
Verizon Explores Lower Price or Even Exit from Yahoo Deal - thehodge
https://www.bloomberg.com/news/articles/2016-12-15/verizon-weighs-scrapping-yahoo-deal-on-hacking-liability?utm_content=tech&utm_campaign=socialflow-organic&utm_source=twitter&utm_medium=social&cmpid%3D=socialflow-twitter-tech
======
bmh100
One benefit of these incidents at Yahoo! is that they represent salient, clear
examples of the cost of poor information security. CIOs and security directors
will be able to point to this deal as evidence that poor security can have
material impact on the business and destroy massive shareholder value, even
years after the fact. A 6.5% intra-day dip sends a clear message. Even a CFO
can now see that information security should be viewed as vital insurance that
directly impacts shareholder value.

~~~
ChuckMcM
This is a really important point. Yahoo!'s troubles help make a quantitative
point to people who care only about money.

Having been in the role of advocating investing in security the typical
questions are;

    
    
       * "Will the product run faster?",
       * "Will the customers get better service?",
       * "Will someone choose us over a competitor 
          because of this?" 
    

Generally 'no', 'no', and 'hard to quantify' so the answer to the funding
request is "Sorry, not at this time."

But if you can say, "When you try to sell this company to another company, the
strong security policies and technology this funding will provide insurance
against having a security breach like Yahoo! and tanking the sales price."

Now _that_ resonates because they probably have a lot to win or lose over the
sales price of the company in a merger/acquisition strategy.

"Its a few million now, but without it, it could cost you billions of personal
wealth down the road. Now who's in?"

~~~
enraged_camel
Isn't the answer to "will the customer get better service" a definitive "yes"?
I mean, obviously it depends on the UX of said security feature(s), but
generally speaking, more secure == better. Right?

~~~
ChuckMcM
Not necessarily, lets say its just "security debt." Start with something like
"we built this system with MD5 passwords in the user rows of a database that
includes a bunch of other information" And 10 years go by and you (the guy who
worries about security) realizes that hey, rainbow tables can be really really
big these days, perhaps MD5 isn't the answer anymore.

So you go to the annual planning meeting and you pitch to the execs ,,, We
want to take 5 engineers to first fix the password encryption we are using,
second to update all the databases, third to build and test a system that
makes swapping out the encryption method of passwords easier and less
disruptive in the future, and finally updating the build system to do some
sort of regression test on passwords to insure we aren't creating new services
with weak algorithms.

The person after you pitches ... we'd like to take 5 engineers to build an
algorithm to identify viral videos on the web and then put them into an iframe
on our properties, thus increasing the length of time someone spends on our
web pages which early A/B testing with some hand picked videos suggests
increases revenue per page by .5%.

They give the 5 engineers to the kitten project it makes for more revenue.

A year goes by, the security guy pitches and the second pitch is "Our videos
are doing great but we have discovered that people really hate that it takes
three clicks to change their preferences on page layout. We want the 5
engineers to tweak the portal pages to make customization easier and we'll add
a frictionless ad portal where they can just click on a product that appears
and it will order it for them."

The updated portal gets the 5 engineers.

Now they are at a due diligence meeting with a potential suitor who discovers
that millions of passwords were breached and later compromised because for
years they knew they were using an insecure way of storing them but had not
done anything about it. This materially affects what they consider the 'value'
of the company to be.

The challenge is that if the security guy is really good the customers don't
"see" anything, just their password is better protected than it was, and
future projects start with strong password management systems. So from the
people visiting the web property "nothing" changes. From the executive
planning group's perspective they have spent 5 precious head count on a
feature that they will have no way of "reporting" its success either in their
own resumes or to their bosses. Kittens and better click through? Easy to
measure and report and you can point at dollars in the bank as the benefit.

------
anton_tarasenko
Yahoo controls 8% of search traffic and costs $4bn. Google controls 64% of
search traffic and costs $558bn. That's a 17-fold difference in the price for
1% of the traffic. Even more if you take US search traffic only (to exclude
Yahoo Japan).

Verizon can get rid of the costly parts of Yahoo (mostly its media business)
and have its own small Google to make cash. That was $1.8bn per year in 2015,
while Yahoo's overall revenue stands at $3.9bn (Asia excluded). So Verizon
buys the company at 1x revenue.

Who would quit such a deal?

~~~
vinhboy
I don't know man. but if you loan me $4bn I will buy Yahoo and run it myself.
I too don't understand how they can't make Yahoo a success. They have a couple
of great products that people use like Fantasy sports and Finance.

And mail would be just fine if they'd remove all the crap so it would run
faster.

Lots of non techy still uses yahoo mail, and that won't change as long as the
service exists.

~~~
bduerst
I dunno - I feel like it's committing Dunning-Krugers to say, "Just run Yahoo!
better, sheesh." because there's a _ton_ we can't see on the surface of the
company, looking in, that the business currently has to cope with.

If anything, these two hacks being announced years later, along with their
voluntary NSA backdoor, demonstrates that Yahoo! has skeletons in their
closet.

~~~
anigbrowl
It is, but at this point what have shareholders got to lose? By the way, I'm
available. I went on record in my book 21 years ago that Yahoo was my favorite
web directory (the term 'search engine' hadn't been coined at that point) so
I've been following Yahoo since not long after it was a gleam in Jerry Yang's
eye. At this point I figure that makes me as qualified as anyone else to run
it.

Inquiries to my username...@gmail. Go on Yahoo board, ask me why I switched
and you might learn something useful.

------
oddevan
OK, what's it going to take to keep tumblr running? That's literally all I
care about here. Everything else in Yahoo can be gotten or done elsewhere, but
tumblr's a social network, so there's value in preserving those connections.

~~~
skuhn
The short answer is: a ton of money.

Tumblr has insanely high operating costs and practically no revenue stream.
Yahoo has spent a lot of time and money (while fighting with Tumblr people) to
get these costs down, but much of that work would be undone to separate Tumblr
from Yahoo.

So much of Tumblr's traffic is comprised "non-monetizable" porn sites that
Yahoo foots the CDN bill for, which does nothing to build the brand or the
social aspect of the service. They can't truly crack down on it though,
because that would reveal the truth: there isn't that much real use to justify
the spending.

~~~
dismantlethesun
> So much of Tumblr's traffic is comprised "non-monetizable" porn sites that
> Yahoo foots the CDN bill for

I'm curious why you find pornography to be non-monetizable. It's a $97 billion
dollar industry, and is probably easier to directly monetize than a random
mishmash of personal blogs because adult sites tend to focus solely on a
single fetish, and there's a clear standardized categorization of such.

~~~
skuhn
Tumblr does not display ads on pornographic content. It is not something that
Yahoo is willing or able to monetize, and yet it represents a substantial
amount (perhaps the majority) of the cost of operating Tumblr.

Maybe a future operator of Tumblr would feel differently -- but I think it
would be difficult to monetize both sets of content simultaneously.

~~~
dismantlethesun
They're not willing, but they are able.

> I think it would be difficult to monetize both sets of content
> simultaneously.

I'm not really certain why you'd feel that way. Most ad agencies
simultaneously have an adult wing and a mainstream wing because the truth
is... most people in the world are adults, and sexuality is a large part of
what we consider the human condition.

It's only natural that you'd pay for services and products to aid in that.

What's not done is mixing the content verticals. You have pornographic
content, then you advertise Adam & Eve products, paysites, or one of the many
clothing distributors that will never be seen in a local mall.

Ironically, since tumblr lets' you use your own templates---some people are
successfully doing upsells via Tumblr using "in house" advertisements for
companies.

------
heisenbit
Fixing Yahoo seems impossible. It is bleeding cash and has at its scale no
really credible strategic business model as a conglomerate of ideas. Selling
it may fall flat now. Would it be possible to split it up? It may be easier to
find a strategic direction for parts of it and maybe wind up others?

------
accountable
Yahoo has some good stuff, but their brand-name is just so, so toxic now.

I hope that if the deal goes through (and I'm sure it will), Verizon will
still keep the better Yahoo services running.

~~~
ocdtrekkie
I have to imagine if they do buy it, they'll strip it for parts. They already
have AOL, which has a dated name, but not one now synonymous with horrible
security. And with the redundant properties between AOL and Yahoo, I can't
fathom them not wanting to consolidate those, probably into a new brand
entirely.

Between AOL and Yahoo (and their own Verizon email addresses where they're an
ISP), they'd have a huge portion of the world's email accounts, and I could
see a push to pull an Outlook.com: Move everyone to a new service, but keep
all the old legacy email addresses from older services.

------
CodeSheikh
Let's also not downplay the "Yahoo" brand name. It does not have much high
impact negative publicity associated to it (yet). The name "Yahoo!" goes as
far back as the Internet for modern day users i.e. 30+ yrs age group. If
Verizon can put a nice spin to it and through micro-filtration of the brand
whatever filtrate is left, as long as it is somewhat appealing it would sell,
let it be a search engine or whatever new product Verizon offers free-of-cost
to its subscribers over its data network. Verizon owns AOL and with that a few
mobile advertising companies. As TV content is gradually getting further away
form traditional set-top-box nightmarish cable providers and more towards
individual content companies (Netflix, Amazon Video, HULU, HBO etc), this
would be a good step for Verizon to head in that direction as well, maybe not
produce original content (such as Netflix/Amazon) but perhaps air exclusive
sports events. At the end of the day, it is all about maintaining your
monopoly.

~~~
__derek__
> It does not have much high impact negative publicity associated to it (yet).

A _billion_ compromised accounts seems like it could fill that role. Many
people may not understand their online information's privacy/security, but
that's an ear-grabbing number.

~~~
mholmes680
Agreed. Anecdotally, my mother called me last night asking what she needed to
do about Yahoo's new breach. I said, no no, dont worry we already changed your
password. She said nope, NEW news!

My mother (and her news) heard this loud and clear. Thats a problem, and VZ
has every right to renegotiate -- this has passed the point of "we're yahoo so
we're big and an unlucky target". This is, in my mother's words, "what the
hell is wrong with those people, I'm done, how do i get everything to go to
gmail".

~~~
hughw
If you changed her password in September, you shouldn't have to change now,
right? Since the "new" breach is from 2013.

~~~
__derek__
That's the thing: people who don't understand this news may now think that
this is an ongoing, regular thing with Yahoo. If they react by switching,
Yahoo will only be left with people's spam-collecting accounts.

~~~
mholmes680
On top of that, I _thought_ I understood this news, then got a prompt from
yahoo logon that I may have been compromised. So, I mean, I still don't
understand the implications and I consider myself considerably more tuned in
than my mother.

------
AdmiralAsshat
Verizon would be stupid _not_ to walk away from the deal at this point.

Setting aside that $4 billion was clearly way too much, Verizon, as the parent
company, would be liable for any lawsuits against Yahoo resulting from the
last few leaks.

~~~
chinhodado
It's funny that $4b is deemed "way too much" for Yahoo when Snapchat is valued
at $20b something, and Linkedin was bought for $26b. And Instagram and
Whatsapp and all the other unicorns.

~~~
TuringNYC
It seems you are just randomly comparing tech companies by bid/sale
value...what about actual value? There is incredible value to LinkedIn, and
the 7x multiple is entirely sensible. They have the world's largest resume
database, active users, major network effects, and near zero competition.

Yahoo has nothing close to that. I'm not saying that drives a 4B$ valuation
exactly, but comparing Yahoo to LinkedIn is apples to oranges.

------
luhn
According to the email I received from Yahoo this morning, the data stolen was
from 2013 and contains MD5 hashed passwords.

MD5 hashed passwords. In 2013. Apparently Yahoo never made it out of the 90s.

------
imkevinxu
Looks like Mozilla still stands to make a lot of money from this
[http://www.recode.net/2016/7/7/12116296/marissa-mayer-
deal-m...](http://www.recode.net/2016/7/7/12116296/marissa-mayer-deal-mozilla-
yahoo-payment)

------
rokhayakebe
Can anyone explain to me why Yahoo is not worth over $4B?

~~~
iaw
Sure thing!

Imagine if I had two friends, Google and Yahoo. Both are asking me if they can
borrow a dollar.

Over the last few years when Google borrows a dollar it gives back an extra
3.5 cents the next year as a thank you. On the opposite side, when Yahoo has
borrowed a dollar they've lost 13 cents within the next year.

Left to their own devices, Yahoo will implode and be out of money in under 7
years, likely much sooner. The $4 billion price tag was a way of salvaging
what may still be valuable properties within Yahoo, but the company on paper
is rapidly losing money at any valuation.

It's like asking someone to buy a car that's broken when it's unclear if they
can fix it.

~~~
rokhayakebe
Halve staff?

~~~
sangnoir
in all likelihood, you'll be left with the _worse_ half, who will be
demoralized as a bonus. Now you are even less likely to fix it. The surest way
would be to strip it for parts.

------
rivaldo
The prospect of being part of the yahoo acquisition team at Verizon sounds
dreadful. Yahoo has so many problems, so many things to figure out... it
represents a close to impossible challenge to try to turn it around (in any
way).

------
bogomipz
So considering there has been at least two breaches that are known and given
the size and extent of them is there no concern by Verizon that any
intellectual property held by Yahoo might have been taken as well?

------
anigbrowl
Video of the merger team hard at work
[https://www.youtube.com/watch?v=fX4e81L-J7s](https://www.youtube.com/watch?v=fX4e81L-J7s)

------
Animats
Verizon wants to acquire Yahoo "without the liability". What do they want to
do, dump the liability on a business unit designed to go into bankruptcy?

------
discardorama
Hmm... I wonder if this is Yahoo's way of getting out of the deal?

------
serg_chernata
Is this related to the most recent hack? IE, are they valuing Yahoo as less
now that there's more bad press?

~~~
tyleraldrich
Uh, yes. Look at the first sentence of the article:

"Verizon Communications Inc. is exploring a price cut or possible exit from
its $4.83 billion pending acquisition of Yahoo! Inc., after the company
reported a second major e-mail hack affecting as many as 1 billion users"

------
cgvgffyv
That's silly, of course the deal will go through.

Verizon wants Yahoo on the cheap and somebody at Yahoo is helping.

------
ChildOfChaos
This is really just a news headline that really doesn't matter, or make any
difference in the real world, who cares? the media just wants to make things
seem bad so they can get some attention then on the back of that bad attention
someone seeing an opportunity to save some money. Pathetic.

~~~
x3n0ph3n3
A giant security breach leading to a potentially failed acquisition doesn't
matter in a community of people focused on technology businesses? Nice one-
word emotion signalling at the end, there.

