Technology US

MSI GP66 Leopard review: substance over style

If you’re looking for a gaming rig that’s a step above the budget price point but still more affordable than the flashiest PCs on the market, you’re looking for MSI’s Leopard line. With a starting price of $1,599 ($1,899 as tested), the 2021 GP66 Leopard takes the same top-end chips that are in the likes of MSI’s GE66 Raider and the Asus ROG Strix Scar 15 and puts them in a less exciting, more affordable chassis. In this case, that’s Intel’s eight-core Core i7-10870H and Nvidia’s brand-spanking-new RTX 3070 mobile graphics card — components you’ll also see in luxury gaming flagships across the board.

That’s the clear argument for the GP66. If you’re willing to make some compromises (particularly when it comes to the chassis and the battery life), you can get high-end gaming performance at a midrange price point. Thanks especially to the RTX 3070, these are some of the best frame rates you’ll find below $2,000.

The GP66 Leopard is a revamp of the 2019 GP65 Leopard. In addition to the RTX 3070, MSI made at least one other major change: its design. The changes are subtle, but they add up to a machine that looks a bit more professional and a bit less gamer-y.

For one, the GP66 is noticeably thinner — it’s 0.92 inches thick, while its predecessor was 1.08 inches thick. There’s also a new hinge design, which leaves less visible space between the display and the keyboard deck, and is meant to make the clamshell easier to open with one hand. MSI sent a dummy GP65 specifically to verify this claim, and I can confirm that the GP66 is much easier to open. The lid, which had a red MSI logo on the GP65, is all-black on the GP66, and the two raised ridges in the center of the GP65 that gave the laptop a distinctively “gamer” look are gone.

But the keyboard deck is where the Leopard has matured the most. MSI eliminated the GP65’s stiff discrete clickers in favor of a smooth, modern touchpad. The keyboard keys, which looked and felt quite plasticky on the last model, have been upgraded to a wider design that more closely resembles those of the Razer Blade line. (Don’t worry: Per-key RGB backlighting remains.) The clunky dedicated buttons the GP65 had for toggling the power and fan profiles are gone as well.

That doesn’t mean this is the best-made laptop around. The chassis has a bit of a plasticky feel compared to many more expensive models, and the touchpad wasn’t as smooth as I’d like — I often found my fingers skidding. But I’m happy with the revamp all the same. It’s a smoother, sleeker look — a Leopard for 2021.

One more design change: MSI moved a bunch of ports to the rear of the chassis. There’s one Type-C USB 3.2 Gen 2 with DP1.4, one HDMI 2.0, one RJ45, and one power port back there, in addition to a Type-A USB 3.2 and an audio combo jack on the left and two Type-A USB 3.2 on the right. That means the GP66 actually has fewer ports than its predecessor, which was able to fit in a miniDP 1.4, separate input and output audio jacks, and an SD card reader (though that reader was frustratingly slow according to reviewers). On the other hand, having so many ports crammed together on the sides of a device can make cable management a frustrating endeavor, so I’m glad that MSI has been able to spread them out. In particular, having USB-A ports on both sides is handy.

Let’s get into the second thing that’s new with this machine: the RTX 3070. This graphics card was unveiled at Nvidia’s CES 2021 keynote two weeks ago, along with the rest of the new RTX 3000 mobile line. Nvidia said the chip would deliver speeds up to 1.5 times faster than those of RTX 2070 systems. In my testing, the GP66 didn’t quite display that large of a bump on every title, but it wasn’t too far off.

(My test unit also included an Intel Core i7-10870H, 32GB of RAM, and 1TB of storage, in addition to a 1920 x 1080 240Hz display with 3.5ms response time.)

The tl;dr is that pretty much any game you want to play, you can play. All of the games here were tested at their highest possible settings, and none of them gave the RTX 3070 any trouble. The GP66 averaged 96FPS on Horizon Zero Dawn; gameplay looked fantastic without a stutter to be seen. It averaged 75FPS on the highly demanding Red Dead Redemption II, with a minimum of 55FPS on the game’s built-in benchmark. Those are both significantly better results than we saw from MSI’s flagship GE66 Raider and Asus’s ROG Strix Scar 15, both of which use an RTX 2070 Super, and both of which cost several hundred dollars more for comparable specs. It’s also (unsurprisingly) a step up from MSI’s high-end GS66 Stealth that’s equipped with an RTX 2070 Super Max-Q.

The MSI Gp66 Leopard seen from above, half closed.

MSI’s dragon remains, but the red is gone.

Ray tracing was also no problem: The Leopard put up 82FPS on Shadow of the Tomb Raider with the feature on its Ultra setting. The Raider and the Strix averaged 70FPS and 67FPS, respectively, on that title.

With esports titles, you can take full advantage of the 240Hz screen. The GP66 maxed out Rocket League (which goes up to 250FPS) and averaged 169FPS on Overwatch (where the Raider only averaged 124FPS).

The Leopard employs MSI’s “Cooler Boost 5” system, which includes two fans and six heat pipes. Cooling was good throughout; the CPU never passed 88 degrees Celsius during gaming. I never heard the fans during my regular multitasking, but there was sometimes an annoying coil whine that swapping to the Silent Fan profile didn’t always eliminate.

The MSI GP66 Leopard seen from the left.

You can switch between cooling profiles to eliminate fan noise when you’re not stressing the machine.

While some gaming laptops can double as drivers for media work, the GP66 wouldn’t be a great choice for creative professionals because its screen maxes out at 205 nits. That’s dim, even for a mid-tier gaming laptop. The system also wasn’t quite as dominant in Premiere Pro as it was in gaming — it took five minutes and 21 seconds to export a 5-minute, 33-second video that the GS66 Stealth completed in three minutes and 14 seconds. On the bright(er) side, the GP66’s display does cover 100 percent of the sRGB gamut and 80 percent of AdobeRGB, which means your games should look nice and vibrant.

When it came to regular multitasking and office work, I didn’t experience any performance issues with the GP66. I ran into a number of bugs with the last MSI product I reviewed, the GE66 Raider, but am happy to report that they all seem to have been fixed. The Dragon Center app (where you can swap fan profiles and customize other settings) was so crash-prone and glitchy when I used it last October that MSI had to tap into my review unit and troubleshoot, but it’s quite smooth and responsive now. I’ve also previously had some trouble with the SteelSeries engine, where you customize keyboard colors and effects, but it was easy to use here.

The MSI GP66 Leopard keyboard seen from above.

No backlight bleed at all.

Battery life, though, is a major area where the GP66 isn’t ahead of its competition. I was averaging three and a half to four hours from the 4-cell 65Whr brick, with consistent multitasking in around a dozen Chrome tabs with the screen at 200 nits of brightness. That’s not great news for anyone who was hoping to work on the go, especially considering how heavy the 230W charger is to carry around. This unit also came preloaded with Norton Antivirus, which can drain power, so make sure to uninstall that if you want the longest possible lifespan. (Premiere Pro results also improved significantly after I nuked Norton.)

Finally, on sound. The GP66 includes two 2-watt speakers. As is usually the case with laptop speakers, treble tones were much stronger than the middle ranges, while bass and percussion were subdued. Game audio was fine with a decent surround quality — but not the best I’ve ever heard, and not as good as you’d get from a decent external speaker.

The GP66 also comes preloaded with Nahimic customization software, which lets you swap between audio presets for Music, Movie, Communication, and Gaming, and manually adjust equalizer settings. There’s a “Surround Sound” feature you can turn on and off (I didn’t notice a huge difference), and a “Volume Stabilizer” that’s supposed to keep your audio audible without waking people up (this did change the sound, though I wasn’t able to test its efficacy on any sleeping roommates). You can also customize the built-in microphones for conferences and chats — there are toggles for echo cancelation, static noise suppression, and the like.

The GP66 Leopard isn’t a perfect laptop. Between the plasticky texture, the skid-prone touchpad, the dim screen, and the preloaded bloatware, it’s clear where MSI has had to cut some corners. And while I certainly enjoy the modest all-black chassis, gamers who need RGB lights everywhere may still prefer the likes of the Raider and the Strix.

But the Leopard excels in the area that matters most: game performance. Not only does it blow budget competitors like the Lenovo Legion 5i out of the water, but thanks to the new RTX 3070 it’s a significant step up from today’s luxury gaming laptops while remaining a large step down in price. With a powerful new chip and a fresh modern design, the GP66 Leopard is an excellent new product to kick off 2021.

Photography by Monica Chin / The Verge

Technology UK

The DJI Mini 2 is a content creator’s dream that’s almost perfect

DJI were close to perfection with the original Mini: it weighed in at under 250 grams and was easy to operate straight out of the box. However, with a 12 megapixel camera that could only capture images in JPEG format and film video at a maximum resolution of 2.7k resolution – at 30fps – the DJI Mini felt a little bit undercooked.

DJI have listened to the criticisms of the Mini in their development of the Mini 2 – and it shows.

What’s in the box?

The DJI Mini 2 Fly is available in two flavours to whet your appetite.

The DJI Mini 2 Fly improves upon the previous Mini model

Out of the box the DJI Mini 2 (RRP £449.00) comes with one battery, a controller, prop holder and a single set of peripheral spare parts e.g. rotor blades, controller cables and screws. Whereas the DJI Mini 2 Fly More Combo (RRP. £549.00) includes a controller, prop holder, three batteries, a battery pack multi-charger that can charge all three batteries simultaneously and double up as a portable power pack as well, plus three sets of peripheral spare parts rather than just the one.

DJI have refined rather than wildly reinvent the look of the Mini 2 when compared to its predecessor. The airframe of the Mini 2 is the same as that of the Mini, meaning the placement of the battery and the exposed micro SD card remain at the rear of the body. The retractable arms of the drone need to be opened in a specific order (front then back) and closed in the opposite order, but once you get used to that it will soon become second nature.

The DJI Mini 2 Fly More Combo

For those familiar with DJI you’d be forgiven for thinking you’d seen the controller design before, and that’s because you in all likelihood have – it’s the same as the DJI Mavic Air 2. Gone is the plastic-like handset that resembled something the ‘Ghostbusters’ would use to hunt the Stay Puft Marshmallow Man with, now replaced with a sleeker and much more serious looking design. DJI boast that with the Mini 2 ‘The OcuSync 2.0 holy trinity is now complete’ which means the controller connection will now be rock solid rather than temperamental – a common complaint with the Mini.

On face value the camera of the Mini 2 is much the same as the Mini, set on a 3-axis mechanical stabiliser with the same 1/2.3” CMOS 12 mp sensor. But don’t let this fool you as the image & video capture capabilities of the Mini 2 are impressive for such a lightweight and compact quadcopter.

Video Loading

Video Unavailable

The Mini 2 now records in 4k video (compared to the previous 2.7k of the Mini) and they’ve boosted the maximum video bitrate from an abysmal 40mbps to 100mps. The drone also features a 4x zoom while shooting at 1080p, as well as being able to capture images in JPEG as well as RAW.

DJI clearly envisage the Mini 2 as being the affordable ‘go to’ for casual pilots, content creators and influencers alike and the set of complimentary shooting modes are obviously designed with this in mind. You have the familiar range of DJI ‘Quickshot’ flight options such as Dronie, Helix, Rocket, and Circle. However, they’ve now included Boomerang into the mix which enables the drone to fly around the subject, starting and stopping the video in the same place.

In addition to this the Mini 2 can also capture panoramic photographs with self explanatory titles such as:

Sphere : The drone captures 25 images and stitches them together in the DJI Fly app to create a spherical ‘tiny planet’ effect.

180° : The drone captures four photos in order to create sweeping landscape shots.

Wide-Angle : The drone captures a wide 3×3 image consisting of nine images.

It’s important to note that the rumours of a tantalising 4k hyper-lapse mode for the Mini 2 don’t seem to have any basis in fact for the time being.

Changes in the law

The 12 megapixel camera on the DJI Mini 2 can produce spectacular results

With the recent changes in UK legislation the Mini 2 now requires an Operator ID by law, which means you will have to register your drone at a cost of £9 per year before you take to the skies. The UK Civil Aviation Authority provides a simple straightforward ‘one-stop shop’ that will provide you with both the Operator ID as well as the Flyer ID in one place.

What’s it like to fly?

When you connect your smartphone to the controller the DJI Fly app will guide you through the preflight checks before you launch, and I’d strongly recommend you fight the temptation to skip through the details and start flying. The user interface is clean and streamlined, balancing simplicity and control. The controller design comes into its own when you’re flying the DJI Mini 2. It’s comfortable to hold, responsive and with the refinements in connectivity (Hello there 10 kilometres of HD video transmission) you feel confident and in control when the quadcopter is in flight – make no mistake the OcuSync 2.0 connection is rock solid.

The DJI Mini 2 can create eye catching ‘tiny planet’ panoramas

Shooting content is a dream on the Mini 2, and the controller feels very similar to a DSLR grip. The placement of the shutter release button and gimbal control wheel at the top of the controller makes shooting video and photographs feel almost intuitive.

The Mavic Mini 2 uses a new alert system called DJI AirSense that uses ADS-B (Automatic Dependent Surveillance – Broadcast) technology to provide location information from passing aircraft fitted with ADS-B transmitters, meaning drone pilots can be alerted potential risks whilst flying. The Mavic Mini 2 also retains the DJI FlySafe geofence system, restricting flights over unauthorised airspaces.

The DJI Mini 2 has a flight time of 31 minutes

The upgraded capacity of the motors in the Mini 2 makes it a deceptively nimble beast. Improvements in motor efficiency & performance means that the Mini 2 can quite happily fly around at 36 mph for up to 31 minutes, with an equally impressive level 5 resistance to strong headwinds to boot. For a drone that comes in at under £500 to be able to retain stabilisation under these sorts of conditions is a pretty big deal.

My biggest gripe with the DJI Mini 2 Fly More Combo is the lack of a landing pad or propeller guards. The low-profile of the unit means that blades of grass will keep the drone grounded – so you’ll need to find level ground for takeoffs and landings. The Mini 2 also doesn’t include obstacle sensors or subject tracking, so you want to avoid flying into a tree because the drone quite literally won’t see it coming.

Is it worth the money?


The original Mini was a fantastic ‘first-time’ concept but was inherently flawed from the outset. With the Mini 2 DJI have built on the successes of it’s predecessor and made significant and satisfying refinements; although there is still plenty to work on for the inevitable arrival of the DJI Mini 3 such as battery compatibility between models. Overall for experienced enthusiasts and beginners alike the Mini 2 provides the satisfaction that the Mini was so sorely lacking.

– The DJI Mini 2 & the DJI Mini 2 Fly More Combo is available from the DJI store.

Source link

Technology US

Google warns of ‘novel social engineering method’ used to hack security researchers

Government-backed hackers based in North Korea are targeting individual security researchers through a number of means including a “novel social engineering method,” Google’s Threat Analysis Group is reporting. The campaign has reportedly been ongoing for several months, and worryingly appears to exploit unpatched Windows 10 and Chrome vulnerabilities.

Although Google doesn’t say exactly what the aim of the hacking campaign is, it notes that the targets are working on “vulnerability research and development.” This suggests the attackers may be trying to learn more about non-public vulnerabilities that they can use in future state-sponsored attacks.

According to Google, the hackers set up a cybersecurity blog and series of Twitter accounts in an apparent attempt to build and amplify credibility while interacting with potential targets. The blog focused on writing up vulnerabilities that were already public. Meanwhile, the Twitter accounts posted links to the blog, as well as other alleged exploits. At least one of the purported exploits was faked, according to Google. The search giant cites several cases of researchers’ machines having been infected simply by visiting the hackers’ blog, even when running the latest versions of Windows 10 and Chrome.

The social engineering method outlined by Google involved contacting security researchers, and asking them to collaborate on their work. However, once they agreed, the hackers would send over a Visual Studio Project containing malware, which would infect the target’s computer and start contacting the attackers’ server.

According to Google, the attackers used a range of different platforms — including Telegram, LinkedIn and Discord — to communicate with potential targets. Google listed specific hacker accounts in its blog post. It says anyone who’s interacted with these accounts should scan their systems for any indication they’ve been compromised, and move their research activities onto a separate computer from their other day-to-day usage.

The campaign is the latest incident of security researchers being targeted by hackers. Last December, a leading US cybersecurity firm FireEye disclosed that it had been compromised by a state-sponsored attacker. In the case of FireEye, the target of the hack were internal tools it uses to check for vulnerabilities in its client’s systems.

Technology US

The original Celeste now has a sequel you can play in your browser

Celeste was one of the most acclaimed games of 2018, but what you may not have known is that the tightly designed platformer was an expanded version of a smaller project developed in four days at a game jam. Maddy Thorson and Noel Berry created the original Celeste for the Pico-8 platform, and now that version has a sequel called Celeste 2: Lani’s Trek.

The developers, now including composer Lena Raine, say that this game took just three days to make. The release is to celebrate the third anniversary of Celeste’s release.

If you’re not familiar with Pico-8, it’s a “virtual console” that gives developers a framework to build games as if it were actual hardware with defined technical capabilities. Games are limited to 128 x 128 resolution, for example, and a specific 16-color palette, which results in a distinctive look. Games can be accessed through the Pico-8 front end itself or distributed separately.

In Celeste 2’s case, you can download Windows, Mac, Linux, and Raspberry Pi versions for free from, or play it in your browser at that link. (I would strongly recommend using a controller, since the keyboard controls are… tricky.) The soundtrack is also available on Bandcamp.

Technology US

Facebook users’ phone numbers are for sale through a Telegram bot

Someone has gotten their hands on a database full of Facebook users’ phone numbers, and is now selling that data using a Telegram bot, according to a report by Motherboard. The security researcher who found this vulnerability, Alon Gal, says that the person who runs the bot claims to have the information of 533 million users, which came from a Facebook vulnerability that was patched in 2019.

With many databases, some amount of technical skill is required to find any useful data. And there often has to be an interaction between the person with the database and the person trying to get information out of it, as the database’s “owner” isn’t going to just give someone else all that valuable data. Making a Telegram bot, however, solves both of these issues.

The bot allows someone to do two things: if they have a person’s Facebook user ID, they can find that person’s phone number, and if they have a person’s phone number they can find their Facebook user ID. Though, of course, actually getting access to the information you’re looking for costs money — unlocking a piece of information, like a phone number or Facebook ID, costs one credit, which the person behind the bot is selling for $20. There’s also bulk pricing available, with 10,000 credits selling for $5,000, according to the Motherboard report.

The bot has been running since at least January 12, 2021, according to screenshots posted by Gal, but the data it provides access to is from 2019. That’s relatively old, but people don’t change phone numbers that often. It’s especially embarrassing for Facebook as it historically collected phone numbers from people including users who were turning on two-factor authentication.

At the moment it’s unknown if Motherboard or security researchers have contacted Telegram to try to get the bot taken down, but hopefully it’s something that can be clamped down on soon. That’s not to paint too rosy a picture, though — the data is still out there on the web, and it’s resurfaced a couple of times since it was initially scraped in 2019. I’m just hoping that the easy access will be cut off.

Technology US

Rejoice! Amazon’s new app logo isn’t another icon in a white box

It looks like Amazon is rolling a new app icon on iOS, and unlike countless other recent app redesigns, it isn’t just a logo dropped inside a white background! Rejoice! The new icon cleverly takes cues from perhaps Amazon’s most recognizable “product” — its shipping boxes and their bright blue tape.

Here it is — in the app’s listing on Apple’s UK App Store. (There are a few other reports of others seeing the icon on their devices as well.)

Whoever worked on this new app design, which will be instantly recognizable on your home screen, deserves a raise.

Technology US

Warning Signal: the messaging app’s new features are causing internal turmoil

On January 6th, WhatsApp users around the world began seeing a pop-up message notifying them of upcoming changes to the service’s privacy policy. The changes were designed to enable businesses to send and store messages to WhatsApp’s 2 billion-plus users, but they came with an ultimatum: agree by February 8th, or you can no longer use the app.

The resulting furor sparked a backlash that led Facebook-owned WhatsApp to delay the policy from taking effect until May. In the meantime, though, tens of millions of users began seeking alternatives to Facebook’s suite of products. Among the biggest beneficiaries has been Signal, the encrypted messaging app whose development is funded by a nonprofit organization. Last month, according to one research firm, the six-year-old app had about 20 million users worldwide. But in a 12-hour period the Sunday after WhatsApp’s privacy policy update began, Signal added another 2 million users, an employee familiar with the matter told me. Days of temporary outages followed.

The pace has hardly relented since. Signal leapt to No. 1 in the app stores of 70 countries, and it continues to rank near the top of most of them, including the United States. While the company won’t confirm the size of its user base, a second employee told me the app has now surpassed 40 million users globally. And while Signal still has a small fraction of the market for mobile messaging — Telegram, another upstart messenger, says it added 90 million active users in January alone — the rapid growth has been a cause for excitement inside the small distributed team that makes the app.

Adding millions of users has served as a vindication for a company that has sought to build a healthier internet by adopting different incentives than most Silicon Valley companies.

“We’re organized as a nonprofit because we feel like the way the internet currently works is insane,” CEO Moxie Marlinspike told me. “And a lot of that insanity, to us, is the result of bad business models that produce bad technology. And they have bad societal outcomes.” Signal’s mission, by contrast, is to promote privacy through end-to-end encryption, without any commercial motive.

But Signal’s rapid growth has also been a cause for concern. In the months leading up to and following the 2020 US presidential election, Signal employees raised questions about the development and addition of new features that they fear will lead the platform to be used in dangerous and even harmful ways. But those warnings have largely gone unheeded, they told me, as the company has pursued a goal to hit 100 million active users and generate enough donations to secure Signal’s long-term future.

Employees worry that, should Signal fail to build policies and enforcement mechanisms to identify and remove bad actors, the fallout could bring more negative attention to encryption technologies from regulators at a time when their existence is threatened around the world.

“The world needs products like Signal — but they also need Signal to be thoughtful,” said Gregg Bernstein, a former user researcher who left the organization this month over his concerns. “It’s not only that Signal doesn’t have these policies in place. But they’ve been resistant to even considering what a policy might look like.”

Interviews with current and former employees, plus leaked screenshots of internal deliberations, paint a portrait of a company that is justly proud of its role in promoting privacy while also willfully dismissing concerns over the potential misuses of its service. Their comments raise the question of whether a company conceived as a rebuke to data-hungry, ad-funded communication tools like Facebook and WhatsApp will really be so different after all.

Like a lot of problems, this one started with an imperative familiar to most businesses: growth.

Encrypted messaging has been a boon to activists, dissidents, journalists, and marginalized groups around the world. Not even Signal itself can see their messages — much less law enforcement or national security agencies. The app saw a surge in usage during last year’s protests for racial justice, even adding a tool to automatically blur faces in photos to help activists more safely share images of the demonstrations. This kind of growth, one that supported progressive causes, was exciting to Signal’s roughly 30-member team.

“That’s the kind of use case that we really want to support,” Marlinspike told me. “People who want more control over their data and how it’s used — and who want to exist outside the gaze of tech companies.”

On October 28th, Signal added group links, a feature that has become increasingly common to messaging apps. With a couple of taps, users could begin creating links that would allow anyone to join a chat in a group as large as 1,000 people. And because the app uses end-to-end encryption, Signal itself would have no record of the group’s title, its members, or the image the group chose as its avatar. At the same time, the links make it easy for activists to recruit large numbers of people onto Signal simultaneously, with just a few taps.

But as the US presidential election grew closer, some Signal employees began raising concerns that group links could be abused. On September 29th, during a debate, President Trump had told the far-right extremist group the Proud Boys to “stand back and stand by.” During an all-hands meeting, an employee asked Marlinspike how the company would respond if a member of the Proud Boys or another extremist organization posted a Signal group chat link publicly in an effort to recruit members and coordinate violence.

“The response was: if and when people start abusing Signal or doing things that we think are terrible, we’ll say something,” said Bernstein, who was in the meeting, conducted over video chat. “But until something is a reality, Moxie’s position is he’s not going to deal with it.”

Bernstein (disclosure: a former colleague of mine at Vox Media), added, “You could see a lot of jaws dropping. That’s not a strategy — that’s just hoping things don’t go bad.”

Marlinspike’s response, he told me in a conversation last week, was rooted in the idea that because Signal employees cannot see the content on their network, the app does not need a robust content policy. Like almost all apps, its terms of service state that the product cannot be used to violate the law. Beyond that, though, the company has sought to take a hands-off approach to moderation.

“We think a lot on the product side about what it is that we’re building, how it’s used, and the kind of behaviors that we’re trying to incentivize,” Marlinspike told me. “The overriding theme there is that we don’t want to be a media company. We’re not algorithmically amplifying content. We don’t have access to the content. And even within the app, there are not a lot of opportunities for amplification.”

At the same time, employees said, Signal is developing multiple tools simultaneously that could be ripe for abuse. For years, the company has faced complaints that its requirement that people use real phone numbers to create accounts raises privacy and security concerns. And so Signal has begun working on an alternative: letting people create unique usernames. But usernames (and display names, should the company add those, too) could enable people to impersonate others — a scenario the company has not developed a plan to address, despite completing much of the engineering work necessary for the project to launch.

Signal has also been actively exploring the addition of payments into the app. Internally, this has been presented as a way to help people in developing nations transfer funds more easily. But other messaging apps, including Facebook and China’s WeChat, have pursued payments as a growth strategy.

An effort from Facebook to develop a cryptocurrency, now known as Novi, has been repeatedly derailed by skeptical regulators.

Marlinspike serves on the board of MobileCoin, a cryptocurrency built on the Stellar blockchain designed to make payments simple and secure — and, potentially, impossible to trace. “The idea of MobileCoin is to build a system that hides everything from everyone,” Wired wrote of the project in 2017. “These components make MobileCoin more resistant to surveillance, whether it’s coming from a government or a criminal.”

People I spoke with told me they regard the company’s exploration of cryptocurrency as risky since it could invite more bad actors onto the platform and attract regulatory scrutiny from world leaders.

Marlinspike played down the potential of crypto payments in Signal, saying only that the company had done some “design explorations” around the idea. But significant engineering resources have been devoted to developing MobileCoin integrations in recent quarters, former employees said.

“If we did decide we wanted to put payments into Signal, we would try to think really carefully about how we did that,” Marlinspike said. “It’s hard to be totally hypothetical.”

Signal’s growth imperatives are driven in part by its unusual corporate structure. The app is funded by the Signal Foundation, which was created in 2018 with a $50 million loan from WhatsApp co-founder Brian Acton. Signal’s development is supported by that loan, which filings show has grown to more than $100 million, and by donations from its users.

Employees have been told that for Signal to become self-sustaining, it will need to reach 100 million users. At that level, executives expect that donations will cover its costs and support the development of additional products that the company has considered, such as email or file storage.

But messaging is a crowded field, with products from Apple, Facebook, Google, and, more recently, Telegram. Signal’s initial customer base of activists and journalists will only get it so far. And so despite its anti-corporate ethos, Signal has set about acquiring users like any other Silicon Valley app: by adding new features over time, starting with those that have proven successful in rivals.

Those efforts have been led by two people in particular: Marlinspike, a former head of product security at Twitter whose long career in hacking and cryptography was recently profiled in The New Yorker, and Acton, whose title as executive chairman of the Signal Foundation dramatically understates his involvement in the project’s day-to-day operations.

In 2014, Acton and co-founder Jan Koum sold WhatsApp to Facebook for $22 billion, making them both billionaires. Acton left the company in 2017, later telling Forbes that his departure was prompted by Facebook’s plans to introduce targeted advertising and commercial messaging into WhatsApp. “I sold my users’ privacy to a larger benefit,” Acton told Forbes. “I made a choice and a compromise. And I live with that every day.”

A few months later, at the height of the Cambridge Analytica data privacy scandal, Acton caused a stir when he tweeted: “It is time. #deletefacebook.”

Since then, he has increasingly devoted his time to building Signal. He participates in all-hands meetings and helps to set the overall direction of the company, employees said. He interviews engineers, screening them for their ideological commitment to encryption technology. He writes code and helps to solve engineering challenges.

While working at Facebook, Acton could be dismissive of the idea that technology companies should intervene to prevent all forms of abuse. “There is no morality attached to technology, it’s people that attach morality to technology,” Acton told Steven Levy for his book Facebook: The Inside Story. Acton continued:

“It’s not up to technologists to be the ones to render judgment. I don’t like being a nanny company. Insofar as people use a product in India or Myanmar or anywhere for hate crimes or terrorism or anything else, let’s stop looking at the technology and start asking questions about the people.”

Asked about those comments, Signal told me that Acton does not have any role in setting policy for the company.

In recent interviews, Acton has been magnanimous toward his former colleagues, telling TechCrunch that he expects most people will continue to use WhatsApp in addition to Signal. But it’s hard not to see in Acton’s recent work the outlines of a redemption narrative — a founder who regrets selling his old company deciding to try again, but with a twist. Or maybe it’s a revenge narrative: I detected more than a little disdain in Acton’s voice when he told TechCrunch, “I have no desire to do all the things that WhatsApp does.”

Marlinspike told me that Acton’s increasingly heavy involvement in day-to-day development was a necessity given a series of recent departures at Signal, suggesting the WhatsApp co-founder might pull back once it was more fully staffed.

“Recently this has been an all-hands-on-deck kind of thing,” Marlinspike said. “He’s been great jumping in and helping where we need help, and helping us scale.”

Still, Acton’s growing involvement could help explain the company’s general reticence toward implementing content policies. WhatsApp was not a “nanny company,” and it appears that neither will be Signal.

Whatever the case, Acton is clearly proud of Signal’s recent growth. “It was a slow burn for three years and then a huge explosion,” he told TechCrunch this month. “Now the rocket is going.”

Some rockets make it into orbit. Others disintegrate in the atmosphere. Signal employees I spoke to worry that the app’s appetite for growth, coupled with inattention to potential misuses of the product, threaten its long-term future. (Of course, not growing would threaten its long-term future in other ways.)

It’s often said that social networks’ more disturbing consequences are a result of their business model. First, they take venture capital, pushing them to quickly grow as big as possible. Then, they adopt ad-based business models that reward users who spread misinformation, harass others, and otherwise sow chaos.

Signal’s story illustrates how simply changing an organization’s business model does not eliminate the potential for platform abuse. Wherever there are incentives to grow, and grow quickly, dangers will accumulate, no matter who is paying the engineers’ salaries.

Signal employees I spoke to said they are confident that the app has not become a primary organizing tool for extremists — though, given its encryption nature, it’s difficult to know for sure. So far, there are no known cases of dangerous organizations posting Signal group links on Twitter or other public spaces. (One employee pointed out that fascists are often quite public about their activities, as the recent insurrection in broad daylight at the Capitol showed.) Usernames and cryptocurrencies are unlikely to cause major problems for the organization until and unless they launch.

At the same time, my sources expressed concern that despite the clear potential for abuse, Signal seemed content to make few efforts to mitigate any harms before they materialize.

“The thing about software is that you never can fully anticipate everything,” Marlinspike told me. “We just have to be willing to iterate.”

On one hand, all software requires iteration. On the other hand, a failure to plan for abuse scenarios has been linked to calamities around the world. (Facebook’s links to genocide in Myanmar, a country in which it originally had no moderators who understood the language, is the canonical example.) And it makes Signal’s potential path more similar to Facebook than its creators are perhaps prepared to admit.

In our conversation, Marlinspike committed to hiring an employee to work on issues related to policy and trust and safety. And he said Signal would change or even eliminate group links from the product if they were abused on a wide scale.

Still, Marlinspike said, it was important to him that Signal not become neutered in the pursuit of a false neutrality between good and bad actors. Marginalized groups depend on secure private messaging to safely conduct everything from basic day-to-day communication to organized activism, he told me. Signal exists to improve that experience and make it accessible to more people, even if bad actors might also find it useful.

“I want us as an organization to be really careful about doing things that make Signal less effective for those sort of bad actors if it would also make Signal less effective for the types of actors that we want to support and encourage,” he said. “Because I think that the latter have an outsized risk profile. There’s an asymmetry there, where it could end up affecting them more dramatically.”

Bernstein, though, saw it differently.

“I think that’s a copout,” he said. “Nobody is saying to change Signal fundamentally. There are little things he could do to stop Signal from becoming a tool for tragic events, while still protecting the integrity of the product for the people who need it the most.”

This column was co-published with Platformer, a daily newsletter about Big Tech and democracy.

Technology US

Grindr fined $11.7 million for illegally sharing private user information with advertisers

Grindr will be fined 100 million Norwegian kroner, or about $11.7 million, by the Norwegian Data Protection Authority for illegally sharing private information about Grindr users to advertisers, according to The New York Times.

Last January, the Norwegian Consumer Council filed three complaints against Grindr for sharing personal information, including users’ locations and information about the device they were using, with advertisers. (One of those advertisers was MoPub, Twitter’s mobile ads company.) Associating that information with an individual could potentially indicate that person’s sexual orientation without their consent, and now, the Norwegian Data Protection Authority is taking action against Grindr for the practice.

Grindr has until February 15th to comment on the Norwegian Data Protection Authority’s ruling.

“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority,” Bill Shafton, Grindr’s VP of business and legal affairs, said in a statement to The Verge.

The app isn’t particularly well-known for taking great care of its users’ security. Grindr was caught exposing users’ HIV statuses to two other companies in April 2018, which the company has stopped doing. And with one particularly bad vulnerability, which we wrote about in October, anyone who knew your email address could potentially access your account.

Grindr has a new owner after a US government committee expressed national security concerns about the app — it was sold by its Chinese owners to investor group San Vicente Acquisition in March 2020.

Technology US

Facebook’s News tab comes to UK in first launch outside of the US

Facebook’s News tab will go live in the UK on January 26th in its first launch outside the US. The company says the section will offer a mix of curated and personalized news stories, but for select publishers the bigger news is that it will see Facebook paying them to license their content.

Although Facebook declined to give information on the amount it expects to pay publishers, a spokesperson said the company plans to invest “substantial” amounts over a number of years. These payments are expected to mainly go to publishers whose content isn’t already on Facebook — for instance, like content that’s normally paywalled. The Guardian previously reported that some publishers expect these payments to be worth millions of pounds a year.

Alongside the news of the section’s launch, Facebook is announcing a number of new publishing partners whose stories it’ll include. These include the Financial Times, Sky News, Channel 4 News, Telegraph Media Group, DC Thomson, and the Daily Mail group. These join existing publishers announced by Facebook in December, including The Guardian, The Economist, The Independent, Wired, Vogue, and local news sites from publishers like Reach.

The tab features a mix of curated and personalized stories.
Image: Facebook

There are also controls to allow you to hide articles or publications from your feed.
Image: Facebook

Facebook News will include a combination of curated stories chosen by “a team of journalists” and articles that are shown based on what users read, share, and follow, similar to how the section works in the US. The company promises that it’ll provide controls to let you hide topics or publishers from your feed if you don’t want to see them. New digests will also be produced to cover major news stories (such as stories relating to the COVID-19 pandemic), which Facebook says will highlight “original and authoritative reporting.”

While Facebook News offers a dedicated section in the app for browsing news stories, the company emphasizes that users will still be able to share articles from their profiles and pages, and will be able to read them via the News Feed.

As well as launching in the UK on Tuesday, Facebook says it’s currently in “active negotiations” with partners to launch the feature in France and Germany. In August last year, following the launch of the News tab in the US, the company listed Brazil and India as two additional countries to which it was considering bringing the section.

Technology US

Amnesty International calls for a ban on facial recognition in New York City

Amnesty International has launched a new campaign against facial recognition titled Ban The Scan — and is launching with a demand for New York City to halt police and government use of the technology.

Amnesty argues facial recognition is incompatible with basic privacy rights, and will exacerbate structural racism in policing tactics. “New Yorkers should be able to go out about their daily lives without being tracked by facial recognition,” said Matt Mahmoudi, an AI and human rights researcher with Amnesty. “Other major cities across the US have already banned facial recognition, and New York must do the same.”

Amnesty is joined in the New York portion of the campaign by a range of groups, including the Urban Justice Center, the New York Civil Liberties Union and the city’s Public Advocate office.

The New York Police Department has run afoul of facial recognition critics before, most notably when it used facial recognition to locate and arrest a Black Lives Matter activist in August. The department claims it only uses facial recognition to generate leads, and doesn’t make arrests based on the information. Still, many civil liberties groups find the existing protections inadequate.

The Ban the Scan campaign is launching with a website that will allow users to leave comments on the NYPD’s policies through a local public oversight rule. Later, Amnesty plans to build in a tool for filing Freedom of Information Law requests, and in May, a tool to geolocate facial-recognition-capable cameras throughout the city.

“For years, the NYPD has used facial recognition to track tens of thousands of New Yorkers, putting New Yorkers of color at risk of false arrest and police violence,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project at the Urban Justice Center in a statement. “Banning facial recognition won’t just protect civil rights: it’s a matter of life and death.”