this year.
Today’s $4 million investment was led by Boldstart Ventures with participation from Bessemer Venture Partners, 20VC and First Hand Ventures. Wood’s old bosses at Slack, co-founders Stewart Butterfield and Cal Henderson, also participated, as well as Okta co-founder Frederic Kerrest.
CrowdStrike released a relatively minor patch on Friday, and somehow it wreaked havoc on large swaths of the IT world running Microsoft Windows, bringing down airports, healthcare facilities and 911 call centers. While we know a faulty update caused the problem, we don’t know how it got released in the first place. A company like CrowdStrike very likely has a sophisticated DevOps pipeline with release policies in place, but even with that, the buggy code somehow slipped through.
In this case it was perhaps the mother of all buggy code. The company has suffered a steep hit to its reputation, and the stock price plunged from $345.10 on Thursday evening to $263.10 by Monday afternoon. It has since recovered slightly.
In a statement on Friday, the company acknowledged the consequences of the faulty update: “All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”
Further, it explained the root cause of the outage, although not how it happened. That’s a post mortem process that will likely go on inside the company for some time as it looks to prevent such a thing from happening again.
Dan Rogers, CEO at LaunchDarkly, a firm that uses a concept called feature flags to deploy software in a highly controlled way, couldn’t speak directly to the CrowdStrike deployment problem, but he could speak to software deployment issues more broadly.
“Software bugs happen, but most of the software experience issues that someone would experience are actually not because of infrastructure issues,” he told TechCrunch. “They’re because someone rolled out a piece of software that doesn’t work, and those in general are very controllable.” With feature flags, you can control the speed of deployment of new features, and turn a feature off, if things go wrong to prevent the problem from spreading widely.
It is important to note however, that in this case, the problem was at the operating system kernel level, and once that has run amok, it’s harder to fix than say a web application. Still, a slower deployment could have alerted the company to the problem a lot sooner.
What happened at CrowdStrike could potentially happen to any software company, even one with good software release practices in place, said Jyoti Bansal, founder and CEO at Harness, a maker of DevOps pipeline developer tools. While he also couldn’t say precisely what happened at CrowdStrike, he talked generally about how buggy code can slip through the cracks.
Typically, there is a process in place where code gets tested thoroughly before it gets deployed, but sometimes an engineering team, especially in a large engineering group, may cut corners. “It’s possible for something like this to happen when you skip the DevOps testing pipeline, which is pretty common with minor updates,” Bansal told TechCrunch.
He says this often happens at larger organizations where there isn’t a single approach to software releases. “Let’s say you have 5,000 engineers, which probably will be divided into 100 teams of 50 or so different developers. These teams adopt different practices,” he said. And without standardization, it’s easier for bad code to slip through the cracks.
How to prevent bugs from slipping through
Both CEOs acknowledge that bugs get through sometimes, but there are ways to minimize the risk, including perhaps the most obvious one: practicing standard software release hygiene. That involves testing before deploying and then deploying in a controlled way.
Rogers points to his company’s software and notes that progressive rollouts are the place to start. Instead of delivering the change to every user all at once, you instead release it to a small subset and see what happens before expanding the rollout. Along the same lines, if you have controlled rollouts and something goes wrong, you can roll back. “This idea of feature management or feature control lets you roll back features that aren’t working and get people back to the prior version if things are not working.”
Bansal, whose company just bought feature flag startup Split.io in May, also recommends what he calls “canary deployments,” which are small controlled test deployments. They are called this because they hark back to canaries being sent into coal mines to test for carbon monoxide leakage. Once you prove the test roll out looks good, then you can move to the progressive roll out that Rogers alluded to.
As Bansal says, it can look fine in testing, but a lab test doesn’t always catch everything, and that’s why you have to combine good DevOps testing with controlled deployment to catch things that lab tests miss.
Rogers suggests when doing an analysis of your software testing regimen, you look at three key areas — platform, people and processes — and they all work together in his view. “It’s not sufficient to just have a great software platform. It’s not sufficient to have highly enabled developers. It’s also not sufficient to just have predefined workflows and governance. All three of those have to come together,” he said.
One way to prevent individual engineers or teams from circumventing the pipeline is to require the same approach for everyone, but in a way that doesn’t slow the teams down. “If you build a pipeline that slows down developers, they will at some point find ways to get their job done outside of it because they will think that the process is going to add another two weeks or a month before we can ship the code that we wrote,” Bansal said.
Rogers agrees that it’s important not to put rigid systems in place in response to one bad incident. “What you don’t want to have happen now is that you’re so worried about making software changes that you have a very long and protracted testing cycle and you end up stifling software innovation,” he said.
Bansal says a thoughtful automated approach can actually be helpful, especially with larger engineering groups. But there is always going to be some tension between security and governance and the need for release velocity, and it’s hard to find the right balance.
We might not know what happened at CrowdStrike for some time, but we do know that certain approaches help minimize the risks around software deployment. Bad code is going to slip through from time to time, but if you follow best practices, it probably won’t be as catastrophic as what happened last week.
