When we reviewed “Another Life” last week, we described it as an old-fashioned science fiction space show, something that’s been absent from TV for the past decade or so. “Wu Assassins” is another new Netflix series, and it’s also is a kind of a throwback — this time to ’90s martial arts series like “Vanishing Son” and “Kung Fu: The Legend Continues.”

As we explain in the latest episode of the Original Content podcast, “Wu Assassins” — which tells the story of Kai, a San Francisco chef who receives mystical powers and must battle powerful nemeses known as the Wu Lords — has plenty of delightfully cheesy writing and special effects. But it’s set apart from those older shows in a couple key ways.

First, there’s the fact that Indonesian martial arts star Iko Uwais (who you might recognize from “The Raid” and “Star Wars: The Force Awakens”) plays as Kai — he’s not a great dramatic actor, but once the action starts, he becomes a blur of punches and kicks.

The producers have surrounded Uwais with other other accomplished martial artists, so the resulting fight scenes are extraordinary. “Wu Assassins” includes a couple big set pieces, but even more remarkably, every single fight (and there are plenty) feels like it’s been choreographed for the perfect mix of beauty and brutality.

Even better, there’s Byron Mann’s performance as Uncle Six, a ruthless triad boss who has a long history with Kai. Mann brings real charisma and humanity to his performance, and he turns his dramatic scenes with Uwais into absolute highlight of the show. Plus, he’s just as compelling when he’s called upon to beat the crap out of his enemies.

In addition to praising “Wu Assassins,” we also discuss the CBS-Viacom merger and listener response to our review of “Another Life.”

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you want to skip ahead, here’s how the episode breaks down:
0:00 Intro
0:40 “Another Life” listener response
11:51 CBS/Viacom merger
20:30 “Wu Assassins” review
33:52 “Wu Assassins” spoiler discussion

This week the New York Times published a five-years-later retrospective on Gamergate and its aftereffects, which is chilling and illuminating, and you should go read it. It makes an excellent case — several excellent written cases, actually — that “everything is Gamergate,” that it and its hate-screeching online mobs were the prototype for all the culture and media wars since and to come.

Sadly, the lesson expounded herein by the NYT is one which they — and other media — do not yet seem to have actually learned themselves.

Let’s look at another piece which called Gamergate a template for cultural warfare, using the media as a battleground. This one was written back in 2014, by one Kyle Walker, in Deadspin, and its scathing, take-no-prisoners real-time analysis was downright prophetic. A few of its most important passages:

Gamergate is […] a relatively small and very loud group of video game enthusiasts who claim that their goal is to audit ethics in the gaming-industrial complex and who are instead defined by the campaigns of criminal harassment that some of them have carried out against several women […] What’s made it effective, though, is that it’s exploited the same basic loophole in the system that generations of social reactionaries have: the press’s genuine and deep-seated belief that you gotta hear both sides … that anyone more respectable than, say, an avowed neo-Nazi is operating in something like good faith

It is now clear to us all that that last statement is no longer correct … in that it is far too optimistic. Two years ago, the NYT made it apparent that they are in fact willing to assume “an avowed neo-Nazi is operating in something like good faith,” when they published a piece about “the Nazi sympathizer next door,” one variously called “chummy” (Quartz), “sympathetic” (Business Insider), and “normalizing” (NYT readers themselves, among many others.)

Back to Wagner in Deadspin:

The demands for journalistic integrity coming from Gamergate have nothing at all to do with the systemic corruption of the gaming media … The claims from what we like to call the “bias journalisms” school of media criticism aren’t meant to express anything in particular, or even, perhaps, to be taken seriously; they’re meant to work the referees, to get them looking over their shoulders, to soften them up in the hopes that a particular grievance, whatever its merits, might get a better hearing next time around.

How does it play out? Like this: Earlier this month, the New York Times covered Intel’s capitulation in the face of a coordinated Gamergate campaign, called “Operation Disrespectful Nod.”

Here’s that NYT piece from five years ago. It, in turn, begins:

For a little more than a month, a firestorm over sexism and journalistic ethics has roiled the video game community, culminating in an orchestrated campaign to pressure companies into pulling their advertisements from game sites.

That campaign won a big victory in recent days with a decision by Intel, the chip maker, to pull ads from Gamasutra, a site for game developers.

Intel’s decision added to a controversy that has focused attention on the treatment of women in the games business and the power of online mobs. The debate intensified in August, partly because of the online posts of a spurned ex-boyfriend of a female game developer.

Wagner’s inescapable conclusion:

The story continued in this vein—cautious, assiduously neutral, lobotomized […] Both sides were heard. And thus did Leigh Alexander’s commentary on the pluralism of gaming today get equal time with a campaign bent on silencing her. …Make it a story about an oppressive and hypocritical media conspiracy, and all of a sudden you have a cause, a side in a “debate.”

Gamergate, like so many bad-faith movements since, followed a variant of the “motte and bailey” strategy, which is

when you make a bold, controversial statement. Then when somebody challenges you, you claim you were just making an obvious, uncontroversial statement, so you are clearly right and they are silly for challenging you. Then when the argument is over you go back to making the bold, controversial statement.

Here, the motte is an ugly or vile cause — in Gamergate’s case, vicious misogyny — and the bailey is an entirely different purported argument — for Gamergate, “it’s about ethics in games journalism.” They work the latter argument for credibility, but entirely in bad faith, because it is tacitly understood, both internally and externally, albeit in a quasi-deniable way, that what they actually care about is their ugly cause.

This has become the playbook for so many modern disputes, because it continues to be a thoroughly effective way to manipulate the mainstream media. Arguments about purported “grievance politics,” or “the decline of America sanctioned by the elites,” or a manufactured, fictional “immigration crisis,” all continue to be treated by the media as legitimate grievances, and/or good-faith disputes, rather than a thin pretext for bald-faced racism and xenophobia.

Every so often the motte is accidentally revealed, as when the head of the USCIS said, just this week, that the famous poem which adorns the Statue of Liberty referred to “people coming from Europe.” But in general the pretense of the bailey is upheld.

Let me reiterate: the pretense. These are arguments knowingly made in bad faith. What’s more, the actual cause soon becomes apparent to those who investigate the subject with open and searching minds. Good journalists should not be willing accept such distorted pretenses at face value, nor assume good faith without evidence. The NYT clearly made that mistake, fell into that trap, with Gamergate five years ago. As Wagner put it then,

What we have in Gamergate is a glimpse of how these skirmishes will unfold in the future—all the rhetorical weaponry and siegecraft of an internet comment section brought to bear on our culture, not just at the fringes but at the center.

How right he was. And yet it is all too apparent that, in the heart and at the heights of the New York Times, nothing of significance has been learned. How else to explain how, five years after Gamergate, and two years after “readers accuse(d) us of normalizing a Nazi sympathizer,” the NYT continues to treat exactly the same kind of bad-faith arguments as if they are meaningful, important, and valid? Most visibly with its most recent headline debacle, but that is only the tip of the wilfuly ignorant iceberg.

In the aftermath of that headline incident, Dean Baquet, its executive editor, told CNN a remarkable thing: “Our role is not to be the leader of the resistance.” In other words, the publisher of this excellent recent Gamergate exegesis has learned nothing from it.

The NYT’s role should be to lead a resistance — not necessarily against any individual political party or figure, but a resistance of critical thinking, and searching analysis, against deceptive motte-and-bailey arguments. But they don’t seem willing to recognize that they are being manipulated by such bad-faith movements, much less accept that one of them has grown to occupy much of America’s political landscape. One wonders when the Gray Lady will finally open her eyes.

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how Netflix might have some rough times ahead as Disney barrels towards it.

---

The big story

There is plenty to be said about the potential of smart glasses. I write about them at length for TechCrunch and I’ve talked to a lot of founders doing cool stuff. That being said, I don’t have any idea what Snap is doing with the introduction of a third-generation of its Spectacles video sunglasses.

The first-gen were a marketing smash hit, their sales proved to be a major failure for the company which bet big and seemingly walked away with a landfill’s worth of the glasses.

Snap’s latest version of Spectacles were announced in Vogue this week, they are much more expensive at $380 and their main feature is that they have two cameras which capture images in light depth which can lead to these cute little 3D boomerangs. One one hand, it’s nice to see the company showing perseverance with a tough market, on the other it’s kind of funny to see them push the same rock up the hill again.

Snap is having an awesome 2019 after a laughably bad 2018, the stock has recovered from record lows and is trading in its IPO price wheelhouse. It seems like they’re ripe for something new and exciting, not beautiful yet iterative.

The $150 Spectacles 2 are still for sale, though they seem quite a bit dated-looking at this point. Spectacles 3 seem to be geared entirely towards women, and I’m sure they made that call after seeing the active users of previous generations, but given the write-down they took on the first-generation, something tells me that Snap’s continued experimentation here is borne out of some stubbornness form Spiegel and the higher-ups who want the Snap brand to live in a high fashion world and want to be at the forefront of an AR industry that seems to have already moved onto different things.

Send me feedback
on Twitter @lucasmtny or email
lucas@techcrunch.com

On to the rest of the week’s news.

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

• WordPress buys Tumblr for chump change
  Tumblr, a game-changing blogging network that shifted online habits and exited for $1.1 billion just changed hands after Verizon (which owns TechCrunch) unloaded the property for a reported $3 million. Read more about this nightmarish deal here.
• Trump gives American hardware a holiday season pass on tariffs 
  The ongoing trade war with China generally seems to be rough news for American companies deeply intertwined with the manufacturing centers there, but Trump is giving U.S. companies a Christmas reprieve from the tariffs, allowing certain types of hardware to be exempt from the recent rate increases through December. Read more here.
• Facebook loses one last acquisition co-founder
  This week, the final remnant of Facebook’s major acquisitions left the company. Oculus co-founder Nate Mitchell announced he was leaving. Now, Instagram, WhatsApp and Oculus are all helmed by Facebook leadership and not a single co-founder from the three companies remains onboard. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

1. Facebook’s turn in audio transcription debacle:
   [Facebook transcribed users’ audio messages without permission]
2. Google’s hate speech detection algorithms get critiqued:
   [Racial bias observed in hate speech detection algorithm from Google]
3. Amazon has a little email mishap:
   [Amazon customers say they received emails for other people’s orders]

Our premium subscription service had another week of interesting deep dives. My colleague Danny Crichton wrote about the “tech” conundrum that is WeWork and the questions that are still unanswered after the company filed documents this week to go public.

WeWork’s S-1 misses these three key points

…How is margin changing at its older locations? How is margin changing as it opens up in places like India, with very different costs and revenues? How do those margins change over time as a property matures? WeWork spills serious amounts of ink saying that these numbers do get better … without seemingly being willing to actually offer up the numbers themselves…

Here are some of our other top reads this week for premium subscribers. This week, we published a major deep dive into the world’s next music unicorn and we dug deep into marketplace startups.

• How even the best marketplace startups get paralyzed
• How a Swedish saxophonist built Kobalt, the world’s next music unicorn

Sign up for more newsletters in your inbox (including this one) here.

NASA and SpaceX continue their joint preparations for the eventually astronaut crew missions that SpaceX will fly for the agency, with a test of the emergency evacuation procedure for SpaceX’s GO Searcher seaborne ship. The ship is intended to be used to recover spacecraft and astronauts in an actual mission scenario, and the rehearsals this week are a key part of ensuring mission readiness before an actual crewed SpaceX mission.

Photos from the dress rehearsal, which is the first coordinated end-to-end practice run involving the full NASA and SpaceX mission teams working in concert, saw NASA astronauts Doug Hurley and Bob Behnken don SpaceX’s fancy new crew suits and mimic a situation where they needed to be removed from the returned Crew Dragon spacecraft and taken to Cape Canaveral Air Force Station from the GO Searcher by helicopter.

By all accounts, this was a successful exercise and seems to have left parties on both sides happy with the results. Check out photos released by NASA of the dry run below.

[gallery ids="1870192,1870193,1870194,1870195,1870196,1870197,1870198,1870199,1870200,1870201,1870202,1870203,1870204,1870205,1870206,1870207"]

SpaceX and NASA continue to work towards a goal of launching Crew Dragon’s first actual crewed flight this year, though they’ve encountered setbacks that make that potentially impossible, including the explosion of a Crew Dragon test vehicle during a static test fire in April.

Inside Voyage’s plan to deliver a driverless future

In the autonomous vehicle space, startups have taken radically different strategies to building our AV future. Some companies like Waymo have driven all across different types of environments in order to rack up the datasets that they believe will be needed to effectively maneuver without a human driver.

That’s the opposite strategy of Voyage, where CEO and founder Oliver Cameron and his team have focused on driving safety in the incredibly constrained context of two retirement communities.

Our transportation editor Kirsten Korosec talked with the company and analyzes their approach in a new profile for Extra Crunch, and also drops some news about a partnership the company has brewing with a major automotive manufacturer.

Cameron, who shies away from discussing timelines, describes the company as inching toward driverless service.

Its self-driving software has now reached maturation in the communities it is testing in, and Voyage is now focusing on validation, according to Cameron.

Voyage has developed a few systems that will help push it closer to a commercial driverless service while maintaining safety, such as a collision mitigation system that it calls Rango, an internal nickname inspired by the 2011 computer-animated Western action-comedy about a chameleon.

This collision mitigation system is designed to be extremely fast-reacting, like a reptile — hence the Rango name. Rango, which has an independent power source and compute system and uses a different approach to perception than the main self-driving system, is designed to react quickly. If needed, it will engage the full force of the brakes.

Startup ads are taking over the subway

Public transit is just swimming in startup ads. From complete Brex takeovers of the San Francisco Caltrain station to the sleep puzzles posted by Casper across the New York City subway, startups have been taking advantage of this unique out-of-home advertising space. What’s the full story though? Our reporter Anthony Ha takes a look at how the subway ad market came to be in the past few years, and what the future holds for other marketers.

Ikea’s smart home investments to date have been smart but scattered – now the Swedish home goods brand says it’s going to amp up its smart home bets with a brand new dedicated business unit.

The company’s smart home endeavors began in 2012, and focused on wireless charging and smart lighting. It’s iterated in both areas since, developing self-installed integrated wireless chargers for its furniture, as well as light/charger combos, and finally with a new partnership with Sonos that produced the Symfonisk line of wireless smart speakers.

Ikea also has its own ambitions in terms of being the hub for future smart home products, not only from a hardware perspective, but also via its Home smart app, which it rebranded from being more strictly focused on its Tradfri line of connected bulbs in June. During the Symfonisk launch, Ikea told me it has broader ambitions for the Home smart app as a central hub for connected home control for its customers.

“At IKEA we want to continue to offer products for a better life at home for the many people going forward. In order to do so we need to explore products and solutions beyond conventional home furnishing,” said Björn Block, Head of the new IKEA Home smart Business Unit at IKEA of Sweden, in a press release from the company.

Ikea also characterized this as its biggest new focus area in terms of the overall business and brand since it introduced its Children’s Ikea line.

The partnership between Sonos and Ikea that produced the Symfonisk line is a long-term one, and both companies told me to expect more products to come out of that team-up in future. But it sounds like Ikea intends to explore how smart home tech might touch all aspects of its business, so it’s fair to anticipate more partnerships and product categories to follow as a result of this new investment focus, too.

SoftBank has a plant to loan up to $20 billion to its employees, including CEO Masayoshi Son, for the purposes of having that capital re-invested in SoftBank’s own Vision venture fund, according to a new report from the Wall Street Journal. That’s a highly unusual move that could be risky in terms of how much exposure SoftBank Group has on the whole in terms of its startup bets, but the upside is that it can potentially fill out as much as a fifth of its newly announced second Vision Fund’s total target raise of $108 billion from a highly aligned investor pool.

SoftBank revealed its plans for its second Vision Fund last month, including $38 billion from SoftBank itself, as well as commitments from Apple, Microsoft and more. The company also took a similar approach to its original Vision Fund, WSJ reports, with stakes from employees provided with loans totalling $8 billion of that $100 billion commitment.

The potential pay-off is big, provided the fund has some solid winners that achieve liquidation events that provide big returns that employees can then use to pay off the original loans, walking away with profit. That’s definitely a risk, however, especially in the current global economic client. As WSJ notes, the Uber shares that Vision Fund I acquired are now worth less than what SoftBank originally paid for them according to sources, and SoftBank bet WeWork looks poised to be another company whose IPO might not make that much, if any, money for later stage investors.

Apple’s next Apple Watch revision could include new materials for the case, including titanium and ceramic. That’s according to new assets pulled form the latest watchOS beta release, as uncovered by Brazilian site iHelp.br (via 9to5Mac). The new screens discovered in the beta show graphics used to pair the Apple Watch during setup, and list “Titanium Case” and “Ceramic Case” alongside model size identification info.

Apple has previously offered a ceramic Apple Watch, alongside its Series 2 and Series 3 models, with a premium price and white and black case options. The company hasn’t previously used titanium, but the lightweight, durable metal is popular among traditional watchmakers because it can really significantly reduce the heft of a watch case, while still providing a premium look and feel.

Last year’s Apple Watch Series 4 was the first significant change in body design for the wearable since its introduction in 2015, so it seems unlikely that Apple will change that this year again. The new physical design includes larger case sizes (40mm and 44mm, respectively, vs. 38mm and 42mm for previous generations), a thinner profile and a display with rounded corners and slimmer bezels.

Offering new materials is a way for Apple to deliver new hardware that is observably new on the outside, in addition to whatever processor and component improvements they make on the inside. Apple will likely also offer these alongside their stainless steel and aluminum models, should they actually be released this fall, and would probably charge a premium for these material options, too.

The Series 4 Apple Watch proved a serious improvement in terms of performance, and added features like the onboard ECG. Splashy new looks likely won’t be the extent of what Apple has planned for Series 5, however, especially since the company is revamping watchOS to be much more independent of the phone, which would benefit from more capable processors.

Privacy researchers in Europe believe they have the first proof that a long-theorised vulnerability in systems designed to protect privacy by aggregating and adding noise to data to mask individual identities is no longer just a theory.

The research has implications for the immediate field of differential privacy and beyond — raising wide-ranging questions about how privacy is regulated if anonymization only works until a determined attacker figures out how to reverse the method that’s being used to dynamically fuzz the data.

Current EU law doesn’t recognise anonymous data as personal data. Although it does treat pseudoanonymized data as personal data because of the risk of re-identification.

Yet a growing body of research suggests the risk of de-anonymization on high dimension data sets is persistent. Even — per this latest research — when a database system has been very carefully designed with privacy protection in mind.

It suggests the entire business of protecting privacy needs to get a whole lot more dynamic to respond to the risk of perpetually evolving attacks.

Academics from Imperial College London and Université Catholique de Louvain are behind the new research.

This week, at the 28th USENIX Security Symposium, they presented a paper detailing a new class of noise-exploitation attacks on a query-based database that uses aggregation and noise injection to dynamically mask personal data.

The product they were looking at is a database querying framework, called Diffix — jointly developed by a German startup called Aircloak and the Max Planck Institute for Software Systems.

On its website Aircloak bills the technology as “the first GDPR-grade anonymization” — aka Europe’s General Data Protection Regulation, which began being applied last year, raising the bar for privacy compliance by introducing a data protection regime that includes fines that can scale up to 4% of a data processor’s global annual turnover.

What Aircloak is essentially offering is to manage GDPR risk by providing anonymity as a commercial service — allowing queries to be run on a data-set that let analysts gain valuable insights without accessing the data itself. The promise being it’s privacy (and GDPR) ‘safe’ because it’s designed to mask individual identities by returning anonymized results.

The problem is personal data that’s re-identifiable isn’t anonymous data. And the researchers were able to craft attacks that undo Diffix’s dynamic anonymity.

“What we did here is we studied the system and we showed that actually there is a vulnerability that exists in their system that allows us to use their system and to send carefully created queries that allow us to extract — to exfiltrate — information from the data-set that the system is supposed to protect,” explains Imperial College’s Yves-Alexandre de Montjoye, one of five co-authors of the paper.

“Differential privacy really shows that every time you answer one of my questions you’re giving me information and at some point — to the extreme — if you keep answering every single one of my questions I will ask you so many questions that at some point I will have figured out every single thing that exists in the database because every time you give me a bit more information,” he says of the premise behind the attack. “Something didn’t feel right… It was a bit too good to be true. That’s where we started.”

The researchers chose to focus on Diffix as they were responding to a bug bounty attack challenge put out by Aircloak.

“We start from one query and then we do a variation of it and by studying the differences between the queries we know that some of the noise will disappear, some of the noise will not disappear and by studying noise that does not disappear basically we figure out the sensitive information,” he explains.

“What a lot of people will do is try to cancel out the noise and recover the piece of information. What we’re doing with this attack is we’re taking it the other way round and we’re studying the noise… and by studying the noise we manage to infer the information that the noise was meant to protect.

“So instead of removing the noise we study statistically the noise sent back that we receive when we send carefully crafted queries — that’s how we attack the system.”

A vulnerability exists because the dynamically injected noise is data-dependent. Meaning it remains linked to the underlying information — and the researchers were able to show that carefully crafted queries can be devised to cross-reference responses that enable an attacker to reveal information the noise is intended to protect.

Or, to put it another way, a well designed attack can accurately infer personal data from fuzzy (‘anonymized’) responses.

This despite the system in question being “quite good,” as de Montjoye puts it of Diffix. “It’s well designed — they really put a lot of thought into this and what they do is they add quite a bit of noise to every answer that they send back to you to prevent attacks”.

“It’s what’s supposed to be protecting the system but it does leak information because the noise depends on the data that they’re trying to protect. And that’s really the property that we use to attack the system.”

The researchers were able to demonstrate the attack working with very high accuracy across four real-world data-sets. “We tried US censor data, we tried credit card data, we tried location,” he says. “What we showed for different data-sets is that this attack works very well.

“What we showed is our attack identified 93% of the people in the data-set to be at risk. And I think more importantly the method actually is very high accuracy — between 93% and 97% accuracy on a binary variable. So if it’s a true or false we would guess correctly between 93-97% of the time.”

They were also able to optimise the attack method so they could exfiltrate information with a relatively low level of queries per user — up to 32.

“Our goal was how low can we get that number so it would not look like abnormal behaviour,” he says. “We managed to decrease it in some cases up to 32 queries — which is very very little compared to what an analyst would do.”

After disclosing the attack to Aircloak, de Montjoye says it has developed a patch — and is describing the vulnerability as very low risk — but he points out it has yet to publish details of the patch so it’s not been possible to independently assess its effectiveness. 

“It’s a bit unfortunate,” he adds. “Basically they acknowledge the vulnerability [but] they don’t say it’s an issue. On the website they classify it as low risk. It’s a bit disappointing on that front. I think they felt attacked and that was really not our goal.”

For the researchers the key takeaway from the work is that a change of mindset is needed around privacy protection akin to the shift the security industry underwent in moving from sitting behind a firewall waiting to be attacked to adopting a pro-active, adversarial approach that’s intended to out-smart hackers.

“As a community to really move to something closer to adversarial privacy,” he tells TechCrunch. “We need to start adopting the red team, blue team penetration testing that have become standard in security.

“At this point it’s unlikely that we’ll ever find like a perfect system so I think what we need to do is how do we find ways to see those vulnerabilities, patch those systems and really try to test those systems that are being deployed — and how do we ensure that those systems are truly secure?”

“What we take from this is really — it’s on the one hand we need the security, what can we learn from security including open systems, verification mechanism, we need a lot of pen testing that happens in security — how do we bring some of that to privacy?”

“If your system releases aggregated data and you added some noise this is not sufficient to make it anonymous and attacks probably exist,” he adds.

“This is much better than what people are doing when you take the dataset and you try to add noise directly to the data. You can see why intuitively it’s already much better.  But even these systems are still are likely to have vulnerabilities. So the question is how do we find a balance, what is the role of the regulator, how do we move forward, and really how do we really learn from the security community?

“We need more than some ad hoc solutions and only limiting queries. Again limiting queries would be what differential privacy would do — but then in a practical setting it’s quite difficult.

“The last bit — again in security — is defence in depth. It’s basically a layered approach — it’s like we know the system is not perfect so on top of this we will add other protection.”

The research raises questions about the role of data protection authorities too.

During Diffix’s development, Aircloak writes on its website that it worked with France’s DPA, the CNIL, and a private company that certifies data protection products and services — saying: “In both cases we were successful in so far as we received essentially the strongest endorsement that each organization offers.”

Although it also says that experience “convinced us that no certification organization or DPA is really in a position to assert with high confidence that Diffix, or for that matter any complex anonymization technology, is anonymous”, adding: “These organizations either don’t have the expertise, or they don’t have the time and resources to devote to the problem.”

The researchers’ noise exploitation attack demonstrates how even a level of regulatory “endorsement” can look problematic. Even well designed, complex privacy systems can contain vulnerabilities and cannot offer perfect protection. 

“It raises a tonne of questions,” says de Montjoye. “It is difficult. It fundamentally asks even the question of what is the role of the regulator here?

When you look at security my feeling is it’s kind of the regulator is setting standards and then really the role of the company is to ensure that you meet those standards. That’s kind of what happens in data breaches.

“At some point it’s really a question of — when something [bad] happens — whether or not this was sufficient or not as a [privacy] defence, what is the industry standard? It is a very difficult one.”

“Anonymization is baked in the law — it is not personal data anymore so there are really a lot of implications,” he adds. “Again from security we learn a lot of things on transparency. Good security and good encryption relies on open protocol and mechanisms that everyone can go and look and try to attack so there’s really a lot at this moment we need to learn from security.

“There’s no going to be any perfect system. Vulnerability will keep being discovered so the question is how do we make sure things are still ok moving forward and really learning from security — how do we quickly patch them, how do we make sure there is a lot of research around the system to limit the risk, to make sure vulnerabilities are discovered by the good guys, these are patched and really [what is] the role of the regulator?

“Data can have bad applications and a lot of really good applications so I think to me it’s really about how to try to get as much of the good while limiting as much as possible the privacy risk.”

Hello and welcome back to Startups Weekly, a weekend newsletter that dives into the week’s noteworthy startups and venture capital news. Before I jump into today’s topic, let’s catch up a bit. Last week, I wrote about the differences between raising cash from angels and traditional venture capitalists. Before that, I summarized DoorDash’s acquisition of Caviar.

Remember, you can send me tips, suggestions and feedback to kate.clark@techcrunch.com or on Twitter @KateClarkTweets. If you don’t subscribe to Startups Weekly yet, you can do that here.

---

It’s Friday morning and I don’t want to dig into another IPO prospectus. The startups don’t care though, they’re in a mad dash to get to the public markets, reporters be damned.

This week, three billion-dollar venture-backed “unicorns” unveiled S-1 filings, the paperwork necessary to complete an IPO. First came WeWork, the $47 billion co-working giant beloved by SoftBank. Then came Cloudflare, a business that provides web security and denial-of-service protection for websites. Then this morning, after we all thought it was time for a breather, “teledentistry” company SmileDirectClub made its filing public.

There’s plenty to read on each of these high-profile IPOs; here’s a quick reading list:

WeWork

WeWork reveals IPO filing
WeWork’s S-1 misses these three key points
Making sense of WeWork’s S-1 (or trying to)

Cloudflare

Cloudflare files for initial public offering
Cloudflare says cutting off customers like 8chan is an IPO ‘risk factor’
In its IPO filing, Cloudflare thanks a third co-founder: Lee Holloway

SmileDirectClub
SmileDirectClub files to go public amid concerns from dental associations

On to other things…

Meet the startups in Y Combinator’s summer batch
As you may know, YC summer demo days are next week. A whopping 176 companies are expected to present and we’ll be there reporting live, as usual. In preparation, we’ve been cherry-picking companies in the latest batch that interest us. Here’s a look at our latest — more to come:

• Narrator wants to become the operating system for data science
• This startup is building a weed breathalyzer for cops 
• Lokal wants to bring local news to 900M Indians in their regional languages
• Holy Grail is using machine learning to build better batteries
• Shiru is developing a protein replacement for food additives
• Lumineye helps first responders identify people through walls
• GradJoy is a fintech startup to help you knock out your student loans
• Traces AI is creating a less invasive alternative to facial recognition tracking

Equity Podcast
This was a very special week for Equity. We taped two great episodes, one in which we hung out with Axios’ Dan Primack in Boston, the other featuring me recording out of a New York City Blue Bottle Coffee shortly after WeWork dropped its S-1 filing. You can listen to our latest episodes here and here. Equity drops every Friday at 6:00 am PT, so subscribe to us on Apple Podcasts or Spotify.

Extra Crunch
In our latest installment of EC-1, in which go deep on an up-and-coming startup, TechCrunch’s Eric Peckham tells the founding story of Kobalt, the world’s next music tech unicorn. Here’s a passage from Peckham’s extensive piece: “You may not have heard of Kobalt before, but you probably engage with the music it oversees every day, if not almost every hour. Combining a technology platform to better track ownership rights and royalties of songs with a new approach to representing musicians in their careers, Kobalt has risen from the ashes of the 2000 dot-com bubble to become a major player in the streaming music era. It is the leading alternative to incumbent music publishers (who represent songwriters) and is building a new model record label for the growing ‘middle class’ of musicians around the world who are stars within niche audiences.”