Trump Family Connection Raises Questions For Tech Investor Josh Kushner

Donald Trump, Ivanka Trump, and her husband Jared Kushner (right)

Rick Friedman / Getty Images

For months Josh Kushner’s relationship to Donald Trump’s presidential campaign was an open question in startup circles. But this week the notoriously press-averse venture capitalist finally gave them an answer: Kushner — whose firm, Thrive Capital, has backed companies like Instagram, Slack, ClassPass, and Warby Parker — won’t be voting for Donald Trump, according to a recent Esquire profile of his brother Jared, husband to Ivanka Trump and “de facto campaign manager” to her father.

A spokesperson for the tech investor told BuzzFeed News: “Josh is a lifelong Democrat, but has remained silent during the election out of respect for his brother. His family means everything to him.”

And a source with knowledge of the fund said, “Neither Mr. Trump nor anyone in the Trump family is an investor in Thrive.”

These are not outright disavowals of Trump’s policies, but for an industry increasingly vocal in its antipathy for the Republican presidential nominee, they may have to suffice. And this leaves Kushner in an awkward position in Silicon Valley, where coming out against Trump has practically become a litmus test, and where just last month, 145 tech industry leaders signed an open letter condemning Trump.

Under ordinary circumstances, tech industry titans can stay on the sidelines, but Trump poses an extraordinary political threat, Sam Altman, president of Y Combinator, a prestigious Silicon Valley incubator, told BuzzFeed News.

“Everyone has to make a personal decision. I personally think, in this case, there is a moral imperative to take a side,” he said. “There’s such a clear cut decision between right versus wrong.”

Altman, who has supported some Republicans in the past, is also linked to high-profile tech startups, including Reddit, Instacart, Airbnb, and Dropbox, either through personal investment or through Y Combinator. In June he wrote a blog post calling Trump a demagogue and comparing the Republican presidential nominee to Hitler.

“I personally think, in this case, there is a moral imperative to take a side”

Altman said he liked Josh Kushner during the few times that the two investors have met.

“It’s always hard to have strong opinion [without] knowing someone’s full context and life,” Altman said in response to a question about whether Kushner should be more vocal about not supporting Trump, “but I will say in general I think people should be should be doing more and not less in this election.”

“Look I think that in a normal election there’s a long precedence for business leaders not taking a side for a lot of good reasons, but in this particular election,” Altman emphasized, “it’s in conflict with a very real chance of something happening that many people feel goes against everything they believe.”

Andy Weissman, a managing partner at Union Square Ventures who routinely communicates with Kushner about tech deals, not politics, said the current election has put startup financiers in an unprecedented situation.

“VCs are so weird — you’re just an investor, you’re not a political activist, you don’t have a political take one way or another,” Weissman said, “but some VCs are definitely becoming more active and vocal, and more are thinking [about whether they should take a stand].”

Joshua Kushner (right) and his girlfriend, supermodel Karlie Kloss

Alo Ceballos / GC Images

Sources who requested anonymity speculated to BuzzFeed News that the Trump connection was affecting Thrive's deal flow among startup founders who overwhelmingly oppose Trump. One investor mentioned a young company seeking funding who crossed Thrive off its list. But Kushner’s relationship with Trump doesn’t seem to have impacted Thrive Capital’s ability to close deals, based on the public track record. A month ago, Thrive announced that it had raised $700 million for its fifth fund, almost double the $400 million fund the firm raised in 2014. (Thrive launched in 2010 with a smaller $10 million.) In February, Oscar Health, the health insurance startup cofounded by Kushner, announced a $400 million investment from Fidelity

Stewart Butterfield, the CEO of Slack, arguably the hottest company in Thrive’s investment portfolio right now, said that Kushner’s connection to the presidential campaign was not a concern.

“Josh has always struck me as a genuine, thoughtful, and intellectually curious person,” he said in an email to BuzzFeed News. “It never even occurred to me that he would support Trump. I have a lot of sympathy for his position though. Family is complicated.” (Butterfield’s father was a military deserter who fled to Canada during the Vietnam War.)

“Family is complicated.”

Prior to the Esquire article, the only way for outsiders to parse Josh’s position on Trump was to look at his Twitter history, including favoriting Butterfield’s anti-Trump and pro-Obama tweets and recently retweeting President Obama and Vice President Joe Biden.

Chris Sacca, a well-known investor in Uber and Twitter who bundled money for Obama, has been unrelenting in his censure of Trump. In his view, speaking out is easier for this strata of the tech industry.

“Most investors don&039;t have a boss to offend and are already living pretty comfortably,” he said in an email to BuzzFeed News.” [Therefore] investors have a higher responsibility than most to speak up and take advantage of their relative immunity from the public blowback that otherwise might impact the rank and file or those workers and students living check to check who dare take a public stand.”

Sacca said Kushner was “a very thoughtful and progressive guy,” and he admired him for “making clear that, despite what must be enormous family pressure to do so, he is not supporting Trump.” Without Kushner’s clarification about his voting preference, Sacca said the Trump connection might have affected Thrive directly. “For example, Peter Thiel&039;s speech at the RNC certainly didn&039;t help his Silicon Valley dealflow.”

Quelle: <a href="Trump Family Connection Raises Questions For Tech Investor Josh Kushner“>BuzzFeed

Facebook’s New App Is All About Getting Teens To Share Videos Of Themselves

Facebook is introducing a stand-alone, camera-first app that it hopes will spur teens to share short video about themselves. Sound familiar?

The app, called Lifestage, is not a Snapchat clone; it does not support messaging, a key Snapchat feature, and Facebook says it&#039;s not planning to change that any time soon. But after Facebook copied Snapchat twice in the past month — with Instagram Stories and its new video composer experiment — the similarities between the two are bound to raise some eyebrows.

Both apps are camera-first (meaning the start screen is a camera), both feature fun overlay filters, both encourage video sharing, and both are designed to appeal to teens.

Lifestage is essentially a reimagined version of the early Facebook profile with short videos replacing photos and written descriptions. Instead of a Facebook profile picture, Lifestage features profile videos showcasing your happy face, angry face, laughing face, and sad face. Instead of the traditional set of textual Facebook likes, Lifestage will feature videos of things you like.

Michael Sayman, the 19-year-old Facebook product manager behind Lifestage, told BuzzFeed News that he wanted to create what the old Facebook experience would look like if it were to be built from scratch today. The app opens up with a camera screen, a key Snapchat similarity that Facebook admits is a more natural starting point for people looking to share video, which the company believes will soon become its primary content type.

Though Facebook is now a $350 billion company with 1.7 billion monthly active users, that evolution has dulled some elements that drove its early success. Original sharing, for instance, is declining on its platform. These days, the goofy candids and personal posts that defined Facebook&039;s first iteration are increasingly crowded out by posts from brands, celebrities, and professional media outlets. In June, Facebook changed its News Feed algorithm to emphasize stories from friends and family, a clear move to restore balance and a throwback to its early days. Lifestage is geared to bring back some of that early magic too.

Facebook is pitching Lifestage at high schoolers: When 20 or more students from the same school register for the app, they&039;ll be able to start browsing through their classmates&039; profiles. The app, which debuts today, will initially be available only in the United States and on Apple&039;s iOS platform.

While Facebook has released a number of stand-alone apps, only one has truly succeeded at market — Facebook Messenger, which debuted as a forced download for existing Facebook users. Meanwhile, the poor performance of experimental apps like Slingshot, Riff, Rooms, and a disappointing Snapchat clone called Poke led Facebook to shut down the Creative Labs division responsible for making them last year.

So launching an app like Lifestage after a string of stand-alone app failures seems a daunting prospect indeed. But creator Sayman is confident the app&039;s camera-first design will resonate with its intended audience. And if it doesn&039;t make a huge splash, there&039;s always version 2. “More than anything, I&039;m really curious to see what will happen and how will people react to this kind of experience,” he said. “It&039;s really an exploration of that [camera-first] world.”

Quelle: <a href="Facebook’s New App Is All About Getting Teens To Share Videos Of Themselves“>BuzzFeed

Instagram's Stories Is An Example Of Tech's Disgusting Anti-Lefty Bias

TBH, I think Instagram&#039;s new Snapchat-clone feature, “Stories”, is pretty good. There was a little bit of skepticism at first, but now that it&039;s been out for two weeks, people seem pretty into it. It&039;s fun to see people use Instagram in a more loose way without the pressure of feeling like you have to pick the perfect image for your feed. And Instagram has a big advantage for me over Snapchat stories: I follow way more people on Instagram already, so its stories are more fun since it&039;s a weird mix of people: celebrities, friends, randos, weird funny accounts.

But there is one thing that is FAR FAR FAR inferior to Snapchat:

It sucks for lefties.

I&039;ll explain: One of the cool features on Instagram stories is that you can easily go “back” to re-watch the previous person&039;s story as you&039;re tapping through. Snapchat doesn&039;t let you re-watch as easily – you have to go back to the homescreen and pick out the person you want to see again.

This maneuver is accomplished by tapping on the left-hand side of the screen. Left side tap means back, right side tap means forward.

A lefty tends to tap on the left side, which is “BACK”:

And herein lies the problem. If you&039;re a lefty, you&039;re more likely to be holding the phone in your left hand, tapping with your left thumb.

Since the left thumb is naturally closer to the left edge, you&039;re used to doing most general scrolling or tapping on the left edge. This means that you&039;re constantly accidentally hitting “back” and having to re-watch stories you don&039;t want to see again. If you want to go forward, you have to stretch your thumb across the screen, obscuring the visuals, or use another hand.

On Snapchat, you can only skip forward, but you can tap anywhere you please on the screen to skip ahead — no problem for lefties.

Silver pencil hand: the lefty&039;s curse in life.

Plenty of everyday objects have been inconvenient for the 1 out of 9 of the population who are lefties: can openers, spiral notebooks, school desks, scissors. We&039;ve learned to adapt (maybe that&039;s why we&039;re so much smarter).

Technological devices have added a new layer of inconvenience. Basic things like computer mice are designed for righties. Certain devices have their own built-in bias: Kindle Paperwhite wants you to “turn” the page by tapping on the right side of the screen (left is “back”). Only older models are ambidextrous page turners. I mean, it&039;s FINE, you can still turn a page, but it&039;s far less comfortable and convenient for someone who wants to mostly hold the device in their left hand.

And the Kindle app for iPad also has the same page-turning bias:

Look, it&039;s not like lefties can&039;t use Instagram. This isn&039;t life threatening or dangerous or anything like that. Accidentally hitting “back” a few times while thumbing through your friends&039; pics isn&039;t the worst thing in the world.

But left-handed people account for 1 out of 9 of us&#033; For a service like Instagram with an estimated 500 million users, that means something like 55 million lefties are now accidentally bonking the “back” button on Stories.

Product designers and user interface designers should be considering left-handed users when they&039;re designing these new features.

Listen up, Instagram: we demand lefty rights&033;

Quelle: <a href="Instagram&039;s Stories Is An Example Of Tech&039;s Disgusting Anti-Lefty Bias“>BuzzFeed

Chatbots Have Yet To Live Up To Hype, Says Kik CEO

The bot revolution isn’t exactly taking off as planned, and that could mean trouble for the social businesses betting on it.

In a Medium post published earlier this week, Ted Livingston, CEO of messaging app Kik, looked back on the four months since his company and Facebook Messenger introduced chatbot platforms, and conceded they were off to a disappointing start. “So far, there has been no killer bot,” he wrote. “This is not yet the world that the early hype promised.”

For anyone who’s suffered through a stilted chatbot interaction, Livingston’s sigh of disappointment will hardly come as a surprise. What is surprising is that it&#039;s being made publicly — by the leader of a prominent company that&039;s placed a big bet on chatbots. Livingston does note that he&039;s still bullish on bots. But that seems a caveat to a longer expression of uncertainty. It&039;s clear that if the chatbot experiment continues along its current low-altitude trajectory, it could cause some headaches — especially for Facebook, it&039;s biggest proponent.

Original sharing is declining on Facebook, per reports, and the company is seeing more action in its messaging apps, making them, and bots by extension, more critical to its ambitions. “A lot of people want to share messages privately, one-on-one or with very small groups,” Mark Zuckerberg said in an April earnings call. Given this, Facebook will likely need to get more revenue out of Messenger and WhatsApp in order to keep growing at the same pace — especially since its main platform’s ad load is nearing capacity.

That’s where bots are supposed to come in. On Facebook proper, the company connects advertisers with their customers via ads that take them to the advertisers’ websites, or show them a video on Facebook itself. On Messenger, the company plans to connect advertisers with their customers via Sponsored Messages that take them to the advertisers’ bots. If people don’t want to use bots, though, advertisers won’t want to shell out cash to promote them.

“I think there’s opportunity,” said Jess Bahr, director of paid promotion and strategy at SocialFlow, a social media management software company. But she said she sees more value in an engaged user. “It’s almost like a more qualified audience.”

Still only four months in, it’s too early to write bots off. And now the platforms are starting to learn and adjust. As Livingston pointed out, maybe the “chat” part of the chatbot needs to be rethought. “Part of the misfire with the conversational aspect of bots has to do with the fact that natural language processing and artificial intelligence are not yet accomplished at managing human-like conversations,” he said. Tapping through interactions, as users of China-based WeChat’s users do, could be one alternative.

Asked if they would continue to invest in the bots, early Facebook Messenger partners 1-800-FLOWERS.com and Poncho (a weather bot) said they would. And Kik investor Fred Wilson wrote in a blog post Wednesday that he still believes in bots too. “The hype phase is over and we are now into the figuring it out phase,” he said. “That’s usually when interesting stuff starts to happen.”

For Facebook and its ilk, it’s important that he’s right.

Quelle: <a href="Chatbots Have Yet To Live Up To Hype, Says Kik CEO“>BuzzFeed

Judge Rejects Uber’s $100 Million Settlement For Being “Not Fair” To Drivers

An Uber driver in San Francisco, California on May 7, 2015.

Robert Galbraith / Reuters

A federal judge has rejected an up to $100 million settlement Uber had agreed to pay to two class action lawsuits from drivers who argued they should be classified as employees rather than independent contractors, calling it “not fair, adequate, and reasonable.”

The drivers had argued they should be entitled to benefits like reimbursement for expenses such as gas while driving for Uber. The settlement, which would have allowed Uber to continue classifying drivers as independent contractors, would have left some of the about 385,000 Uber drivers in California and Massachusetts with as little as $10 each in settlements.

A sticking point for US District Judge Edward Chen was how part of the settlement would resolve an estimated potential $1 billion in liabilities drivers could sue for under California’s Labor Code Private Attorneys General Act (also known as PAGA), for only $1 million.

“The settlement, mutually agreed by both sides, was fair and reasonable,” Uber said in a statement. “We’re disappointed in this decision and are taking a look at our options.”

Shannon Liss-Riordan, the drivers’ attorney, did not immediately return a request for comment from BuzzFeed News. The lead plaintiff in the case called the settlement “disastrous” in early May and dismissed Liss-Riordan as his lawyer. Following outcry from other class members over their disappointment in the terms of the settlement, Liss-Riordan offered to reduce her own fee by $10 million, leaving her firm with between $11 million and $15 million. (The settlement offered $84 million to drivers, plus an extra $16 million if Uber were to go public.)

Earlier today, Uber said it was preparing to launch a pilot program in Pittsburgh for passengers to hail autonomous vehicles – a move that will eventually remove drivers from the equation entirely. For now, the 100 autonomous Volvos will still have humans in the driver’s seat.

Bloomberg also reported that the rejection of the settlement opens the class up to “substantial risk” regarding arbitration clauses signed by some drivers. “This risk would have the effect of substantially altering – if not effectively terminating – the class action in this Court,” US District Court Judge Edward Chen wrote.

“The drivers are in a holding pattern for now, while we see whether Uber will return to the settlement table or not,” Seattle University labor law professor Charlotte Garden told BuzzFeed News. “If not, and if the arbitration issue goes badly, then most drivers will be left to individually arbitrate their claims.” If that happens and the class is disbanded, Garden said it’s “unrealistic” that many drivers would pursue individual arbitration. That would be a win for Uber.

As part of the settlement, Uber had also agreed to clarify its tipping policy by allowing drivers to place signs in their cars noting that tips are not included. The judge was “not convinced” making the tipping policy clearer would actually substantially increase drivers’ income, according to a court filing, particularly because Uber has “actively discouraged tipping, arguing that it is inconsistent with its business model, drivers’ interests, and a positive rider experience.”

Last month, Uber argued in federal court that two subpoenas from the National Labor Relations Board — which is investigating the company’s labor practices — should be stayed, because this class action settlement would have resulted in the withdrawal of the underlying charges of the NLRB&#039;s case. Now, however, that settlement has been rejected, so Uber’s argument against the subpoenas is moot. In March, Uber was accused of impeding the NLRB’s ongoing probe into drivers’ employment status.

Uber has in recent months added several measures to placate drivers, including expanding a fee for passengers who make drivers wait longer than two minutes, and giving drivers the ability to cash out instantly whenever they wish.

Quelle: <a href="Judge Rejects Uber’s 0 Million Settlement For Being “Not Fair” To Drivers“>BuzzFeed

Twitter Announces Tools That Seem Intended To Curb Harassment

Twitter

Today, Twitter announced two product features that seem intended to help users handle abuse on the platform.

The features come one week after BuzzFeed News reported on Twitter&#039;s decade-long problem with harassment, thanks to what company insiders past and present describe as inaction and organizational disarray.

In a company blog post, Twitter revealed it will begin rolling out a setting that will allow users to limit notifications on desktop and mobile to only the accounts they follow. Alongside this feature, the company is also introducing a quality filter. Here&039;s how Twitter describes this new setting:

The filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior. Turning it on filters lower-quality content, like duplicate Tweets or content that appears to be automated, from your notifications and other parts of your Twitter experience. It does not filter content from people you follow or accounts you’ve recently interacted with – and depending on your preferences, you can turn it on or off in your notifications settings.

Both of these features are similar to the quality filter and notifications settings that have been available to verified users for a while now. The update is an attempt to standardize the experience between verified and non-verified accounts.

While the quality filter seems to be designed to stop spammers and pop-up troll accounts, it is unclear how effective the filter will be at ending targeted harassment at an individual by non-spam actors. The features also only seem to address harassment by limiting what users will see in their feeds when they&039;re logged on. The settings don’t appear to prevent someone from tweeting abusive things. As of now, there appear to be no changes to Twitter&039;s abuse reporting system or any plans to address how Twitter responds to abuse.

Quelle: <a href="Twitter Announces Tools That Seem Intended To Curb Harassment“>BuzzFeed

Uber Is Putting A Bunch Of Self-Driving Volvos On The Road In Pittsburgh

Vcg / Getty Images

Uber is making moves in its effort to to bring autonomous vehicles to the ride-hail industry. Later this month, the $66 billion startup will dispatch a fleet of self-driving “custom Volvo XC90s” on the road in Pittsburgh, Bloomberg reports.

Humans will monitor the autonomous Uber vehicles from the drivers&#039; seat, and rides will be free, to start out.

Uber started testing self-driving Ford Fusion cars in Pittsburgh in May of this year, out of its Pittsburgh Advanced Technologies Center, and has long held ambitions for building an autonomous fleet — a source of anxiety for the hundreds of thousands of drivers who rely on the company for income.

Uber also announced that it just bought Otto, a San Francisco-based company that launched in May 2016 with the goal of automating commercial trucking.

CEO Travis Kalanick introduced the news in a blog post Thursday morning, but declined to share how much the ex-Googler founded company cost him, though sources told Bloomberg it amounts to 1% of Uber&039;s latest valuation.

Otto founder Anthony Levandowski first met Kalanick while he was at Google, where he was a key part of the company’s autonomous car team before decamping in January 2016. “Together,” Kalanick wrote, “we now have one of the strongest autonomous engineering groups in the world.”

The founders of Otto said when the company launched that their goal was to make commercial trucking safer. Recently, an autonomous Tesla vehicle was involved with a fatal car crash, a high-profile accident that&039;s been seen as a setback for the self-driving vehicle industry.

In his blog post, Kalanick also announced that Uber will be partnering in a non-exclusive, $300 million deal with Volvo develop to an autonomous car together, citing Volvo&039;s safety record and the fact that “Uber has no experience making cars.”

Kalanick argues that, because Uber controls “the data and intelligence that comes from doing 1.2 billion miles on the road every month,” it has an advantage over competitors, which include Google and Tesla.

Many auto and ride-hail companies have partnered in their efforts to get self-driving cars on the road — for example, General Motors and Lyft. Earlier this week, Ford announced plans for an autonomous ride-hail fleet that it plans to put on the road by 2021. And Uber also announced a different strategic partnership with Toyota in May to advance autonomous car research.

Quelle: <a href="Uber Is Putting A Bunch Of Self-Driving Volvos On The Road In Pittsburgh“>BuzzFeed

Help Us Understand How Twitter Responds To Harassment

Ariel Davis / BuzzFeed News

Over the past decade Twitter has not just tolerated abuse and hate speech, it’s virtually been optimized to accommodate it. As BuzzFeed News reported last week, harassment on Twitter is rampant thanks to what company insiders past and present describe as inaction and organizational disarray.

We&#039;re going to continue reporting on this issue and as part of that effort we&039;d like your help. We&039;ve created a survey intended to inform our understanding of how Twitter deals with abuse reports. It&039;s short and not all that different from the form you’d file to Twitter to report abuse. The information you provide will be kept confidential, unless you say otherwise.

You&039;ll find the survey here.

Thanks for your help.

Quelle: <a href="Help Us Understand How Twitter Responds To Harassment“>BuzzFeed

Why Silicon Valley Is Turning To An Exclusive Group Of Hackers To Fix Its Code

User:Colin / Wikimedia Commons / CC BY-SA 4.0 / Via commons.wikimedia.org

Like outgunned sheriffs in the Wild West, organizations from tech giants to government agencies have turned in recent years to bounty hunters to keep themselves safe. These mercenaries are hackers and security researchers, who companies pay to find and disclose flaws in their software and devices. The increasingly accepted practice is called the “bug bounty” system, and it gives hackers a legitimate way to reap rewards for making tech safer without going rogue. Still, the process can be daunting — how can companies strike the right balance between throwing their products open to hacking and keeping tight control over their security practices?

Traditional bug bounty programs, like those run by Microsoft, Twitter, and dozens of other organizations, are open to the public, meaning that anyone can warn about security flaws they think they&#039;ve found. But these public bug bounties often incentivize too much, generating scores of redundant bugs that may or may not pertain to actually harmful vulnerabilities. These can overwhelm companies that aren&039;t set up to handle them. And when companies aren&039;t ready to handle an influx of bug reports, they can overlook or have a delayed response to serious security vulnerabilities.

To deal with the problem, some organizations have decided to make their bug bounty programs private, meaning only certain hackers and researchers can submit bugs. This helps organizations build up to a public program over time by controlling the quality and frequency of submissions. Apple signaled the perks of private bounties when it announced its first ever, private bug bounty program last week at the hacker conference DefCon. LinkedIn, Tor, and a host of other entities are also keeping their programs closed, at least for now. According to BugCrowd, a company that runs bug bounties for clients, 63% of all its programs have started private, a proportion that is growing. HackerOne, a competitor, recommends private programs to all its customers.

“Inviting the world to submit can be an overwhelming and scary process,” said Jonathan Cran, VP of operations at BugCrowd. “It makes sense for companies to start with trusted folks.”

And trust is a big issue. One of the reasons bug bounty programs took so long to catch on after Netscape ran the first one in 1995 was the perception that these programs attracted the attention of malicious hackers. So not surprisingly, most organizations start their private bug bounties with a group of security researchers whom they already have a relationship with. That&039;s how Apple&039;s program, which starts in September, will work. According to Cran, the starting pool in a private program is generally between 50 and 100 researchers, though he has seen programs launching with a few as two. In addition to ensuring a manageable stream of germane reports, starting small helps companies get an overall picture of where potential exploits are. It&039;s a way for corporations doing bounties for the first time to dip their toes in the water before going public.

“You&039;re going to find out you&039;re more secure in some areas than you thought and less secure in others” said Alex Rice, CTO and cofounder of Hackerone. “There may be things you’re completely unaware of, like vulnerabilities in unmaintained code.” Determining where and how prevalent these problems are, according to Rice, helps companies set competitive prices, and standardize how quickly they deal with bug reports (which is sometimes a source of tension in big bug bounty programs).

The Complications of Closing Off Your Bounties

Some have argued, though, that such programs signal to hackers that they have a limited amount of time to find and sell exploits on the lucrative private market. In other words, that they encourage malicious hackers to find all the exploits they can before the program is opened up to the bug-hunting public.

“Every one you’re fixing, you’re erasing the value of one in the black market,” said Rice. Less than a week after Apple&039;s announcement, a private security firm offered $500,000 — twice the size of the biggest bounty in Apple&039;s program — for iOS Zero Day exploits. (Though, enormous sums for iOS Zero Days are nothing new.)

Another complication for private programs is that they have the potential to alienate researchers. One of the main benefits of bug bounty programs is incentivizing people with the skill to hack corporations and governments to use those talents for good. Though many companies, including Apple, would likely accept a valid vulnerability report from a hacker outside its private bug bounty, such a hacker may not think to submit it to a private program in the first place.

However, most private bounty programs plan to eventually expand to be more public, which Apple says it will eventually do. Rice said HackerOne programs have stayed private from three days to three years, though they typically last around three months. Cran says BugCrowd recommends six months for most clients. Indeed, in an ideal world, the announcement of a high-profile private program such as Apple&039;s signals to hackers that a company is, according to Cran, “eventually going to pay for things,” and a cue to “rip open an iOS device and test,” even if the program is at first closed.

“Everyone assumes private programs have hard restrictions,” said Katie Moussouris, a security consultant who created Microsoft&039;s first bug bounty and more recently advised the Department of Defense on its Hack the Pentagon program. “But it&039;s more of a perception problem than an access problem. One of the biggest issues is simply confusion over how to get invited to an initially private program.”

And getting in early matters. Sean “meals” Melia is the top-ranked hacker on HackerOne&039;s all-time leaderboard by its proprietary “reputation” metric. He makes more money on bounties than he does at his day job at a security firm — “And I make good money at my regular job,” he told BuzzFeed News. But even Melia, the very picture of a trusted hacker, wasn&039;t invited to a recent, major private bounty until nearly a year after it launched.

By the time Melia gained access, “people had already gone through and picked off a lot of the low hanging fruit,” he said. “I was pretty bummed. It&039;s disheartening to see people with low reputation or who are new to the platform were invited before me.” It&039;s easy to imagine a disheartened hacker, left out of a bounty program like Apple&039;s, turning to the private market.

Still, as private bug bounty advocates are quick to point out, companies have always had private bug testing that left out the vast majority of hackers. Even if they&039;re private, the growing number of bug bounties are a sign that even the most cautious organizations, from Apple to the American government, have realized that they — that everyone — needs the participation of the greater cybersecurity community to make their systems and products as secure as possible.

“Traditionally people didn’t talk about the fact they had a private program at all,” said Moussouris, who consulted with Apple prior to the announcement of its program. “This is a shift in thinking. It&039;s also saying to the world, we&039;re open to this concept, but we are also going to learn as we go through this process.”

Quelle: <a href="Why Silicon Valley Is Turning To An Exclusive Group Of Hackers To Fix Its Code“>BuzzFeed