Start Up: Roku’s ambition, Dropbox to IPO, can you hack Aadhaar?, Russia’s new Olympic sport, and more

Does the NFL really have a “moat” that keeps viewers loyal and pulls in new ones too? Photo by Keith Allison on Flickr.

A selection of 10 links for you. Isn’t that something? I’m @charlesarthur on Twitter. Observations and links welcome.

Roku transforms from tech startup to TV streaming powerhouse • Variety

Janko Roettgers:


Roku is also getting ready to significantly expand its hardware business. Just last week the company announced an expansion into the home audio space. For this, Roku is once again teaming up with consumer electronics brands, which will license the company’s technology to build smart sound bars and speakers with integrated voice control. Roku-powered speakers will work together throughout a consumer’s home, capable of playing the same song synchronized in every room.

Smart, internet-connected speakers are not a new idea. Forrester Research recently estimated that 15 million U.S. households already owned a smart speaker by the end of 2017, and Amazon was expected to once again sell millions of its Echo devices over the holidays. Google has aggressively been pushing its own speakers; Sonos has been transitioning to voice-controlled devices; Apple is about to unveil its HomePod. Samsung, Microsoft and others are pushing into the market as well. “There are already too many smart speakers,” says Internet of Things expert Stacey Higginbotham.

Roku is betting it will have a chance to succeed in the market by making its own products TV-centric. “We see TVs as the central part of a growing home entertainment network,” explains the company’s VP of product, Mark Ely.

Roku has been investing heavily in research and development in this new growth area, acquiring Danish multi-room audio start-up Dynastrom in November for $3.5 million, as Variety was first to report. Roku even built its own smart assistant, meant to compete head-to-head with Amazon’s Alexa, Apple’s Siri and Google’s Assistant, thanks to an emphasis on media consumption. “We are an entertainment company,” says Ely. “An assistant has to be really great at entertainment.”


That market share figure – from US broadband households, 1Q 2017 – is surprising: I’d have expected Google to have a much larger share.
link to this extract

Dropbox files confidentially for US IPO • Bloomberg

Alex Barinka:


Dropbox Inc., the file-sharing private company valued at $10 billion, has filed confidentially for a U.S. initial public offering, people familiar with the matter said.

Goldman Sachs Group Inc. and JPMorgan Chase & Co. will lead the potential listing, according to the people, who asked not to be identified because the filing wasn’t public. Dropbox is talking to other banks this month to fill additional roles on the IPO, the people said. The company is aiming to list in the first half of this year, one of the people said.

Representatives for Dropbox, Goldman Sachs and JPMorgan declined to comment.

A share sale by San Francisco-based Dropbox, one of a closely watched group of high-profile private tech companies with multibillion-dollar valuations, would follow Snap Inc.’s disappointing step into the public markets. How the stock fares post-listing will be an ongoing focus for both Wall Street and the tech community. Snap shares are down 15% from its IPO last March.


What do we expect from this? Higher prices, less free storage, more insistent upsells?
link to this extract

Is India’s Aadhaar system really “hack-proof”? Assessing a publicly observable security posture • Troy Hunt


UIDAI is the Unique IDentification Authority of India and they run the Aadhaar project. Their statement echoes comments made around this latest incident that espouse the complete security of the system: “The Aadhaar data, including biometric information, is fully safe and secure”.

Here’s the issue I (and many others) have with these statements and I want to make it crystal clear:
Security is not a boolean proposition. It’s not “secure” versus “insecure”, “safe” versus “unsafe”, rather it is a spectrum of controls that all contribute to an overall security posture. There is no “fully”, there is no “completely”; every system – every single one – has weak points and a sufficiently well-equipped and determined adversary will find them.

It’s the hubris of the UIDAI’s statements which is the most worrying and it neglects so many of the highly sophisticated precedents that have come before the current situation. Precedents like Stuxnet, created by the US and Israeli governments to damage the Iranian nuclear program by targeting air-gapped centrifuges via 4 previously unknown “zero-day” flaws. That’s almost a cliched example to pull out these days, the point is simply that where there is sufficient will and resources, any information system can be compromised.

But let’s get back to that original tweet and the question therein: “Can you prove otherwise?” I certainly wouldn’t want to be the person probing away at Aadhaar in an unauthorised fashion in order to prove otherwise (although make no mistake, many people are), but per the title of this post, there are many publicly observable things I can easily draw attention to. To be crystal clear, none of this is “hacking”, it will merely involve looking at how the system responds to legitimate requests and observing the gap between what it does at present and what it ideally should do.


Lengthy post. It’s not certain that Aadhaar can be hacked, but one tends to think that where there’s a will – and 1.2bn user records – there’s a way.
link to this extract

Uber’s secret tool for keeping the cops in the dark • Bloomberg

Olivia Zaleski and Eric Newcomer:


In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies Inc.’s office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event.

Like managers at Uber’s hundreds of offices abroad, they’d been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.

Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies.


The tool is called Ripley:


From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven’t been previously reported.

The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected visitor protocol.


In the words of Matt Stoller: “Uber often looks like a criminal conspiracy that happens to run a ride-sharing service.”
link to this extract

Beware the lessons of growing up Galapagos • Remains of the Day

Eugene Wei:


If I weren’t in two fantasy football leagues with friends and coworkers, I would not have watched a single game this season, and that’s a Leftovers-scale flash-forward twist for a kid who once recorded the Superbowl Shuffle to cassette tape off a local radio broadcast just to practice the lyrics.

If you disregard any historical romantic notions and examine the typical NFL football game, it is mostly dead time (if you watch a cut-down version of a game using Sunday Ticket, only about 30 minutes of a 3 to 3.5 hr game involves actual game action), with the majority of plays involving action of only incremental consequence, whose skill and strategy on display are opaque to most viewers and which are explained poorly by a bunch of middle-aged white men who know little about how to sell the romance of the game to a football neophyte. Several times each week, you might see a player hit so hard that they lie on the ground motionless, or with their hands quivering, foreshadowing a lifetime of pain, memory loss, and depression brought on by irreversible brain damage. If you tried to pitch that show concept just on its structural merits you’d be laughed out of the room in Hollywood.

Cultural products must regenerate themselves for each successive age and generation or risk becoming like opera or the symphony is today…

…I don’t trust a bunch of rich old white male owners who grew up in such favorable monopolistic conditions to both understand and adapt in time to rescue the NFL from continued decline in cultural relevance. They are like tortoises who grew up in the Galapagos Islands, shielded on all sides from predators by the ocean, who one day see the moat dry up, connecting them all of a sudden to other continents where an infinite variety of fast-moving predators dwell.


link to this extract

Apple’s indirect presence fades from CES • Tech.pinions

Ben Bajarin:


It is easy to say that because Apple was never present at CES that the show didn’t mean something to them or their ecosystem. It is easy, and correct to say that CES was not, or never was, a measure of the health of Apple’s products. It is, however, incorrect and dangerous to miss that CES had been, for some time, a barometer for the health of Apple’s ecosystem.

As I mentioned, our ability to measure any platforms ecosystem from what we observe at CES, is the main reason so many are paying attention to what is happening with Amazon’s Alexa platform. Google Assistant is certainly more present than it was last year, however, when you look at how third parties are talking about-and marketing-their support of these assistants they are putting significantly more effort into talking about Alexa than Google Assistant. Which is a telling signal. Again, to reiterate this point, third parties used to market, and spend energy talking about their integration with iOS or support of iPhone/iPad with the same rigor they are now talking about Amazon’s Alexa. This can not be ignored.

As I outlined, with the two scenarios for Amazon’s Alexa, one could take a position that this is short-lived, and the dust will settle once Apple enters the market with HomePod and you will see more partners and third parties start talking more about HomeKit than anything else. For Apple’s sake, I would love for this to happen but I don’t see it unless Apple’s makes some changes to where Siri can be integrated outside of Apple first-party hardware.

With all of that being said, I am noticing a bit more support of HomeKit this year vs. last and with Apple’s recent pivot surrounding HomeKit requirements which required a dedicated security chip from Apple that now allows that security and authentication to be done in software, I do expect even more HomeKit support next year.


Certainly it used to be true that you’d go to CES and it would be iPhone accessory this, iPad case that. Now apparently it’s all Alexa this, Alexa that. So he has a point. Where’s consumer electronics going now?
link to this extract

Dear Google: please stop using my advertising dollars to monetize hate speech • Quartz

John Ellis:


My company sponsors online hate speech, fake news and racist propaganda. It’s not that we are trying to—and given the small budget of the engineering company I run, my contribution may only amount to pennies a month. But in total, online advertising accounts for tens of billions of dollars annually, so even tiny percentages mean millions of dollars directed from the bank accounts of advertisers to the pockets of Holocaust deniers, Sandy Hook hoaxers and promoters of vile, racist content.

The reason advertisers like me inadvertently sponsor and monetize hate speech is that ad-tech companies like Google have partnerships with publishers who allow and promote this type of content. And unless advertisers proactively identify and block objectionable sites as I try to do, their ads may appear there.

(Editors Note: In the time since Quartz first reviewed this article for publication, some of the sites pictured below have stopped running advertising, but similar sites have cropped up running the same juxtapositions of hate speech and advertising delivered via Google products.)


Whack-a-mole on both sides.
link to this extract

Russia, banned from the Winter Olympics, apparently is hacking Olympic emails • Buzzfeed

Kevin Collier:


The origin of the emails is unclear. Some of the emails, which date from late 2016 to spring 2017, appear to be between IOC employees and third parties discussing the Russian doping conspiracy.

“These emails and documents point to the fact that the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world,” “Fancy Bears” said in its posting, though it’s unclear how the emails are meant to support that claim. Some of the emails’ contents are encrypted and are therefore illegible.

The IOC declined to comment on the “Fancy Bears” post or to verify that the emails are authentic, telling BuzzFeed News that “we do not comment on leaked documents.” WADA has not disputed the validity of any of the hacked documents previously attributed to the organization.

One of the people whose emails appear in the leak, and who is specifically named on the “Fancy Bears” website, is Colorado lawyer Richard Young, who helped WADA draft new anti-doping rules and worked to create a so-called “independent person” report for WADA on the doping allegations.

Young told BuzzFeed News he was unaware of the “Fancy Bears” activity, but said that a September 2016 email included in the dump sounded authentic to him when read over the phone.

“It’s no great revelation that I was involved in the IP investigation. I’m named in it,” Young laughed. “I think it’s somewhere in the first five pages that my role is explained.”

The original WADA hack occurred in late summer 2016, as allegations that Russian athletes had been caught participating in a vast and elaborate blood doping conspiracy were gaining international attention.


They should enter the Hacking Olympics. Venue: the internet. (Though these antics only go to strengthen the idea that Fancy Bear were behind the hacks of US organisations hostile to Russia, such as the Democratic party and Hillary Clinton’s campaign manager’s personal account.)
link to this extract

UCL to investigate eugenics conference secretly held on campus • The Guardian

Kevin Rawlinson and Richard Adams:


University College London has launched an urgent investigation into how a senior academic was able to secretly host conferences on eugenics and intelligence with notorious speakers including white supremacists.

The London Conference on Intelligence was said to have been run secretly for at least three years by James Thompson, an honorary senior lecturer at the university, including contributions from a researcher who has previously advocated child rape.

One prominent attendee at the conference in May last year was Toby Young, the head of the government-backed New Schools Network, who ran into controversy over efforts to appoint him as a university regulator…

…Young, in a speech to a similar conference in Canada last year, described the extreme measures that Thompson employed to keep the conference a secret.

“Attendees were only told the venue at the last minute, an anonymous ante-chamber at the end of a long corridor, called ‘lecture room 22’, and asked not to share this information with anyone else.

“One of the attendees, on discovering I was a journalist, pleaded with me not to write about the fact that he was there – he didn’t want his colleagues to find out,” Young said.

“But these precautions were not unreasonable, considering the reaction that any references to between-group differences in IQ generally provoke.”

Previous attendees included Richard Lynn, whom the US-based research group Southern Poverty Law Center labelled an “unapologetic eugenicist”, and the blogger Emil Kirkegaard, who has written supportively about pedophiles being allowed to have “sex with a sleeping child”.


Young has written vaguely in favour of eugenics for those deemed “low IQ”. You might say – what’s the harm in a university, meant to be a temple to ideas, hosting a conference on even a controversial idea like this, when we freely talk about CRISPR potentially improving our genetic profile? The problem is that eugenics is about *removing* people from the future population; it’s totalitarian, in that sense. CRISPR is about optionally choosing improvements.

It’s a subtle but important difference. Ask the parents of a disabled child if they’d want the child never to have been born: they’ll not take that option. (Which is eugenics.) Ask them if they’d want the child to have been born without disability; they’ll probably – but not always – say yes, while recognising it’s just a wish. That Young apparently can’t recognise that difference, and finds himself with fellow travellers of questionable morals, is disturbing.
link to this extract

We found a deleted page that reveals the paparazzi roots of Kodak Coin • Ars Technica

Timothy Lee:


The evidence strongly suggests that Kodak Coin is the re-branding of an initial coin offering called RYDE coin that never got much attention and was apparently aborted days before Kodak Coin was announced. Until recently, the project had a page on the crowdfunding site Start Engine. The page is no longer there, but Google cached a copy of the site on January 3. [At the time, the project had attracted 10 backers who had pledged a total of $875.]

As recently as last week, RYDE coin was being pitched as a way of expanding the licensing business of its creator, paparazzi photo company WENN Media. Now the RYDE page has disappeared, and WENN Media’s parent company, WENN Digital, has partnered with Kodak to create a blockchain platform that sounds a lot like RYDE—except that there’s no mention of celebrity photographs.

We’ve asked both Kodak and WENN about the connection between RYDE coin and Kodak Coin, and we will update the story if we hear back…

…What’s WENN Digital? A spokesman told Ars that WENN Digital is a new company that has acquired UK-based WENN Media, which describes itself as a “celebrity and entertainment news agency.”

“WENN can offer you an opportunity to join our worldwide team of top paparazzi snappers,” the “About Us” section of says.


So basically it’s sticking the Kodak name on a paparazzi project. Also, the “Kodak Coin” won’t make money for anyone who “mines” it, as David Gerard – whose book “Attack of the 50 Foot Blockchain” is hilarious in its dissection of the fantasies and fantasists around this topic – explains. It’s a mess, but then everything Kodak has done for years is a mess.
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.