WP Pro Online

Here’s something that seems all but a guarantee: The way we purchase expensive electronics is going to change. Years after the U.S. began moving away from the carrier-based model of phone purchases, it seems as though we’re heading toward another sort of subscription model in the form of hardware as a service.

Even with that in mind, this is a strange one — though Nothing has made breaking from orthodoxy a central tenet of its existence since day one.

As we’ve known for some time, the Phone (1) wasn’t destined for the U.S. market — at least not through any traditional means. Today, however, the London-based firm announced it is available through a far less traditional route. “The United States represents a high potential market for Nothing and so the company is seeking to better understand users’ needs,” the company said in a note sent to TechCrunch.

The “Nothing OS 1.5 Beta” is a $299 program designed to help the company get a better grip on the world’s third-largest smartphone market — one that’s been notoriously difficult to crack. The price includes a Nothing phone that’s yours to keep, even after the program runs its course at the end of June.

Nothing notes:

Please note, the Phone (1)’s distributed are for testing purposes. Whilst these are final models, devices may not work with all US carriers. Since this is a Beta version of the software, users may experience some limitations. Please read the below FAQs before continuing.

Interested parties can sign up for the program starting today and save themselves ~$173 off the retail price. A little nothing for something, if you will.

Want the Nothing phone in the US? Be a beta by Brian Heater originally published on TechCrunch

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PST, subscribe here.

Haje is still dazed from spending a week deep in the bowels of Las Vegas for CES 2023 but is grateful to be back in the Daily Crunch saddle. Let’s see what’s happening in tech land! — Christine and Haje

The TechCrunch Top 3

More layoffs at Coinbase: Coinbase said it is going to cut another chunk of jobs, this time 20%, or 950 employees, and will abandon several projects, Manish reports. This is the crypto exchange’s second round of layoffs in seven months after cutting about 1,100 jobs in June.
Primed and ready: Amazon is going to expand its Buy with Prime service to the U.S. on January 31, Sarah writes. Buy with Prime’s delivery service is similar to Prime, but also includes “seamless checkout and easier returns, allowing merchants to establish their own direct relationships with customers.”
Chatting, but with a bot: Everyone’s ChatGPTing. Know how we know? Dubious ChatGPT apps are flooding the Apple App Store and Google Play Store. Ivan has more.

Startups and VC

German-based biotech company BioNTech — one of the big manufacturers of COVID-19 vaccines, among other things — is set to acquire InstaDeep, a Tunis-born and U.K.-based AI startup for up to £562 million (~$680 million) in its largest deal yet, Tage reports. The German vaccine maker intends to use InstaDeep’s machine learning to “improve its drug discovery process, including developing personalised treatments tailored to a patient’s cancer.”

Supermom, a parenting platform with 20 million users in six Southeast Asian countries, offers parents price comparisons, communities and the chance to earn money by completing surveys, Catherine reports. It gives brands a way to conduct market research and collect first-party data, which is important as marketers prepare for a post-cookie world.

And we have a smattering of additional stories for you:

Keeping an eye out — on the cheap: Frederic reports that Wyze launches its new $34 pan-and-tilt security camera.
Like tea, but functional: A brand-new “functional” tea brand, the Ryl Company, is steeped in cash with $6.7 million in new funding and is making its debut in Wegmans and Whole Foods, Christine reports.
Recycling the heat: Servers get hot, so why not use ’em for something useful? Qarnot creates green data centers by putting servers in central heating boilers, Romain reports. The company just raised $13 million to continue on its mission.
Like Etsy but Korean: Handmade goods marketplace Backpackr gears up to expand into Southeast Asia, reports Kate.
Better chat, with some ways to go: Anthropic’s Claude improves on ChatGPT, but it still suffers from limitations, Kyle reports.

A timeline for startup M&A processes: Key steps and factors to consider

“Not all companies are best positioned to go it alone, and that’s okay,” writes Vishal Lugani, general partner and co-founder at Acrew Capital.

In his detailed guide to the M&A process, Lugani offers a week-by-week deal timeline that breaks down every step between sourcing offers and post-close integration.

A lot can happen over the months it can take for a deal to close, so the article includes strategies for selecting an acquirer, maintaining product momentum, and managing your team (and investors!).

Three more from the TC+ team:

Hold on tight…: Salesforce turmoil continues into new year, as recent layoffs attest, Ron writes.
Gettin’ chatty: Some investors are (cautiously) implementing ChatGPT in their workflows, reports Natasha M, Christine, and Kyle.
Cookin’ on gas: Climate benefits of killing gas stoves aren’t what you think, but the health benefits are, Tim reports.

TechCrunch+ is our membership program that helps founders and startup teams get ahead of the pack. You can sign up here. Use code “DC” for a 15% discount on an annual subscription!

Big Tech Inc.

Some sources told Manish that OpenAI’s startup fund is in talks to invest in silicon chip bigwigs Sam Zeloof and Jim Keller, who started Atomic Semi to manufacture chips. And get this: the proposed $15 million investment will value the company at $100 million. Not too shabby, er, should we say silicon-y.

And we have five more for you:

Matchmaker, app-style: Scams do happen, especially when love is involved. Not a good look for Tinder and other Match dating apps, so they are offering in-app tips on avoiding romance scams, Lauren writes.
Even more layoffs: Data software company Scale AI is cutting 20% of its workforce, Kirsten reports. In a blog post, CEO Alexandr Wang pointed to aggressive hiring during good times, but “the macro environment has changed dramatically in recent quarters, which is something I failed to predict.”
In privacy news: Natasha L writes about Facebook’s data-scraping breach leading to an enforcement lawsuit in Ireland, while Europe quizzes TikTok on various topics, including data safety, disinformation and Digital Services Act compliance.
Windows 7 security is in the rearview mirror: Microsoft ends Windows 7 security updates,Zack reports.
Teen screen time: Instagram and Facebook are looking at its advertising to young users and will introduce more limits on targeting teens with ads, Taylor reports.

Daily Crunch: Citing ‘unscrupulous actors’ and market trends, Coinbase CEO lays off 950 workers by Christine Hall originally published on TechCrunch

Activity in the self-driving car industry, frenetic for years, has somewhat stalled in more recent times, but a handful of the most promising companies are continuing to see their businesses grow and attract investment in the process. In one of the more recent developments, Oxbotica, a startup out of England that develops software to power autonomous vehicles, has closed a Series C round of $140 million, money that it will be using to continue building out services for existing clients and to drum up new business in that wake.

The size of the round is big by any terms, but it’s a signal of how AI startups especially continue to fare well at the moment. It also shows the kinds of companies that are working with, and looking to back, startups breaking new ground in the space of autonomous driving.

The basic model for Oxbotica — eight years old and based out of Oxford, England — is B2B: It sells and customizes its autonomous software, which it dubs “Universal Autonomy,” for a range of enterprise customers. Its premise is that its flexible technology can power whatever it is that a customer needs: navigation, perception, user interfaces, fleet management or other features needed to run self-driving vehicles in multiple environments, regardless of the hardware being used and in integration with whatever other software its customers are using.

Underscoring its traction with that premise, this latest funding is coming from a mix of investors that include some of those strategic backers and customers. Japan’s Aioi Nissay Dowa Insurance Co., Ltd., and ENEOS Innovation Partners, the corporate VC of the mining conglomerate Eneos, are among its new investors; previous backers in this round include BGF, safety equipment group Halma, hospitality and recreation investor Hostplus, climate fund Kiko Ventures (IP Group), the online shopping company Ocado Group, internet giant Tencent, Venture Science and automotive component maker ZF. Several of these companies also invested in Oxbotica’s last round, a Series B in January 2021 of $47 million.

This round brings the total raised by Oxbotica to $225 million. The startup is not disclosing its valuation, but Paul Newman, the company’s CTO and co-founder, noted that the fact that it was one of the autonomous startups that’s raising big right now, and the current appetite for artificial intelligence startups that are building applications around their innovations, have contributed to a healthy number.

“You should take it to be in a space that investors are valuing greatly,” he said. At a moment when businesses, consumers, investors and startups themselves are reassessing things like self-driving technology through a more pragmatic lens, asking questions about unit economics and commercial and technical viability, Oxbotica, he said, has emerged as a leader in “the application of autonomy where the world needs it.”

That translated also into much shorter conversations with investors, the kind that are generally not happening across other sectors in tech. “It didn’t take that much time at all to show you can solve what is really needed versus what is not a problem at all,” CEO Gavin Jackson added. “It was a distinction investors understood quickly in the first 30 seconds of us talking to them.”

Indeed, while some of the more ambitious efforts around self-driving vehicles for consumers have been shelved or faced some tragic mishaps, it’s emerged that campus-style, closed environments where it’s either more dangerous and/or less efficient to employ humans to navigate vehicles have shaped up to be some of the most popular use cases for it and others building autonomous systems.

In addition to the industries of its strategic investors, other use cases where Oxbotica is building services include agriculture, airports, energy and shared passenger transportation.

Not to say that things are perfect. Some (and perhaps all) of its actual commercial deployments appear to be quite medium- to long-term. One of its big milestones from this year was in May 2022, when it ran Europe’s first zero-occupancy trial (note the word trial) on a publicly accessible road. It also worked on “metaverse-based testing” and forged alliances with insurance companies.

Newman admits what he described in our interview as “sticking points” that still need addressing in the very complex world of building autonomous vehicles and systems.

“It’s exhilarating when we can connect fleet management to our operating system,” he told me. In its favor, once something is solved, it’s solved for everyone. A mining company’s need to integrate Oxbotica with its system to dispatch drivers into mines is the same that Ocado will have for connecting its delivery vehicles.

The amount that it has proven, meanwhile, has convinced customers and backers that it’s not a matter of “if” anymore, but rather when this comes to fruition.

“Oxbotica really sets itself apart from its competitors thanks to its ambitious vision to unlock Universal Autonomy,” said Mitsuru Yamaguchi, senior managing executive officer at Aioi Nissay Dowa Insurance, in a statement. “We are excited to combine Oxbotica’s world-class AI and robotic techniques with our own pioneering expertise in the telematics insurance arena. This will leave us well placed to develop innovative insurance products and services which will create a safer, greener and more secure society for everyone.”

“We are excited to grow our investment in Oxbotica, which has become a global leader in autonomous vehicle software,” added Erin Hallock, managing partner at bp ventures. “Our sustained support is a great example of bp ventures’ continued investment in game-changing technology companies. By leveraging automation and digital technology we believe the team can improve safety and increase efficiency across a wide range of vehicles, and support bp’s ambition to accelerate the global revolution in mobility.”

Oxbotica raises $140M more as its B2B autonomous vehicle platform gains ground by Ingrid Lunden originally published on TechCrunch

A little over two years after its public debut, Mineral is becoming its own Alphabet company. The team, which was formerly known as the “Computational Agriculture Project” (no prizes for guessing why they adopted the new name), just graduated from the X “moonshot” labs.

“After five years incubating our technology at X, Alphabet’s moonshot factory, Mineral is now an Alphabet company,” CEO Elliott Grant said in a blog post. “Our mission is to help scale sustainable agriculture. We’re doing this by developing a platform and tools that help gather, organize, and understand never-before known or understood information about the plant world — and make it useful and actionable.”

Years after attempting to build a robotics division largely through acquisition, Alphabet appears to be growing one more organically in-house. Mineral follows Everyday Robots and Intrinsic in growing from X to a fully released Alphabet subsidiary.

Mineral uses its in-house robots to create datasets and do research about different crops. It explains that — over the course of its half decade of (mostly stealth) existence — it’s discovered that most companies are doing a good enough job collecting the scope of data required to leverage machine learning.

“There is no single mode of data collection suited to every agriculture task or crop,” says Grant. “We began with a plant rover that could capture huge quantities of high quality images, and over time expanded to building generalized perception technology that can work across platforms such as robots, third party farm equipment, drones, sentinel devices, and mobile phones.”

The company’s end goal is creating detailed and rich datasets that can be used by farmers across the world to tap into previously unknown factors in growing. In doing so, it hopes to help cultivate crops that are more resilient to climate change, without exacerbating the urgent issue.

Alphabet X graduates robotic agtech firm Mineral by Brian Heater originally published on TechCrunch

After launching Elon Musk’s version of the Twitter Blue subscription service last month in five countries, the company has expanded the paid plan to users in Japan. Both the old (launched in 2021) and revamped Twitter Blue subscriptions were available in the US, Canada, the UK, Australia, and New Zealand.

Twitter noted on its support page that users in Japan will be able to buy the subscription for ¥980 ($7.40) per month on the web and ¥1,380 ($10.42) per month on iOS. These prices are marginally lower than the US prices of $8 per month on the web and $11 per month on iOS.

At the moment, Twitter Blue offers features like the blue verification badge, longer video uploads, priority ranking in conversation replies, a thread reader, and an edit tweet feature along with custom icons and themes. While some of these features were already present in the legacy version of the paid subscription, the verification mark, higher limit on video uploads, and a boost in rankings are newly introduced features.

After taking over Twitter, Musk has had lofty plans of reducing reliance on ad revenue by adding more subscribers. He launched a new version of Twitter Blue initially in November but had to quickly shut it down because of people impersonating celebrities and brands.

Twitter Blue’s expansion in Japan is not surprising. In his first all-hands meeting as Twitter boss, Musk reportedly boasted about the social network’s market share in the country. Estimates noted that Japan has more than 50 million Twitter users.

Since then the company has tried to put guardrails around the new verification system by mandating users to have a phone number to buy the Blue subscription and putting a 90-day cool-off period for newly created accounts. However, Twitter’s manual verification system of reviewing names and bio are not working as intended. Last week, a Washington Post reporter successfully created a fake account of Senator Edward J. Markey.

Twitter launches its Blue subscription service in Japan by Ivan Mehta originally published on TechCrunch

Meta’s main subcontractor for content moderation in Africa, Sama, earlier Tuesday announced the closure of its content moderation arm at its hub in Kenya, citing the need to streamline operations.

This comes months after Sama and Meta were sued in the East African country for union busting, and exploitation, and just weeks after another lawsuit called for Meta to increase its content moderation capacity in Kenya.

Following the announcement by Sama, 200 employees, representing 3% of its team, will be let go as the company exits content review services, and concentrates on labelling work (computer vision data annotation).

The company sourced moderators from across Africa, and the closure of the arm is said to leave a section without work permits. Sama’s moderators were required to sift through social media posts on all its platforms, including Facebook, to remove those perpetrating and perpetuating hate, misinformation and violence.

Reports indicate Sama encouraged staff affected by the closure to apply for other job opportunities at its Kenya and Uganda offices.

“The current economic climate requires more efficient and streamlined business operations,” said Sama, according to a report by the Financial Times, which said that the social media giant has contracted Luxembourg-based Majorel to fill up the gap.

The decision to drop Meta’s contract, which expires end of March, comes months after a lawsuit was filed by Daniel Motaung, a South African national and ex-Sama content moderator, in Kenya last year accusing the two firms of forced labor and human trafficking, unfair labor relations, union busting and failure to provide “adequate” mental health and psychosocial support.

Sama’s decision also comes at a time when Meta is facing another lawsuit in Kenya over claims that the social media giant failed to employ enough safety measures on Facebook, which has, in turn, fueled a conflict that led to deaths, including of 500,000 Ethiopians during the recently-ended Tigray War.

The lawsuit claims the social site amplified hateful content, and failed to hire enough personnel, with an understanding of local languages, to moderate content.

Meta’s main content moderation partner in Africa shuts down operations by Annie Njanja originally published on TechCrunch

A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’.

The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight of the U.S. executive agency that manages the country’s federal land, national parks and a budget of billions of dollars, said that the department’s reliance on passwords as the sole way of protecting some of its most important systems and employees’ user accounts has bucked nearly two decades of the government’s own cybersecurity guidance of mandating stronger two-factor authentication.

It concludes that poor password policies puts the department at risk of a breach that could lead to a “high probability” of massive disruption to its operations.

The inspector general’s office said it launched its investigation after aprevious test of the agency’s cybersecurity defenses found lax password policies and requirements across the Department of the Interior’s dozen-plus agencies and bureaus. The aim this time around was to determine if the department’s security defenses were enough to block the use of stolen and recovered passwords.

Passwords themselves are not always stolen in their readable form. The passwords you create on websites and online services are typically scrambled and stored in a way that makes them unreadable to humans — usually as a string of seemingly random letters and numbers — so that passwords stolen by malware or a data breach cannot be easily used in further hacks. This is called password hashing, and the complexity of a password (and the strength of the hashing algorithm used to encrypt it) determines how long it can take a computer to unscramble it. Generally, the longer or more complex the password, the longer it takes to recover.

But watchdog staffers said that relying on claims that passwords meeting the department’s minimum security requirements would take more than a hundred years to recover using off-the-shelf password cracking software has created a “false sense of security” that its passwords are secure, in large part because of the commercial availability of computing power available today.

To make their point, the watchdog spent less than $15,000 on building a password-cracking rig — a setup of a high-performance computer or several chained together — with the computing power designed to take on complex mathematical tasks, like recovering hashed passwords. Within the first 90 minutes, the watchdog was able to recover nearly 14,000 employee passwords, or about 16% of all department accounts, including passwords like ‘Polar_bear65’ and ‘Nationalparks2014!’.

The watchdog also recovered hundreds of accounts belonging to senior government employees and other accounts with elevated security privileges for accessing sensitive data and systems. Another 4,200 hashed passwords were cracked over an additional eight weeks of testing.

Password cracking rigs aren’t a new concept, but they require considerable computing power and energy consumable to operate, and it can easily cost several thousands of dollars just to build a relatively simple hardware configuration. (For comparison, White Oak Security spent about $7,000 on hardware for a reasonably powerful rig back in 2019.)

Password-cracking rigs also rely on massive amounts of human-readable data for comparison to scrambled passwords. Using open-source and freely available software like Hashcat can compare lists of readable words and phrases to hashed passwords. For example, ‘password’ converts to ‘5f4dcc3b5aa765d61d8327deb882cf99’. Because this password hash is already known, a computer takes less than a microsecond to confirm it.

According to the report, the Department of the Interior provided the password hashes of every user account to the watchdog, which then waited 90 days for the passwords to expire — per the department’s own password policy — before it was safe to attempt to crack them.

The watchdog said it curated its own custom wordlist for cracking the department’s passwords from dictionaries in multiple languages, as well as U.S. government terminology, pop culture references, and other publicly available lists of hashed passwords collected from past data breaches. (It’s not uncommon for tech companies to also collect lists of stolen passwords in other data breaches to compare to their own set of customers’ hashed passwords, as a way of preventing customers from re-using the same password from other websites.) By doing so, the watchdog demonstrated that a well-resourced cybercriminal could have cracked the department’s passwords at a similar rate, the report said.

The watchdog found that close to 5% of all active user account passwords were based on some variation of the word “password,” and that the department did not “timely” wind down inactive or unused user accounts, leaving at least 6,000 user accounts vulnerable to compromise.

The report also criticized the Department of the Interior for “not consistently” implementing or enforcing two-factor authentication, where users are required to enter a code from a device that they physically own to prevent attackers from logging in using just a stolen password. The report said that nearly nine out of 10 of the department’s high-value assets, such as systems that would severely impact its operations or the loss of sensitive data, were not protected by some form of second-factor security, and the department had as a result disregarded 18 years of federal mandates, including its “own internal policies.” When the watchdog asked for a detailed report on the department’s use of two-factor authentication, the department said the information did not exist.

“This failure to prioritize a fundamental security control led to continued use of single-factor authentication,” the watchdog concluded.

In its response, the Department of the Interior said it concurred with most of the inspector general’s findings, and said it was “committed” to the implementation of the Biden administration’s executive order directing federal agencies to improve their cybersecurity defenses.

Read more:

Hackers stole passwords for accessing 140,000 payment terminals
LastPass says hackers stole customers’ password vaults
Passwordstate customers complain of silence and secrecy after cyberattack

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes by Zack Whittaker originally published on TechCrunch