College social app Fizz is growing fast, maybe too fast • TechCrunch

Things are bleak in the tech sphere as we end a year marked by falling stocks, persistent mass layoffs and a fall from grace for major social media companies. However, the story of Stanford’s Teddy Solomon co-founding Fizz is so reminiscent of Facebook that he was introduced to its investor and now CEO Rakesh Mathur as “the next Mark Zuckerberg.” So, is this a good time to build a vibrant new social app or is it a complete mess?

At least the venture capitalists seem eager to fund the future of social media. Fizz closed a $4.5 million seed round in June and already the college student social media app has raised its $12 million Series A. This rapid growth from seed to Series A is all but unheard of in a bear market, but Fizz seems to embrace the ethos of moving fast and (hopefully not) breaking things.

Fizz is only available to college students, and users can only access the Fizz community for their college. On the app, students can post text posts, polls, and photos with no username or identifying information attached. Like Reddit, classmates can upvote or downvote what they see in their feed. Users can write to each other, choosing to reveal their identities if they wish.

When TechCrunch covered the Fizz seed round in October, the app had launched on 13 campuses (each campus has its own individual community). In less than two months, that number doubled to 25 campuses. With help from its Series A, led by NEA with participation from Lightspeed, Rocketship, Owl Ventures, Smash Ventures and New Horizon, Fizz’s goal is to reach 1,000 campuses by the end of 2023.

“What we found is that Fizz impacts a variety of college cultures, from highly academic Ivy League schools to party schools and now HBCUs,” co-founder and COO Teddy Solomon told TechCrunch. “Fizz is all about providing a safer, private and engaging space for students to connect over their shared experience of living on the same college campus, whatever their background and culture.”

Fizz claims it has achieved 95% penetration among iPhone users (it doesn’t yet have an Android app) on campuses like Stanford, Dartmouth, Pepperdine and Bethune-Cookman, but the download numbers could be a bit inflated. since Fizz uses tactics like offering free donuts in exchange for downloads, which is standard among college-founded apps. Regardless, Fizz claims that around half of its users interact with the app every day, an impressive statistic in its own right.

However, Fizz’s ascension has not been without its strife.

As reported by the Stanford Daily earlier this month, Fizz had a serious security vulnerability in November 2021. Three Stanford students found that anyone could easily query the app’s Google Firestone-hosted database to identify the author of any post on the platform, where all posts are billed as anonymous. They also found users’ personal information such as phone numbers and email addresses, plus the database was editable, which made it possible to edit posts and give any user moderator status.

“As soon as we became aware of the vulnerability, we worked with a security consultant who helped us resolve that specific issue within 24 hours which ended the risk for our users. After that, we notified all of our users of the fix and posted the changes on our website,” Ashton Cofer, co-founder and CTO of Fizz, told TechCrunch. Fizz notified users of the issues via a blog post.

It is industry standard that when bona fide researchers discover such obvious vulnerabilities, they report their findings to the company so they can be patched before bad actors can exploit them. But these well-meaning students told the Stanford Daily that “Fizz’s attorney threatened us with criminal, civil and disciplinary charges unless we agreed to keep quiet about the vulnerabilities.” The student newspaper obtained a copy of the letter (note: Fizz was called Buzz at the time).

Attorneys from the Electronic Frontiers Foundation (EFF) represented the three Stanford students in response to Fizz’s legal threat.

“Your legal threats against students endanger security research, discourage reporting of vulnerabilities, and will ultimately lead to lower security,” EFF lawyers responded to Fizz.

TechCrunch asked Fizz why his team chose to take legal action at the time. Cofer said he and Solomon had followed the recommendations of a cybersecurity consultant.

“Following the letter, we sat down with the hackers and resolved the matter amicably, and no further legal action has been taken,” he said. “Because we were a small team at the time, we chose to follow the advice of our advisers and legal advisers and are pleased to have been able to close the discussion with researchers on good terms.”

Cofer added that the security vulnerability also stemmed from the fact that the team was so small at the time—it was just Cofer and Solomon, who were then full-time college students. Now, Cofer says Fizz has a team of 25 employees, including engineers with decades of experience.

“Our security practices have evolved significantly and we remain committed to the safety and privacy of our users as Fizz grows. As a result of this incident, we have ensured that our users’ Personally Identifiable Information (PII) is stored in a separate, secure database accessible only to Fizz administrators. This means that at no time can Fizz users, moderators or launch teams see another user’s PII,” Cofer said. Fizz outlines its security practices in more detail on its website.

Leave a Comment

%d bloggers like this: