How TechCrunch+ followed the venture dollars in 2022

When looking at how TechCrunch+ covered venture in 2022, we didn’t see a lot of positive news. We saw layoffs, demands for growth at all costs, VCs sitting on mountains of cash and low funding for minority groups — again. While some of these things may seem contradictory, that’s what VCs thrive on.

Let’s get into our top TechCrunch+ venture stories of 2022:

The power pendulum is swinging back to employers, isn’t it?

Layoffs swept through the tech industry all year long.

Natasha Mascarenhas spoke with Nolan Church, who helped lead Carta’s 2020 layoffs as its chief people officer. However, we’re going to see more layoffs in the new year. Church “estimates that another 30,000 to 40,000 tech employees around the world will be laid off in Q1 2023 — a number that follows the more than 100,000 layoffs so far in 2022, according to layoffs.fyi data,” Natasha reported.

Yeah, no, most VCs still don’t really care about your path to profitability

In 2021, startups were directed to grow at all costs. They overhired and had inefficient customer acquisition, but venture capitalists funded them. This year, we saw something a bit different. Rebecca Szkutak reports that VCs decided that using up cash in the name of growth may not have been the best plan. But did we see VCs follow through on their demands?

Move over, operators — consultants are the new nontraditional VC

Startup consulting firms are raising venture funds on their own to have a stake in companies they’ve already partnered with. It’s a little more complicated than that, but Rebecca raises the question, “Why are so many consultant-led venture capital funds launching now?” It turns out startups were asking them to.

Amid record dry powder, VCs are determined to fund anything but you

While we may have seen startup consultant firms handing out money, we didn’t see the same from traditional VCs, even though they have the money to do so. Beginning in 2020, there was a lot of talk about funding more historically unrepresented groups — but we haven’t seen VCs put their money where their mouths are. However, they are funding some people. As Rebecca puts it, “Because they aren’t backing no one — they’re just backing everyone but you.”

Black startup founders raised just $187 million in the third quarter

Dominic-Madori Davis looked into the amount of capital Black entrepreneurs raised in Q3 of 2022. To put things into perspective, Dom wrote, “Adam Neumann raised more in one round than all Black founders could in one quarter. Adele is worth $220 million. However, these numbers are not necessarily surprising. TechCrunch reported investors often retreat to their networks amid economic downturns, taking fewer risks on minorities.” Dom will be keeping tabs on this data in 2023.

How TechCrunch+ followed the venture dollars in 2022 by Miranda Halpern originally published on TechCrunch

5 of the best apps to track your reading and discover new books

As 2022 comes to a close, you may be looking for the best reads of the year that you might have missed, or you may want to start compiling a list of books you want to read in the new year. There are numerous apps out there that are designed to help you keep track of your reading and discover new books, so we compiled a list of some of the best ones to help you pick one that’s to your liking.

Some of the apps on this list are somewhat new, while others have been around for a few years. Amazon-owned Goodreads, which is arguably the most popular book-related app, isn’t included in this list because we’re focusing on newer, lesser-known platforms.

StoryGraph

Image Credits: Storygraph

StoryGraph is anAndroid and iOS app that lets you track your reading and get personalized recommendations. You can mix and match the app’s set of filters to find your next perfect read. The app offers many reading challenges, such as reading one book from every country in the world or reading one book per week across several genres. StoryGraph also includes a built-in reading journal and annual reading and page goals.

The app’s rating system is unique because it gives users a series of questions that the platform will then use when recommending a book to another user. For example, if you say that the book you read would be good for someone who likes emotional and fast-paced novels, StoryGraph may recommend that book to someone who is looking for such a read. The rating system also lets you rate using full, half or quarter stars, unlike Goodreads, which only lets you rate on a full-star system.

StoryGraph is great for people who want something kind of similar to Goodreads. The app is free-to-use, but also offers a $4.99 per month subscription plan that unlocks additional features, such as advanced stats and more personalized suggestions.

Tertulia

Tertulia is a somewhat new iPhone app that differentiates itself from other similar book discovery platforms by using machine learning to scan online discussions to see what books people are talking about. The app starts off by asking you to specify what kinds of books you want to read. You can choose to get recommendations from people you follow on Twitter, along with fiction authors, feminist voices, journalists, book critics, scientists and more. Then, the app will serve you daily recommendations tailored to your interests, which improve the more you engage with books on the app.

The app lets you browse books that are currently popular, while also helping you keep track of what you want to read. If you find a book that interests you, you can purchase it directly from the app if you live in the United States. Tertulia’s app is easy-to-use and features an intuitive browsing experience.

Tertulia is great for people who want to discover what books are currently popular across social media, podcasts and the web. The app is free-to-use and is launching on Android soon.

Basmo

Image Credits: Basmo

Basmo is an Android and iOS app that is designed to help you create a reading habit while also tracking your books. The app is mainly geared toward people who want to become a better and more efficient reader. Basmo tracks the time you spend reading and gives you an overview of your overall reading progress. You can also create a personalized reading schedule to help you easily tackle your goals one page at a time.

As you read, you can use Basmo to digitally scribble your thoughts and ideas about parts of a book that you find interesting. You can also scan and highlight your favorite passages as you read. Once you finish a book, you can track how it made you feel. For example, you can note if the book made you feel excited, happy, angry, bored or confused.

The app is great for people who don’t care about the social or community aspects of reading, and instead want to focus on their goals and progress. Basmo is free-to-use with standard features. The app also offers a $5 per month subscription that unlocks unlimited functionality and additional features.

Readerly

Image Credits: Readerly

Readerly is an Android and iOS book discovery app that helps you track your reading and find new books. Unlike every other app in this roundup, Readerly doesn’t include a 5-star rating system. Instead, the app provides context with every review that shows you how much your tastes overlap with the reviewer, books you’ve both read and topics you both enjoy. The point of this is to prevent you from possibly passing over a book that you may actually end up liking, regardless of what it’s rated on another platform.

The app also moves away from long reviews and instead has Gists, which are the app’s short review format. Gists essentially get users to write a TL;DR version of a review in 200 characters or less. Gists are then turned into an Instagram Stories-like format. Once you’ve created your Gist, you can add additional slides with your favorite quotes, characters or other additional information that you think others might find helpful. In terms of book discovery, the app will surface Gists from readers with similar reading tastes as you.

Readerly is great for people who want to try a unique book discovery platform. The app is free-to-use, and also offers a $2.99 monthly subscription fee for users who want to support the new platform and receive personalized ratings.

TBR Bookshelf

Image Credits: TBR bookshelf

TBR Bookshelf is a fairly new iOS app that is mainly catered toward #BookTok, a popular TikTok sub-community focused on popular books and literature. The app offers a simple and decluttered user interface. Like other book tracking apps, TBR Bookshelf lets you track books you’ve read, want to read and are currently reading. The app’s rating system lets you outline your favorite characters and quotes. You can also note if you reread a book or if you didn’t finish a book at all.

The app has specific rating categories for different genres that go beyond star ratings. For example, if you are rating a self-help book, you can give it separate ratings based on how inspirational and helpful it was. Or, if you’re rating a classic book, you can give it different ratings based on how heartfelt and interesting it was.

TBR Bookshelf is a good app for people who are part of #BookTok, as many of the features are geared toward these users. The app is free-to-use, but also offers a $4.99 monthly subscription that unlocks extra features, including things like seasonal ratings, book playlists and TV show and movie adaption ratings.

5 of the best apps to track your reading and discover new books by Aisha Malik originally published on TechCrunch

Netflix vs. Hulu: Which offers better value?

As streaming services continue to hike their prices, cord-cutters have found it harder to manage their growing subscription bills. Hulu was the most recent to announce a price increase, along with Disney+.

Netflix has always charged more than its competitors– January 2022 was the most recent time it raised its prices. However, now that Netflix launched a cheaper ad-supported tier, it’s possible more consumers will want to switch over to the platform.

Price increases aside, there’s a lot to love about both Hulu and Netflix. However, some subscribers may have to make the hard choice of dropping one over the other. Here are our thoughts on Netflix versus Hulu and why we think each streaming service is the best bang for your buck.

Netflix’s Original Content Library is More Robust

Netflix has been in the streaming business for 15 years, so of course, it has a substantial content library, with its original titles being the biggest driver for subscriber growth.

From hits like “Wednesday,” “Squid Game,” “Stranger Things,” “Bridgerton” and “Ozark” to big-budget films featuring various A-listers like Ryan Gosling and Chris Evans in “The Gray Man,” the entertainment options are almost endless. Netflix also has distribution rights to the majority of movie studios as well as TV programming like “Good Girls” from NBC, “Shameless” from Showtime and more.

Hulu’s original contentis nothing to sneeze at, with top titles include “The Handmaid’s Tale,” “Only Murder in the Building,” “The Dropout,” “Nine Perfect Strangers,” “Tell Me Lies” and others. While the streamer has some bingeable originals, the library isn’t nearly as deep as Netflix’s.

Image Credits: Netflix

Netflix’s binge-streaming model is another major reason subscribers enjoy the service. For most titles, the streaming service uploads an entire season of shows versus rolling one episode out per week like Hulu.

In 2022, Netflix won 26 Emmys after being nominated for 105. “Squid Game” made history as the first-ever non-English series to win the Outstanding Drama category. For comparison, Hulu only won 10 Emmys after being nominated 58 times—which was a new record of noms for the streamer.

Another way Netflix sets itself apart from Hulu is its selection of interactive series like “Bandersnatch,” “Cat Burglar,” “Trivia Quest” and the latest trivia series, “Triviaverse.”

Netflix is also expanding into cinematicfranchises, something Hulu has yet to fully accomplish. Netflix confirmed “The Gray Man” sequel and spin-off show as well as a spin-off “Stranger Things” series. The streaming giant also acquired the rights to “Glass Onion: A Knives Out Mystery” and “Knives Out 3” for a reported$450 million.

Image Credits: Netflix

Plus, the company will make reality TV history with its upcoming competition series “Squid Game: The Challenge,” which will have 456 contestants– the biggest-ever reality TV cast.

While we’re on the topic of reality TV, we’d like to add that Netflix has been missing the bar in the category. For instance, the unscripted series “Is It Cake?” received a low audience score of40% on Rotten Tomatoes. And while the dating show “Love is Blind” was a hit for the service, its show “The Ultimatum: Marry or Move On” had a Rotten Tomatoes audience score of 11%.

So, even though Netflix pumps out addicting true crime, dramas, documentaries, and stand-up comedies, the streamer has been scrutinized for its reality TV offering.

Hulu is Better for Reality TV Fans

Hulu arguably has one of the best reality TV offerings, next to Discovery+. Hulu’s “The Kardashians” and “The D’Amelio Show” have done well for the streamer, and the biggest draw is the large selection of traditional TV shows, which Netflix lacks.

Hulu’s vast TV catalog is thanks to ties toABC, FX, Fox, Food Network, Freeform, TLC, and many other content partnerships. The streaming service did take a serious blow when it lost its licensing agreements for next-day episodes of NBC and Bravo shows;Peacock now owns the exclusive rights to next-day access for those. Hulu was forced to remove on-demand episodes of shows like “Saturday Night Live” and “The Voice.” However, it still has rights to older titles such as “Law & Order SVU,” “Friday Night Lights” and “30 Rock,” among others.

Image Credits: Hulu

Plus, if you opt for Hulu Live TV, you can get a roster of 75+ live channels like Bravo, Comedy Central, E!, Freeform, Hallmark Channel, Lifetime, MTV, Disney Channel, Nickelodeon, Discovery, History, National Geographic, ESPN, CNN, Fox News, ABC News and more.

Netflix’s Ad-Supported Plan is Hulu’s Newest Competitor

Ever since Netflix launched its low-cost ad-supported plan earlier this month, Hulu and other ad-supported streaming services have faced stiffer competition.

Netflix’s new “Basic with Ads” plan costs $6.99 per month, which is a little cheaper than Hulu’s $7.99/month ad plan. Netflix also has a Standard plan for $15.50 per month, which is comparable to Hulu’s $14.99/month ad-free plan.

Netflix promises roughly 4 to 5 minutes of commercials per hour of content, and ads are only 15 to 30 seconds long. Also, new Netflix movies only get pre-roll ads, whereas older movies get mid-roll ads and pre-roll. Which is on par with Hulu.

Netflix’s cheaper plan does come with its downsides — aside from sitting through ads. Not only is there lower quality 720p video, but also viewers can only stream from one device at a time, and offline viewing isn’t available.

Hulu’s ad plan doesn’t support offline viewing either, however, it has the option to watch videos up to 1080p, with select content available in 4K. To watch Netflix content in 4K, subscribers must pay $19.99/month for the premium plan.

Also, Hulu’s ad plan lets subscribers stream with two devices at a time, whereas Netflix’s “Basic with Ads” only allows one simultaneous device.

Most notably, Netflix subscribers don’t have access to approximately 5% to 10% of Netflix’s content catalog due to licensing restrictions. The company noted that it is working on re-negotiating with studios to bring more content to the ad-supported tier.

Hulu also has licensing issues with one of its ABC shows—“Grey’s Anatomy”—so, even on the ad-free plan, the show still has ads. Hulu Live TV’s ad-free tier also shows ads with some on-demand titles.

Hulu’s Disney Bundle is a Great Value

The Disney Bundle, which combines Disney+, ESPN+ and Hulu at a discounted rate, gives your entire household a broad range of entertainment, such as on-demand movies and TV shows, sports programming and original content at a great price.

As of late 2022, the bundled plan with ESPN+, Disney+ and Hulu with ads is $14.99 per month, and the Disney bundle with ad-free Hulu, Disney+ and ESPN+ is $19.99 per month.

Hulu Has Add-On Channels

Hulu’s premium add-on channels are an optional cherry on top. Subscribers have the option to add on premium subscriptions: HBO, Showtime, Cinemax, and STARZ for additional fees ranging from $8.99 to $14.99 per month.

If you have Hulu Live TV, you can also get add-ons for as low as $4.99/month. Add-ons include Español channels, Entertainment and Sports. Hulu Live TV subscribers can also pay an additional $9.99/month to stream on an unlimited number of supported devices at the same time.

Netflix doesn’t offer add-ons.

And the Winner is…

That’s up for you to decide. If you value a large, unique content library and prefer having the option to stream every episode of your favorite show in one weekend, Netflix is your winner. If you value having access to a variety of traditional TV shows, especially reality TV programming, and bundling or including additional subscription services to your plan, then Hulu is for you.

Which one will you choose– Netflix or Hulu?

Netflix vs. Hulu: Which offers better value? by Lauren Forristal originally published on TechCrunch

5 promising fusion startups that aren’t unicorns — yet

The biggest news last week wasn’t another of Elon Musk’s Twitter tantrums, but the announcement that scientists had finally cracked one of fusion power’s biggest challenges — successfully getting more energy out of a controlled fusion reaction than they had put in.

Fusion power, which has always seemed like science fiction and just about as plausible, suddenly took a very tangible step toward reality.

That doesn’t mean that anyone is going to hook a fusion power plant up to the grid tomorrow or even in 10 years. But it does give a boost to a field that’s been brimming with confidence of late. A confluence of advances has led to a tidal wave of startups and investments. In the last year alone, investors bet $2.7 billion on fusion startups.

Many of those investments have been part of enormous rounds raising hundreds of millions of dollars in capital. No surprise — fusion power is hard tech, and it’ll take concerted research and developments over many years to bring it to fruition.

But what if you’re an investor who doesn’t have tens of millions in dry powder earmarked for fusion? Thankfully, not all fusion startups are unicorns. There are lots of new companies chasing novel ideas for power plants as well as software companies and suppliers hoping to build the supply chain for what could be a $40 trillion industry, according to Bloomberg Intelligence.

Here are five companies that we’re keeping an eye on.

5 promising fusion startups that aren’t unicorns — yet by Tim De Chant originally published on TechCrunch

Meet the cybercriminals of 2022

Arrested, seized, doxed and detained. These are just some of the ways police and prosecutors around the world took down the biggest cyber-crime operations of the year, even if it meant resorting to new and unconventional eyebrow-raising methods. From stashing billions of bitcoin under the floorboards to teenage hackers gatecrashing Fortune 500 networks, this year saw some of the most jaw-dropping breaches — and the highest-profile apprehensions.

As we close out 2022, we look back at the cybercriminals we lost this year… to the law.

Sanctions and seizures hit the crypto scene

U.S. officials scored some major wins against crypto-laundering in 2022. At the beginning of the year, the Justice Department said it had seized more than $3.6 billion worth of bitcoins allegedly stolen in the 2016 hack of crypto exchange Bitfinex, and that it had arrested a married couple suspected of laundering the money.

The couple — Ilya Lichtenstein, 34, and Heather Morgan, 31 — face up to 25 years in prison if convicted on charges of conspiring to launder money and defrauding the U.S. government.

Later in the year, the Office of Foreign Asset Control (OFAC), a watchdog within the U.S. Treasury tasked with enforcing sanctions violations, announced that it had sanctioned decentralized cryptocurrency mixing service Tornado Cash for its role in enabling billions of dollars’ worth of cryptocurrency to be laundered through its platform.

Tornado Cash, along with other mixers such as AlphaBay, allows customers to conceal the source of their crypto funds when participating in a transaction in exchange for a fee. It blends potentially identifiable or tainted cryptocurrency funds with others to obfuscate the source and destination of crypto assets. More than $1.5 billion in proceeds of crime, like ransomware and fraud, has been laundered through Tornado Cash to date, experts estimate.

U.S. doxes alleged Conti ransomware member

In August, the U.S government shared an image of a suspected Conti ransomware operator known as “Target,” the first time it has outed a major ransomware actor. The program also offered up to $10 million for information leading to the identification and location of Target, along with four other alleged Conti members known as “Tramp,” “Dandis,” “Professor” and “Reshaev.”

The State Department said Conti has carried out more than 1,000 ransomware operations targeting U.S. and international critical infrastructure. Most recently, the gang infiltrated 27 government institutions in Costa Rica and demanded a $20 million ransom.

Image Credits: State Department (handout)

Another gang dealt a devastating hit in 2022 was Netwalker, a ransomware gang that has been linked to numerous high-profile incidents including an attack on the University of California San Francisco, which paid a ransom demand of more than $1 million, and an attack targeting cyberthreat startup Cygilant. Between August 2019 and January 2021, ransomware attacks involving NetWalker pulled $46 million in ransom payments, according to cryptocurrency analysis firm Chainalysis.

In October, Sebastien Vachon-Desjardins, a 34-year-old from Quebec, was sentenced in a Florida court in October after pleading guilty to charges related to his involvement with NetWalker. Vachon-Desjardins, who worked as an IT consultant for Public Works and Government Services in Canada, was previously arrested by Canadian police in January 2021 and sentenced to seven years in prison. During a search of his home, law enforcement officials discovered and seized 719 bitcoin and $790,000 in Canadian currency.

James Zhong, the hacker who stole billions of Silk Road’s bitcoin

In a surprising yet anticlimactic conclusion to one of the government’s longest running cyber cases, the mystery of the notorious dark web drugs marketplace Silk Road’s missing billions was solved. In November, U.S. federal agents said it found $3.36 billion worth of bitcoin that had been stashed in a popcorn can under the bathroom closet floorboards in the home of the hacker nearly a decade earlier. Prosecutors brought charges against the hacker, a Georgia resident named James Zhong, whose plea agreement with the feds saw him forfeit the huge cache of cryptocurrency, along with $600,000 in cash and other precious metals.

Somewhat confusingly, Zhong is the second hacker to have ultimately turned over Silk Road’s stolen billions — albeit at a lower exchange rate than today. In 2020, a hacker who went by the alias Individual X forfeited another huge cache of Silk Road’s bitcoin that they had stolen years earlier during a hacking spree over 2012 and 2013. The Justice Department’s latest forfeiture closed the door on another billion-dollar mystery, even if the feds kept secret how the funds were stolen or how they came to find the hacker, long after Silk Road’s founder Ross Ulbricht was jailed.

The partial contents of the popcorn can, containing memory cards with billions of cryptocurrency and other precious metals. Image Credits: Justice Dept. (handout)

Raccoon Stealer operator charged over mass password theft

U.S. officials in October charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide. Mark Sokolovsky, who goes by the online handle “raccoonstealer,” is accused of having a major role as a key administrator of the malware, which prosecutors says was used to steal more than 50 million unique credentials and forms of identification from victims around the world since February 2019.

Sokolovsky is charged with computer fraud, wire fraud, money laundering and identity theft and faces up to 20 years in prison if found guilty. Sokolovsky is in Amsterdam awaiting extradition to the United States.

Sokolvsky’s arrest led to an uptick in new Mars Stealer campaigns, including the mass-targeting of Ukraine in the weeks following Russia’s invasion, and a large-scale effort to infect victims by malicious ads. However, in November, a security research and hacking startup told TechCrunch that it had found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims.

​​Seller of WhatsApp-hacking tech pleads guilty

Signal jammers, Wi-Fi interception tools, and WhatsApp hacking tools. These are some of the things that one Mexican businessman admitted in federal court to selling for both commercial and personal reasons. The Justice Department accused Carlos Guerrero of, among other things, arranging the sale of hacking tools to Mexican politicians, and using other equipment he sold to intercept the phone calls of a U.S. rival. It goes to show that it’s not just nation states and governments with powerful phone spying technology at their disposal.

Lapsus$ rounded up once, twice

The Lapsus$ gang rose to notoriety in 2022. The data extortion group, which first emerged a year earlier, quickly claimed a number of high-profile victims, including Okta, Microsoft, Nvidia and Samsung.

While the gang once seemed invincible, a number of its members were arrested in March this year. In a statement given to TechCrunch at the time, City of London Police confirmed that seven people between the ages of 16 and 21 had been arrested in connection with Lapsus$.

News of the arrests came just hours after a Bloomberg report revealed a teenager based in Oxfordshire, U.K. is suspected of being the mastermind of the Lapsus$ group. Researchers investigating the gang’s recent hacks said they believed the 16-year-old, who uses the online moniker “White” or “Breachbase,” was a leading figure in Lapsus$, and Bloomberg was able to track down the suspected hacker after his personal information was published online by rival hackers. Weeks later, U.K. police said they had charged two of the teenagers with multiple cyber offenses.

SSNDOB, a marketplace for stolen Social Security numbers, is no more

U.S. officials in June announced the takedown of SSNDOB, a notorious marketplace used for trading the personal information — including Social Security numbers, or SSNs — of millions of Americans.

The landmark operation was carried out by the FBI, IRS and the DOJ, with help from the Cyprus Police, and saw authorities seize four domains hosting the SSNDOB marketplace.

SSNDOB listed the personal information for approximately 24 million individuals in the United States, including names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue, according to prosecutors. Chainalysis reported separately that the marketplace has received nearly $22 million worth of bitcoin across over 100,000 transactions since April 2015, though the marketplace is believed to have been active for several years prior to its eventual seizure.

The FBI’s seizure notice on SSNDOB, shortly after the site was taken down by federal authorities. Image Credits: TechCrunch (screenshot)

Ex-Amazon engineer convicted of Capital One data heist

Also in June, Paige Thompson, a former engineer in Amazon’s cloud division, was convicted of a breach that compromised the personal and financial information of 100 million CapitalOne customers in 2019. The breach was one of the biggest bank heists in U.S. history, which included the theft of credit scores, limits and balances, and also affected a million Canadians. Thompson was accused of using her knowledge as an Amazon software engineer to breach CapitalOne’s online cloud storage, hosted on Amazon’s servers, and compromising the cloud storage of several other companies, including Vodafone, Ford, and Ohio’s state motor vehicle agency. Prosecutors said the former Amazon engineer was “one bad day away from sharing the data she stole.” As such, Thompson was sentenced to time served, allowing her to avoid prison.

A major REvil operator was extradited to the United States

With a $10 million bounty on their heads after a brazen ransomware attack on Kaseya that spread to hundreds of its downstream customers, it was only a matter of time before the REvil ransomware group’s luck would run out. That’s what happened with Yaroslav Vasinskyi, a 22-year-old Ukrainian national, who was arrested in Poland in October and later arraigned and extradited to Dallas, Texas to face accusations of computer hacking and fraud by way of his alleged involvement with REvil. Vasinskyi is one of two other alleged REvil members charged by U.S. prosecutors in relation to the attack on Kaseya. It was only after the FBI recovered the decryption key that victims were able to gain access back to their encrypted files.

U.K. arrest teenagers linked to Uber and GTA hacks

In September, police in London confirmed that a 17-year-old teenager suspected of involvement in high-profile breaches at ride-hailing giant Uber and Rockstar Games had been charged with multiple counts of computer misuse and breaches of bail.

These hacks were two of the most high-profile of 2022. Uber, which said it believed a hacker affiliated with Lapsus$ was responsible for the attack, was forced to take several of its internal tools offline while it expelled the hacker from its network. Shortly before Uber’s Slack system was taken offline, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The hacker also reportedly said that Uber drivers should receive higher pay.

In the case of Rockstar Games, the attacker — who also goes by the alias “TeaPot” — claimed to have gained access to Rockstar Games’ internal messages on Slack and early code for an unannounced Grand Theft Auto sequel by gaining access to an employee’s login credentials.

Meet the cybercriminals of 2022 by Zack Whittaker originally published on TechCrunch

2022’s best and worst dinner guests: Elon Musk and SBF

What. A. Year.

Hello and welcome back toEquity, a podcast about the business of startups, where we unpack the numbers and nuance behind the headlines.

In honor of 2022 finally coming to a close, the Equity crew is getting reflective. We dug through the archives, and this week, we’re listening back to Alex, Natasha and Mary Ann’s coverage of the biggest stories of the year as they unfolded.

Here’s what the trio got into with help from guest hosts, Becca Szkutak and Anita Ramaswamy:

How Alex jinxed us from the start when he asked for more tech drama (TC+)
Early signs of the downturn to come with Better.com and the human cost of layoffs
The will-they-won’t-they courtship of Elon Musk and Twitter
The downfall of FTX (TC+) and why you should never let FOMO guide your investments (TC+)

Some of these stories are still evolving as we type, but don’t fret – we’ll catch you up in the new year.

Of course, we can’t sign off without saying thank you to all of you for sticking by us during this rollercoaster of a year, and we can’t wait to see you in 2023!

Equity drops at 7 a.m. PT every Monday, Wednesday and Friday, so subscribe to us on Apple Podcasts, Overcast,Spotify and all the casts. TechCrunch also has a great show on crypto, a show that interviews founders, one that details how our stories come together, and more!

2022’s best and worst dinner guests: Elon Musk and SBF by Theresa Loconsolo originally published on TechCrunch

5 tips for dealing with Day 2 Kubernetes operational challenges

Kubernetes is a wonderful but complex software that can present significant “Day Two” challenges when put into production.

Developers who are new to Kubernetes — and most are — face a large knowledge gap when they look to sustain and optimize Kubernetes clusters.

In this piece, I will share several ways to address problems as they arise.

Optimize your Kubernetes cluster for cost

As adoption of Kubernetes rises, the need for applications and engineers to access clusters is also growing. However, it is neither feasible nor cost-efficient to always use entire physical clusters to achieve this goal.

Virtual clusters are a great way to reduce costs. In a scenario of 100 developers, we calculated up to 78% savings by using open source virtual clusters.

Leveraging virtual clusters with open source software such as VirtualCluster or vcluster lets Kubernetes operators can run multiple virtual clusters within a single physical cluster, thereby increasing the tenancy of each. By utilizing computing resources via this more communal method, organizations can save on computing costs as opposed to operating entirely separate Kubernetes clusters.

Increase tenant isolation

By leveraging policy engines, it’s possible to implement software security guardrails on your cloud-native Kubernetes infrastructure.

Another great benefit of virtual clusters is that they are isolated from other users on the cluster. This gives each user their own workspace that looks and feels exactly like a physical Kubernetes cluster.

In addition, virtual clusters enable a stricter form of multitenancy compared to namespace-based multitenancy. One of the main concerns with namespace-based multitenancy is that it cannot contain cluster-scoped resources. Many applications must create, or at least access, cluster-scoped resources like nodes, cluster roles, persistent volumes and storage classes.

Virtual clusters also provide security benefits by increasing the isolation in multitenancy clusters via:

Full control-plane isolation.
Domain Name System (DNS) isolation.
Resources created on a single namespace.

Organizations seeking a solution for multitenant applications that provide greater isolation for resources shared among their clusters should consider virtual clusters as an option. On top of saving costs and being simpler to deploy, they are also easier to manage than physical clusters.

Provide integrated development environments

5 tips for dealing with Day 2 Kubernetes operational challenges by Ram Iyer originally published on TechCrunch

Inside Matrix, the protocol that might finally make messaging apps interoperable

Interoperability and decentralization have been major themes in tech this year, driven in large part by mounting regulation, societal and industrial pressure, and the hype trains that are crypto and web3. That rising tide is lifting other boats: an open standards-based communication protocol called Matrix — which is playing a part in bringing interoperability to another proprietary part of our digital lives: messaging.

The number of people on the Matrix network doubled in size this year, according to Matthew Hodgson, one of Matrix’s co-creators — a notable, if modest, boost to 80.3 million users (that number may be higher: not all Matrix deployments “phone home” stats to Matrix.org).

While the bulk of all this activity has been in enterprise communications, it looks like mainstream consumer platforms might now also be taking notice.

Some sleuthing from engineer and app researcher Jane Manchun Wong unearthed evidence that Reddit is experimenting with Matrix for its Chat feature — a move more or less confirmed to TechCrunch by Reddit. A spokesperson said that it’s “looking at a number ways to improve conversations on Reddit” and was “testing a number of options,” though they stopped short of name-checking Matrix specifically.

Given the bigger swing in support of interoperability — it’s happening also indigital wallets and maps— a closer look at Matrix gives some insight into how we got here.

In the beginning

View from above hands holding mobile phones Image Credits: Malte Mueller / Getty

Anyone who has ever sent an SMS or email won’t have considered for a second what network, service provider, or messaging client their intended recipient used. The main reason is that it doesn’t really matter — T-Mobile and Verizon customers can text each other just fine, while Gmail and Outlook users have no problems emailing each other.

But that wasn’t always the case. In the earliest days of electronic mail, you could only message users on the same network. And as mobile phones proliferated throughout the 1990s, people initially couldn’t message their friends if they were on a different mobile network. Europe and Asia led the charge on interoperability, and by the start of the millennium the big North American telcos also realized they could unlock a veritable goldmine if they allowed consumers to message their friends on rival networks. It was a win-win for everyone.

Fast forward to the modern smartphone age, and while email hasn’t exactly gone the way of the dodo and SMS is still stuttering along, the preeminent communication tools of today aren’t nearly as friendly with each other. Those looking to embrace independent privacy-focused messaging apps such as Signal will hit a brick wall when they realize that literally all their pals are using WhatsApp. Or iMessage. Or Telegram. Or Viber… you get the picture.

This trend permeates the enterprise realm, too. If your work uses Slack, good luck sending a message to your buddy across town forced to use Microsoft Teams, while those in human resources shoehorned onto Meta’s Workplace can think again about DM-ing their sales’ colleagues along the corridor using Salesforce Chatter.

This is nothing new, of course, but the issue of interoperability in the online messaging sphere has come sharply into focus in 2022. Europe is pushing ahead with rules to force interoperability and portability between online platforms via the Digital Markets Act (DMA), while the U.S. has similar plansvia the ACCESS Act.

Meanwhile,Elon Musk’s arrival at Twitterhas driven awareness of alternatives such as Mastodon, the so-called “open source Twitter alternative” that shot past 2 million users off the back of the chaos at Twitter. Mastodon is powered by the open ActivityPub protocoland is built around the concept of thefediverse: a decentralized network of interconnected servers that allow different ActivityPub-powered services to communicate with each other. Tumblr recently revealed that it intends to support the ActivityPub protocol in the future, while Flickr CEO Don MacAskill polled his Twitter followers on whether the photo-hosting platform and community should also adopt ActivityPub.

But despite all the hullaballoo and hype around interoperability spurred by the Twitter circus in recent weeks, there was already a quiet-but-growing movement in this direction, a movement driven by enterprises and governments seeking to avoid vendor lock-in and garner greater control of their data stack.

Enter the Matrix

Element founders and Matrix co-creators Matthew Hodgson and Amandine Le Pape Image Credits: Element

Matrix was developed inside software and services company Amdocs back in 2014, spearheaded byHodgsonandAmandine Le Papewho later left the company to focus entirely on growing Matrix as an independent open source project. They also sought to commercialize Matrix through a company called New Vector, which developed a Matrix hosting service and aSlack alternative app called Riot. In 2018, Hodgson and Le Pape launched the Matrix.org Foundation to serve as a legal entity and guardian for all-things Matrix, including protecting its intellectual property, managing donations, and pushing the protocol forward.

The flagship commercial implementation of Matrix was rebranded as Element a little more than two years ago, and today Element — backed by Automattic, Dawn Capital, Notion, Protocol Labs and others — is used by a host of organizations looking for a federated alternative to the big-name incumbents sold by U.S. tech giants.

Element itself is open source and promises end-to-end encryption, while its customers can access the usual cross-platform features most would expect from a team collaboration product, including group messaging and voice and video chat.

Element in action Image Credits: Element

Element can also be hosted on companies’ own infrastructure, circumventing concerns about how their data may be (mis)used on third-party servers, ensuring they remain in control of their full data stack — a deal maker or breaker for entities that host sensitive data.

A growing array of regulations, particularly in Europe, are forcing Big Tech to pay attention to data sovereignty, with the likes of Google partnering with Deutsche Telekom’s IT services and consulting subsidiary T-Systems last year to offer German companies a “sovereign cloud” for their sensitive data.

This regulatory push, alongside growing expectations around data sovereignty, has been a boon for the Matrix protocol. Last year, the agency responsible for digitalizing Germany’s health care system revealed that it was transitioning to Matrix, ensuring that the 150,000 individual entities that constitute the health care industry such as hospitals, clinics, and insurance companies, could communicate with each other regardless of what Matrix-based app they used.

This builds on existing Matrix implementations elsewhere, including inside the French government via the Tchap team collaboration platform, as well as the German armed forces Bundeswehr.

“The pendulum has been clearly swinging towards decentralization for quite a while,” Hodgson explained to TechCrunch. “We’re now seeing serious use of Matrix-based decentralized communications across or within the French, German, U.K, Swedish, Finnish and U.S governments, as well as the likes of NATO and adjacent organisations.”

Back in May, open source enterprise messaging platform Rocket.Chat revealed that it would be transitioning to the Matrix protocol. While this process is still ongoing, this represented a major coup for the Matrix movement, given that Rocket.Chat claims some 12 million users across major organizations such as Audi, Continental, and Germany’s national railway company, The Deutsche Bahn.

“We believe that the value of any messaging platform grows based on its ability to connect with other platforms,” a Rocket.Chat spokesperson told TechCrunch. “We put a lot of effort into connecting Rocket.Chat with other platforms. We don’t have to worry about what client we use when emailing each other, and the same should be true when we’re messaging each other.”

Rocket.chat Image Credits: Rocket.chat

What’s perhaps most interesting about all this is that it runs contrary to the path that traditional consumer and enterprise social networks, and team collaboration tools, have taken.

Slack, Facebook, Microsoft Teams, WhatsApp, Twitter, and all the rest are all about harnessing the network effect, where a product’s value is intrinsically linked to the number of users on it. People, ultimately, want to be where their friends and work colleagues are, which inevitably means sticking with a social network they don’t particularly like, or using multiple different apps simultaneously.

Open and interoperable protocols support a new breed of business that’s cognizant of the growing demand for something that doesn’t lock users in.

“Our goal is not to force people to use Rocket.Chat in order to communicate with each other,” Rocket.Chat’s spokesperson continued. “Rather, our goal is to enable organizations to collaborate securely and connect with other organizations and individuals across the platforms of their choosing.”

Bridging the divide

The Matrix protocol also supports non-native interoperability through a technique called “bridging,” which ushers in support for non-Matrix apps, including WhatsApp, Telegram, and Signal. Element itself offers bridging as part of a consumer-focused subscription product called Element One, where users pay $5 per month to bring all their friends together into a single interface — irrespective of what app they use.

Element One subscribers can bring different messaging apps together Image Credits: The Matrix Foundation

This is enabled through publicly available APIs created by the tech companies themselves. However, terms of use are typically restrictive with regards to how they can be used by competing apps, while they may also enforce rate-limits or usage costs.

Bridging as it stands sits somewhere in a grey area from a “is this allowed?” perspective. But with the world’s regulatory eyes laser-focused on Big Tech’s stranglehold on online communications, the companies perhaps don’t enforce all their T&Cs too rigorously.

The DMA came into force in Europe last month — though it won’t officially become applicable until next May — and it has specific provisions for interoperability and data portability. At that point, we’ll perhaps start to see how the Big Tech “gatekeepers” of the world plan to support the new regulations. In reality, what we’re talking about are open APIs that “formally” permit smaller third-parties to integrate and communicate with their Big Tech brethren. This doesn’t necessarily mean that such APIs will be slick and easy-to-use with clear documentation though, and we can probably expect some deliberate heel-dragging and hurdles along the way.

Compliance

WhatsApp and Facebook application displayed on a iPhone Image Credits: Justin Sullivan/Getty Images

Popular messaging apps such as WhatsApp, while offering end-to-end encryption, weren’t designed for enterprise or governmental use-cases as they don’t allow organizations to easily manage any of their messaging data — yet such apps are widely used in such scenarios. Back in July, the U.K.’s Information Commissioner’s Office (ICO) called for a government review into the risks around “private correspondence channels” such as personal email accounts and WhatsApp, noting that such usage lacked “clear controls” and could lead to the loss of key information being “lost or insecurely handled.”

“I understand the value of instant communication that something like WhatsApp can bring, particularly during the pandemic where officials were forced to make quick decisions and work to meet varying demands,” U.K. information commissioner John Edwards said in a statement at the time. “However, the price of using these methods, although not against the law, must not result in a lack of transparency and inadequate data security. Public officials should be able to show their workings, for both record keeping purposes and to maintain public confidence. That is how trust in those decisions is secured and lessons are learnt for the future.”

In the business realm, meanwhile, the U.S. Securities and Exchange Commission (SEC) recently settled with 16 Wall Street firms for $1.1 billion over “widespread recordkeeping failures” related to their use of private messaging apps such as WhatsApp.

“Finance, ultimately, depends on trust,” SEC Chair Gary Gensler said at the time. “Since the 1930s, such record keeping has been vital to preserve market integrity. As technology changes, it’s even more important that registrants appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications.”

Maintaining an accurate paper trail, and ensuring that politicians and businesses are accountable for their actions, is the name of the game — a level of control that something like the Matrix protocol promises. However, mandating that every company over a certain size — as the DMA regulation does — has to make their software interoperable with others raises a bunch of questions around privacy, security, and the broader user experience.

The encryption elephant in the room

Concept illustration of “elephant in the room” Image Credits: Klyaksun / Getty Images

As Casey Newton has noted over at The Platformer on more than one occasion, Europe’s new interoperability regulations come with several pitfalls, chief among them, perhaps, being the hurdles they will create for end-to-end encryption — that is, ensuring that data remains encrypted and impossible to decode while in transit.

End-to-end encryption is a huge selling point for the big technology companies of today, one that WhatsApp hollers from the rooftops. But making this work between different platforms built by different companies is not exactly easy, and many — if not most — experts on the subject say that it’s not possible to enforce a truly secure, interoperable messaging infrastructure that doesn’t compromise encryption in some way.

WhatsApp can control — and therefore promise — end-to-end encryption on its own platform. But if billions of messages are flying between WhatsApp and countless other applications run by other companies, WhatsApp can’t really know what’s happening to these messages once they leave WhatsApp.

Ultimately, no two services deploy their encryption identically, a challenge that Hodgson acknowledges. “End-to-end encrypted platforms have to speak the same language from end-to-end,” he said.

In a blog post published earlier this year to address encryption concerns, the Matrix Foundation suggested some workarounds, including having all the big gatekeepers switch to the same “decentralized end-to-end protocol” (i.e. Matrix, unsurprisingly) which, by the Foundation’s own admission, would be a large undertaken — but one “we shouldn’t rule out,” it said.

To illustrate this point, Hodgson pointed to Element’s 2020 acquisition of Gitter, a developer-focused community and chat platform purchased from GitLab and used by big-name companies including Google, Microsoft, and Amazon. Within two months of closing the deal, Element had introduced native Matrix connectivity to Gitter.

Coordinating such a transition on a Facebook, Google, or Apple scale would be an entirely different proposition, of course, one that could cause all manner of knock-on chaos. In a blog post earlier this year, cryptography and security expert Alec Muffett suggested that messaging apps and social networks adhering to the same standard protocol would lead to “no practical differentiation” between different services.

“Imagine a world where Signal and Snapchat would have to interoperate — what would that look like?” Muffett asked TechCrunch rhetorically in a Q&A for this story. “Specifically, which features from one need to be presented on the other, and what are the educators which surround those features? And how would conflict in functionality be reconciled?”

This is why the Matrix Foundation proposed other potential solutions, such as adopting a TLS certificate-style warning, where the user is alerted to the fact that their cross-service conversation is not fully protected. This is perhaps comparable to how Apple’s Messages app supports both encrypted iMessage texts, and (unencrypted) SMS. But according to Muffett, it would bring unnecessary complexity to the mix.

“Apart from any other reason that I could cite, there is any amount of user interface research which explains that security-pop-up-warnings are generally not understood and not heeded,” Muffett said. “There is tons of research to back this up — popup warnings are an ‘anti-pattern‘.”

The Matrix Foundation also proposed converting communication traffic between encryption languages in a “bridge,” though this would effectively mean having to break the encryption and re-encrypt the traffic safely somewhere.

“These bridges could be run client-side — for example, the Matrix iMessage bridge runs client-side on iPhone or Mac — or by using client-side open APIs to bridge between the apps locally within the phone itself,” Hodgson said. “Alternatively, they could be run server-side on hardware controlled by the user in a decentralized fashion, ensuring that the re-encryption happens in as secure an environment as possible, rather than on a vulnerable centralized server.”

There’s no escaping the fact that breaking encryption is far from ideal, irrespective of how a solution proposes to reconcile this. But perhaps more importantly, a robust solution for addressing the real encryption issues introduced by enforced interoperability doesn’t truly exist yet.

Despite that, Hodgson has said in the past that the upsides of the new EU regulations are greater than the downsides.

“On balance, we think that the benefits of mandating open APIs outweigh the risks that someone is going to run a vulnerable large-scale bridge and undermine everyone’s E2EE,” he wrote in May. “It’s better to have the option to be able to get at your data in the first place, than be held hostage in a walled garden.”

Tip of the iceberg

It’s worth noting that the Matrix protocol, while chiefly known for its presence in the messaging realm today, has other potential applications too. The Matrix Foundation recently announced Third Room, a decentralized and interoperable metaverse platform built on Matrix. This runs contrary to a potential future metaverse controlled by a handful of gatekeepers such as Facebook’s parent company Meta.

For now, Element remains the flagship poster-child of what a Matrix-powered world could look like. The company has secured some big-name customers already such as Mozilla, which is using Element as a fully-managed service, while Element said that it signed a $18 million four-year deal with another (unnamed) company this year. Meanwhile, it also has strategic backers, among them WordPress.com parent Automattic, which first invested $4.6 million in Element back in 2020, before returning for its $30 million Series B last year.

In many ways, the ground has never been so fertile for Matrix to flourish: it’s in the right place at the right time, as the world seeks an exit route from Big Tech’s clutches backed by at least a little regulation. And Twitter, too, has played more than a bit part in highlighting the downsides of centralized control, playing into the hands of all the companies banging the interoperability drum.

“The situation at Twitter has been absolutely amazing in terms of building awareness of the perils of centralization, providing a pivotal moment in helping users discover that we are entering a golden age of decentralization,” Hodgson said. “Just as many users have discovered that Mastodon is an increasingly viable decentralized alternative to Twitter, we’ve seen a massive halo effect of users discovering Matrix as a way to reclaim their independence over real-time communications such as messaging and VoIP — our long-term user base in particular is growing at its fastest ever rate.”

Inside Matrix, the protocol that might finally make messaging apps interoperable by Paul Sawers originally published on TechCrunch

Pin It on Pinterest