Pixel Envy

Written by Nick Heer.

The Adults in the Room

Today was Megan Greenwell’s last day at Deadspin — a decision she made after the private equity firm that bought the Gizmodo Media websites from Univision tried to change things up in a really stupid way.

Her last piece for the website is brilliant:

There is a version of the story of this company in which idealistic journalists, unconcerned with profit, are posed against ruthless business-doers, concerned about profit above all else. That would be a convenient story, pitching me and my colleagues and friends as people who just care too much about The Truth to yield before the gale-force winds of Capitalism, but it wouldn’t be a true one.

The real and less romantic story is this: The journalists at Deadspin and its sister sites, like most journalists I know, are eager to do work that makes money; we are even willing to compromise for it, knowing that our jobs and futures rest on it. An ever-growing number of media owners, meanwhile, are so exceedingly unwilling to reckon with the particulars of their own business that they refuse to accept our eagerness to help them make money. They’re speaking a language no one else does, proud of their own inability not just to not fail, but to not understand the terms on which they’re failing. The tragedy of digital media isn’t that it’s run by ruthless, profiteering guys in ill-fitting suits; it’s that the people posing as the experts know less about how to make money than their employees, to whom they won’t listen.

Greenwell is moving to Wired, and I imagine that their output will continue to improve because of it. As a daily reader of Deadspin, I sincerely hope that the person who takes her place has a similar approach to the job; I hope they do not cave to management’s wishes that they “stick to sports”.

DoorDash Announces It Will No Longer Skim Tips From Workers

Amrita Khalid, Engadget:

DoorDash drivers will earn 100 percent of tips under a revamped set of rules on pay. The delivery service today announced a new tipping and earnings policy that it claims will lead to drivers earning more on average. The development comes more than a month after news reports exposed the company for pocketing its driver’s tips. In response to the widespread backlash, DoorDash CEO Tony Xu promised it would reevaluate how it pays its workers.

I think tipping is a silly practice that should be abandoned, but barring that, at least a policy like this no longer allows DoorDash to use tips to replace worker wages.

Update: Amazon also announced that it will stop skimming tips, thus also meeting basic ethical expectations.

Google Proposes New Privacy and Anti-Fingerprinting Controls for the Web

Frederic Lardinois, TechCrunch:

What Google basically wants to do here is change the incentive structure for the advertising ecosystem. Instead of trying to circumvent a browser’s cookie and fingerprinting restrictions, the privacy budget, in combination with the industry’s work on federated learning and differential privacy, this is meant to give advertisers the tools they need without hurting publishers, while still respecting the users’ privacy. That’s not an easy switch and something that, as Google freely acknowledges, will take years.

An independent study from earlier this year by Carnegie Mellon found that publishers lose only 4% of their revenue when cookies are blocked by users. Google cites their own study finding that dropping the “behavioural” part of behavioural advertising cost publishers over 50% of their revenue. Those are remarkably different figures, and Google’s result will be tainted by its inherent conflict of interest.

For what it’s worth, the New York Times dropped ad exchanges entirely for European visitors after GDPR took effect, preferring to sell ads directly, and digital advertising revenue grew.

For the time being, though, there’s nothing here for you to try out or any bits being shipped in the Chrome browser. For now, this is simply a proposal and an effort on the Chrome team’s part to start a conversation. We should expect the company to start experimenting with some of these ideas in the near future, though.

Mat Marquis:

Imagine, if you will, a glorious future where Google, the advertising company known for massive privacy violations, building you a special private Google-controlled web where the icky bad guys can’t track you! Lucky you.

There are things in Google’s proposal that require broader support from ad tech companies and browser vendors, but there’s a lot Google could do today with its market dominating position in both industries. Like Facebook, Google is attempting to distort the definition of privacy beyond what any user would expect so that its core business is not impacted by increased scrutiny.

Now AMP Runs Scripts

Google’s AMP Project has announced that the platform will now run arbitrary site-defined scripts in a special <amp-script> tag, albeit with some caveats: scripts are limited to 150 KB each, and redrawing after the page has loaded isn’t possible without a precipitating user action. It says that this is to preserve the speed of an AMP page, and I believe this argument — generally, the less bytes a page transfers, the faster it is. This follows the project’s recent announcement of sending markup to client browsers instead of unpacking pages with a required 100 KB JavaScript file.

The AMP team has not yet confirmed a date at which it expects to entirely replicate HTML in its proprietary language, but all signs point to Google continuing to use its influence to coax publishers into running a second version of their websites entirely tailored for the company’s needs.

Nation Stunned by Support Document Explaning Ways in Which an Apple Card May Not Look New Forever

Apple:

If your titanium Apple Card comes into contact with hard surfaces or materials, it’s possible that the coating can be damaged.

[…]

Some fabrics, like leather and denim, might cause permanent discoloration that will not wash off.

Dr. Drang:

My complaint is not that the Apple Card may lose its luster in a wallet. I’m not sure anything will maintain its looks when put between sheets of leather and compressed by my butt. My complaint is that Apple wrote a support document that looks absurd and invites snarky comments. Everything Apple does generates derision from Apple haters; this generated derision from Apple’s best customers.

There are many reasons to criticize Apple’s credit card, including its very concept. But its propensity for becoming stained is a remarkably silly complaint. Everything that has been in my wallet for more than a few months looks a little worn, and I wouldn’t expect anything sandwiched in leather and sat on for eight hours a day to behave differently.

If you’ve exhausted a list of possible things to do in the world to the point where you’re spending time cleaning your credit cards, this support article is for you.

Teslas Can’t Drive Autonomously Around Parking Lots, but the Company Thinks That It Will Ship Full Automation by Early Next Year

Timothy B. Lee, Ars Technica:

In July, Tesla was still struggling to get the technology working. “Parking lots are a remarkably hard problem,” Musk tweeted. “Doing an in-depth engineering review of Enhanced Summon later today.” Three days later, he announced an August 16 price hike of $1,000 for the full self-driving package, adding, “that’s approximately date when we expect Enhanced Summon to be in wide release.”

But August 16 came and went with no price hike and no release of smart, enhanced, or advanced summon technology. Now Musk admits that the technology is still a month or two away.

Tesla is far from the only company to miss a self-imposed technology deadline — especially in the self-driving sector. We certainly don’t fault the company for delaying release of a safety-sensitive technology that’s not ready for prime time. But we do wonder if Musk should be more cautious about projecting technology release dates.

Elon Musk said in a 2015 interview that self-driving cars are “a much easier problem than people think” they are, and predicted fully-autonomous vehicles would be on the road within two to three years. He has made similar predictions that downplay the difficulty of shipping a car that can accelerate, brake, steer, change lanes, merge, navigate complex intersections, handle tricky terrain, and anticipate the actions of other drivers. Teslas can’t reliably navigate a parking lot in California, let alone the traffic circle around Arc de Triomphe — or worse.

This stuff is obviously hard. It’s possible that a fully-autonomous vehicle is decades away, if one will ever ship. Why does Musk so eagerly promise deadlines that I am sure he recognizes are impossible to meet? After all, it’s not just customers that he needs to avoid misleading.

Opting Out of Binding Arbitration Isn’t Just an Apple Card Thing

Apple Card’s binding arbitration clause is something I’ve written about before, but I wanted to re-up it in the wake of the broader launch of the credit card for two main reasons.

The first thing I think you should know is that, while everyone has been discussing this in the context of the Apple Card, mandatory arbitration is by no means exclusive to that product. It is increasingly likely that most of the contracts you’ve either signed or agreed to electronically have bound you to resolving disputes through arbitration rather than a lawsuit.1 What’s worse, these clauses must be opted out of within a specified time frame from when the agreement became active. For Apple’s credit card, it’s within ninety days (PDF), while American Express gives new cardholders just forty-five days (PDF) to maintain their right to file a class action suit.

It’s not just payment card companies that include an arbitration provision. I found binding arbitration clauses in the terms and conditions documents of various internet service providers, cell carriers, eyewear companies, consumer electronics companies, and subscription boxes for clothing, grooming products, and food. That’s right: food subscriptions have a mandatory arbitration clause. And if you’re a HelloFresh customer and you’d like to retain your right to join a class action lawsuit, you’d have to opt out by mailing a letter to the company within sixty days of agreeing to their terms — which, of course, you had to do when you signed up.

In fact, most of the time, you’ll have to physically mail something to these companies; you usually cannot opt out electronically. Buy some stamps. But, while it may be easier to opt out of the Apple Card arbitration agreement than most others, it does have a caveat, and that’s the second thing I wanted to make note of.

Barbara Krasnoff, the Verge:

[A] couple of readers have reported that if you opt out of the arbitration agreement using Messages, you will not get any type of confirmation. Instead, the representative at the other end of the line will recommend that you take screenshots of your conversation. Needless to say, until the company changes that policy, screenshots are an excellent idea — just in case.

Make sure you keep a record of this conversation in a safe place. Chances are, you’ll never need to use it; but, if you do, it will be for a very good reason and you won’t want to have lost this admittedly minimal documentation.

Update: As Lawrence Velázquez points out, most companies do not provide confirmation of your request to opt out of binding arbitration. Keep a paper trail as best you can.


  1. I think the Economic Policy Institute’s report on mandatory arbitration is a well-rounded explanation of why this is often highly beneficial to companies at huge loss to consumers and employees. ↩︎

The Fate of the iTunes Store in MacOS Catalina

Kirk McElhearn:

In early betas of macOS Catalina, the iTunes Store was visible, but in recent betas it did not show up in the sidebar of the Music app if the user was signed into Apple Music. That seems to be the default now: if a user has an Apple Music account, they won’t see the iTunes Store. You can display it, if you wish, in the Music app’s Preferences, on the General pane, but if you’re a streamer, you won’t see it by default.

This seems like a graceful way to handle the virtually-complete transition of listeners from purchasers to streamers. For those of us who do both, it’s a preference change. Pretty straightforward.

What this means for the future of the iTunes Store seems obvious, but it is not a future I’m willing or eager to accept.

Disinformation Campaigns Targeting Hong Kong Protesters Run Rampant on Twitter

Maciej Cegłowski in a Twitter thread:

Every day I go out and see stuff with my own eyes, and then I go to report it on Twitter and see promoted tweets saying the opposite of what I saw. Twitter is taking money from Chinese propaganda outfits and running these promoted tweets against the top Hong Kong protest hashtags

What China is doing is clear. If these peaceful, extremely self-disciplined protesters who enjoy the clear backing of the overwhelming majority of Hong Kongers can be discredited, it will be easier to crack down. What the fuck Twitter thinks it’s doing is less clear.

Ryan Mac and Rosalind Adams, Buzzfeed News:

The Chinese government has struggled to contain the narrative of the months-long protests, which have seen pro-democracy activists face increasingly aggressive police tactics in the streets. Though Twitter and Facebook are banned in China, the Chinese state media runs several English-language accounts to present its views to the outside world.

“It’s very clear that the Chinese state media is essentially buying ads on Twitter and Facebook for the purpose of reaching an international audience as part of China’s effort to ‘tell its story better,’” said Adam Ni, a China researcher at Macquarie University in Sydney. The Communist Party sees this “as critical in the battle of hearts and minds,” he added.

In a similar vein, Ryan Gallagher of the Intercept reported that the Chinese government was also buying ads on Twitter that served as propaganda against the Uighur people of Xinjiang.

Twitter responded:

Today, we are updating our advertising policies with respect to state media. Going forward, we will not accept advertising from state-controlled news media entities. Any affected accounts will be free to continue to use Twitter to engage in public conversation, just not our advertising products.

This is a global approach and will be enforced across our entire business.

The turnaround on this policy change was just a few days from when Cegłowski began tweeting about it, indicating that Twitter can change quickly when it needs to, and tacitly raising the question of why it takes so long for the company to react to other obvious shortcomings in its product.

Twitter also disclosed today that there was a coordinated astroturfing campaign of propaganda that used a little over 900 accounts in an effort to surreptitiously manipulate opinion and coverage of the demonstrations in Hong Kong.

Facebook has said that it won’t ban state-run media advertisers on its platform.

Media’s Mega-Mergers Are Already Having an Impact on Storytelling

Alex Cranz, io9:

Now imagine what’s happening right this moment. The House of Mouse may already be self-censoring because it has a brand image to uphold. That self-censorship will now be applied to nearly 40 percent all the movies you watch, and between ABC and Hulu and Disney+ it will own a whole heckuva lot of the TV you consume too. AT&T is cutting costs and killing favorites to try and build a popular and inoffensive rival to the other big streamers (and Disney’s looming giant). CBS and Viacom have only just begun their own plans for streaming domination, but already people are noting, and/or hoping, for reboots and continuations of their favorites.

Cranz’s piece illustrates the necessary impact on storytelling when new films and television shows are run through the machinations of a shrinking number of large studio, the largest of which has a particularly sensitive approach to more challenging topics. But because these companies also control many of the distribution channels to the greatest degree since United States v. Paramount, it’s possible that independent films would find themselves shut out of an audience even if they could be financed.

Or, perhaps the combined bureaucratic weight of these mega-studios will cause them to collapse on themselves; they may find it difficult to produce captivating new works. That doesn’t seem to be likely. When all but a couple of the twenty highest-grossing films of the year are either franchise tie-ins or sequels, we’ve demonstrated a booming market for mediocrity.

AT&T, Disney, and CBS haven’t been as explicit in noting their desire for our viewing habits, but it’s absolutely one reason they’re pushing into the streaming space and trying to gobble up as much of the pie as they can. “Basically, sign up as many subscribers as possible and get them into the service, and give them a chance to enjoy the great intellectual property and product that will be part of that service,” Disney CEO Bob Iger told a group of analysts and reporters last week, per a CNBC report.

Nothing would warm my heart and disrupt my stomach more than for “intellectual property” to replace the current miserable term for anything made by anyone in any context.

Server-Side Rendering With AMP

Let me get this straight: Google launched AMP as a way to speed up the web by, somehow, adding a hundred kilobytes of JavaScript as an intermediary for all pages created with its language. It then realized that this was not as fast as serving plain markup, so it’s now extolling the virtues of adding a server-side rendering process, which — and I promise that I am not making this up — breaks the AMP spec. And, somehow, this is all better and more logical than sending some standard HTML down the pipe.

I guess that it must be, so long as Google keeps manipulating search results for mobile users to favour its own AMP project over any normal webpage, even very fast ones.

WebKit Publishes Tracking Prevention Policy

Earlier this week, Apple’s WebKit team announced its strong Tracking Prevention Policy:

This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user’s privacy without giving users the ability to identify, understand, consent to, or control them.

[…]

We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.

This is the correct position. Kudos.

Reflecting on the Targeted Harassment of Women on the Internet, Five Years After ‘Gamergate’

It is very hard to come to terms with the brutality of the tactics honed by abusive people — nearly entirely men — during the “Gamergate” saga, and now used constantly to dehumanize women, queer individuals, and non-white people.

Sarah Jeong was targeted last year for some decontextualized Twitter jokes:

Tucker Carlson did a segment about me on Fox News. The president called me “disgusting” in a tweet. Shortly after the arrest of Mr. Sayoc, the MAGA bomber, the media discovered that he had sent me a death threat on Twitter.

Of the many threats of rape, dismemberment and murder sent to me and to my workplace, at least one was concerning enough that The New York Times filed a police report. But Mr. Sayoc’s tweet at me — a bizarre, confusing insinuation that my corpse was going to be dumped in the Everglades — barely pinged anyone’s radar, let alone my own, until he made the news for mailing pipe bombs.

Charlie Warzel contributed an article documenting the myriad influences on broader culture that are directly linked to the reaction on Reddit and 4chan to a crappy blog post. But the pieces from Jeong and Brianna Wu reflect on the terrible effects these harassment techniques have had on the women who experience them, and they are absolutely worth your time and reflection.

The Cost of Cross-Platform Code Sharing

Eyal Guthmann of Dropbox:

Until very recently, Dropbox had a technical strategy on mobile of sharing code between iOS and Android via C++. The idea behind this strategy was simple—write the code once in C++ instead of twice in Java and Objective C. We adopted this C++ strategy back in 2013, when our mobile engineering team was relatively small and needed to support a fast growing mobile roadmap. We needed to find a way to leverage this small team to quickly ship lots of code on both Android and iOS.

We have now completely backed off from this strategy in favor of using each platforms’ native languages (primarily Swift and Kotlin, which didn’t exist when we started out). This decision was due to the (not so) hidden cost associated with code sharing. Here are some of the things we learned as a company on what it costs to effectively share code. And they all stem from the same basic issue:

By writing code in a non-standard fashion, we took on overhead that we would have not had to worry about had we stayed with the widely used platform defaults. This overhead ended up being more expensive than just writing the code twice.

Fascinating stuff from a company that is about to launch an Electron-based desktop client.

Amazon’s Bezos Brigade Unleashed On Twitter

Aric Toler, Bellingcat:

On August 14, a Twitter thread that included a small army of “Amazon FC Ambassadors” went viral, bringing to light Amazon’s year-long social media brand ambassador program.

[…]

Last year, Amazon rolled out a program where employees at these fulfillment centers (warehouses) are able to also work as brand ambassadors to describe their experiences working at Amazon. A number of media outlets reported on this new program last year after the first wave of Ambassadors sent out bizarre tweets promoting Amazon’s workplace conditions.

Per the 2018 reports, these Ambassadors were given “an extra paid day off and a [$50] gift card” for their efforts in volunteering to defend Amazon from their online detractors.

If employees want to defend their employer against criticism — online or offline, I don’t care — that’s their jam. But they shouldn’t be paid to be a public relations prop when they’re clearly not an official representative. This is a dismal practice that I hope does not spread.

Tech Companies Should Be More Upfront and Plain-Spoken with Practices That Could Violate Users’ Privacy

Nicole Nguyen, Buzzfeed News:

As we found out yesterday, Facebook paid outside contractors to transcribe voice memos from users who turned on chat transcription in the Messenger app. The company is the latest in a string, including Amazon, Google, Apple, and Microsoft, caught sending users’ audio to third-party firms for analysis.

[…]

Most folks buying Google Homes and Echos from a mall kiosk aren’t aware. That’s in part because of the products’ “just like that!” marketing, but largely because Amazon, Google, Apple, Microsoft, and Facebook haven’t clearly told consumers what they do with their voice and video information. None of those companies’ data policies state that what we say and do in front of our voice assistants, internet-connected cameras, and messaging apps can be shown to strangers employed by the companies or their contractors.

Plain-language explanations of practices that may be compromising to users’ privacy can be hard to write. I am certain that the opt-in rate would be extremely low if these devices asked users — during the onboarding process, for example — whether a selection of their voice recordings can be retained and later reviewed by a human being.

Nevertheless, it is unquestionably the right thing to do.

Companies should be able to educate customers on why they should opt-in. They should be upfront and direct about what they will do with recordings. They should go to great lengths to explain how recordings will be de-identified, processed anonymously, and removed within days. That builds confidence that users’ recordings will not be exploited, and that a small compromise of their privacy will lead to better results, should they so choose. Of course the opt-in rate for this will be low — but that’s how it should be. Better that then having these shady practices exposed, with users left feeling violated.

Suprema’s Biometrics Database with Fingerprints, Face Photos, and Plain Text Passwords Found to Be Publicly Accessible

Josh Taylor, the Guardian:

The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches.

In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

Biostar 2 is operated by Suprema, a Korean company, which means that this breach should be investigated under the country’s strict Personal Information Protection Act. If this report is true, it’s shocking that they did not bother to encrypt fingerprint data, staff details, or administrative usernames and passwords.

Apple Card’s Targeted Ads May Be Non-Creepy, But They’re Still Unexpected

Steve Moser (via Michael Tsai):

Apple will target users for marketing emails and push notifications based on their transaction history. “For example, Apple may send a message to your device that is relevant to people who typically purchase travel.” Apple might have been able to negotiate reduced fees by agreeing to allow advertising to Apple Card users.

Moser posted a copy of the on-boarding text in full, which describes this in more detail:

Apple may use your Apple Card account status, such as whether you have applied for or have a current Apple Card account, to determine whether a message is relevant to you, including a marketing message. Apple may also send messages to your device, which may use information known only to you and your device, such as your transaction history and location, to help determine whether a message is relevant to you. For example, Apple may send a message to your device that is relevant to people who typically purchase travel. Apple does not need to know whether you purchased travel. Your device can use your transaction history to decide whether the message is relevant to you. This helps to ensure that you receive relevant communications, while protecting your privacy. Apple does not know which messages you see on your device.

Anonymous and aggregate information that cannot be tied to you may also be used for Apple Card marketing and other messaging. You may opt out of marketing messages by clicking the unsubscribe link in a marketing email or by turning off notifications for Apple Card.

Based on what I’m reading here, it sounds like Apple is sending push notification message text to all Apple Card users, but only displaying it if it’s relevant to a specific user. It’s a clever way of doing semi-targeted ads without violating users’ privacy.

I think that’s less relevant to users than whether they expect to receive ads in their email account and on their lock screen because they signed up for Apple’s credit card. The more nihilistic user might, but Apple is supposed to be the company that doesn’t point to some clause in their terms and conditions as a free pass to exploit users.

Apple’s marketing website:

At Apple, we firmly believe in your right to privacy. That’s why we created a unique architecture for Apple Card that generates things like your transaction history and spending summaries right in the Wallet app on your iPhone.

Of course, Goldman Sachs will use your data to operate Apple Card. But they will never share or sell your data to third parties for marketing or advertising.

Apple’s solution is in agreement with the letter of these statements, but certainly not the spirit.1

There is are parts of this product that are distinctly un-Apple-like, but none more so than the use of push notifications to send targeted advertisements. I do not believe that Apple must compromise its advantages and expectations to compete effectively in the services business; but, if it feels like it does, why should I choose its offerings over those from competitors?


  1. Also, I thought that using push notifications to deliver advertisements was against Apple’s policies. It certainly was. But a 2018 rewrite of the App Review policies document indicates a softer stance (italics mine):

    4.5.4 Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information. Abuse of these services may result in revocation of your privileges.

    “Must not” indicates an outright ban on app functionality being dependent on enabling push notifications, but “should not” is basically just a recommendation. Gross.

    Update: The allowance of push notification advertising actually dates back to 2016. Thanks, George↩︎

Netflix Is Starting to Behave a Lot More Like a Traditional Big Studio

Natalie Jarvey, Hollywood Reporter:

With a market-leading 152 million global subscribers, 10 percent of TV screen time in the U.S. and a several-year head start, Netflix may be too big to fail. But that hasn’t stopped a growing chorus of questions over how long the “Netflix bubble” can last. Its ballooning costs — analysts estimate that it will spend between $10 billion and $15 billion on content this year — means it burns through cash ($3 billion in 2018). Its current debt load is $12 billion.

Worries ratcheted up July 17 when the company reported its first subscriber loss in the U.S. in eight years. Its high-flying stock came crashing down 15 percent, erasing $24 billion in value in less than a week. “It’s notable that they lost subscribers before they lost a meaningful amount of content and before there was direct competition from their suppliers,” says Wedbush’s Michael Pachter, a noted Netflix bear. “This suggests they will face additional pressure when they lose content later this year and as their current [licensing] contracts with Warner Bros., Fox, Disney and NBCU expire.”

Once the studios figured out that they, too, could sign a contract with AWS and build a streaming media player, they replaced Netflix’s big advantage with an even worse version of the old cable television model. If you’re a film or television buff and want to maintain a moral and legal high ground, there’s no question in my mind that you’ll pay more for a combination of streaming services than you used to for cable.

But if I were an executive at one of these conglomerates, I’m not sure I’d wager too much on the inability for users to remember how their torrent client works.

Automattic Acquires Tumblr

Ursula Perano and Dan Primack, Axios:

Verizon is set to sell the social network Tumblr to Automattic Inc, the owner of online publishing tool WordPress. A source familiar with the deal puts the price-tag “well below” $20 million, while another source puts it below $10 million.

To clarify, Automattic is the owner of WordPress.com, the commercial entity that provides hosting and support of websites powered by WordPress the software; the latter is maintained by the WordPress Foundation, and Automattic’s CEO is Matt Mullenweg, who began developing WordPress alongside Mike Little. It’s quite confusing. I assume his favourite song is “Wilco” off the album Wilco by Wilco.

Primack on Twitter:

Again, just to be clear… emphasis on the “well below” $20 million…

Story updated: Price less than $3 million.

A fire sale for the property, but that excludes the salaries of the two hundred employees they’re also bringing with them. Kudos to Automattic for keeping the staff on board.

Matt Mullenweg formally announced the acquisition on his Tumblr account:

When the possibility to join forces became concrete, it felt like a once-in-a-generation opportunity to have two beloved platforms work alongside each other to build a better, more open, more inclusive – and, frankly, more fun web. I knew we had to do it.

[…]

In the underlying technology of our platforms, I think there are some good opportunities to standardize on the Open Source WordPress tech stack, but the front-end user experience on Tumblr will evolve on its own path. It has been so successful already, and we want to keep that going. The Tumblr team also has some exciting functionality they’re eager to unlock once we close the acquisition officially in a few weeks…

Automattic will obviously be a better steward of Tumblr than Yahoo or Verizon were, but I question whether the unique qualities of its communities can experience a resurgence. It has felt for years like it has been dying a protracted death, and its 99% discounted sale price speaks to that.

In Pursuit of Increased and Diversified Revenue Streams, Google’s Internal Culture Eroded

Nitasha Tiku, Wired:

All of those precepts sent Google’s workforce into full tilt after the travel ban was announced. Memegen went flush with images bearing captions like “We stand with you” and “We are you.” Jewglers and HOLA, affinity groups for Jewish and Latinx employees, quickly pledged their support for Google’s Muslim group. According to The Wall Street Journal, members of one mailing list brainstormed whether there might be ways to “leverage” Google’s search results to surface ways of helping immigrants; some proposed that the company should intervene in searches for terms like “Islam,” “Muslim,” or “Iran” that were showing “Islamophobic, algorithmically biased results.” (Google says none of those ideas were taken up.) At around 2 pm that Saturday, an employee on a mailing list for Iranian Googlers floated the possibility of staging a walkout in Mountain View. “I wanted to check first whether anyone thinks this is a bad idea,” the employee wrote. Within 48 hours, a time had been locked down and an internal website set up.

[…]

In his short, off-the-cuff remarks to the packed courtyard, Pichai called immigration “core to the founding of this company.” He tried to inject a dose of moderation, stressing how important it was “to reach out and communicate to people from across the country.” But when he mentioned Brin’s appearance at the airport, his employees erupted in chants of “Ser-gey! Ser-gey! Ser-gey!” Brin finally extricated himself from the crowd and shuffled up to the mic, windbreaker in hand. He, too, echoed the protesters’ concerns but tried to bring the heat down. “We need to be smart,” he said, “and that means bringing in folks who have some different viewpoints.” As he spoke, a news chopper flew overhead.

And that was pretty much the last time Google’s executives and workers presented such a united front about anything.

Tiku presents a deep, well-investigated look at an increasingly toxic internal culture as executives pursued morally-challenged money making opportunities.

We’re All Killing Uber Just By Using It

Jamie Powell, FT (registration required):

Uber is a decade old global brand whose core business — ride-sharing — is now growing at just 2 per cent. It is also betting heavily that its smaller business lines, such as food delivery and freight, will be a source of future growth.

In other words, it’s acting less like a start-up, and more like a legacy tech company scrambling for new growth. Think Oracle, IBM or perhaps even the modern-day Apple.

Notice the difference, however. All of these companies have “cash cow” products which help to keep the buybacks and dividends flowing, as well as funding future bets. Uber on the other hand…

Edward Ongweso Jr, Vice:

Typically, this business model would be paid for with passenger fares. But Uber’s passenger fares are artificially low because it uses investor money to subsidize trips, attract customers, and undercut competitors. This means that Uber is losing money on many of its rides. Taxicab companies can’t operate like this because they don’t have the billions in investor capital that Uber does. Simply put, Uber is losing money in part because its fares are too low; it’s long-game is to undercut competitors long enough for them to go out of business so it can jack up prices, or to develop driverless car technology before it completely runs out of money, pushing its expenses on drivers down toward zero.

I keep returning to a 2017 piece in the Economist, which was summarized and expanded upon by Ryan Felton at Jalopnik: in short, the most shocking thing about Uber would be if it had long-term success. It’s worth pointing out that the Economist made this assessment on having losses of a billion dollars a year; Uber just reported five billion dollars of loss in a single quarter. Even if you’re desperate to give them all the benefit of accounting by deducting the losses incurred from paying out shareholders — and have not read Powell’s piece refuting this very argument — that’s still over a billion dollars in a single quarter.

That’s not to say that Uber is an assured failure. But indicators are stacking up that something must fundamentally change for the company to function in the long term.

The FTC Completely Blew Its Settlement With Equifax

The rollercoaster of stories that followed last month’s settlement between the FTC and Equifax was truly something to behold. The FTC touted its value, which critics excoriated as inadequate. Articles soon explained how to get a cash settlement for those who already have a credit monitoring service, but were quickly followed by those arguing that the widely-publicized $125 figure was dependent on the number of claimants for a $31 million pool. Some, like Karl Bode at Vice, said that the “FTC should fine itself for false advertising” after claiming that those affected could be eligible for $125.

I don’t think this fully grasps just how badly the FTC blew this settlement, and primarily for a reason almost entirely unrelated to the confusion about the $31 million fund for credit monitoring payouts.

I was among many who got this wrong when I repeated the claim of the $125 payout, and also in my summary of why that $125 figure may be incorrect, so I thought it would be valuable to go back to the settlement itself to explain why this is a raw deal. In its press release, the FTC summarized the divvying up of the $575–700 million settlement:

  • $100 million is paid as a fine to the Consumer Financial Protection Bureau

  • $175 million is paid to settle cases brought by 48 states, plus Washington D.C. and Puerto Rico

  • $300 million is set aside for a consumer restitution fund, which would compensate individual claimants directly

It’s that last bucket of cash in which two specific piles of money reside. The first is a $31 million pool for alternative payouts for credit monitoring, which the FTC required Equifax provide to claimants. But if a claimant already has credit monitoring, they can opt to be paid up to $125 instead. And we will get to that “up to” in a moment.

A second pool, also of $31 million, is to be used to compensate claimants for time spent dealing with the settlement. For example, if a claimant spent an hour on the phone with an Equifax representative to get their credit frozen, that would be paid out of this second pool.

The remainder of the $300 million is to be set aside for direct out-of-pocket losses arising from the breach, such as those stemming from fraud, identity theft, and so forth. None of the money from this settlement will be given back to Equifax, but the details are not as simple as the FTC portrayed, either.

I want to get the matter of the $31 million buckets out of the way first, and I think Lily Hay Newman of Wired explains it perfectly:

But not all is lost, and there’s still a decent chance that Equifax will pay you all $125. As Slate points out, the $31 million cap will lift, assuming Equifax hasn’t spent all of the $425 million in its “Consumer Fund” — money it has committed to things like covering people who can specifically document losses stemming from the breach — in four and a half years. At that point, whatever’s left of that $425 million will be applied to the $125 payouts, presenting much better, if belated, odds.

Like all things Equifax, this does not come without a caveat. Even if the full $425 million in the consumer restitution bank account goes towards $125 payments for compensation of credit monitoring services, that amount would only support the claims of 3,400,000 people. Over forty-three times that number were affected by this breach.

Also, because this bucket is part of a pile of money with broader scope, those claims will be mixed with requests for compensation of time spent, as well as direct losses from fraud.

A bigger problem still is that this settlement is designed to mitigate the financial damage to consumers. That would be handy if this data were stolen for economically opportunistic reasons, but that doesn’t seem to be the case. A February report from Kate Fazzini at CNBC noted that no Equifax breach data had surfaced anywhere, despite financially-motivated hackers usually publicizing their haul with urgency.

A more likely scenario is that those responsible for exfiltrating Equifax’s files were state actors. A Bloomberg story from September 2017, citing investigators and those briefed on their findings, claimed that China was a likely culprit, though another country could be responsible.1 It is likely that the data stolen — which comes from a financial firm, making it ostensibly more accurate than any old data dump — could be combined with other sources to target specific individuals, per Fazzini’s reporting and Bloomberg’s story.

This settlement does nothing to dissuade state actors from continuing to pilfer sensitive data, nor does it encourage care for those who stockpile information like this. Of course, the FTC has limited scope and powers. It could not accomplish the former, but it certainly could attempt the latter.

Instead, the Commission agreed to a weak deal that barely impacts Equifax’s financial status and does little to encourage better behaviour in data-hoarding industries. Even if this were a financially-motivated crime, this settlement does not protect those affected. But this breach was so much more, and this settlement doesn’t begin to address the far more serious and more likely rationale.


  1. I am obligated to point out that this Bloomberg story bears in its byline the two reporters responsible for the inaccurate “Big Hack” feature.

    By the way, that story just won the Black Hat Pwnie for the most overhyped bug. Congratulations — I guess? — Michael Riley and Jordan Robertson. ↩︎

Uber Lost Over $5 Billion Last Quarter, Including $3.9 Billion in Stock-Based Compensation After IPO

Kate Clark, TechCrunch:

$5.2 billion in net losses represents the company’s largest-ever quarterly loss. Revenue, for its part, is up only 14% year-over-year, igniting concerns over slower-than-ever growth. The company says a majority of 2Q losses are a result of stock-based compensation expenses for employees following its May IPO. Stock compensation aside, Uber still lost $1.3 billion, up 30% from Q1.

Aaron Gordon, Jalopnik:

But you math whizzes out there will note that leaves approximately $1.3 billion in regular ol’ we-just-lost-a-buncha-money losses, up from $1 billion last quarter and $878 million a year ago.

[…]

As of this writing, Uber has lost $16.2 billion since 2016.

How is this investor-subsidized pirate taxi operation not considered predatory?