Spear Phishing using Facebook activity

Spear phishing is an extremely potent hacking vector that combines social engineering with phishing. Basically, an attacker tries to learn enough about a specific victim to inform the design of a fake email that the victim is more likely to think is legitimate and thus open and engage with. For a detailed example of spear phishing in action, see this account of how the Onion’s Twitter account was hacked.

Standard phishing is generally thought of as a brute force attack in which the attacker crafts fake emails meant to fool the broadest set of people possible (e.g., you’re much more likely to see a phishing email claiming to be from a large national bank, like Chase or Bank of America, than a small regional bank). Whereas spear phishing has conventionally been viewed as a more bespoke approach that is targeted at a specific individual or organization. So the current conventional wisdom is that normal phishing attacks are relatively easy to spot, and only relatively sophisticated attackers going after high-value targets, like access to government or corporate systems, use spear phishing. But what if that’s changing?

Over the last several months, I have been the target of what might be a new, more scalable, approach to spear phishing. I have been receiving phishing emails that are sent using the names of people I know but not their email addresses (see below).

I was at first confused at how the attackers were coming up with these names. My first fear was that they had hacked my email account and thus had access to my address book, but I have 2-step verification enabled and I didn’t see any suspicious access in the Last account activity.

Then as I was looking through my spam folder this week, I noticed a pattern: the names being used were all people who had recently commented on my Facebook posts. This is just a hypothesis and there’s a lot I still don’t understand about the attack, like how they associated my email address with my Facebook profile, how they are scraping the comments on my Facebook posts, and most of all why they would target me.

But if in fact they are scraping Facebook activity to come up with the names to use as senders, this opens up a much more scalable (and thus dangerous) vector for spear phishing. I’m very curious to hear if anyone else has experienced similar attacks and/or has any other information to add.

You’re more than the Fucking Janitor: Thoughts on Startup Leadership

Last month, I had the honor of participating in the inaugural Foundry Group portfolio CEO summit where we had an enlightening discussion on leadership. To kick-off the conversation, one of the other CEOs volunteered the story of a time he felt he failed as a leader: he had a disagreement with some of the engineers on his team about the complexity of a given feature; and when their conversations reached an impasse, he took matters into his own hands and coded the feature himself.

I found the most interesting part of the ensuing discussion to be the disagreement over whether this CEO’s act of digging in and coding the feature himself was a leadership success or failure. We didn’t do a formal survey, but the group appeared to be divided into two camps: one that felt he should have focused on solving the communication and process (and possibly staffing) issues that prevented his team from executing as he desired; and the other that saw value in the example he set by showing he was capable of and prepared to do what he asked of others.

Earlier this week I read Zach Bruhnke’s excellent post You’re not the CEO – you’re the Fucking Janitor, and it took my mind back to that discussion about what good leadership looks like in a startup. My answer: it depends. It seemed to me that the folks at the summit who felt this CEO failed by doing instead of managing were leaders of more mature companies, while the ones who admired his leadership by example tended to be running earlier stage startups. As someone running a company that had recently raised our Series A and was growing from a team of 5 in January to 14 today, I found myself agreeing with both sides of the debate.

For a boot-strapped or even seed-funded startup, I think Zach’s post is spot on. The “CEO” in Zach’s story is a total douche, and my business cards say “Co-founder” precisely because calling myself the Chief Executive over 4 of my friends made me think of Yertle the Turtle. My dad always told me “the fish stinks from the head”, which is just his graphic way of saying great leaders lead by example. In my relatively short leadership career thus far, I’ve taken this to heart and always jump at the opportunity to do things myself.

In addition to the mutual respect and motivation Zach mentions in his post, one of the greatest advantages I’ve found in this approach is the intimate understanding a leader attains of how things are done within their team. Across the many failures of leadership I’ve observed (I was at Yahoo! for 4 years 😉 ), there’s a recurring theme of the leader being too removed from the actual doing. Especially in the technology world, the means of production can be just as important as the output. I can’t tell you the number of product and business leaders I’ve dealt with who treat engineering like a commodity instead of a potential competitive advantage. You only need to look to the world’s most valuable company to see what great supply chain management (i.e. caring how the sausage gets made) can do for your business. And when you’re a software company, every architectural decision your team makes has a bearing on essential business considerations like performance, reliability, time-to-market, and agility in responding to new threats and opportunities. That’s why awe.sm is, above all else, an engineering-driven organization (and looking for even more great engineers 🙂 ).

But in a later stage company, the leadership challenge is greater because you need to figure out more scalable ways of achieving these same goals. There was one particular line of Zach’s post that stuck out for me in this regard:

If you want to be a CEO in the sense that you dream of then you should remember to be the Fucking Janitor too.

A couple months after raising our Series A, I was washing dishes in the office and caught myself feeling self-satisfied because here I was, CEO of a company that had just raised millions of dollars, doing the dishes. I thought about my dad’s smelly fish saying and how he’d be proud of me. Then I thought about our investors and what they’d think of this…and it struck me they’d be pissed. Here I was, CEO of a company in which they’d just invested millions of dollars, doing the dishes instead of the dozens of other things only I could be doing to make their investment successful.

In the few months since then, my leadership focus has shifted. I still do the dishes when it’s my turn; when AWS shits the bed at some inhuman hour, I’m in our IRC room doing what little I can to help; and I always want to understand the gory details about why we made one architectural decision over another even if I wouldn’t know how to implement either of them myself. I am proud to continue to be a colleague to my team above all else. But leadership in a larger organization requires more than that. Our goal is to achieve on a scale bigger than what one person can achieve alone, and that means the leader needs to lead not just do. Doing is good, but when it turns you into a micro-manager or takes you away from leading, it can be counter-productive.

Delegation is hard. I’m finding delegating well to be much more challenging than doing things myself. Leading purely by example just requires effort and a willingness to do things that aren’t fun or glamorous, and as the leader you’re usually the most incentivized to get those things done. But effective delegation requires much more than mere will, it is a skill set developed with patience and learning and painful trial and error. It requires finding great people, training them in the skills you need them to have, motivating them to share your goals, empowering them with the resources and information to be successful, trusting them to do their jobs, and then giving them feedback on how to improve. I have come to believe my primary job as a leader is to enable the members of our team to deliver what the company needs from them, and that’s a lot harder and even less glamorous than being the Fucking Janitor.

Why I’m excited about @getmoreclarity from @danmartell

Ironically, Dan Martell is one of the most genuine friends I’ve made in the startup world. I say ironically because he is a caricature – the guy literally uses hashtags when he speaks :-). But none of that can take away from how legitimately passionate he is about helping others, in particular other entrepreneurs.

Dan doesn’t talk about it much, but his path to the #leanstartup celebrity all his Twitter followers know today was a pretty long and unglamorous road compared to a lot of today’s entrepreneurs (including myself). Though he doesn’t remember it, Dan and I first met on the Internet back in 2009 when I was trying to do some early content marketing for awe.sm and he was, as always, building his personal brand by explaining how he got to 595 Twitter followers (how quaint! 😉 ). At the time, I believe Dan was still living in Canada having sold the professional services business he had built over years of unglamorously quotidian hard work, and, like me, was trying to break into the Silicon Valley in-crowd. I wrote him off as YASMDB (yet-another-social-media-douchebag), albeit one with amazing hair and actually pretty good advice, and forgot about @danmartell.

About a year later, awe.sm got its first “office” in San Francisco courtesy of some desks Klout was subletting in their space, where Flowtown was already subletting a conference room. Over the following 2.5 years I got to know Dan as we worked side-by-side there and later at the new office we moved to with Flowtown and Plancast. In such close quarters for such an extended period of time in such often-times stressful circumstances, you learn a lot about anyone. And what I learned about Dan is that his enthusiasm and passion and child-like love of startups are unimpugnably genuine. But in Dan’s case, I found myself learning a lot not just about him but from him as well. I learned from his example as well as his mentorship, with which he was always generous to everyone – those of us in the office just were fortunate enough to have access to the firehose. He has one of the best product senses I’ve ever seen because he has the rare ability to assume the veil of ignorance of a real user. And his belief that creativity and hard-work (aka #hustle) can solve any problem enables him to turn whatever challenge you bring him into an opportunity.

Even though we’ve talked about it several times over the last few months, what Dan is doing with Clarity.fm wasn’t truly clear to me until today when I started reading the (impressive) press coverage of their launch. Until this morning, I saw it as Dan building a product to solve a pain point Dan had and thought enough other people have to make it a viable business. Then I read the following quote Dan gave in the TechCrunch post:

For the first years of my working career, I was still living in my native Canada and I was desperate for advice. I emailed the minister of my province there, he respected that I was a young entrepreneur, and he introduced me to three guys that had built hundred million dollar companies. That was the reason that I moved to San Francisco in the first place,” Martell said. “I know that getting the right advice at the right time can dramatically change an entrepreneur’s life.

Only then did I realize this isn’t purely a convenience product for Dan, it’s a passion product. And when an entrepreneur and product person as talented as Dan is passionate about something, you know it is going to be great. So that is why I’m excited Clarity is being built by Dan.

As for why I am (and I think you should be) excited about Clarity in general, my friend Hunter says it better (and more concisely) than I can:

So if you’re an entrepreneur seeking advice, check out Clarity and don’t bother with Mark Cuban, go straight for this guy.

Vote against #SOPA with your pocketbooks: Boycott the Box Office

That money in politics you’re always complaining about, it’s yours. Take it back!

Our government is way broken. As citizens, we need to fix it fundamentally. And until then, the Internet industry needs to get better at playing by today’s broken rules. But in the case of SOPA/PIPA (also see this great infographic), there isn’t time to fight lobbying fire with lobbying fire, and the notion that emailing and Tweeting at Congress is our best shot of battling entrenched special interests is naive IMHO.

Yesterday we saw a great example of how grassroots online organization can focus our collective economic leverage into influence and results. But before we all go patting ourselves on our collective backs, let’s be honest: this was a gimme — an Internet business dumb enough to thumb their nose at their core customers, and who could ultimately be swayed by a chorus of angry digerati. I applaud the spirit of the GoDaddy boycott, and even participated, but I want us to parlay this small win into something much more meaningful. Let’s not stop at the pawns, let’s strike at the root of support for SOPA/PIPA: the entertainment industry.

More specifically, we need to kneecap the MPAA. Once you understand the motivations of the players involved, the logic of how we can put an end to this nonsense is relatively straightforward. The MPAA is a trade group that represents and is funded by the 6 major film studios (Disney, Warner Brothers, Universal, Fox, Sony, and Paramount). It has an annual budget, determined by its members, that has been shrinking since 2009. The recently appointed new head of the MPAA, former Senator Chris Dodd, is pulling down more than $2 million a year to turn the organization around, which means convincing the studios that they should increase its funding. Not to be overly-cynical here, but it doesn’t seem like too much of a stretch that a former Senator being paid a ton of money in the private sector might seize on Congressional legislation highly favorable to the industry he now represents as the quickest way to prove his (and his organization’s) worth.

I am convinced that the management of the studios don’t really care that much about SOPA/PIPA. If they thought anti-piracy legislation was important, they wouldn’t have been slashing the budget of their lobbying organization over the last several years: in 2007 the MPAA’s overall annual budget was $93 million, in 2009 it was down to $64 million; and within the MPAA itself, the money spent on lobbying went from $2.7 million in 2008 to $1.7 million in 2010. This legislation is even worse than what everyone thinks — it’s not being driven by the needs of a single industry, it’s being driven by the needs of a single industry *trade group*. The studios support it because they’ve been told it will be good for them (even though anyone who knows anything about technology knows it will do little to actually stop piracy) and because there’s no additional cost to them other than what they’ve already sunk into the MPAA’s annual budget. Let’s change that!

If we can show the studios that this ineffective legislation that only succeeds in being hostile to their customers is going to cost them money, I believe they’ll rein in Dodd and the MPAA right quick and that would be the end for SOPA/PIPA. The good news is we have a clear path for demonstrating that cost because, even though these guys may not read the bills they’re paying to have written, they watch their weekend box office receipts like hawks. The bad news is I don’t think the usual online activist base will be enough — in order for this to work, we need to get real people to take real action by changing their offline behavior (i.e. it only works if people who normally go to theaters don’t go when we ask them).

So, here’s what I propose:

  1. We pick a weekend far enough from now that we have time to adequately mobilize mass support
  2. We educate our non-geek family and friends (aka muggles 😉 ) about how SOPA/PIPA will impact the Internet in ways they care about (e.g. censoring YouTube and Facebook)
  3. *Then* we start making noise online to get as many people as possible to join the boycott on the appointed weekend and to make clear to the studios that the dip in revenue they’re going to see that weekend is a direct result of their support of SOPA/PIPA

That’s my idea. I think it can work, but only if enough other people think it makes sense and want to help. I’m open to suggestions on how to move forward and happy to help however I can in making this a reality. You can reach me at jonathan [at] jonathanhstrauss.com and @jhstrauss on Twitter.

And in the meantime, I’ll be that guy annoying his girlfriend’s family about the evils of Internet censorship at Christmas dinner 😀 .

The streaming music business is dead, long live the streaming music business

apple_lala Apple’s acquisition of Lala yesterday is the coda to an interesting chapter in the evolution of the music industry. It comes on the heels of MySpace’s acquisitions of iLike and iMeem (both at similarly distressed prices to the reported ~50% discount in the Lala deal) as well as the launch of (nearly) inline streaming music in Google’s search results. Talk about mixed messages: the business of on-demand streaming music (vs. streaming radio like Pandora) is broadly being conceded as a failure just as the user experience is finally hitting the mainstream.

In the last 24hrs, I’ve read a lot of analysis across the spectrum and heard the thoughts of friends in various segments of the music industry. Here are some of the big issues that are front of my mind.

Whither the MP3 of streaming music?

Most of the people I respect in online music have been opining for on-demand streaming music for years. So, their first reaction has echoed that of my friend Lucas: music in the cloud will now be a reality. But *how* it will become a reality matters too, and I think that’s been lost a bit in the discussion so far.

In the download world, an open format (MP3) pre-dated Apple’s entry. So, they had no choice but to support it in order to make their software and devices backwards compatible. In fact, it’s easy to forget today that the market for iTunes and the iPod was largely built around satisfying the needs of consumers of illegally acquired music (the iTunes Music Store was actually launched over 2 years after iTunes debuted). If not for that pre-existing market condition, I don’t think it’s hard to believe the iPod would only play AAC music files (Apple’s proprietary format). Remember that no one could compete with the iTunes Music Store as a legitimate storefront for online music until less than two years ago, when the labels agreed to let Amazon and others sell in MP3 format so that customers could play the songs sold by retailers other than Apple on iPods. (This in itself was an interesting saga with Jobs publicly justifying why Apple would never support someone else’s proprietary format on their software/devices and why they would never license Apple’s DRM to others. In the end, the labels’ fear of Apple’s growing control of the online music value chain was greater than their fear of piracy and they called Jobs’s bluff by actually licensing MP3 sales.)

The relevance here is that there is no MP3 equivalent for streaming music — no pre-existing open standard that consumers will require Apple to support before they buy a wifi-enabled iPod (aka iPod Touch). Just like there is no (legitimate) way to play films or tv shows not downloaded from the iTunes Store on your Apple TV, there will be no way to consume on-demand streaming music from other sources in the native player on your iPod. You will of course continue to be able to install separate third-party applications, like Pandora or Spotify, to manage and play streaming music you acquire through those services. But, that silo will continue to be incompatible with iTunes and the rest of your music library while the native player will offer you an integrated consumption experience across downloaded and streaming music. Maybe this will still be good enough for the small number of power-users who care enough to want an alternative to the Apple offering (like those of us today who install the eMusic or Amazon download manager to have a somewhat equivalent purchase alternative to the iTunes Music Store).

However the segment for whom I think the lack of an open streaming music standard is potentially most harmful is the actual artists and the growing industry of direct-to-fan enablers, including my good friends at Topspin. Direct-to-fan sales are better for the artist because they get to own the customer relationship with the people who are *their* fans to begin with (see my boy Ian explaining to Wired how important this is) and they can have more control of the offering and better margins by cutting out middle-men like Apple. Today, I can buy an album directly from Topspin artists like Get Busy Committee or Fitz & The Tantrums (two of my current faves) in MP3 format and play it in iTunes and on my iPod. How exactly are they going to sell me streaming music outside of iTunes (or a 3rd-party service)? There are products like MobileRoadie, which artists can use to create their own branded iPhone/iPod app. But, I don’t foresee consumers being willing to switch apps every time they want to hear a new artist (and forget about a streaming playlist with multiple artists).

Licenses, schmicenses!

Several commentators on the Lala deal have noted that their licenses with the labels expire in the case of an acquisition. And I hear from insiders that Apple has already had requests for streaming licenses denied by at least some labels. Here’s why neither of those things matter.

Apple is going to build a kick-ass streaming experience natively integrated into their service/software/device stack of the iTunes Music Store, iTunes, and the iPod. They are going to get the thousands of independent labels, aggregators like TuneCore who represent individual artists, and at least one or two major labels (my bet is EMI will be first) to give them streaming licenses on a critical mass of music. Then, they are going to use the iTunes Music Store to promote the shit out of both downloads and streaming (most likely bundled) from the artists for whom they have streaming licenses while at the same time freezing out promotions for any hold-outs.

This is a non-issue IMHO and every song you can buy as a download from the iTunes Music Store today will be available for streaming within a year of launch (just ask NBC how well playing chicken with Apple works).

Sustaining innovation doesn’t work.

This post is already way longer than I intended, so I’ll leave this point as more of a footnote. On-demand streaming music is the future. Everyone I respect believes it, Apple believes it, it is the logical conclusion of the path the music consumer experience has been on since Napster. And yet it is a business widely viewed as “toxic” by investors, several of whom in recent months have demonstrated they think so little of its future potential that they are willing to take steep losses on their investments to get out. What gives?

Not only were these businesses endorsed by the major labels, both iMeem and Lala actually had labels as investors (as does Spotify). The reason that on-demand streaming music is a great product but shitty business is because the license fees demanded by the labels make it impossible to make money with any kind of offering that consumers will think is reasonable. It’s somewhat counter-intuitive that a vendor who is an investor wouldn’t be willing to adjust their pricing in order to preserve the value of their investment. But Warner Records, in particular, made it clear that are happy to spend tens of millions of dollars co-opting companies they see as potential threats and running them out of business in order to prevent hundreds of millions of dollars in (perceived) cannibalization.

This is Clayton Christensen 101:

By only pursuing ‘sustaining innovations’ that perpetuate what has historically helped them succeed, companies unwittingly open the door to ‘disruptive innovations’.

In other words, by trying to take an innovation and use it only to perpetuate and/or protect legacy business models, incumbents give new entrants the opportunity to do things the way the market actually wants them to be done regardless of how they have been done in the past. By trying to force LaLa from being a potentially disruptive innovation into a sustaining innovation, Warner Music and the other major labels unintentionally drove them into the arms of Apple, still the biggest threat to the legacy model the labels are trying to preserve. (Studios and networks trying to “de-fang” Hulu, take note.)

Reblog this post [with Zemanta]

It’s a way small world after all!

This struck me as so weirdly incestuous/small-worldly I had to post it. I just came upon a song featuring vocals by Sandra Possing, who happened to be the bartender at Delaney’s when I first met with Todd to discuss what is now awe.sm (she even tweeted about it!). Not only that, but I found the track through friend and former co-worker Lucas Gonze, and it’s being hosted on a site built by another former co-worker, Ethan Diamond.

The social media singularity is officially upon us people! Enjoy the music:
<a href="http://gavroche.bandcamp.com/track/hopefully-ile-st-louis">Hopefully, Ile St. Louis by Gavroche</a>

Dear Digg, here’s how to get people to STFU about the DiggBar

Dear Digg,

I think you’re missing the point of the uproar over the DiggBar. It isn’t about SEO or search engine ‘juice’ or 3rd-party traffic stats or even about the structure of the web, it’s about control. Publishers like to know they at least have the option to be in control of how a visitor interacts with their site, and you have ignored that need.gruberdigg

Personally, I feel you’re perfectly within your rights as a driver of traffic to do whatever you want with your outbound links. And publishers, like John Gruber, are perfectly within their rights to do whatever they want to visitors from your pages. But, why do you guys have to fight about it? Do you hear any similar outcry over Facebook’s ‘action bar’, which arguably intercepts a lot more overall traffic than the DiggBar ever will? I haven’t, and I think it’s simply because from the start they have given publishers a simple way to opt-out.

From the Facebook Share Partners page (click ‘What is the blue bar that appears over my webpage? Is there a way to prevent it from appearing?’):

When someone clicks on your shared item, they are redirected to your page, and a small action bar is added above your site. The action bar promotes further sharing so that more people can see your content If you would like to disable this feature, simply add this code to your web page:

  <script type=”text/javascript”>
    if (top.location != location) {
     top.location.href = document.location.href;
    }
  </script>

Is anyone actually using this? Probably not. Would most publishers want to block the DiggBar? I highly doubt it. As TechCrunch implies, traffic is still king for most publishers:

If the Diggbar can [drive a 20% boost in traffic] consistently going forward, nobody is going to be complaining about it anymore—even if URL shorteners are still evil.

Those publishers who have different priorities, as is their right, *will* find ways to block the DiggBar, which in this case results in a crappy experience for visitors coming from your site. But if you were to officially support opt-out on a per site basis (a la Facebook), publishers could could control their sites as they wish without the end-user experience having to suffer for the sake of an argument most of them don’t understand or care about.

Love,
-jonathan

Disclosure: I run a publisher services company building a product that happens to shorten URLs. For the record, I don’t think URL shorteners are evil, just misunderstood 🙂

Reblog this post [with Zemanta]

Crystal Ball for Studio Execs or WWJD?

My dad and I had a long conversation over lunch today (at In-N-Out 🙂 ) about my most recent blog post. He mentioned that the studios are keeping a close eye on what is happening in the music industry as a preview of their own potential future 5 years down the road, and that they are taking preventative measures based on what they see. I replied with two reasons why I don’t think that’s something to brag about. First of all, that 5 years is more like 2 years (if that) and it’s shrinking every day. The pace of technological progress has only accelerated since it first began to disrupt the music industry, and it ain’t slowing down. Secondly, the film industry’s approach to understanding the data has been merely to plot historical events and interpolate a trajectory. They have made no attempt to understand the underlying equation and thus extrapolate the end-result. In high-school trigonometry terms, they are plotting points on the left half of a parabola without understanding that they are part of the graph of y=x^2. How do I know this? Because you can see it in their actions, they are clearly trying to treat a growing number of symptoms with no clue about the nature of the underlying disease.

My dad agreed with me and then said there’s a lot of money to be made by the guy who can show them what the future really holds. Being the giving person that I am, I hereby offer it to them free of charge (and with charts, no less!):

Audience Graph
First of all, your audience is moving from conventional offline distribution channels to new online ones. You may think you have the control to slow this, but you don’t! At this point, you must consider it *axiomatic* that every genie will get out of every bottle. There are over a billion people on the Internet, and it just takes one to put your content on BitTorrent and all your anti-piracy efforts are rendered moot. Content consumption is moving from offline to online whether you like it or not. So, you have a choice: get on-board by giving consumers what they want and keep some of them as customers, or drive them away entirely by ignoring their needs. If you choose the latter, you probably won’t ever be able to win those lost customers back. And even if you choose the former, you will most likely never be able to aggregate the same size audience for a given piece of mass-market content online as you could offline. Mainstream media (or ‘head’) content is a first-class citizen offline, where there is artificial scarcity and so being first in line counts for something. But, there is an (effectively infinite) abundance of content online and what matters most is finding what is most interesting to me.

ARPU Graph
That’s the bad news. Here’s the good news, by moving online you can build deeper relationships with that smaller audience and explore variable pricing options to increase the average value of each individual fan (again I reference Josh Freese, who illustrates this point not without irony). However in order to fully engage your most passionate fans and get them to give you more money, you can’t continue to just sit back and pump out passive entertainment experiences with some snazzy marketing around it. You will need to invest in turning your content into 360° entertainment and change your mentality about selling it as a packaged good.

Cost Graph
Yes, I know that sounds expensive. It definitely won’t be cheap and will require you to build out new competencies you don’t have today. But you’ll be able to pay for it (and then some) with all the money you save by getting out of the very expensive mass-market content and offline distribution businesses.

So if you’re willing to become an online-first media company, I think I can promise you’ll return to profitability in 5-10 years depending on how quickly you move to jettison your legacy offline businesses. Now, your shareholders may not be so keen on all these restructuring costs and write-downs, not to mention all the money you’re going to be leaving on the offline distribution table by focusing on getting into the online business while you still can. But, that’s ok because they value the long-term survival of the company over short-term profits. Right? </sarcasm>

Mass-market content and offline distribution are declining businesses, but they are still quite profitable. Especially compared to niche content and online distribution, which are clearly ascendent but still a rounding error to the bottom-line of these major media companies (not to mention the corporations that own them). I believe the decline of the former is going to be a lot quicker than the entertainment industry thinks (because they believe they can control it and they don’t understand the exponential acceleration of technological progress) while the rise of the latter will be retarded by a lack of investment in developing the infrastructure to make it a profitable business. The film industry obsessively spends hundreds of millions of dollars to build the biggest anti-piracy stick they can while watering the online video carrot with an eyedropper. If they were to put meaningful time and money into figuring out how to make legal online content consumption compelling and profitable, it would be more effective than spending a hundred times that on anti-piracy efforts. But they won’t, instead they will continue to do everything they can to prop up dying (but profitable) revenue streams, including stifling the growth of the emerging revenue streams that could one day take their place. And so, the studios will some day (soon) find themselves with not enough offline money and not enough online audience from which to try to make money.

If I were the head of a studio, I would stop trying to figure out how to grow the buggy whip business by keeping down the automobile. I would also recognize that transforming my profitable if shrinking buggy whip business into a money-losing automobile business making it up in volume is probably not in the best economic interest of my shareholders. So instead of throwing good money after bad trying to keep the overall buggy whip market from shrinking, I would focus on getting as much share as possible while all my competitors spent their time futilely worrying about the cars. I would ruthlessly cut costs to maintain profitability in the face of shrinking demand. And, I would put all those profits into a dividend so my shareholders would stop pressuring me for growth that isn’t there. Finally, when it’s time to close my buggy whip factory’s doors, I would take all that dividend money I earned and put it into the best automobile company I could find (and then I would be sure to sell that ~80 years later 😉 ).

Reblog this post [with Zemanta]

Entertainment-as-a-Service

[Cross-posted from my company blog.]

I just got back from a really fun (and delicious) lunch with Peter of Pantless Knights, who is in LA working on a hilarious new video, and one of the main things we discussed was the idea of Entertainment-as-a-Service. The term is a reference to the concept of Software-as-a-Service (SaaS), which is a business model generally contrasted with the conventional packaged or ‘shrinkwrap’ software model. Essentially, SaaS is a subscription business and packaged software is a retail business.

The entertainment industry is a retail business. Books, movies, tv shows, music are almost universally sold as one-off purchases. But, those things are just the packaging and the people selling them to you are just middle-men. The business of entertainment (not to be confused with the entertainment *industry*) is fundamentally a marketplace of attention between fans and content creators — fans have a finite supply of attention for which content creators are competing. So, then what is the entertainment industry? To use a very relevant analogy, it is the collection of intermediary businesses (i.e. publishers, studios, networks, labels) that have been acting like investment bankers, taking the raw materials of talent and creativity and packaging them up in a form they know how to sell (i.e. retail) and commanding a big slice of profit along the way. Entertainment doesn’t want to be a retail business, and that is the fundamental essence of the disruption the Internet has unleashed on the entertainment industry.

[Clarification: For the sake of this discussion, I’m using the term ‘content creator’ to represent those who add unique creative talent to the production process. As my dad pointed out, content creation is rarely a solo effort (most notably in film production, which can involve hundreds of individual contributors) to which studios, networks, labels, and publishers often contribute substantial value. But as those contributions are opaque and thus interchangeable as far as the consumer is concerned, I am excluding those who make them from the class I refer to as ‘content creators’ in this post. Otherwise said, even though the sound engineer plays a crucial role in creating the album, no one buys it based on *who* the sound engineer was.]

When you think about what elements of the entertainment business technology has really undermined, it’s nothing more than the packaging — the time slots and release dates and viewing windows and region codes that are artificial constructs of these middle-men trying to slice-and-dice the content into as many tranches as possible to squeeze out every last cent of profit. Just like the investment bankers and their CDOs fragmented and obscured the connections between investors and their investments, so have the studios, networks, publishers, and labels introduced complexity into the connections between content creators and their audiences. While that complexity, and the companies who created it, may have been a necessity in an era of technologically inferior marketing and distribution systems, they are simply market inefficiencies in the Internet age.

So, what is the difference between retail and subscription when it comes to entertainment? In a recent post on my personal blog about SaaS vs shrinkwrap software, I wrote:

The business model of packaged software invites feature bloat, because it’s upgrade driven and you need to continually find ways to justify why Thingamajig 2009 Pro Edition™ is so much better than Thingamajig 2008 Pro Edition™. Software as a Service businesses have a much different (and arguably greater) challenge, they need to continue to create value for their customers month after month….So, you end up with a much more customer-centric product…and a vendor who is truly interested in addressing your customer needs.

The first priority of a retail business is to maximize sales, building brand loyalty and repeat business may be means to that end but they always take a back-seat to whatever else will drive more sales. Whereas in a subscription business, customer retention (and thus customer satisfaction) is always top priority, even above new customer acquisition. So if a studio believes they can get a lot of people to see a crappy movie by spending more on marketing and less on quality, they will (and do, again, and again, and again…). Because all you’re buying from them is the packaging, they know you aren’t really paying attention to whether it’s a Fox or Warner Brothers or Paramount film (do you buy your cereal based on who made the box it comes in?). But, a director would rather disown a bad film than endorse the studio releasing something that doesn’t meet his standards and his fans’ expectations. This is because the director knows that his relationship with his fans is a subscription business, and if he disappoints them he will be unable to continue exchanging his content for their attention in the future. The studios understand this too — they don’t give Tom Cruise $25M (plus a cut of the gross) per movie because his acting skills bring $25M of quality to the screen, they do it because he has more than $25M in ticket, DVD, and merchandise sales worth of fans.

Entertainment is naturally a subscription business, and the Internet returns it to its natural state. The content creators who thrive online are those who understand this and focus on the ongoing satisfaction of their customers (see Ze Frank, Michael Buckley, Chris Leavins). The level of customer satisfaction these creators deliver is really only possible on the Internet because they can go direct-to-consumer without need of the middle-men and their packaging. These creators publish in all forms — video, photos, blogging, micro-blogging, music. They do not see themselves constrained by the legacy dividing lines of the entertainment industry, their goal is to entertain their audience by any and all means available. There is no distinction for them between primary and ancillary content, they are 360° entertainment brands. The other thing that has made these creators so successful online is their direct interaction with their customers. The best your most engaged fans can do offline is give you their personal attention (and the money that comes with it) and try to recruit others to do so as well. But online, they can interact with you and become part of the show. Empowering your customers is the surest way to make them even more engaged. As I wrote in another recent post on my personal blog:

Bringing your customers into the product development process has the dual benefits of helping you build better and more customer-centric products and making your customers your most passionate sales people (because after all, it’s their product too).

So, the Internet enables these creators to spend more time listening to their fans and creating new content they’ll enjoy while outsourcing the marketing to the community for free. This is the exact opposite of the offline retail model in which the studio takes money out of production budgets to put it into marketing campaigns. The ability to establish deeper relationships with their fans also allows online content creators to attain higher average attention per customer (ARPU) than is possible in the retail world, thereby making it easier to build more value by going deeper with a smaller audience.

To be clear, I’m not trying to say the only business model for content on the Internet is a recurring subscription fee. The ‘subscription business’ to which I’m referring is more the theoretical exchange of value between content creators and their fans, which can and will take many forms — including selling packaged goods. I’m also not saying that the online entertainment market is solely the domain of Internet-only content creators. In fact, I believe the Internet is most powerful as an entertainment marketplace when the quality and reputation of a historically offline content creator is freed of the constraints of the legacy packaged goods business model. Take for example Josh Freese, who gets extra points for using this freedom precisely to illustrate the absurdity of the conventional retail approach.

And now, I leave you with the profound product of the coming entertainment revolution:

P.S. Hat tips to Ian Rogers for the marketplace of attention thinking and Umair Haque for the marketing vs quality dichotomy.

Reblog this post [with Zemanta]

On Hulu and Boxee or Sometimes it sucks to be right

A little under two weeks ago in a comment on a GigaOM post about Boxee, I wrote:

I think [Boxee’s] current differentiation is based primarily on giving users the features and content they want in the form they want it, which is mostly a function of Boxee not being encumbered by the legacy business models of the incumbents.

Frowny BoxeeWell, today those legacy business models came knocking on Boxee’s door in the form of Hulu pulling its content from Boxee at the request of its conventional media incumbent content partners. Though the very diplomatic (but still genuine, which is a hard line to walk) blog post from Hulu CEO Jason Kilar doesn’t say why, I agree entirely with TechCrunch’s assessment that the content partners weren’t so keen to see Boxee getting all this great press for doing an end-around the legacy value chain these guys are fighting tooth and nail to prop up. Boxee was a stand-out at CES in early January and I don’t think it’s any coincidence that Boxee first heard from Hulu on this matter just 2 weeks after the NY Times ran a very high-profile and positive article on how Boxee was so awesome for delivering major media content to the tv in the way consumers want (which also happens to be exactly what the major media companies have been fighting against). When you think about it, this timeline pretty much matches what it would take for the content companies to read the NY Times article, bitch about it to each other, decide to go to Hulu, get push-back from Hulu, and then steam-roll them.

Steve Raymond has a great post on why this is such a short-sighted move by the content providers, with which I totally agree. So, I won’t rehash it here. But, I will say that this issue is only the tip of the iceberg threatening Boxee. Though they have effectively found an un-endorsed end-around to the legacy living room value chain, this shows how dependent they still are on the goodwill (or at least ignorance) of the incumbents. They have poked the bear and it is now awake. The networks obviously don’t want to lose the high CPMs and concentrated audiences they get from broadcast tv, which can arguably be replaced by online ads at some point in the future. But, what can’t be replaced is the increasingly valuable fixed revenue stream from the carriage fees paid by cable and satellite operators (NBC and Fox, the primary content providers to Hulu, both own ~10 widely carried cable networks). A product like Boxee is a direct threat to cable and satellite operators because it eliminates their positions as programming gatekeepers and turns them into dumb data-delivery pipes. So, I wouldn’t be surprised if this move was driven more by the cable and satellite companies than the content providers.

In my original comment, I predicted if Boxee succeeded in pioneering this space they were likely to end up like TiVo. Now I think they’ll be lucky to get that far.

Reblog this post [with Zemanta]