Zoom admits some calls were routed through China by mistake

Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.

To recap, Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.

The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls. Zoom said in an earlier blog post that it has “implemented robust and validated internal controls to prevent unauthorized access to any content that users share during meetings.” The same can’t be said for Chinese authorities, however, which could demand Zoom turn over any encryption keys on its servers in China to facilitate decryption of the contents of encrypted calls.

Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it “mistakenly” allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

From Zoom’s CEO Eric Yuan:

During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform. In all instances, Zoom clients are provided with a list of datacenters appropriate to their region. This system is critical to Zoom’s trademark reliability, particularly during times of massive internet stress.”

In other words, North American calls are supposed to stay in North America, just as European calls are supposed to stay in Europe. This is what Zoom calls its data center “geofencing.” But when traffic spikes, the network shifts traffic to the nearest data center with the most available capacity.

China, however, is supposed to be an exception, largely due to privacy concerns among Western companies. But China’s own laws and regulations mandate that companies operating on the mainland must keep citizens’ data within its borders.

Zoom said in February that “rapidly added capacity” to its Chinese regions to handle demand was also put on an international whitelist of backup data centers, which meant non-Chinese users were in some cases connected to Chinese servers when data centers in other regions were unavailable.

Zoom said this happened in “extremely limited circumstances.” When reached, a Zoom spokesperson did not quantify the number of users affected.

Zoom said that it has now reversed that incorrect whitelisting. The company also said users on the company’s dedicated government plan were not affected by the accidental rerouting.

But some questions remain. The blog post only briefly addresses its encryption design. Citizen Lab criticized the company for “rolling its own” encryption — otherwise known as building its own encryption scheme. Experts have long rejected efforts by companies to build their own encryption, because it doesn’t undergo the same scrutiny and peer review as the decades-old encryption standards we all use today.

Zoom said in its defense that it can “do better” on its encryption scheme, which it says covers a “large range of use cases.” Zoom also said it was consulting with outside experts, but when asked, a spokesperson declined to name any.

Bill Marczak, one of the Citizen Lab researchers that authored today’s report, told TechCrunch he was “cautiously optimistic” about Zoom’s response.

“The bigger issue here is that Zoom has apparently written their own scheme for encrypting and securing calls,” he said, and that “there are Zoom servers in Beijing that have access to the meeting encryption keys.”

“If you’re a well-resourced entity, obtaining a copy of the internet traffic containing some particularly high-value encrypted Zoom call is perhaps not that hard,” said Marcak.

“The huge shift to platforms like Zoom during the COVID-19 pandemic makes platforms like Zoom attractive targets for many different types of intelligence agencies, not just China,” he said. “Fortunately, the company has (so far) hit all the right notes in responding to this new wave of scrutiny from security researchers, and have committed themselves to make improvements in their app.”

Zoom’s blog post gets points for transparency. But the company is still facing pressure from New York’s attorney general and from two class-action lawsuits. Just today, several lawmakers demanded to know what it’s doing to protect users’ privacy.

Will Zoom’s mea culpas be enough?

Before suing NSO Group, Facebook allegedly sought their software to better spy on users

Facebook’s WhatsApp is in the midst of a lawsuit against Israeli mobile surveillance outfit NSO Group. But before complaining about the company’s methods, Facebook seems to have wanted to use them for its own purposes, according to testimony from NSO founder Shalev Hulio.

Last year brought news of an exploit that could be used to install one of NSO’s spyware packages, Pegasus, on devices using WhatsApp. The latter sued the former over it, saying that over a hundred human rights activists, journalists and others were targeted using the method.

Last year also saw Facebook finally shut down Onavo, the VPN app it purchased in 2013 and developed into a backdoor method of collecting all manner of data about its users — but not as much as they’d have liked, according to Hulio. In a document filed with the court yesterday he states that Facebook in 2017 asked NSO Group for help collecting data on iOS devices resistant to the usual tricks:

In October 2017, NSO was approached by two Facebook representatives who asked to purchase the right to use certain capabilities of Pegasus, the same NSO software discussed in Plaintiffs’ Complaint.

The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices. The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users. Facebook proposed to pay NSO a monthly fee for each Onavo Protect user.

NSO declined, as it claims to only provide its software to governments for law enforcement purposes. But there is a certain irony to Facebook wanting to employ against its users the very software it would later decry being employed against its users. (WhatsApp maintains some independence from its parent company, but these events come well after the purchase by and organizational integration into Facebook.)

A Facebook representative did not dispute that representatives from the company approached NSO Group at the time, but said the testimony was an attempt to “distract from the facts” and contained “inaccurate representations about both their spyware and a discussion with people who work at Facebook.” We can presumably expect a fuller rebuttal in the company’s own filings soon.

Facebook and WhatsApp are, quite correctly, concerned that effective, secret intrusion methods like those developed and sold by NSO Group are dangerous in the wrong hands — as demonstrated by the targeting of activists and journalists, and potentially even Jeff Bezos. But however reasonable Facebook’s concerns are, the company’s status as the world’s most notorious collector and peddler of private information makes its righteous stance hard to take seriously.

As tech layoffs surge, some support emerges for those without a job

The massive surge of COVID-19-related layoffs has put tech in a unique position. While the startup world is facing layoffs itself, it is also trying to help get people back to work.

Back at the end of 2019, the SoftBank-backed belt-tightening period led to a flurry of crowdsourced spreadsheets with employee names from companies like Oyo, WeWork, Zume and more. The spreadsheets popped up as a bet on the network effect, with the ultimate goal of hoping the sheets land in the hands of a recruiter looking to hire one of hundreds laid off. Now, as COVID-19 cripples the economy, layoffs have surged dramatically past that one period.

On one end, we’ve reported on numbers of tech companies cutting staff, from Oyo, to ZipRecruiter, to TripActions. But on the other, brighter end, we’ve also seen the rise of platforms to connect those laid off and pledges from employers to not fire any employees during this trying time.

In a world where people are laid off on Zoom, tech’s efforts to give community, and a course of action, to those laid off is undeniably important.

So many start-ups have done or are planning layoffs that at this point it would be easier to list the ones that *haven't* cut staff.

So here are some places trying to help laid off employees:

— erin griffith (@eringriffith) April 2, 2020

The current climate of the pandemic, and the massive unemployment that has resulted, means that a spreadsheet with a long list of employee names and unverified contact information doesn’t cut it.

Shannon Anderson, the director of talent at Madrona Venture Group in Seattle, saw her firm’s portfolio companies struggling with layoffs and the changing economy. Two of the  portfolio companies, Textio and Rover, laid off staff, along with a number of other companies.

“We wanted to anticipate a reduction in force across the ecosystem,” said Anderson. “It’s a global problem.”

So, to help boost the network of those laid off, Anderson reached out to a number of HR leaders, including Chris Brownridge, the founder of Silver Lining, a job platform for those who have been laid off. He started Silver Lining after he shut down his startup last summer and had to lay off his staff of 20.

“I felt the pain [of layoffs] from the employer side, and it is painful for the employer, especially when you care about [your workers],” he said back in January. “I don’t want to keep seeing spreadsheets thrown around; I think that is not the right answer. We need a standardized way to deal with it, with a community behind it.”

Silver Lining is a platform that lets candidates submit profiles for recruiters from top companies to review. Job seekers on the site range from architects, UX designers, engineers, community managers and more.

Then COVID-19 spread across the world, forcing people to stay home and spend less. The economy’s downturn unevenly impacted companies around the world: where layoffs exist for the travel sector, usage surges exist for the remote work companies. But as a whole, the labor force is struggling, with 6.6 million Americans filing for unemployment just last week alone.

Madrona said it is donating a portion of its budget to help Silver Lining offer more services to those laid off. The firm declined to share the total amount of the donation.

Silver Lining will also now offer coaching, resume writing and emotional support to folks on the platform, Brownridge says. Thanks to donations from Madrona, Skytap, Bandwidth, Voodle, Female Founders Alliance and more, the site is free to use.

The uptick in layoffs has led Boston-based Drafted, a referral startup, to launch a product called the Layoff Network to help those who have been laid off. The startup previously was sending out a newsletter, Layoff List, of weekly list of layoffs with spreadsheets hyperlinked. During the SoftBank layoffs, Olivia Clark, the creator of the newsletter, noticed a surge in traffic — more than 1,000 recruiters subscribed.

Now she says traffic is “up 2,000%” and, in just two weeks, Drafted’s engineering team has productized that newsletter into a job search network.

The Layoff Network connects with recruiters people who have been recommended by their colleagues and “endorsed” for their skills. If you’re laid off, you can sign up and create a profile and ask a previous employer or colleague to recommend you. Clark says this is similar to LinkedIn’s “endorse” feature to make sure the people are credible.

Once the person has been endorsed, they will be added to a talent feed. That is where recruiters can search for nominees, job titles, companies or locations. Unlike a spreadsheet, this is clearly easier to navigate and adds another layer of human touch.

Clark says that the platform will be free for individuals who have been laid off, and who are recruiting or hiring. Drafted has a paid enterprise level that is for organizations that are conducting mass layoffs and want to provide support for former employees.

 

The grassroots efforts are vast and diverse. Here’s a list that posts companies that are actively hiring. Here’s a list for Canadian tech workers, and one for Colorado’s tech scene. And here’s a live tracker of startups that have issued layoffs, started by the team over at Human Interest, a startup that has nothing to do with layoffs.

Megan Murphy, who created Chicago Superstars for those laid off from the Chicago tech scene, has not received donations or support yet. As the number of unemployed people increases, Murphy says she’s noticing a lack of clarity on which companies are hiring, and which job postings are still active. If a company was hiring for a position in January, it might not be anymore (to help keep costs down).

“I can’t waste time crafting cover letters and custom resumes for jobs that won’t actually move forward,” she said. “There are tons of crowdsourced tools trying to flag who’s actually hiring still, while others are trying to flag who’s instituted a hiring freeze or laid people off, and in the meantime, company career pages aren’t up to date. We need one source of truth — and right now nobody’s really set up to do that.”

1575 Remote Jobs From 100+ Companies Hiring Remotely: https://t.co/pMk38QwvDX

— Brianne Kimmel (@briannekimmel) March 24, 2020

For now, Murphy says she’s getting creative in her own search, and asking for others to do the same. “Virtual communities and experiences are about to be more important than ever.” She notes guerrilla Slack channels and Reddit as an example of organic communication.

As for how she’s able to keep up with the demand of people needing help for their next job? Murphy, who is looking for a job herself after getting laid off, says she has fewer interviews from potential employers, so she’s been able to help those reaching out.

The work done by these entrepreneurs scratches at the same hope that lies within the hundreds of lines of contact information within a crowdsourced layoff spreadsheet: a need for a community in a trying time. And these days, more than most, remind us of the power of having a group of people together in the first place.

Zelos is like a cross-game battle pass, rewarding you for completing challenges in games you already play

People seem to love the concept of the battle pass.

Largely popularized by Fortnite, battle passes reward players for playing well, and playing often. The better you do, the more XP you earn; the more XP you earn, the more stuff (new looks for your character, or victory dances to fire off at the end of a gunfight) you unlock. Willing to cough up a few bucks for an optional “premium” battle pass? That’ll open up a whole new set of rewards. The model has made its way into countless games over the last couple of years, from PUBG to Rocket League.

Zelos, an LA-based company out of Y Combinator’s Winter 2020 batch, is aiming to make that same concept work across multiple games. Tackle challenges in one game, earn rewards for another — or use your points to buy new games altogether.

Each day, Zelos offers up a handful of challenges across each of the games it supports, like dealing 10,000 damage in League of Legends or getting five kills with Wraith in Apex. Completing a challenge earns you “zips”; most challenges I’ve seen will earn the player somewhere between 15 and 150 zips, depending on how tough it is to pull off.

Once you’ve pooled up a pile of zips, they can be redeemed for all sorts of virtual goodies. The more something would cost otherwise, the more zips it’ll require. For example, 60,000 zips gets you a $5 Steam gift card — or 90,000 zips for $10 worth of Apex Coins. Once you get into the 50,000-200,000 zip range, you can redeem them for digital download codes for games like Rainbow Six Siege, Monster Hunter: World and Tabletop Simulator. Getting the good stuff can mean completing a lot of challenges, but remember: these are games people are playing anyway.

In addition to zips, each challenge earns the player a bit of EXP. EXP levels up your Zelos profile; with each level, you unlock a bundle of zips, additional challenges and items for your Zelos avatar.

Zelos is currently issuing challenges and tracking stats across seven games: Fortnite, Apex, League of Legends, Teamfight Tactics, DOTA 2, Counter Strike: GO and Clash Royale. Stat tracking works a bit better in some games than it does in others, depending on how open a game’s developers are with the data. With League of Legends, for example, they’re able to ping Riot Games’ dedicated API for a rich backlog of match data; with Apex, on the other hand, they’re limited to pulling stats based on a handful of unlockable trackers players can flip on between matches.

Zelos co-founder Jeffrey Tong tells me they’re focused on ensuring they stay above board with the data they pull, making sure they comply with each provider’s ToS. That makes sense, of course: Getting on a developer’s bad side could mean losing access to the data firehouse, in turn squashing Zelos’ ability to support a game. The more popular games Zelos can support, the better the whole idea works.

So if they’re giving stuff away based on challenges in games they themselves aren’t selling… how will they make money? The same way the aforementioned games do: a premium battle pass. Tong tells me that they’re currently testing a subscription-based battle pass that’ll unlock new challenges, award more prizes and increase the rate at which points are earned.

This isn’t Tong’s first foray into the gaming space; he previously built and sold OverStats, an analytics system for tracking a player’s esports stats over time. Co-founder Derek Chiang, meanwhile, was previously a senior software engineer at the decentralized computing company Dfinity.

Tong tells me they raised $2.8 million in the days after YC demo day, eyeing expansion of the platform, supported games and their team. The Zelos team is currently three people, with plans to hire another “six or seven” in the coming weeks. They’re currently seeing more than 50,000 weekly active users, with 55% of their users playing two or more games on the platform.

ZmURL customizes Zoom link previews with images & event sites

Sick of sharing those generic Zoom video call invites that all look the same? Wish your Zoom link preview’s headline and image actually described your meeting? Want to protect your Zoom calls from trolls by making attendees RSVP to get your link? ZmURL.com has you covered.

Launching today, ZmURL is a free tool that lets you customize your Zoom video call invite URL with a title, explanation and image that will show up when you share the link on Twitter, Facebook or elsewhere. ZmURL also lets you require that attendees RSVP by entering their email address so you can decide who to approve and provide with the actual entry link. That could stop Zoombombers from harassing your call with offensive screenshared imagery, profanity or worse.

“We built zmurl.com to make it easier for people to stay physically distant but socially close,” co-founder Victor Pontis tells me. “We’re hoping to give event organizers the tools to preserve in-person communities while we are all under quarantine.”

Zoom wasn’t built for open public discussions. But with people trapped inside by coronavirus, its daily user count has spiked from 10 million to 200 million. That’s led to new use cases, from cocktail parties to roundtable discussions to AA meetings to school classes.

That’s unfortunately spawned new problems, like “Zoombombing,” a term I coined two weeks ago to describe malicious actors tracking down public Zoom calls and bombarding them with abuse. Since then, the FBI has issued a warning about Zoombombing, The New York Times has written multiple articles about the issue and Zoom’s CEO Eric Yuan has apologized.

Yet Zoom has been slow to adapt it features as it struggles not to buckle under its sudden scale. While it has turned on waiting rooms and host-only screensharing by default for usage in schools, most people are still vulnerable due to Zoom’s permissive settings and reused URLs that were designed for only trusted enterprise meetings. Only today did Zoom concede to shifting the balance further from convenience to safety, turning on waiting rooms by default and requiring passwords for entry by Meeting ID.

Meanwhile, social networks have become a sea of indistinguishable Zoom links that all show the same blue and white logo in the preview, with no information on what the call is about. That makes it a lot tougher to promote calls, which many musicians, fitness instructors and event producers are relying on to drive donations or payments while their work is disrupted by quarantines.

ZmURL’s founders during their only in-person meeting ever

Luckily, Pontis and his co-founder Danqing Liu are here to help with ZmURL. The two software engineers fittingly met over Zoom a year ago and have only met once in person. Pontis, now in San Francisco, had started bike and scooter rental software companies Spring and Scooter Map. Liu, from Beijing but now holed up in New York, had spent five years at Google, Uber and PlanGrid before selling his machine learning tool TinyMind.

The idea for ZmURL stemmed from Liu missing multiple Zoom events he’d wanted to attend. Then a friend of Pontis’ was laid off from their yoga instructor job, and they and their colleagues were scrambling to market and earn money from hosting their own classes over Zoom. The duo quickly built a beta, with zero money raised, and tested it with some yoga gurus who found it simplified promoting events and gathering RSVPs. “We’re all going through a tough time right now. We see ZmURL as our opportunity to help,” Pontis tells me.

To use the tool, you generate a generic meeting link from Zoom like zoom.us/ji/1231231232 and then punch it into ZmURL. You can upload an image or choose from stock photos and color gradients. Then you name your event, give it a description and set the time and date. You’ll get a shorter URL like https://zmurl.com/smy5m or you can give it a custom one like zmurl.com/quidditch.

When you share that URL, it’ll show your image, headline and description in the link preview on chat apps, social networks and more. Attendees who click will be shown a nicely rendered event page with the link to enter the Zoom call and the option to add it to their calendar. You can try it out here, zmurl.com/aloha, as the startup is hosting a happy hour today at 6pm Pacific.

Optionally, you can set your ZmURL calls to require an RSVP. In that case, people who click your link have to submit their email address. The host can then sift through the RSVPs and choose who to email back the link to join the call. If you see an RSVP from someone you don’t recognize, just ignore it to keep Zoombombers from slipping inside.

Surprisingly, there doesn’t seem to be any other tools for customizing Zoom call links. Zoom paid enterprise customers can only set up a image and logo-equipped landing page for their whole company’s Zoom account, not for specific calls. For now, ZmURL is completely free. But the co-founders are building out an option for hosting paid events that collect entry fees on the RSVP site while ZmURL takes a 5% cut.

Next, ZmURL wants to add the ability to link your Zoom account to its site so you can spawn call links without leaving. It’s also building out always-on call rooms, recurring events, organizer home pages for promoting all their calls, an option to add events to a public directory, email marketing tools and integrations with other video call platforms like Hangouts, Skype and FaceTime.

Pontis says the biggest challenge will be learning to translate more of the magic and business potential off offline events into the world of video calling. There’s also the risk that Zoom will try to intercede and force ZmURL to desist. But it shouldn’t, at least until Zoom builds all these features itself. Or it should just acquire ZmURL.

We’re dealing with an unprecedented behavior shift due to shelter-in-place orders that threaten to cripple the world economy and drive many of us crazy. Whether for fostering human connection or keeping event businesses afloat, Zoom has become a critical utility. It should accept all the help it can get.

Google research makes for an effortless robotic dog trot

As capable as robots are, the original animals after which they tend to be designed are always much, much better. That’s partly because it’s difficult to learn how to walk like a dog directly from a dog — but this research from Google’s AI labs make it considerably easier.

The goal of this research, a collaboration with UC Berkeley, was to find a way to efficiently and automatically transfer “agile behaviors” like a light-footed trot or spin from their source (a good dog) to a quadrupedal robot. This sort of thing has been done before, but as the researchers’ blog post points out, the established training process can often “require a great deal of expert insight, and often involves a lengthy reward tuning process for each desired skill.”

That doesn’t scale well, naturally, but that manual tuning is necessary to make sure the animal’s movements are approximated well by the robot. Even a very doglike robot isn’t actually a dog, and the way a dog moves may not be exactly the way the robot should, leading the latter to fall down, lock up or otherwise fail.

The Google AI project addresses this by adding a bit of controlled chaos to the normal order of things. Ordinarily, the dog’s motions would be captured and key points like feet and joints would be carefully tracked. These points would be approximated to the robot’s in a digital simulation, where a virtual version of the robot attempts to imitate the motions of the dog with its own, learning as it goes.

So far, so good, but the real problem comes when you try to use the results of that simulation to control an actual robot. The real world isn’t a 2D plane with idealized friction rules and all that. Unfortunately, that means that uncorrected simulation-based gaits tend to walk a robot right into the ground.

To prevent this, the researchers introduced an element of randomness to the physical parameters used in the simulation, making the virtual robot weigh more, or have weaker motors, or experience greater friction with the ground. This made the machine learning model describing how to walk have to account for all kinds of small variances and the complications they create down the line — and how to counteract them.

Learning to accommodate for that randomness made the learned walking method far more robust in the real world, leading to a passable imitation of the target dog walk, and even more complicated moves like turns and spins, without any manual intervention and only a little extra virtual training.

Naturally manual tweaking could still be added to the mix if desired, but as it stands this is a large improvement over what could previously be done totally automatically.

In another research project described in the same post, another set of researchers describe a robot teaching itself to walk on its own, but imbued with the intelligence to avoid walking outside its designated area and to pick itself up when it falls. With those basic skills baked in, the robot was able to amble around its training area continuously with no human intervention, learning quite respectable locomotion skills.

The paper on learning agile behaviors from animals can be read here, while the one on robots learning to walk on their own (a collaboration with Berkeley and the Georgia Institute of Technology) is here.

Want to survive the downturn? Better build a platform

When you look at the most successful companies in the world, they are almost never just one simple service. Instead, they offer a platform with a range of services and an ability to connect to it to allow external partners and developers to extend the base functionality that the company provides.

Aspiring to be a platform and actually succeeding at building one are not the same. While every startup probably sees themselves as becoming a platform play eventually, the fact is it’s hard to build one. But if you can succeed and your set of services become an integral part of a given business workflow, your company could become bigger and more successful than even the most optimistic founder ever imagined.

Look at the biggest tech companies in the world, from Microsoft to Oracle to Facebook to Google and Amazon. All of them offer a rich complex platform of services. All of them provide a way for third parties to plug in and take advantage of them in some way, even if it’s by using the company’s sheer popularity to advertise.

Michael A. Cusumano, David B. Yoffie and Annabelle Gawer, who wrote the book The Business of Platforms, wrote an article recently in MIT Sloan Review on The Future of Platforms, saying that simply becoming a platform doesn’t guarantee success for a startup.

“Because, like all companies, platforms must ultimately perform better than their competitors. In addition, to survive long-term, platforms must also be politically and socially viable, or they risk being crushed by government regulation or social opposition, as well as potentially massive debt obligations,” they wrote.

In other words, it’s not cheap or easy to build a successful platform, but the rewards are vast. As Cusumano, Yoffie and Gawer point out their studies have found, “…Platform companies achieved their sales with half the number of employees [of successful non-platform companies]. Moreover, platform companies were twice as profitable, were growing twice as fast, and were more than twice as valuable as their conventional counterparts.”

From an enterprise perspective, look at a company like Salesforce . The company learned long ago that it couldn’t possibly build every permutation of customer requirements with a relatively small team of engineers (especially early on), so it started to build hooks into the platform it had built to allow customers and consultants to customize it to meet the needs of individual organizations.

Eventually Salesforce built APIs, then it built a whole set of development tools, and built a marketplace to share these add-ons. Some startups like FinancialForce, Vlocity and Veeva have built whole companies on top of Salesforce.

Rory O’Driscoll, a partner at Scale Venture Partners, speaking at a venture capitalist panel at BoxWorks in 2014, said that many startups aspire to be platforms, but it’s harder than it looks. “You don’t make a platform. Third-party developers only engage when you achieve a critical mass of users. You have to do something else and then become a platform. You don’t come fully formed as a platform,” he said at the time.

If you’re thinking, how you could possibly start a company like that in the middle of a massive economic crisis, consider that Microsoft launched in 1975 in the middle of recession. Google and Salesforce both launched in the late 1990s, just ahead of the dot-com crash, and Facebook launched in 2004, four years before the massive downturn in 2008. All went on to become tremendously successful companies

That success often requires massive spending and sales and marketing burn, but when it works, the rewards are enormous. Just don’t expect that it’s an easy path to success.

Pandemic puts the brakes on micromobility

As of this writing, nearly a million people globally have been infected with the novel coronavirus and 50,322 have died. Healthcare systems are overwhelmed, consumers and profiteers are hoarding supplies and some service workers have launched strikes while many others have been let go. In the world of micromobility, we’ve seen Bird lay off hundreds of employees and Lime is reportedly gearing up for layoffs of its own.

Ride Report creates software that enables cities to better work with micromobility operators and has a bird’s-eye view on the industry. In a conversation with TechCrunch, CEO William Henderson outlined some of the trends that have emerged and what we can expect for micromobility operators amid the pandemic — and once it’s over.

“All of this came at a really hard time for micromobility,” he tells TechCrunch. “It couldn’t really have occurred at a worse time in some ways.”

That’s because there was already a lot of pressure on startups in the space to reach profitability on an accelerated timeline, Henderson says. While winter is notoriously known as a rough time, the environment in this pandemic is “micromobility winter on steroids.”

Over the last month, companies have paused operations in cities and started laying off people. Operators Bird and Lime, for example, paused operations across the board last month.

Zoom will enable waiting rooms by default to stop Zoombombing

Zoom is making some drastic changes to prevent rampant abuse as trolls attack publicly shared video calls. Starting April 5th, it will require passwords to enter calls via Meeting ID, as these may be guessed or reused. Meanwhile, it will change virtual waiting rooms to be on by default so hosts have to manually admit attendees.

The changes could prevent “Zoombombing,” a term I coined two weeks ago to describe malicious actors entering Zoom calls and disrupting them by screensharing offensive imagery. New Zoombombing tactics have since emerged, like spamming the chat thread with terrible GIFs, using virtual backgrounds to spread hateful messages or just screaming profanities and slurs. Anonymous forums have now become breeding grounds for organized trolling efforts to raid calls.

Just imagine the most frightened look on all these people’s faces. That’s what happened when Zoombombers attacked the call.

The FBI has issued a warning about the Zoombombing problem after children’s online classes, Alcoholics Anonymous meetings and private business calls were invaded by trolls. Security researchers have revealed many ways that attackers can infiltrate a call.

The problems stem from Zoom being designed for trusted enterprise use cases rather than cocktail hours, yoga classes, roundtable discussions and classes. But with Zoom struggling to scale its infrastructure as its daily user count has shot up from 10 million to 200 million over the past month due to coronavirus shelter-in-place orders, it’s found itself caught off guard.

Zoom CEO Eric Yuan apologized for the security failures this week and vowed changes. But at the time, the company merely said it would default to making screensharing host-only and keeping waiting rooms on for its K-12 education users. Clearly it determined that wasn’t sufficient, so now waiting rooms are on by default for everyone.

Zoom communicated the changes to users via an email sent this afternoon that explains “we’ve chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy.”

The company also explained that “For meetings scheduled moving forward, the meeting password can be found in the invitation. For instant meetings, the password will be displayed in the Zoom client. The password can also be found in the meeting join URL.” Some other precautions users can take include disabling file transfer, screensharing or rejoining by removed attendees.

NEW YORK, NY – APRIL 18: Zoom founder Eric Yuan reacts at the Nasdaq opening bell ceremony on April 18, 2019 in New York City. The video-conferencing software company announced it’s IPO priced at $36 per share, at an estimated value of $9.2 billion. (Photo by Kena Betancur/Getty Images)

The shift could cause some hassle for users. Hosts will be distracted by having to approve attendees out of the waiting room while they’re trying to lead calls. Zoom recommends users resend invites with passwords attached for Meeting ID-based calls scheduled for after April 5th. Scrambling to find passwords could make people late to calls.

But that’s a reasonable price to pay to keep people from being scarred by Zoombombing attacks. The rash of trolling threatened to sour many people’s early experiences with the video chat platform just as it’s been having its breakout moment. A single call marred by disturbing pornography can leave a stronger impression than 100 peaceful ones with friends and colleagues. The old settings made sense when it was merely an enterprise product, but it needed to embrace its own change of identity as it becomes a fundamental utility for everyone.

Technologists will need to grow better at anticipating worst-case scenarios as their products go mainstream and are adapted to new use cases. Assuming everyone will have the best intentions ignores the reality of human nature. There’s always someone looking to generate a profit, score power or cause chaos from even the smallest opportunity. Building development teams that include skeptics and realists, rather than just visionary idealists, could keep ensure products get safeguarded from abuse before rather than after a scandal occurs.

Stocks drop as unemployment spikes

Stocks fell in regular trading Friday, as all major American indices fell in the wake of a broadly negative jobs report. With more than 700,000 jobs lost in the March data, unemployment in the United States rose from 3.5% to 4.4%.

The markets have been bracing for widespread job losses due to the continued fallout from COVID-19, the disease caused by coronavirus that has prompted local, county and state officials throughout the U.S. and Europe to issue stay-at-home orders. Those directives have forced bars, restaurants, gyms and other non-essentials businesses to close.

While the market had expected a wave of job losses, stocks fell as those figures surpassed expectations. Selloffs were further spurred by this troubling recognition: Friday’s figures only account for unemployment-insurance claims individuals filed in the first two weeks of March, before most of the COVID-related layoffs began.

This was unlike Thursday, when negative data led to market gains.

Here are the day’s raw results:

  • Dow Jones Industrial Average: down 1.67%, or 357.99 points, to close at 21,055.45
  • S&P 500: fell 1.52%, or 38.34 points, to close at 2,488.56
  • Nasdaq composite: declined 1.53%, or 114.23 points, to close at 7,373.08

Shares of SaaS and cloud companies tracked by the Bessemer cloud index fell as well, while cryptocurrencies were roughly flat in the 24-hour period ending with the close of equity trading.

There were standouts, however. Shares of Tesla held onto some of their after-hours gains recorded yesterday, closing the day up 5.62% to close at $408.01 as the company continued to ride its positive report that it had delivered more vehicles than expected. Bill.com, a recent SaaS IPO, managed gains as well, closing the day up 2.71%. It was somewhat hard to find exceptions to the selloff; most companies lost ground in the face of worse-than-expected economic data.

Every sector saw downward pressure Friday, with the exception of energy and consumer products, which saw a bit of a lift. Oil futures had one of its best days on record, after Russian President Vladimir Putin said global cuts of around 10 million barrels a day are possible.

Airlines were also hit Friday after the U.S. Department of Transportation ordered the industry to provide refunds on any flights that companies had canceled. While airline stocks recovered, they all closed in negative territory. United Airlines fell 2.28% to close at $22.88, American Airlines declined 6.8% to $9.38 and Delta Airlines dropped 0.88% to $22.48.

The pandemic is already reshaping tech’s misinformation crisis

Since 2016, social media companies have faced an endless barrage of bad press and public criticism for failing to anticipate how their platforms could be used for dark purposes at the scale of populations — undermining democracies around the world, say, or sowing social division and even fueling genocide.

As COVID-19 plunges the world into chaos and social isolation, those same companies may face a respite from focused criticism, particularly with the industry leveraging its extraordinary resources to pitch in with COVID-19 relief efforts as the world looks to tech upstarts, adept at cutting through red tape and fast-forwarding scientific progress in normal times, while government bureaucracies lag. But the same old problems are rearing their ugly heads just the same, even if less of us are paying attention.

On YouTube, a new report from The Guardian and watchdog group Tech Transparency Project found that a batch of videos promoting fake coronavirus cures are making the company ad dollars. The videos, which promoted unscientific methods including “home remedies, meditative music, and potentially unsafe levels of over-the-counter supplements like vitamin C” as potential treatments for the virus, ran ads from unwitting advertisers including Liberty Mutual, Quibi, Trump’s 2020 reelection campaign and Facebook. In Facebook’s case, a banner ad for the company ran on a video suggesting music that promotes “cognitive positivity by using subtle yet powerful theta waves” could ward off the virus.

In the early days of the pandemic, YouTube prohibited ads on any videos related to the coronavirus. In mid-March, as the real scope of the event became clear, the company walked that policy back, allowing some channels to run ads. On Thursday, the company expanded that policy to allow ads for any videos that adhere to the company’s guidelines. One of the major tenets in those guidelines forbids the promotion of medical misinformation, including “promotion of dangerous remedies or cures.” Most of the videos in the new report were removed after being flagged by a journalist.

This example, and the many others like it, calls into question how to judge major tech platforms during these exceedingly strange times. Social media companies have been uncharacteristically transparent about the shifts the pandemic is creating within their own workflows. On a call in March, Facebook founder Mark Zuckerberg admitted that, with its army of 15,000 contract moderators sent home on paid leave, users can expect more “false positives” as the company shifts to rely more heavily on artificial intelligence to filter what belongs on the platform and what does not. The work of sorting through a platform’s most unsavory content — child pornography, extreme violence, hate speech and the like — is not particularly portable, given its potential psychological and legal ramifications.

YouTube similarly warned that it will “temporarily start relying more on technology” to fill in for human reviewers, warning that the automated processes will likely mean more video removals, “including some videos that may not violate policies.” Twitter noted the same new reliance on machine learning “to take a wide range of actions on potentially abusive and manipulative content,” though the company will offer an appeals process that loops in a human reviewer. Companies offered fewer warnings about what might fall through the cracks in the interim.

What will become of moderation once things return to normal, or, more likely, settle on a new normal? Will artificial intelligence have mastered the task, obviating the need for human reviewers once and for all? (Unlikely.) Will social media companies have a fresh appreciation for the value of human efforts and bring more of those jobs in-house, where they can perform their bleak work with more of the sunny perks afforded to their full-time counterparts? Like most things examined through the nightmarish haze of the pandemic, the outcomes are hazy at best.

If the approach to holding platforms to account was already piecemeal, an uneven mix of investigative reporting, anecdotal tweets and official corporate post-mortems, the truth will be even more difficult to get at now, even as the coronavirus pandemic provides countless new deadly opportunities for price-gougers and myriad bad actors to create chaos within chaos.

We’ve seen deadly consequences already in Iran, where hundreds died after drinking industrial alcohol — an idea they got “in messages forwarded and forwarded again” amplifying a tabloid story that suggested the act could protect them from the virus. Most consequences will likely go unnoticed beyond the lives they impact and unreported due to tightened newsroom resources and perhaps even more constricted attention spans.

Much has been written about the coronavirus and the fog of war, most of it rightly focused on scientific research pressing on as the virus threatens the globe and the devastating on-the-ground reality in hospitals and health facilities overwhelmed with COVID-19 patients while life-saving supplies dwindle. But the crisis of viral misinformation — and deliberately sown disinformation — is its own fog, now intermixing with an unprecedented global crisis that has entirely upended business and relentlessly dominated the news cycle. This as the world’s foremost power heads into a completely upended presidential election cycle — its first since four years ago, when an unexpected election outcome coupled with deep U.S.-centrism in tech circles revealed nefarious forces at play just under the surface of the social networks we hadn’t thought all that much about.

In the present, it will be difficult for outsiders to determine where new systems implemented during the pandemic have failed and what bad outcomes would have happened anyway. To sort those causes out, we’ll have to take a company’s word for it, a risky kind of credulity that already offered mixed results in normal times. Even as we rely on them now more than ever to forge and nurture connections, the virtual portals we immerse ourselves in daily remain black boxes, inscrutable as ever. And as with so many aspects of life in these norm-shattering times, the only thing to expect is change.