Facebook hires Apple veteran to lead virtual reality hardware efforts at Oculus

Facebook CEO Mark Zuckerberg wants the company to own the future of virtual reality, and in the short term that means putting a lot of VR headsets on a lot of faces. Even for a company with nearly 2 billion monthly active users, hardware is still an incredibly difficult beast to master. To do so, the company is hiring Michael Hillman, a 15-year veteran of Apple, to lead the VR product roadmap for Oculus as head of VR hardware.

An Oculus spokesperson tells Bloomberg that Hillman will work closely alongside Oculus COO Hans Hartmann in his role.

The organizational structure at Oculus has grown increasingly peculiar over the past few months, with the virtual reality company growing much closer to its parent company Facebook. In December, co-founder Brendan Iribe stepped down as CEO to lead the PC-based VR division. Unlike other siloed Facebook products, such as Instagram, Oculus will soon report directly to an executive in Zuck’s inner circle, the recently hired Hugo Barra, joining from Xiaomi to lead VR efforts.Hillman worked in senior engineering and design roles at Apple where he worked on products like the iMac. According to his LinkedIn, Hillman spent his final four years at Apple working in a confidential hardware role. Hillman is listed as an inventor on a number of Apple patents related to displays and battery technologies. Hillman left Apple in 2015, later joining Zoox, an autonomous vehicle startup.

 Hillman adds another degree of separation between Facebook’s top brass and the original Oculus co-founders, a group that has recently been divided into organizationally separate mobile and PC-based hardware teams. While former Oculus CTO John Carmack and Chief Software Architect Michael Antonov are now working on the mobile team’s software advances, Iribe and former VP of Product Nate Mitchell are separately leading efforts on the PC-based Rift hardware.

With Hillman coming aboard as head of VR hardware, it’s worth noting that Oculus has already shown prototypes that look beyond its current Mobile/PC-based org structure. At the company’s OC3 developer’s conference late last year, Oculus gave press previews of “Santa Cruz,” its wirelessly tracked all-in-one prototype headset. An Oculus executive told TechCrunch that the company’s standalone headset was being developed under a separate team outside of the PC-based hardware division.

The company’s current flagship virtual reality device, the Oculus Rift headset, was released one year ago with more than a healthy amount of delays caused by manufacturing issues, something that caused quite a bit of anger among early adopters who were already upset by the headset’s higher-than-expected $599 price tag. The company released its Touch motion controllers for the Rift in December and last month slashed the prices of both the controllers and headset by $100.

Google is fighting with Symantec over encrypting the internet

Google, which has accused Symantec and its partners of misissuing tens of thousands of certificates for encrypted web connections, quietly announced Thursday that it’s downgrading the level and length of trust Chrome will place in certificates issued by Symantec.

Encrypted web connections — HTTPS connections like those on banking sites, login pages or news sites like this one — are enabled by Certificate Authorities, which verify the identity of the website owner and issue them a certificate authenticating that they are who they say they are. Think of a Certificate Authority like a passport agency and the certificates they issue like passports. Without the CA’s authentication of a website owner’s identity, users can’t trust that the site on the other end of their HTTPS connection is really their bank.

Symantec is a giant in the world of CAs — its certificates vouched for about 30 percent of the web in 2015. But Google claims that Symantec hasn’t been taking its responsibilities seriously and has issued at least 30,000 certificates without properly verifying the websites that received them. It’s a serious allegation that undermines the trust users can place in the encrypted web, and Google says it will begin the process of distrusting Symantec certificates in its Chrome browser. Symantec lashed out at Google’s claims, calling them “irresponsible” and “exaggerated and misleading.”

“Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years,” Google software engineer Ryan Sleevi wrote in a forum post outlining the case against Symantec. “This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.”

To remedy the situation, Sleevi said that Chrome would reduce the length of time the browser trusts a Symantec-issued certificate and, over time, would require sites to replace old Symantec certificates with newer, trusted ones.

Sleevi said that Symantec’s behavior failed to meet the baseline requirements for a Certificate Authority, creating what he called “significant risk for Google Chrome users.” He added:

Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them.

These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared.

Chrome’s spat with Symantec stretches back over more than a year. In October 2015, Google discovered that Symantec has misissued certificates for Google itself and for Opera Software.

Symantec investigated the issue and claimed that all of the misissued certificates had been issued as part of routine testing. “Our investigation uncovered no evidence of malicious intent, nor harm to anyone,” Symantec said at the time.

Symantec pushed back on Google’s current allegations Friday, saying that Google had singled out Symantec and had exaggerated the number of misissued certificates leading to the problem in the first place.

“Google’s statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading. For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates — not 30,000 — were identified as mis-issued, and they resulted in no consumer harm,” Symantec wrote in a blog post. “While all major CAs have experienced SSL/TLS certificate mis-issuance events, Google has singled out the Symantec Certificate Authority in its proposal even though the mis-issuance event identified in Google’s blog post involved several CAs.”

Google’s Sleevi said in another post that Symantec partnered with other CAs — CrossCert (Korea Electronic Certificate Authority), Certisign Certificatadora Digital, Certsuperior S. de R. L. de C.V., and Certisur S.A. — that did not follow proper verification procedures, which led to the misissuance of 30,000 certificates.

“Symantec has acknowledged they were actively aware of this for at least one party, failed to disclose this to root programs, and did not sever the relationship with this party,” he wrote. “At least 30,000 certificates were issued by these parties, with no independent way to assess the compliance of these parties to the expected standards. Further, these certificates cannot be technically identified or distinguished from certificates where Symantec performed the validation role.”

 While Google and Symantec continue their fight — Symantec said it is “open to discussing the matter with Google in an effort to resolve the situation” — website owners that use Symantec to verify their HTTPS connections will need to start taking steps to ensure Chrome users can access their sites without getting hit with security warnings.

Symantec has severed ties with the four firms associated with the misissued certificates, so Chrome will trust new Symantec certificates going forward — site owners just need to swap out their old certificates for new ones.

Here’s the schedule, according to Sleevi:

To balance the compatibility risks versus the security risks, we propose a gradual distrust of all existing Symantec-issued certificates, requiring that they be replaced over time with new, fully revalidated certificates, compliant with the current Baseline Requirements. This will be accomplished by gradually decreasing the ‘maximum age’ of Symantec-issued certificates over a series of releases, distrusting certificates whose validity period (the difference of notBefore to notAfter) exceeds the specified maximum.

Symantec, for its part, seems hopeful that Google will back off and not require any changes at all. “We want to reassure our customers and all consumers that they can continue to trust Symantec SSL/TLS certificates. Symantec will vigorously defend the safe and productive use of the Internet, including minimizing any potential disruption caused by the proposal in Google’s blog post,” the company said.

Insta360 Air brings affordable, easy 360 photo and video to Android phones

You can share 360-degree video and images in more places than ever before, but how to capture that content in the first place? Insta360 has built a bit of a name for itself creating relatively inexpensive add-ons for the smartphone you already have that’d the ability to use those devices to record and broadcast in 360. The $129.99 Insta360 Air is the company’s Android device accessory, and it’s a very hand addition to your photographic toolkit in a small package.

The Insta360 Air is a small sphere with either a USB-C or micro USB connector, depending on which version you buy, which will depend on what kind of Android smartphone you’re using it with. I was pairing it with a Google Pixel XL, which means I was using the USB-C version. The connector is hardwired into the ball itself, so make this choice wisely: you’ll have to buy another Insta360 Air if you ever switch connectors with a new device in the future.

Sticking with a dedicated connector means that the Air can be very simple in its design, usability and construction, however. It’s a hard plastic ball, which feels very solid and relatively rugged, and it comes with a soft silicone sheath that protects the lens elements on the two camera the Air uses to stick together its 360-degree photo. It’s a clever design for a case that takes up almost no additional space in your bad, and that also protects the cameras from bumps or shocks in case of a drop. Plus, it encloses the USB extension that sticks out of the spherical camera body, ensuring this won’t bend or get snapped off.

 The ball itself works once you insert the USB connector into your phone. It’ll prompt you to install the app from the Google Play store if you haven’t, but otherwise it’ll launch the software. This will invert the orientation of the display on your phone, so that the camera is pointing the right way up when you’re looking at the image preview on the screen.

Taking photos or shooting video with the Insta360 Air is as easy as shooting either with your smartphone’s built-in camera. It takes some getting used to at first, since obviously you’re not focusing on the same things that you’d be aiming for when trying to get the “right” shot. Interesting elevation, either holding the phone up high or down low, seems to produce good results. You can also set the key or starting frame after the fact, so you don’t need to think that much about what you’re currently pointing the camera “towards.”

 Pictures are easy to share via various social networks, including Instagram, but they especially shine on Facebook. The native 360-degree support on the social network means your photos will instantly work in the FB feeds of your friends, letting them navigate around the image by moving their phone around when viewing on mobile.

Image quality is good, too, as you can see from the embedded images above. You start to see the limits of the resolution, which Insta 360 says is “3K,” when you do things like view them in immersive VR via Google Photos in Daydream, for instance – but for viewing on desktop and mobile via embeds lie those found in this article, there’s plenty of detail and the quality looks excellent, especially given how much software is at work behind-the-scenes stitching the 180-degree images from the two cameras together and making sure the image doesn’t look wonky.


In short, the Insta360 Air, like the iOS-focused Insta360 Nano before it, is a great option for affordable, portable capture of surround imagery and video. Unlike the Nano, it lacks a standalone battery and so can’t work without a smartphone, but it has a new power: using a flexible USB cable included within, it can be used with a computer for tethered live-streaming, eliminating battery concerns and platform issues you might run into with a smartphone.

Basically, it’s a tool that adds a lot of flexibility to your photographic arsenal, and it definitely earned a permanent spot in my camera bag.

The SEC and DOJ just dropped their inquiries into Hampton Creek

The SEC and the Department of Justice, which had launched preliminary inquiries into the vegan food company Hampton Creek last summer, have officially closed their inquiries, according to founder and CEO Josh Tetrick. He informed the company’s 160-plus employees of the status change this morning in an email that you can find below.

Tetrick called the news “the expected result by our leadership, board and investors.”

Not everyone was so confident in a positive outcome after a two-part Bloomberg investigation attracted the government agencies’ attention. At the heart of Bloomberg’s findings was that Hampton Creek had executed on a campaign to buy back mass quantities of its eggless mayo product to artificially inflate demand and, potentially, dupe investors.

In reaction, the company hired one of the Big Four accounting firms to examine Bloomberg’s claims, which the board has said it had no knowledge of until contacted by Bloomberg’s reporters last fall.

A source close to the board told us at the time that if Tetrick and other managers were discovered to have been “buying back mayo solely for the purpose of juicing the numbers,” the board would be “livid.”

Whether they’re now patting Tetrick on the back instead isn’t yet known. One of the company’s few board members didn’t respond to a request for comment earlier. A request for comment from Tetrick also went unanswered.

The SEC’s decision may not come as a complete surprise to industry watchers. The commission is largely expected to spend less time focused on Silicon Valley under President Trump’s administration. In fact, his pick as SEC chair, Jay Clayton, told lawmakers during a nomination hearing yesterday he would like to pare back regulations on startups. (Former SEC  chair Mary Jo White felt rather differently about whether Silicon Valley needed more policing.)

But Hampton Creek has more to celebrate than the agencies’ decision. Perhaps even better news for the company are the conclusions of that Big Four accounting firm investigation, which were also just released.

What it found, says a source close to the investigation: that Hampton Creek ordered buybacks but that its related operations were far smaller than suggested in Bloomberg.

Here’s the discrepancy specifically: According to Bloomberg’s sources — which reportedly included a former accounting employee — Hampton Creek used several expense categories on its profit and loss statements to disguise buybacks, including one line item called “Inventory Consumed for Samples and Internal Testing.” Bloomberg further reported that over a five-month period in 2014, Hampton Creek expensed about $1.4 million under that category, compared with $1.9 million of net sales in the period. That’s almost 75 percent of net sales.

Per the newly released forensic review — which we’re told involved research into more than 60,000 transactions that included bank account data, transactions by current and former employees, and other legacy expense data — Hampton Creek expensed less than two percent of its net sales on buybacks over a much longer period that began in 2014 and ended the following year. The review also did not find evidence that  Hampton Creek had used several expense categories on its profit and loss statements to disguise buybacks.

 It’s worth noting that Hampton Creek has never denied buying back its own product from stores. Instead, it said last summer that the buybacks were partially for the purposes of quality control.

It’s also worth noting that Bloomberg’s sources consistently argued that this narrative is false, with some former contractors telling Bloomberg they were asked to impersonate teachers and caterers in calls to local stores to order more Just Mayo. They were also reportedly told they could discard product they purchased.

In the end, consumers will have to decide for themselves what to think. The same is true of investors, some of whom may decide that Hampton Creek has been treated unfairly, and some of whom may be harder to convince.

As investor Marc Andreessen tweeted last August in response to a Bloomberg report, “No comment on specific companies, but make no mistake: Buying your own product to inflate your reported revenue is fraud.”


Several months ago, some inaccurate reporting led to SEC and DOJ Inquiries. As of today, both agencies closed their inquiries with no finding of wrongdoing by our company or any of our team members. It was the expected result by our leadership, board, and investors.

We should all be proud of the great work we’ve done in the last few months, from the opening of 3 labs to significant new discoveries to passing incumbents at some of the biggest retailers in the world.

Online ticket marketplace Vivid Seats is looking to sell for $1.5 billion

Online secondary ticket marketplace Vivid Seats is looking for a buyer and they’re hoping to fetch a price of about $1.5 billion, TechCrunch has learned.

According to multiple sources, private equity firm Vista Equity Partners is working with Morgan Stanley to unload Vivid, which could net a tidy profit for the firm a little over a year after acquiring the business for about $850 million.

Vivid Seats might not have the same name recognition as Ticketmaster or StubHub, but the Chicago-based firm has been a force in selling seats at concerts, theaters and sports events. Founded in 2001, the company had grown to become the third-largest secondary ticket seller in the U.S. by the time it received its strategic investment from Vista early last year.

According to one source, tech companies like Amazon and Priceline had taken a look at Vivid Seats but decided not to acquire it. We also heard that eBay-owned StubHub is not interested.

Earlier this month, Bloomberg reported on its terminal that Vista was considering a sale “after receiving inbound interest,” but did not offer further detail.

 One challenge for Vivid is that it gets a large portion of its traffic from misleading affiliate sites. Customers are sometimes lured to a destination that’s not actually associated with the team or artist, a controversial practice within the industry.

It’s possible that Vivid Seats will not find a suitable strategic buyer and will sell to another private equity firm. One source mentioned Carlyle Group, but a different source suggested that would be unlikely because they own PrimeSport, a competitor in the space.

If Vivid can’t fetch its desired acquisition price, perhaps Vista will keep it in its portfolio until it grows its value.

When asked for comment, Vivid said “we don’t comment on industry rumors.”

Senators reintroduce a bill to improve cybersecurity in cars

Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut have reintroduced the Security and Privacy in Your Car (SPY Car) Act of 2017. They first introduced the bill, along with a similar bill for aircraft, during the last session.

The SPY Car Act places the onus for automotive cybersecurity and privacy standards on the shoulders of the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC). The law would require critical software systems — those required for operation of the vehicle — to be isolated from noncritical systems. And then those isolated systems should be tested for security.

It also addresses securing personal information, including all data “collected by the electronic systems that are built into motor vehicles,” against unauthorized access. If there is a hacking attempt, the SPY Car Act calls for all cars to be equipped with the ability to detect the breach, report it and stop it from taking over the vehicle or collecting driving data. If a manufacturer doesn’t include this capability, under the law it would be fined $5,000 per car that didn’t have security technology built in.

So far, the SPY Car Act seems like something we’d expect to see. But then Sens. Markey and Blumenthal take another step in requiring a “cyber dashboard.” This would tell the driver how far above and beyond the basic requirements a car company has gone to secure the onboard electronic systems via an “easy-to-understand, standardized graphic.” So some kind of scorecard would be placed where anyone could see it.

 But wait, there’s more! The SPY Car Act also requires that every vehicle give “clear and conspicuous notice” to the driver about what driving data is being collected, if it’s being transmitted or saved, and how it’s being used. Once you know this, the law would require that manufacturers give you the right to opt out of data collection without interfering with your ability to use navigation tools. And that data can only be used for marketing to you if you choose to opt in.

The SPY Car Act does exempt black-box-type data collection. That basic data is still useful in the event of a crash, or to check the emissions history of a vehicle.

Vehicle tracking specialists Satrak Plant Security polled 2,000 people in the U.K. recently and found that 40 percent of respondents said hacking was a “fairly serious” concern, which echoes other polls of consumers’ attitudes toward automotive cybersecurity. Now that NHTSA has created guidelines for autonomous vehicles, maybe it can build on its best practices guidelines if the SPY Car Act is passed.

Parental control service “Circle with Disney” to help with distracted driving, social media, kids’ chores & more

Circle with Disney, a device that helps parents manage their home’s internet rules and restrictions, wants to be more than just a modern-day net nanny. Already, it had differentiated itself from competing software solutions, by offering a licensed selection of Disney content – like games, videos, trailers and more – to make its service more appealing. Today, it’s taking a step at becoming a more expansive “smart family” platform, through a series of integrations that let Circle work with services that reward kids for chores or meeting activity goals, those that limit distracted driving, those that filter social media, and more.

Amazon Alexa will also work with Circle, allowing parents to ask questions about their kid’s screen time usage. And kids can ask Alexa about their own time limits, as well.

The feature is called “Circle Connections,” but it’s not fully live at this time.

Instead, the company is the unveiling its larger roadmap of integrations planned for the upcoming year. Today, only the first integration – with FamilyTech apps – is actually available.

FamilyTech has a number of apps, including MotherShp, ChoreMonster, and Landra, which help kids earn rewards by performing chores around the house. With Circle, those rewards can now be added screen time or later bedtimes, at parents’ discretion.

Later this year, Circle will roll out more features to Circle Connections, including integrations with connected car service Automatic, automation assistant IFTTT, Misfit activity trackers, and social media filter Rakkoon.

Automatic’s integration is most interesting, as it allows Circle to extend its usefulness to households with older children – an area often overlooked by parental control apps today, which seem to focus more on protecting kids from adult content or limiting screen time.

With Automatic, parents will be able to filter distracting applications – like social media apps – from disturbing teen drivers when the car has started. Those restricted apps are then re-enabled when the car shuts off.

The Rakkoon integration, meanwhile, helps with teens and pre-teens, as it filters questionable content on social media, including Instagram, Facebook, Twitter and even iMessage. It will also alert parents for things like sexting and bullying.

Misfit will work to reward activity with screen time.

IFTTT’s integration, however, appeals to geekier parents. It will let you do things like make your smart lightbulbs change color when bedtime begins, or connect a real world internet pause button to Circle’s service. Fun, perhaps, but not necessary.

Despite being a parent myself, I’ve been hesitant to utilize strict parental control software or hardware devices in the home, as they add another layer of complexity to internet setup and use.

Instead, I’ve favored a combination of on-device controls provided by the platform maker (e.g. Apple), those in apps (e.g. Google’s safe search filters), and a hefty dose of good old-fashioned parenting. That means we have rules like, no watching YouTube shows unless I approve the channel first, no downloading apps without approval, and limited device use in general.

But I also have the luxury of only having to parent one child. And I’m aware that, as she grows, it will become more difficult to constantly keep an eye on her activity. Integrations like these make a service like Circle seem more appealing, and maybe even worth the hassle of set up and configuration, which, frankly, is still a bit of a pain, if I’m telling the truth.

Circle is a $99 device and is sold online through its website, and on retailers’ sites, including Amazon, Target, Best Buy and Disney Store. It’s also available in Target and Best Buy retail stores.

Use Nintendo Switch controllers with the NES Classic with this adapter

Nintendo Switch controllers are flexible, if flawed — the latest hardware they work with is the NES Classic, via 8bitdo’s $17 Retro Receiver, and a new firmware update available now for that little dongle. The wireless accessory already lets you connect a range of Bluetooth controllers to your NES Classic, including 8bitdo’s own NES30 controller replica, and PlayStation 4, Wii U Pro and more.

The new firmware supports connecting both individual Joy-Con halves, as well as the Switch Pro controller. It’s also available for the version of the Retro Receiver that plugs into original NES and SNES consoles, letting you use your Switch input devices with your vintage gaming consoles, too.

This is great news for controller consolidation — these things tend to replicate like crazy if you happen to own multiple gaming systems — and especially awesome on the heels of the news that Joy-Cons and Pro controllers also work with Mac, PC and Android devices with little or no special software required.

 Of course, Nintendo still has its fair share of controller issues on its hands with the Switch: Many users are experiencing connection problems, specifically with the left Joy-Con that shipped with their console. They advise keeping it out of range of basically any wireless gadget, which is not practically possible in many cases, and sources suggest it might only be truly solvable with a hardware fix.

Still, it’s useful to have the option to make these controllers extra portable NES Classic accessories in a pinch.

How The Last Mile helped Kenyatta Leal walk from prison in San Quentin to a job in tech

One year after their release, more than 75 percent of California’s formerly incarcerated can’t find jobs. One former prisoner, Kenyatta Leal, was serving a life sentence in San Quentin prison and was determined to change that number.

 On this episode he talks about what led him to prison, the mentors he found inside and how The Last Mile teaches people to code with no internet.

Leal also discusses his release, and how the tech skills he learned in prison landed him a job. For Leal, those skills included being able to blog and express himself on Twitter and Quora with no internet. Finally, Leal emphasizes the importance of breaking the cycle of incarceration.

Since Leal’s release, he has been able to help several people get jobs in tech, including some of the prisoners with him during his time in San Quentin.

If you want to learn more about criminal justice reform, feel free to reach out to ruben@breakingintostartups.com and we can connect you with the right people.

Verizon Ventures and R/GA partner to launch a digital media ‘venture studio’

Verizon Ventures and R/GA are announcing a new program called the Verizon Media Tech Venture Studio.

Stephen Plumlee, R/GA’s global COO and managing partner of R/GA Ventures, explained that the interactive agency’s “venture studios” started out similar to other startup accelerator programs, but they’ve expanded to provide access to “financial capital, creative capital and client relationship capital.” In other words, startups don’t just get funding and advice — they also work on products and partnerships with R/GA’s creative staff and clients.

In this case, the Media Tech Venture Studio is a 14-week program for up to 10 companies, which will receive $100,000 in funding each and work out of Verizon’s new “open innovation” space in New York City. The company says it’s looking for startups in areas like content creation and personalization, virtual reality and augmented reality, artificial intelligence, content distribution, interactive advertising and e-sports.

“The idea is for Verizon to really get out there and see what’s going on in the market,” said Paul Heitlinger of Verizon Ventures. “What’s really compelling for the companies who participate is, they get to work directly with Verizon’s business units. … They get access to our technologies, our networks, all behind-the-scenes stuff.”

At the same time, Heitlinger said participating in the program “doesn’t mean you have to work exclusively with Verizon.”

 Verizon buys Skyward, a drone operations companyVerizon fourth quarter earnings fall short of analyst expectationsAt The R/GA Accelerator Demo Day, Ten New IoT Companies Go Live

As for whether these startups are then teed up for additional funding from Verizon Ventures, he said, “We wouldn’t say no, we wouldn’t say yes. … If we feel that there’s a particular company that’s well-suited or well-aligned with Verizon’s business, just like any other startup we would invest.”

Verizon has been trying to move deeper into digital media, with initiatives like its go90 mobile video app, not to mention its acquisition of AOL (which owns TechCrunch) and the still in-progress Yahoo deal.