Blog

Thundra announces $4M Series A to secure and troubleshoot serverless workloads

Thundra, an early stage serverless tooling startup, announced a $4 million Series A today led by Battery Ventures. The company spun out from OpsGenie after it was sold to Atlassian for $295 million in 2018.

York IE, Scale X Ventures and Opsgenie founder Berkay Mollamustafaoglu also participated in the round. Battery’s Neeraj Agarwal is joining the company’s board under the terms of the agreement.

The startup also announced that it had recently hired Ken Cheney as CEO with technical founder Serkan Ozal becoming CTO.

Originally, Thundra helped run the serverless platform at OpsGenie. As a commercial company, it helps monitor, debug and secure serverless workloads on AWS Lambda. These three tasks could easily be separate tools, but Cheney says it makes sense to include them all because they are all related in some way.

“We bring all that together and provide an end-to-end view of what’s happening inside the application, and this is what really makes Thundra unique. We can actually provide a high-level distributed view of that constantly-changing application that shows all of the components of that application, and how they are interrelated and how they’re performing. It can also troubleshoot down to the local service, as well as go down into the runtime code to see where the problems are occurring and let you know very quickly,” Cheney explained.

He says that this enables developers to get this very detailed view of their serverless application that otherwise wouldn’t be possible, helping them concentrate less on the nuts and bolts of the infrastructure, the reason they went serverless in the first place, and more on writing code.

Serverless trace map in Thundra. Screenshot: Thundra

Thundra is able to do all of this in a serverless world, where there isn’t a fixed server and resources are ephemeral, making it difficult to identity and fix problems. It does this by installing an agent at the Lambda (AWS’ serverless offering) level on AWS, or at runtime on the container at the library level,” he said.

Battery’s Neeraj Agarwal says having invested in OpsGenie, he knew the engineering team and was confident in the team’s ability to take it from internal tool to more broadly applicable product.

“I think it has to do with the quality of the engineering team that built OpsGenie. These guys are very microservices oriented, very product oriented, so they’re very quick at iterating and developing products. Even though this was an internal tool I think of it as very much productized, and their ability to now sell it to the broader market is very exciting,” he said.

The company offers a free version, then tiered pricing based on usage, storage and data retention. The current product is a cloud service, but it plans to add an on prem version in the near future.

Thundra announces $4M Series A to secure and troubleshoot serverless workloads

Thundra, an early stage serverless tooling startup, announced a $4 million Series A today led by Battery Ventures. The company spun out from OpsGenie after it was sold to Atlassian for $295 million in 2018.

York IE, Scale X Ventures and Opsgenie founder Berkay Mollamustafaoglu also participated in the round. Battery’s Neeraj Agarwal is joining the company’s board under the terms of the agreement.

The startup also announced that it had recently hired Ken Cheney as CEO with technical founder Serkan Ozal becoming CTO.

Originally, Thundra helped run the serverless platform at OpsGenie. As a commercial company, it helps monitor, debug and secure serverless workloads on AWS Lambda. These three tasks could easily be separate tools, but Cheney says it makes sense to include them all because they are all related in some way.

“We bring all that together and provide an end-to-end view of what’s happening inside the application, and this is what really makes Thundra unique. We can actually provide a high-level distributed view of that constantly-changing application that shows all of the components of that application, and how they are interrelated and how they’re performing. It can also troubleshoot down to the local service, as well as go down into the runtime code to see where the problems are occurring and let you know very quickly,” Cheney explained.

He says that this enables developers to get this very detailed view of their serverless application that otherwise wouldn’t be possible, helping them concentrate less on the nuts and bolts of the infrastructure, the reason they went serverless in the first place, and more on writing code.

Serverless trace map in Thundra. Screenshot: Thundra

Thundra is able to do all of this in a serverless world, where there isn’t a fixed server and resources are ephemeral, making it difficult to identity and fix problems. It does this by installing an agent at the Lambda (AWS’ serverless offering) level on AWS, or at runtime on the container at the library level,” he said.

Battery’s Neeraj Agarwal says having invested in OpsGenie, he knew the engineering team and was confident in the team’s ability to take it from internal tool to more broadly applicable product.

“I think it has to do with the quality of the engineering team that built OpsGenie. These guys are very microservices oriented, very product oriented, so they’re very quick at iterating and developing products. Even though this was an internal tool I think of it as very much productized, and their ability to now sell it to the broader market is very exciting,” he said.

The company offers a free version, then tiered pricing based on usage, storage and data retention. The current product is a cloud service, but it plans to add an on prem version in the near future.

Placer.ai, a location data analytics startup, raises $12 million Series A

Placer.ai, a startup that analyzes location and foot traffic analytics for retailers and other businesses, announced today that it has closed a $12 million Series A. The round was led by JBV Capital, with participation from investors including Aleph, Reciprocal Ventures and OCA Ventures.

The funding will be used on research and development of new features and to expand Placer.ai’s operation in the United States.

Launched in 2016, Placer.ai’s SaaS platform gives its clients to real-time data that helps them make decisions like where to rent or buy properties, when to hold sales and promotions and how to manage assets.

Placer.ai analyzes foot traffic and also creates consumer profiles to help clients make marketing and ad spending decisions. It does this by collecting geolocation and proximity data from devices that are enabled to share that information. Placer.ai’s co-founder and CEO Noam Ben-Zvi says the company protects privacy and follows regulation by displaying aggregated, anonymous data and does not collect personally identifiable data. It also does not sell advertising or raw data.

The company currently serves clients in the retail (including large shopping centers), commercial real estate and hospitality verticals, including JLL, Regency, SRS, Brixmor, Verizon* and Caesars Entertainment.

“Up until now, we’ve been heavily focused on the commercial real estate sector, but this has very organically led us into retail, hospitality, municipalities and even [consumer packaged goods],” Ben-Zvi told TechCrunch in an email. “This presents us with a massive market, so we’re just focused on building out the types of features that will directly address the different needs of our core audience.”

He adds that lack of data has hurt retail businesses with major offline operations, but that “by effectively addressing this gap, we’re helpiong drive more sustainable growth or larger players or minimizing the risk for smaller companies to drive expansion plans that are strategically aggressive.”

Others startups in the same space include Dor, Aislelabs, RetailNext, ShopperTrak and Density. Ben-Zvi says Placer. ai wants to differentiate by providing more types of real-time data analysis.

While there are a lot of companies touching the location analytics space, we’re in a unique situation as the only company providing these deep and actionable insights for any location in the country in a real-time platform with a wide array of functionality,” he said.

*Disclosure: Verizon Media is the parent company of TechCrunch.

UK watchdog sets out “age appropriate” design code for online services to keep kids’ privacy safe

The UK’s data protection watchdog has today published a set of design standards for Internet services which are intended to help protect the privacy of children online.

The Information Commissioner’s Office (ICO) has been working on the Age Appropriate Design Code since the 2018 update of domestic data protection law — as part of a government push to create ‘world-leading’ standards for children when they’re online.

UK lawmakers have grown increasingly concerned about the ‘datafication’ of children when they go online and may be too young to legally consent to being tracked and profiled under existing European data protection law.

The ICO’s code is comprised of 15 standards of what it calls “age appropriate design” — which the regulator says reflects a “risk-based approach”, including stipulating that setting should be set by default to ‘high privacy’; that only the minimum amount of data needed to provide the service should be collected and retained; and that children’s data should not be shared unless there’s a reason to do so that’s in their best interests.

Profiling should also be off by default. While the code also takes aim at dark pattern UI designs that seek to manipulate user actions against their own interests, saying “nudge techniques” should not be used to “lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections”.

“The focus is on providing default settings which ensures that children have the best possible access to online services whilst minimising data collection and use, by default,” the regulator writes in an executive summary.

While the age appropriate design code is focused on protecting children it is applies to a very broad range of online services — with the regulator noting that “the majority of online services that children use are covered” and also stipulating “this code applies if children are likely to use your service” [emphasis ours].

This means it could be applied to anything from games, to social media platforms to fitness apps to educational websites and on-demand streaming services — if they’re available to UK users.

“We consider that for a service to be ‘likely’ to be accessed [by children], the possibility of this happening needs to be more probable than not. This recognises the intention of Parliament to cover services that children use in reality, but does not extend the definition to cover all services that children could possibly access,” the ICO adds.

Here are the 15 standards in full as the regulator describes them:

  1. Best interests of the child: The best interests of the child should be a primary consideration when you design and develop online services likely to be accessed by a child.
  2. Data protection impact assessments: Undertake a DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access your service, which arise from your data processing. Take into account differing ages, capacities and development needs and ensure that your DPIA builds in compliance
    with this code.
  3. Age appropriate application: Take a risk-based approach to recognising the age of individual users and ensure you effectively apply the standards in this code to child users. Either establish age with a level of certainty that is appropriate to the risks to the rights and freedoms of children that arise from your data processing, or apply the standards in this code to all your users instead.
  4. Transparency: The privacy information you provide to users, and other published terms, policies and community standards, must be concise, prominent and in clear language suited to the age of the child. Provide additional specific ‘bite-sized’ explanations about how you use personal data at the point that use is activated.
  5. Detrimental use of data: Do not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.
  6. Policies and community standards: Uphold your own published terms, policies and community standards (including but not limited to privacy policies, age restriction, behaviour rules and content policies).
  7. Default settings: Settings must be ‘high privacy’ by default (unless you can demonstrate a compelling reason for a different default setting, taking account of the best interests of the child).
  8. Data minimisation: Collect and retain only the minimum amount of personal data you need to provide the elements of your service in which a child is actively and knowingly engaged. Give children separate choices over which elements they wish to activate.
  9. Data sharing: Do not disclose children’s data unless you can demonstrate a compelling reason to do so, taking account of the best interests of the child.
  10. Geolocation: Switch geolocation options off by default (unless you can demonstrate a compelling reason for geolocation to be switched on by default, taking account of the best interests of the child). Provide an obvious sign for children when location tracking is active. Options which make a child’s location visible to others must default back to ‘off’ at the end of each session.
  11. Parental controls: If you provide parental controls, give the child age appropriate information about this. If your online service allows a parent or carer to monitor their child’s online activity or track their location, provide an obvious sign to the child when they are being monitored.
  12. Profiling: Switch options which use profiling ‘off’ by default (unless you can demonstrate a compelling reason for profiling to be on by default, taking account of the best interests of the child). Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (in particular, being fed content that is detrimental to their health or wellbeing).
  13. Nudge techniques: Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections.
  14. Connected toys and devices: If you provide a connected toy or device ensure you include effective tools to enable conformance to this code.
  15. Online tools: Provide prominent and accessible tools to help children exercise their data protection rights and report concerns.

The Age Appropriate Design Code also defines children as under the age of 18 — which offers a higher bar than current UK data protection law which, for example, puts only a 13-year-age limit for children to be legally able to give their consent to being tracked online.

So — assuming (very wildly) — that Internet services were to suddenly decide to follow the code to the letter, setting trackers off by default and not nudging users to weaken privacy-protecting defaults by manipulating them to give up more data, the code could — in theory — raise the level of privacy both children and adults typically get online.

However it’s not legally binding — so there’s a pretty fat chance of that.

Although the regulator does make a point of noting that the standards in the code are backed by existing data protection laws, which it does regulate and can legally enforceable — pointing out that it has powers to take action against law breakers including “tough sanctions” such as orders to stop processing data and fines of up to 4% of a company’s global turnover.

So, in a way, the regulator appears to be saying: ‘Are you feeling lucky data punk?’

Last April the UK government published a white paper setting out its proposals for regulating a range of online harms — including seeking to address concern about inappropriate material that’s available on the Internet being accessed by children.

The ICO’s Age Appropriate Design Code is intended to support that effort. So there’s also a chance that some of the same sorts of stipulations could be baked into the planned online harms bill.

“This is not, and will not be, ‘law’. It is just a code of practice,” said Neil Brown, an Internet, telecoms and tech lawyer at Decoded Legal, discussing the likely impact of the suggested standards. “It shows the direction of the ICO’s thinking, and its expectations, and the ICO has to have regard to it when it takes enforcement action but it’s not something with which an organisation needs to comply as such. They need to comply with the law, which is the GDPR [General Data Protection Regulation] and the DPA [Data Protection Act] 2018.

“The code of practice sits under the DPA 2018, so companies which are within the scope of that are likely to want to understand what it says. The DPA 2018 and the UK GDPR (the version of the GDPR which will be in place after Brexit) covers controllers established in the UK, as well as overseas controllers which target services to people in the UK or monitor the behaviour of people in the UK. Merely making a service available to people in the UK should not be sufficient.”

“Overall, this is consistent with the general direction of travel for online services, and the perception that more needs to be done to protect children online,” Brown also told us.

“Right now, online services should be working out how to comply with the GDPR, the ePrivacy rules, and any other applicable laws. The obligation to comply with those laws does not change because of today’s code of practice. Rather, the code of practice shows the ICO’s thinking on what compliance might look like (and, possibly, goldplates some of the requirements of the law too).”

Organizations that choose to take note of the code — and are in a position to be able to demonstrate they’ve followed its standards — stand a better chance of persuading the regulator they’ve complied with relevant privacy laws, per Brown.

“Conversely, if they want to say that they comply with the law but not with the code, that is (legally) possible, but might be more of a struggle in terms of engagement with the ICO,” he added.

Zooming back out, the government said last fall that it’s committed to publishing draft online harms legislation for pre-legislative scrutiny “at pace”.

But at the same time it dropped a controversial plan included in a 2017 piece of digital legislation which would have made age checks for accessing online pornography mandatory — saying it wanted to focus on a developing “the most comprehensive approach possible to protecting children”, i.e. via the online harms bill.

How comprehensive the touted ‘child protections’ will end up being remains to be seen.

Brown suggested age verification could come through as a “general requirement”, given the age verification component of the Digital Economy Act 2017 was dropped — and “the government has said that these will be swept up in the broader online harms piece”.

It has also been consulting with tech companies on possible ways to implement age verification online.

The difficulties of regulating perpetually iterating Internet services — many of which are also operated by companies based outside the UK — have been writ large for years. (And are mired in geopolitics.)

While the enforcement of existing European digital privacy laws remains, to put it politely, a work in progress

Tencent to grow gaming empire with $148M acquisition of Conan publisher Funcom in Norway

Tencent, one of the world’s biggest videogaming companies by revenue, today made another move to help cement that position. The Chinese firm has made an offer to fully acquire Funcom, the games developer behind Conan Exiles (and others in the Conan franchise), Dune and some 28 other titles. The deal, when approved, would value the Oslo-based company at $148 million (NOK 1.33 billion) and give the company a much-needed cash injection to follow through on longer-term strategy around its next generation of games.

Funcom is traded publicly on the Oslo Stock Exchange, and the board has already recommended the offer, which is being made at NOK 17 per share, or around 27% higher than its closing share price the day before (Tuesday).

The news is being made with some interesting timing. Today, Tencent competes against the likes of Sony, Microsoft and Nintendo in terms of mass-market, gaming revenues. But just earlier this week, it was reported that ByteDance — the publisher behind breakout social media app TikTok — was readying its own foray into the world of gaming.

That would set up another level of rivalry between the two companies, since Tencent also has a massive interest in the social media space, specifically by way of its messaging app WeChat . While many consumers will have multiple apps, when it comes down to it, spending money in one represents a constraint on spending money in another.

Today, Tencent is one of the world’s biggest video game companies: in its last reported quarter (Q3 in November), Tencent said that it make RMB28.6 billion ($4.1 billion) in online gaming revenue, with smartphone games accounting for RMB24.3 billion of that.

Acquisitions and controlling stakes form a key part of the company’s growth strategy in gaming. Among its very biggest deals, Tencent paid $8.6 billion for a majority stake in Finland’s Supercell back in 2016. It also has a range of controlling stakes in Riot Games, Epic, Ubisoft, Paradox, Frontier and Miniclip. These companies, in turn, also are making deals: just earlier this month it was reported (and sources have also told us) that Miniclip acquired Israel’s Ilyon Games (of Bubble Shooter fame) for $100 million.

Turning back to Funcom, Tencent was already an investor in the company: it took a 29% stake in it in September 2019 in a secondary deal, buying out KGJ Capital (which had previously been the biggest shareholder).

“Tencent has a reputation for being a responsible long-term investor, and for its renowned operational capabilities in online games,” said Funcom CEO Rui Casais at the time. “The insight, experience, and knowledge that Tencent will bring is of great value to us and we look forward to working closely with them as we continue to develop great games and build a successful future for Funcom.”

In retrospect, this was laying the groundwork and relationships for a bigger deal just months down the line. 

“We have a great relationship with Tencent as our largest shareholder and we are very excited to be part of the Tencent team,” Casais said in a statement today. “We will continue to develop great games that people all over the world will play, and believe that the support of Tencent will take Funcom to the next level. Tencent will provide Funcom with operational leverage and insights from its vast knowledge as the leading company in the game space.”

The rationale for Funcom is that the company had already determined that it needed further investment in order to follow through on its longer-term strategy.

According to a statement issued before it recommended the offer, the company is continuing to build out the “Open World Survival segment” using the Games-as-a-Service business model (where you pay to fuel up with more credits); and is building an ambitious Dune project set to launch in two years.

“Such increased focus would require a redirection of resources from other initiatives, the most significant being the co-op shooter game, initially scheduled for release during 2020 that has been impacted by scope changes due to external/market pressures with increasingly strong competition and internal delays,” the board writes, and if it goes ahead with its strategy, “It is likely that the Company will need additional financing to supplement the revenue generated from current operations.”