We take no joy in kicking people while they’re down here at The A.V. Club, otherwise we’d be named after something cooler like The Robotics Club or The Yearbook Committee (elitist bullies), so don’t assume that we get any kind of schadenfreude-like enjoyment out of the struggles that are befalling new streaming platform Quibi. It has some quick bites of good content, we’re excited about the new Reno 911!, and we’re always looking for new things to do on our phones—or, ideally, not on our phones. But still, it’s our duty to report that Quibi has, for lack of a better phrase, really stepped in it this time.
As reported by Variety, the streaming service has been caught sharing user data with third-party advertisers and trackers “improperly,” which is to say that it was doing this without telling anyone that it was giving away their data (intentionally or otherwise). The Variety story says a researcher found out that Quibi was “making available email addresses of users who clicked on confirmation links on signup to third-party partners,” including Google, Twitter, Snapchat, and Facebook, which would then “facilitate the tracking of users’ online activity and make them easier to target with ads.” In other words, Quibi was doing the thing that you should assume every website that asks for your email is doing, but Quibi was doing it without telling anybody.
Naturally, Quibi suggests this was a mistake, releasing a statement that says it “immediately” fixed this “issue” when it was found. That’s where things get muddy, though, because the researcher who found this—Zach Edwards, who published a report on it—says this kind of email sharing is a “sloppy and dangerous growth hack” that’s typically used to boost ad campaigns and other analytics that track what users do. He also says that Quibi’s “breach” here is especially “egregious” because of how new and “extremely well-funded it is,” not to mention the fact that it launched after new laws went into effect that force companies to notify users about how their info is shared. Quibi, he argues, absolutely should’ve known not to do that, so “there’s almost no way that numerous people at Quibi were not only aware of this plan, but helped to architect this user data breach.”
The bright side here is that the number of people whose data was shared in this way is probably relatively small, with Quibi only getting 300,000 downloads in its first day at the beginning of this month. Variety says Quibi claims there were 2.7 million downloads of its app within its first two weeks, but a research firm quoted in the story says that probably includes “re-downloads and installs by individual users on multiple devices.”