The Amazfit Band 7 is $50.
Google Pixel ‘aCropalypse’ exploit reverses edited parts of screenshots
A security flaw affecting the Google Pixel’s default screenshot editing utility, Markup, allows images to become partially “unedited,” potentially revealing the personal information users chose to hide, as spotted earlier by 9to5Google and Android Police. The vulnerability, which was discovered by reverse engineers Simon Aaarons and David Buchanan, has since been patched by Google but still has widespread implications for the edited screenshots shared prior to the update.
As detailed in a thread Aaarons posted on Twitter, the aptly-named “aCropalypse” flaw makes it possible for someone to partially recover PNG screenshots edited in Markup. That includes scenarios where someone may have used the tool to crop or scribble out their name, address, credit card number, or any other kind of personal information the screenshot may contain. A bad actor could exploit this vulnerability to reverse some of those changes and obtain information users thought they had been hiding.
In a forthcoming FAQ page obtained early by 9to5Google, Aarons and Buchanan explain that this flaw exists because Markup saves the original screenshot in the same file location as the edited one, and never deletes the original version. If the edited version of the screenshot is smaller than the original, “the trailing portion of the original file is left behind, after the new file is supposed to have ended.”
According to Buchanan, this bug first emerged about five years ago, around the same time Google introduced Markup with the Android 9 Pie update. That’s what makes this all the worse, as years-worth of older screenshots edited with Markup and shared on social media platforms could be vulnerable to the exploit.
The FAQ page states that while certain sites, including Twitter, re-process the images posted on the platforms and strip them of the flaw, others, such as Discord, don’t. Discord only just patched the exploit in a recent January 17th update, which means edited images shared to the platform before that date may be at risk. It’s still not clear whether there are any other affected sites or apps and if so, which ones they are.
The example posted by Aarons (embedded above) shows a cropped image of a credit card posted to Discord, which also has the card number blocked out using the Markup tool’s black pen. Once Aarons downloads the image and exploits the aCropalypse vulnerability, the top part of the image becomes corrupted, but he can still see the pieces that were edited out in Markup, including the credit card number. You can read more about the technical details of the flaw in Buchanan’s blog post.
After Aarons and Buchanan reported the flaw (CVE-2023-21036) to Google in January, the company patched the issue in a March security update for the Pixel 4A, 5A, 7, and 7 Pro with its severity classified as “high.” It’s unclear when this update will arrive for the other devices affected by the vulnerability, and Google didn’t immediately respond to The Verge’s request for more information. If you want to see how the issue works for yourself, you can upload a screenshot edited with a non-updated version of the Markup tool to this demo page created by Aarons and Buchanan. Or, you can check out some of the scary examples posted on the web.
This flaw came to light just days after Google’s security team found that the Samsung Exynos modems included in the Pixel 6, Pixel 7, and select Galaxy S22 and A53 models could allow hackers to “remotely compromise” devices using just a victim’s phone number. Google has since patched the issue in its March update, although this still isn’t available for the Pixel 6, 6 Pro, and 6A devices yet.
Fintech’s fortunes, DAO dreams, Asia’s reseller revival
Keeping up with the latest technology money moves
Despite the slowdown in venture capital activity, there’s still a mountain of money flowing through startups today. TechCrunch+ is launching a series of posts looking at recent, notable venture rounds, exit activity and other news that relates to the financial side of building new technology companies.
While banks are dealing with the crisis kicked off by the failure of well-known, startup-friendly Silicon Valley Bank, upstart tech companies are still more than busy raising capital. They’re also looking for exits. More former than the latter, given the frozen IPO market. But while we wait for the reawakening of a key exit point for startups, we can still keep tabs on where and how the money is flowing into their world.
Remarkable rounds of the week
Etoro reloads at $3.5B valuation
- After its SPAC deal failed to consummate, consumer trading service eToro was left without an expected new tranche of capital and a new valuation mark. However, it had previously secured a pledge for new funds if its SPAC deal fell through, capital that it has now raised.
- The round matters for its size (nine figures), industry (fintech has taken a valuation pounding in recent quarters) and underlying financial results. Despite posting some growth since 2020 in 2022, the company shrank compared to the 2021 period last year. This means that we’re seeing a massive, consumer-fintech company set a new valuation under difficult conditions. Fintech founders should take note.
Seed Club Ventures sneaks out of stealth with $25M to make DAO dreams a reality
- A lot of people assumed interest in DAOs, or decentralized autonomous organizations, had faded in the past year along with crypto bros’ fortunes. But it turns out there are still a number of people very invested in the concept of communities making their own decisions on how to spend millions of dollars.
- Seed Club Ventures, a 63-member consortium of VCs, individual investors, family offices and various entities that still believe in web3, recently came out of stealth with a $25 million fund to help DAOs do just that.
- This matters because that $25 million is going to go to really early-stage projects building much-needed tooling for DAOs. It has already backed projects like Guild, Stability AI, Lens and Metalabel. Such tooling will actually help take DAOs to a level where they can realize some, if not all, of the potential that fully decentralized systems bring.
IntegrityNext raises $109M to help companies ensure their supply chain is ESG-compliant
- There’s a lot of politics around environmental, social and governance (ESG) investing policies for good reason: Compliance with ESG norms requires companies to examine the breadth and depth of their operations to ensure things are done responsibly. That can get expensive, tedious and take a really long time.
- Munich-based IntegrityNext is doing something very special to help companies solve that problem: It helps companies audit their supply chains so they can quickly find out where and how they can optimize the supply chain and comply with ESG requirements.
- This fundraise is really good news for European companies, because they will have an easier time of adopting previously “nice-to-have” ESG policies that are soon becoming “must-have” as regulations in the EU tighten up.
Kream rushes to a $742M valuation because fashion nerds like the circular economy
- In a world of abundance, some things are rare, which is why reseller platforms for luxury goods exist. Spun out of Korean e-commerce giant Naver, Kream has only been around for two years, but the company has seen incredible success as fashion-savvy customers flooded its store, looking for high-end, rare sneakers, watches, bags, accessories and clothing.
- Kream’s $168 million fundraise is interesting because the company is going to invest a lot in its peers to build a reseller network spanning a large swath of Asia — meaning someone in Japan can buy limited edition sneakers that were only launched in Japan.
- It’s also great news for Asia’s growing reselling market, as it signals consumer interest in collectibles and other luxury items, which could drive further investment in this space.
Kredivo raises gigantic $270M Series D to make credit more accessible for underbanked Asians
- It’s no secret that the massive underbanked population in Asia’s developing economies is a big market for fintech to disrupt, and Kredivo, which aims to increase access to credit in Indonesia and Vietnam, has certainly struck gold with a user base that’s about as big as Indonesia’s credit-card-holding population.
- The company’s oversubscribed $270 million Series D is proof of the fact that there’s growth to be had in making people’s lives easier and helping them get access to banking services easily and seamlessly.
Other startup and venture capital news
The venture slowdown is slowing down even the fastest startup categories
- It’s a sad reality of the world that even diamonds at times have no takers, and that seems to be panning out right now in startup land: Even previously hot API startups are suffering in the venture slowdown.
- Per data from GGV, which tracks funding into 63 API companies, startups in this category raised about $2.15 billion in 2022, less than half of what they raised a year earlier. Deal counts have also been down. Q4 2022 saw such startups raising a paltry $134 million, which is lower than in the year’s previous three quarters. That’s got to be tough.
- We care about this because even though API startups are leading the charge with usage-based pricing models, which is arguably the future of software sales, they’re still subject to wider market pressures. Their struggle indicates that no matter how hot a sector you’re in, dollars are likely to be increasingly harder to come by.
Coinbase execs are angry at the SEC raining on their parade
- The crypto world isn’t happy with how lawmakers are treating it. Coinbase’s CEO recently pretty much said the government should just make up its mind about regulations already after the SEC sent it a Wells notice, which basically means the government is going to come after Coinbase and companies like it for “violations of the federal securities laws.”
- We sorta agree with Coinbase here: There really isn’t much precedent for what the crypto world is going through, and fitting the SEC’s nearly century-old laws to the crypto economy feels very much like a square-peg-triangle-hole situation.
- It’s clear the SEC needs to really cement its beliefs on how crypto should be traded so that the wider ecosystem can just follow the rules.
Roofstock cuts 27% of staff in second round of layoffs
- Proptech startups are having a moment, and their employees seem to be paying for it. Rising mortgage rates and the general housing slowdown haven’t been good for companies that depended on people realizing their American dream.
- But buying a house in this economy? A lot of people basically said, “yeah, right,” which basically led to Roofstock, which lets people buy and sell rental homes in dozens of U.S. markets, deciding that it needs to lay off 27% of its staff for the second time in less than two quarters.
- The company’s trying to stay afloat in a sinking housing market, which makes sense, but what doesn’t is that it was valued at $1.9 billion just a year ago. This isn’t good news for the wider proptech market right now.
4 Indian investors explain how their investment strategy has changed since 2021
- Indian startups started 2022 with a pretty good outlook since the global venture slowdown hadn’t gotten to the country yet. But arrive it did, leading to a 70% drop in funding in the second half of the year.
- While we’re sure investors in the country saw it coming, how did they recalibrate their sensors to the new climate? After polling a few investors, Jagmeet found out that for starters, they slowed way down, choosing to make safer bets and generally making sure their portfolio companies have enough runway to last for however long this downturn is going to take.
- Indian investors are also telling their startups to take a step back, solidify their business models and focus on the basics to get to the next milestone. And if needed, raise a down round, because life > death.
When the tech IPO market reopens, keep an eye on HR unicorns
- Do you hear that? That’s Alex giggling in excited expectation of all the S-1s we’re likely to get if HR unicorns continue to grow as quickly as they have.
- The startup group’s ARR growth and regular EBITDA output — and therefore, valuations — seem to be nearly immune to the slowdown as unicorns like Deel, Velocity Global, Gusto and Ripple continue to grow into new markets and categories.
- This means that come IPO season, HR tech companies are going to likely be among the first out of the gate. We’re curious about one thing though: How long can the startups in question grow without going to war with each other, perhaps in the form of price cuts?
Amazfit Band 7 review: where did all the budget trackers go?
I could end my review there — my take on Ernest Hemingway’s six-word story, “Baby Shoes.” But I’m not Hemingway. All I’m saying is everything that’s good, bad, and in-between about the Band 7 can be traced back to its absurdly cheap price.
Usually, when I buy something this cheap, I’m expecting a lot of tradeoffs. Something that makes me go, “A-ha! That’s why it’s $50.” (Technically, it’s actually $49.99, but let’s not quibble over a penny.) And yes, I had a few of those moments while wearing the Amazfit Band 7 these past few weeks. But as with the $99.95 Fitbit Inspire 3, wearing the Band 7 felt like stepping through a portal to the early days of wearable tech — and it made me realize how rare fitness bands are nowadays.
It makes sense. The line between fitness bands and smartwatches grows ever blurrier, to the point I often wondered during testing if anyone would miss fitness bands if they were to completely disappear. The jury is still out on that one, but it led me to another question. Where did all the budget fitness trackers go?
It’s not a looker, but it’ll do
No one is going to compliment you for wearing the Amazfit Band 7. I doubt anyone would even give it a second glance unless it’s to ask, “Oh, is that a Fitbit?”
I mean, look at this thing. It doesn’t help that black is the most boring color for a gadget, but stylish or distinctive, this is not. There are other color options, like pink and beige, but they’re only interesting in that they’re not black. This is the tracker for utilitarians who purse their lips at premium design flourishes, thinking, “Why would I need any of that?”
The default strap is a bit stiff, but nothing feels like it’s about to fall apart. (It does tend to collect dead skin and dust, however.) The whole thing feels a bit plasticky, but that’s perfectly fine because that’s what you sign up for with a $50 tracker. The Band 7 is light at 28g and is comfortable enough to wear to sleep. It’s “heavier” than the Inspire 3’s 17.7g, but I doubt most people would be able to tell the difference.
It is, however, almost impossible to put on one-handed. I had to brace it against a table to stop it from sliding around my wrist when trying to secure the strap. I suspect this is a problem exclusive to the Tiny Wrist Club, but even when I did get it on, it was still too loose. I had to wear it further up my arm for a good fit as I was on the smallest hole already.
The good news is it’s easy to swap out straps. Like the Garmin Vivosmart 5, there aren’t any pins. You just pop the tracker out. The bad news is you need to get a strap specifically for the Band 7, which mostly limits your options to other colors. I did, however, find this snazzy third-party strap on Amazon for about $13.
The nicest thing about the Band 7 is its 1.47-inch OLED display. The bezels are smaller than its predecessor, and everything on the display looks bright and colorful. Notifications are easy to read, and I had an easy time swiping through menus. Surprisingly, the new watchfaces are cute as well. I was particularly fond of the one you see in these review photos. It added a pop of color and fun that’s missing from the overall design. For the data nerds, there are other watchfaces that’ll display the stats you crave — and those aren’t too bad looking, either.
And OLED doesn’t totally destroy battery life. The Band 7 lasted a little over two weeks on a single charge, with the always-on display enabled about a third of that time. Be careful, though, as it comes with a proprietary charger. Don’t be like me and forget where you stashed it because you didn’t need it for so long. I swear I stuck it in my work bag, but I can only conclude it fell through an interdimensional portal to the great e-waste graveyard in the sky. At least replacing the charger isn’t quite as bad as with other devices. An extra charger costs $9.99 from Amazfit itself, but you can find a better deal so long as you’re okay rolling the dice with third-party accessory makers on Amazon.
What $50 gets you in 2023
If you’ve never heard of Amazfit, you only really need to know one thing about its wearables. They pack a metric crapton of features at prices that probably leave Fitbit executives gnashing their teeth.
For instance, here’s a list of the Band 7’s main features:
- Amazon Alexa
- Continuous heart rate, blood oxygen, and stress tracking
- Sleep tracking with sleep stages, sleep scores, and breathing quality
- Training metrics like VO2 Max, recovery time, training load, and training effect
- Virtual Pacing for runs
- Abnormal heart rate, SpO2, and stress alerts
- PAI, which is similar to Fitbit’s Active Zone Minutes or Garmin’s Intensity Minutes
- 120 sports profiles, which somehow include parkour, folk dancing, and chess. Yes, chess.
- Menstrual cycle tracking
- Push notifications, quick replies (Android), find my phone, camera remotes, alarms, timers, and even a Pomodoro timer
- Media controls
Generally, I don’t expect to see these types of training metrics on something under $180 these days unless it’s on sale. I really don’t expect to see abnormal heart rate notifications for under $100. And you get a good level of accuracy for all the basic health metrics. (I can’t say much about the abnormal heart rate and SpO2 alerts other than that I never triggered them.) These features, combined with the OLED display and longer battery life? Pfft. Paying $50 for this feature set feels like you’re getting away with something.
There are a few things that will remind you that this is a budget device, however. The Zepp app — Amazfit and Zepp share a parent company and companion app — isn’t as polished as what you’ll find on bigger-name brands. There are quirks. For instance, it would be great if Zepp could figure out how to make switching to Imperial units stick 100 percent of the time. It’s also overly generous to call Zepp’s 10 mini apps an ecosystem, as its site claims. Occasionally, you have to reconnect with GPS satellites before an outdoor workout, or your data will be wonky. (You’ll be notified before starting, however.) But the app is uncluttered, simple to navigate, and gets the job done.
The features that are missing feel more like sensible compromises than glaring omissions. There are no NFC payments, for example, and it uses your phone’s GPS instead of having its own built-in sensors. And while you can talk to Alexa, there’s a tiny lag, and there’s no speaker, so you have to read whatever its responses are. (Not a terrible loss, however, if you find Alexa annoying.)
In my day-to-day, I wouldn’t say the Band 7 went above and beyond my expectations. That said, it did exactly what I wanted it to. It told me when to take a break from sitting, notified me when texts came through, and occasionally urged me to chill out. It’s such a lightweight device I often forgot I was even wearing it. As with the GTR 4, I made most use of the Pomodoro timer while puttering around doing chores. It’s not a glamorous device, but it’s not meant to be. Sometimes, it’s a relief to use a device that doesn’t aspire to be more than it is.
Casual activity, not training
The Band 7 is best for people who want to move more. I most enjoyed using it for activities like walking, yoga, and bodyweight strength training. Those are the kinds of exercises where I’ll maybe glance at my wrist to check duration or heart rate. That’s perfect since the display isn’t going to show you as much as a larger smartwatch would, anyway. As for accuracy, metrics like step count and heart rate were right on par with other devices I tested during the same period, including the Apple Watch Ultra and Garmin Forerunner 265S.
I’m also a big fan of Amazfit’s PAI system. It gives you an indicator of whether you’re getting enough activity by measuring how many PAI points you get over the course of a week. You earn PAI by raising your heart rate. I go more in-depth into PAI in my Amazfit GTR 4 review, but the gist is it’s a more holistic and beginner-friendly approach to getting your recommended 150 minutes of moderate exercise per week.
That said, I’d never use this to prep for my next race. If I’m going to torture myself with 12-16 weeks of training, I want more precise GPS data than a tethered device can give me. On a 3.03-mile run recorded by my iPhone, it only logged 2.45 miles, while the Apple Watch Ultra logged 3.01 miles. That, in turn, threw off metrics for pace and VO2 Max. (Though some of this was due to a delay in the Band 7 acquiring a GPS signal.) That’s okay for short, casual runs (e.g., 1-4 miles), but it’s not what I wanted during the home stretch of my half-marathon training. Between the Forerunner 265S and the Band 7, you can guess which one I left on my nightstand on race day.
Where have all the fitness bands gone?
These days, there are more smartwatches than fitness bands. That wasn’t always the case. It used to be that I could list several sub-$200 fitness bands off the top of my head. There was the Misfit Ray and Shine, the Fitbit Alta HR (and most Fitbits before the Blaze), the Jawbone UP, and Samsung Gear Fit 2. But aside from the Amazfit Band 7, I can only name a handful of other fitness bands that have come out in the past year — the nearly identical $49.99 Xiaomi Mi Band 7, the $99.95 Fitbit Inspire 3, and the $149.99 Garmin Vivosmart 5.
And now that I think of it, it’s odd.
We have budget phones, laptops, speakers, TVs, and headphones — and I suspect my peers in these categories could probably name more than three from reputable brands that came out in the last year. There are several reasons I can think as to why that is, but the fact is companies are prioritizing premium flagship smartwatches at the expense of affordable, simple fitness trackers. I’m sure profit margins have something to do with it, but it’s a shame.
But perhaps I’m wrong. Maybe this is people voting with their wallets. Maybe fitness bands have had their time, and the vast majority of people don’t find the savings or extra battery life worth it. I somehow doubt that. And even if it were true, that doesn’t negate the need for good budget options. Whatever you think of wearable tech, fitness trackers can be a motivational tool to improve your health or stay connected without staring at your phone 24/7. You shouldn’t need to pay $200 or more for that if all you want are the very basics.
So, yes, this is a $50 fitness band. And a good one at that. I wish there were more like it.
Are solo GPs screwed? | TechCrunch
Entrepreneur Ankur Nagpal raised a $70 million venture fund last year, called Vibe Capital, from over 200 investors. But now, as the market shifts and LPs are less interested in venture capital, the Ocho founder is shrinking the fund side by roughly 43%, canceling capital calls, and, ultimately, sending back money that had already been wired to the fund.
The contraction, Nagpal told TechCrunch, occurred because he’s busy building his own startup and the funding environment has shifted to more realistic expectations: “What looked like a $10 billion outcome is now a $1 billion dollar outcome.” As a result, he says he’s more confident on returning a higher multiple if he’s investing from a smaller fund size.
His LPs were surprised but “super happy” to get the capital back, Nagpal said. Since announcing the cut, the founder says that five different solo GPs have messaged him asking for introductions to LPS who just got capital back. “I think the reality is a lot of these people who are getting money back are actually not going to allocate it to venture anymore.” One of Nagpal’s biggest investors is Tiger Global, which has become notorious for retreating from venture fund bets. His other investors, namely venture funds, will likely use the capital to bet on new startups out of their own fund, he said.
In Nagpal’s case, the move will let him put 90% of his time into his new startup. But he says others in the solo GP world are going through a rough time. Many are shrinking fund goals, extending fundraising timelines, teaming up with investors to avoid team risk or even going toward placement agents, once taboo in the world of fundraising, to help them close investors in exchange for a fee. “Even the ones who are taking it seriously are actually now trying to build a firm, so you’re kind of becoming the thing that you were trying to replace,” he said.
It’s a shift from the fund of fund mentality that felt commonplace last year, in which investment firms cut checks to early-stage, experimental investors to de-risk and even lead first checks into a generation of new startups. At the time, Tiger announced its $1 billion fund to back other funds but has since reneged. Alexis Ohanian and Katelin Holloway’s fund, 776, dedicated $10 million of its $500 million set of funds to back emerging fund managers. (The firm did not respond to requests for comment on an update of the fund allocation.) Other efforts, like Spearhead, a platform to turn founders into angel investors built by AngelList’s Naval Ravikant and Accomplice’s Jeff Fagnan, appear to no longer be active.
The history of solo GPs
Before solo GPs were in the spotlight, they were set aside. LPs weren’t giving lone venture capitalists meaningful capital, but as entrepreneurs with massive networks sought to formalize some of their angel investing operations, the deal sweetened. Add in the fact that platforms like AngelList made it easier and cheaper to set up a fund and handle all associated admin fees, and the jokes started rolling: Anyone with opinions and a following on Tech Twitter could start a fund.
- Duncan Ferguson: I wouldn’t leave Forest Green for Everton or Real Madrid | Football News
- Fintech’s fortunes, DAO dreams, Asia’s reseller revival
- MASSIVE PRE-DAWN LINES Form in Waco, TX this Morning for Historic Trump Rally – Ted Nugent Announces “I Will Unleash a Fire-Breathing Star-Spangled Banner”
- BIDEN ECONOMY: Federal Government Spending UP 40% Since 2019 as Inflation Soars and Recession Looms
- Jim Crawford: Republic of Ireland U21s boss angered after ‘uneducated’ trolls racially abuse U15 players | Football News
Entertainment2 months ago
Rita Ora On Tessa Thompson Taika Waititi Throuple Rumor
Social Media2 months ago
Meet the actor Shanu Bhutto
Social Media2 months ago
Meet Devam Divecha is a Young Successful Musical artist, Rapper and Famous Singer in India
Social Media2 months ago
Meet the digital influencer and marketer; Alex Chungath
Social Media2 months ago
How to start Career in Graphics Design with Canva?
Cryptocurrency2 months ago
An ace professional taking over the world of Forex and Trading
Social Media2 months ago
Young Entrepreneur Pratik Virkhare bringing latest trends in Digital Marketing
Technology3 months ago
The Benefits of Application Security: How It Can Help You Protect Your Business