The United Kingdom’s Competition and Markets Authority (CMA) has officially launched a probe into Amazon’s $4 billion partnership with the AI firm Anthropic, as it continues to monitor how the largest tech companies might seize control of AI to further entrench their dominant market positions.
Through the partnership, “Amazon will become Anthropic’s primary cloud provider for certain workloads, including agreements for purchasing computing capacity and non-exclusive commitments to make Anthropic models available on Amazon Bedrock,” the CMA said.
Amazon and Anthropic deny there’s anything wrong with the deal. But because the CMA has seen “some” foundational model (FM) developers “form partnerships with major cloud providers” to “secure access to compute” needed to develop models, the CMA is worried that “incumbent firms” like Amazon “could use control over access to compute to shape FM-related markets in their own interests.”
Due to this potential risk, the CMA said it is “considering” whether Amazon’s partnership with Anthropic “has resulted in the creation of a relevant merger situation under the merger provisions of the Enterprise Act 2002 and, if so, whether the creation of that situation has resulted, or may be expected to result, in a substantial lessening of competition within any market or markets” in the UK.
It’s not clear yet if Amazon’s partnership with Anthropic is problematic, but the CMA confirmed that after a comment period last April, it now has “sufficient information” to kick off this first phase of its merger investigation.
By October 4, this first phase will conclude, after which the CMA may find that the partnership does not qualify as a merger situation, the UK regulator said. Or it may determine that it is a merger situation “but does not raise competition concerns,” clearing Amazon to proceed with the deal.
However, if a merger situation exists, and “it may result in a substantial lessening of competition” in a UK market, the CMA may refer the investigation to the next phase, allowing a panel of independent experts to dig deeper to illuminate potential risks and concerns. If Amazon wants to avoid that deeper probe potentially ordering steep fines, the tech giant would then have the option to offer fixes to “resolve the CMA’s concerns,” the CMA said.
An Amazon spokesperson told Reuters that its “collaboration with Anthropic does not raise any competition concerns or meet the CMA’s own threshold for review.”
“Amazon holds no board seat nor decision-making power at Anthropic, and Anthropic is free to work with any other provider (and indeed has multiple partners),” Amazon’s spokesperson said, defending the deal.
Anthropic’s spokesperson agreed that nothing was amiss, telling Reuters that “our strategic partnerships and investor relationships do not diminish our corporate governance independence or our freedom to partner with others. We intend to cooperate with the CMA and provide them with a comprehensive understanding of Amazon’s investment and our commercial collaboration.”
Amazon failed to adequately alert more than 300,000 customers to serious risks—including death and electrocution—that US Consumer Product Safety Commission (CPSC) testing found with more than 400,000 products that third parties sold on its platform.
The CPSC unanimously voted to hold Amazon legally responsible for third-party sellers’ defective products. Now, Amazon must make a CPSC-approved plan to properly recall the dangerous products—including highly flammable children’s pajamas, faulty carbon monoxide detectors, and unsafe hair dryers that could cause electrocution—which the CPSC fears may still be widely used in homes across America.
While Amazon scrambles to devise a plan, the CPSC summarized the ongoing risks to consumers:
If the [products] remain in consumers’ possession, children will continue to wear sleepwear garments that could ignite and result in injury or death; consumers will unwittingly rely on defective [carbon monoxide] detectors that will never alert them to the presence of deadly carbon monoxide in their homes; and consumers will use the hair dryers they purchased, which lack immersion protection, in the bathroom near water, leaving them vulnerable to electrocution.
Instead of recalling the products, which were sold between 2018 and 2021, Amazon sent messages to customers that the CPSC said “downplayed the severity” of hazards.
In these messages—”despite conclusive testing that the products were hazardous” by the CPSC—Amazon only warned customers that the products “may fail” to meet federal safety standards and only “potentially” posed risks of “burn injuries to children,” “electric shock,” or “exposure to potentially dangerous levels of carbon monoxide.”
Typically, a distributor would be required to specifically use the word “recall” in the subject line of these kinds of messages, but Amazon dodged using that language entirely. Instead, Amazon opted to use much less alarming subject lines that said, “Attention: Important safety notice about your past Amazon order” or “Important safety notice about your past Amazon order.”
Amazon then left it up to customers to destroy products and explicitly discouraged them from making returns. The e-commerce giant also gave every affected customer a gift card without requiring proof of destruction or adequately providing public notice or informing customers of actual hazards, as can be required by law to ensure public safety.
Further, Amazon’s messages did not include photos of the defective products, as required by law, and provided no way for customers to respond. The commission found that Amazon “made no effort” to track how many items were destroyed or even do the minimum of monitoring the “number of messages that were opened.”
Amazon still thinks these messages were appropriate remedies, though. An Amazon spokesperson told Ars that Amazon plans to appeal the ruling.
“We are disappointed by the CPSC’s decision,” Amazon’s spokesperson said. “We plan to appeal the decision and look forward to presenting our case in court. When we were initially notified by the CPSC three years ago about potential safety issues with a small number of third-party products at the center of this lawsuit, we swiftly notified customers, instructed them to stop using the products, and refunded them.”
Amazon’s “sidestepped” safety obligations
The CPSC has additional concerns about Amazon’s “insufficient” remedies. It is particularly concerned that anyone who received the products as a gift or bought them on the secondary market likely was not informed of serious known hazards. The CPSC found that Amazon resold faulty hair dryers and carbon monoxide detectors, proving that secondary markets for these products exist.
“Amazon has made no direct attempt to reach consumers who obtained the hazardous products as gifts, hand-me-downs, donations, or on the secondary market,” the CPSC said.
For years, Amazon unsuccessfully tried to argue that it was not required to issue a recall because it was allegedly not legally considered to be a distributor under the Consumer Product Safety Act (CPSA). The commission was not persuaded, however, by Amazon’s argument that it was merely a “logistics provider” for third-party sellers, which would’ve given Amazon safe harbor from product liability under the consumer safety law. Rather than simply providing logistics, however, the CPSC concluded that “Amazon controls the entire sale process.”
“The substantial record before us establishes Amazon’s extensive control over these products, beginning with receipt of a Fulfilled by Amazon participant’s products at an Amazon distribution center, and storage of this inventory until it is purchased by and shipped to a consumer,” the Comission said, concluding that “Amazon cannot sidestep its obligations under the CPSA simply because some portion of its extensive services involves logistics.”
After the CPSC’s testing, Amazon stopped allowing these products to be listed on its platform, but that and other remedies were deemed insufficient. So, over the next two months, to protect the public, Amazon must now make a plan to “provide notice of the product hazards to purchasers and the public” and “incentivize the removal of these hazardous products from consumers’ homes,” the CPSC ordered.
The Amazon business unit that focuses on Alexa-powered gadgets lost $25 billion between 2017 and 2021, The Wall Street Journal (WSJ) reported this week.
Amazon claims it has sold more than 500,000 Alexa devices, which included Echo speakers, Kindle readers, Fire TV sets and streaming devices, and Blink and Ring smart home security cameras. But since debuting, Alexa, like other voice assistants, has struggled to make money. In late 2022, Business Insider reported that Alexa was set to lose $10 billion that year.
WSJ said it got the $25 billion figure from “internal documents” and that it wasn’t able to determine the Devices business’s losses before or after the shared time period.
“No profit timeline”
WSJ’s report claims to offer insight into how Devices was able to bleed so much money for so long.
For one, it seems like the business unit was allowed some wiggle room in terms of financial success in the interest of innovation and the potential for long-term gains. Someone the WSJ described as being “a former longtime Devices executive” said that when Alexa first started, Amazon’s gadgets team “didn’t have a profit timeline” when launching products.
Amazon is known to have sold Echo speakers for cheap or at a loss in the hopes of making money off Alexa later. In 2019, then-Amazon Devices SVP Dave Limp, who exited the company last year, told WSJ: “We don’t have to make money when we sell you the device.” WSJ noted that this strategy has applied to other unspecified Amazon devices, too.
People tend to use Alexa for free services, though, like checking the weather or the time, not making big purchases.
“We worried we’ve hired 10,000 people and we’ve built a smart timer,” an anonymous person that WSJ said is a “former senior employee” said.
An Amazon spokesperson told WSJ that more than half of people with an Echo have shopped with it but wouldn’t provide more specifics. Per “former employees on the Alexa shopping team” that WSJ spoke with, however, the amount of shopping revenue tied to Alexa is insignificant.
In an emailed statement, an Amazon spokesperson told Ars Technica, in part:
Within Devices & Services, we’re focused on the value we create when customers use our services, not just when they buy our devices. Our Devices & Services organization has established numerous profitable businesses for Amazon and is well-positioned to continue doing so going forward.
Further hindering Alexa’s revenue are challenges in selling security and other services and the limitation of ad sales because they annoy Alexa users, WSJ reported.
Massive losses also didn’t seem to slow down product development. WSJ claimed the Devices business lost over $5 billion in 2018 yet still spent money developing the Astro consumer robot. That robot has yet to see general availability, while a business version is getting bricked just 10 months after release. Amazon Halo health trackers, which have also been bricked, and Luna game-streaming devices were also developed in 2019, when the hardware unit lost over $6 billion, per WSJ.
Amazon has laid off at least 19,000 workers since 2022, with the Devices division reportedly hit especially hard.
According to Bloomberg, Google’s offer to the Cloud Infrastructure Services Providers in Europe (CISPE) required that the group maintain its EU antitrust complaint. It came “just days” before CISPE settled with Microsoft, and it was apparently not compelling enough to stop CISPE from inking a deal with the software giant that TechCrunch noted forced CISPE to accept several compromises.
Bloomberg uncovered Google’s attempted counteroffer after reviewing confidential documents and speaking to “people familiar with the matter.” Apparently, Google sought to sway CISPE with a package worth nearly $500 million for more than five years of software licenses and about $15 million in cash.
But CISPE did not take the bait, announcing last week that an agreement was reached with Microsoft, seemingly frustrating Google.
CISPE initially raised its complaint in 2022, alleging that Microsoft was “irreparably damaging the European cloud ecosystem and depriving European customers of choice in their cloud deployments” by spiking costs to run Microsoft’s software on rival cloud services. In February, CISPE said that “any remedies and resolution must apply across the sector and to be accessible to all cloud customers in Europe.” They also promised that “any agreements will be made public.”
But the settlement reached last week excluded major rivals, including Amazon, which is a CISPE member, and Google, which is not. And despite CISPE’s promise, the terms of the deal were not published, apart from a CISPE blog roughly outlining central features that it claimed resolved the group’s concerns over Microsoft’s allegedly anticompetitive behaviors.
What is clear is that CISPE agreed to drop their complaint by taking the deal, but no one knows exactly how much Microsoft paid in a “lump sum” to cover CISPE legal fees for three years, TechCrunch noted. However, “two people with direct knowledge of the matter” told Reuters that Microsoft offered about $22 million.
Google has been trying to catch up with Microsoft and Amazon in the cloud market and has recently begun gaining ground. Last year, Google’s cloud operation broke even for the first time, and the company earned a surprising $900 million in profits in the first quarter of 2024, which bested analysts’ projections by more than $200 million, Bloomberg reported. For Google, the global cloud market has become a key growth area, Bloomberg noted, as potential growth opportunities in search advertising slow. Seemingly increasing regulatory pressure on Microsoft while taking a chunk of its business in the EU was supposed to be one of Google’s next big moves.
A CISPE spokesperson, Ben Maynard, told Ars that its “members were presented with alternative options to accepting the Microsoft deal,” while not disclosing the terms of the other options. “However, the members voted by a significant majority to accept the Microsoft offer, which, in their view, presented the best opportunity for the European cloud sector,” Maynard told Ars.
Neither Microsoft nor Google has commented directly on the reported counteroffer. A Google spokesperson told Bloomberg that Google “has long supported the principles of fair software licensing and that the firm was having discussions about joining CISPE, to fight anticompetitive licensing practices.” A person familiar with the matter told Ars that Google did not necessarily make the counteroffer contingent on dropping the EU complaint, but had long been exploring joining CISPE and would only do so if CISPE upheld its mission to defend fair licensing deals. Microsoft reiterated a past statement from its president, Brad Smith, confirming that Microsoft was “pleased” to resolve CISPE’s antitrust complaint.
For CISPE, the resolution may not have been perfect, but it “will enable European cloud providers to offer Microsoft applications and services on their local cloud infrastructures, meeting the demand for sovereign cloud solutions.” In 2022, CISPE Secretary-General Francisco Mingorance told Ars that although CISPE had been clear that it intended to force Microsoft to make changes allowing all cloud rivals to compete, “a key reason behind filing the complaint was to support” two smaller cloud service providers, Aruba and OVH.
A feces-encrusted swim diaper tanked a family business after Amazon re-sold it as new, Bloomberg reported, triggering a bad review that quickly turned a million-dollar mom-and-pop shop into a $600,000 pile of debt.
Paul and Rachelle Baron, owners of Beau & Belle Littles, told Bloomberg that Amazon is supposed to inspect returned items before reselling them. But the company failed to detect the poop stains before reselling a damaged item that triggered a one-star review in 2020 that the couple says doomed their business after more than 100 buyers flagged it as “helpful.”
“The diaper arrived used and was covered in poop stains,” the review said, urging readers to “see pics.”
Because others marked the review as helpful, Amazon increased its visibility on the product page, just as the Barons “were executing a plan to triple their annual sales to $3 million in 2020.” No matter how many 5-star reviews were left, this one bad review blaming the seller for the issue continued to “haunt” the family business, the Barons said.
“Nothing could have been more disgusting!!” the review continued. “I am assuming someone returned it after using it and the company simply did not check the item and then shipped it to us as if it was brand new.”
Amazon says that it prohibits negative reviews that violate community guidelines, including by focusing on seller, order, or shipping feedback rather than on the item’s quality. Other one-star reviews for the same product that the Barons seemingly accept as valid comment on quality, leaving feedback like the diaper fitting too tightly or leaking. But the bad review focused on the dirty item being resold as new likely should have been removed, Bloomberg reported, since it “suggests the item had already been used.” The review also seemingly violated community guidelines by focusing on “the company” not checking the item before shipping, blaming the seller for Amazon’s return inspection process.
But Amazon ultimately declined to remove the bad review, Paul Baron told Bloomberg. The buyer who left the review, a teacher named Erin Elizabeth Herbert, told Bloomberg that the Barons had reached out directly to explain what happened, but she forgot to update the review and still has not as of this writing.
“I always meant to go back and revise my review to reflect that, and life got busy and I never did,” Herbert told Bloomberg.
Her review remains online, serving as a warning for parents to avoid buying from the family business.
“These were not small stains either,” Herbert’s review said. “I was extremely grossed out. Thank god I saw the stains and didn’t put it on my baby! I will be returning this ASAP, and I sure hope they check it out when they get it back, but I wouldn’t be surprised if they just ship it to some other unsuspecting parent.”
The Barons told Ars they think the buyer hasn’t updated the review because she doesn’t understand how damaging it has been to their business.
Ars could not immediately reach Amazon for comment, but a spokesperson, Maria Boschetti, seemed to suggest to Bloomberg that there was little the Barons could do to correct the issue now.
“We are sorry to hear that a seller feels their return was not evaluated correctly and resulted in a negative review,” Boschetti told Bloomberg. “We encourage selling partners to reach out with any concerns, and we listen to their feedback to help us continue improving the selling experience.”
On Amazon’s site, other sellers have complained about the company’s failure to remove reviews that clearly violate community guidelines. In one case, an Amazon support specialist named Danika acknowledged that the use of profanity in a review, for example, “seems particularly cut and dry as a violation,” promising to escalate the complaint. However, Danika appeared to abandon the thread after that, with the user commenting that the review remained up after the escalation.
The Barons are now selling enough inventory through Beau & Belle Littles to pay down their debt, but they are struggling to make a living after becoming a prominent Amazon success story after launching their business a decade ago. The couple told Bloomberg that a “loan secured by their home” has complicated “the prospect of filing for bankruptcy,” and both have taken on other jobs to make ends meet since the review was posted.
The Barons told Ars they’ve given up on resolving the issue with Amazon after a support specialist appeared demoralized, admitting that “it’s completely” Amazon’s “fault” but there was nothing he could do.
“The last four years have been an emotional train wreck,” Paul Baron told Bloomberg. “Shoppers might think returning a poopy diaper to Amazon is a victimless way to get their money back, but we’re a small, family business, and this is how we pay our mortgage.”
The suit followed 2022 antitrust probes in the European Union and United Kingdom that found that Amazon’s Buy Box hid cheaper items with faster delivery times to preference Fulfilled By Amazon (FBA) sellers since at least 2016.
As a result, Amazon had to change its Buy Box practices and earn back the trust of customers and sellers, the company said in a 2022 blog. Among changes, Amazon agreed to treat all sellers equally when featuring offers in the Buy Box and to promote a second competing offer when a comparable deal is available at either a lower price or with a faster delivery time.
Those steps apparently didn’t satisfy users who sued: Jeffrey Taylor and Robert Selway. They asked courts to find a “reasonable inference of injury” since they were Amazon customers for years while the price rigging occurred. They claimed that “but for Amazon’s deceptive conduct concerning the Buy Box algorithm, Plaintiffs and members of the Class would have purchased the lower priced offers from non-FBA sellers with equivalent or better delivery.”
But this week, a US district judge in Seattle, Marsha Pechman, told users suing that it wasn’t enough to show evidence of Amazon’s proven misconduct. To satisfy a claim under Washington’s Consumer Protection Act (CPA), they needed to provide receipts from transactions showing that Amazon charged them higher prices while cheaper items were available. Instead, their complaint seemingly contradicted their claim, only showing one example of a Buy Box screenshot that Pechman said showed a hand soap that was offered by other sellers for prices significantly higher than Amazon’s featured offer.
“Plaintiffs have not adequately shown that they made any specific transaction with Amazon, let alone one from the Buy Box,” Pechman wrote in her order. And they “do not allege any specific purchases in which they were deceived via the Buy Box, let alone provide receipts.”
This doesn’t necessarily end the fight to hold Amazon accountable, though. The judge granted leave for users to amend their complaint and either provide “information regarding specific orders (i.e., receipts)” or “make allegations regarding discrete transactions with Amazon.”
Now, the Amazon users have 30 days to track down receipts or otherwise show evidence of specific transactions where they were injured, Pechman wrote.
“Without a showing of a specific transaction, Plaintiffs cannot possibly allege that they themselves were overcharged for any particular purchase—which is the injury in dispute,” Pechman wrote.
It will likely be challenging for the Amazon users to establish that they paid higher prices for items purchased on the platform years ago, and Pechman admitted this much in her order.
“The Court recognizes that Plaintiffs may be unable to ultimately prove that they overpaid for specific purchases,” Pechman wrote, but the CPA requires more than a “mere possibility of injury.”
Ars could not immediately reach plaintiffs’ lawyers for comment. Amazon declined to comment.
Amazon is bricking all Astro for Business robots on September 25. It first released the robot about eight months ago as a security device for small and medium-sized businesses (SMBs) for $2,350, but the device will soon be a pricey new addition to Amazon’s failed products list.
Amazon announced Astro in September 2021 as a home robot; that version of the device is still only available as a $1,600, invite-only preview.
In November, Amazon pivoted Astro to SMBs. But as first reported by GeekWire, Amazon on Wednesday sent emails to employees working on Astro for Business and customers telling them that the devices will stop working on September 25. At the time, Amazon’s email to customers said: “Your personal data will be deleted from the device. Any patrol or investigation videos recorded by Astro will still be available in your Ring app until your video storage time expires or your Ring Protect subscription ends.” According to The Verge, the email adds:
While we are proud of what we’ve built, we’ve made the decision to end support for Astro for Business to put our focus on making Astro the best robot for the home.
As of this week, Amazon will no longer charge users for subscriptions associated with Astro for Business, such as Astro Secure, which let the robot patrol businesses via customized routes, or Ring Protect Pro, which let Astro for Business owners store video history and sync the robot with Ring devices.
Amazon said it would refund customers $2,350 and give them a $300 Amazon credit. It also said it would refund unused, prepaid subscription fees.
Amazon has declined to share how many robots it sold, but it’s unfortunate to see such an expensive, complex piece of technology become obsolete after less than a year. Amazon hasn’t shared any ways to make further use of the devices, and spokesperson Courtney Ramirez told The Verge that Astro for Business can’t be used as a home robot instead. Amazon’s email to customers encourages owners to recycle Astro for Business through the Amazon Recycling Program, with Amazon covering associated costs.
Astro slow to take off
Amazon introduced Astro in late 2021, but as of 2024, it’s still not available to the general public. When Amazon released Astro for SMBs, it seemed like it might have found a new niche for the product. A May 2023 report from Business Insider claimed that Amazon opted to release Astro for Business over “an internal plan to release a lower-cost model” in 2022 for consumers.
Astro for Business could autonomously patrol spaces up to 5,000 square feet with an HD periscope and night vision, it could carry small devices, and, of course, was controllable by Amazon Alexa. Since its release, we’ve learned about Alexa’s dire financial straits and seen David Limp, who headed the Astro project as Amazon SVP of devices and services, exit Amazon, while his division has suffered notable layoffs (an Amazon rep told GeekWire that the shuttering of Astro for Business won’t result in layoffs as employees will start working on the home version of the robot instead).
Astro’s future
Per Amazon’s emails, the company is still keen to release the home version of Astro, which may surprise some since there has been no sign of an impending release since Amazon announced Astro years ago.
In May 2023, an Amazon representative told Insider that the firm had eyes on the potential of generative AI for Astro. It’s likely that Amazon is hoping to one day release Astro to consumers with the generative AI version of Alexa (which is expected this year with a subscription fee). In May 2023, Insider cited internal documents that it said discussed adding “intelligence and a conversational spoken interface” to Astro.
But considering that it has taken Amazon more than two and a half years (and counting) and reportedly the work of over 800 people to make Astro generally available, plus the sudden demise of the business version, there are reasons to be hesitant about paying the high price and any subscription fees for a consumer Astro—if it ever comes out. Early adopters could find themselves in similarly disappointing positions as the SMBs that bought into Astro for Business.
Astro’s development comes during a tumultuous time for Amazon’s devices business as it seeks to make Alexa a competitive and, critically, lucrative AI assistant. In June, Reuters reported that Amazon senior management had been telling employees that 2024 is a “must-win” for Alexa. Some analysts expect more reduced investment in Alexa if the paid tier doesn’t take off.
Amazon’s Astro home robot faces an uphill climb toward any potential release or consumer demand. Meanwhile, the version of it that actually made it to market is rolling toward a graveyard filled with other dead Amazon products—like Just Walk Out, Amazon Glow, Fire Phone, Dash buttons, and the Amazon Smart Oven.
Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is “dangerous malware” that’s secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.
Griffin cited research and media reports exposing Temu’s allegedly nefarious design, which “purposely” allows Temu to “gain unrestricted access to a user’s phone operating system, including, but not limited to, a user’s camera, specific location, contacts, text messages, documents, and other applications.”
“Temu is designed to make this expansive access undetected, even by sophisticated users,” Griffin’s complaint said. “Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place.”
Griffin fears that Temu is capable of accessing virtually all data on a person’s phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin’s suit claimed, which Temu then allegedly monetizes by selling it to third parties, “profiting at the direct expense” of users’ privacy rights.
“Compounding” risks is the possibility that Temu’s Chinese owners, PDD Holdings, are legally obligated to share data with the Chinese government, the lawsuit said, due to Chinese “laws that mandate secret cooperation with China’s intelligence apparatus regardless of any data protection guarantees existing in the United States.”
Griffin’s suit cited an extensive forensic investigation into Temu by Grizzly Research—which analyzes publicly traded companies to inform investors—last September. In their report, Grizzly Research alleged that PDD Holdings is a “fraudulent company” and that “Temu is cleverly hidden spyware that poses an urgent security threat to United States national interests.”
As Griffin sees it, Temu baits users with misleading promises of discounted, quality goods, angling to get access to as much user data as possible by adding addictive features that keep users logged in, like spinning a wheel for deals. Meanwhile hundreds of complaints to the Better Business Bureau showed that Temu’s goods are actually low-quality, Griffin alleged, apparently supporting his claim that Temu’s end goal isn’t to be the world’s biggest shopping platform but to steal data.
Investigators agreed, the lawsuit said, concluding “we strongly suspect that Temu is already, or intends to, illegally sell stolen data from Western country customers to sustain a business model that is otherwise doomed for failure.”
Seeking an injunction to stop Temu from allegedly spying on users, Griffin is hoping a jury will find that Temu’s alleged practices violated the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Personal Information Protection Act. If Temu loses, it could be on the hook for $10,000 per violation of the ADTPA and ordered to disgorge profits from data sales and deceptive sales on the app.
Temu “surprised” by lawsuit
The company that owns Temu, PDD Holdings, was founded in 2015 by a former Google employee, Colin Huang. It was originally based in China, but after security concerns were raised, the company relocated its “principal executive offices” to Ireland, Griffin’s complaint said. This, Griffin suggested, was intended to distance the company from debate over national security risks posed by China, but because the majority of its business operations remain in China, risks allegedly remain.
PDD Holdings’ relocation came amid heightened scrutiny of Pinduoduo, the Chinese app on which Temu’s shopping platform is based. Last year, Pinduoduo came under fire for privacy and security risks that got the app suspended from Google Play as suspected malware. Experts said Pinduoduo took security and privacy risks “to the next level,” the lawsuit said. And “around the same time,” Apple’s App Store also flagged Temu’s data privacy terms as misleading, further heightening scrutiny of two of PDD Holdings’ biggest apps, the complaint noted.
Researchers found that Pinduoduo “was programmed to bypass users’ cell phone security in order to monitor activities on other apps, check notifications, read private messages, and change settings,” the lawsuit said. “It also could spy on competitors by tracking activity on other shopping apps and getting information from them,” as well as “run in the background and prevent itself from being uninstalled.” The motivation behind the malicious design was apparently “to boost sales.”
According to Griffin, the same concerns that got Pinduoduo suspended last year remain today for Temu users, but the App Store and Google Play have allegedly failed to take action to prevent unauthorized access to user data. Within a year of Temu’s launch, the “same software engineers and product managers who developed Pinduoduo” allegedly “were transitioned to working on the Temu app.”
Google and Apple did not immediately respond to Ars’ request for comment.
A Temu spokesperson provided a statement to Ars, discrediting Grizzly Research’s investigation and confirming that the company was “surprised and disappointed by the Arkansas Attorney General’s Office for filing the lawsuit without any independent fact-finding.”
“The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded,” Temu’s spokesperson said. “We categorically deny the allegations and will vigorously defend ourselves.”
While Temu plans to defend against claims, the company also seems to potentially be open to making changes based on criticism lobbed in Griffin’s complaint.
“We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us,” Temu’s spokesperson said. “We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time.”
After acquiring VMware, Broadcom swiftly enacted widespread changes that resulted in strong public backlash. A new survey of 300 director-level IT workers at companies that are customers of North American VMware provides insight into the customer reaction to Broadcom’s overhaul.
The survey released Thursday doesn’t provide feedback from every VMware customer, but it’s the first time we’ve seen responses from IT decision-makers working for companies paying for VMware products. It echos concerns expressed at the announcement of some of Broadcom’s more controversial changes to VMware, like the end of perpetual licenses and growing costs.
CloudBolt Software commissioned Wakefield Research, a market research agency, to run the study from May 9 through May 23. The “CloudBolt Industry Insights Reality Report: VMware Acquisition Aftermath” includes responses from workers at 150 companies with fewer than 1,000 workers and 150 companies with more than 1,000 workers. Survey respondents were invited via email and took the survey online, with the report authors writing that results are subject to sampling variation of ±5.7 percentage points at a 95 percent confidence level.
Notably, Amazon Web Services (AWS) commissioned the report in partnership with CloudBolt. AWS’s partnership with VMware hit a road bump last month when Broadcom stopped allowing AWS to resell the VMware Cloud on AWS offering—a move that AWS said “disappointed it.” Kyle Campos, CloudBolt CTPO, told Ars Technica that the full extent to which AWS was involved in this report was helping underwrite the cost of research. But you can see why AWS would have interest in customer dissatisfaction with VMware.
Widespread worry
Every person surveyed said that they expect VMware prices to rise under Broadcom. In a March “User Group Town Hall,” attendees complained about “price rises of 500 and 600 percent,” according to The Register. We heard in February from ServeTheHome that “smaller” cloud service providers were claiming to see costs grow tenfold. In this week’s survey, 73 percent of respondents said they expect VMware prices to more than double. Twelve percent of respondents expect a price hike of 301 to 500 percent. Only 1 percent anticipate price hikes of 501 to 1,000 percent.
“At this juncture post-acquisition, most larger enterprises seem to have a clear understanding of how their next procurement cycle with Broadcom will be impacted from a pricing and packaging standpoint,” the report noted.
Further, 95 percent of survey respondents said they view Broadcom buying VMware as disruptive to their IT strategy, with 46 percent considering it extremely or very disruptive.
Widespread concerns about cost and IT strategy help explain why 99 percent of the 300 respondents said they are concerned about Broadcom owning VMware, with 46 percent being “very concerned” and 30 percent “extremely concerned.”
Broadcom didn’t respond to Ars’ request for comment.
Not jumping ship yet
Despite widespread anxiety over Broadcom’s VMware, most of the respondents said they will likely stay with VMware either partially (43 percent of respondents) or fully (40 percent). A smaller percentage of respondents said they would move more workloads to the public cloud (38 percent) or a different hypervisor (34 percent) or move entirely to the public cloud (33 percent). This is with 69 percent of respondents having at least one contract expiring with VMware within the next 12 months.
Many companies have already migrated easy-to-move workloads to the public cloud, CloudBolt’s Campos said in a statement. For many firms surveyed, what’s left in the data center “is a mixture of workloads requiring significant modernization or compliance bound to the data center,” including infrastructure components that have been in place for decades. Campos noted that many mission-critical workloads remain in the data center, and moving them is “daunting with unclear ROI.”
“The emotional shock has started to metabolize inside of the Broadcom customer base, but it’s metabolized in the form of strong commitment to mitigating the negative impacts of the Broadcom VMware acquisition,” Campos told Ars Technica.
Resistance to ditching VMware reflects how “embedded” VMware is within customer infrastructures, the CloudBolt exec told Ars, adding:
In many cases, the teams responsible for purchasing, implementing, and operating VMware have never even considered an alternative prior to this acquisition; it’s the only operating reality they know and they are used to buying out of this problem.
Top reasons cited for considering abandoning VMware partially or totally were uncertainty about Broadcom’s plans, concerns about support quality under Broadcom, and changes to relationships with channel partners (each named by 36 percent of respondents).
Following closely was the shift to subscription licensing (34 percent), expected price bumps (33 percent), and personal negative experiences with Broadcom (33 percent). Broadcom’s history with big buys like Symantec and CA Technologies also has 32 percent of people surveyed considering leaving VMware.
Although many firms seem to be weighing their options before potentially leaving VMware, Campos warned that Broadcom could see backlash continue “for months and even years to come,” considering the areas of concern cited in the survey and how all VMware offerings are near-equal candidates for eventual nixing.
Enlarge / A scene from the Prime Video original series Fallout.
Amazon Prime Video subscribers will see new types of advertisements this broadcast year. Amazon announced today that it’s adding new ad formats to its video streaming service, hoping to encourage people to interact with the ads and shop on Amazon.
In January, Prime Video streams included commercials unless subscribers paid $3 extra per month. That has meant that watching stuff on Prime Video ad-free costs $12 per month or, if you’re also a Prime subscriber, $18 per month.
New types of Prime Video ads
Amazon has heightened focus on streaming ads this year. Those who opted for Prime Video with commercials will soon see shoppable carousel ads, interactive pause ads, and interactive brand trivia ads, as Amazon calls them. Amazon said that advertisers could buy these new displays to be shown “across the vast majority of content on Prime Video, wherever it’s streamed.” All the new ad formats allow a viewer to place advertised products in their Amazon cart.
With carousel ads, subscribers will be pushed to shop “a sliding lineup of” products during ad breaks during shows and movies, Amazon said, adding: “The ad automatically pauses so that customers can browse, and automatically resumes play when ad interaction has stopped.”
The pause ads will be visible during Prime Video TV shows, movies, and live sports. These types of ads have been around since Hulu introduced them in 2019. Since they can show up whenever someone hits the pause button, these displays mean that Prime Video users will see ads beyond their scheduled breaks.
In Prime Video’s case, pausing the program will bring up “a translucent ad featuring brand messaging and imagery, along with an ‘Add to Cart’ and ‘Learn More'” overlay, per Amazon. Advertisers can also use pause ads to acquire voluntary viewers’ email addresses (so viewers can “get more information,” per Amazon).
Amazon trivia-themed ads will also appear during shows, movies, and live sports. The ad will try to sell stuff by offering “rewards like Amazon shopping credits.”
Amazon’s ad business is growing
Amazon is already one of the three biggest digital advertising firms (in addition to Alphabet and Meta). But its interest in using its streaming service to sell ad space has grown as ad dollars continue shifting away from linear, traditional TV platforms. The streaming industry has been trying to capitalize on advertisers’ growing interest with new ad types that users can shop from. Amazon research from 2023 claims that interactive ads increase product page views and conversions for products sold on Amazon tenfold.
On the other hand, Amazon has not released research publicly on how much constant ad viewing can impact the user experience or interest in a streaming service.
Still, Amazon claimed today that Prime Video ads reach an average of 200 million people monthly. Amazon hasn’t provided a firm figure on how many Prime Video subscribers it currently has overall, however. In 2021, Amazon said that Prime, which includes Prime Video, had 200 million subscribers.
Amazon has, however, boasted about how well it is selling ads recently. In its Q1 2024 earnings report released on April 30, Amazon said its ad business grew 24 percent year over year. Most of Amazon’s ad dollars come from its retail business, as The Hollywood Reporter noted, but in a statement at the time, Amazon CEO and President Andy Jassy noted that Prime Video was also a contributor.
According to a Hub Media Entertainment survey from January to March 2024, 6,338 US TV viewers between 16 to 74 years old watched at least one hour of TV per week, and 85 percent of Prime Video subscribers in the survey are on Amazon’s ad tier. (Amazon hasn’t confirmed those figures.) The Hub Entertainment Media survey claims that Amazon has a higher ad-based-to-ad-free ratio of subscribers than all other video-streaming services examined, including Netflix, Max, and Hulu. But it’s worth noting that Amazon automatically moved all Prime Video subscribers to its ad tier in January, while others, like Netflix, introduced ad tiers as a new option to sign up for.
A fine line
Like all streamers, Amazon is toeing a fine line between using ads to boost the average revenue it makes per user and aggravating subscribers to the point of cancellation.
Amazon is already facing a lawsuit regarding ads on Prime Video that seeks class-action certification and was filed by people who purchased annual subscriptions.
Enlarge/ The Intelsat 901 satellite is seen by a Northrop Grumman servicing vehicle in 2020.
Facing competition from Starlink and other emerging satellite broadband networks, the two companies that own most of the traditional commercial communications spacecraft in geostationary orbit announced plans to join forces Tuesday.
SES, based in Luxembourg, will buy Intelsat for $3.1 billion. The acquisition will create a combined company boasting a fleet of some 100 multi-ton satellites in geostationary orbit, a ring of spacecraft located more than 22,000 miles (nearly 36,000 kilometers) over the equator. This will be more than twice the size of the fleet of the next-largest commercial geostationary satellite operator.
The problem is that demand is waning for communication services through large geostationary (GEO) satellites. There are some large entrenched customers, like video media companies and the military, that will continue to buy telecom capacity on geostationary satellites. But there’s a growing demand among consumers, and some segments of the corporate and government markets, for the types of services offered by constellations of smaller satellites flying closer to Earth.
The biggest of these constellations, by far, is SpaceX’s Starlink network, with more than 5,800 active satellites in its low-Earth orbit fleet a few hundred miles above Earth. Each of the Starlink satellites is smaller than a conventional geostationary platform, but linked together with laser communication terminals, thousands of these spacecraft pack enough punch to eclipse the capacity of internet networks anchored by geostationary satellites. Starlink now has more than 2.6 million subscribers, according to SpaceX.
Satellites in low-Earth orbit (LEO) offer some advantages over geostationary satellites. Because they are closer to users on the ground, low-Earth orbit satellites provide signals with lower latency. The satellites for these constellations can be mass-produced at relatively low cost, compared to a single geostationary satellite, which often costs $250 million or more to build and launch.
“In a fast-moving and competitive satellite communication industry, this transaction expands our multi-orbit space network, spectrum portfolio, ground infrastructure around the world, go-to-market capabilities, managed service solutions, and financial profile,” said Adel Al-Saleh, CEO of SES, in a statement announcing the acquisition of Intelsat.
A trend of consolidation
Some of the largest legacy operators in geostationary orbit have made moves over the last decade to respond to the new competition.
The only operational low-Earth orbit internet constellation besides Starlink was launched by OneWeb, which primarily sells capacity to existing internet providers, who then distribute services to individual consumers. This is in contrast to SpaceX’s approach with Starlink providing services direct to homes and businesses.
Eutelsat, the third-largest operator of geostationary satellites, merged with OneWeb last year, creating a company with a blended offering of GEO and LEO services. Viasat, a pioneer in satellite internet services using dedicated spacecraft in geostationary orbit, last year purchased Inmarsat, which specialized in providing connectivity to airplanes and ships.
SES’s acquisition of Intelsat stands apart due to the size of their satellite fleets. Founded in 1985, SES currently operates 43 geostationary satellites, plus 26 broadband spacecraft in medium-Earth orbit (MEO) a few thousand miles above Earth. These MEO satellites operate in a kind of middle ground between LEO and GEO satellites, offering lower-latency than geostationary networks, while still flying high enough to not require hundreds or thousands of spacecraft to blanket the globe.
Intelsat has 57 geostationary satellites, primarily for television and video relay services. Al-Saleh said the combined company will offer coverage over 99 percent of the world, and provide services through a range of communication bands. For now, LEO broadband satellites in the Starlink and OneWeb networks beam signals to user terminals in Ku-band.
Al-Saleh said the combined networks of SES and Intelsat will span Ka-band, Ku-band, X-band, C-band, UHF, and secure bands tailored for military use. “That gives us a unique position in the market place to be able to deliver to our clients,” he said.
SES and Intelsat have 13 new satellites on order, including six GEO spacecraft and seven broadband MEO satellites. Intelsat also brings to the table access to OneWeb’s LEO constellation. Earlier this year, Intelsat announced it reserved $250 million of capacity on OneWeb’s network over the next six years, with an option to purchase double that amount.
Enlarge/ This illustration shows the relative locations of satellites in geostationary orbit, medium-Earth orbit, and low-Earth orbit.
“We will create a stronger expanded network capabilities that are multi-orbit,” Al-Saleh said in an earnings call Tuesday. “We are not just a GEO player. We are an all-orbit player.”
Internet signals coming from a GEO satellite, like a Viasat spacecraft, typically have a latency of about 600 milliseconds. Al-Saleh said SES’s O3b network in medium-Earth orbit provides signals with a latency of about 120 milliseconds. According to SpaceX, Starlink latency ranges between 25 and 60 milliseconds.
A satellite pioneer
Intelsat has a storied history. Founded in 1964 as an intergovernmental organization, Intelsat operated the first commercial communications satellite in geostationary orbit. It became a private company in 2001, then went public in 2013 before filing for bankruptcy in 2020. Intelsat emerged from bankruptcy proceedings as a private company in 2022.
“Over the past two years, the Intelsat team has executed a remarkable strategic reset,” said David Wajsgras, CEO of Intelsat, in a statement. “We have reversed a 10-year negative trend to return to growth, established a new and game-changing technology roadmap, and focused on productivity and execution to deliver competitive capabilities.”
SES and Intelsat expect the acquisition to close in the second half of 2025, pending regulatory approvals. The boards of both companies unanimously approved the transaction.
Both companies maintain hundreds of millions of dollars of business with the US government each year, and the military’s appetite for commercial satellite communications is going up. “I think many of the satellite players are seeing the benefit of that, not just us,” Al-Saleh said. “You can look at our competitors. You can look at Starlink. You can look at others. We’re all seeing an uptick in demand.”
Al-Saleh said he doesn’t foresee any roadblocks from the Pentagon or any government regulators before closing the transaction next year.
SES and Intelsat revealed last year there were in talks to combine. According to Al-Saleh, SES looked at multiple opportunities for mergers or acquisitions to make use of a multibillion-dollar windfall from the Federal Communications Commission tied to the auction of C-band satellite spectrum for cellular networks.
“It was clear to us that this particular transaction, if we’re able to successfully close it with the right type of value, is the most compelling proposition we had on the table,” he said.
Enlarge/ Be careful with the buckets you put out there for anybody to fill.
Getty Images
If you’re using Amazon Web Services and your S3 storage bucket can be reached from the open web, you’d do well not to pick a generic name for that space. Avoid “example,” skip “change_me,” don’t even go with “foo” or “bar.” Someone else with the same “change this later” thinking can cost you a MacBook’s worth of cash.
Ask Maciej Pocwierz, who just happened to pick an S3 name that “one of the popular open-source tools” used for its default backup configuration. After setting up the bucket for a client project, he checked his billing page and found nearly 100 million unauthorized attempts to create new files on his bucket (PUT requests) within one day. The bill was over $1,300 and counting.
“All this actually happened just a few days after I ensured my client that the price for AWS services will be negligible, like $20 at most for the entire month,” Pocwierz wrote over chat. “I explained the situation is very unusual but it definitely looked as if I didn’t know what I’m doing.”
Pocwierz declined to name the open source tool that inadvertently bum-rushed his S3 account. In a Medium post about the matter, he noted a different problem with an unlucky default backup. After turning on public writes, he watched as he collected more than 10GB of data in less than 30 seconds. Other people’s data, that is, and they had no idea that Pocwierz was collecting it.
Some of that data came from companies with customers, which is part of why Pocwierz is keeping the specifics under wraps. He wrote to Ars that he contacted some of the companies that either tried or successfully backed up their data to his bucket, and “they completely ignored me.” “So now instead of having this fixed, their data is still at risk,” Pocwierz writes. “My lesson is if I ever run a company, I will definitely have a bug bounty program, and I will treat such warnings seriously.”
As for Pocwierz’s accounts, both S3 and bank, it mostly ended well. An AWS representative reached out on LinkedIn and canceled his bill, he said, and was told that anybody can request refunds for excessive unauthorized requests. “But they didn’t explicitly say that they will necessarily approve it,” he wrote. He noted in his Medium post that AWS “emphasized that this was done as an exception.”
In response to Pocwierz’s story, Jeff Barr, chief evangelist for AWS at Amazon, tweeted that “We agree that customers should not have to pay for unauthorized requests that they did not initiate.” Barr added that Amazon would have more to share on how the company could prevent them “shortly.” AWS has a brief explainer and contact page on unexpected AWS charges.
The open source tool did change its default configuration after Pocwierz contacted them. Pocwierz suggested to AWS that it should restrict anyone else from creating a bucket name like his, but he had yet to hear back about it. He suggests in his blog post that, beyond random bad luck, adding a random suffix to your bucket name and explicitly specifying your AWS region can help avoid massive charges like the one he narrowly dodged.
