Uber pays off hackers

I couldn't figure out how to start out this story without saying holy shit but then I realized this is my newsletter and I can swear if I want to, so holy shit, Uber paid off hackers in secret! 

Bloomberg today reported that Uber paid off hackers who stole data on 50 million Uber riders and 7 million US drivers in secret to get them to delete it and cover it up. Uber yesterday fired a number of people, including its Chief Security Officer, who covered it up and kept it from both investors and its new CEO until recently.

If you're a rider, that data is just your name and phone number, but for drivers that includes license numbers as well which is a serious issue for identity fraud.

The most surprising part of the report is that Travis Kalanick asked employees to pay the hackers $100,000 in return for deleting the data, which is exactly what went down. The company supposedly fixed the security flaws and massively increased its protection around data, but the damage is done, right?

Here's how the attack went down:

Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money,

Yikes, not an insignificant breach. These types of attacks are all too common, but the difference here is that Uber didn't come clean about it on its own until it got a new CEO who discovered the issue. Having hackers inside your infrastructure, however, is no small thing, and leaves one wondering if you can ever be sure they were entirely locked out.

Dara Khosrowshahi voluntarily came clean about the coverup, which vouches for how he plans to turn around the company's image and malicious practices. As he said in a press release about the incident

As Uber’s CEO, it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of. For that to happen, we have to be honest and transparent as we work to repair our past mistakes

It appears there are a ton of Travis-shaped skeletons in Uber's closet. Is this the worst of them, or can we expect more? At the scale of a company like this it's unsurprising, but what's flabbergasting is some of the lengths at which Travis went in the past to get out of PR trouble.

Why this matters: Usually, companies disclose attacks so users can appropriately react and check their security hasn't been compromised elsewhere. Uber covering this up sets a dangerous precedent, and they're likely to end up in court over it.

A week with the Pixel XL 2
Pixel Xl

It finally arrived! I've got a Pixel 2 XL after much waiting and I've been trying it for a week nowI'm planning a broader review, but I wanted to share a quick overview of the phone and some insight into how it is after a) being on iOS for five years and b) all the hand wringing about the supposedly poor screen.

This phone is awesome: not only did Google do a fantastic job nailing the build quality, it's built a device that feels easier to use (and faster) than an iPhone. Google's ecosystem feels really coherent on the Pixel 2 XL and just gets out of the way — if you happen to use a number of their services. I've always used Gmail, Google Photos and a bunch of other stuff, so jumping across has been a breath of fresh air because those apps are able to deeply integrate with one another. 

The core reason for this, I think, is that the company has doubled down on its Material Design interface style and it's really matured now across not only Google's apps but the entire Play Store as well. Seriously, app quality is not an issue anymore -- in fact, I'm finding I prefer many Android apps because they're filled with fun micro-interactions that make the device feel more alive.

Perhaps the most impressive feature of Pixel XL 2 (and, of course, the smaller Pixel 2) is the camera. I've seen so many photos out of the iPhone X and the iPhone 8 and they just don't even compare to what the Pixel XL 2 is able to put out — I'm continually perplexed by how good these photos are. 

Seriously, Google hit a homerun with the camera: it works reliably under almost every condition I can throw at it, has great color depth and an insane amount of detailing over the competition. While I'm busy with my review I have a running album of shots from the device you can look at how it's working during everyday usage.

One of the best Pixel features is the ambient display, which shows the time and notification icons at all times so you can just look at it to see what's new. It doesn't drain any battery and is a surprisingly nice way to avoid the "just browsing Instagram" trap I'd always fall into when I checked my phone.

On the topic of the screen: it's a non-issue for me. I've read all of the issues and believe that they're overblown as I've found it thus far to be lovely to look at — blacks are incredibly deep, it's able to produce consistent color and the small amount of "screen tint" when you turn it away is... yeah, not a problem. 

I only have a single device to judge on (as did many of the bloggers who wrote about the issue in the first place), but I suspect the reaction thus far has been more dogpiling than actual quantifiable numbers. Many of the issues, such as slight ghosting at extreme low brightnesses and color tint when not looking at the display head-on are also found on the iPhone X — turns out that all OLED displays tend to exhibit this behavior due to the way they're constructed.

Those reported issues spooked me, and I originally cancelled my order, but I am so glad to have it now: Pixel 2 XL is a breath of fresh air after using iOS just because it's just... not as locked down. I can set an email app, jump to the Snapchat camera from the lock screen if I want to and 1Password can integrate across the entire OS. Basically, the flexibility is awesome after being in a walled garden where Apple's junk 'Mail' app insisted it needed to open all the time.

That integration is key, and part of why it's so interesting that Google has the ecosystem story in-line: I can use Assistant on my phone in almost every way I can on Google Home (I won't get over saying Hey Google, turn off the lights), Google Photos syncs to every device I have and my emails pick up where I left them off regardless of if I'm using a Mac, PC or tablet.

I'll share a link here when the review is ready, but it's safe to say I don't plan to be back on iOS anytime soon. Google's done a great job at refining the details on Android where it fell apart before, particularly on ensuring no lag, design consistency and camera quality. 

Too long, didn't read:


  • Fantastic camera that consistently performs
  • Material Design is A++
  • Google's services integration is far beyond that of iCloud
  • Ambient display for quick glances

No like

  • I couldn't charge the phone for a while because USB-C
  • No iMessage, but hey, I'm using Messenger Lite now

Tab Dump™

This insane profile of the burgeoning trivia app, HQ
People are going bonkers for this HQ Trivia app with hundreds of thousands of viewers tuning in for a virtual game show every day where they might be able to win some money. It sounds ridiculous, but hey, people are into it. Taylor Lorenz tried to interview the app's host, Scott, but it got really weird when the founders found out it was happening.

Here's the FCC plan to kill net neutrality
Well shit. Please call your senator.

Tesla burns a million dollars an hour
I wrote about this the other day, but according to Bloomberg if the company doesn't ramp up significantly it'll need another cash injection before it runs out next August.