& meet dozens of singles today!
User blogs
As live audio chat app Clubhouse ascends in popularity around the world, concerns about its data practices also grow.
The app is currently only available on iOS, so some developers set out in a race to create Android, Windows and Mac versions of the service. While these endeavors may not be ill-intentioned, the fact that it takes programmers little effort to reverse engineer and fork Clubhouse — that is, when developers create new software based on its original code — is sounding an alarm about the app’s security.
The common goal of these unofficial apps, as of now, is to broadcast Clubhouse audio feeds in real-time to users who cannot access the app otherwise because they don’t have an iPhone. One such effort is called Open Clubhouse, which describes itself as a “third-party web application based on flask to play Clubhouse audio.” The developer confirmed to TechCrunch that Clubhouse blocked its service five days after its launch without providing an explanation.
“[Clubhouse] asks a lot of information from users, analyzes those data and even abuses them. Meanwhile, it restricts how people use the app and fails to give them the rights they deserve. To me, this constitutes monopoly or exploitation,” said Open Clubhouse’s developer nicknamed AiX.
Clubhouse cannot be immediately reached for comment on this story.
AiX wrote the program “for fun” and wanted it to broaden Clubhouse’s access to more people. Another similar effort came from a developer named Zhuowei Zhang, who created Hipster House to let those without an invite browse rooms and users, and those with an invite to join rooms as a listener though they can’t speak — Clubhouse is invite-only at the moment. Zhang stopped developing the project, however, after noticing a better alternative.
These third-party services, despite their innocuous intentions, can be exploited for surveillance purposes, as Jane Manchun Wong, a researcher known for uncovering upcoming features in popular apps through reverse engineering, noted in a tweet.
“Even if the intent of that webpage is to bring Clubhouse to non-iOS users, without a safeguard, it could be abused,” said Wong, referring to a website rerouting audio data from Clubhouse’s public rooms.
Clubhouse lets people create public chat rooms, which are available to any user who joins before a room reaches its maximum capacity, and private rooms, which are only accessible to room hosts and users authorized by the hosts.
But not all users are aware of the open nature of Clubhouse’s public rooms. During its brief window of availability in China, the app was flooded with mainland Chinese debating politically sensitive issues from Taiwan to Xinjiang, which are heavily censored in the Chinese cybserspace. Some vigilant Chinese users speculated the possibility of being questioned by the police for delivering sensitive remarks. While no such event has been publicly reported, the Chinese authorities have banned the app since February 8.
Clubhouse’s design is by nature at odds with the state of communication it aims to achieve. The app encourages people to use their real identity — registration requires a phone number and an existing user’s invite. Inside a room, everyone can see who else is there. This setup instills trust and comfort in users when they speak as if speaking at a networking event.
But the third-party apps that are able to extract Clubhouse’s audio feeds show that the app isn’t even semi-public: It’s public.
More troublesome is that users can “ghost listen,” as developer Zerforschung found. That is, users can hear a room’s conversation without having their profile displayed to the room participants. Eavesdropping is made possible by establishing communication directly with Agora, a service provider employed by Clubhouse. As multiple security researchers found, Clubhouse relies on Agora’s real-time audio communication technology. Sources have also confirmed the partnership with TechCrunch.
Some technical explanation is needed here. When a user joins a chatroom on Clubhouse, it makes a request to Agora’s infrastructure, as the Stanford Internet Observatory discovered. To make the request, the user’s phone contacts Clubhouse’s application programming interface (API), which then creates “tokens”, the basic building block in programming that authenticates an action, to establish a communication pathway for the app’s audio traffic.
Now, the problem is there can be a disconnect between Clubhouse and Agora, allowing the Clubhouse end, which manages user profiles, to be inactive while the Agora end, which transmits audio data, remains active, as technology analyst Daniel Sinclair noted. That’s why users can continue to eavesdrop on a room without having their profile displayed to the room’s participants.
The Agora partnership has sparked other forms of worries. The company, which operates mainly from the U.S. and China, noted in its IPO prospectus that its data may be subject to China’s cybersecurity law, which requires network operators in China to assist police investigations. That possibility, as the Stanford Internet Observatory points out, is contingent on whether Clubhouse stores its data in China.
While the Clubhouse API is banned in China, the Agora API appears unblocked. Tests by TechCrunch find that users currently need a VPN to join a room, an action managed by Clubhouse, but can listen to the room conversation, which is facilitated by Agora, with the VPN off. What’s the safest way for China-based users to access the app, given the official attitude is that it should not exist? It’s also worth noting that the app was not available on the Chinese App Store even before its ban, and Chinese users had downloaded the app through workarounds.
The Clubhouse team may be overwhelmed by data questions in the past few days, but these early observations from researchers and hackers may urge it to fix its vulnerabilities sooner, paving its way to grow beyond its several million loyal users and $1 billion valuation mark.
Source: https://techcrunch.com/2021/02/22/clubhouse-security/
This morning Creatio, a Boston-based software company, announced that it has raised $68 million. Volition Capital, a growth-equity fund, led the round. The deal was a minority investment in the startup.
The deal is notable not merely thanks to its sheer size, but because up until today Creatio had bootstrapped. That’s according to founder and CEO Katherine Kostereva, with whom TechCrunch caught up with last week regarding the investment.
Per Kostereva, her company’s low-code platform helps other companies automate business processes. Creatio’s competitive edge, she said, comes in part from how quickly it can help companies automate; the faster that companies can get from a low-code platform to live apps matters.
Creatio also has a genre-focus, namely that it touts its platform’s ability to help automate work in the CRM space — think marketing and sales-related tasks. But its crowning “jewel,” Kostereva said, is Creatio’s underlying low-code automation platform.
The low-code world that Creatio competes in is a broad space that is seeing active investment from the very-early to the very-late stage. For example, last month TechCrunch covered no-code focused Stacker’s $1.7 million round. And earlier this month TechCrunch wrote about low-code focused OutSystems’ $150 million raise at a $9.5 billion valuation.
To see another low-code company raise a big check was therefore not too surprising.
TechCrunch was curious where the company and its founder came down on the concept of low-code versus no-code, a topic that is always good to ask players in either space. Kostereva highlighted the importance of citizen developers, folks who can use drag-and-drop interfaces to create apps but who are less adept with code. But she added that with today’s no-code tools one can only build simple things. Creatio, she continued, is more focused on the mid-market and enterprise. As such, it’s just not possible for Creatio to go no-code today. But, her view did appear to be that citizen devs should be able to do more and more in time without code.
It’s a fair perspective, and an encouraging one. The more that folks can do sans code, the more power that can shift into the hands of business orgs that traditionally had to depend on other departments for dev lift.
Back to the money side of things, Creatio has historically targeted breakeven financial results per its CEO. That means it reinvested in itself as it grew, an arrangement that made us was curious as to why the company would raise capital now; why change up a working formula?
In short the company was getting itself ready for to accelerate, according to its founder. Kostereva said that she wanted Creatio to have “world class” numbers for metrics like net retention, revenue growth, and net promoter score before it took on external funds.
Was the wait worth it? The company’s net retention was 122% last year, and its NPS score is 34, she disclosed. On the growth side of things, Kostereva said that her company started off doubling and tripling and is still close to doubling. Our read of her comments is that Creatio is probably growing its ARR in the high double-digits today.
The company wants to use its capital to invest in sales-and-marketing to help spread the the word about its business, invest in its partner program, a key growth mechanism, and R&D, it said. So, a little bit of everything.
TechCrunch has recently noticed just how big the software world really is, indexing off the fast that there is enough room for a host of OKR-focused startups to grow and raise external capital without weeding weaker players out. Given how many businesses processes there are in the world to automate, it may be that Creatio and other low-code platforms that want to help other companies accelerate will enjoy similar market dynamics. Investors, at least, are betting like that’s the case.
Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines.
This is Equity Monday, our weekly kickoff that tracks the latest private market news, talks about the coming week, digs into some recent funding rounds and mulls over a larger theme or narrative from the private markets. You can follow the show on Twitter here and myself here — and be sure to check out our last main ep, in which Natasha coins a slogan for a16z that I both hate, and became the headline of the show!
But enough of all of that, we have a lot to get through this morning. Here’s what we talked about:
- The Weekend: Coinbase at $100 billion? More on that to come. Toast is going public! Probably! Wait Toast the company that laid off staff last year? Yep that Toast! It’s not toast! And new rules on online lending in China.
- This Morning: Oscar Health put together an IPO price range that is interesting, and Apex Clearing is going public via a SPAC.
- Funding Rounds: Gophr raises money! Ageras Group raises money! Promise raises money! It was hard to pick just three, but each of those rounds has something notable about it. Enjoy!
- Deeper Dive/Riff: If the public markets will float even the most leaden of startup via a SPAC-balloon, any late-stage startup that doesn’t take the ride out of the private markets must either be perfect or too heavy to lift. And if it’s the second, we can write it off? Maybe?
And, finally, this is precisely what I feel like this Monday morning. Chat soon and stay safe!
Equity drops every Monday at 7:00 a.m. PST and Thursday afternoon as fast as we can get it out, so subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts.
Many enterprise software startups at some point have faced the invisible wall. For months, your sales team has done everything right. They’ve met with a prospect several times, provided them with demos, free trials, documentation and references, and perhaps even signed a provisional contract.
The stars are all aligned and then, suddenly, the deal falls apart. Someone has put the kibosh on the entire project. Who is this deal-blocker and what can software companies do to identify, support and convince this person to move forward with a contract?
I call this person the Chief Objection Officer.
Who is this deal-blocker and what can software companies do to identify, support and convince this person to move forward with a contract?
Most software companies spend a lot of time and effort identifying their potential buyers and champions within an organization. They build personas and do targeted marketing to these individuals and then fine-tune their products to meet their needs. These targets may be VPs of engineering, data leaders, CTOs, CISOs, CMOs or anyone else with decision-making authority. But what most software companies neglect to do during this exploratory phase is to identify the person who may block the entire deal.
This person is the anti-champion with the power to scuttle a potential partnership. Like your potential deal-makers, these deal-breakers can have any title with decision-making power. Chief Objection Officers aren’t simply potential buyers who end up deciding your product is not the right fit, but are instead blockers-in-chief who can make departmentwide or companywide decisions. Thus, it’s critical for software companies to identify the Chief Objection Officers that might block deals and, then, address their concerns.
So how do you identify the Chief Objection Officer? The trick is to figure out the main pain points that arise for companies when considering deploying your solution, and then walk backward to figure out which person these challenges impact the most. Here are some common pain points that your potential customers may face when considering your product.
Change is hard. Never underestimate the power of the status quo. Does implementing your product in one part of an organization, such as IT, force another department, such as HR, to change how they do their daily jobs?
Think about which leaders will be most reluctant to make changes; these Chief Objection Officers will likely not be your buyers, but instead the heads of departments most impacted by the implementation of your software. For example, a marketing team may love the ad targeting platform they use and thus a CMO will balk at new database software that would limit or change the way customer segment data is collected. Or field sales would object to new security infrastructure software that makes it harder for them to access the company network from their phones. The head of the department that will bear the brunt of change will often be a Chief Objection Officer.
Is someone’s job on the line?
Another common pain point when deploying a new software solution is that one or more jobs may become obsolete once it’s up and running. Perhaps your software streamlines and outsources most of a company’s accounts payable processes. Maybe your SaaS solution will replace an on-premise homegrown one that a team of developers has built and nurtured for years.
Retrofitting buildings to make them more energy efficient and better at withstanding climate change induced extreme weather is going to be a big, multi-billion dollar business. But it’s one that’s been hard for low-income communities to tap, thanks to obstacles ranging faulty incentive structures to an inability to adequately plan for which upgrades will be most effective in which buildings.
Enter BlocPower, a New York-based startup founded by a longtime advocate for energy efficiency and the job creation that comes with it, which has a novel solution for identifying, developing and profiting off of building upgrades in low income communities — all while supporting high-paying jobs for workers in the communities the company hopes to serve.
The company also has managed to raise $63 million in equity and debt financing to support its mission. That money is split between an $8 million investment from some of the country’s top venture firms and a $55 million debt facility structured in part by Goldman Sachs to finance the redevelopment projects that BlocPower is creating.
These capital commitments aren’t charity. Government dollars are coming for the industry and private companies from healthcare providers, to utility companies, to real estate developers and property managers all have a vested interest in seeing this market succeed.
There’s going to be over $1 billion carved out for weatherization and building upgrades in the stimulus package that’s still making its way through Congress
For BlocPower’s founder, Donnel Baird, the issue of seeing buildings revitalized and good high-paying jobs coming into local communities isn’t academic. Baird was born in Brooklyn’s Bedford Stuyvesant neighborhood and witnessed firsthand the violence and joblessness that was ripping the fabric of that rich and vibrant community apart during the crack epidemic and economic decline of the 1980s and early 90s.
Seeing that violence firsthand, including a shooting on his way to school, instilled in Baird a desire to “create jobs for disconnected Black and brown people” so they would never feel the hopelessness and lack of opportunity that fosters cycles of violence.
Some time after the shooting, Baird’s family relocated from Brooklyn to Stone Mountain, Georgia, and after graduating from Duke University, Baird became a climate activist and community organizer, with a focus on green jobs. That led to a role in the presidential campaign for Barack Obama and an offer to work in Washington on Obama’s staff.
Baird declined the opportunity, but did take on a role reaching out to communities and unions to help implement the first stimulus package that Obama and Biden put together to promote green jobs.
And it was while watching the benefits of that stimulus collapse under the weight of a fragmented building industry that Baird came up with the idea for BlocPower.
“It was all about the implementation challenges that we ran into,” Baird said. “If you have ten buildings on a block in Oakland and they were all built by the same developer at the same time. If you rebuild those buildings and you retrofit all of those buildings, in five of those buildings you’re going to trap carbon monoxide in and kill everybody and in the other five buildings you’re going to have a reduction in emissions and energy savings.”
Before conducting any retrofits to capture energy savings (and health savings, but more on that later), Baird says developers need to figure out the potential for asbestos contamination in the building; understand the current heating, ventilation, and cooling systems that the building uses; and get an assessment of what actually needs to be done.
That’s the core problem that Baird says BlocPower solves. The company has developed software to analyze a building’s construction by creating a virtual twin based on blueprints and public records. Using that digital twin the company can identify what upgrades a building needs. Then the company taps lines of credit to work with building owners to manage the retrofits and capture the value of the energy savings and carbon offsets associated with the building upgrades.
For BlocPower to work, the financing piece is just as important as the software. Without getting banks to sign off on loans to make the upgrades, all of those dollars from the federal government remain locked up. “That’s why the $7 billion earmarked for investment in green buildings did not work,” Baird said. “At BlocPower our view is that we could build software to simulate using government records… we could simulate enough about the mechanicals, electrical, and plumbing across buildings in NYC so that we could avoid that cost.”
Along with co-founder Morris Cox, Baird built BlocPower while at Columbia University’s business school so that he could solve the technical problems and overcome the hurdles for community financing of renewable retrofit projects.
Right before his graduation, in 2014, the company had applied for a contract to do energy efficiency retrofits and was set to receive financing from the Department of Energy. The finalists had to go down to the White House and pitch the President. That pitch was scheduled for the same day as a key final exam for one of Baird’s Columbia classes, which the professor said was mandatory. Baird skipped the test and won the pitch, but failed the class.
After that it was off to Silicon Valley to pitch the business. Baird met with 200 or more investors who rejected his pitch. Many of these investors had been burned in the first cleantech bubble or had witnessed the fiery conflagrations that engulfed firms that did back cleantech businesses and swore they’d never make the same mistakes.
That was the initial position at Andreessen Horowitz when Baird pitched them, he said. “When I went to Andreessen Horowitz, they said ‘Our policy is no cleantech whatsoever. You need to figure out how software is going to eat up this energy efficiency market’,” Baird recalled.
Working with Mitch Kapor, an investor and advisor, Baird worked on the pitch and got Kapor to talk to Ben Horowitz. Both men agreed to invest and BlocPower was off to the races.
The company has completed retrofits in over 1,000 buildings since its launch, Baird said, mainly to prove out its thesis. Now, with the revolving credit facility in hand, BlocPower can take bigger bites out of the market. That includes a contract with utility companies in New York that will pay $30 million if the company can complete its retrofits and verify the energy savings from that work.
There are also early projects underway in Oakland and Chicago, Baird said.
Building retrofits do more than just provide energy savings, as Goldman Sachs managing director Margaret Anadu noted in a statement.
“BlocPower is proving that it is possible to have commercial solutions that improve public health in underserved communities, create quality jobs and lower carbon emissions,” Anadu said. “We are so proud to have supported Donnel and his team…through both equity and debt capital to further expand their reach.”
These benefits also have potential additional revenue streams associated with them that BlocPower can also capture, according to investor and director, Mitch Kapor.
“There are significant linkages that are known between buildings and pollution that are a public health issue. In a number of geographies community hospitals are under a mandate to improve health outcomes and BlocPower can get paid from health outcomes associated with the reduction in carbon. That could be a new revenue stream and a financing mechanism,” Kapor said. “There’s a lot of work to be done in essentially taking the value creation engine they have and figuring out where to bring it and which other engines they need to have to have the maximum social impact.”
Social impact is something that both Kapor and Baird talk about extensively and Baird sees the creation of green jobs as an engine for social justice — and one that can reunite a lot of working class voters whose alliances were fractured by the previous administration. Baird also believes that putting people to work is the best argument for climate change policies that have met with resistance among many union workers.
“We will not be able to pass shit unless workers and people of color are on board to force the U.S. senate to pass climate change policy,” Baird said. “We have to pass the legislation that’s going to facilitate green infrastructure in a massive way.”
He pointed to the project in Oakland as an example of how climate policies can create jobs and incentivize political action.
“In Oakland we’re doing a pilot project in 12 low income buildings in oakland. I sent them $20K to train these workers from local people of color in Oakland… they are being put to work in Oakland,” Baird said. “That’s the model for how this gets built. So now we need them to call Chuck Shumer to push him to the left on green building legislation.”
