There’s a new streaming service in France called Salto. The companies behind the new service have been around for a while though. Salto is a joint initiative between TF1, France Télévisions and M6 — three major TV networks.
Those companies already had their own apps with live TV and ad-supported catch-up content. And of course, you can access content from these networks from your set-top box. But they’re trying something new with Salto.
For now, Salto is mostly an ad-free combination of all the individual apps from TF1, France Télévisions and M6. You can watch live TV from 19 different channels. You can play catch-up content from all three networks without any video ad.
It costs €6.99 per month. For €9.99, you can watch on two screens simultaneously. For €12.99 per month, you get four screens. Salto has released apps for Android, Android TV, iOS and tvOS. It also works in a web browser.
Such an offering probably won’t be enough to attract subscribers. That’s why Salto is slowly adding exclusive content to its platform as well. Salto is also going to be a good way to access content for kids in a dedicated section.
You can see some TV shows before they air on TV, such as an adaption from Agatha Christies’ ‘And Then There Were None’, the new season of Fargo. There are also some classic shows, such as Parks & Recreation and Seinfeld.
Who will be subscribing to Salto then? If you mostly watch live TV and you already know how to access catch-up content, Salto isn’t for you. If you already have access to premium content through a Canal+ subscription for instance, Salto isn’t for you.
But if you’re addicted to reality TV and daily soap operas, Salto could be a nice service to consume your favorite show. If you don’t pay for any streaming service, it could be a cheap service to get started and access some basic shows and movies.
French startup Exotec has raised a $90 million Series C round led by 83North, with existing investors Iris Capital and Breega also participating. Other existing investors include 360 Capital. The company has been working on semi-automated warehouses for e-commerce clients.
The system is based on tiny robots called Skypods. They roam the floor and go up and down racks to pick up standardized bins of products.
The company also provides logistics software to coordinate all those robots through the warehouse. As you scale, you can add more robots and more racks without any downtime.
It’s not going to replace humans altogether as you still have to pick up goods from the bin and pack stuff. But human operators can stay at a workstation while robots take care of all the roaming.
You can use a workstation to pick up goods but also to replenish bins. The idea is that you never have to enter the Exotec area. It’s a robot-only zone.
In addition to productivity gains, you can also increase your storage capacity by switching to Exotec thanks to tall racks and narrow aisles.
The company now has teams in Atlanta and Tokyo — it plans to produce 4,000 robots per year by 2021. Everything is manufactured in Lille, France in a 6,000 square-meter plant. The company currently has fourteen running systems around the world. Clients include Carrefour, Leclerc, Cdiscount and Fast Retailing (Uniqlo).
French startup Mirakl has raised a $300 million funding round at a $1.5 billion valuation — the company is now a unicorn. Mirakl helps you launch and manage a marketplace on your e-commerce website. Many customers also rely on Mirakl-powered marketplaces for B2B transactions.
Permira Advisers is leading the round, with existing investors 83North, Bain Capital Ventures, Elaia Partners and Felix Capital also participating.
“We’ve closed this round in 43 days,” co-founder and U.S. CEO Adrien Nussenbaum told me. But the due diligence process has been intense. “[Permira Advisers] made 250 calls to clients, leads, partners and former employees.”
Many e-commerce companies rely on third-party sellers to increase their offering. Instead of having one seller selling to many customers, marketplaces let you sell products from many sellers to many customers. Mirakl has built a solution to manage the marketplace of your e-commerce platform.
300 companies have been working with Mirakl for their marketplace, such as Best Buy Canada, Carrefour, Darty and Office Depot. More recently, Mirakl has been increasingly working with B2B clients as well.
These industry-specific marketplaces can be used for procurement or bulk selling of parts. In this category, clients include Airbus Helicopters, Toyota Material Handling and Accor’s Astore. 60% of Mirakl’s marketplace are still consumer-facing marketplaces, but the company is adding as many B2B and B2C marketplaces these days.
“We’ve developed a lot of features that enable platform business models that go further than simple marketplaces,” co-founder and CEO Philippe Corrot told me. “For instance, we’ve invested in services — it lets our clients develop service platforms.”
In France, Conforama can upsell customers with different services when they buy some furniture for instance. Mirakl has also launched its own catalog manager so that you can merge listings, add information, etc.
The company is using artificial intelligence to do the heavy-lifting on this front. There are other AI-enabled features, such as fraud detection.
Given that Mirakl is a marketplace expert, it’s not surprising that the company has also created a sort of marketplace of marketplaces with Mirakl Connect.
“Mirakl Connect is a platform that is going to be the single entry point for everybody in the marketplace ecosystem, from sellers to operators and partners,” Corrot said.
For sellers, it’s quite obvious. You can create a company profile and promote products on multiple marketplaces at once. But the company is also starting to work with payment service providers, fulfillment companies, feed aggregators and other partners. The company wants to become a one-stop shop on marketplaces with those partners.
Overall, Mirakl-powered marketplaces have generated $1.2 billion in gross merchandise volume (GMV) during the first half of 2020. It represents a 111% year-over-year increase, despite the economic crisis.
With today’s funding round, the company plans to expand across all areas — same features, same business model, but with more resources. It plans to hire 500 engineers and scale its sales and customer success teams.
Facebook France is going to pay $125 million (€106 million) in back taxes according to business magazine Capital — Facebook confirmed the agreement to both Capital and Reuters. French tax authorities raided Facebook’s offices in Paris in 2012 and later opened an investigation on unpaid taxes covering activities between 2009 and 2018.
According to the investigation, Facebook allegedly optimized its effective tax rate in France by funneling sales to other subsidiaries in different European countries.
It’s a grey area as funneling sales to a different country is legal. But you have to prove that there wasn’t any sales person based in France selling to a French customer. Those contracts can be reclassified as French contracts.
Many tech companies have had to pay back taxes in France for the same issue. For instance, Google agreed to pay a $549 million fine and $510 million in back taxes in 2019. Similarly, Apple settled a dispute covering $572 million in back taxes.
This is a new strategy for French authorities. Companies can avoid a public fight if they settle with tax authorities directly. This way, companies avoid some public backlash and it speeds up the process. Amazon was the first company to settle in 2018.
“We take our tax obligations seriously, pay the taxes we owe in all markets where we operate,” Facebook told Reuters. As a result, the company’s revenue in France has jumped from €56 million to €389 million between 2017 and 2018, representing a nearly 600% revenue increase in 12 months.
We’ve reached out to Facebook and will update this article if we learn more.
French startup Lydia is announcing a new partnership with Younited Credit, which lets you borrow anything between €500 and €3,000 and pay back within 6 to 36 months. The feature will be released in France at some point during the summer.
This isn’t the first time Lydia is playing around with credit. The company already partnered with Banque Casino to let users borrow between €100 and €1,000. But that feature was limited to short-term credit as you had to reimburse everything over three installments.
This time, you can borrow more money and you have more time to pay back your loan. Lydia will try to be as transparent as possible when it comes to interests. And there’s no fee in case or early repayment.
Compared to the first credit product, you can’t borrow money instantly. You apply for a loan in the app and get an answer within 24 hours. If you accept the offer, you have seven days to change your mind — it’s a regulatory requirement in France. You then receive money on your account.
By offering two different credit products, Lydia wants to cover more use cases. If something unexpected happens (your laptop broke down, you have to book an emergency flight, etc.), you can borrow as much as €1,000 in just a few seconds.
You receive the money on your Lydia account and you can start using it instantly using a virtual card, Apple Pay, Google Pay, Samsung Pay, Lydia’s debit cards or Lydia’s peer-to-peer payments.
Fees on instant credit lines are pretty high as you pay 3.13% in interests and a one-time fee of €6.90 to €19.90 to receive the money instantly depending on how much you borrow.
If you’re planning a big purchase but you can wait a week, you can go through the new credit offering with Younited Credit . This isn’t the first time Younited Credit offers an integrated credit product with another fintech startup. For instance, N26 also offers credit lines with Younited Credit in France.
Lydia started as a peer-to-peer payment app with 3.5 million users in Europe. It recently raised a $45 million funding round led by Tencent. The startup now wants to build a marketplace of financial products. And integrating Younited Credit in the app seems in line with that strategy.
Like many podcast startups, Majelan has faced some criticisms shortly after its launch. Aggregating free podcasts with premium content next to them à laLuminary is a controversial topic in the podcast community. Spotify has been going down the same path, but Spotify is also an order of magnitude bigger than any other podcast startup out there.
Some podcast creators have decided to remove their podcast feeds from Majelan to protest against that business model.
Podcasts remain an open format. Creators can create a feed, users can subscribe to that feed in their favorite podcast app. You don’t have to sign up to a particular service to access a particular podcast — everything is open.
“We have decided to stop aggregating free podcasts — free podcasts mean podcasts, period. For us, podcasts are RSS feeds, it’s an open world,” Perticoz said in a podcast episode. “We need an app that is more focused on payment. We can’t aggregate free podcasts given that our strategy is paid content.”
The result is a more focused service that is going to launch on July 7th in France. After a free trial, you have to subscribe for €5 to €7 per month depending on the length of your subscription. You can then access a library of premium audio content — Majelan rightfully doesn’t call them podcasts.
“Going forward, we’re going to focus on original content, we’re going to focus 100% on paid content,” Gallet said in the same podcast episode.
And in order to be even more specific, Majelan will focus on personal growth, such as creativity, activism, mindfulness, innovation, entrepreneurship and health. According to the co-founders, some content will be produced in house, some content will be co-produced with other companies and the startup will also acquire existing podcasts and repackage them for Majelan.
That move has been in the works for a while. The startup pitched it to its board of investors back in December. Premium subscriptions have worked well for movies, TV and music. Now let’s see if subscriptions will also take off with spoken-word audio.
France’s lower chamber of the parliament has voted in favor of a controversial law against hate speech on social networks and online platforms. As I described last year, online platforms will have to remove within 24 hours illicit content that has been flagged. Otherwise, companies will have to pay hefty fines every time they infringe the law.
What do they mean by illicit content? Essentially, anything that would be considered as an offense or a crime in the offline world is now considered as illicit content when it’s an online platform. Among other things, you could think about death threats, discrimination, Holocaust denial…
For the most extreme categories, terrorist content and child pornography, online platforms must react within an hour.
While online hate speech has been getting out of control, many fear that online platforms will censor content a bit too quickly. Companies don’t want to risk a fine so they might delete content that doesn’t infringe the law just because they’re not sure.
Essentially, online platforms have to regulate themselves. The government then checks whether they’re doing a good job or not. “It’s just like banking regulators. They check that banks have implemented systems that are efficient, and they audit those systems. I think that’s how we should think about it,” France’s digital minister Cédric O told me in an interview last year.
There are multiple levels of fines. It starts at hundreds of thousand of euros but it can reach up to 4% of the global annual revenue of the company with severe cases. The Superior Council of the Audiovisual (CSA) is the regulator in charge of those cases.
Germany has already passed similar regulation and there are ongoing discussions at the European Union level.
French startup Doctolib is sharing some metrics on its video consultation feature. While the startup first started as a way to help doctors manage appointments and let them accept online appointments, the company has been taking advantage of its huge community of health professionals to add video consultations on top of that.
Since the start of the COVID-19 pandemic, users have booked 2.5 million online appointments in France and Germany. More than 31,000 physicians offer video consultations and 872,000 patients have used the service at least once over the past five weeks.
Usually, Doctolib charges practitioners a monthly fee to access the service and use it to replace their calendar. Practitioners can choose to pay an additional €79 per month ($90) on top of their standard Doctolib plan to start accepting remote appointments.
During the epidemic, the startup has chosen to waive video consultation subscription fees. It’s the right thing to do, but it’s also a great way to convince more practitioners to start accepting remote appointments.
The result is explosive growth. Doctolib jumped from 1,000 to 100,000 video consultations per day in just a month. The good news is that it isn’t just for young people — 28% of users who book an online appointment are 55 years old and beyond.
Those appointments comply with France’s national healthcare system. Patients get reimbursed just like a normal appointment. But there are some legal restrictions. Usually, you can’t book a remote appointment and get reimbursed if the doctor doesn’t know you already.
But that restriction has been lifted during the lockdown. Let’s see if the momentum will hold when the national healthcare system puts back some limits on video consultations.
Vestiaire Collective just closed another big round of funding in the middle of an economic crisis — the round closed in early April. The startup raised $64.2 million (€59 million) and the company has raised more than $240 million over the year, according to Crunchbase. Vestiaire Collective operates a marketplace of pre-owned fashion items. Users can both sell and buy clothes and accessories on the platform.
There’s a huge list of investors in today’s round — Korelya Capital, Fidelity International-managed funds, Vaultier7, Cuit Invest and existing investors Eurazeo (Eurazeo Growth and Idinvest Venture funds), Bpifrance, Vitruvian Partners, Condé Nast, Luxury Tech Fund and Vestiaire Collective CEO Max Bittner are all participating.
With 9 million members across 90 countries, Vestiaire Collective has become a huge marketplace. And it makes sense that an e-commerce website focused on pre-owned items is working well. There has been a ton of backlash against fast fashion over the past few years.
People now also value circular business models as it becomes more affordable to refresh your wardrobe, especially during an economic crisis, and it is better for the environment.
As always, Vestiaire Collective will use the new influx of cash to expand to more countries. In particular, with Korelya Capital as a new backer, the company will expand to South Korea and Japan this year. While the company started in France, 80% of transactions are now cross-border transactions.
Originally, Vestiaire Collective asked you to send your items to its warehouses to check them before putting them on sale. The startup has been betting on direct shipping from the seller to the buyer in Europe and it has been working well. You can get reimbursed if there’s something wrong with what you ordered though.
Direct shipping has been available in Europe since September 2019 and it now represents over 50% of orders in the region. Up next, Vestiaire Collective will introduce direct shipping in the U.S. this summer and in Asia by the end of 2020.
Research institutes Inria and Fraunhofer have shared details on their contact-tracing protocol that could be used by the French and German governments in the coming weeks. It is named ROBERT for ROBust and privacy-presERving proximity Tracing protocol.
Inria and Fraunhofer are members of the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project. On Friday, PEPP-PT said that seven European governments were interested in developing national apps based on the standardized approach. So ROBERT could become an important inspiration for various contact-tracing apps around Europe.
Inria’s CEO Bruno Sportisse also wrote an article on Inria’s website describing the thinking behind Inria’s (and Fraunhofer’s) work. In addition to explaining the concept of contact tracing, he says there’s no such thing as a decentralized contact-tracing protocol or a centralized contact-tracing protocol.
“None of the projects aim to implement a peer-to-peer network in which everything would rely on a supposedly ‘independent’ community […] of devices/smartphones that exchange information between them. The main reason why that’s not the case is that security vulnerabilities could have an impact with such an approach,” Sportisse wrote.
“All systems in the works include a common component (a server) and a decentralized component (a group of smartphones that can communicate between them using Bluetooth): all systems currently in the works are therefore both centralized […] and decentralized,” he continued.
And yet, centralization and decentralization have been at the heart of a debate between privacy researchers in Europe, with backers of the DP-3T initiative sometimes calling out PEPP-PT’s approach. DP-3T is another coalition of experts that claim to care more about privacy than PEPP-PT.
So let’s dive in to ROBERT and find out what Inria and Fraunhofer mean by a centralized-decentralized contact-tracing protocol.
In the specification document, Inria and Fraunhofer define the big principles behind ROBERT.
Our scheme provides the following goals as detailed in :
Open participation. Participants are free to join or leave the system at any time.
Simple and transparent. The system is simple to use and understand.
Easy deployment. The scheme is easy to deploy and requires only minimal infrastructure.
Anonymity. The smartphone App as well as the back-end server database do not collect or store any personal data.
Federated infrastructure. The system must scale across countries, ideally worldwide. In order to preserve countries’ sovereignty, a trusted federation of infrastructures is necessary.
Those are all fair points, but based on the rest of the document, anonymity is not 100% guaranteed for all actors involved (the government, other app users, malicious users). The document itself describes why there could be some loopholes in the protocol:
The authority running the system, in turn, is “honest-but-curious”. Specifically, it will not deploy spying devices or will not modify the protocols and the messages. However, it might use collected information for other purposes such as to re-identify users or to infer their contact graphs. We assume the back-end system is secure, and regularly audited and controlled by external trusted and neutral authorities (such as Data Protection Authorities and National Cybersecurity Agencies).
That’s a big if.
Basically, the protocol is designed in such a way that it protects your privacy as long as you trust the government/the health ministry/whoever is in charge of running the central server. Based on that statement alone, it seems like the authority could log a ton of information about app users.
Generating a log of your proximity contacts
At its core, a contact-tracing app uses Bluetooth to build a comprehensive list of other app users who you’ve interacted with for more than a few seconds. A ROBERT-based contact-tracing app would make those matches on your device.
ROBERT uses ephemeral Bluetooth IDs that change every 15 minutes. For example, if you’re talking with someone for 10 minutes, you’re going to regularly send your ephemeral Bluetooth ID to the other person, and you’re going to receive the other person’s ephemeral Bluetooth ID. If nobody gets infected with COVID-19, those IDs remain on your device (and might even get purged after a while).
The app also collects additional information associated with ephemeral Bluetooth IDs. For instance, it collects the strength of the Bluetooth signal to evaluate the distance between the two persons.
All of this is fairly standard.
Uploading your contact list, not your own ephemeral identifiers
Approaches differ if somebody is confirmed to be infected with COVID-19. Under the ROBERT implementation, if a user is diagnosed COVID-positive and gives their consent to help the community of other app users, the app will upload the list of ephemeral Bluetooth IDs of other users that they’ve been interacting with over the past 14 days.
Again, the app doesn’t send the user’s own ephemeral Bluetooth IDs — it sends information about the circle of people gravitating around the infected user.
The server then has a list of potentially exposed users. It doesn’t necessarily mean they’ll be infected with COVID-19.
Computing a risk score on the server
So what does the server do with this list of potentially exposed users?
When you download a ROBERT-based contact-tracing app (such as France’s Stop Covid app that is in the works) and launch it for the first time, the server is notified. The server generates and sends a permanent ID and a list of ephemeral Bluetooth IDs. The server also keeps a list of all temporary IDs associated with permanent IDs.
In other words, the authority has a giant database of all permanent and ephemeral IDs associated with all app users. While the specifications say “the stored information are ‘anonymous’ and, by no mean, associated to a particular user,” it’s in no way anonymous. It’s pseudonymous.
When a user is diagnosed COVID-positive and accepts to share a list of the ephemeral Bluetooth IDs of people they’ve interacted with, the server logs all that information and increases the risk score of people they’ve interacted with.
Over time, multiple users who are confirmed to be infected with COVID-19 could flag different Bluetooth ephemeral IDs that belong to the same user. The server is going to increase the risk score of the permanent ID associated to that user.
Essentially, the authority will have a database of permanent IDs with each ID representing one person. There will be a risk score associated to each person. When the risk score reaches a certain threshold, the user is notified.
A weak defense of centralization
As you can see in my description of the ROBERT protocol, the project tries to minimize the attack surface by centralizing most computing on a server. It is designed to be resilient against malicious users as much as possible — it requires you to “register” your account by obtaining a permanent ID from a central server.
But this centralized implementation means that you’ll have to trust your government. In particular, you have to trust that:
They’re not doing anything nefarious without telling you.
They have developed a secure implementation of the ROBERT protocol.
For instance, what if a ROBERT-based app uploads your IP address when your app checks the risk score associated with your permanent ID? What if the government wants a little more data to examine the social graph of pseudonyms? Those could be huge privacy risks and the end user wouldn’t even be aware of the vulnerability. It is basically the opposite of “privacy by design.”
Instead, Inria and Fraunhofer throw the DP-3T implementation under the bus:
Other, qualified as ‘decentralised’, schemes broadcast to each App an aggregate information containing the pseudonyms of all the infected users. This information allow each App to decode the identifiers of infected users and verify if any of them are part of its contact list. Our scheme does not follow this principle because we believe that sending information about all infected users reveals too much information. In fact, it has been shown that this information can be easily used by malicious users to re-identify infected users at scale. We claim that infected user re-identification must absolutely be avoided since it could lead to stigmatisation. Instead, we chose to securely store this information on a central server.
Dismissing decentralized protocols in such a way is completely irresponsible. In both cases, it depends on the implementation. That’s why it’s going to be important to let developers audit the code that runs both on the smartphone and the server — whether the server is only a relay server or a central database. Otherwise, people are not going to trust contact-tracing apps and they will be useless.
Data on your device can be encrypted and inaccessible to other apps and malicious users. The government could even control a decryption key using a multi-signature authentication. This way, malicious users wouldn’t be able to decrypt data without interacting with the central server, and the central server wouldn’t be able to access user data.