The UpStream

Everyone in the United States knows Viacom, whether they recognize the name or not. Viacom owns networks like MTV, Comedy Central, and Nickelodeon. The company, or more specifically the brand name, has had a long and bizarre history with broadcast company CBS. Viacom started out as CBS Films and was the syndication wing of CBS. It became Viacom (short for Video & Audio Communications) in 1970 and became its own, independent corporation in 1971. In 1999, Viacom acquired CBS through parent company Westinghouse Electric Company, making Viacom the new parent. In 2006, Viacom became CBS Corporation, and a new company, called Viacom, was created, to offload business that CBS no longer wanted.

This week, the two companies have agreed to once again become one in a merger that would create a media company worth roughly $30 billion. The new entity will be called ViacomCBS, putting the Viacom brand out front again. During a call with analysts, representatives from the companies said that the move was intended to help brands owned by both entities to better compete in the changing media landscape. In particular, they hope that the move will beef up their "direct-to-consumer" offerings, which the rest of us would call their online streaming.

Together, the merged company would own CBS All Access, SHOWTIME ANYTIME, Pluto TV, Noggin, and more. They are hoping that introducing kids' programming from the Nickelodeon brands into CBS All Access will help drive subscriptions, which have languished without many must-see programs.

The merger will still require regulatory approval, but the companies seem confident they will receive it quickly. In fact, they believe that the deal will be finalized before the end of the year. CBS shareholders will own 61% of ViacomCBS, but Viacom's head, Bob Bakish, will be President and CEO, while CBS's head, Jow Ianniello, will be Chairman of the corporation and CEO of CBS.

One of the hardest things to do online these days is protecting your privacy. Between tracking cookies, Facebook pixels, and the like, it can be difficult to keep websites from following you across the web. Incognito mode in your browser does an okay job of hiding your activity by preventing the cookies. Tools like PureVPN allow you to obfuscate your browsing history by adjusting your IP address, and even your global location, as you browse. Other tools, such as Tor, create an untraceable route to hide your activities. While there are certain ways to identify some users, these processes do a good job for most users.

However, another security tool created a scenario that made tracing user activity incredibly easy. Since 2015, Kaspersky Anti-Virus has injected a small block of JavaScript into every page you visit in an attempt to identify safe links on pages, including search results. However, the code included a unique identifier, making it very easy for a website to read the injected JavaScript and identify the user. The UUID was consistent across browsers, including Chrome, Edge, and Firefox, and was present even in incognito mode. That means that switching browsers or entering incognito did not prevent the ability to track.

The issue was discovered by Ronald Eikenberg, a reporter for c't, who published the story after Kaspersky was alerted to the problem. Kaspersky removed the code in an update released in June of this year, and they alerted users through a security advisory a month later. A statement from the company said,

Kaspersky has changed the process of checking webpages for malicious activity by removing the usage of unique identifiers for the GET requests. This change was made after Ronald Eikenberg reported to us that using unique identifiers for the GET requests can potentially lead to the disclosure of a user's personal information.

After our internal research, we have concluded that such scenarios of user's privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process.

We'd like to thank Ronald Eikenberg for reporting this to us.

Despite the company's belief that it was unlikely to be exploited, it is a fairly simple and financially rewarding process. If this had been discovered by others before this disclosure, it would have been easy to build a full browsing history for a unique user, which could have high value for marketers. It would also have been far more precise and less cumbersome than scanning the installed fonts, extensions, and configuration, which can also be used to identify some users, but not most, as the average user doesn't add fonts or extensions, or even change browser settings.

At the beginning of the month, popular Twitch streamer Tyler "Ninja" Blevins announced that he would be leaving his home of 8 years on Twitch to exclusively stream on Microsoft's Mixer platform. He was streaming the next day on Mixer, leaving his Twitch channel offline for the first time in a while. Ninja did a great job of keeping the transition smooth and professional, never saying anything bad about his former home because he had nothing negative to say. He had been happy on Twitch, but Microsoft made him an offer he couldn't refuse.

Twitch, on the other hand, did not treat the situation with the same level of professionalism. Unlike other channels, whose page shows previous streams and the ongoing chat for the user, Twitch changed Ninja's offline profile to promote other channels. The page showed the most popular active streams under the "Fortnite" category, which is the game that made Ninja a household name.

While that is already disrespectful to Ninja and his fans, what came next was worse. The top suggested stream listed on Ninja's page at one point was pron. It is important to remember that many of Ninja's biggest fans are children, making this even more disturbing. In response, Ninja tweeted out a video apology for a situation that he did not create, saying,

We haven't said anything bad or negative about Twitch, obviously, because there really hadn't been any reason to. Over the past couple of days there have been some things that have been going on that, you know, we let slide. They were kind of annoying. Little jabs, we felt like, but it didn't matter. We wanted to stay professional. But now, if you go to Twitch.tv/ninja, they advertise other channels. They don't do this for anyone else that's offline, by the way - just me. And there are also other streamers who have signed with other platforms whose stream and channel still remains the same. You can see their VODs, they don't promote other streams, they don't promote other popular channels. But they do on mine. I've been streaming for eight years to build my brand and build that channel: 14.5 million followers. And they were still using my channel to promote other streamers.

He goes on to discuss the porn incident, apologizing for the incident, and showing his frustration because he has no say in what is being shown attached to his name. Shortly after, Twitch CEO Emmett Shear sent his own series of tweets discussing the incident, stating,

Our community comes to Twitch looking for live content. To help ensure they find great, live channels we've been experimenting with showing recommended content across Twitch, including on streamer's pages that are offline.

This helps all streamers as it creates new community connections. However, the lewd content that appeared on the @ninja offline channel page grossly violates our terms of service, and we've permanently suspended the account in question.

We have also suspended these recommendations while we investigate how this content came to be promoted.

On a more personal note, I apologize want to apologize directly to @ninja that this happened. It wasn't our intent, but it should not have happened. No excuses.

Since the incident, Twitch has reverted Ninja's channel to a standard offline page, but it has brought up a long-standing issue with Twitch regarding their inconsistent rules enforcement. While there is an explicit content policy, it tends to apply less to popular female channels than it does to others. But, as Ninja points out,

his wouldn't even have been an issue if they didn't use my channel to promote others in the first place...

In 2016, the European Union decided that Ireland had not charged Apple enough in taxes, and demanded that Ireland collect an additional 13 billion euro (or roughly $14.4 billion) in "back taxes." This would be far from the first time a company, especially a tech company, was accused of avoiding taxes. For example, Bernie Sanders believes that Amazon has skirted tax law in the United States. However, this might be the first time that the country in question believes that the company paid what they were supposed to.

In this case, Ireland is on Apple's side, not the side of the EU. In fact, the Irish government will be heading to court with Apple to argue against the EU's imposed penalties over Apple paying exactly what the country asked them to pay. The EU has essentially argued that Apple has an unfair advantage in Ireland, where the company houses its European headquarters.

Publicly, the issue revolves around how Apple reports profits. Since the company's European headquarters are in Ireland, they report the profit from their various divisions within Europe through their corporate office. This allows them to pay 3.8 percent on their European profits. However, the EU believes that the amount collected should be reflective of the countries in which the company operates, including design and manufacturing.

In 2016, the Obama administration claimed that the EU was trying to help itself to cash that rightly belongs within the United States' economy. Many in Silicon Valley have argued that it is just one example of many of the jealousy of the EU over constantly losing out on the highly profitable tech market, and trying to rig EU regulations against US companies. This argument has been made many times, often referencing the "Google Tax", which has already claimed services in Europe, like Google News.

Over the last year, there has been a lot of discussion about YouTube and, in particular, the way their Community Guidelines are implemented and enforced. The company has changed its public rules to define what is true, as well as demonetizing videos that don't fit into a particular political or social view. The problem is that, while the rules are usually written clearly, the enforcement is not.

It often seems that the majority of content creators are bound to the published Community Guidelines, the bigger creators are not. The biggest example of inconsistent policy enforcement for big-name content creators has been Logan Paul. Early last year, Paul posed with and seemed to mock a dead body that he found in a forest in Japan, known for suicides, in a video posted to YouTube. The company took two full weeks to respond to the incident, removing him from the Preferred partner program. Afterward, YouTube released new policies and procedures, theoretically preventing the problem in the future. When Paul tazed a rat in another video a few weeks later, the company ignored the policies and removing monetization for 2 weeks, essentially a slap on the wrist.

It has long been believed that YouTube turns a blind eye to what the big creators do until criticism no longer allows them to pretend they didn't know. According to The Washington Post, who interviewed current and former content moderators for YouTube, this is exactly what happens. One former moderator told the Post,

Our responsibility was never to the creators or to the users. It was to the advertisers.

That should be a surprise to no one. YouTube is owned by Google, which is an advertising company through and through. Everything they do is intended to increase eyeballs and advertising returns. If a content creator creates popular videos, they will attract more advertising dollars, even if they push the boundaries.

Facebook has definitely become the face of the online privacy debates in the past few years. The biggest issue for the company came about with Cambridge Analytica, a company that accessed the Facebook API and gathered and stored information on users who had used the company's apps. Essentially, this was done by promoting the "which character from *random 90s show* are you" type "games" which ask for permission to access certain profile data. From there, the company stored that information and used it for advertising purposes. While this is a massive breach of both user privacy and Facebook data policies, Facebook didn't act on knowledge of the behavior until it became public. Cambridge Analytica is far from the only data breach at Facebook, however.

Now, Facebook-owned Instagram is beginning to see similar issues with companies accessing the brand's API, as well as scraping data from the app and website. Hyp3r, which markets itself as "the award winning location-based marketing platform" was banned from Instagram this week for violating Instagram's data collection and storage policies. In particular, the company scraped data from profiles and posts to identify user locations, which fed its marketing platform. Hyp3r CEO Carlos Garcia told Business Insider,

Hyp3r is, and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online.

The problem with that argument is that, even though data is being made publicly viewable, does not mean that the data is legally permitted to be scraped or stored by third-parties. Instagram does not generally allow any external storage of user data, no matter how it is obtained. According to an Instagram spokesperson,

Hyp3r's actions were not sanctioned and violate our policies. As a result, we've removed them from our platform. We've also made a product change that should help prevent other companies from scraping public location pages in this way.

The change mentioned is small but significant. Hyp3r had gotten a lot of their data from Instagram's Locations page, which shows photos from public user profiles that are tagged to a location. Previously, this page was available to everyone, but now it will require a user to be logged into their Instagram account to access the data. This should allow the company to monitor who is pulling large amounts of location data and take action.