Monthly Archives: July 2018

This week, Tinder responded to a letter from Oregon Senator Ron Wyden calling for the company to seal up security loopholes in its app that could lead to blackmail and other privacy incursions.

In a letter to Sen. Wyden, Match Group General Counsel Jared Sine describes recent changes to the app, noting that as of June 19, “swipe data has been padded such that all actions are now the same size.” Sine added that images on the mobile app are fully encrypted as of February 6, while images on the web version of Tinder were already encrypted.

The Tinder issues were first called out in a report by a research team at Checkmarx describing the app’s “disturbing vulnerabilities” and their propensity for blackmail:

The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).

While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.

In February, Wyden called for Tinder to address the vulnerability by encrypting all data that moves between its servers and the app and by padding data to obscure it from hackers. In a statement to TechCrunch at the time, Tinder indicated that it heard Sen. Wyden’s concerns and had recently implemented encryption for profile photos in the interest of moving toward deepening its privacy practices.

“Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals,” Sine said in the letter. “… Our goal is to have protocols and systems that not only meet, but exceed industry best practices.”

via:  techcrunch

Amazon has gotten flack in the past for some of the challenges its crowdsourced “last-mile” delivery drivers face, but now it’s offering those with entrepreneurial ambitions the option to do more. Instead of showing up for gig work, drivers can opt for a new program where Amazon helps them establish their own delivery business.

The program will include access to Amazon’s delivery technology, hands-on training and discounts on a suite of assets and services, including the vehicle leasing and insurance, the retailer says.

That means drivers won’t have to use their own cars, as in the crowdsourced delivery program known as Amazon Flex. This gives them more space for organizing packages, the ability to use parking spots for delivery vehicles and the ability to haul extra equipment, like straps and dollies.

Amazon says the earning potential for successful owners is as much as $300,000 in annual profit operating a fleet of 40 vehicles. The company expects that, over time, hundreds of small business owners will hire tens of thousands of delivery drivers across the U.S., it says.

In other words, Amazon just launched its own UPS competitor of sorts, by offering leased vans, training and resources to those who want to drive for Amazon instead of Uber.

The retailer says people can start up their Amazon delivery businesses with as little as $10,000. Military vets can get that 10K reimbursed, as Amazon is investing a million into a program that funds their startup costs.

The business owners — who don’t need logistics experience, Amazon notes — will be offered discounts on the customized delivery vans, branded uniforms, fuel, comprehensive insurance coverage and more — deals the retailer pre-negotiated on their behalf.

This also addresses some of the problems the gig work Flex drivers faced — gas prices would often cut far too much into profits; the lack of insurance; and the general challenges associated with trying to deliver packages from an unbranded, small car.

“We have great partners in our traditional carriers and it’s exciting to continue to see the logistics industry grow,” said Dave Clark, Amazon’s senior vice president of worldwide operations, in a statement about the launch. “Customer demand is higher than ever and we have a need to build more capacity. As we evaluated how to support our growth, we went back to our roots to share the opportunity with small-and-medium-sized businesses. We are going to empower new, small businesses to form in order to take advantage of the growing opportunity in e-commerce package delivery.”

The changes come at a time when there’s been debate about Amazon’s financial impact on the U.S. Postal Service. But with this new program, Amazon could reduce its reliance on outside partners as the program scales.

However, Amazon will continue to work with existing partners, including UPS and FedEx, in addition to the USPS and smaller last-mile delivery partners, for some time. As Amazon’s business continues to grow, it will need these partners’ help to get packages to customers for the foreseeable future — a fleet of leased Prime vans can’t do it all.

via:  techcrunch