Slashdot Mirror

As expected, Amazon said on Thursday that it was canceling plans to build a corporate campus in New York City [The link may be paywalled; alternative source]. From a report: The company had planned to build a sprawling complex in Long Island City, Queens, in exchange for nearly $3 billion in state and city incentives. But the deal had run into fierce opposition from local lawmakers who criticized providing subsidies to one of the world's richest companies. Amazon said the deal would have created more than 25,000 jobs. Amazon's NYC educational investments will continue.
Amazon's statement: "After much thought and deliberation, we've decided not to move forward with our plans to build a headquarters for Amazon in Long Island City, Queens. For Amazon, the commitment to build a new headquarters requires positive, collaborative relationships with state and local elected officials who will be supportive over the long-term. While polls show that 70% of New Yorkers support our plans and investment, a number of state and local politicians have made it clear that they oppose our presence and will not work with us to build the type of relationships that are required to go forward with the project we and many others envisioned in Long Island City.

We are disappointed to have reached this conclusion -- we love New York, its incomparable dynamism, people, and culture -- and particularly the community of Long Island City, where we have gotten to know so many optimistic, forward-leaning community leaders, small business owners, and residents. There are currently over 5,000 Amazon employees in Brooklyn, Manhattan, and Staten Island, and we plan to continue growing these teams."

Facebook and Google were far from the only developers openly abusing Apple's Enterprise Certificate program meant for companies offering employee-only apps. A TechCrunch investigation uncovered a dozen hardcore pornography apps and a dozen real-money gambling apps that escaped Apple's oversight. From the report: The developers passed Apple's weak Enterprise Certificate screening process or piggybacked on a legitimate approval, allowing them to sidestep the App Store and Cupertino's traditional safeguards designed to keep iOS family friendly. Without proper oversight, they were able to operate these vice apps that blatantly flaunt Apple's content policies. The situation shows further evidence that Apple has been neglecting its responsibility to police the Enterprise Certificate program, leading to its exploitation to circumvent App Store rules and forbidden categories.

An anonymous reader quotes a report from TechCrunch: Google today announced the general availability of a new API for Google Docs that will allow developers to automate many of the tasks that users typically do manually in the company's online office suite. The API has been in developer preview since last April's Google Cloud Next 2018 and is now available to all developers. As Google notes, the REST API was designed to help developers build workflow automation services for their users, build content management services and create documents in bulk. Using the API, developers can also set up processes that manipulate documents after the fact to update them, and the API also features the ability to insert, delete, move, merge and format text, insert inline images and work with lists, among other things.

The canonical use case here is invoicing, where you need to regularly create similar documents with ever-changing order numbers and line items based on information from third-party systems (or maybe even just a Google Sheet). Google also notes that the API's import/export abilities allow you to use Docs for internal content management systems.

"Microsoft is expected to announce the next generation HoloLens headset at an already announced event on February 24, and the company's doing a bit more to stoke the flames," reports TechCrunch. One of the key people behind the original HoloLens, Alex Kipman, tweeted a video showing "vague forms of chips and cables [that] take shape out of melted ice, rocks and air," reports TechCrunch. From the report: The original headset was ahead of the mixed reality wave, but now that AR is starting to catch on all over the industry, the timing could be right for a big second-generation launch. Reports have suggested a Qualcomm 850 chip and new Project Kinect Sensors. The headset is also said to be cheaper and smaller than its developer-focused predecessor, which could put Microsoft in prime position to push augmented reality forward.

Zack Whittaker reports via TechCrunch: A reader contacted TechCrunch after his [OkCupid] account was hacked. The reader, who did not want to be named, said the hacker broke in and changed his password, locking him out of his account. Worse, they changed his email address on file, preventing him from resetting his password. OkCupid didn't send an email to confirm the address change -- it just blindly accepted the change. "Unfortunately, we're not able to provide any details about accounts not connected to your email address," said OkCupid's customer service in response to his complaint, which he forwarded to TechCrunch. Then, the hacker started harassing him strange text messages from his phone number that was lifted from one of his private messages. It wasn't an isolated case. We found several cases of people saying their OkCupid account had been hacked.

But several users couldn't explain how their passwords -- unique to OkCupid and not used on any other app or site -- were inexplicably obtained. "There has been no security breach at OkCupid," said Natalie Sawyer, a spokesperson for OkCupid. "All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid." Even on OkCupid's own support pages, the company says that account takeovers often happen because someone has an account owner's login information. "If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach," says the support page. In fact, when we checked, OkCupid was just one of many major dating sites -- like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony -- that didn't use two-factor authentication at all.

stoborrobots writes: Google Fiber is leaving Louisville, as reported in The Verge: "Google Fiber's attempt to roll out its gigabit internet across the city of Louisville, Kentucky has apparently failed so spectacularly that the company has decided to completely shut down the service and leave town altogether. CNET has a report on the news, which Alphabet's Access division confirmed in a blog post on Thursday. 'We'll work with our customers and partners to minimize disruption, and we're committed to doing right by the community, which welcomed us as we tested methods of delivering high-speed internet in new and different ways,' the Fiber team said."

TechCrunch's take: "It's a rare admission of defeat for Google Fiber, though it's no secret that the company isn't exactly bullish on the prospect of the service anymore. Louisville was supposed to be somewhat of a comeback for Google Fiber, which like so many Google services is now under more pressure to generate a profit. Clearly, that didn't work out." The issue apparently has to do with "shallow trenching," a process that involves laying fiber cable two inches beneath the sides of roads in the city and covering them up with sealant. "The company seemed optimistic about this plan until some of the cable started becoming exposed over time, requiring a second cover-up with hot asphalt," reports The Verge. "It seems Access realized it had to go a bit deeper with the cabling; in San Antonio, a similar method is used -- but the fiber is laid at least six inches deep into the ground."

"Unfortunately, things have somehow gone so awry in Louisville that Google Fiber claims it would need to rebuild the entire network to get everything to a satisfactory point, and it seems Alphabet just isn't interested in blowing the cash that would be necessary to do that. So instead, Google Fiber will today alert Louisville customers that their service will end on April 15th." In an attempt to soften the blow, Google Fiber says it will not charge customers for their final two months of service.

An anonymous reader quotes a report from TechCrunch: Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps -- or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: "Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity." "We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.

It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.

An anonymous reader quotes a report from TechCrunch: Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won't even realize it. And they don't need to ask for permission. You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don't ask or make it clear -- if at all -- that they know exactly how you're using their apps. Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed "session replay" technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn't work or if there was an error. Every tap, button push and keyboard entry is recorded -- effectively screenshotted -- and sent back to the app developers. [...] Apps that are submitted to Apple's App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user's screen. Glassbox doesn't require any special permission from Apple or from the user, so there's no way a user would know. When asked, Glassbox said it doesn't enforce its customers to mention its usage in their privacy policy. A mobile expert known as The App Analyst recently found Air Canada's iPhone app to be improperly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

In March, TechCrunch discovered Facebook planned to require advertisers pledge that they had permission to upload someone's phone number or email address for ad targeting. That tool debuted in June, though there was no verification process and Facebook just took businesses at their word despite the financial incentive to lie. In November, Facebook launched a way for ad agencies and marketing tech developers to specify who they were buying promotions "on behalf of." Soon that information will finally be revealed to users. From the report: Starting February 28th, Facebook's "Why am I seeing this?" button in the drop-down menu of feed posts will reveal more than the brand who paid for the ad, some biographical details they targeted, and if they'd uploaded your contact info. Facebook will start to show when your contact info was uploaded, if it was by the brand or one of their agency/developer partners, and when access was shared between partners. A Facebook spokesperson tells me the goal to keep giving people a better understanding of how advertisers use their information.

This new level of transparency could help users pinpoint what caused a brand to get ahold of their contact info. That might help them to change their behavior to stay more private. The system could also help Facebook zero in on agencies or partners who are constantly uploading contact info and might not have attained it legitimately. Apparently seeking not to dredge up old privacy problems, Facebook didn't publish a blog post about the change but simply announced it in a Facebook post to the Facebook Advertiser Hub Page.

Reddit is about to get a huge new round of investment of up to $300 million. As Gizmodo points out, "the first $150 million is reportedly expected to come from the Chinese tech giant Tencent, the first ever Asian technology company to pass a $500 billion market value." The investment is complicated since Reddit is banned in China via the Great Firewall of China. Also, "Tencent is not merely a resident of China's internet -- the company is one of the most important architects of the Great Firewall," reports Gizmodo. "It's an interesting source of cash for a Silicon Valley company whose product is essentially speech." From the report: Tencent is, at great cost and ultimately for great profit, literally reinventing censorship in China. The Great Firewall was not built by the Communist Party in Beijing, it's built by the tech giants all around China. This opaque but clearly powerful relationship between the $500 billion company and the Chinese government raises interesting and unanswered questions about Tencent's forays into the West, including questions about Reddit's future.

The pending Chinese investment in Reddit, a social media company with relatively little Chinese-language community, is a richer twist on that old tale, and it's a part of Tencent's expanding global investment strategy. The Chinese company owns about 12 percent of Snap, for instance, even though Snapchat is banned in China. Tencent also owns a piece of the chat app Discord even though, you guessed it, Discord is blocked in China. If Tencent does kick in $150 million on a nearly $3 billion valuation for Reddit, as TechCrunch reports, it will be interesting if we ever find out exactly what it means. What kind of influence and position, if any, will Tencent gain at Reddit? Neither company responded to Gizmodo's questions.

An anonymous reader quotes a report from TechCrunch: On the heels of a recently-filed class action lawsuit over wages and tips, as well as drivers and shoppers speaking out about Instacart's alleged practices of subsidizing wages with tips, Instacart is taking steps to ensure tips are counted separately from what Instacart pays shoppers. In a blog post today, Instacart CEO Apoorva Mehta said all shoppers will now have a guaranteed higher base compensation, paid by Instacart. Depending on the region, Instacart says it will pay shoppers between $7 to $10 at a minimum for full-service orders (shopping, picking and delivering) and $5 at a minimum for delivery-only tasks. The company will also stop including tips in its base pay for shoppers.

"After launching our new earnings structure this past October, we noticed that there were small batches where shoppers weren't earning enough for their time," Mehta wrote. "To help with this, we instituted a $10 floor on earnings, inclusive of tips, for all batches. This meant that when Instacart's payment and the customer tip at checkout was below $10, Instacart supplemented the difference. While our intention was to increase the guaranteed payment for small orders, we understand that the inclusion of tips as a part of this guarantee was misguided. We apologize for taking this approach." For the shoppers who were subject that approach, Instacart says it will retroactively pay people whose tips were included in payment minimums. Previously, Instacart guaranteed its workers at least $10 per job, but workers said Instacart offsets wages with tips from customers. The suit alleges Instacart "intentionally and maliciously misappropriated gratuities in order to pay plaintiff's wages even though Instacart maintained that 100 percent of customer tips went directly to shoppers. Based on this representation, Instacart knew customers would believe their tips were being given to shoppers in addition to wages, not to supplement wages entirely."

Facebook has finally made good on its promise to let users unsend chats after TechCrunch discovered Mark Zuckerberg had secretly retracted some of his Facebook Messages from recipients. From a report: Today Facebook Messenger globally rolls out "Remove for everyone" to help you pull back typos, poor choices, embarrassing thoughts, or any other message. For up to 10 minutes after sending a Facebook Message, the sender can tap on it and they'll find the delete button has been replaced by "Remove for you", but there's now also a "Remove for everyone" option that pulls the message from recipients' inboxes. They'll see an alert that you removed a message in its place, and can still flag the message to Facebook who'll retain the content briefly to see if its reported.

The feature could make people more comfortable having honest conversations or using Messenger for flirting since they can second guess what they send, but it won't let people change ancient history. The company abused its power by altering the history of Zuckerberg's Facebook's messages in a way that email or other communication mediums wouldn't allow.

An anonymous reader quotes TechCrunch: In September of last year, Elon Musk promised to make fixing service times a priority. On an earnings call, he outlined two ways they're working on it: more spare parts at service centers, and giving Tesla cars the ability to automatically get the process started by calling a tow truck as soon as it detects an issue. Said Elon on the call:

The next thing we want to add is if a car detects something wrong -- like a flat tire or a drive unit failure -- that before the car has even come to a halt, there's a tow truck and service loaner on the way.

False alarm? Don't want a tow truck to show up? You'll be able to cancel it through the in-dash display.
Musk didn't provide a time frame for when this feature would become available.

Apple has now shut down Google's ability to distribute its internal iOS apps, following a similar shutdown that was issued to Facebook earlier this week. From a report: A person familiar with the situation tells The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps have stopped working today, alongside employee-only apps like a Gbus app for transportation and Google's internal cafe app. UPDATE: Apple has restored Google's Enterprise Certificate so its internal apps will now function.

An anonymous reader quotes a report from TechCrunch: India's largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500. But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers' information.

The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer's partial bank account number. Some would say when a check had been cashed, and many of the bank's sent messages included a link to download SBI's YONO app for internet banking. The bank sent out close to three million text messages on Monday alone. The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers' finances. SBI claims more than 500 million customers across the globe with 740 million accounts.

Despite Facebook's recent scandals, such as the site's biggest data breach, the social media company managed to beat Wall Street's estimates in its Q4 earnings. "Facebook hit 2.32 billion monthly users, up 2.2 percent from 2.27 billion last quarter, speeding up its growth rate," reports TechCrunch. "Facebook climbed to 1.52 billion daily active users from 1.49 billion last quarter for a 2 percent growth rate that dwarfed last quarter's 1.36 percent." From the report: Facebook earned $16.91 billion off all those users with a $2.38 GAAP earnings per share. Those numbers handily beat Wall Street's expectations of $16.39 billion in revenue and $2.18 GAAP earnings per share, plus 2.32 billion monthly and 1.51 billion daily active users. Facebook's daily to monthly user ratio, or stickiness, held firm at 66 percent where it's stayed for years, showing those still on Facebook aren't using it much less. Facebook shares had closed today at $150.42 but shot up over 9 percent following the record revenue and profit announcements to hover around $162. A big 30 percent year-over-year boost in average revenue per user in North America fueled those gains. Yet that's still way down from $186 where it was a year ago and a peak of $217 in July.

Facebook's monthly active user plateaued in North America but roared up in Europe. That was shored up by a reversal of last quarter's decline in Rest Of World average revenue per user, which fell 4.7% in Q3 but bounced back with 16.5 percent growth in Q4. Facebook raked in $6.8 billion in profit this quarter as it slowed down hiring and only grew headcount 5 percent from 33,606 to 35,587. It seems Facebook has gotten to a comfortable place with its security staff-up in the wake of election interference, fake news, and content moderation troubles. Its revenue is up 30 percent year-over-year while profits grew 61 percent, which is pretty remarkable for a 15-year old technology company.

Facebook is not the only one abusing Apple's system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch reported Wednesday. From the report: In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate. That's the same type of policy violation that led Apple to shut down Facebook's similar Research VPN iOS app, which had the knock-on effect of also disabling usage of Facebook's legitimate employee-only apps -- which run on the same Facebook Enterprise Certificate -- and making Facebook look very iffy in the process. It needs to be pointed out that Google's app is relatively transparent about what it does and who runs it.

Facebook is at the center of another privacy scandal -- and this time it hasn't just angered users. It has also angered Apple. From a report: The short version: Apple says Facebook broke an agreement it made with Apple by publishing a "research" app for iPhone users that allowed the social giant to collect all kinds of personal data about those users, TechCrunch reported Tuesday. The app allowed Facebook to track users' app history, their private messages and their location data. Facebook's research effort reportedly targeted users as young as 13 years old.

As of last summer, apps that collect that kind of data are against Apple's privacy guidelines. That means Facebook couldn't make this research app available through the App Store, which would have required Apple approval. Instead, Facebook apparently took advantage of Apple's "Developer Enterprise Program," which lets approved Apple partners, like Facebook, test and distribute apps specifically for their own employees. In those cases, the employees can use third-party services to download beta versions of apps that aren't available to the general public. Update: The Verge reports: Apple has shut down Facebook's ability to distribute internal iOS apps, from early releases of the Facebook app to basic tools like a lunch menu. A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release "dogfood" (beta) apps have stopped working, as have other employee apps, like one for transportation. Facebook is treating this as a critical problem internally, we're told, as the affected apps simply don't launch on employees' phones anymore. Update 2: Apple says it shut down Facebook's app before the social company could voluntarily shut it down -- contrary to an earlier statement by Facebook, in which it said it was shutting down the app.

A new report from TechCrunch details how "desperate" Facebook is for data on its competitors. The social media company "has been secretly paying people to install a 'Facebook Research' VPN that lets the company suck in all of a user's phone and web activity," a TechCrunch investigation confirms. "Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity." From the report: Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android "Facebook Research" app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook's involvement, and is referred to in some documentation as "Project Atlas" a fitting name for Facebook's effort to map new trends and rivals around the globe.

We asked Guardian Mobile Firewall's security expert Will Strafach to dig into the Facebook Research app, and he told us that "If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps -- including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." It's unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user's device once they install the app.

Amazon announced today a plan to fund computer science classes in more than 130 New York City area high schools. Specifically, Amazon will fund both introductory and Advanced Placement (AP) classes across all five NYC boroughs, including more than 30 schools in Queens, near its new headquarters. From a report: The courses will be supported by the Amazon Future Engineer program, whose stated goal is to bring more than 10 million kids to computer science per year, and fund computer science courses for over 100,000 underprivileged kids in 2,000 low-income high schools in the U.S. It also awards 100 students per year with four-year $10,000 scholarships and offers internships at Amazon.

The funding for the New York area schools will cover preparatory lessons, tutorials and professional development for teachers, says Amazon, as well as offer sequenced and paced digital curriculum for students, and live online support for both teachers and students. All participating students will also receive a free membership to AWS Educate, which offers free computing power in the AWS Cloud for coding projects.

Facebook Moments, the standalone mobile app designed to let users privately share photos and videos, is shutting down next month. "Facebook confirmed the app's services will end February 25," reports TechCrunch. "Facebook decided to end support for the app, which hasn't been updated in some time, because people weren't using it." From the report: Moments, which first launched in 2015, has seen some competition from other Facebook products recently, which might have led to its demise. For instance, Facebook built out its Stories feature, which includes a direct sharing option. That option, while designed for one-offs and not whole albums, did allow users to bypass the Moments app entirely in order to privately send photos with a select friend or friends. Users also have the option to share any of their photos from the app as Albums on Facebook. If someone downloads the app to an Album, the privacy setting will default to "Only Me" but a user always has the option to share it with friends. Facebook says it will continue to incorporate options for saving memories within the Facebook app, as well. "We're ending support for the Moments app, which we originally launched as a place for people to save their photos. We know the photos people share are important to them so we will continue offering ways to save memories within the Facebook app," Rushabh Doshi, director of product management said in a statement. If you're a Moments user, you should see a message warning you about the app's demise. You can either export your photos from any device, or create a private album on your Facebook account to retrieve your photos.

An anonymous reader quotes a report from TechCrunch: [M]illions of documents were found leaking after an exposed Elasticsearch server was found without a password. The documents contained highly sensitive financial data on tens of thousands of individuals who took out loans or mortgages over the past decade with U.S. financial institutions. The documents were converted using a technology called OCR from their original paper documents to a computer readable format and stored in the database, but they weren't easy to read. That said, it was possible to discern names, addresses, birth dates, Social Security numbers and other private financial data by anyone who knew where to find the server. Independent security researcher Bob Diachenko and TechCrunch traced the source of the leaking database to a Texas-based data and analytics company, Ascension. When reached, the company said that one of its vendors, OpticsML, a New York-based document management startup, had mishandled the data and was to blame for the data leak.

It turns out that data was exposed again -- but this time, it was the original documents. Diachenko found the second trove of data in a separate exposed Amazon S3 storage server, which too was not protected with a password. Anyone who went to an easy-to-guess web address in their web browser could have accessed the storage server to see -- and download -- the files stored inside. The bucket contained 21 files containing 23,000 pages of PDF documents stitched together -- or about 1.3 gigabytes in size. Diachenko said that portions of the data in the exposed Elasticsearch database on Wednesday matched data found in the Amazon S3 bucket, confirming that some or all of the data is the same as what was previously discovered. Like in Wednesday's report, the server contained documents from banks and financial institutions across the U.S., including loans and mortgage agreements. We also found documents from the U.S. Department of Housing and Urban Development, as well as W-2 tax forms, loan repayment schedules and other sensitive financial information. Many of the files also contained names, addresses, phone numbers, Social Security numbers and more.

An anonymous reader quotes a report from TechCrunch: [M]illions of documents were found leaking after an exposed Elasticsearch server was found without a password. The documents contained highly sensitive financial data on tens of thousands of individuals who took out loans or mortgages over the past decade with U.S. financial institutions. The documents were converted using a technology called OCR from their original paper documents to a computer readable format and stored in the database, but they weren't easy to read. That said, it was possible to discern names, addresses, birth dates, Social Security numbers and other private financial data by anyone who knew where to find the server. Independent security researcher Bob Diachenko and TechCrunch traced the source of the leaking database to a Texas-based data and analytics company, Ascension. When reached, the company said that one of its vendors, OpticsML, a New York-based document management startup, had mishandled the data and was to blame for the data leak.

It turns out that data was exposed again -- but this time, it was the original documents. Diachenko found the second trove of data in a separate exposed Amazon S3 storage server, which too was not protected with a password. Anyone who went to an easy-to-guess web address in their web browser could have accessed the storage server to see -- and download -- the files stored inside. The bucket contained 21 files containing 23,000 pages of PDF documents stitched together -- or about 1.3 gigabytes in size. Diachenko said that portions of the data in the exposed Elasticsearch database on Wednesday matched data found in the Amazon S3 bucket, confirming that some or all of the data is the same as what was previously discovered. Like in Wednesday's report, the server contained documents from banks and financial institutions across the U.S., including loans and mortgage agreements. We also found documents from the U.S. Department of Housing and Urban Development, as well as W-2 tax forms, loan repayment schedules and other sensitive financial information. Many of the files also contained names, addresses, phone numbers, Social Security numbers and more.

In a blog post, Google clarified the timeline of the transition from classic Hangouts to Chat and Meet for its paying G Suite customers. "For them, the Hangouts retirement party will start in October of this year," reports TechCrunch. From the report: For consumers, the situation remains unclear, but Google says there will be free versions of Chat and Meet that will become available "following the transition of G Suite customers." As of now, there is no timeline, so for all we know, Hangouts will remain up and running into 2020. As for G Suite users, Google says it will start bringing more features from classic Hangouts to Chat between April and September. Those include integration with Gmail, the ability to talk to external users, improved video calling and making calls with Google Voice.

TechCrunch's Devin Coldeway picks apart a new study by Oxford scientists that questions the basis of thousands of papers and analyses with conflicting conclusions on the effect of screen time on well-being. "The researchers claim is that the science doesn't agree because it's bad science," Coldeway writes. "So is screen time good or bad? It's not that simple." From the report: Their concern was that the large data sets and statistical methods employed by researchers looking into the question -- for example, thousands and thousands of survey responses interacting with weeks of tracking data for each respondent -- allowed for anomalies or false positives to be claimed as significant conclusions. It's not that people are doing this on purpose necessarily, only that it's a natural result of the approach many are taking. "Unfortunately," write the researchers in the paper, "the large number of participants in these designs means that small effects are easily publishable and, if positive, garner outsized press and policy attention."

In order to show this, the researchers essentially redid the statistical analysis for several of these large data sets (Orben explains the process here), but instead of only choosing one result to present, they collected all the plausible ones they could find. For example, imagine a study where the app use of a group of kids was tracked, and they were surveyed regularly on a variety of measures. The resulting (fictitious, I hasten to add) paper might say it found kids who use Instagram for more than two hours a day are three times as likely to suffer depressive episodes or suicidal ideations. What the paper doesn't say, and which this new analysis could show, is that the bottom quartile is far more likely to suffer from ADHD, or the top five percent reported feeling they had a strong support network. [...] Ultimately what the Oxford study found was that there is no consistent good or bad effect, and although a very slight negative effect was noted, it was small enough that factors like having a single parent or needing to wear glasses were far more important. "[T]he study does not conclude that technology has no negative or positive effect; such a broad conclusion would be untenable on its face," Coldeway writes. "The data it rounds up are simply inadequate to the task and technology use is too variable to reduce to a single factor. Its conclusion is that studies so far have in fact bee inconclusive and we need to go back to the drawing board."

Uber is looking to integrate autonomous technology into its bike and scooter-share programs. Details are scarce, but according to 3D Robotics CEO Chris Anderson, who said Uber announced this at a DIY Robotics event over the weekend, the division will live inside Uber's JUMP group, which is responsible for shared electric bikes and scooters. From a report: The new division, Micromobility Robotics, will explore autonomous scooters and bikes that can drive themselves to be charged, or drive themselves to locations where riders need them. The Telegraph has since reported Uber has already begun hiring for this team. "The New Mobilities team at Uber is exploring ways to improve safety, rider experience, and operational efficiency of our shared electric scooters and bicycles through the application of sensing and robotics technologies," Uber's ATG wrote in a Google Form seeking information from people interested in career opportunities.

Tomorrow Facebook will encounter a slew of fresh complexities with the launch of Community Actions, its News Feed petition feature. From a report: Community Actions could unite neighbors to request change from their local and national elected officials and government agencies. But it could also provide vocal interest groups a bully pulpit from which to pressure politicians and bureaucrats with their fringe agendas. Community Actions embodies the central challenge facing Facebook. Every tool it designs for positive expression and connectivity can be subverted for polarization and misinformation. Facebook's membership has swelled into such a ripe target for exploitation that it draws out the worst of humanity. You can imagine misuses like "Crack down on [minority group]" that are offensive or even dangerous but some see as legitimate. The question is whether Facebook puts in the forethought and aftercare to safeguard its new tools with proper policy and moderation. Otherwise each new feature is another liability.

Community Actions start to roll out to the US tomorrow after several weeks of testing in a couple of markets. Users can add a title, description, and image to their Community Action, and tag relevant government agencies and officials who'll be notified. The goal is to make the Community Action go viral and get people to hit the "Support" button. Community Actions have their own discussion feed where people can leave comments, create fundraisers, and organize Facebook Events or Call Your Rep campaigns. Facebook displays the numbers of supporters behind a Community Action, but you'll only be able to see the names of those you're friends with or that are Pages or public figures.

Researchers at cybersecurity firm Check Point say three vulnerabilities chained together could have allowed hackers to take control of any of Fortnite's 200 million players. "The flaws, if exploited, would have stolen the account access token set on the gamer's device once they entered their password," reports TechCrunch. "Once stolen, that token could be used to impersonate the gamer and log in as if they were the account holder, without needing their password." From the report: The researchers say that the flaw lies in how Epic Games, the maker of Fortnite, handles login requests. Researchers said they could send any user a crafted link that appears to come from Epic Games' own domain and steal an access token needed to break into an account.

Here's how it works: The user clicks on a link, which points to an epicgames.com subdomain, which the hacker embeds a link to malicious code on their own server by exploiting a cross-site weakness in the subdomain. Once the malicious script loads, unbeknownst to the Fortnite player, it steals their account token and sends it back to the hacker. "If the victim user is not logged into the game, he or she would have to log in first," a researcher said. "Once that person is logged in, the account can be stolen." Epic Games has since fixed the vulnerability.

The iconic Motorola RAZR might be making a comeback as a $1,500 foldable screen smartphone, and it could launch as early as February, according to a new report from The Wall Street Journal. From a report: The price point puts the handset north of even Apple and Samsung's flagships, at $1,500. Of course, there isn't really a standardized price point for the emerging foldables category yet. The Royole FlexPai starts at around $1,300 -- not cheap, especially for a product from a relative unknown. And Samsung, the next on the list to embrace the foldable, has never been afraid to hit a premium price point. Ultimately, $1,500 could well be standard for these sorts of products. Whether or not consumers are willing to pay that, however, is another question entirely.

The Model 3 will be entered into Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest. The prize for the winning security researchers: a Model 3. TechCrunch reports: Pwn2Own, which is in its 12th year and run by Trend Micro's Zero Day Initiative, is known as one of the industry's toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program. Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, will be held March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category. The targets, chosen by ZDI, include software products from Apple, Google, Microsoft, Mozilla, Oracle and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference. There will be "more than $900,000 worth of prizes available for attacks that subvert a variety of [the Model 3's] onboard systems," reports Ars Technica. "The biggest prize will be $250,000 for hacks that execute code on the car's getaway, autopilot, or VCSEC."

"A gateway is the central hub that interconnects the car's powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm."

Volkswagen will spend $800 million to expand a U.S. factory that will produce the automaker's next generation of electric vehicles. "The factory in Chattanooga, Tenn. will be the company's North American base for manufacturing electric vehicles," reports TechCrunch. "The expansion is expected to create 1,000 jobs at the plant." From the report: VW's Chattanooga expansion is just a piece of the automaker's broader plan to move away from diesel in the wake of the emissions cheating scandal that erupted in 2015. Globally, VW Group plans to commit almost $50 billion through 2023 toward the development and production of electric vehicles and digital services. The Volkswagen brand (so not including its Audi or Porsche brands) alone has forecasted selling 150,000 EVs by 2020 worldwide, increasing that number to 1 million by 2025.

The Tennessee factory (along with the other new facilities) will produce EVs using Volkswagen's modular electric toolkit chassis, or MEB, introduced by the company in 2016. The MEB is a flexible modular system -- really a matrix of common parts -- for producing electric vehicles that VW says make it more efficient and cost-effective. Electric vehicle production at the Tennessee site will begin in 2022. However, Volkswagen of America says it will offer the first EV based on the MEB platform to customers in 2020.This EV will be a series-production version of the I.D. CROZZ SUV concept that was first shown at the North American International Auto Show last year. This vehicle will have the interior space of a midsize SUV in the footprint of a compact SUV. Volkswagen of America will also offer a multi-purpose EV based off the I.D. BUZZ concept. This EV will be a series-production version of the I.D. CROZZ SUV concept that was first shown at the North American International Auto Show last year. This vehicle will have the interior space of a midsize SUV in the footprint of a compact SUV. Volkswagen of America will also offer a multi-purpose EV based off the I.D. BUZZ concept.

A security researcher has found, reported and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer's account from some of the largest web hosting companies on the internet. From a news report: In some cases, clicking on a simple link would have been enough for Paulos Yibelo, a well-known and respected bug hunter, to take over the accounts of anyone using five large hosting providers -- Bluehost, DreamHost, Hostgator, OVH and iPage. "All five had at least one serious vulnerability allowing a user account hijack," he told TechCrunch, with which he shared his findings before going public. The results of his vulnerability testing likely wouldn't fill customers with much confidence. The bugs, now fixed -- according to Yibelo's writeup -- represent cases of aging infrastructure, complicated and sprawling web-based back-end systems and companies each with a massive user base -- with the potential to go easily wrong. In all, the bugs could have been used to target any number of the collective two million domains under Endurance-owned Bluehost, Hostgator and iPage, DreamHost's one million domains and OVH's four million domains -- totaling some seven million domains.

Lucas Matney writes via TechCrunch: Improbable is taking a daring step after announcing earlier today that Unity had revoked its license to operate on the popular game development engine. The U.K.-based cloud gaming startup has inked a late-night press release with Unity rival Epic Games, which operates the Unreal Engine and is the creator of Fortnite, establishing a $25 million fund designed to help game developers move to "more open engines." This is pretty bold on Improbable's part and seems to suggest that Unity didn't give them a call after Improbable published a blog post that signed off with, "You [Unity] are an incredibly important company and one bad day doesn't take away from all you've given us. Let's fix this for our community, you know our number."

Unity, for its part, claims that they gave Improbable ample notice that they were in violation of their Terms of Service and that the two had been deep in a "partnership" agreement that obviously fell short. The termination of Improbable's Unity license essentially cut them off from a huge portion of indie developers who build their stuff on Unity. Epic Games CEO Tim Sweeney was quick to jump on the news earlier today, rebuking Unity's actions. "Epic Games' partnership with Improbable, and the integration of Improbable's cloud-based development platform SpatialOS, is based on shared values, and a shared belief in how companies should work together to support mutual customers in a straightforward, no-surprises way," the blog post reads.

Lucas Matney writes via TechCrunch: Improbable is taking a daring step after announcing earlier today that Unity had revoked its license to operate on the popular game development engine. The U.K.-based cloud gaming startup has inked a late-night press release with Unity rival Epic Games, which operates the Unreal Engine and is the creator of Fortnite, establishing a $25 million fund designed to help game developers move to "more open engines." This is pretty bold on Improbable's part and seems to suggest that Unity didn't give them a call after Improbable published a blog post that signed off with, "You [Unity] are an incredibly important company and one bad day doesn't take away from all you've given us. Let's fix this for our community, you know our number."

Unity, for its part, claims that they gave Improbable ample notice that they were in violation of their Terms of Service and that the two had been deep in a "partnership" agreement that obviously fell short. The termination of Improbable's Unity license essentially cut them off from a huge portion of indie developers who build their stuff on Unity. Epic Games CEO Tim Sweeney was quick to jump on the news earlier today, rebuking Unity's actions. "Epic Games' partnership with Improbable, and the integration of Improbable's cloud-based development platform SpatialOS, is based on shared values, and a shared belief in how companies should work together to support mutual customers in a straightforward, no-surprises way," the blog post reads.

Google has discontinued the Chromecast Audio dongle that allowed you to stream music via Wi-Fi to any dumb speaker with a 3.5mm headphone jack. If you're saddened by the news and would like to pick one up before they're completely gone, Google is now selling its remaining inventory for $15 instead of $35. TechCrunch reports: "Our product portfolio continues to evolve, and now we have a variety of products for users to enjoy audio," Google told us in a statement. "We have therefore stopped manufacturing our Chromecast Audio products. We will continue to offer assistance for Chromecast Audio devices, so users can continue to enjoy their music, podcasts and more."

Google is clearly more interested in getting people to buy its Google Home products and Assistant- or Cast-enabled speakers from its partners. It's also worth noting that all Google Home devices can connect to Bluetooth enabled speakers, though plenty of people surely have a nice speaker setup at home that doesn't have built-in Bluetooth support. "Bluetooth adapters suck," Google told us at the time, though at this point, it seems a Bluetooth adapter may just be the way to go.

An anonymous reader quotes a report from ZDNet: Amazon Web Services (AWS) has announced a fully-managed document database service, building the Amazon DocumentDB (with MongoDB compatibility) to support existing MongoDB workloads. The cloud giant said developers can use the same MongoDB application code, drivers, and tools as they currently do to run, manage, and scale workloads on Amazon DocumentDB. Amazon DocumentDB uses an SSD-based storage layer, with 6x replication across three separate Availability Zones. This means that Amazon DocumentDB can failover from a primary to a replica within 30 seconds, and supports MongoDB replica set emulation so applications can handle failover quickly. Each MongoDB database contains a set of collections -- similar to a relational database table -- with each collection containing a set of documents in BSON format. Amazon DocumentDB is compatible with version 3.6 of MongoDB and storage can be scaled from 10 GB up to 64 TB in increments of 10 GB. The new offering implements the MongoDB 3.6 API that allows customers to use their existing MongoDB drivers and tools with Amazon DocumentDB. In a separate report, TechCrunch's Frederic Lardinois says AWS is "giving open source the middle finger" by "taking the best open-source projects and re-using and re-branding them without always giving back to those communities."

"The wrinkle here is that MongoDB was one of the first companies that aimed to put a stop to this by re-licensing its open-source tools under a new license that explicitly stated that companies that wanted to do this had to buy a commercial license," Frederic writes. "Since then, others have followed."

"Imitation is the sincerest form of flattery, so it's not surprising that Amazon would try to capitalize on the popularity and momentum of MongoDB's document model," MongoDB CEO and president Dev Ittycheria told us. "However, developers are technically savvy enough to distinguish between the real thing and a poor imitation. MongoDB will continue to outperform any impersonations in the market."

During a small press gathering at CES in Las Vegas today, Nvidia CEO Jensen Huang said the company doesn't have any plans to resurrect the Shield Tablet, which launched in 2014, was last refreshed in 2015 and officially discontinued last year. "Shield TV is still unquestionably the best Android TV in the world," he said. "We have updated the software now over 30 times. People are blown away by how much we continue to enhance it." And more (unspecified) enhancements are coming, he said. TechCrunch reports: On the mobile side, though, the days of the Shield Tablet are very much over, especially now that the Nintendo Switch, which uses Nvidia's Tegra chips, has really captured that market. "We are really committed to [Shield TV], but on mobile devices, we don't think it's necessary," Huang said. "We would only build things not to gain market share. Nvidia is not a "take somebody else's market share company.' I think that's really angry. It's an angry way to run a business. Creating new markets, expanding the horizon, creating things that the world doesn't have, that's a loving way to build a business."

He added that this is the way to inspire employees, too. Just copying competitors and maybe selling a product cheaper, though, does nothing to motivate employees and is not what Nvidia is interested in. Of course, Huang left the door open to a future tablet if it made sense -- though he clearly doesn't think it does today. He'd only do so, "if the world needs it. But at the moment, I just don't see it. I think Nintendo did such a great job."

Cambridge Analytica's parent company, SCL Elections, has been fined 15,000 Pound (roughly $19,000) in a UK court after pleading guilty to failing to comply with an enforcement notice issued by the national data protection watchdog, the Guardian reports. From a report: While the fine itself is a small and rather symbolic one, given the political data analytics firm went into administration last year, the implications of the prosecution are more sizeable. Last year the Information Commissioner's Office ordered SCL to hand over all the data it holds on U.S. academic, professor David Carroll, within 30 days. After the company failed to do so it was taken to court by the ICO. Prior to Cambridge Analytica gaining infamy for massively misusing Facebook user data, the company, which was used by the Trump campaign, claimed to have up to 7,000 data points on the entire U.S. electorate -- circa 240M people. So Carroll's attempt to understand exactly what data the company had on him, and how the information was processed to create a voter profile of it, has much wider relevance.

A new program at DARPA is aimed at creating a machine learning system that can sift through the innumerable events and pieces of media generated every day and identify any threads of connection or narrative in them. It's called KAIROS: Knowledge-directed Artificial Intelligence Reasoning Over Schemas. From a report: "Schema" in this case has a very specific meaning. It's the idea of a basic process humans use to understand the world around them by creating little stories of interlinked events. For instance when you buy something at a store, you know that you generally walk into the store, select an item, bring it to the cashier, who scans it, then you pay in some way, and then leave the store. This "buying something" process is a schema we all recognize, and could of course have schemas within it (selecting a product; payment process) or be part of another schema (gift giving; home cooking).

Although these are easily imagined inside our heads, they're surprisingly difficult to define formally in such a way that a computer system would be able to understand. They're familiar to us from long use and understanding, but they're not immediately obvious or rule-bound, like how an apple will fall downwards from a tree at a constant acceleration. And the more data there are, the more difficult it is to define. Buying something is comparatively simple, but how do you create a schema for recognizing a cold war, or a bear market? That's what DARPA wants to look into.

Verizon and T-Mobile are calling out AT&T for starting a shady marketing tactic that labeled its 4G network as a 5G network. "In an open letter, in which AT&T is not named directly, Verizon says in part 'the potential to over-hype and under-deliver on the 5G promise is a temptation that the wireless industry must resist,'" reports TechCrunch. Meanwhile, T-Mobile directly called out AT&T, tweeting a short video of someone putting a sticky note reading "9G" on top of their iPhone's LTE icon. The Verge reports: The promise comes right as AT&T has started to roll out updates doing exactly that: changing the "LTE" icon in the corner of select phones into an icon reading "5G E." One might assume that a "5G E" connection is the same thing as a "5G" connection, but it's not. AT&T is just pretending that the faster portions of its LTE network are 5G and is trying to get a head start on the 5G marketing race by branding it "5G Evolution." T-Mobile isn't happy about the marketing nonsense either. Its CTO, Neville Ray, wrote that AT&T was "duping customers."

Verizon says it's "calling on the broad wireless industry to commit to labeling something 5G only if new device hardware is connecting to the network using new radio technology to deliver new capabilities" (emphasis Verizon's). Kyle Malady, Verizon's chief technical officer, says Verizon will lead by example and that "a clear, consistent, and simple understanding of 5G" is needed so consumers don't have to "maneuver through marketing double-speak or technical specifications." Malady says Verizon will "not call our 4G network a 5G network if customers don't experience a performance or capability upgrade that only 5G can deliver." But that isn't the same thing as saying "we won't label our network 5G unless it's 5G." In fact, if you turn that sentence into a positive statement, it says "we will only call our 4G network a 5G network if it delivers a 5G-like experience." The Verge notes that Verizon "has also been misleading about its jump into 5G." Last year, Big Red bragged about launching the "world's first commercial 5G service," even though "it wasn't mobile; it was home internet service that just happened to be delivered wirelessly during the final stretch to a subscriber's home; and it didn't use the global 5G standard -- it used a rival 5G standard created by Verizon."

GitHub has always offered free accounts, but users were forced to make their code public. To get private repositories, you had to pay. Now, as TechCrunch reports, "Free GitHub users now get unlimited private projects with up to three collaborators." From the report: The amount of collaborators is really the only limitation here and there's no change to how the service handles public repositories, which can still have unlimited collaborators. This feels like a sign of goodwill on behalf of Microsoft, which closed its acquisition of GitHub last October, with former Xamarin CEO Nat Friedman taking over as GitHub's CEO.

Talking about teams, GitHub also today announced that it is changing the name of the GitHub Developer suite to 'GitHub Pro.' The company says it's doing so in order to "help developers better identify the tools they need." But what's maybe even more important is that GitHub Business Cloud and GitHub Enterprise (now called Enterprise Cloud and Enterprise Server) have become one and are now sold under the 'GitHub Enterprise' label and feature per-user pricing. In response, GitLab CEO Sid Sijbrandij said: "GitHub today announced the launch of free private repositories with up to three collaborators. GitLab has offered unlimited collaborators on private repositories since the beginning. We believe Microsoft is focusing more on generating revenue with Azure and less on charging for DevOps software. At GitLab, we believe in a multi-cloud future where organizations use multiple public cloud platforms."

One of the 2019 TV models LG outlined at its CES press conference today was the LG Signature OLED TV R (65R9), which has a display that can roll up and disappear into its base when you're not using it. "LG calls the TV 'a revolutionary innovation that helps address the very human need for an aesthetically pleasing environment' and says it is 'redefining space' to offer unprecedented levels of 'immersion' and 'a new level of space integration,'" reports Ars Technica. From the report: LG says to expect picture quality on par with its just-announced 2019 4K OLED lineup. That means 120Hz and AI image processing using LG's new Alpha 9 Gen 2 CPU. The TV's base -- the same one it rolls into -- houses a 4.2-channel, 100-watt soundbar with Dolby Atmos support. Additionally, the TV doesn't have to scroll all the way in. As seen in one of the images at the start of this article, it can fold down to what LG calls "Line View." This has five modes: music, clock, frame, mood, and home dashboard. Music offers an interface for playing music from the base. Clock shows the time, date, and weather. Frame displays a scrolling line of photos streamed from your smartphone, which is the mode in the photo above. The mood mode is for aesthetics, and home dashboard will allow access to some of LG's usual TV software features. No price has been announced yet, but TechCrunch reports that it could cost more than the 8K TV LG announced last week, which will compete directly with Samsung's $15,000 8K offering. LG says the Signature OLED TV R will be available for purchase in the second half of the year.

An anonymous reader quotes a report from TechCrunch: Babble, a parenting blog that Disney acquired reportedly for about $40 million to help it target hipster parents, quietly ceased publishing in the middle of December, TechCrunch has learned. "For everything there is a season, and after more than a decade of serving as a community and resource for parents, Babble will be saying goodbye," reads a post from the site's editors. "To all the moms, dads, family, friends, writers, and readers who supported us -- thank you. We are so grateful for the time spent sharing your stories and your lives, through all the ups and downs of raising tiny humans."

When Disney acquired Babble -- originally spun out from a (now-defunct) dating website called Nerve.com -- in 2011, it was part of a bigger push at the media giant to built up a stock of content properties to target younger parents, the kind that turn to online media for parenting advice and inspiration. The idea was that Disney would populate the site with lots of evergreen content aimed at savvy middle class parents -- recent articles included a post on soft-serve pickle-flavored ice cream and kids nailing 80s-style Halloween costumes -- to help it build a connection to these consumers that would lead, over time, to trusting and using and exposing kids to other Disney products as they grew up. But times have changed. The Disney Interactive Media Group that housed Babble doesn't exist as such anymore -- and Babble's two founders, Rufus Griscom and Alicia Volkman, moved on years ago from Disney.

Days after Amazon revealed that 100 million Alexa-enabled devices have been sold, Google said today that it expects the billionth device with its AI Assistant to be sold later this month. From a report: Ahead of CES this morning, Google dropped a little stat update: Google expects Assistant to be on 1 billion devices total by the end of this month. That's up from around 400M devices this time a year ago. Google first announced Assistant back in May of 2016. By October of that year, they'd rolled it out to the Pixel/Pixel XL; nowadays, it's on TVs, smart speakers, tablets, smart watches, and just about every new Android phone that hits the market.

Early last year, Netflix allowed some iOS users in more than two dozen markets to bypass the iTunes payment method as part of an experiment. The streaming company is now incorporating the change globally, curbing a $256 million revenue stream for Apple. "According to new data compiled by Sensor Tower, Netflix grossed $853 million in 2018 on the iOS App Store," reports TechCrunch. "Based on that figure, Apple's take would have been around $256 million, the firm said." The new policy change allows Netflix to avoid paying the 15% levy that Apple charges on in-app subscriptions. From a report: "We no longer support iTunes as a method of payment for new members," a Netflix spokesperson told VentureBeat. Existing members, however, can continue to use iTunes as a method of payment, the spokesperson added.

The company did not share exactly when it rolled out the change globally, but a support representative VentureBeat spoke with pegged the timeframe as late last month. Additionally, the support rep added that customers who are rejoining Netflix using an iOS device, after having canceled payment for at least one month, also won't be able to use iTunes billing. The move, which will allow Netflix to keep all proceeds from its new paying iPhone and iPad customers, underscores the tension between developers and the marquee distributors of mobile apps -- Apple and Google.

This year Fortnite became the world's most popular game, growing its parent company, Epic Games' valuation to $15 billion. It also helped the company pile up cash. Epic grossed a $3 billion profit for this year fueled by the continued success of Fortnite, TechCrunch reported Thursday, citing a person with knowledge of the business. From the report: Fortnite, which is free to play but makes money selling digital items, has popularized the battle royale category -- think Lord of the Flies meets Hunger Games -- almost single-handedly, and it has been the standout title for the U.S.-based game publisher. Founded way back in 1991, Epic hasn't given revenue figures for its smash hit -- which has 125 million players -- but this new profit milestone, combined with other pieces of data, gives an idea of the success the company is seeing as a result of a prescient change in strategy made six years ago.

An anonymous reader shares a column: I've been trying to figure out why the removal of the headphone port bugs me more than other ports that have been unceremoniously killed off, and I think it's because the headphone port almost always only made me happy. Using the headphone port meant listening to my favorite album, or using a free minute to catch the latest episode of a show, or passing an earbud to a friend to share some new tune. It enabled happy moments and never got in the way.

Now every time I want to use my headphones, I just find myself annoyed. Bluetooth? Whoops, forgot to charge them. Or whoops, they're trying to pair with my laptop even though my laptop is turned off and in my backpack. Dongle? Whoops, left it on my other pair of headphones at work. Or whoops, it fell off somewhere, and now I've got to go buy another one. I'll just buy a bunch of dongles, and put them on all my headphones! I'll keep extras in my bag for when I need to borrow a pair of headphones. That's just like five dongles at this point, problem solved! Oh, wait: now I want to listen to music while I fall asleep, but also charge my phone so it's not dead in the morning. That's a different, more expensive splitter dongle (many of which, I've found, are poorly made garbage).

An anonymous reader shares a column: I've been trying to figure out why the removal of the headphone port bugs me more than other ports that have been unceremoniously killed off, and I think it's because the headphone port almost always only made me happy. Using the headphone port meant listening to my favorite album, or using a free minute to catch the latest episode of a show, or passing an earbud to a friend to share some new tune. It enabled happy moments and never got in the way.

Now every time I want to use my headphones, I just find myself annoyed. Bluetooth? Whoops, forgot to charge them. Or whoops, they're trying to pair with my laptop even though my laptop is turned off and in my backpack. Dongle? Whoops, left it on my other pair of headphones at work. Or whoops, it fell off somewhere, and now I've got to go buy another one. I'll just buy a bunch of dongles, and put them on all my headphones! I'll keep extras in my bag for when I need to borrow a pair of headphones. That's just like five dongles at this point, problem solved! Oh, wait: now I want to listen to music while I fall asleep, but also charge my phone so it's not dead in the morning. That's a different, more expensive splitter dongle (many of which, I've found, are poorly made garbage).

Remote teams incorrectly overwrote data developed by volunteer mappers in Thailand. TechCrunch reports: Grab, Southeast Asia's top ride-hailing company, has hit a roadblock in its efforts to improve its mapping and routing service after running into trouble with OpenStreetMap, the world's largest collaborative mapping community, through a series of blundering edits in Thailand. Grab, which gobbled up Uber's local business in exchange for an equity swap earlier this year, has busily added details and upgraded the maps it uses across its eight markets in Southeast Asia. Accurate maps are, of course, essential to a smooth ride-hailing experience for Grab's 125 million registered users. Without accurate location details, ensuring that drivers and passengers can easily rendezvous becomes nearly impossible.

Grab's effort to improve the never-ending quest of more accurate maps involves a multi-input approach that uses Google Maps as the base with Grab adding in its own information -- "points of interest" cultivated through customer feedback and groundwork -- and other public or licensed information. However, what appears to be a focus on speed has seen it suspend all activities in Thailand -- Southeast Asia's second-largest economy -- after it was found to have overwritten data developed by OpenStreetMap (OSM) with inaccurate edits that were created by a remote team based in India. Established in 2006, OSM's mission is to "make the best map data set of the world" and it makes its data, which is developed by more than two million volunteers from across the world, available for use without charge.

An India-based team from GlobalLogic, an outsourced software firm contracted by Grab, made dozens of edits in recent months that overwrote information created by OSM members, who voluntarily map streets by visiting them in person. Grab suspended work in Thailand by the GlobalLogic team after OSM members complained about numerous incorrect edits in OSM forum posts. Unlike the hobbyist mappers who collect data in person, the Grab contractors used satellite imagery to "correct" local map details in Thailand which, in fast-changing cities like Bangkok, meant that their work was incorrect because it relied on out-of-date sources.

Where are you? That's not just a metaphysical question, but increasingly a geopolitical challenge that is putting tech giants like Apple and Alphabet in a tough position. From a report: Countries around the world, including China, Japan, India and the United Kingdom plus the European Union are exploring, testing and deploying satellites to build out their own positioning capabilities. That's a massive change for the United States, which for decades has had a practical monopoly on determining the location of objects through its Global Positioning System (GPS), a military service of the Air Force built during the Cold War that has allowed commercial uses since mid-2000 (for a short history of GPS, check out this article, or for the comprehensive history, here's the book-length treatment).

Owning GPS has a number of advantages, but the first and most important is that global military and commercial users depend on this service of the U.S. government, putting location targeting ultimately at the mercy of the Pentagon. The development of the technology and the deployment of positioning satellites also provides a spillover advantage for the space industry. Today, the only global alternative to that system is Russia's GLONASS, which reached full global coverage a couple of years ago following an aggressive program by Russian president Vladimir Putin to rebuild it after it had degraded following the break-up of the Soviet Union. Now, a number of other countries want to reduce their dependency on the U.S. and get those economic benefits. Perhaps no where is that more obvious than with China, which has made building out a global alternative to GPS a top national priority. Its Beidou navigation system has been slowly building up since 2000, mostly focused on providing service in Asia.