Alphabet’s Outline lets you build your own VPN

Alphabet’s cybersecurity division Jigsaw released an interesting new project called Outline. If I simplify things quite a lot, it lets anyone create and run a VPN server on DigitalOcean, and then grant your team access to this server.

I played a bit with Outline and it’s an interesting product. There are two components, a managing app and a client. Let’s start with the manager.

Right now, the manager is available on Windows and Linux, with a macOS version coming soon. It’s an Electron app so it feels like using a web app. By default, Outline recommends that you use DigitalOcean, a well-known cloud hosting provider.

You can also create your VPN server on another server, but that’s not really the point of Outline. Outline is all about making it as easy as possible to run your own server. Otherwise you’d already be using Algo VPN or Streisand.

If you choose DigitalOcean, the app opens a web view and asks you to enter your login, password and one-time password. After that, you need to let Outline use the DigitalOcean API. And that’s all you need to do during the initial setup process.

Now let’s create a VPN server. Outline automatically chooses the cheapest droplet on DigitalOcean, which costs $5 per month for 1TB of transfer data (somehow, Outline says you get 500GB). DigitalOcean currently has data centers in 8 different cities — Amsterdam, Singapore, Bangalore, Frankfurt, London, San Francisco, Toronto and New York.

After selecting a city, the managing app automatically downloads a Docker image and creates a server on DigitalOcean based on this Docker image. Software on the server will be automatically updated every hour. Your DigitalOcean server will also automatically perform security updates for the operating system and reboot the server if necessary.

Now let’s go back to the computer you’re currently using. You can now control your VPN server from the managing app. By default, Outline only generates one key for you. But you can add more users and invite your coworkers to use your server.

You can use the managing app to create more servers, delete a server or delete users if they don’t need access to your server anymore. The app also tells you how much bandwidth each user has used.

The invite page is just a static webpage hosted on Amazon S3 with two things. First, the page invites you to download the Outline client on your phone or computer. Second, the key is in the URL. Your browser displays the key when you load the page.

That’s why you shouldn’t invite your friends using an unencrypted method — don’t use Facebook, don’t use emails. Remember that the key will also be stored in your browser history.

But connecting to the VPN server is as easy as installing an app and clicking on an invitation link. It’s a great experience for non-tech-savvy users.

Let’s talk about the client for a minute. The app that you use to connect to the VPN server is currently available on Windows, Android and Chrome OS. Jigsaw is working on macOS and iOS clients. It features a single screen that lets you connect and disconnect from a server — quite straightforward.

Outline isn’t a VPN

Under the hood, Outline relies on the Shadowsocks protocol. And if you’re familiar with VPN protocols, Shadowsocks is nothing like OpenVPN, IPSec or WireGuard. In fact, Shadowsocks isn’t a VPN protocol at all.

Shadowsocks is an open-source project to create an encrypted socks5 proxy to redirect internet traffic. This is a bit technical, but a VPN is like an encrypted tunnel between your device and a server. All your network traffic goes through this tunnel and the VPN server (not your phone or computer) is the device talking to the internet.

It’s great because you know for sure that your ISP and other users on your WiFi network can’t look at your traffic (except if there are DNS leaks). You can also pretend you’re in another country.

But it’s also awful because anybody who has access to your VPN server can see your internet traffic. That’s why you should never rely on a VPN company, even if they promise that they respect your privacy. They’ll analyze your browsing habits, sell them to advertisers, inject their own ads on non-secure pages or steal your identity. And you can’t know for sure if you can trust them.

Traditional VPN protocols can also be blocked because they use specific ports and they look like VPN traffic if authorities and ISPs use deep packet inspection. That’s why countries can block VPNs altogether.

And yet, a socks5 proxy looks like normal internet traffic. Shadowsocks is taking advantage of that and combining the advantage of a proxy with traffic encryption. It’s supposed to work great in China for instance.

But you can’t guarantee that all internet traffic goes through a proxy server — it depends on each app. A proxy adds a level of granularity that can be convenient but also a security issue. For instance, the Outline client doesn’t redirect all your Windows traffic to the Outline server right now.

So Outline can be the perfect tool if you want to access censored websites with your web browser. But you won’t disappear from the network with an Outline connection.

Trusting Google

It’s hard to forget that Outline is a Jigsaw project. People working on this project are paid by Alphabet, Google’s parent company. In other words, it’s hard to trust a Google project when it comes to privacy.

But Jigsaw really wants you to trust them with this one. Outline is an open-source project. This way, experts can have a look at the code to see if there’s anything shady. The service has also been audited by a third-party security firm.

Jigsaw collects crash logs with non-identifiable data. They also collects all server IPs but can’t access those servers — I’m not sure why Jigsaw wants to see all IPs. You can also opt in to share more usage data.

Your Outline servers don’t keep any log of your internet traffic. So even if the NSA has a warrant to access an Outline server, it’ll only find out how much bandwidth each user has used with this server. But there’s no way to connect the dots and find out who’s behind this Outline server.

The biggest risk might be DigitalOcean. You have to enter your name, email and credit card to create a DigitalOcean account. Authorities could just ask DigitalOcean to find out who’s paying for your Outline server and get back to you.

Security vs. accessibility

Outline isn’t the most secure (sort of) VPN out there. It’s always better to build your own hardware server, connect it to the internet using a connection that you don’t pay under your own name and installing VPN software yourself.

But nobody is going to do that.

Privacy is always a balance between security and accessibility. The most secure tools out there are also the most difficult tools to use.

Many projects are now trying to make security more accessible. And it’s a breath of fresh air. Algo VPN lets you build your own IPSec VPN server with just a few command lines. Streisand also lets you build a server with all sorts of protocols with little technical knowledge.

These are great projects and I would recommend looking at them if you want to build your own VPN. But Outline goes one step further. You don’t need to type a single command line to create a Shadowsocks server.

Jigsaw says it’s the perfect tool for news organizations. And it’s true that most journalists know how to install an app. It’s not as scary as adding a VPN certificate. I would say it’s a great way to access censored websites if you live in China or another country with restrictions, even if you’re not a journalist.

You have to evaluate your level of risk and choose the technical solution that is right for you. If you’re not doing anything illegal and you just want to access blocked website, you can make some concessions.

And there’s one thing for sure, Outline is much better than any free or commercial VPN service out there.

from iFeeltech IT News Mix4


Discounted tix to Disrupt SF ’18 for students, nonprofits, government & military

TechCrunch Disrupt ranks as the premier event in the startup landscape, and our flagship event, Disrupt San Francisco 2018, which takes place September 5-7, will be our biggest and best Disrupt ever. If you haven’t heard, we’re moving to the Moscone Center West, tripling the floor space and featuring four stages of unique programming — and that’s just for starters. Of course, we want to make Disrupt SF ’18 as financially accessible as possible, which is why we’re offering students, nonprofit organizations, government employees and active military personnel steep discounts on Innovator passes.

An Innovator’s pass will keep you plenty busy for all three days of DSF ’18. You’ll be able to check out what’s happening on all four stages: the Main Stage, the Next Stage, Q&A Sessions and the Showcase Stage. The pass also grants you access to Startup Alley, the very heartbeat of Disrupt, where hundreds of early-stage startups showcase their cutting-edge tech to attendees, investors and the media.

Of course, there’s tons more, including Startup Battlefield, where you’ll see some of the world’s most exciting tech startups pitch in front of a panel of judges and vie for an equity-free cash prize. Who knows? You might even witness the birth of a new tech powerhouse.

You can participate in interactive workshops, use the Disrupt Mobile App to contact other attendees (we’re talking the full list, people) and you’ll get to relax and have fun at the TechCrunch After Party.

That’s a lot to digest in just three short days, so if you missed anything, don’t worry. Your Innovator pass gives you access to our library of event video content post-Disrupt.

We also realize that visiting the City by the Bay ain’t cheap, which is why the Innovator pass also includes access to discounted hotel rooms. As Kojak said, who loves ya, baby?

So, let’s get down to it. How much do these discounted tickets cost and how do they work?

Students currently enrolled in a college or university program can purchase an Innovator Pass for $295 (right now that’s a $700 savings). Note that you must present a valid student ID, proof of current enrollment or transcripts when you check in at Disrupt SF ’18 registration — otherwise, you’ll pay the full on-site pass price ($1,995).

Also, if you’re under 21 years old, you may not be able to access certain venues, like the After Party. Sorry kids, them’s the rules.

If you work for a nonprofit organization, you can buy an Innovator Pass for $495 (a savings of $500). You must provide your employee email address during the online registration process. When you check in at the Disrupt SF ’18 registration desk, you must provide proof of your organization’s 501(c) 3 designation — otherwise, you’ll pay the full on-site pass price ($1,995).

If you’re currently employed full-time by a federal, state or local government agency, if you’re an active military employee or you work for an international government agency, you can buy an Innovator Pass for $495 (a savings of $500). You must provide your valid .gov email address during the online registration process, and when you arrive at the Disrupt SF ’18 registration check-in you must present your current, valid government identification card — otherwise, you’ll pay the full on-site pass price ($1,995).

Bear in mind that you can’t combine any student, nonprofit, government and military discounts with any other discount offers, and this only applies for an Innovator Pass.

Disrupt San Francisco 2018 takes place September 5-7. Word to the wise — don’t dilly-dally around folks. The number of discounted tickets is limited. Go score your cheap tickets now, while you still can.

from iFeeltech IT News Mix4

Airbnb hosts can kick you out after you’ve checked in

Last month, Logan Kugler checked into the home of a Los Angeles-based Airbnb host. The plan was to stay there for about one month, but Kugler found himself checking out just three days after checking in. That’s not because he wanted to, but because the host cancelled his reservation.

This story is not about any one party being right or wrong. Instead, let this serve as a reminder that we are living in an age of non-traditional services — be that via ride-share, home-sharing, bike-sharing and so forth. That means, as it stands now, anyone has the right to kick you out of their car, house or apartment if they feel so inclined. That’s essentially what happened with Kugler when he used Airbnb to rent a home in LA last month.

“I woke up to a message on my phone that said Airbnb had changed my reservation and that it ended in 36 hours and I was to leave,” Kugler told TechCrunch. “This was a 31-day rental.”

The host asked Kugler to leave because she felt uncomfortable with the amount of requests he was making, such as to change the layout of the refrigerator and install different lights, she told TechCrunch. That’s when she contacted Airbnb to let the company know she wasn’t going to be able to let him stay there anymore.

The host gave Kugler 48 hours’ notice to leave the premises. Kugler, however, said he wouldn’t be able to pack up and leave that soon. So he asked for a couple of extra days, which the host declined.

Meanwhile, Kugler was in contact with Airbnb over the course of a couple of days to find a new place to stay with the same nightly rate, according to messages reviewed by TechCrunch. Before Kugler was able to find a new place to stay, the time ran out on his original reservation. Because he hadn’t left yet, the host called the police to help her get him off her property. Part of her rationale for calling the police, she said, was because Airbnb wasn’t helping her to get him to leave.

“I felt uncomfortable,” she said. “I lived in the main house and I wasn’t comfortable having this man on my property.”

Kugler, after being evicted by the police, left the premises. While Airbnb did reimburse Kugler for his stay, offer him assistance in finding another Airbnb and pay for a hotel for the nights he couldn’t find an appropriate place via Airbnb, Kugler said that didn’t matter to him because he’s a pretty particular person. So particular that he spent hours looking at options before landing on this one.

“As it stands right now, if you book an Airbnb you could be homeless at any second and thrown out on the street,” he said. “If this remains, I think they may lose some customers as awareness grows about this.”

While canceling a guest’s reservation is technically acceptable behavior, according to Airbnb’s terms of service, it’s certainly rare. This means guests are at risk of being cancelled on mid-stay, but Airbnb says it is ready to work to rebook anyone to whom this happens.

“There have been over 300 million guest arrivals on Airbnb to date and negative experiences are extremely rare,” Airbnb spokesperson Nick Papas told TechCrunch. “We have re-booked our guest and followed up with our host regarding this reservation. We work hard to make sure every guest has a great experience and want to make it right when things don’t go as expected.”

What Kugler ultimately wants is for Airbnb to change its terms of service. But Airbnb, which is simply a facilitator for home rentals, said in a message to Kugler reviewed by TechCrunch that it can’t force people to make their places available no matter what.

“The listings on our platform are owned and controlled by the host themselves,” an Airbnb representative told Kugler. “Airbnb cannot force a host to further accommodate a guest if they do not want to or are not able to for whatever reason.”

Also, sometimes life happens, as Airbnb outlines in its policy on emergency situations and other unavoidable circumstances. In a help article, Airbnb says it “empowers hosts to set and manage their cancellation policies,” and that if either a host or guest needs to cancel a reservation, they are responsible for cancelling as soon as possible.

“At times, certain circumstances outside of a host or guest’s control can impact their ability to meet the terms of a reservation,” the help page states.

According to the terms of service, if a host cancels on the day of check-in or later, guests can leave a public review on the host’s listing profile. Kugler did that (see below), which prompted a response from the host. Again, it’s not necessary to get into the details. Instead, this is meant to serve as a public service reminder that Airbnb, along with many other startups in this sharing economy, are not solely on the side of the customer.

Unlike hotels and taxis, the ethos that the customer is always right doesn’t fly in this type of economy. Airbnb, along with its peers like Uber and Lyft, are intermediaries, which means it’s in their best interest to ensure both hosts and guests are happy, and drivers and riders, respectively. In this case, however, neither the host nor the guest ended up happy.

from iFeeltech IT News Mix4

YouTube Red’s Karate Kid sequel ‘Cobra Kai’ drops new trailer

Cobra Kai never dies, and the resurgence of the rogue karate dojo in the upcoming YouTube Red original series reboot of The Karate Kid shows former sensei John Kreese was true to his mantra in the 1984 classic.

The series, set to debut May 2 on YouTube’s paid subscription service, YouTube Red, will see Ralph Macchio and William Zabka reprise their roles as Daniel LaRusso and Johnny Lawrence, 34 years after the events of the original theatrical release. But a new trailer released this week shows both actors have scarcely lost a step, or a karate kick, even decades later, with both actors now in their 50s.

The trailer opens with a scruffy-looking Johnny passed out on the floor surrounded by beer cans, and contrasts with a clean-cut, chipper Daniel in a rather funny commercial for a car dealership bearing the LaRusso name, perfectly setting up the arcs each character’s life followed after the original film’s All Valley Karate Tournament, in which young underdog Daniel resoundingly defeated the seemingly unbeatable Johnny with a now-iconic crane kick to the face. After visiting Daniel at his dealership and experiencing an unexpected humiliation, Johnny decides to restart the notorious Cobra Kai dojo, and train a new generation of kids in its misguided mold.

The trailer is fairly violent and profanity laden, a stark departure from the decidedly more family friendly original film series. The new series is written and executive produced by Josh Heald, Jon Hurwitz, and Hayden Schlossberg, and will get its debut at the Tribeca Film Festival on April 24 before its YouTube Red release.

from iFeeltech IT News Mix4

Marc Raibert, Melonee Wise and more will be speaking at TC Sessions: Robotics May 11 at UC Berkeley

We’re gearing up for our big upcoming TC Sessions: Robotics event May 11 on the UC Berkeley campus, and we’ve got a lot to talk about. We’ve already announced Berkeley professors Pieter Abbeel and Robert Full, Android/Playground Global founder Andy Rubin and VCs Chrissy Meyer, Renata Quintini and Rob Coneybeer.

Here are a few more names we’re excited to tell you about.

Behind the big dog

Boston Dynamics may well be the buzziest robotics company of the last decade, courtesy of some viral videos and truly amazing machines. The MIT spin-off is best known for BigDog, the DARPA-funded robotic pack mule that captured the internet’s imagination with its ability to traverse rocky terrain and avoid being kicked over by even the most tenacious roboticist.

Marc Raibert, the company’s founder and president, will join us to talk about the company’s impressive army of ‘bots, including the bipedal Atlas, the agile Cheetah and the company’s most recent breakthrough, SpotMini, a lightweight electric robot capable of opening doors.

Raibert will be on-hand to demo one of the company’s ‘bots and discuss the creation of the company’s iconic robots.

Operating systems and agriculture

Of course, hardware is nothing without a good piece of software. Fetch Robotics CEO Melonee Wise will be sitting with Brian Gerkey and Morgan Quigley of Open Robotics to discuss their company’s work to build an open-source operating system for robotics.

We’ve also got a great panel featuring some of the biggest names the world of robotic agriculture. Dan Steere of Abundant, John Binney of Iron Ox, Sebastian Boyer of Farmwise and Willy Pell of Blue River will join us to discuss the ways in which robotics will transform the global food system.

We want to hear from your robotics company

And don’t forget, if you’ve got a robotics company, we’ll have plenty of opportunities to showcase it on our stage. If you’d like to be one of four early-stage robotics companies competing in our pitch-off, let us know here. We’re also looking for some cool robots for demos and some upcoming TechCrunch videos. If that sounds like a good fit, fill out this form here.

Early-bird tickets are on sale now. (Special 90 percent discount for students when you book here!)

If you’re interested in a sponsorship, contact us.

from iFeeltech IT News Mix4

GitLab adds support for GitHub

Here is an interesting twist: GitLab, which in many ways competes with GitHub as a shared code repository service for teams, is bringing its continuous integration and delivery (CI/CD) features to GitHub.

The new service is launching today as part of GitLab’s hosted service. It will remain free to developers until March 22, 2019. After that, it’s moving to’s paid Silver tier.

GitHub itself offers some basic project and task management services on top of its core tools, but for the most part, it leaves the rest of the DevOps lifecycle to partners. GitLab offers a more complete CI/CD solution with integrated code repositories, but while GitLab has grown in popularity, GitHub is surely better known among developers and businesses. With this move, GitLab hopes to gain new users — and especially enterprise users — who are currently storing their code on GitHub but are looking for a CI/CD solution.

The new GitHub integration allows developers to set up their projects in GitLab and connect them to a GitHub repository. So whenever developers push code to their GitHub repository, GitLab will kick off that project’s CI/CD pipeline with automated builds, tests and deployments.

“Continuous integration and deployment form the backbone of modern DevOps,” said Sid Sijbrandij, CEO and co-founder of GitLab. “With this new offering, businesses and open source projects that use GitHub as a code repository will have access to GitLab’s industry leading CI/CD capabilities.”

It’s worth noting that GitLab offers a very similar integration with Atlassian’s BitBucket, too.

from iFeeltech IT News Mix4

Instagram will show more recent posts due to algorithm backlash

Instagram isn’t quite bringing back the chronological feed but it will show more new posts and stop suddenly bumping you to the top of the feed while you’re scrolling. “With these changes, your feed will feel more fresh, and you won’t miss the moments you care about” Instagram writes. It should be more coherent to browse the app now that you won’t get bumped to to the top of your feed and lose your place because your feed randomly refreshes, and there shouldn’t be as many disparate time stamps to juggle. Instead, you’ll be able to manually push a “New Posts” button when you want to purposefully refresh the feed.

Instagram switched from a reverse chronological feed to a relevancy-sorted feed in June 2016, leading to lots of grumbling from hardcore users. While it made sure you wouldn’t miss the most popular posts from your close friends, showing days-old posts made Instagram feel stale. And for certain types of professional content creators and merchants, cutting their less likeable posts out of the feed — like their calls to buy their products or follow their other social accounts — was detrimental to their business.


We’ll have more commentary soon

from iFeeltech IT News Mix4

Internet Association wants in on the lawsuit challenging Net Neutrality repeal

The Internet Association has filed to intervene in the on-going lawsuit against the FCC challenging the repeal of net neutrality protections.

The Internet Association is a trade association that represents some of the world’s biggest internet companies, including Google, Facebook, Amazon, Dropbox, and Netflix. The IA’s motion focuses primarily on why the IA, and the companies it represents, should be able to participate in the lawsuit.

But let’s take a step back.

In December, the FCC voted 3-2 in favor of gutting Obama Administration-era protections against data throttling and blocking by ISPs. In other words, FCC Chairman Ajit Pai, a former Verizon employee, and others at the FCC, believed that ISPs should be allowed to charge extra for a fast lane, which would stifle competition.

The order became official in February of this year, opening the door for the fight against the repeal to begin.

Between the vote and the official order, a lawsuit was filed by 22 state attorney generals, seeking to block the net neutrality repeal.

In March, the 9th Circuit consolidated these various challenges (15, in total) to the FCC’s repeal. The IA said earlier this year that it wouldn’t file a lawsuit as a plaintiff, but did plan to participate in the lawsuit.

According to the filing, the IA is focusing on three major areas: the removal of rules against blocking, throttling and paid prioritization distort competition and places the burden on consumers, the removal of well-established, bright line net neutrality rules harms internet companies’ ability to reach customers across the country, and the new rules harm future growth in the internet ecosystem as a whole.

Here’s what Internet Association President and CEO Michael Beckerman had to say in a prepared statement:

The internet industry will continue to fight for net neutrality protections that help consumers, foster innovation, and promote competition for the entire online ecosystem. The entire sector is committed to preserving an open internet and will continue to defend these protections in every venue available. This is also an issue that unites Republicans and Democrats in all 50 states.

On the other side of the coin, some industry groups that support the FCC’s repeal of Net Neutrality have also filed to intervene.

from iFeeltech IT News Mix4

Google Assistant on phones now lets you send and receive money

“Hey Google, send Brian $15 for breakfast today.” Starting today, you can use this command to tell the Google Assistant on your phone to send money to people with Google Pay, the re-branded version of what you may still think of as Android Pay. And if Brian, as usual, forgets to pay you back, you can also say: “Hey Google, request $20 from Brian for breakfast today.”

For now, this feature is only available on phones, but Google tells us that it plans to offer the same functionality through its Google Home speakers in the coming months. One of the reasons for this is probably the fact that the phone offers a more secure process for authenticating who you are. On the phone, Google will ask for either a password or a fingerprint to make sure who are who you say you are. Google Home can already recognize different speakers, but for now, it’s unclear how Google will securely authenticate users there.

Since quite a few people probably don’t have Google Pay set up yet, the Assistant will walk you through the setup process when you first try this feature. Sending and receiving money through Google Pay is free.

from iFeeltech IT News Mix4

Bell & Ross creates a transparent tourbillon

It’s Spring and that means it’s time for Basel, the definitive international watch show. Around this time every year all of your favorite brands – and brands you’ve never heard of – launch unique timepieces that cost more than a few dozen Honda Accords and look like something made by a Doctor Manhattan during one of his less melancholy moments.

Today’s wild timepiece comes to use from Bell & Ross, makers of big square watches that look like aircraft dials. This new piece, called the BR-X1-Skeleton-Tourbillon-Sapphire, maintains the traditional B&R shape but is almost completely clear with a case made of sapphire and held together by pins and screws. The movement, which comes in three colors, is a complete hand-wound tourbillon system and is beautifully visible from all angles.

A tourbillon, for the uninitiated, is a system for rotating the watch’s balance wheel 360 degrees. This system, originally created by Breguet, ensured that a watch didn’t slow down when subjected to odd gravitational forces. Now, however, it’s a wildly expensive conversation starter.

This is a beautiful update to B&R’s original see-through watch and, while the vast majority of us will never own something like this, it’s nice to know that someone still cares about horological complexity paired with wild design. How much does it cost to own the watch equivalent of Wonder Woman’s Invisible Jet? About $500,000. The piece, for those interested in picking one up, will be available online.

from iFeeltech IT News Mix4