Monthly Archives: July 2016

Google launches Family Library, a way for families to share Google Play purchases

Google officially announced this morning the launch of “Family Library” – a program that allows up to six family members to share their purchases from Google Play across devices. This includes the ability to share movies, TV shows, books, apps and games across Android phones and tablets, and, in some cases, across the web, iOS, and other connected TV platforms like Roku, Android TV, Smart TVs and more.

Music, meanwhile, can be streamed by up to 6 family members via Google Play Music’s family plan.

Family Library’s pending launch had been rumored for months, and was prematurely reported as having gone live earlier in July.

However, Google is only today kicking off the official rollout, we’re told.

Over the next few days, the service will become available in Australia, Brazil, Canada, France, Germany, Ireland, Italy, Japan, Mexico, New Zealand, the U.K., and the U.S.

Alongside the launch, Google is also expanding access to its Google Play Music family plan, which lets up to six family members stream songs for $14.99 per month. Previously available in the U.S., U.K., Australia, France, Germany, Brazil, Canada, and Japan, the service is now launching in Ireland, Italy, Mexico, and New Zealand. Customers can also now sign up on the web or via their Android device.

To get started with Family Library, users will access a new setting in the Play Store where they will configure one person as the “Family Manager” and add the other members. The Family Manager will be an adult in the family who’s responsible for adding and removing members, and they’ll also enter in the payment information where family purchases will be charged.

By default, members’ purchases will be shared with everyone, but there’s the option to selectively share items, too. That can be useful for those times when no one wants to be bothered with dad’s collection of war movies, perhaps, or mom’s cheesy rom-coms. And even if you’re sharing everything, you can still click on individual items and choose not to share them with the group.

Family Library also respects the Parental Control settings you’ve configured on children’s devices, so they won’t immediately have access to your R-rated films, for example.

Similar to Apple’s Family Sharing service, parents can approve purchases requested by younger family members. However, this is a bit awkward at launch. After the request is made, the parent will have to type in their password on the kids’ device. This process should be improved over time, however.

What makes Google’s Family Library different from Apple’s service is that Google Play is available beyond Google’s own platform. In addition to being available across Android, movies, TV shows and books are available through Google’s apps on the web and on iOS. And you can watch movies and TV shows anywhere the Google Play Movies & TV app runs, like Roku and smart TVs.

“Play by its nature is available across more places, and we really think that’s important for user choice and flexibility,” says Eunice Kim, Senior Product Lead for Google’s families initiatives at Google Play

Plus, she adds, Family Library has flexible payment options. While there is a credit card that will be shared as the family payment method, members will always be able to buy items with their own payment methods, including gift cards and Google Wallet, too.

Via: techcrunch

T-Mobile adds Apple Music and over a dozen video services to its free streaming program Binge On

T-Mobile again expanded its free streaming program Binge On this morning, with the addition of Apple Music and fifteen other providers, including video services like ABC, Fox Now, FXNOW, Disney Channel, Disney Jr., Disney XD, NAT GEO TV, DISH Anywhere, and others. This brings the total number of video providers now participating in Binge On to over 100 since the service’s launch just eight months ago, notes the company.

Binge On, which is part of T-Mobile’s “UnCarrier” marketing campaign, lets customers stream music and video without tapping into their mobile data. To date, T-Mobile customers have streamed over 765 million hours of video data-free, which the carrier says contributes to longer watch times, more frequent viewing, and, for participating providers, the ability to sell more subscriptions.

According to a T-Mobile-led study, it claims that 85 percent of Binge On providers expect customers to increase their viewing times and 80 percent will watch more often. Forty-five percent of those with paid subscriptions expect to increase sales. (Keep in mind, of course, these are “expectations” – not hard data.)

However, the program itself has come a long way over the past several months. T-Mobile has worked out some of the kinks with regard to the complaints larger video providers had, as with Google and YouTube. Earlier this year, YouTube and Google Play Movies & TV finally joined the program after T-Mobile addressed Google’s criticism of its program, which said that T-Mobile was unfairly throttling video without user consent.

The carrier has since made it easier for end users to turn Binge On’s service on or off, and video service providers can now opt out of having their streams modified by T-Mobile. They can also choose to participate in the program, but manage their video streams themselves, giving the video provider more control.

As a result of the free streaming, T-Mobile said at the beginning of the year that customers were watching more than twice as much as before – a figure it reconfirmed in March. Customers are also able to watch for longer – or, as T-Mobile says today, “hundreds of millions of extra hours” – because their high-speed data lasts up to three times longer when they stream via Binge On.

The full line-up of new services added today include:

  • ABC
  • Apple Music
  • Big Ten Network
  • DISH Anywhere
  • Disney Channel
  • Disney Jr.
  • Disney XD
  • D-PAN.TV
  • DramaFever
  • Shalom World
  • Sioeye
  • Tubi TV

Via: techcrunch

Microsoft will now force you to use its favorite Windows 10 feature, whether you like it or not

Microsoft is madly in love with Cortana, the digital personal assistant that comes with every copy of the year-old Windows 10 operating system.

Not only does Cortana slot right into Microsoft CEO Satya Nadella’s ambitions around artificial intelligence and the future of technology, she’s also driving lots of folks towards Bing, Microsoft’s own search engine.

So it’s disappointing, but not surprising, that Microsoft is removing the ability to turn off Cortana once the Windows 10 Anniversary Update drops on August 2nd, as first reported by PC World’s Ian Paul.

Previously, Windows 10 users could turn off Cortana, leaving in her place a more basic search bar that could scan your own files and folders. That means forgoing Cortana’s nifty features, including the ability to schedule reminders or see your calendar, but it’s been a worthy tradeoff for those users worried about Microsoft tracking too much user data.

Now, Microsoft is removing the option. Once the update hits, if you want to search your own computer, you’re using Cortana. And unless you’re using Windows 10 at work, there’s no way to turn down the Anniversary Update or any other Windows update.

Windows 10’s Cortana can present lots of personalized information provided you sign in.

There’s a big caveat here: While signing in to Cortana unlocks a bunch more features, including delivering personalized news stories and access to your contacts and calendar, you don’t have to. You can use her anonymously, not tied to any account. So if you are really concerned about privacy, you should simply sign out of Cortana — but Microsoft will still get anonymous data when you use it.

You can also hide the Cortana bar entirely from the taskbar.

Generally speaking, Windows 10 is pretty great, and Cortana is a big part of why I personally love it so much. But it’s always disappointing to see Microsoft take away user choice, especially for something that’s as central to their day as the Windows 10 PC.

This news comes after Microsoft disabled the ability to use Google when Cortana performs web searches, forcing the use of the Microsoft Edge browser and the Bing search engine. Just last week, Microsoft reported that Bing is doing better than ever, up 16% in the last quarter over the same time in 2015.

Here’s what a Microsoft spokesperson tells us:

With the Windows 10 Anniversary Update, the search box is now Cortana. Customers can expect the same great search experience powered by Bing and Microsoft Edge with the added benefit of Cortana’s personality.

We know consumers want choice and we make it easy to customize Cortana’s personalization or opt-out of Cortana’s suite of personalized services. Cortana works best when you sign in, but if you choose not to, you can still use her to chat, search the web and your Windows device. If you like, you can also easily hide Cortana and the search box in the taskbar altogether.

Via: businessinsider

Government tests use of social media accounts for verifying online user identity

Online public service users may be asked to allow access to their Facebook, LinkedIn or Twitter accounts to help prove they are who they say they are.

The Government Digital Service (GDS) is testing ways to use people’s social media accounts to help prove their identity when accessing online public services.

Staff working on Verify, the identity assurance system being developed by GDS, recently evaluated the use of Facebook, LinkedIn, Twitter and Paypal as part of the process of proving people are who they say they are when logging in to government websites.

Verify works by asking users to set up an account with one of a selection of third-party identity providers, such as the Post Office, Experian or Verizon. Each company then asks the user to prove who they are, using available data such as their credit history or by allowing electronic access to documents such as passports.

The current methods of identity assurance do not work for everyone – only around 70% of users have been able to successfully verify their identity.

As part of a test to find ways of proving identity – and thereby open up Verify for more people to be able to use it – the Verify team evaluated use of social network data as an additional source of information. Users in the tests had to agree to allow access to their social media accounts.

However, the use of social networks in this way does not mean that users will log in to online public services using their Facebook log-in details, for example.

The tests found that Verify’s ability to adequately identify the adult population could increase by 9% by using social media data, and for 16-to-25-year olds could potentially increase by up to 38%.

“Our research suggests that people appear to be becoming more amenable to using online activity verification and allowing certified companies access to their personal online accounts to acquire a verified identity that gives safer, faster access to government services,” said Livia Ralph of GDS in a blog post.

Read more about Verify

As many as 50 digital government services could be using the Verify identity verification system within months, if current plans are successful.

GDS has also been trying to persuade private sector companies to use Verify as a means of identity assurance, and is working with local authorities to evaluate how the system could work for council services.

Some of the first government departments that adopted Verify found that many users were unable to prove their identity, mostly due to a lack of sufficient data to complete the verification process.

Verify has missed a number of targets for user adoption and only went officially live in May 2016.

Via: computerweekly

LinkedIn buys PointDrive to boost its social sales platform with sharing

LinkedIn, the social network for professionals with 430 million users and now on its way to becoming a part of Microsoft, is putting some more firepower into its sales product. The company has acquired PointDrive, a startup that has built a service that lets salespeople share visual content with prospective clients to help seal the deal.

Terms of this deal are not being disclosed. PointDrive was based out of Chicago and had no VC funding disclosed in Crunchbase, but Jordan Buller, a VC at Ringleader Ventures in Chicago, confirmed to me that his firm was the only institutional investor in PointDrive, with the rest its backers angels. He did not say how much the company raised.

The news comes on the heels of LinkedIn sprucing up its Sales Navigator product with new features like a plug-in for Gmail, Salesforce integration and new mobile features. Sales Solutions is not LinkedIn’s biggest business unit (that honor goes to Talent Solutions, aka its recruitment business). But the service, which was built two years ago to help with social selling on LinkedIn, has been highlighted as a part of the company’s potential synergies with Microsoft post- its $26 billion acquisition of the social network.

It seems that LinkedIn found PointDrive as a customer itself.

“From presentations to images, to links and videos, what they’ve created has quickly gained traction with sales professionals in a wide range of industries,” writes David Thacker, a VP of product at LinkedIn, in a blog post announcing the news.

“Our very own global sales organization became a PointDrive customer about a year ago and their product has become one of the most valued tools for our teams.” (Note: He did not comment on whether it was used to in the process of selling LinkedIn itself to Microsoft.)

Sales Navigator today comes in two tiers. A Professional edition is designed for individuals ($80/month) and Team edition for companies ($1200/year before volume discounts).

It’s not clear how and if PointDrive will be priced separately yet. Before the acquisition, it sold in tiers of $25, $40 and $50 per month per user, depending on features like expanded storage, and Salesforce integration.

PointDrive’s app essentially offers users a web page that functions as a common workspace: salespeople can upload content that can be shared with their clients to better illustrate an advertisement or an exciting PowerPoint to show what great ROI they’ll get.

PointDrive competes against other document sharing apps specifically targeting salespeople, such as DocSend; screen sharing services like; and online presentation platforms like Prezi.

It’s interesting because it points to ways that LinkedIn could potentially expand out its sales services to a wider pool of users beyond the recruitment industry that forms a large part of its customer base, and potentially offers its social selling tools to work across other platforms beyond LinkedIn.

Sales Solutions as of last quarter saw its revenues increase by 55% year-over-year, and now represents 40% of Premium Subscription revenue, LinkedIn said. Last quarter, Premium Subs brought in $149 million in revenue, meaning Sales Solutions brought in just under $60 million to the company.

Via: techcrunch

NIST declares the age of SMS-based 2-factor authentication over

2-factor authentication is a great thing to have, and more and more services are making it a standard feature. But one of the go-to methods for sending 2FA notifications, SMS, is being left in the dust by the National Institute of Standards and Technology.

NIST creates national-level guidelines and rules for measurements, and among the many it must keep up to date are some relating to secure electronic communications.

An upcoming pair of “special publications,” as its official communiques are called, update its recommendations for a host of authentication and security issues, and the documents are up for “public preview.” I put the phrase in quotes because technically, a “public draft” triggers formal responses from partners and, in fact, from NIST itself.

To avoid red tape, the Institute is trying out a new method for reviewing and commenting on the guidelines that isn’t quite so official: GitHub. “It only seemed appropriate for us to engage where so much of our community already congregates and collaborates,” reads an intro to the new process.

The public preview, to be sure, is still very incomplete, and includes questions built right into the text — “I think we are making this too hard,” reads one piece of marginalia.

At any rate, the changes are numerous, but perhaps most relevant for Joe and Jane Six-Pack is the active discouragement of using SMS as an “out of band authenticator” — essentially, a method for delivering a one-time use code for 2FA. (Emphasis theirs.)

If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.

For now, services can continue with SMS as long as it isn’t via a service that virtualizes phone numbers — the risk of exposure and tampering there might be considered too great. NIST isn’t telling for now, but more info will come out as the comment period wears on. But before long all use of SMS will be frowned on, as the bolded passage clearly indicates.

The alternative is to use a dedicated 2FA app like Google Authenticator or RSA SecurID, or a dedicated secure device like a dongle. There are plenty of options — SMS was just the easy one.

Curious about the other changes?

  • LOA is decoupled into its component parts
  • Complete revamp of identity proofing
  • New password guidance
  • Removal of insecure authenticators (aka tokens)
  • Federation requirements and recommendations
  • Broader applicability of biometrics
  • Privacy requirements (under construction)
  • Usability considerations (under construction)

Feel free to dive into the documents themselves (links are at the top of the intro).

Via: techcrunch

Ransomware Incidents at Health Organizations Are Now Classified as a Data Breach

According to new guidelines issued by the United States Department of Health and Human Services (HHS), ransomware incidents in HIPAA regulated organizations are now classified as a data breach. HIPAA is the Health Insurance Portability and Accountability Act that must be followed by any health care provider who transmits health information in electronic form. In America, with the use of electronic medical records, this means just about every health care provider.

To most security professionals, this is an unusual approach, as a data breach has previously indicated the exfiltration of data by an attacker. In fact, the Code of Federal Regulations defines a breach as “the acquisition, access, use, or disclosure of protected health information in a manner not permitted . . .”

Although there have been rumors of ransomware that steals data, there is still no proof of any such ransomware in the wild.

The HHS has codified a breach as the following:

“A breach has occurred because the Electronic Protected Health Information (ePHI) encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information). . .”

In a parenthetical statement, the HHS has memorialized the act of encrypting data as “control” of the information. I would hope that this new classification will have many scratching their heads, wondering, “If I have good backups, then the control is mitigated.” (Failure to protect data is also a violation of HIPAA rules.)

In fairness to the Department of Health and Human Services, the new guidelines also allow an organization to demonstrate that there is a “low probability that the Protected Health information has been compromised,” however, the 4-step risk assessment is geared more towards a general malware outbreak, rather than a ransomware event.

Ransomware simply does not work the way the authors of the new HHS guidelines have implied. Even in a targeted attack, the ransomware authors are not seeking to use any of the data that is encrypted; they are after the value of the target getting back in operation. In random ransomware events, the attacker simply fires up the spam-generating engine and hope for some bites on their phishing lures.

Ransomware is a lucrative business. One strain has been reported to cost victims over $18 million in one year. Ransomware criminals do not have to waste their time trying to fence stolen data.

The greatest concern with this new breach classification is that it can spread to other regulations, and eventually find its way into the general practice of corporate risk officers.

Nothing could be more wasteful of a security team’s time than explaining that no data was stolen every time a piece of ransomware is detected.

Of course, the best protections against ransomware remain the same:

  • A layered defense;
  • Good backups that are stored offline and regularly tested;
  • Security awareness training for all staff;
  • Access controls;
  • Vulnerability assessments and penetration testing (including hunt team exercises);
  • Maintaining a patch management strategy.

Via: tripwire

Yahoo abandons fight, sells internet business to Verizon for $4.8B

After the sale Yahoo will be left with cash, investments in Alibaba and Yahoo Japan, and some patents.

Ailing Yahoo is selling off its operating business for about $4.8 billion to Verizon Communications, in a cash deal that will reduce the storied tech firm to mainly holding its cash, stakes in Alibaba and Yahoo Japan and non-core patents.

For Verizon, the acquisition will help it gain Yahoo’s 1 billion monthly active users, its internet properties and key applications like search and email, and its advertising systems. Verizon is not unfamiliar to the acquisition and integration of web companies after its 2015 acquisition of AOL for $4.4 billion, when it acquired similar assets.

The transaction is expected to be completed by the first quarter of next year, subject to regulatory approvals, ending a long-drawn out bidding process for the company. After the transaction is closed, Yahoo will be integrated with AOL under Marni Walden, its executive vice president and president of the Product Innovation and New Businesses organization at Verizon, the communications company said Monday.

The price Verizon is paying for Yahoo’s internet assets is a small percentage of its market capitalization of over $125 billion during the peak of the dot-com boom, reflecting how badly the company has fallen out of favor.

Founded in 1994 by Jerry Yang and David Filo, Yahoo soon emerged as the entry point to the web for a large number of users of its services such as its portal, search engine and email. But it was later overtaken in markets like search by newer competitors like Google. The company also failed to rise up to new market opportunities such as social networking and mobile.

In 2012, the company appointed Marissa Mayer, a former senior Google executive, as its CEO, amid high expectations that she would turn around the company.  

“It’s poetic to be joining forces with AOL and Verizon as we enter our next chapter focused on achieving scale on mobile,” Mayer said in a statement.

Yahoo posted a loss of $440 million on revenue of a little over $1.3 billion in the second quarter of this year. The large loss was mainly because of a $395 million write-off on account of the microblogging social network Tumblr, which Yahoo acquired in 2013 for over $1 billion.

Tumblr was to be Yahoo’s fresh foothold in the social media advertising market but like most of the company’s diversification and acquisitions, including its bid to get into the mobile internet, it fell short of expectations. Mobile revenue at $378 million lagged behind the company’s desktop revenue of $875 million in the second quarter.

Yahoo had at one point last year considered spinning off its 15.4 percent stake in Alibaba Holding Group, through a company called Aabaco Holdings, but hesitated on the move because of uncertainties about potential tax implications.

A powerful investor group, Starboard Value, said that the proposed spin off of Aabaco was not Yahoo’s best option. It prevailed on Yahoo to instead explore the sale of its core business of search and display advertising, while leaving its ownership stakes in Alibaba and Yahoo Japan in the existing corporate entity.

Verizon’s rivals in the auction were mainly private-equity firms such as Bain Capital, Vista Equity Partners, TPG and Advent International besides a group led by Quicken Loans founder Dan Gilbert, according to reports. AT&T is also said to have participated in the bidding.

Via: networkworld

Redbox is giving streaming another shot

After unceremoniously putting the old kibosh on it Instant service back in 2014, your friendly neighborhood DVD dispenser Redbox is ramping up to give streaming another go. The movie distributor, whose vending machines have become a supermarket mainstay across the US, is taking another shot at Netflix with a small beta roll out for “a small subset of [its] customers”

From the sound of things, this is all still very early stages. No definite pricing or timing, but the Redbox Digital app has been published in the App Store, and screen shots reveal a UI pretty on-par with what’s offered up by Netflix and its ilk, albeit with a download option entered into the mix, along with a cast button to stream it to compatible devices.

At present, the app can only be accessed by members who have been given the proper Redbox thumbs up – a fact that has contributed to the app’s current one-star iTunes rating. The company doesn’t sound too confident about if or when it plans to pull the trigger on a wide release. “As we test and learn from our customers,” a spokesperson for the company told Variety, “we will make evaluations that determine any future course of action.”

Presumably the 50 or so ratings that put the app at one star won’t tip the scales too much in either direction.

Via: techcrunch

Service Protect will automatically detect when your flight is delayed and request compensation

Service is an app. The startup acts as an intermediary between you and businesses where you’ve had bad experiences. So this means whenever your bags are lost by an airline or a restaurant ruins your meal, Service will interface with the business on your behalf to help make things right in the form of a refund, credit, etc.

After being in business a year the company’s app has been downloaded 50,000 times and saved/recouped customers a total of $1M dollars.

But the current version requires you to come to Service with your issues, uploading a description of the issue and attaching proof of purchase. Not only was this a hassle (you may forget to submit the request after your awful meal) but it also leaves users with a burden of doubt (was that delay long enough to make a fuss?).

So, the startup is launching Protect, a way to streamline the process to file a case. It works by connecting to your email account and monitoring your email inbox for things like flight itineraries and receipts. If you have an issue with a good or service that has an email record you just automatically tap on that transaction within Service’s app to file a case.

Plus, Service will proactively monitor your flights for delays or cancelations by parsing the flight data from your email. If the delay is over 2 hours or the flight is canceled they will proactively reach out to you and ask if they can help you get compensated.

Eventually, Service plan to expand this proactive monitoring feature to things like missed deliveries and and incorrect billing situations – essentially this is the start of a proactive commerce assistant that protects your purchases – almost like a 21st century version of a credit card’s consumer protection features.

The new feature is bound to help increase usage for the startup, mainly because it just makes it easier to find a claim.

But it isn’t a step towards monetizing, something the young company has yet to build into their product. However, Service founder and CEO Michael Schneider explained that the plan is now to leave Service free for the consumer, and monetize with businesses instead. They plan to do this by using everything they learned helping customers to develop a product that automates customer service for businesses.

Service Protect is live now as part of the app’s new update.

Via: techcrunch