Ken Cuccinelli, the acting director of US Citizenship and Immigration Services, thinks the poem on the Statue of Liberty could use a rewrite. Yes, really.

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how Netflix might have some rough times ahead as Disney barrels towards it.

---

The big story

There is plenty to be said about the potential of smart glasses. I write about them at length for TechCrunch and I’ve talked to a lot of founders doing cool stuff. That being said, I don’t have any idea what Snap is doing with the introduction of a third-generation of its Spectacles video sunglasses.

The first-gen were a marketing smash hit, their sales proved to be a major failure for the company which bet big and seemingly walked away with a landfill’s worth of the glasses.

Snap’s latest version of Spectacles were announced in Vogue this week, they are much more expensive at $380 and their main feature is that they have two cameras which capture images in light depth which can lead to these cute little 3D boomerangs. On one hand, it’s nice to see the company showing perseverance with a tough market, on the other it’s kind of funny to see them push the same rock up the hill again.

Snap is having an awesome 2019 after a laughably bad 2018, the stock has recovered from record lows and is trading in its IPO price wheelhouse. It seems like they’re ripe for something new and exciting, not beautiful yet iterative.

The $150 Spectacles 2 are still for sale, though they seem quite a bit dated-looking at this point. Spectacles 3 seem to be geared entirely towards women, and I’m sure they made that call after seeing the active users of previous generations, but given the write-down they took on the first-generation, something tells me that Snap’s continued experimentation here is borne out of some stubbornness form Spiegel and the higher-ups who want the Snap brand to live in a high fashion world and want to be at the forefront of an AR industry that seems to have already moved onto different things.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

• WordPress buys Tumblr for chump change
  Tumblr, a game-changing blogging network that shifted online habits and exited for $1.1 billion just changed hands after Verizon (which owns TechCrunch) unloaded the property for a reported $3 million. Read more about this nightmarish deal here.
• Trump gives American hardware a holiday season pass on tariffs 
  The ongoing trade war with China generally seems to be rough news for American companies deeply intertwined with the manufacturing centers there, but Trump is giving U.S. companies a Christmas reprieve from the tariffs, allowing certain types of hardware to be exempt from the recent rate increases through December. Read more here.
• Facebook loses one last acquisition co-founder
  This week, the final remnant of Facebook’s major acquisitions left the company. Oculus co-founder Nate Mitchell announced he was leaving. Now, Instagram, WhatsApp and Oculus are all helmed by Facebook leadership and not a single co-founder from the three companies remains onboard. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

1. Facebook’s turn in audio transcription debacle:
   [Facebook transcribed users’ audio messages without permission]
2. Google’s hate speech detection algorithms get critiqued:
   [Racial bias observed in hate speech detection algorithm from Google]
3. Amazon has a little email mishap:
   [Amazon customers say they received emails for other people’s orders]

Our premium subscription service had another week of interesting deep dives. My colleague Danny Crichton wrote about the “tech” conundrum that is WeWork and the questions that are still unanswered after the company filed documents this week to go public.

WeWork’s S-1 misses these three key points

…How is margin changing at its older locations? How is margin changing as it opens up in places like India, with very different costs and revenues? How do those margins change over time as a property matures? WeWork spills serious amounts of ink saying that these numbers do get better … without seemingly being willing to actually offer up the numbers themselves…

Here are some of our other top reads this week for premium subscribers. This week, we published a major deep dive into the world’s next music unicorn and we dug deep into marketplace startups.

• How even the best marketplace startups get paralyzed
• How a Swedish saxophonist built Kobalt, the world’s next music unicorn

Sign up for more newsletters in your inbox (including this one) here.

Form is moving the swim watch from your wrist to your face. Our review of its fitness-tracking augmented reality goggles.

The ancient Greeks wondered when irrational numbers, like pi, can be represented with fractions. Two mathematicians now have a complete answer.

Coffee Haus makes coffee drinks 100 times an hour in its robotic kiosks. No humans required.

The stories might sound unbelievable, but they’re all real—and a cautionary tale for anyone who wants to get clever at the DMV.

The company updates its Rekognition suite with an algorithm that can tell if you’re afraid. Researchers say such emotion detectors don’t work very well.

NASA and SpaceX continue their joint preparations for the eventually astronaut crew missions that SpaceX will fly for the agency, with a test of the emergency evacuation procedure for SpaceX’s GO Searcher seaborne ship. The ship is intended to be used to recover spacecraft and astronauts in an actual mission scenario, and the rehearsals this week are a key part of ensuring mission readiness before an actual crewed SpaceX mission.

Photos from the dress rehearsal, which is the first coordinated end-to-end practice run involving the full NASA and SpaceX mission teams working in concert, saw NASA astronauts Doug Hurley and Bob Behnken don SpaceX’s fancy new crew suits and mimic a situation where they needed to be removed from the returned Crew Dragon spacecraft and taken to Cape Canaveral Air Force Station from the GO Searcher by helicopter.

By all accounts, this was a successful exercise and seems to have left parties on both sides happy with the results. Check out photos released by NASA of the dry run below.

SpaceX and NASA continue to work towards a goal of launching Crew Dragon’s first actual crewed flight this year, though they’ve encountered setbacks that make that potentially impossible, including the explosion of a Crew Dragon test vehicle during a static test fire in April.

Inside Voyage’s plan to deliver a driverless future

In the autonomous vehicle space, startups have taken radically different strategies to building our AV future. Some companies like Waymo have driven all across different types of environments in order to rack up the datasets that they believe will be needed to effectively maneuver without a human driver.

That’s the opposite strategy of Voyage, where CEO and founder Oliver Cameron and his team have focused on driving safety in the incredibly constrained context of two retirement communities.

Our transportation editor Kirsten Korosec talked with the company and analyzes their approach in a new profile for Extra Crunch, and also drops some news about a partnership the company has brewing with a major automotive manufacturer.

Cameron, who shies away from discussing timelines, describes the company as inching toward driverless service.

Its self-driving software has now reached maturation in the communities it is testing in, and Voyage is now focusing on validation, according to Cameron.

Voyage has developed a few systems that will help push it closer to a commercial driverless service while maintaining safety, such as a collision mitigation system that it calls Rango, an internal nickname inspired by the 2011 computer-animated Western action-comedy about a chameleon.

This collision mitigation system is designed to be extremely fast-reacting, like a reptile — hence the Rango name. Rango, which has an independent power source and compute system and uses a different approach to perception than the main self-driving system, is designed to react quickly. If needed, it will engage the full force of the brakes.

Startup ads are taking over the subway

Public transit is just swimming in startup ads. From complete Brex takeovers of the San Francisco Caltrain station to the sleep puzzles posted by Casper across the New York City subway, startups have been taking advantage of this unique out-of-home advertising space. What’s the full story though? Our reporter Anthony Ha takes a look at how the subway ad market came to be in the past few years, and what the future holds for other marketers.

Ikea’s smart home investments to date have been smart but scattered – now the Swedish home goods brand says it’s going to amp up its smart home bets with a brand new dedicated business unit.

The company’s smart home endeavors began in 2012, and focused on wireless charging and smart lighting. It’s iterated in both areas since, developing self-installed integrated wireless chargers for its furniture, as well as light/charger combos, and finally with a new partnership with Sonos that produced the Symfonisk line of wireless smart speakers.

Ikea also has its own ambitions in terms of being the hub for future smart home products, not only from a hardware perspective, but also via its Home smart app, which it rebranded from being more strictly focused on its Tradfri line of connected bulbs in June. During the Symfonisk launch, Ikea told me it has broader ambitions for the Home smart app as a central hub for connected home control for its customers.

“At IKEA we want to continue to offer products for a better life at home for the many people going forward. In order to do so we need to explore products and solutions beyond conventional home furnishing,” said Björn Block, Head of the new IKEA Home smart Business Unit at IKEA of Sweden, in a press release from the company.

Ikea also characterized this as its biggest new focus area in terms of the overall business and brand since it introduced its Children’s Ikea line.

The partnership between Sonos and Ikea that produced the Symfonisk line is a long-term one, and both companies told me to expect more products to come out of that team-up in future. But it sounds like Ikea intends to explore how smart home tech might touch all aspects of its business, so it’s fair to anticipate more partnerships and product categories to follow as a result of this new investment focus, too.

SoftBank has a plan to loan up to $20 billion to its employees, including CEO Masayoshi Son, for the purposes of having that capital re-invested in SoftBank’s own Vision venture fund, according to a new report from the Wall Street Journal. That’s a highly unusual move that could be risky in terms of how much exposure SoftBank Group has on the whole in terms of its startup bets, but the upside is that it can potentially fill out as much as a fifth of its newly announced second Vision Fund’s total target raise of $108 billion from a highly aligned investor pool.

SoftBank revealed its plans for its second Vision Fund last month, including $38 billion from SoftBank itself, as well as commitments from Apple, Microsoft and more. The company also took a similar approach to its original Vision Fund, WSJ reports, with stakes from employees provided with loans totalling $8 billion of that $100 billion commitment.

The potential pay-off is big, provided the fund has some solid winners that achieve liquidation events that provide big returns that employees can then use to pay off the original loans, walking away with profit. That’s definitely a risk, however, especially in the current global economic client. As WSJ notes, the Uber shares that Vision Fund I acquired are now worth less than what SoftBank originally paid for them according to sources, and SoftBank bet WeWork looks poised to be another company whose IPO might not make that much, if any, money for later stage investors.

NASA’s Parker probe is headed to the center of the solar system to figure out what drives the solar wind.

Apple’s next Apple Watch revision could include new materials for the case, including titanium and ceramic. That’s according to new assets pulled form the latest watchOS beta release, as uncovered by Brazilian site iHelp.br (via 9to5Mac). The new screens discovered in the beta show graphics used to pair the Apple Watch during setup, and list “Titanium Case” and “Ceramic Case” alongside model size identification info.

Apple has previously offered a ceramic Apple Watch, alongside its Series 2 and Series 3 models, with a premium price and white and black case options. The company hasn’t previously used titanium, but the lightweight, durable metal is popular among traditional watchmakers because it can really significantly reduce the heft of a watch case, while still providing a premium look and feel.

Last year’s Apple Watch Series 4 was the first significant change in body design for the wearable since its introduction in 2015, so it seems unlikely that Apple will change that this year again. The new physical design includes larger case sizes (40mm and 44mm, respectively, vs. 38mm and 42mm for previous generations), a thinner profile and a display with rounded corners and slimmer bezels.

Offering new materials is a way for Apple to deliver new hardware that is observably new on the outside, in addition to whatever processor and component improvements they make on the inside. Apple will likely also offer these alongside their stainless steel and aluminum models, should they actually be released this fall, and would probably charge a premium for these material options, too.

The Series 4 Apple Watch proved a serious improvement in terms of performance, and added features like the onboard ECG. Splashy new looks likely won’t be the extent of what Apple has planned for Series 5, however, especially since the company is revamping watchOS to be much more independent of the phone, which would benefit from more capable processors.

Privacy researchers in Europe believe they have the first proof that a long-theorised vulnerability in systems designed to protect privacy by aggregating and adding noise to data to mask individual identities is no longer just a theory.

The research has implications for the immediate field of differential privacy and beyond — raising wide-ranging questions about how privacy is regulated if anonymization only works until a determined attacker figures out how to reverse the method that’s being used to dynamically fuzz the data.

Current EU law doesn’t recognise anonymous data as personal data. Although it does treat pseudoanonymized data as personal data because of the risk of re-identification.

Yet a growing body of research suggests the risk of de-anonymization on high dimension data sets is persistent. Even — per this latest research — when a database system has been very carefully designed with privacy protection in mind.

It suggests the entire business of protecting privacy needs to get a whole lot more dynamic to respond to the risk of perpetually evolving attacks.

Academics from Imperial College London and Université Catholique de Louvain are behind the new research.

This week, at the 28th USENIX Security Symposium, they presented a paper detailing a new class of noise-exploitation attacks on a query-based database that uses aggregation and noise injection to dynamically mask personal data.

The product they were looking at is a database querying framework, called Diffix — jointly developed by a German startup called Aircloak and the Max Planck Institute for Software Systems.

On its website Aircloak bills the technology as “the first GDPR-grade anonymization” — aka Europe’s General Data Protection Regulation, which began being applied last year, raising the bar for privacy compliance by introducing a data protection regime that includes fines that can scale up to 4% of a data processor’s global annual turnover.

What Aircloak is essentially offering is to manage GDPR risk by providing anonymity as a commercial service — allowing queries to be run on a data-set that let analysts gain valuable insights without accessing the data itself. The promise being it’s privacy (and GDPR) ‘safe’ because it’s designed to mask individual identities by returning anonymized results.

The problem is personal data that’s re-identifiable isn’t anonymous data. And the researchers were able to craft attacks that undo Diffix’s dynamic anonymity.

“What we did here is we studied the system and we showed that actually there is a vulnerability that exists in their system that allows us to use their system and to send carefully created queries that allow us to extract — to exfiltrate — information from the data-set that the system is supposed to protect,” explains Imperial College’s Yves-Alexandre de Montjoye, one of five co-authors of the paper.

“Differential privacy really shows that every time you answer one of my questions you’re giving me information and at some point — to the extreme — if you keep answering every single one of my questions I will ask you so many questions that at some point I will have figured out every single thing that exists in the database because every time you give me a bit more information,” he says of the premise behind the attack. “Something didn’t feel right… It was a bit too good to be true. That’s where we started.”

The researchers chose to focus on Diffix as they were responding to a bug bounty attack challenge put out by Aircloak.

“We start from one query and then we do a variation of it and by studying the differences between the queries we know that some of the noise will disappear, some of the noise will not disappear and by studying noise that does not disappear basically we figure out the sensitive information,” he explains.

“What a lot of people will do is try to cancel out the noise and recover the piece of information. What we’re doing with this attack is we’re taking it the other way round and we’re studying the noise… and by studying the noise we manage to infer the information that the noise was meant to protect.

“So instead of removing the noise we study statistically the noise sent back that we receive when we send carefully crafted queries — that’s how we attack the system.”

A vulnerability exists because the dynamically injected noise is data-dependent. Meaning it remains linked to the underlying information — and the researchers were able to show that carefully crafted queries can be devised to cross-reference responses that enable an attacker to reveal information the noise is intended to protect.

Or, to put it another way, a well designed attack can accurately infer personal data from fuzzy (‘anonymized’) responses.

This despite the system in question being “quite good,” as de Montjoye puts it of Diffix. “It’s well designed — they really put a lot of thought into this and what they do is they add quite a bit of noise to every answer that they send back to you to prevent attacks”.

“It’s what’s supposed to be protecting the system but it does leak information because the noise depends on the data that they’re trying to protect. And that’s really the property that we use to attack the system.”

The researchers were able to demonstrate the attack working with very high accuracy across four real-world data-sets. “We tried US censor data, we tried credit card data, we tried location,” he says. “What we showed for different data-sets is that this attack works very well.

“What we showed is our attack identified 93% of the people in the data-set to be at risk. And I think more importantly the method actually is very high accuracy — between 93% and 97% accuracy on a binary variable. So if it’s a true or false we would guess correctly between 93-97% of the time.”

They were also able to optimise the attack method so they could exfiltrate information with a relatively low level of queries per user — up to 32.

“Our goal was how low can we get that number so it would not look like abnormal behaviour,” he says. “We managed to decrease it in some cases up to 32 queries — which is very very little compared to what an analyst would do.”

After disclosing the attack to Aircloak, de Montjoye says it has developed a patch — and is describing the vulnerability as very low risk — but he points out it has yet to publish details of the patch so it’s not been possible to independently assess its effectiveness. 

“It’s a bit unfortunate,” he adds. “Basically they acknowledge the vulnerability [but] they don’t say it’s an issue. On the website they classify it as low risk. It’s a bit disappointing on that front. I think they felt attacked and that was really not our goal.”

For the researchers the key takeaway from the work is that a change of mindset is needed around privacy protection akin to the shift the security industry underwent in moving from sitting behind a firewall waiting to be attacked to adopting a pro-active, adversarial approach that’s intended to out-smart hackers.

“As a community to really move to something closer to adversarial privacy,” he tells TechCrunch. “We need to start adopting the red team, blue team penetration testing that have become standard in security.

“At this point it’s unlikely that we’ll ever find like a perfect system so I think what we need to do is how do we find ways to see those vulnerabilities, patch those systems and really try to test those systems that are being deployed — and how do we ensure that those systems are truly secure?”

“What we take from this is really — it’s on the one hand we need the security, what can we learn from security including open systems, verification mechanism, we need a lot of pen testing that happens in security — how do we bring some of that to privacy?”

“If your system releases aggregated data and you added some noise this is not sufficient to make it anonymous and attacks probably exist,” he adds.

“This is much better than what people are doing when you take the dataset and you try to add noise directly to the data. You can see why intuitively it’s already much better.  But even these systems are still are likely to have vulnerabilities. So the question is how do we find a balance, what is the role of the regulator, how do we move forward, and really how do we really learn from the security community?

“We need more than some ad hoc solutions and only limiting queries. Again limiting queries would be what differential privacy would do — but then in a practical setting it’s quite difficult.

“The last bit — again in security — is defence in depth. It’s basically a layered approach — it’s like we know the system is not perfect so on top of this we will add other protection.”

The research raises questions about the role of data protection authorities too.

During Diffix’s development, Aircloak writes on its website that it worked with France’s DPA, the CNIL, and a private company that certifies data protection products and services — saying: “In both cases we were successful in so far as we received essentially the strongest endorsement that each organization offers.”

Although it also says that experience “convinced us that no certification organization or DPA is really in a position to assert with high confidence that Diffix, or for that matter any complex anonymization technology, is anonymous”, adding: “These organizations either don’t have the expertise, or they don’t have the time and resources to devote to the problem.”

The researchers’ noise exploitation attack demonstrates how even a level of regulatory “endorsement” can look problematic. Even well designed, complex privacy systems can contain vulnerabilities and cannot offer perfect protection. 

“It raises a tonne of questions,” says de Montjoye. “It is difficult. It fundamentally asks even the question of what is the role of the regulator here?

When you look at security my feeling is it’s kind of the regulator is setting standards and then really the role of the company is to ensure that you meet those standards. That’s kind of what happens in data breaches.

“At some point it’s really a question of — when something [bad] happens — whether or not this was sufficient or not as a [privacy] defence, what is the industry standard? It is a very difficult one.”

“Anonymization is baked in the law — it is not personal data anymore so there are really a lot of implications,” he adds. “Again from security we learn a lot of things on transparency. Good security and good encryption relies on open protocol and mechanisms that everyone can go and look and try to attack so there’s really a lot at this moment we need to learn from security.

“There’s no going to be any perfect system. Vulnerability will keep being discovered so the question is how do we make sure things are still ok moving forward and really learning from security — how do we quickly patch them, how do we make sure there is a lot of research around the system to limit the risk, to make sure vulnerabilities are discovered by the good guys, these are patched and really [what is] the role of the regulator?

“Data can have bad applications and a lot of really good applications so I think to me it’s really about how to try to get as much of the good while limiting as much as possible the privacy risk.”

The Capital One hacker, a Bluetooth vulnerability, and more of the week’s top security news.