ClassPass, finally a unicorn, raises $285 million in new funding

ClassPass has today announced the close of a $285 million Series E funding round led by L Catterton and Apax Digital, with participation from existing investor Temasek. This latest round brings ClassPass’s valuation to $1 billion.

We had heard this round was in the works and today it’s been confirmed.

ClassPass launched in 2013 to give users an easier way to work out. The company partners with boutique fitness studios, letting users search through that inventory and book a class all from their smartphone. Since launch, ClassPass has implemented several different business models, trying to find the right unit economics.

In 2017, the company announced it would be introducing a credit system via virtual currency. Combined with its data around the popularity of classes, this allowed ClassPass to introduce variable pricing. Instead of users paying a monthly fee for three, five or ten classes per month, users could use their virtual ClassPass currency to sign up for classes and pay based on the demand around those classes.

With the revenue model in place and working, ClassPass has focused on growth over this past year. International growth has been a top priority, with the company now operating in 28 countries, partnering with more than 30,000 partners, including boutique studios, gyms and wellness providers.

The second area of growth has been on the business front. ClassPass introduced a corporate program that allows organizations to subsidize the employees using the product. Lanman says this differs from other corporate programs that ask the employer to subsidize each individual employee whether they use the product or not.

Thus far, ClassPass has more than 1,000 employers using the platform, including Morgan Stanley, Goldman Sachs, Google and Facebook.

Finally, ClassPass is expanding its offering with the introduction of wellness providers. Since the inception of the company, Kadakia has always envisioned ClassPass as a portal through which users can find and enjoy new experiences. The plan has always been to go beyond fitness, and wellness is the next link in the chain for ClassPass.

Kadakia said that most of the users who sign up for meditation on ClassPass (the company’s most popular wellness option) are trying it for the first time.

Here’s what she had to say in a prepared statement:

We are motivated by the impact we’ve had on members and partners, including 100 million hours of workouts that have already been booked. This investment is a significant milestone that will further our mission to help people stay active and spend their time meaningfully.

ClassPass has come a long way since 2013, iterating its business model several times. But CEO Fritz Lanman believes that ClassPass’s ability to adapt is one of its greatest strengths.

When it first launched, a ClassPass membership offered unlimited classes each month to users. Eventually, that was re-priced and a cap was introduced on the number of monthly classes users could take. This all led to the launch of virtual currency and variable pricing, which seems to be the piece that fits the puzzle.

“Change can be good,” said Lanman. “I’m not ashamed of the business model iterations we went through. It’s unclear if we would have even gotten to this credit system had we not had business models that worked at a smaller scale.”

He went on to say that some businesses won’t have a model that is perfect and will work forever, and that there are a lot of benefits to going through the process of business model iteration.

This brings ClassPass’s total funding to nearly $550 million. Future plans for the company include more geographic expansion and growing the corporate business.

VLC prepares to add AirPlay support as it crosses 3 billion downloads

VLC, the hugely popular media playing service, is filing one of its gaps with the addition of AirPlay support as its just crossed an incredible three billion users.

The new feature was revealed by Jean-Baptiste Kempf, one of the service’s lead developers, in an interview with Variety at CES and it will give users a chance to beam content from their Android or iOS device to an Apple TV. The addition, which is due in the upcoming version 4 of VLC, is the biggest new feature since the service added Chromecast support last summer.

But that’s not all that the dozen or so people on the VLC development team are working on.

In addition, Variety reports that VLC is preparing to add enable native support for VR content. Instead of SDKs, the team has reversed engineered popular hardware to offer features that will include the option to watch 2D content in a cinema-style environment. There are also plans to bring the service to more platforms, with VentureBeat reporting that the VLC team is eying PlayStation 4, Nintendo Switch and Roku devices.

VLC, which is managed by non-profit parent VideonLAN, racked up its 3 millionth download at CES, where it celebrated with the live ticker pictured above. The service reached one billion downloads back in May 2012, which represents incredible growth for a venture that began life as a project from Ecole Centrale Paris students in 1996.

Timehop discloses July 4 data breach affecting 21 million

Timehop has disclosed a security breach that has compromised the personal data (names and emails) of 21 million users. Around a fifth of the affected users — or 4.7M — have also had a phone number that was attached to their account breached in the attack.

The startup, whose service plugs into users’ social media accounts to resurface posts and photos they may have forgotten about, says it discovered the attack while it was in progress, at 2:04 US Eastern Time on July 4, and was able to shut it down two hours, 19 minutes later — albeit, not before millions of people’s data had been breached.

According to its preliminary investigation of the incident, the attacker first accessed Timehop’s cloud environment in December — using compromised admin credentials, and apparently conducting reconnaissance for a few days that month, and again for another day in March and one in June, before going on to launch the attack on July 4, during a US holiday.

Timehop publicly disclosed the breach in a blog post on Saturday, several days after discovering the attack.

It says no social media content, financial data or Timehop data was affected by the breach — and its blog post emphasizes that none of the content its service routinely lifts from third party social networks in order to present back to users as digital “memories” was affected.

However the keys that allow it to read and show users their social media content were compromised — so it has all keys deactivated, meaning Timehop users will have to re-authenticate to its App to continue using the service.

“If you have noticed any content not loading, it is because Timehop deactivated these proactively,” it writes, adding: “We have no evidence that any accounts were accessed without authorization.”

It does also admit that the tokens could “theoretically” have been used for unauthorized users to access Timehop users’ own social media posts during “a short time window” — although again it emphasizes “we have no evidence that this actually happened”.

“We want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile,” it adds.

“The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your “Memories” after you’ve seen them.”

In terms of how its network was accessed, it appears that the attacker was able to compromise Timehop’s cloud computing environment by targeting an account that had not been protected by multifactor authentication.

That’s very clearly a major security failure — but one Timehop does not explicitly explain, writing only that: “We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.”

Part of its formal incident response, which it says began on July 5, was also to add multifactor authentication to “all accounts that did not already have them for all cloud-based services (not just in our Cloud Computing Provider)”. So evidently there was more than one vulnerable account for attackers to target.

Its exec team will certainly have questions to answer about why multifactor authentication was not universally enforced for all its cloud accounts.

For now, by way of explanation, it writes: “There is no such thing as perfect when it comes to cyber security but we are committed to protecting user data. As soon as the incident was recognized we began a program of security upgrades.” Which does have a distinct ‘stable door being locked after the horse has bolted’ feel to it.

It also writes that it carried out “the introduction of more pervasive encryption throughout our environment” — so, again, questions should be asked why it took an incident response to trigger a “more pervasive” security overhaul.

Also not entirely clear from Timehop’s blog post: When/if affected users were notified their information has been breached.

The company posed the blog post disclosing the security breach to its Twitter account on July 8. But prior to that its Twitter account was only noting that some “unscheduled maintenance” might be causing problems for users accessing the app…

We’ve reached out to the company with questions and will update this post with any response.

Timehop does say that at the same time as it was working to shut down the attack and tighten up its security, company executives contacted local and federal law enforcement officials — presumably to report the breach.

Breach reporting requirements are baked into Europe’s recently updated data protection framework, the GDPR, which puts the onus firmly on data controllers to disclose breaches to supervisory authorities — and to do so quickly — with the regulation setting a universal standard of within 72 hours of becoming aware of it (unless the personal data breach is unlikely to result in “a risk to the rights and freedoms of natural persons”).

Referencing GDPR, Timehop writes: “Although the GDPR regulations are vague on a breach of this type (a breach must be “likely to result in a risk to the rights and freedoms of the individuals”), we are being pro-active and notifying all EU users and have done so as quickly as possible. We have retained and have been working closely with our European-based GDPR specialists to assist us in this effort.”

The company also writes that it has engaged the services of an (unnamed) cyber threat intelligence company to look for evidence of use of the email addresses, phone numbers, and names of users being posted or used online and on the Dark Web — saying that “while none have appeared to date, it is a high likelihood that they will soon appear”.

Timehop users who are worried the network intrusion and data breach might have impact their “Streak” — aka the number Timehop displays to denote how many consecutive days they have opened the app — are being reassured by the company that “we will ensure all Streaks remain unaffected by this event”.

WhatsApp revamps Groups to fight Telegram

Facebook just installed its VP of Internet.org as the new head of WhatsApp after its CEO Jan Koum left the company. And now Facebook is expanding its mission to get people into “meaningful” groups to WhatsApp. Today, WhatsApp launched a slew of new features for Groups on iOS and Android that let admins set a description for their community and decide who can change the Groups settings. Meanwhile, users will be able to get a Group catch up that shows messages they were mentioned in, and search for people in the group.

WhatsApp’s new Group descriptions

WhatsApp Group participant search

Group improvements will help WhatsApp better compete with Telegram, which has recently emerged as an insanely popular platform for chat groups, especially around cryptocurrency. Telegram has plenty of admin controls of its own, but the two apps will be competing over who can make it easiest to digest these fast-moving chat forums.

“These are features are based on user requests. We develop the product based on what our users want and need” a WhatsApp spokesperson told me when asked why it’s making this update. “There are also people coming together in groups onWhatsApp like new parents looking for support, students organizing study sessions, and even city leaders coordinating relief efforts after natural disasters.”

Facebook is on a quest to get 1 billion users into “meaningful” Groups and recently said it now has hit the 200 million user milestone. Groups could help people strengthen their ties with their city or niche interests, which can make them feel less alone.

With Group descriptions, admins can explain the purpose and rules of a group. They show up when people check out the group and appear atop the chat window when they join. New admin controls let them restrict who is allowed to alter a group’s subject, icon, and description. WhatsApp is also making it tougher to re-add someone to a group they left so you can’t “Group-add-spam people”. Together, these could make sure people find relevant groups, naturally acclimate to their culture, and don’t troll everyone.

As for users, the new Group catch up feature offers a new @ button in the bottom right of the chat window that when tapped, surfaces all your replies and mentions since you last checked. And if you want to find someone specific in the Group, the new participant search on the Info page could let you turn a group chat into a private convo with someone you meet.

WhatsApp Group catch up

Now that WhatsApp has a stunning 1.5 billion users compared to 200 million on Telegram, its next phase of growth may come from deepening engagement instead of just adding more accounts. Many people already do most of their one-on-one chatting with friends on WhatsApp, but Groups could invite tons of time spent as users participate in communities of strangers around their interests.

Why Snapchat’s re-redesign will fail and how to fix it

Snap screwed it all up jumbling messages and Stories, banishing creators to Discover, and wrecking auto-advance. Prideful of his gut instincts, Snap CEO Evan Spiegel refused to listen to the awful user reviews and declining usage. Now a YouGov  study shows a 73% drop in user sentiment towards Snapchat, the app’s user count shrank in March, and its share price is way down.

Yet the re-redesign Snapchat is finally rolling out today in response won’t fix the problems. The company still fails to understand that people want a predictable app that’s convenient to lay back and watch, and social media stars are more similar to you and me than they are to news outlets producing mobile magazine-style Discover content.

There’s a much better path for Snapchat, but it will require an ego adjustment and a bigger reversal of the changes — philosophy be damned.

Snapchat’s impression amongst US users fell off a cliff when the redesign was rolled out early this year

Here’s what Snapchat was, is becoming, and should be.

The Old Snapchat

Snapchat’s best design was in September 2016. It lacked sensible Stories sorting, and got some questionable changes before the big January 2018 redesign, but the fundamentals were there:

  • Left: Messages in reverse chronological order
  • Right: Stories from everyone in reverse chronological order with a carousel of ranked preview tiles in a carousel above or below Stories
  • Auto-Advance: Automatic and instant

 

The Broken Snapchat

Snapchat’s big January 2018 redesign did two smart things. It added more obvious navigation buttons to ease in new and adult users. And it made the Stories list algorithmically sorted so you’d see your best friends first rather than just who posts most often, as TechCrunch recommended last April.

But it introduced a bunch of other problems like pulling creators out of the Stories list, turning the inbox into chaos with ad-laden Stories, and breaking auto-advance so you have to watch an annoying interstitial between each friend. Spiegel stubbornly refused to listen to the poor feedback, saying in February “Even the complaints we’re seeing reinforce the philosophy. Even the frustrations we’re seeing really validate those changes. It’ll take time for people to adjust”. That quickly proved short-sighted.

  • Left: Messages and Stories from friends mixed together, sorted algorithmically
  • Right: Discover, sorted algorithmically, with influencers and people who don’t follow you back mixed in
  • Auto-Advance: Interstitial preview screens

The Re-Redesigned Snapchat

Users hated the redesign, initial reviews were mostly negative, and Snapchat’s growth fell to its lowest rate ever. After some tests, Today Snapchat tells us it’s rolling out the re-redesign to the majority of iOS users that’s a little less confusing. Yet it doesn’t address the core problems, plus makes the Discover screen more overwhelming:

  • Left: Messages sorted reverse chronologically
  • Right: Friends’ Stories at the top sorted algorithmically [Correction: Not chronologically], then subscriptions to creators sorted algorithmically, then Discover channels sorted algorithmically
  • Auto-Advance: Interstitial preview screens in Stories but not Subscriptions or For You

The Right Snapchat

While the re-redesign makes Snapchat’s messaging inbox work like it used to, it overloads the Discover screen and leaves auto-advance broken out of a misguided hope of ensuring you never watch a frenemy or ex’s Story by accident and show up in their view counts. But that’s not worth ruining the laid-back viewing experience we’ve grown to love on Instagram Stories, and could be better solved with a mute button or just getting people to unfriend those they can’t be seen watching.

That’s why I recommend Snapchat move to a hybrid of all its designs:

  • Left: Messages sorted reverse chronologically
  • Right: Stories from all friends and creators, displayed as preview tiles, sorted algorithmically to preference close friends
  • Further Right: Discover, with preview tile sections for subscriptions, publishers, and Our Stories/Maps/Events [This whole screen could be crammed into the Stories page if Snap insisted on just one screen on the right]
  • Auto-Advance: Traditional instant auto-advance without interstitials, plus a mute button to hide people

This design would make the inbox natural and uncluttered, ensure you see all your closest friends’ Stories, keep influencers from being buried in Discover, give publishers and Snapchat’s own content recommendations including new creators room to breathe, and let you easily relax and watch a ton of Stories in a row.

Snapchat could have slowly iterated its way to this conclusion. It could have done extensive beta testing of each change to ensure it didn’t misstep. And perhaps facing an existential crisis from the exceedingly viable alternatives Instagram and WhatsApp, it should never have attempted a sweeping overhaul of its app’s identity. Twitter’s conservative approach to product updates looks wiser in retrospect. Instead, Snap is in decline.

Facebook’s family of apps have survived over the years by changing so gradually that they never shocked users into rebellion, or executing major redesigns when users had no comparable app to switch to. Snapchat calls itself a camera company, but it’s really a “cool” company — powered by the perception of its trendiness with American kids. But as ephemeral content proliferates and Stories become a ubiquitous standard soon to surpass feeds as the preferred way to share, they’ve gone from hip to utility. So if its features aren’t cool any more and are offered in a slicker way to a larger audience elsewhere, what is Snapchat anymore?

Android Pay Now Works In Mobile Apps

android-pay-apps Following its launch this fall, Google’s Apple Pay rival known as Android Pay is taking another notable step this morning: it’s now available to use within mobile applications. According to the company, Android Pay will initially be available as an alternative means of checking out and paying for goods and services in a number of apps in the U.S., including shopping apps like… Read More

VP Of Design At Twitter, Mike Davidson, Stepping Down In February

twitter-lightning-glacier3200 According to a tweet from Mike Davidson, Twitter is about to lose its Vice President of Design: 🙂 To be a little more clear, I am leaving @Twitter permanently, but it will always be with me! — Mike Davidson (@mikeindustries) December 15, 2015 It’s a pretty high-profile loss for the company, that is hoping to pick up the pace when it comes to signing up more users with flashy… Read More

Lightsaber Yourself With Facebook’s Star Wars Profile Pics

Facebook Star Wars Photo Show you’re down with The Force this week then hide your Jedi ways with Facebook’s new Star Wars temporary profile pictures. Just in time for the release of The Force Awakens, click here then hit the Try It button and Facebook will let you add a scary red Dark Side cross-guard lightsaber or a benevolent blue over one of your photos. Then you can make it your profile pic and set… Read More

Verizon Now Allows TV Customers To Stream DVR Recordings Outside Of The Home

Screen Shot 2015-12-14 at 11.20.26 AM In an effort to stave off further cord-cutting as well as catch up with rivals, Verizon* announced today that its FiOS customers will be able to stream their DVR recordings outside of the home, anywhere they have an Internet connection, for the first time. In addition, the company says customers are now able to watch all their live TV channels on any device while in the home and on their… Read More

Facebook Is Killing Photo Syncing, Asks Users To Download Its “Moments” App Instead

Screen Shot 2015-12-14 at 10.09.20 AM Facebook clearly believes it has its next hit app on its hands to follow Messenger with its private photo-sharing service, Moments. The company has now announced it will soon discontinue support for photo syncing, and is instead asking users to download the Moments app through a pop-up notification that appears at the top of the News Feed. That means if you want to continue to… Read More