The UpStream

Over the last year or so, the European Union has seemed intent on either isolating itself from the rest of the digital world or in crippling the ability of consumers within. GDPR seemed to be the beginning, though the regulations ended up being mostly easy to implement (unless you're using blockchain). They followed it up with copyright laws that could prevent user-generated content sites from operating within the Union.

Their newest attack on consumers comes in the form of what is being referred to as "content quota." This new idea would mean that, if a streaming service operates within the European Union, at least 30% of all of the content available on the platform must be produced within the region. This means that companies like Netflix, which produce content wherever makes the most sense, either for the story, scenery, or budget, will have to make decisions to either move production to the EU (which is unlikely), or remove content from their European services.

Reed Hastings, CEO of Netflix, took the opportunity on the company's quarterly conference call to speak out against the idea. He said that, rather than imposing a penalty for not producing content locally, which will only limit the availability of content, especially in the short-term, the EU would do better to provide incentives to produce content locally. In their release, the company said,

We are heavily investing around the world to share stories broadly and to strengthen local production capacity and opportunity. We'd prefer to focus on making our service great for our members, which would include producing local content, rather than on satisfying quotas, but we anticipate that a regional content quota which approximates the region's share of our global membership will only marginally reduce member satisfaction. Nonetheless, quotas, regardless of market size, can negatively impact both the customer experience and creativity. We believe a more effective way for a country to support strong local content is to directly incentivize local content creators, independent of distribution channel.

Take Atlanta, Georgia, as a great example: 20 years ago, nothing entertainment-based was produced in the city. Today, a lot of television and film projects are produced in and around Atlanta, entirely because of incentives provided by the city. Decades before, Toronto did the same thing, transforming the city into an entertainment hub, thanks to production incentives. Neither of these cities got to where they are because of coercion.

Netflix believes they can satisfy the rules by "evolving our content offering," but what this means is questionable. Luckily, the member countries have a couple of years before enforcement begins, giving the companies involved time to comply.

When Google released version 69 of their Chrome web browser, they introduced a new "feature": if you log into any Google service using the browser, Google will automatically sign you into the browser. This is a small but important change. It means that as soon as you sign in to Gmail or YouTube, all of your browser activity is immediately attachable to you - no more anonymity using Chrome. Geek News Central describes the problem in detail.

Needless to say, privacy groups were immediately concerned about this change. Forced and purposeful removal of privacy from a product as ubiquitous as a web browser is a special kind of problem, for which consumers should definitely be concerned. Fortunately, after privacy groups and tech outlets made a lot of noise, Google quickly agreed to fix the problem. This week saw that fix, which is far less of a fix and more of a joke.

In Chrome 70, Google has added a new setting under "Privacy and security" which allows you to toggle on or off the "Allow Chrome sign-in" capability. Unfortunately, the setting is ON by default, meaning that it is an opt-out feature rather than an opt-in feature. That means that, unless you are aware of the privacy violation, you don't know that you need to turn it off. While this is technically a fix, it is far from what privacy groups or consumers would want. We recommend turning this setting OFF immediately.

In addition to "fixing" their privacy violation, Google has also doubled down on a technology that no one else appears to care about: Progressive Web Apps. These "apps" are nothing more than websites, a rehashing of the failed technology that was Cordova and PhoneGap. This is a technology that Microsoft already supports (the Windows 10 Twitter app, for example). It seems that Google is catching up with Microsoft on web technology, despite the overall disinterest in it from most developers.

A few months ago, Discord announced a game store to compete with Valve's Steam service. This was part of a back-and-forth between the companies, which started with Steam trying to clone Discord's core product: chat. The store launched initially in Canada alone for testing, but this week has grown their market to cover the globe. This means that all of Discord's 150 million users now have access to the curated collection of indie games.

That is what sets Discord's store apart from Steam: while Steam runs its business like Barnes & Noble, Discord intends to be more like your neighborhood bookstore. Content will be curated, with employees having an opportunity to write about why a game is great and why it is in the collection. Think of it like a review site where the reviewers are so committed to their beliefs that they agree to sell the products.

In addition to launching worldwide, the company also announced the initial First on Discord titles. These games will premiere on the Discord store, usually for 90 days, before being made available on other platforms (read Steam). Those titles are AT SUNDOWN by Mild Best/Versus Evil, Bad North by Raw Fury, King of the Hat by Business Corp. Incorporated, Minion Masters by Beta Dwarf, and Sinner: Sacrifice for Redemption by Another Indie. Ben Palevsky, VP of Business Corp Incorporated, said of their partnership with Discord,

Being a First on Discord title is an opportunity to bring King of the Hat directly to our community in the place where we know they spend their time. It's amazing to watch people forge new friendships while playing and for us to connect with that community in real-time in our official server.

On top of the store and First on Discord, the upgraded Nitro service also went live. Rather than the former $5 monthly fee for emotes and other chat features, the new service costs $10 per month and adds unlimited access to 60 titles. This works similar to the Xbox Game Pass, including offering a fairly exciting lineup of games, featuring Limbo, Super Meat Boy, and Wasteland 2: Directors Cut.

You can try any and all of the features directly in the Discord app now. It will be interesting to see if this makes any dent in Steam's dominance, or if the addition of another store will simply increase the overall game buying industry.

On October 4, 2018, Bloomberg Businessweek published an article detailing how China included a tiny microchip on server motherboards in an attempt to bypass corporate security at some major companies, including Amazon and Apple. They described an intricate plot, involving manufacturing plants in China that produced motherboards for Supermicro server hardware. They claim that Amazon noticed the chip, which they reported to US authorities, who have spent over 3 years investigating. The article cites information from insiders at Amazon, Apple, and the Federal government. Newsweek felt this investigative piece, which covers incidents dating back as far as 2015, was important enough that it was the cover story for October 8, 2018.

The story surprised almost nobody in the technology industry. The idea that a Chinese company could be purposely inserting spy technology into products they manufacture is not a far-fetched one. In fact, two Chinese-owned smartphone brands have previously been banned from import into the US over fears that they contained technology designed to spy on US citizens and, hopefully, intercept calls containing sensitive data. To extend the threat from smartphones to servers was a fairly mundane and, frankly, expected.

There are a few in the industry who take particular exception to the story, however; namely, the companies mentioned by name. Amazon claims that they never knew anything of compromised server hardware and have never been in contact with Federal law enforcement, either in reporting or in questioning, regarding the topic. They say that the only issues they have found regarding Supermicro servers were in a web-based application designed for server management, which was addressed prior to implementing the hardware. They say they have no record of any hardware issues ever being reported for hardware.

Apple had a similar response to the article, claiming that they also never had any hardware incidents with Supermicro and the first they were aware of the concept was when Bloomberg themselves started contacting the company asking questions. They also claim that the fact that the company canceled their contract with Supermicro to purchase over 30,000 servers immediately following the timeline Bloomberg claims would have been the disclosure of the server hacks is unrelated.

This week, Apple CEO Tim Cook, who has taken this story very personally, has upped the denial rhetoric. In fact, he has gone so far as to demand Bloomberg retract the entire story. He told Buzzfeed,

I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel. We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us, the story changed, and each time we investigated we found nothing...

We turned the company upside down. Email searches, data center records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this.

For Cook, this seems to be some sort of personal attack, either on his credibility or his intelligence; maybe both. To have employees of Apple being part of the investigation, and 4 Federal agents claiming that Apple both reported and participated in the investigation when he believes that it never happened does not seem to be something that he can heal from. It could have to do with the relationship that Supermicro has with Foxconn, who also manufactures most of Apple's products. A stain on their manufacturing process could leave a stain on all of Apple's hardware and security, which is something that has been in question following a couple of security issues at the company. If Cook had ignored it, no one would even remember the report today, but he keeps picking at it, meaning that it keeps being brought to the top of everyone's minds.

Considering their commitment to the story, it is unlikely that Bloomberg is going to retract the story, no matter how much noise Cook makes, though anything is possible at this point.

After AT&T won its bid to purchase Time Warner and got government approval to do so, the company has quickly been making changes around their acquisition. The company quickly made changes at HBO, even while the Department of Justice was renewing their fight against the merger. They have also been offering bundles of their combined services, like DirecTV and wireless service, along with HBO streaming.

The newest move for the company is to create yet another streaming service. This move is likely the public confirmation of a streaming service mentioned in court in April. The service will feature the company's own content, including CNN and HBO, as well as content from partners, such as DC Comics. According to John Stankey, CEO of WarnerMedia (formerly Time Warner),

Our service will start with HBO and the genre defining programming that viewers crave. On top of that we will package content from Turner and Warner Bros. with their deep brand connections that touch both diverse interests and mass audiences.

That certainly makes this new service sound similar to the business model of Amazon Prime Video or Hulu (which WarnerMedia holds a 10% stake in), where there will be a base product and with add-ons, though that is merely speculation. Details, such as pricing and availability, have not yet been announced; just that the service will launch at some point in quarter 4 2019. Having a brand-owned service like this, which brings content directly to consumers, is becoming a popular model. Stankey said,

While going direct-to-consumer gives us an additional opportunity to reach audiences that aren't part of a traditional subscription service, our wholesale relationships will continue to be an important distribution channel. So, it will be a priority to work with our partners to deliver a compelling and competitive product that will complement our wholesale distribution, allowing us to reach the largest number of viewers.

Of course, this new streaming service will also compete with AT&T's DirecTV Now, which also brings content directly to consumers. It does, however, give the company a different style of distribution: appointment style and on-demand. It is a double-edged sword, though, as more services means more piracy.

Since is launched in 2011, Google+ has been the butt of nearly every joke in the tech industry. A favorite is the idea that the only people who use Google+ are Google employees, being forced to do so to try and show some sort of usage. Of course, there are more users than employees, but not by a huge margin. Over the years Google has done a lot to try and force people to interact with Google+. The most famous of which was forcing YouTube integration, making users have a Google+ account to comment on videos. None of these tricks worked.

Google has been having an internal debate for several years, whether to continue the fight or walk away. They've walked away from other massive mistakes, such as Google Buzz, a product that not even Google knew what was for. This week, Google's decision was finally made: walk away. The company has finally decided that the trouble of Google+ is finally more than it cares bare and will begin the process of shuttering the consumer side of the product. If you are one of the very few people who used the platform and has content there that will be lost, Google has created an export process.

The stated reason for the shutdown, however, doesn't have anything to do with incredibly low usage. Instead, the company claims that the shutdown is caused by a security bug that was patched earlier in the year. The bug, which is similar in nature to Facebook's recent issue, in that the company claims that they have no evidence that any data was exposed incorrectly, only that it could have been. In Google's case, however, it was more than API keys that were available: it included name, email, gender, job, and age; enough to do some real-world damage.

The bug was introduced into the software in 2015 and discovered early in the year, being patched in March. Unfortunately for users, Google decided that it didn't need to disclose the issue publicly. This is contrary to the way they treat other companies, however. If Google discovers a bug like this in someone else's software, they give 90 days to fix it before disclosing it themselves. It apparently doesn't apply to their own software, though.

The issues were disclosed by Wall Street Journal, followed by Google's announcement about the future of the product. As one would expect, users are not happy about the lack of disclosure and have filed a proposed class action against the company. The suit claims negligence, invasion of privacy, and more. Attorney Joshua Watson wrote,

Worse, after discovery of this vulnerability in the Google+ platform, Defendants kept silent for at least seven months, making a calculated decision not to inform users that their Personal Information was compromised, further compromising the privacy of consumers' information and exposing them to risk of identity theft or worse.

Even the government is unhappy about the scenario. Three US Senators sent a letter to Google, in part saying,

Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it.

Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered?

Are there similar incidents which have not been publicly disclosed?

This is similar in nature to what happened after the Cambridge Analytica breach at Facebook. It is liklely that, in addition to the class action suit, someone from Google is going to be speaking in front of Congress soon.