Tech Brew Ride Home - Thu. 08/11 – Disney Half (Plus Ads)

Episode Date: August 11, 2022

Disney embraces inflation because it kind of has to. How Facebook and Instagram are sneakily still tracking you, even after Apple’s ATT changes. The FCC has rejected SpaceX for a big rural broadband... deal. And where the teens are hanging out online, these days. You kind of know the answer, but the data is still interesting. Sponsors: MacGeekGab.com Storyblok.com/ridehome Links: Disney+ Ad Plan Price and Launch Date Set — Along With Fee Hikes for Disney+ Premium, Hulu (Variety) Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (BleepingComputer) CISA warns of Windows and UnRAR flaws exploited in the wild (BleepingComputer) iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Felix Krause) FCC denies Starlink’s application for $885M subsidy (TechCrunch) Ethereum's final proof-of-stake 'test merge' is live on Goerli (The Block) Teens, Social Media and Technology 2022 (PEW Research Center) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Thursday, August 11th, 2020. I'm Brian McCalla today. Disney embraces inflation because it kind of has to. How Facebook and Instagram are sneakily still tracking you even after Apple's ATT changes. The FCC has rejected SpaceX for a big rural broadband deal and where the teens are hanging out online these days. You kind of know the answer, but the data is still interesting. Here's what you miss today in the world of tech. Disney has announced Disney Plus Basic. It's ad-supported tier for $7.99 per month launching in the U.S. on December 8th. If you're scratching your head at that price, note that to celebrate this arrival or maybe to justify it,
Starting point is 00:01:20 Disney also raised the ad-free price from $7.99 per month to $10.99. Quoting variety. It's also going to raise rates for Hulu, both ad-supported and ad-free versions, and introduce new Disney bundle options. Disney Plus Basic, which is the name of the plan with ads, will launch December 8th in the U.S. for $7.99 a month. That's the price of the current ad-free version of Disney Plus, which at the time will bump up to $10.99 per month, a 38% increase and will be known as Disney Plus premium. The ad-supported version of Disney Plus will include all the same content that is available in the ad-free tier, although some titles may not run advertising according to the company. Disney Plus Basic will launch with about four minutes of ads per hour.
Starting point is 00:02:08 It will start with 15 and 30 second spots, but will expand to a full suite of ad products over time. Disney advertising sales president Rita Farrow said in an investment conference this spring. Disney Plus with ads will not accept political or alcohol ads, nor will it run ads in kids' profiles or against preschool programming. The company expects that the majority of Disney Plus customers will opt for the cheaper ad-supported plan over time, similar to Hulu, which has two-thirds of its subscriber base on the ad-supported plans. The strategy appears aimed at mitigating Disney Plus subscriber irritation over the price hike on the no-ads plan and the inevitable cancellations with the intro of Disney Plus Basic at the same price point, albeit with ads stuck into the mix.
Starting point is 00:02:51 Meanwhile, as of October 10th, Disney will increase the price of Hulu with ads from $699 to $7.99 per month, while the ad-free tier will go from $12.99 to $14.99 per month. the Disney bundle in the U.S., Hulu with ads, Disney Plus, no ads, and ESPN Plus will go from 1399 to 1499 per month, the premium version of the bundle Hulu with no ads, Disney Plus with no ads, ESPN Plus will remain at 1999 per month, end quote. By the way, during earnings yesterday, Disney announced that it hit 221.1 million global streaming subscribers in Q3, thereby surpassing Netflix's 220.7 million global subscribers. Disney Plus had 152.1 million subscribers. Hulu had 46.2 million, and ESPN Plus had 22.8 million.
Starting point is 00:03:40 Note this, however, quoting variety. The value of those subscriber bases is much different. Domestically, for example, Disney Plus generated about 39% as much revenue per subscriber as Netflix for the second calendar quarter, a measure referred to in the finance world as Arpoo, average revenue per user, and overseas, the contrast is even starker. Disney Plus, Hot Star, which is available in India and other Southeast Asian countries, and represents 38% of the overall Disney Plus customer base had an ARPU of $1.20 per month for the quarter ended July 2nd, while Netflix had an ARPOO of $8.83 per month for the Asia-Pacific region. When Disney Plus first launched in November 2019, it rapidly amassed market share by pricing the
Starting point is 00:04:24 streamer at the low, low price of $6.99 a month. That was nearly half Netflix's standard plan at the time. But that low entry point has meant Disney's flagship streamer makes less money than Netflix, the historical category leader. For the three months ended July 2nd, Disney Plus domestic Arpoo, U.S. and Canada, was $627 per month, a 5% decline from the year earlier, likely the result of a skew toward the Disney bundle and inclusion of Disney Plus and ESPN Plus in Hulu's live TV package. That's compared with Netflix, which reported in Arpoo of $15.95 per month in the U.S. Canada region, for Q2 up 10% due to price increases, end quote.
Starting point is 00:05:06 And thus, the price increases for Disney. This is maybe the biggest ransomware scalp of all time, or I don't know, I can't keep track of it all, but Cisco has been forced to confirm the Yan-Lau-Wang Ransomware Group breached its network in May of 2022. Yan-Lau-Wang claimed to have stolen 2.7 gigabytes of data or around 3.1,000 files including nondisclosure agreements, quoting bleeping computer. The company revealed that the attackers could only harvest and steal non-sensitive data from a box folder linked to a compromised employee's account.
Starting point is 00:05:49 The Yan-Lau-Wang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication, push notifications through MFA fatigue, and a series of sophisticated voice fishing attacks initiated by the Yan-Lau-Wang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user.
Starting point is 00:06:21 Once they gained a foothold on the company's corporate network, Yan-Lau-Wang operators spread laterally to Citric servers and domain controllers. Cisco also said that even though the Yan-Lau-Wang gang is known for encrypting their victim's files, it found no evidence of ransomware payloads during the attack. The Yan-Lau Wang Gang has also claimed to have recently breached the systems of American retailer Walmart, who denied the attack, telling Bleeping Computer that it found no evidence of a ransomware attack, end quote. Also from Bleeping Computer heads up on this, Microsoft and CISA, are warning users about
Starting point is 00:07:00 Dog Walk, a now patched actively exploited RCE vulnerability in Windows 7, Windows 10, Windows 11, and server 2008 through 2022. Quote, Both security issues have received a high severity score in our directory, traversal vulnerabilities that could help attackers plant malware on a target system. Officially tracked as CVE 2022-34713
Starting point is 00:07:24 and informally referred to as Dogwalk, the security flaw in MSDT allows an attacker to place a malicious executable into the Windows startup folder. Successful exploitation requires user interaction an obstacle easy to surpass through social engineering, especially in email and web-based attacks. Microsoft says in an advisory today, quote, in an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website or leverage a compromise website
Starting point is 00:07:58 that accepts or hosts user-provided content containing a specially crafted file designed to exploit the vulnerability, end quote. Today I learned that when you open links inside of Facebook or Instagram in the iOS apps, they open inside a custom in-app browser, which therefore lets meta-track every interaction, including the entering of passwords. Quoting KrausFX, the iOS, Instagram, and Facebook app render all third-party links and ads within their app using a custom in-app browser. This causes various risks for the user with the, the Hrowsefx.
Starting point is 00:08:39 host app being able to track every single interaction with external websites from all forum inputs like passwords and addresses to every single tap. Links to external websites are rendered inside the Instagram app instead of using the built-in Safari. This allows Instagram to monitor everything happening on external websites without the consent from the user nor the website provider. The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them to monitor all user interactions like every button and link tap. text selection screenshots as well as any form inputs like passwords, addresses, and credit card numbers. Instagram is purposely working around the app tracking transparency permission system,
Starting point is 00:09:20 which was designed to prevent this exact type of data collection. With 1 billion active Instagram users, the amount of data Instagram can collect by injecting the tracking code into every third-party website opened from the Instagram and Facebook apps is a staggering amount. With web browsers and iOS adding more and more privacy controls into the user's hands, it becomes clear why Instagram is interested in monitoring all website traffic of external websites. I don't have a list of precise data. Instagram sends back home. I do have proof that the Instagram and Facebook app actively run JavaScript commands to inject an additional JSSDK without the user's
Starting point is 00:09:57 consent, as well as tracking the user's text selections. If Instagram is doing this already, they could also inject any other JS code. The Instagram app itself is well protected against human-in-the-middle attacks, and only by modifying the Android binary to remove certificate pinning and running it in a simulator, I was able to inspect some of its web traffic, end quote. The FCC has rejected SpaceX's application for an $885 million subsidy to provide Starlink broadband internet service to rural Americans over 10 years after tentatively approving such a deal back in 2020, including TechCrunch. The agency said SpaceX and another company initially awarded $1.3 billion had, quote, failed to demonstrate that the providers could deliver the promised service, end quote.
Starting point is 00:10:50 The Rural Digital Opportunity Fund is a $9.2 billion long-term effort to subsidize the rollout of Internet service in places where private companies have previously decided it's too expensive or distant to do so. It was one of the most cherished projects of former FCC Chairman Ajit Pai, who, for all his flaws, seemed genuinely concerned with the digital divide. At the time, companies could apply for small or large amounts to provide local or expansive services, and among the big early winners were Starlink and LTD Broadband, which applied for $885 million and $1.3 billion, respectively to provide connectivity to regions in multiple states. Thousands of other applicants made smaller applications to fund more limited operations. Since then, the FCC has been evaluating whether these companies could follow through. In an email to TechCrunch, an FCC spokesperson explained that there was a lot of
Starting point is 00:11:41 of due diligence that needed to happen on both sides. Quote, there were many steps following the initial announcement of winning bidders and a final determination on long-form applications. Winning bidders were required to demonstrate their financial legal and technical ability to provide broadband service and to fulfill public service obligations. These steps were intended to ensure that winning providers could actually deliver the services they signed up to provide and that consumers would benefit from this use of universal service dollars, end quote. LTT broadband, for instance, was, quote, a relatively small fixed wireless provider before the auction, end quote, and its plan to suddenly become a billion dollar operation, practically overnight, didn't pan out. It failed
Starting point is 00:12:19 to get carrier status in seven of the 15 states it had promised to serve, and the FCC determined the company, quote, was not reasonably capable of deploying a network of the scope, scale, and size required by LTD's extensive winning bids, end quote. Sounds like LTD wasted everyone's time, but at least they only wasted their own money. The auction rules prevent a single dime from going out the door until the applicants receive final approval, end quote. Quick note that Ethereum's third and final proof-of-stake test merge is going live on the goerly test network,
Starting point is 00:12:57 a dress rehearsal for the main net merge planned for next month, quoting the block. The move is the final step before the main net merge, which will see Ethereum transition from a proof-of-work consensus to proof of stake. The merge has been eagerly anticipated by crypto developers who hope that it will make the Ethereum network significantly more energy efficient and cheaper to use. At around 9.50 p.m. Eastern Time on Thursday, developers simulated the merge on Gourley and switched from proof of work to proof of stake consensus.
Starting point is 00:13:27 To do so, they had to merge Gourley's code with its proof of stake-based fork called Prater. The task involved node operators from both chains updating their client software in tandem. While the Gourley merge has been activated, the success of the event will be determined after a thorough evaluation of the upgraded network. Over the past few months, the core team already performed the merge on two other test nets, Sepolia and Robsden. These test merge events have served as practice sessions to check whether client software used to run Ethereum nodes like Nethermind, Besu, Geth, and Irrigan, ran normally and without bugs. With the goryly test merge complete, the team has now finished all of their
Starting point is 00:14:06 test merge dress rehearsals. According to the official schedule decided by the Ethereum developer team, the next step will be to perform the full merge on the Ethereum mainnet. This final upgrade is expected to happen in September, end quote. Finally today, click through for a simple chart that will make all this plain, but I'd like it when we get numbers like this to better understand what the kids today are into. Quote, a new Pew Research Center survey of American teenagers ages 13 to 17 finds TikTok has rocketed in popularity since its North American debut several years ago and is now a top social media platform for teens among the platforms covered in the survey. Some 67% of teens say they use TikTok, with 16% of all teens saying
Starting point is 00:14:55 they use it almost constantly. Meanwhile, the share of teens who say they use Facebook, a dominant social media platform among teens in the Center's 2014-2015 survey, has plummeted from 71% then to 32% today. YouTube tops the 2022 teen online landscape among the platforms covered in the center's new survey, as it is used by 95% of teens. TikTok is next on the list of platforms that were asked about in the survey, 67%, followed by Instagram and Snapchat, which are both used by about 6 and 10 teens. After those platforms come Facebook with 32% and smaller shares who use Twitter, Twitch, WhatsApp, Reddit, and Tumblr. Changes in the social media landscape. since 2014-2015, extend beyond TikTok's rise and Facebook's fall. Growing shares of teens say they are
Starting point is 00:15:43 using Instagram and Snapchat since then. Conversely, Twitter and Tumblr saw declining shares of teens who report using their platforms, and two of the platforms the center tracked in the earlier survey, Vine and Google Plus, no longer exist. There are some notable demographic differences in teen social media choices. For example, teen boys are more likely than teen girls to say they use YouTube, Twitch, and Reddit, whereas teen girls are more likely than teen boys to use TikTok, Instagram, and Snapchat. In addition, higher shares of black and Hispanic teens report using TikTok, Instagram, Twitter, and WhatsApp compared with white teens. This survey also explores the frequency with which teens are on each of the top five online platforms, YouTube, TikTok,
Starting point is 00:16:21 Instagram, Snapchat, and Facebook. Fully 35% of teens say they are using at least one of them, quote, almost constantly. Tonight, the usual time, 9 p.m. Eastern, 6 p.m. Pacific, the great Noah Smith, the economics writer of Bloomberg, will be joined. joining Chris and I, so if you want some economics questions answered by an expert, please join us. I'm hoping to get my, are we in a recession or not question answered? Also, if you're familiar with Noah's writing, you know he's extremely Silicon Valley adjacent, so we'll get his take on a whole bunch of things. See you there. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.