Week in Review: Snapchat beats a dead horse

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how Netflix might have some rough times ahead as Disney barrels towards it.


3d video spectacles 3

The big story

There is plenty to be said about the potential of smart glasses. I write about them at length for TechCrunch and I’ve talked to a lot of founders doing cool stuff. That being said, I don’t have any idea what Snap is doing with the introduction of a third-generation of its Spectacles video sunglasses.

The first-gen were a marketing smash hit, their sales proved to be a major failure for the company which bet big and seemingly walked away with a landfill’s worth of the glasses.

Snap’s latest version of Spectacles were announced in Vogue this week, they are much more expensive at $380 and their main feature is that they have two cameras which capture images in light depth which can lead to these cute little 3D boomerangs. One one hand, it’s nice to see the company showing perseverance with a tough market, on the other it’s kind of funny to see them push the same rock up the hill again.

Snap is having an awesome 2019 after a laughably bad 2018, the stock has recovered from record lows and is trading in its IPO price wheelhouse. It seems like they’re ripe for something new and exciting, not beautiful yet iterative.

The $150 Spectacles 2 are still for sale, though they seem quite a bit dated-looking at this point. Spectacles 3 seem to be geared entirely towards women, and I’m sure they made that call after seeing the active users of previous generations, but given the write-down they took on the first-generation, something tells me that Snap’s continued experimentation here is borne out of some stubbornness form Spiegel and the higher-ups who want the Snap brand to live in a high fashion world and want to be at the forefront of an AR industry that seems to have already moved onto different things.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

tumblr phone sold

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • WordPress buys Tumblr for chump change
    Tumblr, a game-changing blogging network that shifted online habits and exited for $1.1 billion just changed hands after Verizon (which owns TechCrunch) unloaded the property for a reported $3 million. Read more about this nightmarish deal here.
  • Trump gives American hardware a holiday season pass on tariffs 
    The ongoing trade war with China generally seems to be rough news for American companies deeply intertwined with the manufacturing centers there, but Trump is giving U.S. companies a Christmas reprieve from the tariffs, allowing certain types of hardware to be exempt from the recent rate increases through December. Read more here.
  • Facebook loses one last acquisition co-founder
    This week, the final remnant of Facebook’s major acquisitions left the company. Oculus co-founder Nate Mitchell announced he was leaving. Now, Instagram, WhatsApp and Oculus are all helmed by Facebook leadership and not a single co-founder from the three companies remains onboard. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook’s turn in audio transcription debacle:
    [Facebook transcribed users’ audio messages without permission]
  2. Google’s hate speech detection algorithms get critiqued:
    [Racial bias observed in hate speech detection algorithm from Google]
  3. Amazon has a little email mishap:
    [Amazon customers say they received emails for other people’s orders]

Adam Neumann (WeWork) at TechCrunch Disrupt NY 2017

Extra Crunch

Our premium subscription service had another week of interesting deep dives. My colleague Danny Crichton wrote about the “tech” conundrum that is WeWork and the questions that are still unanswered after the company filed documents this week to go public.

WeWork’s S-1 misses these three key points

…How is margin changing at its older locations? How is margin changing as it opens up in places like India, with very different costs and revenues? How do those margins change over time as a property matures? WeWork spills serious amounts of ink saying that these numbers do get better … without seemingly being willing to actually offer up the numbers themselves…

Here are some of our other top reads this week for premium subscribers. This week, we published a major deep dive into the world’s next music unicorn and we dug deep into marketplace startups.

Sign up for more newsletters in your inbox (including this one) here.

Week in Review: Netflix’s big problem and Apple’s thinnest product yet

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about the Capital One breach and how Equifax taught us that irresponsible actions only affect companies in the PR department.


Thomas Trutschel/Photothek via Getty Images

The big story

Disney is going to eat Netflix’s lunch.

The content giant announced this week that when Disney+ launches, it will be shipping a $12.99 bundle that brings its Disney+ streaming service, ESPN+ and ad-supported Hulu together into a single-pay package. That price brings those three services together for the same cost as Netflix and is $5 cheaper that what you would spend on each of the services individually.

This announcement from Disney comes after Netflix stuttered in its most recent earnings, missing big on its subscriber add while actually losing subscribers in the U.S.

Netflix isn’t the aggregator it once was; its library is consistently shifting, with original series taking the dominant position. As much as Netflix is spending on content, there’s simply no way that it can operate on the same plane as Disney, which has been making massive content buys and is circling around to snap up the market by acquiring its way into consumers’ homes.

Disney has slowly amassed control of Hulu through buying out various stakeholders, but now that it shifts the platform’s weight, it’s pretty clear that it will use it as a selling point for its time-honed in-house content, which it is still expanding.

The streaming wars have been raging for years, but as the services seem to become more like what they’ve replaced, Disney seems poised to take control.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

Screen Shot 2019 03 25 at 1.37.32 PM 1

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple Card rolls out
    Months after its public debut, Apple has begun rolling out its Apple Card credit card. We got our hands on the new Apple Card app, so check out more about what it’s like here.
  • Amid a struggling smartphone market, Samsung introduces new flagships
    The smartphone market is in a low-key free fall, but there’s not much for hardware makers to do than keep innovating. Samsung announced the release of two new phones for its Note series, with new features including a time-of-flight 3D scanning camera, a larger size and… no headphone jack. Read more here.
  • FedEx ties up ground contract with Amazon
    As Amazon rapidly attempts to build out its own air fleet to compete with FedEx’s planes, FedEx confirmed this week that it’s ending its ground-delivery contract with Amazon. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook could get fined billions more:
    [Facebook could face billions in potential damages as court rules facial recognition lawsuit can proceed]
  2. Instagram gets its own Cambridge Analytica:
    [Instagram ad partner secretly sucked up and tracked millions of users’ locations and stories]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. My colleague Sarah Buhr had a few great conversations with VCs in the healthtech space and distilled some of their investment theses into a report.

What leading HealthTech VCs are investing in 

Why is tech still aiming for the healthcare industry? It seems full of endless regulatory hurdles or stories of misguided founders with no knowledge of the space, running headlong into it, only to fall on their faces…

It’s easy to shake our fists at fool-hardy founders hoping to cash in on an industry that cannot rely on the old motto “move fast and break things.” But it doesn’t have to be the code tech lives or dies by.

So which startups have the mojo to keep at it and rise to the top? Venture capitalists often get to see a lot before deciding to invest. So we asked a few of our favorite health VC’s to share their insights.

Here are some of our other top reads this week for premium subscribers. This week, we talked about how to raise funding in August, a month not typically known for ease of access to VCs, and my colleague Ron dove into the MapR fire sale that took place this week:

We’re excited to ramp up The Station, a new TechCrunch newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning this month.

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds

New research into how European consumers interact with the cookie consent mechanisms which have proliferated since a major update to the bloc’s online privacy rules last year casts an unflattering light on widespread manipulation of a system that’s supposed to protect consumer rights.

As Europe’s General Data Protection Regulation (GDPR) came into force in May 2018, bringing in a tough new regime of fines for non-compliance, websites responded by popping up legal disclaimers which signpost visitor tracking activities. Some of these cookie notices even ask for consent to track you.

But many don’t — even now, more than a year later.

The study, which looked at how consumers interact with different designs of cookie pop-ups and how various design choices can nudge and influence people’s privacy choices, also suggests consumers are suffering a degree of confusion about how cookies function, as well as being generally mistrustful of the term ‘cookie’ itself. (With such baked in tricks, who can blame them?)

The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

The paper, which we’ve reviewed in draft ahead of publication, is co-authored by academics at Ruhr-University Bochum, Germany, and the University of Michigan in the US — and entitled: (Un)informed Consent: Studying GDPR Consent Notices in the Field.

The researchers ran a number of studies, gathering ~5,000 of cookie notices from screengrabs of leading websites to compile a snapshot (derived from a random sub-sample of 1,000) of the different cookie consent mechanisms in play in order to paint a picture of current implementations.

They also worked with a German ecommerce website over a period of four months to study how more than 82,000 unique visitors to the site interacted with various cookie consent designs which the researchers’ tweaked in order to explore how different defaults and design choices affected individuals’ privacy choices.

Their industry snapshot of cookie consent notices found that the majority are placed at the bottom of the screen (58%); not blocking the interaction with the website (93%); and offering no options other than a confirmation button that does not do anything (86%). So no choice at all then.

A majority also try to nudge users towards consenting (57%) — such as by using ‘dark pattern’ techniques like using a color to highlight the ‘agree’ button (which if clicked accepts privacy-unfriendly defaults) vs displaying a much less visible link to ‘more options’ so that pro-privacy choices are buried off screen.

And while they found that nearly all cookie notices (92%) contained a link to the site’s privacy policy, only a third (39%) mention the specific purpose of the data collection or who can access the data (21%).

The GDPR updated the EU’s long-standing digital privacy framework, with key additions including tightening the rules around consent as a legal basis for processing people’s data — which the regulation says must be specific (purpose limited), informed and freely given for consent to be valid.

Even so, since May last year there has been an outgrown in cookie ‘consent’ mechanisms popping up or sliding atop websites that still don’t offer EU visitors the necessary privacy choices, per the research.

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law,” the researchers argue.

“Our results show that a reasonable amount of users are willing to engage with consent notices, especially those who want to opt out or do not want to opt in. Unfortunately, current implementations do not respect this and the large majority offers no meaningful choice.”

The researchers also record a large differential in interaction rates with consent notices — of between 5 and 55% — generated by tweaking positions, options, and presets on cookie notices.

This is where consent gets manipulated — to flip visitors’ preference for privacy.

They found that the more choices offered in a cookie notice, the more likely visitors were to decline the use of cookies. (Which is an interesting finding in light of the vendor laundry lists frequently baked into the so-called “transparency and consent framework” which the industry association, the Internet Advertising Bureau (IAB), has pushed as the standard for its members to use to gather GDPR consents.)

“The results show that nudges and pre-selection had a high impact on user decisions, confirming previous work,” the researchers write. “It also shows that the GDPR requirement of privacy by default should be enforced to make sure that consent notices collect explicit consent.”

Here’s a section from the paper discussing what they describe as “the strong impact of nudges and pre-selections”:

Overall the effect size between nudging (as a binary factor) and choice was CV=0.50. For example, in the rather simple case of notices that only asked users to confirm that they will be tracked, more users clicked the “Accept” button in the nudge condition, where it was highlighted (50.8% on mobile, 26.9% on desktop), than in the non-nudging condition where “Accept” was displayed as a text link (39.2% m, 21.1% d). The effect was most visible for the category-and vendor-based notices, where all checkboxes were pre-selected in the nudging condition, while they were not in the privacy-by-default version. On the one hand, the pre-selected versions led around 30% of mobile users and 10% of desktop users to accept all third parties. On the other hand, only a small fraction (< 0.1%) allowed all third parties when given the opt-in choice and around 1 to 4 percent allowed one or more third parties (labeled “other” in 4). None of the visitors with a desktop allowed all categories. Interestingly, the number of non-interacting users was highest on average for the vendor-based condition, although it took up the largest part of any screen since it offered six options to choose from.

The key implication is that just 0.1% of site visitors would freely choose to enable all cookie categories/vendors — i.e. when not being forced to do so by a lack of choice or via nudging with manipulative dark patterns (such as pre-selections).

Rising a fraction, to between 1-4%, who would enable some cookie categories in the same privacy-by-default scenario.

“Our results… indicate that the privacy-by-default and purposed-based consent requirements put forth by the GDPR would require websites to use consent notices that would actually lead to less than 0.1 % of active consent for the use of third parties,” they write in conclusion.

They do flag some limitations with the study, pointing out that the dataset they used that arrived at the 0.1% figure is biased — given the nationality of visitors is not generally representative of public Internet users, as well as the data being generated from a single retail site. But they supplemented their findings with data from a company (Cookiebot) which provides cookie notices as a SaaS — saying its data indicated a higher accept all clicks rate but still only marginally higher: Just 5.6%.

Hence the conclusion that if European web users were given an honest and genuine choice over whether or not they get tracked around the Internet, the overwhelming majority would choose to protect their privacy by rejecting tracking cookies.

This is an important finding because GDPR is unambiguous in stating that if an Internet service is relying on consent as a legal basis to process visitors’ personal data it must obtain consent before processing data (so before a tracking cookie is dropped) — and that consent must be specific, informed and freely given.

Yet, as the study confirms, it really doesn’t take much clicking around the regional Internet to find a gaslighting cookie notice that pops up with a mocking message saying by using this website you’re consenting to your data being processed how the site sees fit — with just a single ‘Ok’ button to affirm your lack of say in the matter.

It’s also all too common to see sites that nudge visitors towards a big brightly colored ‘click here’ button to accept data processing — squirrelling any opt outs into complex sub-menus that can sometimes require hundreds of individual clicks to deny consent per vendor.

You can even find websites that gate their content entirely unless or until a user clicks ‘accept’ — aka a cookie wall. (A practice that has recently attracted regulatory intervention.)

Nor can the current mess of cookie notices be blamed on a lack of specific guidance on what a valid and therefore legal cookie consent looks like. At least not any more. Here, for example, is a myth-busting blog which the UK’s Information Commissioner’s Office (ICO) published last month that’s pretty clear on what can and can’t be done with cookies.

For instance on cookie walls the ICO writes: “Using a blanket approach such as this is unlikely to represent valid consent. Statements such as ‘by continuing to use this website you are agreeing to cookies’ is not valid consent under the higher GDPR standard.” (The regulator goes into more detailed advice here.)

While France’s data watchdog, the CNIL, also published its own detailed guidance last month — if you prefer to digest cookie guidance in the language of love and diplomacy.

(Those of you reading TechCrunch back in January 2018 may also remember this sage plain english advice from our GDPR explainer: “Consent requirements for processing personal data are also considerably strengthened under GDPR — meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable.” So don’t say we didn’t warn you.)

Nor are Europe’s data protection watchdogs lacking in complaints about improper applications of ‘consent’ to justify processing people’s data.

Indeed, ‘forced consent’ was the substance of a series of linked complaints by the pro-privacy NGO noyb, which targeted T&Cs used by Facebook, WhatsApp, Instagram and Google Android immediately GDPR started being applied in May last year.

While not cookie notice specific, this set of complaints speaks to the same underlying principle — i.e. that EU users must be provided with a specific, informed and free choice when asked to consent to their data being processed. Otherwise the ‘consent’ isn’t valid.

So far Google is the only company to be hit with a penalty as a result of that first wave of consent-related GDPR complaints; France’s data watchdog issued it a $57M fine in January.

But the Irish DPC confirmed to us that three of the 11 open investigations it has into Facebook and its subsidiaries were opened after noyb’s consent-related complaints. (“Each of these investigations are at an advanced stage and we can’t comment any further as these investigations are ongoing,” a spokeswoman told us. So, er, watch that space.)

The problem, where EU cookie consent compliance is concerned, looks to be both a failure of enforcement and a lack of regulatory alignment — the latter as a consequence of the ePrivacy Directive (which most directly concerns cookies) still not being updated, generating confusion (if not outright conflict) with the shiny new GDPR.

However the ICO’s advice on cookies directly addresses claimed inconsistencies between ePrivacy and GDPR, stating plainly that Recital 25 of the former (which states: “Access to specific website content may be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose”) does not, in fact, sanction gating your entire website behind an ‘accept or leave’ cookie wall.

Here’s what the ICO says on Recital 25 of the ePrivacy Directive:

  • ‘specific website content’ means that you should not make ‘general access’ subject to conditions requiring users to accept non-essential cookies – you can only limit certain content if the user does not consent;
  • the term ‘legitimate purpose’ refers to facilitating the provision of an information society service – ie, a service the user explicitly requests. This does not include third parties such as analytics services or online advertising;

So no cookie wall; and no partial walls that force a user to agree to ad targeting in order to access the content.

It’s worth point out that other types of privacy-friendly online advertising are available with which to monetize visits to a website. (And research suggests targeted ads offer only a tiny premium over non-targeted ads, even as publishers choosing a privacy-hostile ads path must now factor in the costs of data protection compliance to their calculations — as well as the cost and risk of massive GDPR fines if their security fails or they’re found to have violated the law.)

Negotiations to replace the now very long-in-the-tooth ePrivacy Directive — with an up-to-date ePrivacy Regulation which properly takes account of the proliferation of Internet messaging and all the ad tracking techs that have sprung up in the interim — are the subject of very intense lobbying, including from the adtech industry desperate to keep a hold of cookie data. But EU privacy law is clear.

“[Cookie consent]’s definitely broken (and has been for a while). But the GDPR is only partly to blame, it was not intended to fix this specific problem. The uncertainty of the current situation is caused the delay of the ePrivacy regulation that was put on hold (thanks to lobbying),” says Martin Degeling, one of the research paper’s co-authors, when we suggest European Internet users are being subject to a lot of ‘consent theatre’ (ie noisy yet non-compliant cookie notices) — which in turn is causing knock-on problems of consumer mistrust and consent fatigue for all these useless pop-ups. Which work against the core aims of the EU’s data protection framework.

“Consent fatigue and mistrust is definitely a problem,” he agrees. “Users that have experienced that clicking ‘decline’ will likely prevent them from using a site are likely to click ‘accept’ on any other site just because of one bad experience and regardless of what they actually want (which is in most cases: not be tracked).”

“We don’t have strong statistical evidence for that but users reported this in the survey,” he adds, citing a poll the researchers also ran asking site visitors about their privacy choices and general views on cookies. 

Degeling says he and his co-authors are in favor of a consent mechanism that would enable web users to specify their choice at a browser level — rather than the current mess and chaos of perpetual, confusing and often non-compliant per site pop-ups. Although he points out some caveats.

“DNT [Do Not Track] is probably also not GDPR compliant as it only knows one purpose. Nevertheless  something similar would be great,” he tells us. “But I’m not sure if shifting the responsibility to browser vendors to design an interface through which they can obtain consent will lead to the best results for users — the interfaces that we see now, e.g. with regard to cookies, are not a good solution either.

“And the conflict of interest for Google with Chrome are obvious.”

The EU’s unfortunate regulatory snafu around privacy — in that it now has one modernized, world-class privacy regulation butting up against an outdated directive (whose progress keeps being blocked by vested interests intent on being able to continue steamrollering consumer privacy) — likely goes some way to explaining why Member States’ data watchdogs have generally been loath, so far, to show their teeth where the specific issue of cookie consent is concerned.

At least for an initial period the hope among data protection agencies (DPAs) was likely that ePrivacy would be updated and so they should wait and see.

They have also undoubtedly been providing data processors with time to get their data houses and cookie consents in order. But the frictionless interregnum while GDPR was allowed to ‘bed in’ looks unlikely to last much longer.

Firstly because a law that’s not enforced isn’t worth the paper it’s written on (and EU fundamental rights are a lot older than the GDPR). Secondly, with the ePrivacy update still blocked DPAs have demonstrated they’re not just going to sit on their hands and watch privacy rights be rolled back — hence them putting out guidance that clarifies what GDPR means for cookies. They’re drawing lines in the sand, rather than waiting for ePrivacy to do it (which also guards against the latter being used by lobbyists as a vehicle to try to attack and water down GDPR).

And, thirdly, Europe’s political institutions and policymakers have been dining out on the geopolitical attention their shiny privacy framework (GDPR) has attained.

Much has been made at the highest levels in Europe of being able to point to US counterparts, caught on the hop by ongoing tech privacy and security scandals, while EU policymakers savor the schadenfreude of seeing their US counterparts being forced to ask publicly whether it’s time for America to have its own GDPR.

With its extraterritorial scope, GDPR was always intended to stamp Europe’s rule-making prowess on the global map. EU lawmakers will feel they can comfortably check that box.

However they are also aware the world is watching closely and critically — which makes enforcement a very key piece. It must slot in too. They need the GDPR to work on paper and be seen to be working in practice.

So the current cookie mess is a problematic signal which risks signposting regulatory failure — and that simply isn’t sustainable.

A spokesperson for the European Commission told us it cannot comment on specific research but said: “The protection of personal data is a fundamental right in the European Union and a topic the Juncker commission takes very seriously.”

“The GDPR strengthens the rights of individuals to be in control of the processing of personal data, it reinforces the transparency requirements in particular on the information that is crucial for the individual to make a choice, so that consent is given freely, specific and informed,” the spokesperson added. 

“Cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.”

All of which suggests that the movement, when it comes, must come from a reforming adtech industry.

With robust privacy regulation in place the writing is now on the wall for unfettered tracking of Internet users for the kind of high velocity, real-time trading of people’s eyeballs that the ad industry engineered for itself when no one knew what was being done with people’s data.

GDPR has already brought greater transparency. Once Europeans are no longer forced to trade away their privacy it’s clear they’ll vote with their clicks not to be ad-stalked around the Internet too.

The current chaos of non-compliant cookie notices is thus a signpost pointing at an underlying privacy lag — and likely also the last gasp signage of digital business models well past their sell-by-date.

Reports say White House has drafted an order putting the FCC in charge of monitoring social media

The White House is contemplating issuing an executive order that would widen its attack on the operations of social media companies.

The White House has prepared an executive order called “Protecting Americans from Online Censorship” that would give the Federal Communications Commission oversight of how Facebook, Twitter and other tech companies monitor and manage their social networks, according to a CNN report.

Under the order, which has not yet been announced and could be revised, the FCC would be tasked with developing new regulations that would determine when and how social media companies filter posts, videos or articles on their platforms.

The draft order also calls for the Federal Trade Commission to take those new policies into account when investigating or filing lawsuits against technology companies, according to the CNN report.

Social media censorship has been a perennial talking point for President Donald Trump and his administration. In May, the White House set up a tip line for people to provide evidence of social media censorship and a systemic bias against conservative media.

In the executive order, the White House says it received more than 15,000 complaints about censorship by the technology platforms. The order also includes an offer to share the complaints with the Federal Trade Commission.

As part of the order, the Federal Trade Commission would be required to open a public complaint docket and coordinate with the Federal Communications Commission on investigations of how technology companies curate their platforms — and whether that curation is politically agnostic.

Under the proposed rule, any company whose monthly user base includes more than one-eighth of the U.S. population would be subject to oversight by the regulatory agencies. A roster of companies subject to the new scrutiny would include Facebook, Google, Instagram, Twitter, Snap and Pinterest .

At issue is how broadly or narrowly companies are protected under the Communications Decency Act, which was part of the Telecommunications Act of 1996. Social media companies use the Act to shield against liability for the posts, videos or articles that are uploaded from individual users or third parties.

The Trump administration aren’t the only politicians in Washington are focused on the laws that shield social media platforms from legal liability. House Speaker Nancy Pelosi took technology companies to task earlier this year in an interview with Recode.

The criticisms may come from different sides of the political spectrum, but their focus on the ways in which tech companies could use Section 230 of the Act is the same.

The White House’s executive order would ask the FCC to disqualify social media companies from immunity if they remove or limit the dissemination of posts without first notifying the user or third party that posted the material, or if the decision from the companies is deemed anti-competitive or unfair.

The FTC and FCC had not responded to a request for comment at the time of publication.

Sperm storage startups are raising millions

A number of startups are bringing technology and innovation to the fertility industry, with a growing few focused specifically on male fertility.

“Society at large doesn’t understand the subject of fertility,” Tom Smith, the co-founder and chief executive officer of men’s sperm storage startup Dadi tells TechCrunch. “People see it as a female issue.”

Dadi has raised a $5 million seed extension led by The Chernin Group, a private equity fund that typically invests in media, with existing investors including London seed-fund Firstminute Capital and New York’s Third Kind Venture Capital also participating. The company, which sends at-home fertility tests and sperm storage kits, closed a $2 million seed round earlier this year.

Dadi’s funding event comes shortly after another men’s fertility business, Legacy, raised a $1.5 million round for its sperm testing and freezing service. Both companies hope to leverage venture capital funding to become the dominant men’s fertility brand.

Bain Capital Ventures -backed Legacy, which won TechCrunch’s Startup Battlefield competition at Disrupt Berlin 2018, allows men to get their sperm tested and frozen without visiting a clinic or meeting with a doctor. Founder and chief executive officer Khaled Kteily said the company, which is based out of the Harvard Innovation Labs in Boston, planned to use the capital to expand its sperm analysis and cryogenic storage services.

040319 AG WaPo Legacy Sperm Freezing 0016

Sarah Steinle, head of marketing, Khaled Kteily, founder and CEO, and Daniel Madero, head of clinic partnerships at Legacy .

Like many startups today, Dadi and Legacy are capitalizing on the direct-to-consumer business model to educate men about their fertility. Customers of both Dadi and Legacy simply order a DIY sperm collection kit online, collect a sperm sample and send it back to the company for a full fertility report. Both companies offer sperm storage services too. Dadi charges a total of $199.98 for its sperm testing kit and one year of sperm storage, while Legacy asks for $350 for clinical fertility analysis and lifestyle recommendations. To store your sperm in Legacy’s cryogenic storage facilities, it’s an additional $20 per month.

One in six couples struggles to get pregnant after one year of trying. According to the U.S. Department of Health & Human Services, one-third of the infertility cases amongst those couples are caused by fertility problems in men, another one-third of issues are connected to women and the remaining cases are a result of a combination of male and female fertility issues. By making sperm storage more accessible, startups hope to encourage a conversation around family planning and fertility among young men.

“Men also have a biological clock,” Smith said. “From your late 20s and onward, your overall sperm count absolutely declines and, more importantly, the number of mutations that can be passed on to that potential child grows.”

Dadi, a New York-based company, plans to use its latest bout of funding to continue developing a number of yet-to-be-announced products, as well as offer new support services to customers who’ve taken Dadi’s fertility tests: “If we are going to live up to our overall objective of being this encompassing business helping men through the fertility stack, the next step for us is investing in next-step support,” Smith explains.

Dadi’s founding team lacks experience in the healthcare sector, which is likely to pose problems as the company expands and forges partnerships in the greater healthcare field. Smith previously led a custom emoji business, Imoji, which was acquired by Giphy in 2017. Dadi co-founder Mackey Saturday, for his part, was previously a graphic designer responsible for creating Instagram’s logo.

Aiming to make up for its lack of expertise, Dadi has formed a Science and Technology Advisory Board with participation from Dr. Michael Eisenberg, associate professor of urology at Stanford’s Medical Center, and Dr. Jacques Cohen, the laboratory director at ART Institute of Washington at Walter Reed National Military Medical Center.

Legacy’s Kteily previously worked as a consultant focused on health & life sciences before serving as a senior manager at the World Economic Forum. Daniel Madero and Sarah Steinle, also Legacy co-founders, previously worked at Medifertil, a Colombian fertility clinic, and Extend Fertility, respectively.

In addition to Dadi and Legacy, other companies close to the space have recently secured notable investments including Hims, the provider of direct-to-consumer erectile dysfunction (ED) and hair loss medication, which raised a $100 million this year. Another seller of ED meds, Ro, has raised a total of $91 million. And Manual, an educational portal and treatment platform for men’s issues, raised a £5 million seed round in January from Felix Capital, Cherry Ventures and Cassius Capital.

Instagram ad partner secretly sucked up and tracked millions of users’ locations and stories

Hyp3r, an apparently trusted marketing partner of Facebook and Instagram, has been secretly collecting and storing location and other data on millions of users, against the policies of the social networks, Business Insider reported today. It’s hard to see how it could do this for years without intervention by the platforms except if the latter were either ignorant or complicit.

After BI informed Instagram, the company confirmed that Hyp3r (styled HYP3R) had violated its policies and has now been removed from the platform. In a statement to TechCrunch, a Facebook spokesperson confirmed the report, saying:

HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.

The company started several years ago as a platform via which advertisers could target users attending a given event, like a baseball game or concert. It used Instagram’s official API to hoover up data originally, the kind of data-gathering that has been happening for years by unsavory firms in tech, most infamously Cambridge Analytica.

The idea of getting an ad because you’re at a ball game isn’t so scary, but if the company maintains a persistent record not just of your exact locations, but objects in your photos and types of places you visit, in order to combine that with other demographics and build a detailed shadow profile… well, that’s a little scary. And so Hyp3r’s business model evolved.

Unfortunately, the API was severely restricted in early 2018, limiting Hyp3r’s access to location and user data. Although there were unconfirmed reports that this led to layoffs at the company around the time, the company seems to have survived (and raised millions shortly afterwards) not by adapting its business model, but by sneaking around the apparently quite minimal barriers Instagram put in place to prevent location data from being scraped.

Some of this was done by taking advantage of Instagram’s Location pages, which would serve up public accounts visiting them to anyone who asked, logged in or not. (This was one of the features turned off today by Instagram.)

According to BI’s report, Hyp3r built tools to circumvent limitations on both location collection and saving of personal accounts’ stories — content meant to disappear after 24 hours. If a user posted anything at one of thousands of locations and regions monitored by Hyp3r, their data would be sucked up and added to their shadow profile.

To be clear, it only collected information from public stories and accounts. Naturally these people opted out of a certain amount of privacy by choosing a public account, but as the Cambridge Analytica case and others have shown, no one expects or should have to expect that their data is being secretly and systematically assembled into a personal profile by a company they’ve never heard of.

Facebook and Instagram, however, had definitely heard of Hyp3r. In fact, Hyp3r could until today be found in the official Facebook Marketing Partners directory, a curated list of companies it recommends for various tasks and services that advertisers might need.

And Hyp3r has been quite clear about what it is doing, though not about the methods by which it is doing it. It wasn’t a secret that the company was building profiles based around tracking locations and brands — that was presumably what Facebook listed it for. It was only when this report surfaced that Hyp3r had its Facebook Marketing Partner privileges rescinded.

It’s unclear how Hyp3r could exist as a privileged member of Facebook’s stable of recommended companies and simultaneously be in such blatant violation of its policies. If these partners receive even cursory reviews of their products and methods, wouldn’t it have been obvious to any informed auditor that there was no legitimate source for the location and other data that Hyp3r was collecting? Wouldn’t it have been obvious that it was engaging in Automated Data Collection, which is specifically prohibited without Facebook’s permission?

I’ve asked Facebook for more detail on how and when its Marketing Partners are reviewed, and how this seemingly fundamental violation of the prohibition against automated data collection could have gone undetected for so long. This story is developing and may be updated further.

Instagram and Facebook are experiencing outages

Users reported issues with Instagram and Facebook Sunday morning.

The mobile apps wouldn’t load for many users beginning in the early hours of the morning, prompting thousands to take to Twitter to complain about the outage. #facebookdown and #instagramdown are both trending on Twitter at time of publish.

We’ve reached out to Facebook for more information and when they are expecting services to come back online. We’ll update this story when we hear back.

 

Facebook to admit ownership of Instagram, WhatsApp in hard-to-read small-print

For the first time in more than half a decade, Facebook wants to inform you that it owns Instagram, the hyper-popular rival social networking app it acquired for a $1BN steal back in 2012.

Ditto messaging platform WhatsApp — which Mark Zuckerberg splurged $19BN on a couple of years later to keep feeding eyeballs into his growth engine.

Facebook is adding its own brand name alongside the other two — in the following format: ‘Instagram from Facebook’; ‘WhatsApp from Facebook.’

The cheap perfume style rebranding was first reported by The Information which cites three people familiar with the matter who told it employees for the two apps were recently notified internally of the plan to rebrand.

“The move to add Facebook’s name to the apps has been met with surprise and confusion internally, reflecting the autonomy that the units have operated under,” it said. Although it also reported that CEO Mark Zuckerberg has also been frustrated that Facebook doesn’t get more credit for the growth of Instagram and WhatsApp.

So it sounds like Facebook may be hoping for a little reverse osmosis brand-washing — aka leveraging the popularity of its cleaner social apps to detoxify the scandal-hit mothership.

Not that Facebook is saying anything like that publicly, of course.

In a statement to The Information confirming the rebranding it explained it thus: “We want to be clearer about the products and services that are part of Facebook.”

The rebranding also comes at a time when Facebook is facing at least two antitrust investigations on its home turf — where calls for Facebook and other big tech giants to be broken up are now a regular feature of the campaign trail…

We can only surmise the legal advice Facebook must be receiving vis-a-vis what it should do to try to close down break up arguments that could deprive it of its pair of golden growth geese.

Arguments such as the fact most Instagram (and WhatsApp) users don’t even know they’re using a Facebook-owned app. Hence, as things stand, it would be pretty difficult for Facebook’s lawyers to successfully argue Instagram and WhatsApp users would be harmed if the apps were cut free by a break-up order.

But now — with the clumsy ‘from Facebook’ construction — Facebook can at least try to make a case that users are in a knowing relationship with Facebook in which they willingly, even if not lovingly, place their eyeballs in Zuckerberg’s bucket.

In which case Facebook is not telling you the Instagram user that it owns Instagram for your benefit. Not even slightly.

Note, for example, the use of the comparative adjective “clearer” in Facebook’s statement to explain its intent for the rebranding — rather than a simple statement: ‘we want to be clear’.

It’s definitely not saying it’s going to individually broadcast its ownership of Instagram and WhatsApp to each and every user on those networks. More like it’s going to try to creep the Facebook brand in. Which is far more in corporate character.

At the time of writing a five day old update of of Instagram’s iOS app already features the new construction — although it looks far more dark pattern than splashy rebrand, with just the faintest whisker of grey text at the base of the screen to disclose that you’re about to be sucked into the Facebook empire (vs a giant big blue ‘Create new account’ button winking to be tapped up top… )

Here’s the landing screen — with the new branding. Blink and you’ll miss it…

image2

So not full disclosure then. More like just an easily overlooked dab of the legal stuff — to try to manage antitrust risk vs the risk of Facebook brand toxicity poisoning the (cleaner) wells of Instagram and WhatsApp.

There are signs the company is experimenting in some extremely dilute cross-brand-washing too.

The iOS app description for Instagram includes the new branding — tagged to an ad style slogan that gushes: “Bringing you closer to the people and things you love.”  But, frankly, who reads app descriptions?

image1

Up until pretty recently, both Instagram and WhatsApp had a degree of independence from their rapacious corporate parent — granted brand and operational independence under the original acquisition terms and leadership of their original founders.

Not any more, though. Instagram’s founders cleared out last year. While WhatsApp’s jumped ship between 2017 and 2018.

Zuckerberg lieutenants and/or long time Facebookers are now running both app businesses. The takeover is complete.

Facebook is also busy working on entangling the backends of its three networks — under a claimed ‘pivot to privacy‘ which it announced earlier this year.

This also appears intended to try to put regulators off by making breaking up Facebook much harder than it would be if you could just split it along existing app lines. Theories of user harm potentially get more complicated if you can demonstrate cross-platform chatter.

The accompanying 3,000+ word screed from Zuckerberg introduced the singular notion of “the Facebook network”; aka one pool for users to splash in, three differently colored slides to funnel you in there.

“In a few years, I expect future versions of Messenger and WhatsApp to become the main ways people communicate on the Facebook network,” he wrote. “If this evolution is successful, interacting with your friends and family across the Facebook network will become a fundamentally more private experience.”

The ‘from Facebook’ rebranding thus looks like just a little light covering fire for the really grand dodge Facebook is hoping to pull off as the break-up bullet speeds down the pipe: Aka Entangling its core businesses at the infrastructure level.

From three networks to one massive Facebook-owned user data pool. 

One network to rule them all, one network to find them,
One network to bring them all, and in the regulatory darkness bind them

Facebook and YouTube’s moderation failure is an opportunity to deplatform the platforms

Facebook, YouTube, and Twitter have failed their task of monitoring and moderating the content that appears on their sites; what’s more, they failed to do so well before they knew it was a problem. But their incidental cultivation of fringe views is an opportunity to recast their role as the services they should be rather than the platforms they have tried so hard to become.

The struggles of these juggernauts should be a spur to innovation elsewhere: While the major platforms reap the bitter harvest of years of ignoring the issue, startups can pick up where they left off. There’s no better time to pass someone up as when they’re standing still.

Asymmetrical warfare: Is there a way forward?

At the heart of the content moderation issue is a simple cost imbalance that rewards aggression by bad actors while punishing the platforms themselves.

To begin with, there is the problem of defining bad actors in the first place. This is a cost that must be borne from the outset by the platform: With the exception of certain situations where they can punt (definitions of hate speech or groups for instance), they are responsible for setting the rules on their own turf.

That’s a reasonable enough expectation. But carrying it out is far from trivial; you can’t just say “here’s the line; don’t cross it or you’re out.” It is becoming increasingly clear that these platforms have put themselves in an uncomfortable lose-lose situation.

If they have simple rules, they spend all their time adjudicating borderline cases, exceptions, and misplaced outrage. If they have more granular ones, there is no upper limit on the complexity and they spend all their time defining it to fractal levels of detail.

Both solutions require constant attention and an enormous, highly-organized and informed moderation corps, working in every language and region. No company has shown any real intention to take this on — Facebook famously contracts the responsibility out to shabby operations that cut corners and produce mediocre results (at huge human and monetary cost); YouTube simply waits for disasters to happen and then quibbles unconvincingly.

Week in Review: Regulation boogaloo

Hello, weekenders. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how services like Instagram had moved beyond letting their algorithms take over the curation process as they tested minimizing key user metrics such as “like” counts on the platform.


John Taggart/Bloomberg via Getty Images

The big story

The big news stories this week intimately involved the government poking its head into the tech industry. What was clear between the two biggest stories, the DoJ approving the Sprint/T -Mobile merger and the FTC giving Facebook a $5 billion slap on the wrist, is that big tech has little to worry about its inertia being contained.

It seems the argument from Spring and T-Mobile that it was better to have three big telecom companies in the U.S. rather than two contenders and two pretenders, seems to have stuck. Similarly, Facebook seems to have done a worthy job of indicating that it will handle the complicated privacy stuff but that they’ll let the government orgs see what they’re up to.

Fundamentally, none of these orgs seem to want to harm the growth of these American tech companies and I have a tough time believing that perspective is going to magically get more toothy in some of these early antitrust investigations. The government might be making a more concerted effort to understand how these businesses are structured, but even focusing solely on something like the cloud businesses of Microsoft, Google and Amazon, I have little doubt that the government is going to spend an awfully long time in the observation phase.

The danger is erraticism and for that the worst government fear for tech isn’t a three-letter agency, it’s the Twitter ramblings of POTUS.

feedback -> @lucasmtny

Onto the rest of the week’s news.

Intel and Apple logos

(Photo: ALASTAIR PIKE,THOMAS SAMSON/AFP/Getty Images)

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple dropping $1 billion on Intel’s modem business
    Apple is snapping up a missing link in its in-house component production with the $1B purchase of most of Intel’s modem business. This follows a dramatic saga between Intel, Qualcomm and Apple over the past year, but Apple will be making its own smartphone modems the question is when they actually end up in new iPhones. Read more here.
  • Microsoft dropping $1 billion on OpenAI
    Microsoft announced this week that it is dumping $1 billion into Sam Altman’s OpenAI research group. The partnership is pretty major, but it’s just one of the interesting avenues Microsoft is using to ensure its Azure services gain notable customers. Read more here.
  • Galaxy Fold is coming back!
    After a very embarrassing soft launch, Samsung which managed to make it a several devices beyond the Note 7 before another garbage fire is trying its hand at the Galaxy Fold again and will be releasing it sometime in September. It seems like the carriers are a little dubious of the prospect and T-Mobile has already opted out of carrying it. Read more here.

darkened facebook logo

GAFA Gaffes [Facebook Edition!!]

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook gets five:
    [Facebook settles with FTC: $5 billion and new privacy guarantees]
  2. FTC isn’t quite done with Facebook:
    [Facebook says it’s under antitrust investigation by the FTC]
  3. Facebook dismissed CA warnings:
    [Facebook ignored staff warnings about sketchy Cambridge Analytica in September 2015]
  4. Facebook left kids vulnerable:
    [Facebook fails to keep Messenger Kids safety promise]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. This week, my colleague Danny spoke with some top VCs about why fintech startups have been raising massive amounts of cash and he seemed to walk away with some interesting impressions.

Why fintech VC mega rounds have become so common

“…The biggest challenge that has faced fintech companies for years — really, the industry’s consistent Achilles’ heel — is the cost of acquiring a customer. Financial customer relationships are incredibly valuable, and the cost of acquiring a user for any product is among the most expensive in every major channel.

And those costs are going up…”

Here are some of our other top reads for premium subscribers.

We’re excited to announce The Station, a new TechCrunch newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning in August.