Google appears to have disabled Google Translate in parts of China

Google appears to have disabled access to Google Translate in parts of China, redirecting visitors to the Hong Kong domain — which isn’t accessible from the mainland. According to users on Reddit and site archives viewed by TechCrunch, Google swapped the Google Translate interface at translate.google.cn with a generic Google Search page at some point within the last 24 hours.

The change is reportedly impacting the translation features of apps like KOReader, a document viewer, for China-based users, as well as Chrome’s built-in translation functionality. Google hasn’t responded to a request for comment; we’ll update this piece if we hear back.

Google has a long and complicated relationship with the Chinese government. In 2006, the company entered the Chinese market with a version of its search engine that was subject to government censorship rules. But after state-sponsored hacks and government-ordered blocks on Google services in response to YouTube footage showing Chinese security forces beating Tibetans, Google shut down Google Search in the mainland and briefly rerouted searches through its uncensored Hong Kong domain.

Google Translate blocked

The current Google Translate homepage in many parts of China.

Google reportedly explored relaunching Google Search in China in 2018 and 2019 as part of a project code-named Dragonfly, which would’ve censored results and recorded users’ locations as well as their internet browsing histories. But those plans were scuttled following clashes within Google led by the company’s privacy team, according to The Intercept.

In 2020, following the enactment of a national security law in Hong Kong that gave local authorities greatly expanded surveillance powers, Google said it wouldn’t directly respond to data requests from the Hong Kong law enforcement and instead would have them go through a mutual legal assistance treaty with the U.S.

Assuming it’s not a technical issue, the disabling of Google Translate in much of the mainland could be related to the upcoming National Congress of the Chinese Communist Party, which takes place October 16. The Chinese government has previously blocked Google services around major political events and politically sensitive anniversaries like that of the Tiananmen Square massacre.

Google appears to have disabled Google Translate in parts of China by Kyle Wiggers originally published on TechCrunch

Chinese automaker Geely snaps up 7.6% stake in Aston Martin

Geely Holding Group acquired a 7.6% share of British luxury automaker Aston Martin Lagonda Global Holdings, helping cement the Chinese company’s stake in luxury and European brands.

Geely will not get a board seat in the deal, but that hasn’t seemed to matter in its past dealings. Geely, which owns Lotus and its the largest shareholder of Polestar and Volvo Cars, took a 10% stake valued at $9 billion in Mercedes-Benz parent Daimler in 2018. Geely didn’t have a board seat either, but managed to exert its influence over the company, including a joint venture with the German automaker that gave it partial control of the Smart car brand.

Geely Holding Group CEO Daniel Donghui Li said in a statement that the company’s well-established track record and technology offerings will be able to contribute to Aston Martin’s future success.

Aston Martin or Geely did not provide a value of the transaction.

Aston Martin also announced that it raised $732 million from investors that included Mercedes-Benz and Saudi’s Public Investment Fund participating. Yew Tree Consortium holds 19% of Aston Martin following the raise. The Public Investment Fund has become a new anchor shareholder with a 18.7% stake in the company.

“I am delighted that we have successfully completed this transformational capital raise which significantly strengthens our financial position and enhances our pathway to becoming sustainably free cash flow positive,” executive chairman Lawrence Stroll said in a statement. “Along with Amedeo and the leadership team, we are fully focused on unlocking the significant shareholder value creation potential of this ultra-luxury British performance brand.”

Chinese automaker Geely snaps up 7.6% stake in Aston Martin by Kirsten Korosec originally published on TechCrunch

Why this Blizzard vet thinks the next killer web3 game will come from China

This year, around 3.2 billion people — or about 40% of the world’s population — will play games, with total spending nearing $200 billion, estimates industry researcher Newzoo. The purveyors of web3 want a slice of this gargantuan market. Criticisms of the first generation of crypto games, dominated by the play-to-earn model, have already been well documented, so the question for developers now is what decentralized games should look like.

Back in July, I wrote that veterans from the gaming industry overwhelmingly agree blockchain games should be fun to play and offer a sustainable financial model, both of which are missing in play-to-earn games like Axie Infinity. When it comes to genres, many of them believe massively multiplayer online (MMO) games have the chance to onboard the masses into web3. The genre, which has given rise to epic titles with flourishing virtual economies like World of Warcraft and EVE Online, could benefit from having in-game assets as blockchain-based tokens to enable true user ownership, they say.

And one country, in particular, has the potential to drive this transition.

“China has the best MMO teams in the world,” argues Jerome Wu, who worked on World of Warcraft’s China publishing during his three years with The9 and seven years with Blizzard, followed by stints at nWay, Baidu Games, and 360 Games.

Like many of his industry peers, Wu jumped on the web3 bandwagon. Over the past year, he’s been working on a space-themed MMO title called Space Nation, which is aiming to be a AAA blockchain game with co-founders including veteran game director Tony Tang and film director Roland Emmerich, who’s known for high-budget catastrophe movies. The game has a total budget of $40 million.

The team is spread across multiple countries with core development taking place in China because “the country’s MMO developers are the most efficient and cost-effective in the world,” according to Wu.

While China might not produce the most original and impressive gameplay — which is perhaps why Tencent and NetEase recently sought out creative directors in the U.S. — the country’s game developers have overtaken their Western counterparts on other fronts.

But if China doesn’t have the most creative minds, would its web3 plays live up to user expectations? Blockchain games are still in their infant stage and have more urgent problems to solve, Wu contends. “What they need right now is a better economic system and a more solid technical infrastructure, which are exactly where China’s edge lies.”

“If NetEase decided to go into web3 gaming, it could be a threat to the rest of the industry,” Wu says, referring to the Chinese gaming titan behind the MMO Fantastic Westward Journey, one of the highest-grossing video games of all time.

But neither Tencent nor its rival NetEase has made visible forays into decentralized gaming. As a former Electronics Arts executive pointed out, big corporations tend to be more cautious about pursuing a new industry, especially one whose reputation has been tarnished by Ponzi-like play-to-earn games.

China’s strength in MMO is a latecomer’s advantage, Wu suggests. Homegrown developers began to emerge only around 2000; at the time, they had no chance of beating top games imported from foreign companies, such as MMO works Stone Age, Cross Gate, Legend of Mir, MU, and World of Warcraft. But foreign games needed help with localization and publishing, which gave Chinese firms an opportunity to carve out expertise and learn from these big titles.

The success of MMO, Wu says, hinges largely on a well-designed economic system and hands-on, meticulous community management. “Through working on product operation and publishing for foreign games, Chinese studios gained deep insight into economic and social design, user behavior, and monetization. They quickly turned around and used that knowledge in their own game development, which is why most of their early-day hits were MMO.”

“You will see that Chinese people are always at the forefront of devising new business models and then improving them,” he adds. It’s perhaps no surprise that China also pioneered the free-to-play monetization model.

Having a solid infrastructure is also key to a genre of games that could see hundreds of thousands of players online at once. China’s game operators were trained to prevent crashes from day one. “The internet in China in the early days was so complicated and wonky that we had no choice but to keep buttressing our IT and network stability,” recalled Wu. “That wasn’t something that Western studios had to worry about, so they were more focused on the grand plans than trying to prepare for a network crash.”

Why this Blizzard vet thinks the next killer web3 game will come from China by Rita Liao originally published on TechCrunch

NebulaGraph reaps from China’s growing appetite for graph databases

Graph databases, which store information in nodes and relationships instead of tables like Excel sheets, have grown in popularity amid an explosion of data across industries. While TigerGraph and Neo4j have dominated the Western market, China is seeing its own homegrown pioneers in the space.

NebulaGraph is one of China’s fastest-growing startups offering graph databases with open-source and enterprise subscription options. Two years after we covered its $8 million funding round, the company announced this week that it has closed a Series A round led by Jeneration Capital. The company did not specify how much it has raised, only saying it’s in the “low tens of millions” of dollars.

Other investors in the round include Matrix Partner China, Redpoint China Ventures, and Source Code Capital.

NebulaGraph has recorded some encouraging growth over the last two years, during which its user number soared to over 900 from just 60, including freemium and paid ones. The types of users have also broadened. Two years ago, customers were mainly using NebulaGraph to explore data relationships on social media, e-commerce, and fintech platforms. Since then, the startup has attracted companies from the manufacturing sector, the most surprising ones being electric vehicle and airplane makers.

The EV supply chain is highly sophisticated and each car sale can generate reams of data from the design stage to after it ships, said founder and CEO Sherman Yu, who previously worked at Ant Group and Meta. Even a small defect in a nail could have a big ripple effect on the vehicle, so manufacturers keep a mountain of information detailing the conditions of various parts, such as which supplier and even worker is responsible for them.

That’s not the end of data collection. In today’s hyper customization, internet-connected vehicles are also learning driver and passenger behavior. That means auto companies need more robust tools to process the ocean of data they own, which is where graph databases come into play.

“You could still find relationships in data before, but relational databases become very slow as the data set grows,” explained Yu. Much of what NebulaGraph does for its customers is real-time, like shopping recommendations, so speed is critical.

Other emerging user cases for NebulaGraph include AI-based drug discovery and chip design, Yu added.

Some 90% of the company’s users are in China, but like many maturing open source SaaS firms, NebulaGraph has a vision of venturing into the West and building a global developer community. The company’s plan to open an office in the U.S. was “stalled” by the COVID-19 pandemic, Yu said, but it’s retooling resources to bring back global expansion in 2023.

While many of China’s consumer-oriented startups are going global as regulatory uncertainties rise at home, NebulaGraph wants a piece of the Western SaaS market because it’s “more mature,” said Yu.

With the world’s largest internet population, China clearly has an abundance of data to mine. The problem is that from scrappy startups to deep-pocketed corporations, the willingness to pay for SaaS remains low. That’s in part due to China’s long history of software piracy and its relatively low labor costs, which make workplace automation less urgent than in the West.

There’s also a legacy accounting issue, Yu explained. Till today, China still hasn’t formally classified computer software — whether it should be categorized as assets or costs, making it tricky for companies to do their books.

NebulaGraph reaps from China’s growing appetite for graph databases by Rita Liao originally published on TechCrunch

Singapore’s KNN3 wants to enable social discovery for decentralized apps

There’s no shortage of startups trying to make sense of the explosive growth of data generated from blockchain applications. Nansen has the support from a16z to provide on-chain data analysis for crypto investors. The Graph offers an API for developers to query blockchain data. The latest to get VC recognition is KNN3, a Singapore-based startup working to help developers make sense of relational data across blockchains.

When we get on a social network, the first thing that surfaced is normally suggestions for following. This information is based on analyses of our digital footprint history. KNN3 wants to do the same in web3 by building graph databases that analyze users’ relationships, status, memberships, and other on-chain actions.

The blockchain data space is already quite crowded, co-founder Thomas Yu admitted, but there’s still room for more specialized services. Nansen and web3 development platform Alchemy come in the form of centralized SaaS products. The Graph is “programmable”, but the data structure it supports is quite “limited”, Yu argued.

That’s why Yu, along with his former BTC China colleague Errance Liu, set out to build KNN3, a permissionless (hence decentralized) tool for developers to draw insight from cross-blockchain user data.

KNN3 is starting out by targeting consumer-facing dApps in Asia. While much of web3’s infrastructure building is happening in the West, Asia is generally regarded as the innovation hub of consumer applications, highlighted by the popularity of GameFi platforms like Axie Infinity and StepN. One of KNN3’s better-known customers is Mask Network, which enables users to send cryptocurrencies on web2 services and is now building a decentralized identity system using KNN3’s tech.

In the U.S., in contrast, KNN3 plans to go after enterprise-facing organizations like Chainlink, which feeds real-life data called “oracles” into smart contracts and where Yu used to work. KNN3 is weighing a new product that would provide cloud services built on top of Chainlink’s oracles, which, eventually, will allow developers to build and run decentralized apps and smart contracts without worrying about the “fundamental data layer.”

“What that means is that a developer can use a web2 tool like Google Cloud but actually is building a web3 tool, rather than writing a smart contract and making it work across chains. KNN3 has built the trustless infrastructure using oracles and developers can simply run a container within it,” explained Yu.

KNN3 said it has raised $2.4 million in a seed funding round led by the crypto-focused venture capital firm HashGlobal and Liang Xinjun, former vice chair and CEO of Chinese conglomerate Fosun International. The round closed in April but was only announced it this month.

The seed investment also had a long string of participating investors — a seemingly popular strategy for blockchain startups to form allies early on. They include Mask Network, MetaWeb Venture, Eniac Venture, Tess Venture, Stratified Capital, Fundamental lab, Incuba Alpha, Zeuth Venture, Cogitent Venture, Atlas Capital; Impossible Finance, RSS3, ShowMe, and ETHsign’s co-founders Yan Xin and Potter Li.

KNN3 currently employs a team of 24 across Singapore, China, Europe, and the U.S. With the funding, it looks to attract more tech talent from Silicon Valley. “It’s a good time to hire in the bear market because a lot of rivals are downsizing,” Yu said.

Singapore’s KNN3 wants to enable social discovery for decentralized apps by Rita Liao originally published on TechCrunch

‘Top Widgets’ soars to No 1 on the App Store, displacing BeReal, as iOS 16 customization takes off

As iOS 16 Lock Screen customization takes off, an iPhone personalization app called Top Widgets has soared to the No. 1 spot on the U.S. App Store’s top free apps list, displacing BeReal. The Sichuan, China-based app maker first introduced Top Widgets in August 2020 to capitalize on the introduction of Home Screen widgets with the release of iOS 14. With its newly added support for iOS 16’s Lock Screen widgets, the app has gained approximately 1.3 million downloads in the two days following Monday’s iOS 16 launch.

That’s up 1,812% from the two days prior to iOS 16’s release, when the app saw approximately 68,000 installs, according to data from mobile intelligence firm Sensor Tower.

To date, Top Widgets has topped 30 million worldwide installs, the firm says. The majority are from the company’s home country of China, which accounts for around 25.8 million lifetime downloads, or 86% of the total. The U.S., by comparison, is a smaller market for this app, with some 730,000 installs to date, or 2% of the total.

In addition to ranking in the No. 1 position on the U.S. App Store as of Thursday, the app is also No. 1 in 58 other global markets. It’s the No. 1 app in the Utilities category in 80 markets.

Top Widgets is similar in some ways to other popular widget designers, like Widgetsmith — one of the more successful apps to emerge from the original iPhone customization craze, thanks to its DIY tools for creating custom widgets that match your overall iPhone theme, wallpaper and icons. (In fact, Top Widgets even stuffs the keyword “widgetsmith” into its App Store description!)

Image Credits: Top Widgets

Like other widget markers, Top Widgets’ tools allow users to select from a range of common Home Screen widget types, like photos, clocks, calendars, weather, reminders, and more.

But it also includes a few features that differentiate it from other widget apps on the market, including a transparent widget type that doesn’t block your iPhone’s background wallpaper as well as a variety of “quick launcher” widget styles that let you put tappable access to favorite apps in a widget format — which offers more customization possibilities compared with the use of app icons.

@itshibazia a tutorial on how to actually get your apps like this… you don’t need ios 16 #topwidgets #topwidgetstutorial #ChewTheVibes #fyp #iphonetutorial #applewatch #iphoneorganization #iphoneapps #tech #apple #ios16 #iphonehacks #iphonetutorials ♬ original sound – Hiba Zia

In addition, the app includes an interesting widget type it calls “x-panel,” which puts a variety of informational blocks — like battery percentage, storage space used, Wi-Fi toggles and more — into a single dashboard-like widget that can be pinned to your Home Screen.

With its iOS 16 release, this x-panel style widget has now been ported to the Lock Screen, providing a tiny dashboard of information about your phone you can view without having to unlock your device. This could be useful for those who want more at-a-glance information available, since the current Lock Screen design limits the number of widgets that can be added. (But you’ll need good eyesight to read it!)

The iOS 16 version of the Top Widgets app also offers a number of other Lock Screen widget types — like animations and cartoons that cleverly use the Lock Screen’s rectangular widget designs to create an image stretched across two widgets placed side-by-side.

For example, you can add two Lock Screen widgets with a cupid shooting his arrow through a beating heart or watch as a bunny inflates a balloon. Or, if you prefer to use square widgets, the app offers a set of smaller emoji-like widgets that could to be added together in a row, including things like a smiley, heart, and little chick.

These sorts of widgets have an obvious appeal to a younger, Gen Z crowd, who may be more interested in personalizing their Lock Screen with cute characters, designs and animations, rather than the sort of “boring” information an adult would want to see — like their next calendar appointment, emails, or reminders, for instance.

Naturally, this found the app featured in a variety of TikTok videos this week, including one top viral video that’s now pulled in over 514,000 views and has been bookmarked 87.4K times.

@tinylittleangel.77 I’m in love &lt3 APPS USED: TOP WIDGETS #ios16 #ios16features #iosupdate #ios14homescreen #ios16new #iphone #iphone11 #topwidgets #widgetsmith #fyp #fypage #xyzbca ♬ there is a light and it never goes out spedup – posh 🍋

While the App Store’s Top Charts algorithm has historically relied on factors like the number of installs and the velocity of those installs, among other factors, it’s now being regularly manipulated by TikTok-based marketing efforts. It’s likely this viral video and others featuring the widget are behind many of Top Widgets’ new U.S. installs these past few days.

The app itself is published under the developer name of Chengdu Guluoying Technology Co. and points to the website xiaozujian.com. No developer names or contact information, beyond a postal mailing address, is provided on its site. TechCrunch attempted to reach the company through various standard email addresses ahead of publication. We did not hear back.

‘Top Widgets’ soars to No 1 on the App Store, displacing BeReal, as iOS 16 customization takes off by Sarah Perez originally published on TechCrunch

Miners flee to Ethereum Classic as ‘the Merge’ arrives

The Merge, the long-awaited software upgrade that promises to make Ethereum transactions a lot greener, is expected to put miners out of jobs. But miners are not quitting outright. With big bucks invested in computing hardware, many of them are seeking refuge in an alternative branch of Ethereum.

Ethereum Classic, a hard fork of the Ethereum network, saw its hash rate soar to a record high on Thursday morning shortly after the Merge was completed. Hash rate is the computational power used to approve transactions on a blockchain, a mechanism called proof-of-work. Following the Merge, Ethereum is switching to a consensus method called proof-of-stake. Instead of competing with powerful computers and essentially chips, node operators stake their cryptocurrencies to win the chance to validate transactions.

Ethereum Classic, which trades as ETC, grew out of an ideological rift within the Ethereum community. In 2016, the Ethereum Foundation underwent a hard fork to reverse a significant hack that involved $150 million of investor funds. The other version of the fork, which became Ethereum Classic, kept the hack in order to preserve the immutability proposed by blockchain technology.

Aside from keeping the network’s ledgers pristine, Ethereum Classic also continues to practice the PoW method, attracting miners made redundant by the mainstream Ethereum (ETH). But the classic blockchain is far less popular than Ethereum today. ETC is currently the 17th largest cryptocurrency with a market cap of just around $5.3 billion, while ETH is hovering around $195 billion.

Nonetheless, miners are piling into ETC, which might undermine some of the environmental benefits of the Merge. As James, who has been mining since 2017, said: “ETH is an abandoned project by the ETH foundation and we are the abandoned miners. Rigs are invested and facilities are set up with nowhere to go. The only viable option at the moment is Ethereum classic.”

“Miners did not stop mining, they just shift to other options to mine. Energy consumption continued,” he added.

Mining was a hugely lucrative business for those who got in early. Bitmain, the world’s largest crypto equipment maker, was racking up a net profit of nearly $1 billion in the first half of 2018 as demand soared. The gold rush has unintended consequences, too, as its reliance on computational power exacerbated the global chip shortage over the past few years.

The U.S. is the world’s largest source of hash rate today with China coming in second, according to research from the University of Cambridge. China was for a long time the world’s top mining hub before Bejing imposed a blanket ban on the industry it deemed polluting and obsolete. Its share of Bitcoin hash rate accounted for up to 90% of the world’s total in September 2020 before crashing to zero following the crackdown in July 2021, but the number has since rebounded as many miners are believed to have resumed work in a more discreet manner.

Miners flee to Ethereum Classic as ‘the Merge’ arrives by Rita Liao originally published on TechCrunch

Meta, TikTok, YouTube and Twitter dodge questions on social media and national security

Executives from four of the biggest social media companies testified before the Senate Homeland Security Committee Wednesday, defending their platforms and their respective safety, privacy and moderation failures in recent years.

Congress managed to drag in a relatively fresh set of product-focused executives this time around, including TikTok COO Vanessa Pappas, who testified for the first time before lawmakers, and longtime Meta executive Chris Cox. The hearing was convened to explore social media’s impact on national security broadly and touched on topics ranging from domestic extremism and misinformation to CSAM and China.

Committee Chair Sen. Gary Peters pressed each company to disclose the number of employees they have working full-time on trust and safety and each company in turn refused to answer — even though they received the question prior to the hearing. Twitter General Manager of Consumer and Revenue Jay Sullivan chipped in the only numerical response, noting that the company has 2,200 people working on trust and safety “across Twitter,” though it wasn’t clear if those employees also did other kinds of work.

It’s no secret that social media moderation is patchy, reactive and uneven, largely because these companies refuse to invest more deeply in the teams that protect people on their platforms. “We’ve been trying to get this information for a long time,” Peters said. “This is why we get so frustrated.”

Senator Alex Padilla (D-CA) steered the content moderation conversation in another important direction, questioning Meta Chief Product Officer Chris Cox about the safety efforts outside of the English language.

“[In] your testimony you state that you have over 40,000 people working on trust and safety issues. How many of those people focus on non English language content and how many of them focus on non U.S. users?” Padilla asked.

Cox didn’t provide an answer, nor did the three other companies when asked the same question. Though the executives pointed to the total number of workers who touch trust and safety, none made the meaningful distinction between external contract content moderators and employees working full-time on those issues.

Whistleblowers and industry have repeatedly raised alarms about inadequate content moderation in other languages, an issue that gets inadequate attention due to a bias toward English language concerns, both at the companies themselves and at U.S.-focused media outlets.

In a different hearing yesterday, Twitter’s former security lead turned whistleblower Peiter “Mudge” Zatko noted that half of the content flagged for review on the platform is in a language the company doesn’t support. Facebook whistleblower Frances Haugen has also repeatedly called attention to the same issue, observing that the company devotes 87% of its misinformation spending to English language moderation even though only 9% of the platform’s users speak English.

In another eyebrow-raising exchange, Twitter’s Jay Sullivan declined to specifically deny accusations that the company “willfully misrepresented” information given to the FTC. “I can tell you, Twitter disputes the allegations,” Sullivan said, referring to testimony from the Twitter whistleblower on Tuesday.

TikTok and China

In her first appearance before Congress with TikTok, Pappas immediately fell into step with her peers, evading straightforward questions, offering partial answers and even refusing at one point to admit TikTok’s well-documented connections to China. When Sen. Rob Portman (R-OH) pressed Pappas on where TikTok’s Chinese parent company ByteDance is based, she dodged the question awkwardly by claiming the company is distributed and doesn’t have a headquarters at all. Pappas, under oath, also categorically denied explosive reports from BuzzFeed that China-based ByteDance employees regularly accessed private data on U.S. TikTok users, even though that reporting is drawn from leaked audio.

The TikTok executive also declined to agree to Portman’s request that the company cut off the flow of user data to any employees based in China, including ByteDance employees. “Under no circumstances would we give user data to the Chinese government,” Pappas insisted, though she did not weigh in on behalf of TikTok’s parent company.

Sen. Josh Hawley (R-MO) also drilled into TikTok’s relationship with the Chinese government. “Are there members of the Chinese Communist Party employed by TikTok or ByteDance, or no?” Hawley asked.

Pappas avoided answering directly but eventually landed on the answer that no one making “strategic decisions” at the company has ties to the Chinese government.

All told this was another round of Congress getting stonewalled by top decision makers from some of the world’s largest, most powerful and culturally influential companies. For his part as chair, Peters was realistic about the situation, noting that short of regulatory changes to the incentives that drive social media companies, nothing is going to change — including in these sessions.

“I’ll be honest, I’m frustrated that… all of you [who] have a prominent seat at the table when these business decisions are made were not more prepared to speak to specifics about your product development process, even when you are specifically asked if you would bring specific numbers to us today,” Peters said, concluding the hearing. “Your companies continue to avoid sharing some really very important information with us.”

Meta, TikTok, YouTube and Twitter dodge questions on social media and national security by Taylor Hatmaker originally published on TechCrunch

TikTok claims it’s not collecting U.S. users’ biometric data, despite what privacy policy says

Last year, TikTok quietly updated its privacy policy to allow the app to collect biometric data on U.S. users, including “faceprints and voiceprints” — a concerning change that the company declined to detail at the time, or during a subsequent Senate hearing held last October. Today, the tech company was again asked about its intentions regarding this data collection practice during a Senate hearing focused on social media’s impact on homeland security. 

TikTok’s earlier privacy policy change had introduced a new section called “Image and Audio Information” under the section “Information we collect automatically.” Here, it detailed the types of images and audio that could be collected, including: “biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints.”

The policy language was vague as it didn’t clarify whether it was referring to federal law, state laws, or both, nor did it explain why, exactly, this information was being collected, or how it might be shared.

To learn more, Senator Kyrsten Sinema (D-AZ) today asked TikTok’s representative for the hearing, its Chief Operating Officer Vanessa Pappas, if the biometric data of Americans had ever been accessed by or provided to any person located in China.

She also wanted to know if it was possible for this biometric data to be be accessed by anyone in China. 

Pappas didn’t directly answer the question with a simple yes or no, but rather went on to clarify how TikTok defines biometric data. 

Noting that everyone has their own definition of what “biometrics” means, Pappas claimed TikTok did not use “any sort of facial, voice or audio, or body recognition that would identify an individual.”

She further explained that such data collection was only used for video effects and stored locally on users’ devices, where it’s subsequently deleted.

“…the way that we use facial recognition, for example, would be is if we’re putting an effect on the creator’s video — so, you were uploading a video and you wanted to put sunglasses or dog ears on your video — that’s when we do facial recognition. All of that information is stored only in your device. And as soon as it’s applied — like that filter is applied and posted — that data is deleted,” Pappas said. “So we don’t have that data.”

In other words, the TikTok exec saying that ByteDance employees in China would have no way of collecting this data from TikTok’s U.S. users in the first place, because of how this process works at a technical level. (TikTok, of course, has hundreds of filters and effects in its app, so analyzing how each one works independently would take technical expertise and time.)

Notably, this is the first time the company has responded to U.S. Senators’ inquiries about the app’s use of biometrics, as the question brought up during the October 2021 hearing was essentially dodged at the time. When Senator Marsha Blackburn (R-TN) followed up with TikTok for more information after that hearing, the question about facial recognition and voiceprints hadn’t been included on the list of questions TikTok returned to her office later that year in December.

The biometrics issue also didn’t come up in the letter TikTok sent to a group of U.S. senators in June 2022, to answer follow-up questions about Chinese ByteDance employees’ access to TikTok U.S. users’ data, after BuzzFeed News’ damning report on the matter. Instead, that letter was focused more on how TikTok had been working to move its U.S. users’ data to Oracle’s cloud to further limit access from staff in China.

The lack of understanding about TikTok’s use of biometrics aspect raised further concerns in April 2022, when the ACLU pointed out that a new TikTok trend involved having users film their eyes up close, then using a high-resolution filter to show the details, patterns and colors of their irises. At the time of its report, over 700,000 videos had been created using the filter within a month’s time, it said. (Today, TikTok’s app reports only 533,000+ videos.) In an email to TechCrunch, the ACLU had also suggested taking a look at Oracle’s biometric technology, given its plans to host TikTok user data.

In addition to questions about biometric data collection, TikTok was also asked in today’s hearing whether or not it was tracking users’ keystrokes.

This related to an independent privacy researcher’s finding, released in August, which claimed the TikTok iOS app had been injecting code that could allow it to essentially perform keylogging. Ireland’s Data Protection Commission also requested a meeting with TikTok after this research was released.

At the time, TikTok explained the report was misleading, as the app’s code was not doing anything malicious, but was rather used for things like debugging, troubleshooting and performance monitoring. The company also said that it used keystroke information to detect unusual patterns to protect against fake logging, spam comments and other behavior that could threaten its platform.

At today’s hearing, Pappas again stressed that TikTok was never collecting the content of what was being typed, and that, to her knowledge, this had been “an anti-spam measure.”

 

 

TikTok claims it’s not collecting U.S. users’ biometric data, despite what privacy policy says by Sarah Perez originally published on TechCrunch

What we learned when Twitter whistleblower Mudge testified to Congress

A ticking bomb of security vulnerabilities. Covering up security failures. Duping regulators and misleading lawmakers.

These are just some of the allegations when Twitter’s ex-security lead turned whistleblower, Peiter Zatko, testified to the Senate Judiciary Committee on Tuesday, less than a month after the release of his explosive whistleblower complaint filed with federal regulators. Zatko, better known as Mudge, made his first comments since the public release of his complaint.

Twitter did not respond to a request for comment.

These are the key takeaways from Mudge’s testimony to lawmakers and what we learned from Tuesday’s hearing.

FBI warned Twitter it had a Chinese spy on staff

Sen. Chuck Grassley, the ranking member of the Senate Judiciary Committee, said in his opening remarks that the FBI warned Twitter that it may have a Chinese spy on its payroll.

A redacted version of Mudge’s whistleblower complaint released last month said that Twitter received specific information from the U.S. government that “one or more particular company employees were working on behalf of another particular foreign intelligence agency.” The nationality of the foreign intelligence agents were not disclosed at the time.

But Mudge told the panel that the spy was an agent of China’s Ministry of State Security, or MSS, the country’s main intelligence agency. He added that because Twitter engineers — about 4,000 employees — have broad access to company data, a foreign agent hired as an engineer would have access to personal user information and potentially other sensitive company information, such as Twitter’s plans to censor information in a certain region or concede to demands of a government request. But because Twitter did not closely monitor or log employees’ access, according to his complaint, Mudge said it was “very difficult” to identify what specific data was taken by Twitter employees as foreign agents.

The Chinese spy wasn’t the only agent of a foreign government on Twitter’s payroll. Mudge said in his complaint that the Indian government “succeeded in placing agents on the company payroll” who were granted “direct unsupervised access to the company’s systems and user data.” In August, a former Twitter employee was found guilty of spying for the Saudi government and handing over user data of suspected dissidents.

Thousands of attempts to hack into Twitter weekly

A common theme in Mudge’s complaint is that Twitter did not have the visibility to know what data engineers had access to, or what user data or company information they were accessing. But one system that tracked logins for Twitter engineers found that it was registering “thousands” of failed attempts to log in to Twitter’s systems each week, Mudge told members of Congress.

Mudge said in his complaint that the company saw as many as 3,000 failed attempts each day, describing it as a “huge red flag.” Mudge said then-Twitter chief technology officer Parag Agrawal — now chief executive — did not assign anyone to diagnose or fix the issue, the complaint added.

“This fundamental lack of logging inside Twitter is a remnant of being so far behind on their infrastructure, the engineering, and the engineers not being given the ability to put things in place to modernize,” Mudge testified.

What Twitter knows about its users, and why spies want it

Given the focus of Twitter’s apparent lax access controls to users’ information, lawmakers asked Mudge what specific kind of data that Twitter collects from its users. Mudge said Twitter does not fully understand the scale of what data it collects.

He said among the data Twitter collects includes: a user’s phone number, the current and past IP addresses that the user is connecting from, current and past email addresses, the person’s approximate location based on IP addresses, and information about the person’s device or browser they are accessing Twitter from, such as the make and model, and user’s language.

Mudge said it was possible that engineers had access to this information and would be an attractive target for foreign intelligence agencies. One of the reasons he cited was that it would be helpful for governments to target particular groups and keep tabs on what Twitter knows about their agents or information operations.

Mudge also warned that Twitter user information could be used for harassment or targeting individuals as part of influence operations in the real-world, such as a family member or a colleague, and used as leverage to influence people close to them without their awareness. “It might be used with other data collection,” Mudge told lawmakers, citing previous breaches, including massive thefts of health data and U.S. government personnel files, such as the breach of 22 million records from the U.S. Office of Personnel Management in 2012. Mudge told lawmakers that his own OPM file was stolen in the breach from when he worked for the federal government.

U.S. government agencies let companies ‘grade their own homework’

Mudge’s complaint and subsequent testimony lands just months after Twitter paid $150 million in a settlement with the Federal Trade Commission for violating its 2011 privacy agreement, after the company used email and phone data for securing their accounts but then used that same information for targeted advertising.

Mudge told lawmakers that while government agencies have a responsibility to enforce the law and that they have the right intent, he accused the FTC of being a “little over its head” by allowing companies to “grade their own homework.” In response to a question by Sen. Richard Blumenthal, Mudge referenced the 2011 privacy agreement and asked, “How [has Twitter] been passing this?”

Speaking of the regulators and their enforcement powers, Mudge told lawmakers: “What I have seen, the tools in the toolbelt are not working.”

What we learned when Twitter whistleblower Mudge testified to Congress by Zack Whittaker originally published on TechCrunch