Tech? Still Bad!
Tech? Still Bad!
Predatory Lending Apps, Corp Dot Com, and Pizza Robots
Taladega Nights
We spend a lot of time and energy combating predatory lending here in America, but it’s always good to remember that things are much worse in poor and developing countries. Typically, they do not have strong consumer protections, and their legal systems can do very little when shitty Western companies come charging in to take advantage of their citizens.
Kenya, meet Silicon Valley. Specifically, meet Shivani Siroya, the founder of a company called Tala:
…she describes her mission as using the power of big data to help the 2.5 billion people around the world who lack credit scores. Someone not listening closely to her pitch might think she’s running a charity.
Yes, let’s not listen to her pitch and instead look at what her company actually does. It’s a venture-funded “microlender” which essentially means it gives small amounts of money to people via digital wallets, typically in poor countries. This story concerns Kenya, which is awash in lending apps:
The market is largely unregulated, and there are no caps on interest rates. Tala’s are typically 180% annualized; on some apps, they’re even higher.
Cool! Definitely no chance this could go wrong:
There are now more than 50 loan apps targeting Kenyans, and a study published last year by MicroSave Consulting found that two-thirds of the loans issued by nonbank lenders are delinquent.
Ah, yes. If you want to read the stories of human misery her company has inflicted on Kenyans - there are many! - please do, the story is very well-written. However I’m going to talk about the people behind this misery. Let’s start with Siroya, our bright young founder:
Around 2009, inspired by [Muhammad] Yunus, Siroya started talking about a microfinance venture of her own. Her idea was to crowdfund larger, more flexible investments in small businesses, with repayments tied to profits.
This already exists, it’s called factoring, and it sucks. What else you got?
In her spare time she met with a revolving group of friends at coffee shops or over Skype to talk microfinance.
Hmm, seems good. Tell me more:
Siroya thought InVenture could address problems that were emerging with the microfinance model.
[…]
After raising $70,000 and making a few test investments in Ghana, Siroya realized it would be too labor-intensive to hunt down donors if she wanted to achieve global scale. She incorporated InVenture in 2011 as a for-profit company, with a new idea in mind: Poor people could report their income and expenses by text message, and her company would turn that into a score it would license to banks.
I am not sure how Siroya felt she was qualified to do this, but okay. Banks apparently agreed with me, and the project didn’t go anywhere. However! Good fortune smiled upon her, in the form of Chris Sacca:
He loved Siroya’s idea. His only concern was whether she was too altruistic to get rich. “Once I determined she wasn’t allergic to money, it was a no-brainer,” he later toldForbes. He joined her board and led a $1.2 million fundraising round whose investors included Google. A co-founder of Dogster, a social network for dogs, was appointed chief operating officer.
I…what? Dogster?? Anyhow. All good founder story arcs start with VCs asking whether they are ruthless enough to make money from things they claim are supposed to help people. Siroya used all this investor money to start lending directly to people in Kenya.
InVenture [Tala’s original name] started testing its app, initially called Mkopo Rahisi (“Easy Loan” in Swahili), in 2014. For its first loans it manually deposited about $20 into the M-Pesa accounts of almost anyone who applied, then waited to see who repaid. Users took to it right away.
Uh, yes? Of course people took the money? Then things started to heat up:
At first the company charged a 5% fee for a 21-day loan. Then, former employees say, its analysts decided it needed to raise the rate to make money. They tripled it to 15% and extended the term to one month—a rate equivalent to 180% annualized, 10 times what Americans usually pay on their credit cards.
Classic analysts! Always saying “if we charged ruinous interest rates we’d make more money”. They did have at least one not-bad idea:
The former employees say the app was designed to avoid trapping people in debt. Borrowers who didn’t pay on time were charged a one-time late fee instead of more interest and were barred from taking out another loan until they’d settled up.
But they also had some appallingly bad business practices:
The application process required users to permit data such as text messages, location data, contacts, and call logs to be downloaded so the app could generate a credit score. In her TED Talk, Siroya said it could even take into account whether someone spoke often to their friends or if their location data showed they went to work regularly. The user agreement specified that the company retained ownership of the data, whether or not the loan was approved.
If you haven’t read Weapons of Math Destruction - you should! it’s good - I will tell you that every time companies attempt to do things like this it is bad. Algorithms, especially those written by young Silicon Valley developers to screen customers in Kenya, have tons of built-in bias. The default rate on Tala’s loans is a pretty accurate rebuttal to this hand-wavey bullshit. Guess who loves this kind of hand-wavey bullshit?
That data was a big part of InVenture’s appeal in Silicon Valley. According to the Forbes account, Sacca, the venture capitalist, told Siroya at a 2015 meeting that she’d figured out an even better way of gathering data on users than Uber co-founder Travis Kalanick. “This is freaking big,” Sacca said.
Investors! Yeah!
InVenture was rebranded as Tala in 2016, by which time it had the fifth-most-downloaded app in Kenya. It started staffing up, hiring product managers from other startups, and adding the data scientist credited with developing surge pricing for Uber. It also opened offices in Tanzania and the Philippines.
Uber cameo! The guy who invented the feature that has landed Uber in PR and legal trouble repeatedly would be perfect for writing a predatory lending app for people in poor countries! I love it.
There are many people on Twitter who pile on to start-up founders who reinvent the bus stop every few months, but the truth behind the jokes is that “disruptive” start-ups claiming they have a secret sauce to make industries like lending more efficient are almost always full of shit. Tala was just another shitty subprime bank, with the shitty debt collectors to match:
…in interviews, five current and former collectors describe feeling intense pressure to perform, which they say led them to use dishonest tactics. The company sets quotas of millions of shillings in repayments a month, they say. Those who fail to hit their marks can be fired.
[…]
Some describe using login credentials stolen from Kenya’s National Hospital Insurance Fund (NHIF) to learn borrowers’ work addresses and the names of their children. They then threaten to show up at their offices to shame them, or to visit their homes and seize their possessions.
Very cool. While founders like Siroya prance around cocktail parties in Mountain View, their apps are run by real human beings who are pressured to wage mental warfare on their fellow citizens over $20.
What is the solution to all of this? According to Tala, the government should fix it:
…the company published a blog post saying it was aware that debt was becoming an issue for some Kenyans. It called for regulators and credit bureaus to create a real-time database to prevent borrowers from using too many apps at once.
[…]
Tala said it hopes “others will join us in learning from recent challenges and building a stronger, safer industry.”
I cannot with these people. The absolute audacity of calling on regulators to save people from your predatory lending app. Anyhow, it will shock you to learn that despite all of this, Tala is growing and thriving and finding new markets of people to exploit:
It does, though, seem to be delivering for Tala. Last year its Santa Monica operation moved into larger offices. In August, as the company crossed $1 billion in loans made to 4 million customers on three continents, it announced that it had raised an additional $110 million, saying it would use the money to expand in India and hire employees in Kenya and Mexico.
Fantastic. I can’t imagine what goes on in these pitch meetings. The kind of person whose job is projecting the margins on charging 180% interest rates to people who live on $10 a week. I hope the fucking cocktail parties are worth it.
Microduh!
Building software is hard. I have worked on many software projects - even run a software company - and it is not easy. The company best known for making software is Microsoft. They created the operating system many of our computers run on, and the programs we use to create things.
Many years ago, Microsoft software engineers made a decision to use a placeholder in their software, for people who were creating websites in FrontPage (like me, some of you may be old enough to remember this) or configuring local corporate networks.
Basically, Microsoft put a “default” call in their software to reference internal networks or network addresses. This is great, if your computer is located on an internal network. It makes things simpler! However, if you take your computer off that internal network without changing these internal references, your computer will attempt to send email or visit a website called corp.com which is owned by a guy. Surely, you might think, there can’t be that many computers running older Microsoft software. Well:
During an eight month analysis of wayward internal corporate traffic destined for corp.com in 2019, Schmidt found more than 375,000 Windows PCs were trying to send this domain information it had no business receiving — including attempts to log in to internal corporate networks and access specific file shares on those networks.
For a brief period during that testing, Schmidt’s company JAS Global Advisors accepted connections at corp.com that mimicked the way local Windows networks handle logins and file-sharing attempts.
“It was terrifying,” Schmidt said. “We discontinued the experiment after 15 minutes and destroyed the data. A well-known offensive tester that consulted with JAS on this remarked that during the experiment it was ‘raining credentials’ and that he’d never seen anything like it.”
Likewise, JAS temporarily configured corp.com to accept incoming email.
“After about an hour we received in excess of 12 million emails and discontinued the experiment,” Schmidt said. “While the vast majority of the emails were of an automated nature, we found some of the emails to be sensitive and thus destroyed the entire corpus without further analysis.”
Not good! The reason this has become an issue is that the owner of the domain is selling it. He says he is hoping Microsoft buys the domain, because otherwise the new owner will have access to 375,000 computers and millions of email accounts sending them all sorts of private information, including logins that allow access to said computers. If you aren’t familiar with what a “botnet” is, feel free to Google it. Trust me, it’s not good.
Last year, Microsoft became a trillion dollar company. Many articles were written by the tech press lauding the company’s leadership. This is cool and all, but they’ve known about this corp dot com issue since 1996 and haven’t fully fixed it. In fact, Bill Gates himself got angry emails when the site’s owner redirected it to a porn site back then, and mocked the software giant:
Hot doggidies indeed! In their mild defense, Microsoft has issued several software updates to fix the problem, as Krebs notes. However, most companies haven’t rolled them out, because they’d break their network:
But both O’Connor and Schmidt say hardly any vulnerable organizations have deployed these fixes for two reasons. First, doing so requires the organization to take down its entire Active Directory network simultaneously for some period of time. Second, according to Microsoft applying the patch(es) will likely break or at least slow down a number of applications that the affected organization relies upon for day-to-day operations.
Faced with either or both of these scenarios, most affected companies probably decided the actual risk of not applying these updates was comparatively low, O’Connor said.
This is entirely understandable. Not many companies would want to bring down their internal networks for days, or nuke their application support. It seems to me that trillion dollar Microsoft has a duty to fix this mess, so they should just buy the domain from this guy for $1.7 million. Will they? I hope so! It’s yet another illustration of how badly things can go when software developers make decisions, so I propose we stop letting them do this, immediately.
Pizza Robots
Every year we read articles about how the robots are going to take our jobs. Some have even gone so far as to create an automation map, showing which places are likely to lose jobs to robots. It’s unclear how long it is going to take - in areas like retail, companies are starting to more fully automate the supply chain, but it’s taken decades to reach this point. It’s likely that we won’t see a large scale move to robots any time soon, and instead we’ll see automation chip away at existing industries gradually.
There is one area I can predict will be safe from robots for a long time - food preparation. We have automated a lot of food things like packaging, chemical processing, and repetitive tasks like slicing cheese, but the act of cooking a dish? We aren’t there yet.
This has not stopped entrepreneurs from claiming we are, though. Enter Zume, an automated pizza start-up which has fallen cheese side down:
In January, Zume cut 360 jobs, leaving a little over 300 employees, and said it would focus on packaging and efficiency gains for other food delivery companies.
Let’s back up a little, because we skipped over the part when someone (Softbank, it’s always Softbank) promised Zume $375 million dollars to have robots make pizzas in moving delivery trucks. You are reading this correctly. Robots, pizzas, moving trucks. What could go wrong?
Zume did a so-so job delivering its first pizzas in 2016. Although some reviewers on Yelp appreciated the fresh ingredients and speedy delivery—“Clearly better than low end pizza places,” one wrote—several complained about undercooked dough or small amounts of sauce and toppings. Eventually, Collins’s team gave up on the dream of baking the pies while driving to customers, according to two people familiar with the matter. The cheese tended to run everywhere as the trucks turned or hit bumps in the road.
This sounds like something out of a Pixar movie. The driver - some sort of animal, like a raccoon - is roaring all over town to deliver pizzas to earn enough money to free his family from the clutches of an evil zookeeper while his friend the robot is in the back spraying red tomato mist everywhere as cheese paints the walls.
I tracked down a puff piece interview with the Zume folks from 2017 and, well, it’s…not really robot pizza? One of the founders in the video talks about how humans are necessary for recipe creation, produce selection, and even putting toppings on the pizza! What does the robot do? Well:
Delicious! So the “robots” in this early assembly line flatten the dough, apply and spread the sauce, and move the pizza to and from the oven. A human being still has to apply the toppings, which is arguably the most time consuming part. They call it a “co-bot” line, for human robot collaborative. This isn’t fucking robot pizza! Come on!
Their second innovation is, apparently, a truck full of mini ovens that will “blast” the pizzas with heat right before they are due to be delivered. The video is from 2017, so I assume that this new method of double-cooking the pies came about after the cheese incidents from the year before. Looking at their promo van I have to wonder - if the pizza is only being blasted for a minute or two, why on earth do you need so many mini-ovens? Are you delivering 30 pies simultaneously? Is it safe to be driving around in a truck full of small furnaces?
I should note that the founder says they are working on a deep fry robot they can license to other food brands who want to…drive around a truck while boiling oil in the back? Yikes. My final comment on this silly video is that they surely could have found better B-roll footage of Flippy, the burger bot who can mass produce the saddest burgers I’ve seen outside of an elementary school lunch room:
Anyhow. None of these obvious critiques mattered because in 2018 Alex Garden, the founder and CEO of Zume got into a pizza truck and drove to the home of Masayoshi Son and said he wanted to be both the Tesla and the Amazon of fresh food, whatever that means. Zume got something like $100 million of the money, which is a fairly modest investment for Softbank. Like many of the fund’s investments, Zume was quickly pushed to grow big at any cost.
By all accounts, Garden was not prepared for this. Insiders claim the company jumped from project to project with no real vision, which does make sense since they had essentially created three robots to automate 70% of the pizza-making process and hadn’t really sped it up at all? In fact, after the cheese debacle the trucks basically turned into shitty versions of actual pizza restaurants:
…the oven trucks began parking in central locations, with runner cars or mopeds transporting the cooked pies.
This is…exactly what a normal pizza delivery business does! What are you disrupting? Available parking spots at other businesses?
Garden wanted to get into plant-based meats, but wasn’t able to get it going. Zume tried to pivot into selling compostable containers to other companies, even buying a company to do so, with predictably ridiculous results:
It held a one-day test at a Pizza Hut in Phoenix in October, with the goal of expanding the tests to more locations in January or February of this year. But the boxes can’t legally hold food in some jurisdictions, including San Francisco, because they contain the chemicals known as PFAS, which the Environmental Protection Agency has said can harm humans. No further tests have been publicly scheduled.
Last June, Garden told his employees their cash burn had hit $10 million a month, which doesn’t seem too bad for a company that had projected $250 million in revenue for the last quarter of 2020. However the reality was, uh, not even remotely close to that:
Zume recorded 2019 revenue well under $1 million, says a person familiar with the company’s finances.
Rest in peace, sweet pizza robots. It would seem that, for the moment, another industry safe from automation is the liquidation of massive amounts of Middle Eastern oil wealth.
Short Cons
Seattle Times - “A government watchdog is launching a nationwide probe into how marketers may be getting seniors’ personal Medicare information aided by apparent misuse of a government system, officials said Friday.”
FTC - “The FTC says that, between 2009 and November 2016, Office Depot and a software provider did scans and told people their computers had malware symptoms — only it wasn’t true.”
Tips and whatnot to scammerdarkly@gmail.com