Tech Brew Ride Home - Thu. 07/11 - Bird In Trouble Or Turning The Corner?
Episode Date: July 11, 2019Apple quietly brings the hammer down on Zoom’s hidden web server, Apple also turns off Walkie Talkie in order to fix it, Google Assistant is listening in on you also, Amazon Music is a streaming dar...k-horse and dang is Bird losing a lot of money. Sponsors: SVB.com/next Metalab.co Links: Apple has pushed a silent Mac update to remove hidden Zoom web server (TechCrunch) Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping (TechCrunch) WHO’S LISTENING WHEN YOU TALK TO YOUR GOOGLE ASSISTANT? (Wired) OneTrust raised $200M at a $1.3B valuation to help organizations navigate online privacy rules (TechCrunch) Amazon becomes fastest-growing music steaming service (Financial Times) Hit by Big Loss, Bird Seeks $300M in New Funds (The Information) Blockstack wins first-ever SEC approval for a token offering under Reg A+ listing (The Block) 2020 iPhone to reduce TrueDepth notch, full-screen display rumored for 2021 (Apple Insider) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the TechMeme ride home for Thursday, July 11th, 2019. I'm Brian McCullough. Today, Apple quietly brings the hammer down on Zoom's hidden web server. Apple also turns off walkie-talkie in order to fix it. Google Assistant is listening in on you as well. Amazon Music as a streaming dark horse. And dang, is Bird losing a lot of money? Here's what you missed today in the world of tech. Apple has pushed a silent Mac update to remove the hidden web.
server in the Zoom app that would let websites add a user to a video call without their permission.
What is a silent Mac update? Glad you asked. Quoting TechCrunch, Apple said the update does not
require any user interaction and is deployed automatically. Apple often pushes silent signature
updates to Macs to thwart known malware, similar to an anti-malware service, but it's rare
for Apple to take action publicly against a known or popular app.
The company said it pushed the update to protect users from the risks posed by the exposed web server.
Zoom spokesperson Priscilla McCarthy told TechCrunch, quote,
we're happy to have worked with Apple on testing this update.
We expect the web server issue to be resolved today.
We appreciate our users' patience as we continue to work through addressing their concerns, end quote.
Yeah, on that last bit, I'm sure you worked with Apple on this update.
I'm sure Apple is totes thrilled with you guys right now.
I'm sure Apple just loves to have to push a fully nuclear software update because one software vendor in particular has done something shady.
Should be noted that Zoom did in fact release its own patch to its software on Tuesday after initially saying it wouldn't.
Quote, late Monday evening, the company published an extensive statement defending the practice and addressing other bugs found by security researcher Jonathan Leitzsch.
But it declined to fully address the concern that,
an attacker could distribute a malicious Zoom call URL, trick users into clicking it, and then open a
channel to their lives when their webcam automatically activated. Zoom originally said that it would
just adjust the settings by which a user chose to launch video by default with every call.
That proposed tweak did little to Molify critics who pointed to Zoom's casual use of a local
web server on Mac computers. That feature allowed Mac users to join meetings seamlessly, but
potentially created the risk of remote code executive attacks and circumvented a safari feature
that exists precisely to expand privacy protections, end quote.
It should also be noted. A lot of people were like, Apple can do silent software updates that
users don't even have to lift a finger for. As John Gales tweeted, hidden self-updating software
does silent update to eliminate other hidden self-updating software. Privacy wins.
But hey, Apple security has apparently had a busy 72 hours or so because Apple says it is also temporarily disabling the Apple Watch walkie-talkie app due to a vulnerability that Apple found which would allow someone to listen in to another person's iPhone.
Apple apologized for the bug and said the walkie-talkie feature will remain unavailable until the company can find a fix.
Quoting TechCrunch, the walkie-talkie app on Apple Watch allows two users who have accepted in.
invite from each other to receive audio chats via a push-to-talk interface reminiscent of the
PTT buttons on older cell phones. A statement from Apple reads this, quote,
We were just made aware of a vulnerability related to the walkie-talkie app on the Apple Watch
and have disabled the function as we quickly fix the issue. We apologize to our customers
for the inconvenience and we'll restore the functionality as soon as possible. Although we are not
aware of any use of the vulnerability against a customer and specific conditions and sequences
of events are required to exploit it, we take the security and privacy of our customers extremely
seriously. We concluded that disabling the app was the right course of action as this bug
could allow someone to listen through another customer's iPhone without consent. We apologize
again for this issue and the inconvenience, end quote. Belgian public broadcaster VRT obtained more
than 1,000 Google Assistant audio clips from, quote, a Google contractor who is part of the
workforce that is paid to review audio captured by Google Assistant devices. Some of the recordings
were what you would expect. People asking for weather, asking for directions, etc., but, quote,
wired reviewed transcripts of the files shared by VRT, which published a report on its findings Wednesday.
In roughly 150 of the recordings, the broadcaster says the assistant appears to have activated
incorrectly after mishearing its wake word. Some of those captured fragments of phone calls and
private conversations. They include announcements that someone needed the bathroom and what
appeared to be discussions on personal topics, including a child's growth rate, how a wound was
healing, and someone's love life. Google says it transcribes a fraction of audio from the
assistant to improve its automated voice processing technology. Yet the sensitive data in the
recordings and instances of Google's algorithms listening in unbidden make some people,
including the worker who shared audio with VRT and some privacy experts, uncomfortable. Privacy scholars say
Google's practices may breach the European Union privacy rules known as GDPR introduced last year,
which provide special protections for sensitive data such as medical information and require
transparency about how personal data is collected and processed. In a statement, a Google spokesperson
said the company has launched an investigation because the contractor breached data security
policies. The statement said Google uses, quote, language experts around the world to transcribe
audio from the company's assistant, but that they only review around 0.2% of all recordings,
which are not associated with user accounts.
Google's reviewers may not see account data,
but they still get to hear very private information,
for example, related to health.
Jeff Osluss, a researcher at the Center for IT and IP law
at the University of Leuven in Belgium,
told VRT that means Google's system may not comply with GDPR,
which requires explicit consent to collect health data, end quote.
You know, they say they only review 0.2% of all recordings,
but that still sums up to a heck of a lot of recordings.
And speaking of GDPR,
One Trust is a startup which builds tools to help companies
navigate things like data protection and privacy policies,
things like GDPR and the recent California Consumer Privacy Act.
One Trust just announced a $200 million Series A,
led by Insight Partners, at a $1.3 billion dollar valuation,
quoting TechCrunch.
It's an outside,
round for a series A being made at an equally outsized valuation, especially considering that the
company is only three years old. But that's because, according to CEO Kabir Barday, of the
wide-ranging nature of the issue and one trust's early moves and subsequent pull position in tackling
it. Quote, we're talking about an operational overhaul in a company's practices, Barday said in
an interview. That requires the right technology and reach to be able to deliver that at a low
cost, end quote. Notably, he said that One Trust wasn't actually in search of funding. It's already
generating revenue and could have grown off its own balance sheet, although he noted that having
the capitalization and backing sends a signal to the market and in particular to larger organizations
of its stability and staying power. Currently, One Trust has around 3,000 customers across 100
countries and 1,000 employees, and the plan will be to continue to expand its reach geographically
and to more businesses. Funding will also go towards the company's technology. It
already has 50 patents filed and another 50 applications in progress securing its own IP in the
area of privacy protection, end quote.
When it comes to music streaming, don't sleep on Amazon.
According to the Financial Times, Amazon's Music Unlimited service is adding subscribers faster
than rivals such as Spotify and Apple Music, quoting the Financial Times.
The number of people subscribing to Amazon Music Unlimited has grown by about 70% in the past year,
to people briefed on its performance. In April, Amazon had more than 32 million subscribers to all
its music services, including unlimited and prime music. By contrast, Spotify, the world's largest
streaming service with 100 million subscribers is growing at about 25% a year. Quote, Amazon is the
dark horse in music, said Mark Mulligan, an analyst at Media Research. People don't pay as much
attention to it as Apple and Spotify, but it's been hugely effective, end quote. The secret to Amazon's
maybe success, according to the Financial Times, it's the ubiquity of Amazon's Alexa platform,
which offers Amazon's music streaming services as a default option.
Plus, there's the cost factor.
Amazon music is $10 a month, but only $8 a month if you're a prime member, and only $4 a month
if you only listen on an echo speaker.
Another scoop from the information again today, sources are telling it, that e-scooter
startup bird lost around $100 million.
in the first quarter of this year, on revenue of only about $15 million.
And sources are saying that Byrd only has about $100 million in cash left on hand,
even after raising more than $700 million over about 18 months.
Quoting from the piece,
it's well known that scooter companies struggle in the colder months of the year,
but the depth of Byrd's problems hasn't been previously reported.
Now the company that unleashed the global scooter craze is trying to raise hundreds
of millions of dollars more in venture capital by convincing investors that it has started to
turn around, recording what one person familiar with the figures said was double-digit
revenue growth each month since February. Prominent in its pitch is previously unreported internal
data obtained by the information that aims to show Byrd's new scooters are durable enough so that
each ride makes money. Bird insisted it has turned a corner. It says it has been slashing the cost
it has to pay per ride to repair, charge, ensure, and replace its vehicles. That's largely because
the vehicles are heavier and made of new types of components that make them more difficult to steal.
The progress is renewing optimism among some current investors. The company is projecting
solid growth in the summer months when it expects to break even, excluding capital expenditures.
Bird has been having conversations with investors about raising more money for several months,
people familiar with the matter said. It has told potential investors it wants to raise
$200 million to $300 million more by the end of the summer. The company is seeking to raise at a higher
price in its current $2.3 billion post-money valuation, which it attained last summer after less
than a year of existence. Since then, when it was able to increase its valuation from $1 billion to
$2 billion in just a few weeks between deals, the investment frenzy has cooled, end quote.
The SEC has approved the first ever regulated token offering, giving the go-ahead to blockchain
startup block stack to offer $28 million in tokens under Regulation A-plus. An alternative,
to IPOs, quoting the block.
Reg A-plus is a fast-track for smaller companies to publicly raise money
with less strenuous accounting and disclosure standards than a regular initial public offering requires.
Even so, Blockstack founder Munib Ali told the Wall Street Journal
that the process is still very long and costly since the SEC had to devise a brand-new
protocol for token offerings under Reg A-plus, something the regulator had never done before.
recent poor performances and fraud concerns surrounding some of the reg a plus IPOs have discouraged
NASDAQ and the New York Stock Exchange from reg Aplus listings.
Against this backdrop, having the SEC's approval on a reg a plus token offering may shed light on a new path for blockchain companies to raise funds under regulation, according to Blockstack.
Blockstack is a blockchain builder that has raised $47 million through a previous token offering under Reg D, a different provision that does not require SEC approval but is
only limited to accredited investors. In comparison, reg A-plus is open to all companies and individuals
adding its value as the financing accelerators for smaller firms. Well, get ready for it because as we
vault over the hump of summer, it's getting to be that season again, the prime iPhone rumor season.
Part of the fun of the roll-up to a new iPhone event is tracking all the things people are expecting
or wanting from a new device and then using those expectations to measure how jazz
people actually are when they find out what they're actually getting. Well, good old Ming Chi
Kuo is out with a note to investors with some interesting prognostications, but not about this
year's upcoming iPhone, but about next years. Quo says the 2020 iPhone will include a smaller
true-depth camera, which would allow Apple to reduce the size of the notch at the top of the
screen or maybe even eliminate it, question mark. Also, the rear-facing camera will have a seven-piece
lens system. But let's come back to that notch. Again, is the notch on the way out? Bottom line is
that Quo says the design of next year's handset will likely change on a fundamental, not incremental
level, quoting Apple Insider. Whether the redesign is in some way related to the removal of iPhone's
notch is unclear. The report is short on detail and does not specifically state that Quo's note
predicts a switch away from the design heralded by the iPhone 10 and carried on with the iPhone 10S
and 10R. Considering the current state of technology and recent rumors, a decrease in notch size is
more likely than its outright removal. The company is working on a number of solutions to the
notch issue, including camera and optics technology capable of operating under, more accurately
through a smartphone's screen. Quote's predictions are more conservative than those of a
Credit Suisse analyst referenced in the report. According to the Business Times, Credit Suisse channel
checks presented at the Mobile World Congress Shanghai exhibition this week show Apple's screen
suppliers are developing full-screen displays without cutouts. Activity, the research firm believes,
will lead to a notchless iPhone as soon as next year. By 2021, Apple will ultimately move to an optics-based
full-screen fingerprint recognition technology similar to products employed by high-end Android handset makers,
Credit Suisse said. The next iPhone might feature both a next generation, full-screen touch ID
solution alongside an underscreen true-depth camera, end quote. That's all for today. Quick reminder,
that you should head over to firesidecomf.com slash ride to sign up to join me in Canada at the
fireside conference in September. That's firesidecomf.comf.com slash ride. And that's about it today.
Actually, not an insanely hot day here. So I think I'm going to try to jog home tonight instead of
taking the train. Little mental health break for me for about an hour. Talk to you tomorrow.