Connect with us


Adtech vendors still tracking EU users who deny consent via IAB’s TCF, study suggests



Adtech vendors still tracking EU users who deny consent via IAB’s TCF, study suggests

New research examining what happens after Internet users in Europe land on an ad-supported website and express their “privacy choices” — using a flagship ad industry consent management platform which is supposed to allow them to control the types of ads they receive (i.e. non-tracking vs “personalized”) — has raised fresh questions over the IAB Europe’s self-styled Transparency and Consent Framework (TCF).

The TCF is already in hot water with privacy regulators.

Last month the IAB Europe announced that it’s expecting to be found in breach of the EU’s General Data Protection Regulation (GDPR) — and that the framework will also be found in breach. Although the IAB sought to suggest that a few tweaks will suffice to fix problems identified by the Belgian data protection authority (DPA).

We’re still waiting for publication of the final decision of the Belgian authority. But its preliminary findings — last year — highlighted a litany of GDPR failures.

Despite all that, the IAB has continued to argue the TCF is working as intending for the close to 800 adtech vendors who are thought to participate in the system, loudly rejecting criticism of it. Its CEO, Townsend Feehan, for example, pooh-poohed criticism earlier this month — telling Engadget that “none of this [tracking] happens if the user says no”.

However the new study throws doubt on the claim that if a user says ‘no’ to tracking/behavioral ads via the IAB’s TCF, the adtech industry respectfully falls into line.

A key piece of this research examined how the adtech ecosystem responds to user signals that request only basic, i.e. non-tracking-based ads, to examine how ad vendors respond when users say no to “personalized” ads.

Here the researchers found evidence to suggest that many adtech vendors continue to track and profile Internet users when they have explicitly said they don’t want tracking-based ads.

While a number of earlier studies have found problems with how publishers in the EU have implemented cookie consents, such as tracking cookies being dropped prior to asking a site visitor for their permission, this new research, carried out by adtech researcher, Adalytics, aims to zero in on the TCF framework itself — by examining instances where ad-supported websites have faithfully reported users’ ad choices.

Problematic data flows after that implicate the adtech industry itself — and the claims it makes for the TCF as a flagship compliance tool — because it suggests the framework fails to accurately reflect and actually respect users’ “privacy choices” once they are passed to ad “partners”.

Listing a series of takeaways, Adalytics writes that the findings suggest:

  1. Many major ad tech vendors continue to track and profile EU users, even when an EU user has explicitly objected
  2. The TCF strings that were designed by IAB Europe do not appear to be honored or parsed correctly by many ad tech vendors
  3. Some ad tech vendors may not be able demonstrate they obtained user data with user consent, which may expose them to contractual compliance, investor/shareholder disclosure, and regulatory risks
  4. In many instances, it is impossible for users to support media creators by allowing “basic ads” whilst disallowing tracking and behavioral profiling to protect their own privacy

Although it’s important to note there are limits to what the researchers were able to observe via Chrome Developer Tools — given that any processing being done on adtech companies’ own servers isn’t verifiable by such external research.

Understanding the full picture of what’s done with people’s data once the adtech ecosystem gets its hands on it is difficult. But that also cuts to the heart of surveillance-based advertising’s problem with complying with the GDPR — which also requires, accountability, transparency and security when processing people’s data, as well as a valid legal basis to do so.

Even setting those major overarching problems aside, just the fact of tracking cookies being dropped and user data being passed around when a person has explicitly said it should not be looks, well, awkward for the IAB’s TCF.

To study data activity at the adtech end of the framework, the researchers ran tests in a number of countries in the EU — visiting websites they manually verified had correctly configured the framework to send the user’s consent string, and selecting only basic ads; refusing personalized/tracking-based ads/profiling etc and also limited the choice of adtech processor to a single vendor.

The testers also made sure to object to “legitimate interests” so that their consent preferences could not be bypassed in that way.

If the TCF was functioning as Feehan’s remarks to Engadget earlier this month suggest — i.e. if users can just deny tracking simply by saying ‘no’ via the TCF — the researchers would have expected to observe data flowing only as the individual had specified it should.

Instead, they found — in most cases — data flows that looked very different vs the choices that had been expressed.

The paper also details numerous instances of tracking cookies being set prior to the user’s consent choices even being signalled. (Although they say they excluded such examples from their analysis as they were specifically aiming to study what happens after a user has submitted their choices via the TCF.)

Examples cited in the study of adtech vendors appearing to override/ignore TCF signals denying tracking include a visitor with a Belgian IP address to a popular local news website, — who provides consent to basic ads only, and only consents to ads from Google (so they’re explicitly rejecting “personalized” ads and profiling) — yet who, on checking Chrome Developer Tools for network HTTP requests, observes HTTPS requests sent to, a domain owned by AppNexus (aka Xandr), which responds by dropping a cookie called “uuid2” set for three months.

“Given that [this user] objected to personalised ads and creating a personalised profile, only provided consent to Google, and the fact that these consent choices were directly included in the HTTP request to, it is not clear why the AppNexus server responded by setting a persistent, advertising related cookie in [the user’s] browser,” the researchers observe.

In another example, a user with a French IP address visits the news website and once again — despite not consenting to any cookies or purposes offered in the consent banner — they see HTTPS request being sent to, which responds by setting a cookie called “id5” for three months, and triggering a 302 HTTP redirect to sync data with

“This specific HTTPS request that was sent to contains the previously mentioned TCF string in a query string parameter called “gdpr_consent”,” the researchers report, adding that: “The domain belongs to ID5, a London-based “identity platform for the digital advertising industry”.”

They further note that the ID5 Universal ID is described in a github overview as a “shared, neutral identifier that publishers, advertisers, and ad tech platforms can use to recognise users”.

So, again, if the user is saying they don’t want to be identified and tracked for ads, why is the id5 cookie being dropped at all?

In another example detailed in the study, also involving a French IP address — this time the user visits the newspaper — the user’s consent choices are again apparently tossed in the virtual trash.

In this instance the user had specified they wanted basic ads served by US supply side platform OpenX.

However was observed triggering user ID syncs with “numerous other parties”, including Amazon, Google, DataXu, AppNexus, Beeswax (, Adelphic Predictive Data platform (, AdPilot (, Simplifi Holdings (, and others, per the study.

In another example — involving a French IP user visiting; and consenting to basic ads from Google only — the user sees a “lot of HTTPS requests being made with this TCF consent string, some of which appear to be user data syncing or setting tracking cookies”.

The researchers go on to note that: “A request sent to responses by setting a cookie for 1-year called “cpSess”. This domain is owned by London-based Captify, and the “cpSess” cookie appears to be used to store and link personal information about the user” — before citing another source that suggests this cookie is “used as a tracking mechanism for […] advertising companies” and “helps with the delivery of targeted marketing adverts whilst users browse”.

The study details numerous other examples of unexpected data flows and syncing being observed after the user has asked not to be tracked.

The researchers also detail results of large-scale automated tests, as well as the manual examples cited above — based on crawler data from 48,698 different publisher domains — and here they found evidence of “tens of thousands” of ad requests erroneously claiming the GDPR does not apply to web users who were actually in the EU…

Out of 35,389 publishers found to have an HTTPS request that was sent to an ad tech vendor and contained either the ‘gdpr=0’ query string parameter, or the ‘gdpr=1’ query string parameter, 28,941 (81.8%) contained at least one HTTPS request sent to an ad tech vendor, wherein the query string macro parameter “gdpr=” was set to “0” — meaning they were signalling the GDPR does not apply.

More from Adalytics’ write up:

“According to the IAB TCF documentation and to Google’s documentation, “1 indicates that GDPR applies and 0 indicates that it does not.” Many ad tech vendors were observed processing the German and Finnish user data when “gdpr=0”, despite the crawler not having clicked on the CMP consent banner. In each of these cases, the ad tech vendor could have validated that the user was in fact in the EU by performing a simple IP address geolocation lookup. However, it appears that many take this “gdpr=0” parameter at face value, without performing any additional server-side checks, prior to sending tracking cookies or performing user data syncs.”

To try to verify this finding, Adalytics says it reached out to a programmatic media buyer who was targeting ads to users across the EU, UK, and Switzerland. This buyer had their ads served a total of 111 million times — while the “gdpr_applies” macro was set to “0” 42.3% of the time — “indicating that the ad tech company involved was claiming that the GDPR does not apply to these users”.

Yet on checking where those 47M ads were served, by using an IP address geo-location lookup service, Adalytics reports that the advertiser found the majority were served to users based in Spain, Croatia, Italy, France, and other EU countries, meaning the GDPR does actually apply…  

“If ad tech companies are not checking the integrity of the “gdpr_applies” strings by performing IP address geolocation checks, they may end up misleading their advertiser clients about the relevant regulations that apply to their advertising campaigns,” Adalytics goes on to warn.

The findings further highlight the scale of the problem of ad fraud — and, where the IAB Europe’s TCF framework is concerned, suggest it offers merely a veneer of legal compliance because it isn’t actually capable of doing what’s claimed on the tin.

All-too-often adtech vendors have not properly implemented and deployed it, per the research findings — making the “Transparency and Consent Framework” at best, a sham; or, well, compliance theatre. 

Little wonder this whole system is in regulatory hot water — although the length of time it’s taken EU watchdogs to interrogate the reality underlying the adtech industry’s claims continues to be extremely troubling for anyone who cares about democratic oversight and fundamental rights.

“The conclusion that we make in our study is that the adtech vendors have not taken the time, money and engineering labor hours to properly configure their servers and APIs,” Adalytics’ founder Krzysztof Franaszek told TechCrunch, discussing the research. “In theory, all TCF participants… should have set up their servers and APIs in a way that checks and validates the TCF strings.

“If an API receives some user data, to which the TCF string shows the user has not consented, the vendor should immediately discard and avoid doing anything with that data.”

Franaszek noted that the researchers did observe at least one example of correct behavior — an instance where AppNexus received a TCF string that did not allow personalization, or for a vendor called Index Exchange to get the data, and “properly/rightfully configured their server to respond with an HTTP 400 error code, that says ‘Request failed due to privacy signals’”.

However he pointed out that that’s what “ALL 795 TCF companies should be doing”, and the study shows — on the contrary — many companies are simply not checking the strings.

Also commenting on the findings, Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties — and a long time adtech whistleblower who has filed numerous complaints over real-time-bidding’s (RTB) abuse of personal data — said the study is just the latest illustration that “the TCF was just a bad idea”.

“There is no control. No technical measure to actually control what happens to the data,” Ryan told TechCrunch. “This means the TCF can never fulfil its purported objectives of providing control and transparency.

“The central argument we made to the Belgian APD [DPA] is that the TCF’s inevitable failure, due to the inherent and known insecurity of RTB, means that in addition to being an unnecessary nuisance in the lives of all Europeans, the TCF also infringes the data minimization principle [of GDPR] because it processes TCF string personal data for a purpose that is impossible to achieve.”

Ryan also pointed back to some 2017 IAB correspondence — which came to light back in 2019 via FOI — in which Feehan, who was at the time seeking to lobby the European Commission on ePrivacy rules, implies consent is incompatible with RTB — attaching a paper to her email to EU lawmakers with the observation that “it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding (RTB) scenario”.

And for consent to be valid under GDPR it must be specific, informed, and — indeed — freely given.

There are some limitations to the Adalytics study — such as the manual component being limited to a small number of publishers that “appear to correctly encode user consent input, in order to rule out the possibility that a publisher’s or CMP’s errors were resulting in user profiling occurring without a user’s consent”, as Franaszek puts it.

It is also not clear how many/what proportion of the 795 adtech companies using the TCF system aren’t properly respecting user choices. The instance cited above where a user denial of consent was correctly responded to shows it can happen. How often it does is a whole other matter, though.

In any case, those vendors observed by the researchers apparently not respecting users’ denial of tracking included “several multi-billion dollar multinationals like Rubicon, Pubmatic, Amazon, Google and Trade Desk”, per Franaszek.

“I think if you look at the stock market capitalization of the vendors that we examined, it’s far greater than 50% of the total digital advertising industry,” he added.

A more general caveat is that, given the adtech industry’s highly opaque character, it’s always difficult to understand how data is or isn’t being processed — and the researchers acknowledge that a lot of “nuance” is required to interpret the data in a section of the paper discussing limitations.  

The study has also not gone through formal peer review so has not been subject to the rigorous academic process required if it had been published in a peer reviewed journal.

But, well, the findings sure don’t look good for adtech.

Per public documentation on a github repository for v1.0 of the IAB’s TCF framework, the ad industry body suggested that their — at that time — incoming “technical industry solution” would allow website operators to:

  1. Control the vendors they wish to allow to access their users’ browsers (for setting and reading cookies) and process their personal data and disclose these choices to other parties in the online advertising ecosystem
  2. Seek user consent under the ePrivacy Directive (for setting cookies or similar technical applications that access information on a device) and/or the GDPR in line with applicable legal requirements and signal the consent status through the online advertising ecosystem

The question that naturally follows from those stated capabilities is well, what then? What happens after users’ ‘privacy choices’ are signalled to the data-gobbling adtech ecosystem? How does the TCF actually ensure ad vendors respect people’s choices?

Adalytics’ research is just the latest study to suggest that industry standard pop-up “privacy choices” are a mirage; a suggestive illusion of choice wrapped in a pantomime of consent in a bid to square the impossible circle for surveillance ads: GDPR compliance.

Because it seems the only way to be sure the “choice” that you ask the TCF to pass on to adtech vendors will get respected is if you ask for the tracking to continue…

The IAB has been contacted for comment on Adalytics’ research, and also with questions regarding whether it takes any steps to verify that participating ad vendors are complying with TCF strings expressing user choices.

We have also asked the IAB how it expects to adapt the framework — and its own activities — in order to come into compliance with GDPR, in light of the Belgian finding of a breach.

We’ll update this report with any response.

Source: Tech

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


This Week in Apps: Commission battles, Twitter NFTs and Epic’s appeal begins



Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. App Annie says global spending across iOS, Google Play and third-party Android app stores in China grew 19% in 2021 to reach $170 billion. Downloads of apps also grew by 5%, reaching 230 billion in 2021, and mobile ad spend grew 23% year-over-year to reach $295 billion.

In addition, consumers are spending more time in apps than ever before — even topping the time they spend watching TV, in some cases. The average American watches 3.1 hours of TV per day, for example, but in 2021, they spent 4.1 hours on their mobile device. And they’re not even the world’s heaviest mobile users. In markets like Brazil, Indonesia and South Korea, users surpassed five hours per day in mobile apps in 2021.

Apps aren’t just a way to pass idle hours, either. They can grow to become huge businesses. In 2021, 233 apps and games generated over $100 million in consumer spend, and 13 topped $1 billion in revenue, App Annie noted. This was up 20% from 2020, when 193 apps and games topped $100 million in annual consumer spend, and just eight apps topped $1 billion.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and suggestions about new apps and games to try, too.

Do you want This Week in Apps in your inbox every Saturday? Sign up here:

Top Stories

Epic Games kicks off its appeal

Both Epic Games and Apple appealed the original ruling of the lawsuit where Epic had sought to prove Apple was behaving in an anti-competitive manner by not allowing alternative payments or other means of distributing apps outside the App Store. Although Apple largely won that case, as the judge ruled it was not a monopolist, it was instructed to stop preventing app developers from adding links to third-party purchasing mechanisms — a decision it didn’t agree with, prompting its appeal. Apple was also given permission to hold off on the App Store changes until the appeal’s ruling, in another blow to Epic. Meanwhile, Epic appealed the case since it wanted another shot at making its arguments before the court.

This week, Epic Games filed its opening brief appealing the District Court’s decision in the Epic v. Apple case. In it, the company attempts to lay out why it thinks the District Court erred in its original decision, noting again how Apple reduces innovation, prevents alternative app stores from competing with its own, extracts “supracompetitive” commissions while making minimal investments in the App Store, and more. It also wants the appeals court to reconsider the market definitions for deciding the case. The lower court determined the case was about the “digital mobile game transactions” market, but Epic’s brief points out that Apple’s restrictions apply to both game and non-game developers alike. And it argues the court based its market definition on a misreading of Amex, by treating two separate transactions — consumers’ app downloads on the App Store and the in-app purchase itself — as a single transaction.

Epic’s Opening Brief by TechCrunch on Scribd

OK, we’ll just call it a “platform fee” then  

When the Netherlands’ regulator ordered Apple to allow dating apps on the App Store to be able to process third-party payments, it looked like it might be a small win for a more open ecosystem that would allow alternatives to Apple’s own payment systems and its commissions. But anyone celebrating this did so too soon. Apple has now clarified that while it will adhere to the letter of the law, by offering entitlements to the dating apps looking to process payments on their own, it won’t adhere to the spirit. Not only will the developers have to publish a separate binary for their app they want it distributed to the Netherlands App Store, they’ll still have to pay Apple a commission on those third-party payments. And yet developers won’t be able to take advantage of any platform advantages, like getting Apple to assist with refunds, payment history, subscription management or other issues related to the purchases — as those will now take place outside its App Store. So what’s the platform fee for? I guess access to users?

Wrote Apple on its developer documentation page: “Consistent with the ACM’s order, dating apps that are granted an entitlement to link out or use a third-party in-app payment provider will pay Apple a commission on transactions.” But Apple didn’t say how much that commission will be. Likely, Apple will take the course that Google did in South Korea, where it dropped the commission rate for external payments by a mere 4%.

Twitter gets into NFTs

Image Credits: Twitter

It’s official, Twitter has embraced NFTs. Users on Twitter’s iOS app who also subscribe to Twitter Blue will be the first to take advantage of a new feature that lets them authenticate with their crypto wallet to use an NFT as their profile pic on the service. The new NFT hexagon-shaped pics will help to differentiate the crypto-enthusiasts from the rest of Twitter.

To use the feature as a Twitter Blue subscriber, you’ll go to your profile to change your profile photo as you would normally. Here, you’ll be presented with the new option to choose an NFT instead. You then connect with your crypto wallet.

At launch, Coinbase Wallet, Rainbow, MetaMask, Ledger Live, Argent and Trust Wallet are supported. After authenticating, you’ll select the NFT you want to showcase. Twitter says that, currently, JPEG and PNG NFTs minted on the Ethereum (ERC-721 or ERC-1155 tokens) can be used as NFT Profile Pictures. In a later update, Twitter said it was looking into adding support for SVGs, but can’t render them right now.

It’s worth noting the Twitter Blue subscription service is not yet globally available, which will limit the adoption of NFT Profile Pictures to the early markets where the offering is now live — the U.S., Canada, Australia and New Zealand.

Not everyone is happy with the update, which is receiving mixed reactions. Some people are trolling the hexa-profiles, others are blocking people and some artists claim the feature has encouraged more people to steal their art and mint it as an NFT (which to be fair, could have happened before).

Weekly News

Platforms: Apple

  • Apple developers can now create custom codes for subscriptions in App Store Connect, each with a unique name you choose (like SPRINGPROMO, for example). The codes can be redeemed through a direct URL or with the app.
  • Apple released iOS 15.3 RC to developers and beta testers on Thursday, which includes a fix for a Safari bug that could have led to the leaking of users’ browsing history and Google ID. It has also now stopped signing iOS 15.2, preventing further downgrades. And it’s begun pushing iOS 14 users to upgrade to iOS 15.
  • Apple announced it’s expanding its App Store Foundation program to 29 countries in Europe. Already available in select European markets including Germany, France, Italy, Spain and Sweden, the program offers developers support on app development, marketing and monetization with help from Apple employees.
  • Apple says it’s updating the App Store submission experience starting January 25, 2022. The new App Store Connect experience will allow developers to submit multiple items, submit without needing a new app version, view past submissions and more.

Platforms: Google

Image Credits: Google

  • Google Play Games for PC enters beta testing. The downloadable app, which brings Android games to Windows PC users, is launching to beta testers in Hong Kong, South Korea and Taiwan. Among the more than 25 titles available at launch are “Mobile Legends: Bang Bang,” “Summoners War,” “State of Survival: The Joker Collaboration” and “Three Kingdoms Tactic.”

E-commerce/Food delivery

  • TikTok kids are boosting toy retailer Learning Express’ sales. The company’s online sales increased 25% in 2021, compared with massive 233% growth in 2020, amid the pandemic. Interestingly, the retailer hasn’t spent money on TikTok marketing and advertising, noting that kids are starting to find them on their own. Over the past years, the TikTok toy trends have turned toys into viral hits like Pop Its, Squishmallow, fidget spinners and more, thanks to kids sharing videos on the social app. The retailer, where individual stores are franchises, is also benefitting from some of its owners’ own TikTok presence — like the Birmingham location, which has 2.3 million followers and its most popular video received 62 million views.
  • Consumers may be swapping food delivery apps for grocery delivery, Apptopia research shows. Food delivery apps in Q2 2021 saw total sessions fall 10% from March, and the rest of the year showed no real gains. Meanwhile, in December, grocery delivery apps posted a 20% increase in downloads from the month prior. And DoorDash and Uber Eats adapted, the former by adding grocery and convenience stores to its app, and the latter by removing the word “restaurant” from its app’s title.

Image Credits: Apptopia


  • British digital banking app Revolut expanded into U.S. stock trading. The company already let British users buy and sell shares, but is now licensed as a U.S. broker-dealer. Users will be able to trade 1,100 securities, including shares on the New York Stock Exchange and Nasdaq, as well as gain access to 200 ETFs.
  • Investing app Acorns scrapped its $2.2 billion merger agreement with SPAC Pioneer Merger Corp. The deal, announced last May, would have allowed Acorns to list on the Nasdaq, and the merger was valued at $1.5 billion pre-money. Acorns will pay $17.5 million in termination fees through December 15. The company said that “given market conditions,” it was pivoting to a private capital raise at a higher pre-money valuation instead.


  • TikTok fired its marketing chief, Nick Tran, a former Hulu exec, after kicking off a series of marketing stunts without approval. These included the TikTok Kitchen service, which would use ghost kitchens to promote popular TikTok creators’ recipes in partnership with Virtual Dining Concepts; as well as new business lines involving NFTs and TikTok Resumes.
  • Instagram and TikTok have begun testing support for paid creator subscriptions. Instagram officially announced its alpha test of subscriptions, offering creators eight price points between 99 cents and $99.99 which they can charge users. Subscribers gain access to exclusive live videos and stories, and receive a special badge elevating them in the comments section and the DM inbox. Meanwhile, TikTok also confirmed it has begun testing subscriptions, but wouldn’t share details.

Image Credits: Instagram

  • Instagram also launched an expanded version of “remix,” which now allows anyone to remix any public video on the platform going forward, unless the creators opt out.
  • Snapchat is trying to make it harder for kids to buy drugs on the app after an NBC News investigation found the app was linked to the sale of fentanyl-laced pills that led to the deaths of teenagers and young adults in over a dozen states. The app now prevents 13 to 17-year-old users from showing up in Quick Add search results, unless they have friends in common with the person searching — a feature aimed at preventing users from adding people they don’t know to deter drug transactions.
  • Facebook and Instagram are working on NFT features that will allow users to display their NFTs on their social profiles. Instagram head Adam Mosseri had previously said the company was looking into NFT support. This week, a report from The FT added Meta is considering its own NFT marketplace, but noted the efforts were in early stages. This is not entirely new information, as Mosseri had said the company was considering a marketplace. It has also invited NFT artists to offer feedback through panel discussions, which was discussed in the press last year when some artists were upset about being asked to advise the social giant on the matter without compensation. But the report indicates the investment may extend to Facebook as well.


  • WhatsApp is rolling out in-app chat support as an alternative to email. The feature had previously been available in beta testing, but has begun showing up for non-beta users.
  • Meta’s Workplace service for businesses will integrate with WhatsApp later this year. The service, which now has more than 7 million users, will integrate with the messaging app so Workplace customers can share announcements with front-line employees, including deskless workers.
  • Messenger Kids introduced new “internet safety” activities to teach young children how to use Messenger and be safe online. In each episode of “Pledge Planets,” kids learn to make healthy decisions, stay safe online, learn to use blocking and reporting tools, and build resilience.

Image Credits: Meta

Streaming & Entertainment

  • Spotify is still the top streaming music service but its market share has slipped a bit, according to new research from MIDiA, as the streaming market has grown. In Q2 2021, 523.9 million people subscribed to a music streaming service globally, up 26.4% from the same time last year. Spotify’s market share, meanwhile, dropped from 34% in 2019 to 31% today, followed by Apple, then Amazon Music. YouTube Music grew by more than 50% year-over-year, making it the only Western streamer to have increased market share.
  • YouTube’s app is testing “smart downloads,” a feature that automatically downloads videos when an Android device is connected to Wi-Fi, in order to be ready when there’s either weak coverage or no signal at a later point. The feature is already supported in YouTube Music.


Image Credits: Netflix

  • Netflix expanded its growing gaming lineup this week with the launch of two more games: Arcanium: Rise of Akhan, an open-world single-player card strategy game developed by Rogue Games; and puzzle game Krispee Street developed by Frosty Pop. The additions bring Netflix’s gaming catalog to 12 titles, including Bowling Ballers, Shooting Hoops, Teeter Up, Asphalt Xtreme, Stranger Things 1984, Stranger Things 3, Card Blast, Dominos Cafe, Wonderputt Forever and Knittens.
  • During its less-than-stellar earnings, Netflix’s COO Greg Peters also said the company is open to licensing “large game IP” that people would recognize as it expands its gaming business. “I think you will [see] some of that happen over the year to come,” Peters noted.
  • In addition to the major news of Microsoft’s Activision Blizzard deal, the company also announced this week that its Xbox Game Pass service has grown to 25 million subscribers, up from 18 million in January 2021.
  • Wordle!, an iOS game that existed before the rise of the popular web-based game by the same name, has benefitted from the latter’s popularity leading to a surge in downloads. The developer, Steven Cravotta, hadn’t been updating the game, which first launched in 2017 but never really took off, until it jumped to 200,000 downloads per week from those likely looking for the other Wordle game. So Cravotta reached out to Wordle’s developer (Josh Wardle) to note he was donating the proceeds to charity, which has totaled $2,000+ so far.
  • U.S. consumer spending in mobile action games jumped up 68.9% in 2021, driven by almost entirely Genshin Impact, reported Sensor Tower. Spending for the year reached $966.8 million, making Action the fastest-rising gaming genre and Open World Adventure the largest Action subgenre. MiHoYo’s Genshin Impact earned $406.3 million in the U.S. in 2021, followed by Marvel Contest of Champions by Kabam and Dragon Ball Legends from Bandai Namco.
  • Mobile gamers who use TikTok play for longer, play more genres and spend more money, according to a new report from NewZoo. TikTok gamers are 66% more likely to pay for games, and are 40% more likely to pay for add-ons. They’re also more likely to watch gaming content, often on TikTok. The group also tends to use social platforms to find new games (45% versus 32% for those who don’t use TikTok). They play on average 7.1 genres versus 4.2 genres for non-TikTok users, and are more likely to notice ad types.


  • Read-it-later app Instapaper on iOS introduced new features, including public folders, which allow users to share their saved reading lists with others via web or mobile. The app also added custom app icons in a variety of neutral tones for its premium users, and a “read now” feature for web users that lets you click the Instapaper logo immediately after saving an article to read it immediately. The company said it can’t offer the feature on iOS due to technical limitations.

Health & Fitness

  • MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, was found to have technical flaws allowing encryption to be sidestepped, according to The Citizen Lab’s research. The flaw means users’ voice audio and file transfers could be accessed and health forms containing passport details, demographic info, and medical and travel history, are also vulnerable.

Government & Policy

  • Another bill in the works, this time in Illinois, wants to force Apple and Google to allow alternative payments in apps distributed in their app stores. Senators in the state have filed the “Freedom to Subscribe Directly Act” which is being supported by Illinois-based Apple critic Basecamp, which faced a number of issues getting its subscription email app HEY into the App Store. The Senators support the bill because they see it as a way for the state to tap into lost tax revenues that are redirected to California today.

Funding and M&A

Indonesia-based startup BukuKas, which has now rebranded as Lummo, raised $80 million in Series C funding led by Tiger Global and Sequoia Capital India. The company offers two apps, an e-commerce enabler solutions LummoShop (previously Tokko) and bookkeeping app BukuKas. The company has 300 employees and focuses on the SMB market.

African mobile games publisher Carry1st raised $20 million in Series A funding led by Andreessen Horowitz (a16z). The round marks a16z’s first investment in an African-headquartered company. The three-year-old startup has signed publishing deals for seven games from six studios, including Tilting Point, publisher of Nickelodeon’s SpongeBob: Krusty Cook-Off, which Carry1st launched in Africa. Other partners include CrazyLabs and Sweden’s Raketspel.

Indian startup INDmoney raised $75 million in Series D funding for its super finance app that aims to be a one-stop shop for investments and expenses. Tiger Global, Steadview Capital and Dragoneer co-led the round, valuing the startup at $600 million.

InFlow, a science-backed app to address ADHD symptoms using Cognitive Behavioral Therapy (CBT) raised $2.3 million in seed funding led by Hoxton Ventures. The app offers users short exercises and challenges aimed at helping them create healthy habits, and is being downloaded 15,000 times per month, the company said.

Istanbul-based Spyke Games, a mobile games startup, raised $55 million in a seed round from Griffin Gaming Partners, a VC focused on gaming startups. Spyke aims to combine casual gaming with multiplayer functionality and other social elements. Its first title, Royal Riches, is launching globally this month after a more limited release.

Istanbul-based Dream Games, the casual gaming developer behind top-grossing game Royal Match, raised $255 million in Series C funding led by Index Ventures. The round values the startup at $2.75 billion, up from $1 billion six months ago.

Appcues, a startup developing technology for better user onboarding across platforms, including mobile, raised $32.1 million in Series B funding. The company offers analytics and no-code tools to fix onboarding issues. acquired HyperCharts, a data visualization platform that shows financial and biz metrics for publicly traded companies. Deal terms were not disclosed.

Big Health, the maker of cognitive-behavioral therapy apps Sleepio and Daylight, raised $75 million in Series C funding led by SoftBank Vision Fund 2 to launch six new digital mental health therapeutics by 2024. To date, the company has more than 10 million users and has raised just under $130 million from investors.

Global spam call blocking platform Truecaller acquired Israeli company CallHero, which had developed a digital assistant, SmartAgent, which helps its users verify and identify calls. Following the close of the $4.5 million deal (cash + stock), Truecaller will integrate CallHero’s technology into its own platform.

Western & Southern Financial Group acquired Fabric Technologies Inc. and its subsidiary, Fabric Insurance Agency LLC, a digital life insurance platform and mobile app that has over 60,000 families as customers, and has placed billions in life insurance coverage.


Source: Tech

Continue Reading


Data wants to disrupt your deal flow (again)



Welcome to Startups Weekly, a fresh human-first take on this week’s startup news and trends. To get this in your inbox, subscribe here.

AngelList’s recently closed early-stage venture fund brings back one of my favorite conversations within the world of early-stage startup fundraising: to data, or not to data. The $25 million fund bases all of its investments off of one key metric that AngelList has been tracking for years: a startup’s ability to hire.

When I spoke to Abraham Othman, head of the investment committee and of data science at AngelList Venture, he told me they win deals because they are less adversarial to portfolio companies than other firms. “Our approach? This is our data set, let’s see if we can put money into them,” he said. No further due diligence? No problem.

Of course, there are some challenges with leaning on such signals to make investments. As history often reminds us, due diligence matters from a human perspective — and vetting a founder beyond their ability to attract talent can save firms from headaches or legal woes. Additionally, a startup could get a ton of applicants due to pay, location or even recent coverage in a Well Known Tech Blog — which can bode well for success, but could also just be a result of great marketing. In AngelList’s case, they believe that hiring demand’s fluidity adds to its importance.

As you can probably tell, I think the future of data-driven investments will bring a double-edged sword into our Zoom rooms (or lack thereof, perhaps). Traditional investment that prioritizes pedigree and culture, or the “art” of a founder, has left out an entire class of historically overlooked individuals. But that same process, in which you spend five hours in conversation with an aspiring entrepreneur, brings a layer of humanity to decision-makers before they get millions to execute on a vision.

I don’t want to get into the due diligence conversation yet again, and investors leaning on data to dictate their investment decisions is anything but a new strategy. This is the song of late-stage investors, of private equity analysts and your brilliant aunt who loves a good earnings report. Early-stage startups and investors, from ClearCo to SignalFire, have spent years building up advice atop algorithms atop assumed returns.

However, in a bull market for even the most bullish among us, the premise of an unbiased, data-based check feels somewhat more hopeful than before. Money certainly doesn’t solve all woes — the top reason startups fail today is still due to failure to raise new capital. Add in the gender fundraising gap and a more automated decision-making process suddenly doesn’t sound unromantic, it sounds inevitable.

For my full take on this topic, check out my TechCrunch+ column: Is algorithmic VC investment compatible with due diligence?

In the rest of this newsletter, we’ll talk about a new graduate-friendly fund, lawyer tech and Plaid’s growing patchwork of startups. As always, you can follow my thoughts on Twitter @nmasc_ or listen to me on Equity, a podcast about the business of startups, where we unpack the numbers and nuance behind the headlines.

$1 million lasts a million times longer than before

Led by Flybridge founding partner Jeff Bussgang, Harvard Business School professors put together a $7 million fund to invest in recently graduated students from the university. This is the third installment of the Graduate Syndicate, which officially closed this week per SEC filings.

Here’s what to know: The syndicate started a few years ago when business school professors realized that young talent within their classes was looking for activation capital. To limit conflict of interest, such as favoritism or power imbalance, Bussgang said that the syndicate only invests in founders after they graduate from school. So far, the syndicate has invested in 60 companies, with 41% of them being led or co-led by a female founder.

Bussgang on what changed in pre-seed:

A pre-seed round, which is typically around a million dollars, is happening in a moment in time where you can make a ton of progress with just a million dollars, given the no-code, low code platforms, the cloud and reduction in costs for starting things up. The biggest trend I’ve seen is that these companies can just do so much with so little [and] because of these no code platforms…business founders can be builders, they don’t have to be software developers and that’s a great tailwind for the HBS community.

Advice and other bits:

Image Credits: tomertu (opens in a new window) / Shutterstock (opens in a new window) (Image has been modified)

And the startup of the week is…

Lawtrades. When it comes to our newly distributed world of work, flexibility is a key but elusive term. Lucky for Raad Ahmed and Ashish Walia, the co-founders of Lawtrades, defining the term has been a conversation that’s been in the works since 2016. Lawtrades wants to change how enterprise companies utilize legal resources,and give lawyers a chance at more flexible, remote work.

Here’s what to know: The startup raised a $6 million Series A round, led by Four Cities Capital, with participation from Draper Associates and 500 Startups. More than $11 million was earned on the platform to date by the lawyer network and over 60,000 hours of work was logged on the platform in 2021, a 200% boost from 2020, our own Christine Hall reports.

Ahmed on the moonshot:

As a company, you’re basically meeting internet strangers and hiring them for hundreds of thousands of dollars and trusting that they’re going to do a good job. So there’s a solid amount of betting that happens on the supply side. We let about 5% to 6% of [lawyers into the platform] – but the actual hard part is how does this day look operationally? Other platforms…there isn’t a lot of work transparency, so that’s what we’re trying to work on.

We have this simple tool, a time tracking app, once you get hired for an engagement, you’re basically logging in every hour of work. We basically make this transparent to clients so they see what’s the equivalent of a Facebook newsfeed but it’s a work feed. So it updates on who’s working on what or how long, what project and you can react to that, comment on it and we’re coming up with more and more clever ways for us to sort of capture the data with minimal work from like our network of lawyers.

It actually allows you to gain even more transparency and even more detail into someone’s productivity than you would if you were side by side right.

Honorable mentions:

Image Credits: Mawardi Bahar / EyeEm (opens in a new window) / Getty Images

Plaid went in on Cognito

Fintech giant Plaid acquired verification platform Cognito for around $250 million, TC’s Alex Wilhelm reported this week. Plaid has been actively growing from the fabric that helps fintechs communicate, to a patchwork of services built atop those key connections.

Here’s what to know: The deal comes months after Plaid’s own acquisition, which would have seen it be owned by Visa, fell apart and landed it a lofty new valuation. As we spoke about on the latest Equity, Plaid has matured to host a growing startup accelerator, acquire companies and clearly expand its strategic ambitions.

Cuffing season:

Image Credits: Manuta / Getty Images

Around TechCrunch

Across the week

Seen on TechCrunch

The first big tech antitrust bill lumbers toward reality

A hard rain is coming for UK’s crypto boom

How many unicorns are just piñatas filled with expired candy?

Open source developers, who work for free, are discovering they have power CEO admits hundreds of customer accounts were hacked

Peloton CEO acknowledges corrective actions, denies ‘halting all production’ of bikes and treadmills

Seen on TechCrunch+

Will quantum computing remain the domain of the specialist VC?

Dear Sophie: How do I successfully expand my company to the US?

How to build a product advisory council for your startup

5 areas where VCs can play an outsized role in addressing climate change

Until next time,


Source: Tech

Continue Reading


Get in, nerds, we’re going to the metaverse



Welcome to The TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here

Hello friends, I hope you are well and warm and healthy and happy and good. If not, some of those things. If you are none, well there’s a reason we invented ice cream.

In good news I have a few tasty nuggets for you this fine Saturday. We’re talking the metaverse, a venture capital story that I’ve watched from its genesis, and a funding round for a very cool startup that I accidentally blanked this week, so we’re talking about it here. Ready? Let’s have some fun.

The most fun that I had this week was a visit to Decentraland. In short, I was in edit and trying to distract myself so that I wouldn’t bother the editing team while they worked, so I fired up the social-crypto environment – metaverse, in other words – and went for a tour. Rocking a mohawk and some pretty cool pants I managed to get lost, visit an NFT gallery, and fail to gain access to an arena.

Look, the metaverse as it exists today looks a lot like Runescape. That’s not that big a diss, given the sheer historical footprint that the online RPG has built for itself. But what I don’t really need is a less featured MMORPG that includes, oddly, a more financial angle than I tend to like in my games.

I am neutral at the moment, and open to the metaverse becoming sufficiently cool that I log in daily. But today it seems that some Web 2.0 properties that include community creation and social interaction are superior to what we’ve yet seen from the crypto team.

Amplify’s newest general partner

Roughly 1,000 years ago, a startup named Mattermark hired me to build an independent news room for their company. It was a great learning experience, frankly, and had the added edge of introducing me to some lifetime friends. Kevin Liu now of TechStars, for example.

Sarah Catanzaro was another standout from the Mattermark team. Her work on the company’s data team was later translated into work in venture, first at Canvas Ventures, and later Amplify Partners. Amplify, for reference, last announced a fund in late 2020 worth $275 million. Given that timeframe, I expect the group to announce a new capital vehicle in short order.

At Amplify, Catanzaro went from principal, to partner, to, most recently, general partner. Her journey from the lowest ranks of the VC world to its top-tier has been enjoyable to watch. And, she told TechCrunch during a call the other week, she’s the first woman to reach her level at Amplify. I highlight that to remind myself that promotions in the yet-cottage industry of venture capital are unlike startup level gains in their pace.

Regardless, Catanzaro told us something that I wanted to write down here, so that we can circle back to it later on. We discussed her firm’s investment approach, check size targets, and how often they enter companies at seed versus Series A maturity levels. Per the newly minted GP, Series A rounds have gotten much bigger without a commensurate decrease in risk. This is something that I have had as a hunch for some time, but hadn’t heard someone say out loud before.

This means that Series A risk, from a venture perspective, is going up as more capital is put to work at the startup stage. The math could work out in the end, provided that enough mega-exits are made in the coming years. But with the market in free-fall, and Concern now getting more column inches than Unbridled Enthusiasm, well, I wonder a bit.

The pride of Rhode Island

Living as I do in the Ocean State, I am slightly afield from the best-known technology hubs in the United States. But that doesn’t mean that fascinating tech companies are being built here in my small state. TechCrunch has spilt ink, to pick an example, on Pangea, a startup founded in Providence that is building a freelance labor marketplace for college kids.

Another startup in Lil Rhody is The Wanderlust Group, which has built Dockwa, a software platform for marinas and boaters. In short, the world of managing boat slip reservations was stuck floating in the world of pen and paper, and Wanderlust decided to to modernize it through software.

We last touched on the company in 2020 when it raised $14.2 million. At that time, CEO Mike Melillo told TechCrunch that his company had merely been on the hunt for $7 million, a figure that it doubled.

So I was not surprised to hear from the company recently that it has raised again. This time Wanderlust has raised a $30 million Series C at a $150 million pre-money valuation. The funding event was led by Thursday Ventures.

Happily for you and I, Wanderlust was willing to share ARR growth for 2021, which came in at 71%. More fun, after moving to a four-day workweek, the company saw its ARR expand 100% from June 2020 to June 2021; there’s a real datapoint for one of the more interesting labor experiments I am tracking in startup-land.

But most interesting from the company is that it’s building a fund. Not another corporate venture capital fund, but something else. Called Wanderfund, the company is funding the vehicle with $300,000 this year for what it describes as “environmental causes at the national and local level.” It’s starting, in part, with putting money in its local Boys & Girls Club to help kids get out of the house and into nature.

The company is building a Dockwa-like product for camping, so the “go outside” theme is pretty core to what the aptly named Wanderlust Group is building.

Miscellania and Various

  • The Acorns SPAC deal is off, which caught our eye. It’s not a huge shock given how poor some SPACs have performed post-combination, but we had honestly been looking forward to Acorns as a public company.
  • Acorns S-1, please.
  • And the Robinhood experiment with making the financial market more open to regular folks through IPO access and corporate democracy has good sides, and sharper edges worth keeping in mind.

Ok that’s enough for now. Chat you all next week!


Source: Tech

Continue Reading