Millions of Venmo transactions scraped in warning over privacy settings

A computer science student has scraped seven million Venmo transactions to prove that users’ public activity can still be easily obtained, a year after a privacy researcher downloaded hundreds of millions of Venmo transactions in a similar feat.

Dan Salmon said he scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private.

The peer-to-peer mobile payments service faced criticism last year after Hang Do Thi Duc, a former Mozilla fellow, downloaded 207 million transactions. The scraping effort was possible because Venmo payments between users are public by default. The scrapable data inspired several new projects — including a bot that tweeted out every time someone bought drugs.

A year on, Salmon showed little has changed and that it’s still easy to download millions of transactions through the company’s developer API without obtaining user permission or needing the app.

Using that data, anyone can look at an entire user’s public transaction history, who they shared money with, when, and in some cases for what reason — including illicit goods and substances.

“There’s truly no reason to have this API open to unauthenticated requests,” he told TechCrunch. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”

He published the scraped data on his GitHub page.

Venmo has done little to curb the privacy issue for its 40 million users since the scraping effort blew up a year ago. Venmo reacted by changing its privacy guide and, and later updated its app to remove a warning when users went to change their default privacy settings from … Read the rest

Apollo raises $22M for its GraphQL platform

Apollo, a San Francisco-based startup that provides a number of developer and operator tools and services around the GraphQL query language, today announced that it has raised a $22 million growth funding round co-led by Andreessen Horowitz and Matrix Partners. Existing investors Trinity Ventures and Webb Investment Network also participated in this round.

Today, Apollo is probably the biggest player in the GraphQL ecosystem. At its core, the company’s services allow businesses to use the Facebook -incubated GraphQL technology to shield their developers from the patchwork of legacy APIs and databases as they look to modernize their technology stacks. The team argues that while REST APIs that talked directly to other services and databases still made sense a few years ago, it doesn’t anymore now that the number of API endpoints keeps increasing rapidly.

Apollo replaces this with what it calls the Data Graph. “There is basically a missing piece where we think about how people build apps today, which is the piece that connects the billions of devices out there,” Apollo co-founder and CEO Geoff Schmidt told me. “You probably don’t just have one app anymore, you probably have three, for the web, iOS and Android . Or maybe six. And if you’re a two-sided marketplace you’ve got one for buyers, one for sellers and another for your ops team.”

Managing the interfaces between all of these apps quickly becomes complicated and means you have to write a lot of custom code for every new feature. The promise of the Data Graph is that developers can use GraphQL to query the data in the graph and move on, all without having to write the boilerplate code that typically slows them down. At the same time, the ops teams can use the Graph to enforce access policies and … Read the rest

Fintech platform Synapse raises $33M to build ‘the AWS of banking’

Synapse, a San Francisco-based startup that operates a platform enabling banks and fintech companies to easily develop financial services, has closed a $33 million Series B to develop new products and go after international expansion.

The investment was led by Andreessen Horowitz, with participation from existing backers Trinity Ventures and Core Innovation Capital . Synapse — which recently rebranded (slightly) from “SynapseFi” — announced a $17 million Series A back in September 2018, so this deal takes it to $50 million raised to date.

The startup was founded in 2014 by Bryan Keltner and India-born CEO Sankaet Pathak, who came to the U.S. to study but grew frustrated at the difficulty of opening a bank account without U.S. social security history. Inspired by his struggles, Synapse, which operated under the radar prior to that Series A deal, is focused on democratizing financial services.

Its approach to doing that is a platform-based one that makes it easy for banks and other financial companies to work with developers. The current system for working with financial institutions is frankly a mess; it involves myriad different standards, interfaces, code bases and other compatibility issues that cause confusion and consume time. Through developer- and bank-facing APIs, Synapse aims to make it easier for companies to connect with banks, and, in turn, for banks to automate and extend their back-end operations.

Pathak previously told us the philosophy is a “Lego brick” approach to building services. Its modules and services include payment, deposit, lending, ID verification/KYC, card issuance and investment services.

“We want to make it super easy for developers to build and scale financial products and we want to do that across the spectrum of financial products,” he told TechCrunch in an interview this week.

Synapse CEO Sankaet Pathak

“We don’t think Bank of America, … Read the rest

When it comes to elections, Facebook moves slow, may still break things

This week, Facebook invited a small group of journalists — which didn’t include TechCrunch — to look at the “war room” it has set up in Dublin, Ireland, to help monitor its products for election-related content that violates its policies. (“Time and space constraints” limited the numbers, a spokesperson told us when he asked why we weren’t invited.)

Facebook announced it would be setting up this Dublin hub — which will bring together data scientists, researchers, legal and community team members, and others in the organization to tackle issues like fake news, hate speech and voter suppression — back in January. The company has said it has nearly 40 teams working on elections across its family of apps, without breaking out the number of staff it has dedicated to countering political disinformation. 

We have been told that there would be “no news items” during the closed tour — which, despite that, is “under embargo” until Sunday — beyond what Facebook and its executives discussed last Friday in a press conference about its European election preparations.

The tour looks to be a direct copy-paste of the one Facebook held to show off its US election “war room” last year, which it did invite us on. (In that case it was forced to claim it had not disbanded the room soon after heavily PR’ing its existence — saying the monitoring hub would be used again for future elections.)

We understand — via a non-Facebook source — that several broadcast journalists were among the invites to its Dublin “war room”. So expect to see a few gauzy inside views at the end of the weekend, as Facebook’s PR machine spins up a gear ahead of the vote to elect the next European Parliament later this month.

It’s clearly hoping shots of serious-looking … Read the rest

Microsoft extends its Cognitive Services with personalization service, handwriting recognition APIs and more

As part of its rather bizarre news dump before its flagship Build developer conference next week, Microsoft today announced a slew of new pre-built machine learning models for its Cognitive Services platform. These include an API for building personalization features, a form recognizer for automating data entry, a handwriting recognition API and an enhanced speech recognition service that focuses on transcribing conversations.

Maybe the most important of these new services is the Personalizer. There are few apps and web sites, after all, that aren’t looking to provide their users with personalized features. That’s difficult, in part, because it often involves building models based on data that sits in a variety of silos. With Personalizer, Microsoft is betting on reinforcement learning, a machine learning technique that doesn’t need the kind of labeled training data typically used in machine learning. Instead, the reinforcement agent constantly tries to find the best way to achieve a given goal based on what users do. Microsoft argues that it is the first company to offer a service like this and the company itself has been testing the services on its Xbox, where it saw a 40% increase in engagement with its content after it implemented this service.

The handwriting recognition API, or Ink Recognizer as it is officially called, can automatically recognize handwriting, common shapes and documents. That’s something Microsoft has long focused on as it developed its Windows 10 inking capabilities, so maybe it’s no surprise that it is now packaging this up as a cognitive service, too. Indeed, Microsoft Office 365 and Windows use exactly this service already, so we’re talking about a pretty robust system. With this new API, developers can now bring these same capabilities to their own applications, too.

Conversation Transcription does exactly what the name implies: it transcribes conversations … Read the rest