On a tear against bad privacy practices online, he urges companies to change the way they operate—and sounds alarms if they don’t.
Christopher Soghoian sniffs out security holes and privacy shortcomings on the Web. Then he urges companies that are responsible—Google, AT&T, and Dropbox have been among them—to halt practices that put consumers’ personal information at risk. If they don’t, he’ll write about the flaws publicly and try to get regulators to crack down. “I see myself as a combination horse whisperer and Paul Revere–type character,” he says.
Soghoian’s credentials as a computer scientist are substantial—he helped develop the Do Not Track mechanism that lets people prevent websites from following their online activity—but most of his work relies on techniques that suggest Woodward and Bernstein more than a basement hacker: he seeks information by filing Freedom of Information Act requests or cajoling corporate lawyers and congressional aides over late-night beers in Washington, D.C.
Insinuating himself into the world of Washington as a privacy gadfly didn’t come easily to Soghoian, 30, an earnest geek with a beard and a ponytail. “I didn’t own a suit until 2009,” he says. Wearing one to face executives and lawyers is “not pleasant,” he adds. But he has learned that his impact as a security researcher is much greater if he steps into power corridors and directly addresses the people there.
That lesson began in 2006. Soghoian, then a grad student at Indiana University, wrote a blog post about how easily someone could gin up a legitimate-appearing boarding pass to get past airport security checkpoints. To prove the point, he put a widget on his blog that made it possible for people to create their own. That inflamed the Homeland Security apparatus, and the FBI seized his computers for a month. When the furor subsided, a few rational officials in Washington pointed out that Soghoian was actually helping the Transportation Security Administration by identifying a flaw in its defenses. The episode taught him that if he framed his message in the right way, he could get people to listen.
In 2009, while working as a student fellow at Harvard’s Berkman Center for Internet and Society, Soghoian led an effort to get Google to turn on SSL encryption in Gmail by default. SSL, the technique used to secure banking and e-commerce websites, essentially ensures that people using Gmail in a public Wi-Fi café aren’t vulnerable to having their accounts plundered by criminals. After Soghoian and 36 cosigners wrote an open letter to then-CEO Eric Schmidt, Google eventually said it would indeed turn on SSL by default. This doesn’t make Gmail totally private: law enforcement can still subpoena Google for an unencrypted look at the contents. But it does ensure that political dissidents’ e-mail is out of the reach of repressive governments with which Google doesn’t coöperate. Because of that, “if I’m 5 percent responsible for Google turning on SSL, it’s the most important thing I’ve done in my life,” Soghoian says. Today he’s lobbying for SSL to become the default setting on other online services, notably Facebook. (Facebook spokesman Frederic Wolens says the company is working on it; in the meantime, SSL is available to Facebook users who activate it themselves.)
In 2009, Soghoian stepped a bit too far into the establishment for his comfort: he became a staff technologist for the U.S. Federal Trade Commission. In October of that year, he went to a telecom-industry event and recorded a Sprint Nextel executive explaining how often the company fed data about subscribers to law enforcement. To him, this is a crucial subject—his recently completed PhD dissertation is all about the ways that police get around outdated wiretapping laws by having telecommunications and Web companies do surveillance for them. He argues that these companies, without sufficient public recognition, have effectively replaced judges as arbiters of whether the authorities are acting appropriately. But that’s not entirely in the FTC’s purview—and in any case, Soghoian had made the secret recording after using his FTC badge to get into the closed event. He ultimately lost his job.
Now he’s probably found a more natural outlet for his work: in September he will become a principal technologist and senior policy analyst for the American Civil Liberties Union, where he plans to keep raising alarms about how easily law enforcement, spies, and criminals can delve into our ever-growing storehouses of personal data. “My goal,” he says, “is to move to a world where everybody has access to secure communication.”
Making online music a paying business, without forcing people to pony up for one song at a time.
In 1999 Daniel Ek was a 16-year-old Swedish programmer, getting rich building websites, when he started asking what he himself now says was a dumb question: How do you get people to pay for music that can, if illegally, be downloaded free—and without charging them for each song, the way Apple’s iTunes service does now?
Ek’s eventual solution: Spotify, a jukebox in the cloud that provides legal, on-demand access to millions of songs. Supported by paying subscribers, as well as by radio-style ads played only to nonsubscribers, the service debuted in the United States last year after operating for three years in Europe; it now has more than 15 million users, four million of whom pay. With an estimated value of $4 billion, Spotify is one of the hottest Internet companies in the world.
Spotify isn’t the only service to let listeners stream music on demand. But it distinguishes itself from Internet radio services like Pandora and Slacker through the vastness of its music libraries and its deep integration into social media. Spotify lets users seamlessly share playlists and swap music on social networks like Facebook and Twitter. And Spotify makes it easy for others to build apps that work with its platform in order to give users yet more ways to discover and share music. “The trick was to think through the social aspect of the service from the very beginning,” says Ek. “We didn’t want it to be an afterthought.”
Spotify’s users can access some 16 million songs—about 15 times more than Pandora makes available. The service offers all those terabytes of music without revealing any of the licensing complexities involved in the process. Ironing out the needed deals with record companies while refining the service ate up two years of Ek’s time before he launched in Europe in 2008. And it took a team of software engineers—the company now has 250 of them—to make the service easy to use in spite of all the programming code that works in the background to prevent music from being illegally copied and distributed. “The best thing about Spotify is that it works at all,” says Ek. “If you’re in Spain and you want to share your music with someone in the U.K., you don’t want to see how we take care of paying licensing fees in both places.”
Now Ek is trying to find ways to make it as easy to find and play music as it is to find and play videos on YouTube. This year the company introduced a radio service for computers and mobile devices, launched its first iPad app, and made it possible to embed a Spotify play button into any website. The Huffington Post, the blogging site Tumblr, and Rolling Stone’s website are among the many that now offer music that way.
For a man capable of turning his teenage vision into a mushrooming empire, Ek claims a surprisingly simple strategy for continued growth. “I just keeping asking dumb questions,” he says.
Turning a Web video phenomenon into a profitable business by making ads optional.
In 2008, when Shishir Mehrotra joined YouTube to take charge of advertising, the booming video-sharing service was getting hundreds of millions of views a day. YouTube, which had been acquired by Google in 2006, was also spending as much as $700 million on Internet bandwidth, content licensing, and other costs. With revenue of only $200 million, YouTube was widely viewed as Google’s folly.
Mehrotra, an MIT math and computer science alum who had never worked in advertising, thought he had a solution: skippable ads that advertisers would pay for only when people watched them. That would be a radical change from the conventional media model of paying for ad “impressions” regardless of whether the ads are actually viewed, and even from Google’s own pay-per-click model. He reckoned his plan would provide an incentive to create better advertising and increase the value for advertisers of those ads people chose to watch. But the risk was huge: people might not watch the ads at all.
Mehrotra’s gamble paid off. YouTube will gross $3.6 billion this year, estimates Citi analyst Mark Mahaney. The $2.4 billion that YouTube will keep after sharing ad revenue with video content partners is nearly six times the revenue the streaming video service Hulu raked in last year from ads and subscriptions. And that suggests Mehrotra has helped Google solve a problem many fast-growing Web companies continue to struggle with: how to make money off the huge audience that uses its service free.
In 2008, Mehrotra was working for Microsoft and hankered to have his own startup, but he agreed to talk to a Google executive he knew about working there instead. He decided against it—but that evening he kept thinking about how the exec was frustrated that most ad dollars go to TV, even though nobody watches TV ads. Yet at his Super Bowl party two weeks earlier, Mehrotra recalled, guests kept asking him to replay the ads. Was there a way, he wondered, to make TV ads as captivating as Super Bowl ads, every day?
The answer came to him in a flash. The next day, he had changed his mind about working at Google. After he tried his idea for skippable ads on a television project, the company asked him to bring the idea to YouTube.
YouTube was searching for alternatives to standard “pre-roll” ads, which performed poorly because viewers didn’t want to sit through a 30-second ad to watch a two-minute video. In 2010, Mehrotra’s alternative came to fruition as YouTube rolled out its TrueView ads. One type lets viewers choose from three ads. Another lets them skip an ad after five seconds; advertisers pay only if their ads are watched in their entirety, or for at least 30 seconds if the ads are longer than that.
Thousands of advertisers piled in. Now some 65 percent of ads inside YouTube videos are skippable. But YouTube has found that only 10 percent of viewers always skip ads, and viewership is 40 percent higher on videos running TrueView than on those with non-skippable ads. As a result, Mehrotra says, video viewed on YouTube brings in more ad revenue per hour than cable TV.
Thanks to Mehrotra’s ad model—and to Google’s crackdown on piracy of television shows and films—YouTube now attracts top-line content producers such as the nonprofit academic-tutorial producer Khan Academy, Paramount, and the NBA. Revenues paid to YouTube’s 30,000-plus video-making partners have doubled in each of the past four years. Thousands of partners get six-figure annual revenues from the ads, and a few take in tens of millions of dollars.
The result is a virtuous cycle. “The more money we bring in, the better content they produce, the more there is for viewers to watch, and so on,” Mehrotra says.
Now Mehrotra’s goal is to try to grab a big chunk of the $60 billion U.S. television business. But to do that, and fend off TV-content-oriented online rivals such as Hulu, YouTube has to become a bit more like conventional TV. To that end, it organized itself last year into TV-like channels, investing $100 million in cable-quality launches from Ashton Kutcher, Madonna, the Wall Street Journal, and dozens of others. More and more TV advertisers are being won over, says David Cohen, chief media officer at the media buying agency Universal McCann. “They’re getting marketers to think about YouTube as a viable outlet,” he says.
Mehrotra, who last year became YouTube’s vice president of product, envisions millions of online channels disrupting TV, just as cable’s 400 channels disrupted the four broadcast networks. “We want to be the host of that next generation of channels,” he says.
A smartly designed social network for sharing images and interests.
Pinterest became a household name seemingly overnight in the spring of 2012. Founder Ben Silbermann had seen what other tech companies were overlooking: existing social networks, while letting users share information in just about any form, did not offer an emotionally warm and visually rewarding experience tied to individual passions. Guided by this conviction and his interest in collecting things, Silbermann directed his engineers—he’s no programmer—to create a site that did.
Users of Pinterest create and curate virtual boards of photos clipped from websites and other users’ boards, gathering up shots of lusted-after products and other stimulating images. When you log in, you’re presented with a grid of new content that past activity suggests you might want to “pin” to your own boards. Silbermann describes it as a more interactive and social version of the lifestyle section of a newsstand: a place to find visually interesting, emotionally resonant content related to stuff you love—and often want to buy.
That vision initially gained momentum not at the elite colleges and California coffee shops that often function as the Web’s proving ground for new ideas but by word of mouth in Silbermann’s home state of Iowa. Perhaps as a result, Pinterest is big with the mainstream audience that other Web companies struggle to attract after they’ve conquered Silicon Valley. It’s used by 34 million people worldwide each month, mostly in the United States. Google’s DoubleClick advertising unit estimates that 79 percent of them are female.
Silbermann refined the idea for two mostly unpromising years after he talked a few friends into starting the company, running it from his own apartment until he received his first significant backing from investors in the summer of 2011. Though he initially had no users to offer feedback, he sweated countless details, having his lone designer, cofounder Evan Sharp, create 50 fully functional versions of the site’s basic layout that varied spacing and image sizes by just fractions of an inch. Silbermann personally wrote to the first few thousand users to gather their impressions.
Now with over 60 employees and a spacious office in San Francisco, Pinterest has received a total of $138 million in venture capital funding; in the last cash injection, the company was valued at $1.5 billion. Silbermann says he’s focused on improving the product rather than figuring out how to make money on it. But retail brands are discovering that they can use Pinterest to boost sales by encouraging people to share images of their products on what are essentially eye-catching shopping wish lists. And that would seem to leave the company well positioned to start charging brands for the privilege. There’s a lot of value in, as Silbermann puts it, “helping people to discover things that they didn’t know they wanted.”