Deep Dive
- London syndicate used a lottery courier app to buy almost every number combination
- Jackpot of $95 million was won
- The win was controversial and led to lawsuits and investigations
Shownotes Transcript
There's a small storefront in North Austin, Texas called Winner's Corner. From the outside, it's pretty unassuming. It's like a nondescript building on a quiet street. And the sign out front, I found it on Google Maps, says, "Board games, lottery, gifts." You walk in the door and there's technically stuff for sale. A few board games stacked near the register,
Under Texas law, lottery retailers have to sell something other than lottery tickets, and this shop chose Monopoly. In 2024, Winner's Corner sold $179 million in lottery tickets. That is more than any other retailer in Texas and more than the next 25 combined.
That is because Winner's Corner is the physical front end for Jackpocket, a lottery courier app that lets users buy tickets from their phones. The app handles the orders, the machines in the back behind the monopoly boards print all the tickets, and scanned images are sent to the buyer. This is less a story about a security breach and more about a mathematical vulnerability in game design.
There is a fear that the lottery, one of the few forms of legal gambling in certain states, is a game with an aging out player population.
You need players to have prizes and young people aren't playing the lottery as much as previous generations. So that line has been going down. Yeah, they're too busy sports betting online. Literally. In most states, that's so much more popular. But in some states, the lottery is the only legal gambling. So there's this desire to figure out how to make the lottery compete in that modern gambling world of sports betting apps.
And across the US, courier app companies like Jackpocket, lotto.com and lottery.com are the answer to this. Trying to be like Uber for lottery for younger users who have never bought tickets in person to begin with.
And in Texas, where gambling is tightly restricted and the lottery is one of the few legal games in town, this new breed of courier app helped push ticket sales past $8 billion in 2023. In Texas, by the letter of the law, it's illegal to buy lottery tickets remotely. The laws are pretty old. They technically prohibit buying the ticket over the phone, but like the spirit of the law is clear enough that these courier apps always existed in kind of a gray area.
In April 2023, the Lotto Texas jackpot had rolled over 91 times. This had swelled to about a $95 million prize, the largest in more than a decade. And finally, one evening in April, a winner.
Lottery Courier apps in Texas can't sell you a ticket remotely. That contradicts the no buying over the phone rule. But what they can do is provide you a service to buy a ticket themselves and to enter into a contract with the user to hold that ticket in trust and then give them either the ticket or the prize in the event of a win. How is this different? A question they should have asked before April 2023.
By automating the buying process, they created a vulnerability once the prize got over a certain size. That basically turned the lottery from game of chance into a math problem. Because if the prize gets above a certain size and you can buy as many tickets as you want very, very efficiently, there comes a point where the cost of buying out all 25.8 million possible number combinations intersects with the otherwise astronomical cost of doing so.
which is exactly what a London-backed gambling syndicate decided to do to the Texas lottery once the pot reached this size. Brilliant. It's very, very clever. Brilliant. Using software, these courier storefronts and dozens of high-speed printers, they bought nearly every one of the, again, nearly 26 million possible combinations, skipping a handful to avoid the chance of splitting the pot. And by gum, the Brits, they won.
Shocking. Shocking. Math. Math. After taxes, the group walked away with $57.8 million. They'd gamed the game and they'd done it technically by the letter of the law. Texans were not fans of this. The like Boston Tea Party energy radiating off of this was like potent.
This was the inciting incident of a story that reached something of an end recently after a massive fallout. There were lawsuits, legislative hearings, investigations by the Texas Rangers, the state's longtime lottery director resigned, followed by his deputy. And recently, in 2025, the state formally banned all third-party courier app sales. At one point, they came within a vote or two of dissolving the Texas Lottery Commission entirely.
Critics called this a heist in broad daylight. The lieutenant governor called it the biggest theft from the people of Texas in the state's history. I found this fascinating. A technology meant to automate playing the lottery to bring it to the youths being used to automate gaming the lottery. So we'll start here with the story of the Texas Lottery Courier scandal here on Hack. ♪♪♪
I was going to play that, play that whole thing beginning to end. Oh, I intended to have an AI red or like a, we don't have to put this in, but I, there's a JavaScript library that essentially is a music production suite. And I intended to make a,
remake of our theme song using vibe coding and this library and got distracted doing other things. So that's on me. I do want to hear you were sending me videos of music that people had vibe coded and
which is just such a fascinating concept of like, if beat 16 play high hat, like that, that way of thinking about music is so interesting to me. And I'm, I'm, I'm personally holding my breath for the vibe coded version of our theme song. Is it going to be its own song? Are you going to recreate the current one? My intention was to recreate the current one, but the problem became that not a lot of the models are smart enough to listen to music and transcribe music.
So I couldn't find an easy way to like stylistically take our theme song, produce prompts to guide a vibe code. So I think I might just raw vibe code it. Just like, hey, here's the scenario. We have like a tech podcast.
Please make me a JavaScript script that automates the production of what could be theme music and just see what comes out. I'm going to swing the other way and do a version of the theme music on like a multi-track tape deck recorder, like go full analog. We'll throw a bunch of like tech spaghetti at the wall and see what the best version gets us. AIs are pretty damn good at coding now, right? Yeah. Coding is logical. It's mathematical. It's...
Music, if you know music theory, hook theory, it's very similar. So like AIs should be pretty good at making music. And I think actually given a lot of the platforms that AIs make music, it is pretty good at making music. So I'm just excited to try the code feeds the music and the vibes feed the code. I'm just excited.
excited to build that pipeline and see what comes out of it or we strip down and just do the vamped ad-libbed acid jazz version that we do on mic of every episode of hacked of course brought to the people by push security of course of course it goes without saying goes without saying and i want to talk about the uh feedback we got from just our like little tech cat the other day
At the end of the last episode, Jordan and I just left our mics on and had the conversation that we inevitably would have had with the mics off and left it in. And we got an overwhelming, I'll put that in air quotes, amount of positive response to that. And I just wanted to let people know that anecdotally, you have a lot of power over us. It's true. It's like Spotify comments, DMs, emails. If you take the time to reach out to us, we read everything.
We acknowledge everything. We pivot when we think it makes sense. And people like that. So I think we're going to do more of that. Yeah. I think our next episode, we might just go pure hot, Mike, just for the fun of it.
Just for the fun of it. Just for the fun of it. So today will be, I think, probably another combo. I've got this story that I want to talk about because I recently was traveling quite a bit for the old wedding season. And I downloaded... I found one story about this. And then...
as I was getting on the plane and I knew I was going to lose data, I downloaded a bunch more information and sources on it and spent an entire flight reading about it and then spent a good chunk of the trip reading about it and then spent the flight home reading about it. So I have, I want to dig into what happened in the Texas lottery because it's a fascinating like game design story. I think when we get back from the break, we'll just talk about some stuff. Let's get into it. Before I pitch it back to you, I'm going to say that this
storefront that is the face. Did you find it on Google Maps? No, I didn't. It's good. But I should. The physical manifestation of this online gambling platform. I noticed this a long time ago in some of the podcasts that I listen to. A lot of them have betting ads. Yeah. Yeah. Pills, betting. Yeah. Class. All the same. Cornerstones of the genre. Exactly. The...
They always come with a warning label at the end, and it always refers to some obscure casino. Yes. And it's because the same thing's happening there, where it's like all of these platforms, no matter how big they are, have to operate statewide through partnerships with these small gambling institutions. Exactly. So you've got these massive international gambling franchises.
that are like operating out of these like podunk casinos in like Nevada and stuff. And you're like, oh, weird. And not only do you have... So it's not only operating inside of the state, as you said, which is true, but you also have like interest state politics, which is the laws governing gambling vary based on which state you are in. And websites, geofencing is a famously easy thing to get around. So now you have people...
gambling in effectively other states and the giant amount of legal turmoil that that creates, not just for the users, not just for the app front end, but for that otherwise normal, sleepy little casino that is technically the license holder for that gambling website. I think I talked about this in an episode maybe a year ago, but I'm a big tennis fan. I travel, go watch tennis tournaments. I'll go to
Yeah.
plopped in a chair inside the stadium with a big application in front of him who's turning the bets on, turning the bets off, recording what had happened, recording if it was an ace, recording all the details of it to fill the bet so that you can't be gaming the system with latency.
So you can't, yeah. Sure, so that you couldn't have someone in the actual arena feeding you information that you could then slip a bet in somehow. Totally. Before the official results got posted. Yeah, because especially like TV feeds are often offset by eight, 10 seconds. So if the gambling headquarters were watching the games on TV, people on the ground would have like temporal arbitrage issues.
to be able to put bets in knowing the outcomes before the platforms did. And so they literally pay people to go sit in all of these stadiums and live record what's happening. Kind of a sick job.
Yeah, call me. Get at me. You want to fly me out to some... It would be so lost on me if it was tennis, but I would just show up in a fancy little outfit to record the results of a tennis match somewhere. Every one of these people that I've ever seen do not look like fancy little outfits. They look like Russian mobsters. I mean, that's a fancy outfit of its own. Really. Yeah.
But yeah, if you need somebody to do the Aussie Open or Wimbledon, hit me up. I'd happily go. I know what all of the bet things are. I gamble. I bet on tennis. I'm a competent person. I think you're going to like this story. The thing that got me onto this was this phrase I saw, Uber for lottery tickets. This idea that people still play the lottery, but over time, the line was trending down for a little bit. There was a desire to figure out how do we get...
people that want to do everything on their phones, that don't want to go to a storefront and buy a piece of paper to gamble like it's the 90s, playing the lottery. And especially in places that rely on the tax revenue, and especially in places where that's the only form of legal gambling. And as such, we get this suite of services, Jackpocket, lotto.com, lottery.com. They have emerged to try and modernize traditional lottery. They are not official lottery operators.
They're these middlemen that buy the tickets on the user's behalf and then deliver the ticket or the prize to them in a bunch of different ways, depending on the size of the prize. You log into a website or a mobile app. You can order an official state lottery ticket digitally, and then you pick which game you want to play, Powerball, Mega Millions, State Lotto. You pick the numbers, or you can go for like a quick pick, just like going into a store, and
And you enter into this little agreement with the app. You don't get issued the ticket digitally. Instead, the courier system routes it to a human or automated retail partner that enters into that contract with you.
Each courier service has to have that licensed brick and mortar retail outlet in every state it operates in. Jackpocket has the winner's corner that we talked about in Austin. Lotto.com uses a little tiny little storefront called Players Cafe. They're these massive businesses with these teeny tiny little retail brick and mortar front ends. It's very, very funny. Wildly profitable tiny retailers. $179 million out of this one little shop. And it's printers in the back. Printers and Monopoly boards. It's wild. Mm-hmm.
They all work slightly differently. Jackpocket generates like a high resolution scan of the actual ticket and delivers it to the user's app. Lotto.com just skips this and gives you the numbers. The important part is that they have to physically secure the ticket and then store it in a secured vault.
on behalf of the user. That ticket has to exist physically somewhere. It's not purely digital. There's a piece of paper. To claim it, you need the physical thing. Exactly. Then if you win to claim it and to facilitate that payout, there's different ways it works. If the prize is below $600, they typically redeem the ticket on the person's behalf and just
credit it to the user's online account. If it's larger than that, there's typically a process of delivering that physical slip of paper to the user securely in some way. Insured mail, an in-person handoff, depending on the size of the prize. It's very, I'm editorializing here, it's very janky and weird and slapdash and different based on the state and the context. It's
It's nebulous. It's a weird, like I'm just thinking about it as like a business process problem. Like what kind of headache it would be to be like, yeah, we sell 176 million sheets of paper a year and we have to keep them like notarized and filed and secured and...
Recall has to be 100% or else we're going to get sued. Yep. It's like a data storage business more than it is anything else. It's data storage. Physical data storage. 100%. It's physical data storage of pieces of paper that potentially represent huge sums of money that the user has a document of. So you can't even say, oh, we don't know what. It's like, no, they have proof of receipt. Mm-hmm.
So it doesn't matter if like the winner's corner in North Austin burns to the ground. You've entered into a contract and you are liable. So we get into like what size of physical fireproof safe can store this many lottery tickets. It's that kind of a problem. For 95 million bucks. Right. I'm getting on a plane and going to Austin, picking up my physical ticket myself and taking it to the lottery office like crazy.
Ain't no way a courier is getting that. Oh, completely. And you kind of have to go to them in that case because let's say you wanted to be the pushy customer and say, no, you bring it to me so I can get back on a plane and fly to Texas and redeem it because this is geologged. Yeah, totally. Which is another major feature of these apps is that they need very good geolocation APIs because there is, again, intrastate traffic.
legal differences for how gambling is moderated. It's theoretically legal in some states to gamble in their lottery from outside of state, inside of that state of which it might be illegal to gamble in another state's lottery. These apps sit in this weird tangly knot intersection of a bunch of different laws and tech jurisdictions. It's really interesting.
It's the starting a tech business in this space. It just seems like such a regulatory nightmare. Like I'm sure it's wildly profitable and they figure it out. But it just like the, I know when it comes to gambling, alcohol, any of the sins, you know, the regulation handbooks are,
are like regionally dependent. They're federally enforced. There's so much. It was like when marijuana shops opened in Colorado and they couldn't even take their money to the bank because the banks were federally regulated and still considered it a crime. And it's like just such an insane thing. I think that might
Someone in the comments flag if I'm wrong about this, but I think that might still be the case in the States maybe that because it's not still federally legal and banks are still federally administered, it's still very, very difficult depending on where you are operating a cannabis business, not the topic of this episode, to use traditional banking for your business. So you end up having a lot of like, you know, safes and basement type situations for like big businesses.
Yeah. But back to gambling, like Jordan and I live in neighboring states, Canadian provinces. I'll call them states for our American listeners. We actually share the same oversight in our gambling, the Western Canadian. Really? Yeah. WCLC Liquor Corporation. I think it started as booze and alcohol regulation and then moved into gambling. I think it's a liquor corporation. I don't know.
A quick Google would tell me, but I'm not worth doing it. But I can't redeem a British Columbia lottery ticket in the same lottery. So if it's the same draw, I can go to Vancouver to see Jordan, buy a ticket, bring it home to Alberta, and I can't redeem it or scan it. If I want to claim it, I would have to fly back to British Columbia to redeem it, even though it is being operated, executed, and regulated by the exact same corporation. Yeah.
Yeah. Yeah. That same weird, like, okay, so there's a, there's an imaginary line and the law changes radically based on which side of your room with potentially huge outcomes. Obviously the case in the States when it comes to this stuff. Um,
One of the few two states to explicitly legalize and license these apps early on was like New York and New Jersey were early adopters. They passed regulation to let you legally register these services. Jackpocket became the first one in 2021. There's a bunch of different requirements to meet the standards of being allowed to do this geofencing inside of New York. In states like Texas, where this all went down, that longstanding law preventing lottery sales by telephone didn't
You could interpret that law to apply to internet orders, and you could interpret it in such a way that it doesn't apply to internet orders, which is kind of what happened. It was pretty confusing. For years, the Texas Lottery Commission simultaneously claimed that it lacked authority to regulate or ban these services, effectively allowing them to operate in a gray area, even as this law preventing remote sales over the phone was on the books. It's very odd.
The way it works in Texas is you get this regular retailer license, often by just opening up a small convenience store, and then you sell the tickets via the app, via this courier service app. The commission didn't initially impose additional rules on them. They were just considered a retailer selling lottery tickets like any gas station.
Until this 2023 bulk buying fiasco forced Texas lawmakers over the course of the next two years to explicitly ban these courier apps and to threaten any physical retailer who even cooperated with them. I don't know what the outcome of banning the apps is going to do. Like when something becomes a numerical guarantee, like being able to make $57 million by investing $28 million or whatever the numbers were, $26 million. Yeah.
Even if the British private equity guy has got to get on the plane and fly to Austin for 50 million bucks, they're going to do it. Yeah. You know, so it's like banning the app is not going to solve the problem. Like you've created a mathematical guarantee of winning. And even if it got split, they would have only made what, like 14, 15, 18 million. Yeah. And the odds of a splitter vastly less than the odds of a win given a six number string set. The much easier solution to all this is increase the number of
Of numbers that you play with in the lottery. Yeah. That's looming over all of this for me is like, you have massive fallout. You have, maybe we don't have the lottery. You have all these big existential questions and there's like, or nine numbers. You don't even need nine. Yeah. You could go to seven. You could literally go to seven.
So just to speak to our heritage again, the Canadian main lotteries were 649. Six numbers, 49 possible outcomes. Like six digits, one to 49. That was how a lottery used to be. We still have that lottery, but the payouts are often much less. We now have what's Lotto Max, which is just a seven number lottery. And the payouts are usually often $70 million because it rolls over all the time because there's so many potential combinations.
that the probability of winning can sometimes take. Like for a lottery that gets drawn, I want to say two or three times a week, sometimes it can take a month to get a winner. So it's like you only need one more number to just grotesquely expand the state space of potential winners.
you know, the state space potential numbers that could be chosen. And you've still insulated yourself where the total number of tickets, even though it's the same roll over this total number of tickets, you would have to buy to guarantee a win as they effectively did here is so still so astronomically high that those lines on the graph won't intersect in a practical sense. And you have still some kind of a lottery. You don't have an easily gamifiable system.
Yeah, like seven. You crunching those numbies? Yeah, you are. No, I did it backwards. I did it backwards. Yeah, there are 86 million potential outcomes at seven choose, 49 choose seven. Interesting. So that's quite a lot. So there's the math side of it. And then there's, again, the state level side of things. And I want to keep, I want to move on, but it is worth talking about that.
There's a bunch of ambiguities outside of the math when it comes to the state lines. State statutes often require tickets to be sold at a licensed premise, which brings up this weird question of like, if a player orders on an app from home, who is the actual seller and where did that sale occur for legal purposes? Like Colorado's state auditor noted that under the courier model, it might not be clear who is selling the tickets or where they're being sold to. Like a player might reasonably assume I made an online purchase and therefore a different set of laws and regulations exists.
than if they technically made the purchase in a physical store in a place they never set foot in. And this ambiguity and clarity creates like weird law enforcement issues when it comes to age and location. An investigation in Texas found that Lottery.com, the courier, and they will come up again later, had sold over 500,000 tickets to out-of-state players, blatantly violating state laws that the tickets only be sold to in-state customers.
This occurred in 2022, which would suggest that lottery.com's controls on geolocation were in some way flawed or circumvented by the user base. And the fallout of that, this is important to the story, was pretty intense. Lottery.com's app was pulled from the app stores. Its license was suspended and its executives faced separate fraud charges. There was unrelated securities charges. Lottery.com got in a lot of trouble. And I want us to all remember that for a few minutes from now.
Yeah. Given how much time is spent on re-geolocating our digital devices, it's like how much...
They have to be so far ahead of it. I even know when I'm traveling, sports betting, a lot of TV platforms, if you're an F1 fan or if you're trying to load any kind of digital streaming platform from your home country, they only have rights for that content in your home country. So it becomes this like, oh, I'm on the road and I want to watch this tennis match. And it's like, oh, I can't actually use these apps because they don't own the rights for that content to stream where I am.
So then you kind of have to geo relocate to where you're supposed to be. And then all of a sudden it works again. And it's like this, that's a real, what am I trying to say? I'm trying to say that's a really fast moving target and a big liability for these companies. And I'm sure it's part of the risk planning. It's also a very low barrier of technical entry for compromising a system with like millions, if not tens of millions of dollars on the line, which makes it really, really interesting that you have like,
Hey, lottery.com, why did 500,000 people buy lottery tickets from you from outside of this state when there's explicitly a law against that? And you know that because you use this geofencing technology. But the other thing I'll shoot back is like, I can fly to Austin tomorrow, walk into a corner store and buy a lottery ticket. And I'm not from there.
The barrier to buying the ticket is literally no different. It's just that there's some arbitrary antiquated law that requires me to be physically present at the point of purchase in that state while I make that purchase. It is arbitrary at the scale of one ticket for sure. It has nothing to do with residency requirements, has nothing to do with anything.
And I'm just going to keep going because I think that when you're talking about regulations and stuff and all of the complexities around this, I think it's largely based on the fact that U.S. lottery winnings are taxable. In Canada, they are not. So the states want their percentage of tax. So if you're a Florida resident buying a ticket in Colorado that has a higher state tax and you win, they don't want you to redeem it because they want their portion of it.
Where in Canada, it's even more arbitrary because we don't have tax on lottery winnings. So it's like, who really cares where you are? I think that there's something, there's the tax thing, which is a practical economic benefit of having the win occur inside of the state where the money was fed into the lottery. And then there's kind of just like a
spiritual defeat of we poured all of this money inside of our state into this lottery and then who won it someone completely outside of it like there's just almost something about like a texan winning the texas lottery that i think matters to people i think that's part of why people got so mad like the money sucked but there was just something really icky we wanted one of us to win bingo yeah
And instead, enter Bernard Marantelli, a British bookmaker known for launching the betting startup Colossus Bets. And his financier, I want to make sure I get this right, Zelushko the Joker, running a check. A reclusive Australian billionaire famous for exploiting gambling systems at scale. These two people, fascinating characters.
There's quite a bit of experience in high volume, statistically optimized betting, often targeting systems whose odds could be bent with enough money and math and time and resources.
And in the lotto, Texas, it would seem they spotted something of a target. Relatively low odds, 25.8 million possible combinations, and no legal caps on ticket purchases. And then third thing, the existence of a digital courier system that made bulk buying feasible. You take all three of those things, pretty good odds, no cap on ticket purchases, and a remote system for purchasing these, and you've got this sweet spot where once the prize gets above a certain point,
funnel money at it and you can win this thing. Remember how we spent a little bit of time talking about how in 2022 lottery.com kind of got wrecked after their own little scandal of selling all those tickets out of state a few minutes ago.
Guess what courier company that had recently regained its retailer license and was struggling after that massive fallout was more than happy to facilitate the dump truck of sales that this would require. Could you imagine being like a person working there and getting a phone call being like, hey, I need to speak to somebody about buying $30 million in tickets. I want to kick back on the retailer kickback.
And you've just gotten the license back and people are like... If you're going to make a $26 million purchase, you know that the retailers get a percentage of each ticket. Yes. So I would negotiate that. Be like, I'm about to spend $26 million. You get 5% of it. That means you're going to get whatever, $1.3 million. I would like $300,000 of that back. I'd negotiate that if I was about to do a $26 million buy. Yeah.
You wouldn't be alone in that. And you're going to be furious at the numbers you hear lately, because I would argue that that opportunity was maybe not taken advantage of to its fullest, which is an interesting twist in a situation where it feels like a lot of opportunities are being taken advantage of. So using dozens of terminals across Texas to print nearly, again, every possible combination, they used QR codes for sort of the heart of the automation.
In order to do this, lottery.com actually had to request dozens of extra, like in order to just fulfill this order from this like British gambling printers, they had to get extra lottery ticket terminals, which the lotteries vendor rushed to install at four of these makeshift like front end locations, including a warehouse and a defunct dentist's office that they spun up. And these terminals were operating like simultaneously in parallel and we're just printing tickets around the clock for three days.
The bottleneck would have been manually entering numbers. So instead, it was quite shrewd, they had an automated system generate QR codes for each possible combination, effectively creating these little bet slips that instead of having to take the time to type it in, you could just scan it with a camera app and it would
It would speed up each one of those. And then they had crews of staff, including family members of children, using smartphones to scan these QR codes into the machines, achieving an output of over 100 tickets per second. Wow. Aggregated across the different terminals.
They purchased 99.3% of all possible combinations for the lottery. They deliberately omitted a small fraction of combinations, like one, two, three, four, five, six, certain birth dates to minimize the risk of splitting the jackpot. And all of those printed tickets were stacked in labeled boxes so that the winning combination could be located afterwards. They needed to be able to actually find it in there. Let's hang there for one sec because that seems insane to me.
to omit a fraction of the tickets. Because probabilistically, they have the same probability as winning as any other number. Granted, there are distributions and people do analysis on this stuff. There are numbers that hit more frequently. But to leave... Imagine you lost because...
You cheaped out by $70,000. You didn't pick a birthday. I didn't quite get that either. I don't get why you would rather not. I don't get why you would rather a guaranteed loss for a marginal savings than the terrible possible income of splitting the pot and at least making some of your investment back. Like to me, that would seem like a hedge. I didn't get that. It came up in multiple pieces of reporting that they avoided certain numbers to avoid a pot split. And I don't get why.
I don't get why either. And I never saw that commented on in all their reports. Like I miss, either I'm missing something there or they know something. I would guess that the high stakes international gambling boys of the Commonwealth know something about lottery gamification that I don't, but I didn't get that either. That would be, that would be my, like, I assume we're missing a piece of the data that these professionals did not. Yeah.
I'm sure there's a reason why they didn't do it. It wasn't to save a couple hundred K. A little bit, 100%. And open the risk window up to losing it all. Yeah. So you end up at the end of that with this massive dump truck of lottery tickets, indexed in boxes, ready to go on the day. The lottery happens. It's rolled over multiple times. The prize is swelled to $91 billion. And sure enough, the syndicate's ticket hits the jackpot. It was the sole winning ticket. So crisis averted.
They claimed the 90 plus million dollar prize anonymously via a Delaware LLC called Rook TX. Nice. Took a lump sum payment of $57.8 million, yielding an estimated profit of about $20 million after all of the expenses of doing this scheme. Lottery.com, the courier whose tickets enabled all of this, earned $264,000 in commissions from the massive sales volume.
That's lower than I would have expected, honestly. It's simultaneously a lot of money and not nearly enough for the heat that this all threw off. I think that's not enough money for what happened here. Like setting up, like getting a month lease on a former dentist office, bringing people in, running 24-7 crews for $250,000 doesn't, it seems...
Like it is still, yes, a lot of money, but I would have assumed it would have been bigger. Like if I was them, I would have negotiated a percentage of the winnings, which I'm guessing is just flat out illegal. Yeah, probably. But said about the company that was just, they got their license back from the previous illegal thing. The courts deemed that illegal. I think I can say that like, yeah, it's all very odd. Um,
People did not like this. It came up pretty quickly who owned this company and there was a lot of fallout. Um, at the time, Texas lottery officials sort of publicly stated a belief that a feat like this was impractical. And they said, quote, this caught them kind of by surprise in reality. Yeah. In reality, there were warning signs about this. Um,
The New Yorker piece about this that recently came out due to the sort of recent bannings, I highly recommend you read it. It centers on a character, a lottery watchdog named Dawn Nettles, a woman who by herself publishes something called the Lotto Report, which is a small regional publication focused entirely on the Texas lottery. She's like the bulldog kind of hero who had been like big short style, like banging the pot, being like, there's a problem. Someone's going to game this.
look at that British Australian weird gambling tag team they're about to game this oh wow they did she was the one she was the one warning that an out of state group was attempting to screw every player and retailer that was playing the game um
executives at a rival courier, lotto.com, alerted the lottery director a week in advance as this whole thing was being booted up saying that like, they learned about the terminal request and they pieced it together and they're like, the optics of this to the Texas lottery is gonna be atrocious if an outsider wins this local jackpot. It's gonna set us all back. Please stop this. And it forged ahead regardless. The then director approved the extra terminals. It's a free market. It forged ahead. Two years later,
this all kind of had been like boiling, boiling, boiling in the aftermath and blew up into a full fledged scandal. Um,
Texas's lieutenant governor decried it as, quote, the biggest theft from the people of Texas in the history of Texas, likening it to like a big robbery. That's a little over the top. A little train heist. It's a little train heist, but it's got a good Texas energy to it. There were investigations launched by the attorney general and the Texas Rangers. The Texas Lottery Commission's leadership has upended the longtime director, a guy named Gary Grief.
Gary Reif. Great name. Abruptly retired. And his deputy, a guy named Ryan Mandel, took over to resign a few months later amidst criticisms that he too was part of all this. Yeah.
Until just recently, a time of recording in 2025, the commission does this about face and bans all of these third party courier app sales in Texas. They immediately revoke any retailer license found to be assisting these couriers. They pass bills to criminalize online ticket sales and threaten to abolish the lottery in its entirety if it could not ensure its integrity from this type of thing happening.
What's interesting about all this is that at the time this occurred, this bulk buying scheme appears to have been legal under the then existing letter of the law. They cashed out. They cashed out. So like they got their money. Yeah. So it's like nothing prevented it. No, there was, they knew what they were doing. This was all totally legal. Like it was gamification. It was a vulnerability in the game design, not in the law. And that's a very, very important,
A seemingly trivial distinction, but a very important one when you have like $95 million on the line. Yeah, sure. It's the Pepsi courier jet problem. Couldn't put it better. Deep cut, but couldn't put it better. Yeah, yeah, yeah. I don't know if you've ever like...
chased the rabbit holes gone down the rabbit holes in regards to like people that game point systems credit cards yeah yeah yeah yeah points guy i love that stuff yeah like i i i haven't looked at it in like decades but like i have a friend that was into it and i was just like like i guess like if you need purpose like this is a fun thing to do to like like a game like yeah yeah the return on your investment of time is really quite low you should just go get another job but but the
But I don't know. I just think it's a fun game that some people like to play, and I'll never knock that as somebody that puzzles and stuff like that. But it is such a weird world. And this, to me, just makes total sense. If you've got a probabilistic certainty that you're going to win, then the risk becomes at what probability...
do you split or split three ways and only cover your costs or not quite cover your costs, but then you look at the risk-reward portion of being like, yeah, but if we don't split, how much do we make? 20, 30 million bucks. Yeah, to me, this is like, I don't know, like lottos set up to be like this. And if you're smart enough to recognize it and to...
have the ability to pull together the capital to execute on it and so it was like so be it they did they got with it totally legal like the the fallout was huge a bunch of people got in trouble totally as a result of the texas career lottery career app scandal but it was not the people that won the texas lottery totally yeah um i was gonna say the one thing that does
stand out to me is that the outcome is always the banning. No more of this. This is, again, just like a knock-on effect of the technological revolution. It's like all of our governance and governmental and policy systems are based on a world that just no longer exists anymore. And it's like this is forcing them to all catch up. Look at what Airbnb is going through.
It's pretty much ruined affordable housing in most urban metropolises. It has not helped. Yeah. And the response now is governmentally just banning it. The province, i.e. state that Jordan lives in, has a statewide ban on it now. I think it's only approved in a small handful of hyper-touristy places, but that's guaranteed to go too because the same thing is happening in the province that I live in.
The cost of living in those tourist towns was already so high. And now that like an apartment can rent for $700 a night, you know, makes it...
economically much more viable to be rented as a short-term rental than to rent it to a small family working hospitality jobs for $2,000 a month. So it's like, it's just, it's, yeah, we just, our world's moving and it's only going to keep moving faster than we know how to respond to. Yeah. And like,
like housing, very different than housing in almost every way that counts. But similar to that is you also just have like the cultural context of how people feel about the thing. Like there's a lot of anxiety about housing in the places where we live. And weirdly in Texas, like the relationship with gambling is a very fraught political issue. That New Yorker article spends a lot of time talking about that where it's like you have giant schisms over things like, like,
Like something like gambling. It's like, are you the kind of person that thinks that no, freedom, liberty, you should be allowed to gamble if you want to. Or are you the kind of person that thinks that it's a sin and it should be illegal? Like that's where that cultural line sits there. And then you have something like this where a British guy and an Australian guy game that thing that you already think is a sin and make off with tens of millions of dollars of money from mostly Texans. It's really, really interesting.
Just on the topic very briefly, and we should move, we should kick over to ads. But after I finished reading about this, struck by the fact that this was technically legal, I went looking at other lottery compromise type situations to see. And they're overwhelmingly not. And that's kind of what makes me find this so fascinating is that they were able to exist inside the letter of the law while circumventing it.
Whereas previous ones have failed to do so. There was a guy in from 2015 to 2013, a guy named Eddie Tipton. He was the information security director for the multi-state lottery associations. It was his job to protect the integrity of the lottery draw. He wrote a secret backdoor into the random number generator software used by several state lotteries. And the code caused the machines to produce predictable numbers on just three dates per year.
Even better. A pattern that only he and his accomplices knew. So they could go out and across Iowa, Colorado, Wisconsin, Kansas, Oklahoma, routed through people on these special specific days, knowing this random number prediction to go out, buy tickets over this stretch of time. Just sneakily in the background, they collected just shy of $20 million. Wow.
It didn't unravel until 2010 when he was caught on a gas station surveillance camera buying a winning ticket himself in Iowa.
That was what ended up falling apart. He told a story about what it was, but a forensic audit of that random number generator revealed the unauthorized code, which they then were able to look at the winners on those three specific dates it all unraveled. But so many of the other stories of lottery compromises are that kind of thing. And I found it so fascinating that like this hack worked because it was not illegal.
It was like, no, there's a vulnerability here, but it is not a legal one. Yeah, you used the word circumvent, and it kind of sounded like you meant circumventing the law, but they didn't circumvent the law. They just circumvented the system. Yeah, and I misspoke just now. It was the law. There was no vulnerability. The vulnerability was on the game design side and in the law, but in different directions. Yeah. Yeah.
I feel like if you've got a situation where your possible combination count is lower than the prize pool, like if the cost of playing every number is lower than the prize pool...
you need to run, it needs to become a special event of something. Like maybe then you, like you were saying, add another number, split it up into two separate pots. Like you need to do something to dole it out a fair way. Because if it's like, who can say no to mathematical certainty of like a high probability return of a lot of money? Like these guys couldn't. And like, I don't judge them for it. Like good, good for them. If I told you that guaranteed, guaranteed,
If you just go bet, like, you would mortgage your house if you had this level of mathematical certainty. The most risk-averse person, it becomes rational to do this. 100%. Yeah, yeah. And that's sort of what these two guys did professionally was sniffle out those mathematical certainties. Yeah.
Anyway, should we kick it over to the ad pool? I think it's time to head on over and then we can chatty chat when we're back. Identity attacks, phishing, credential stuffing, session hijacking, account takeover. These are the number one causes of breaches right now. But most security tools still focus on endpoints and networks and infrastructure. And meanwhile, the browser, the place where all that stuff is really happening, where people actually work, that's been mostly ignored. Push changes that. They do. Yeah.
They've built a lightweight browser extension that observes identity activity in real time. It gives you visibility into how identities are being used across your organization, like when logins get multi-factor, when passwords get reused, or when someone unknowingly enters credentials into a spoofed login page. Then, when something risky is detected, Push enforces protections right there in the browser. No waiting, no tickets, no compromise.
It's visibility and control directly at the identity layer. And it's not just about prevention. They monitor for real-time threats like adversary in the middle attack, stolen session tokens, and even newer techniques like cross-IDP impersonation, where the attacker bypasses SSO and MFA and registers their own identity provider.
Think about it all taken together. It's sort of like endpoint detection response, but for the browser. Yeah, and the people behind it, amazing. All offensive security pros published tons of research, came on our pod, talked about their software, their backgrounds, their everything. They break down exactly how these things work. And yeah, that's it.
They are great. So definitely check it out. Identity is the new endpoint and Push is treating it that way. Check them out, pushsecurity.com. That's pushsecurity.com. During the AdWater slide, I was sliding into thoughts about if you're a lottery or gambling corporation that relies on random number generation, how is the random number generated code not reviewed frequently, highly analyzed?
MD5 hash to make sure that it never gets changed in the background? How is there not multiple levels of security to make sure that nobody mucks with the random number generator? To write code in there that would be specific enough to only become predictable on specific dates would be actual code. You'd be able to see that if you were reading through the source code. That surprises me, the lack of code control.
I don't know why, but I was just thinking about that during the outbreak. Sure. And we should move on because we've subjected the people to enough lotto talk. But I think... Support the arts, buy lotto tickets. Support the arts, buy lottery tickets.
Not an official endorsement. But you're saying that as the person who would be in charge of that. And to me, that thought of, wow, this random number generator is really quite deeply important to this whole system, is one path you could go down. Or you can go down the path with $20 million at the end of it. Yeah.
And as long as you don't buy a ticket at a lottery station, it would have seemed that was working for a long, that path was taking him to $20 million. I can see how, I can easily see how you didn't make money going down that path. Okay. Different point. I'm just surprised that there's less corporate controls that prevent that path from ever happening. Sure. I think that that is reasonable. Yeah. Anyway, to move on. To move on.
The other day you and I were talking about this $16 billion credential leak. 16 billion credentials, not dollar. Sorry, not dollar. We've been talking about money so much. I got to give the prefix for this. Yes. Somebody that Jordan and I work with threw this up on Slack and was like, everybody should change their passwords. There's all of these passwords in the dark web. They know all of our passwords.
So like, go reset all your passwords. And I immediately like fired Jordan a message. And I was like, this is, I don't know, this isn't meant to be rude, but it was comical to us because we spent so much time talking about this, preparing the show, making the show. We just inherently know that every website has been compromised.
their entire password list has been fed into some massive directory that you could purchase on the dark web. To me, that's not new news. No, that person was right to use it as an excuse for everyone to just do a good audit of their passwords and their multi-factor authentication. All that is good and well and true. What's fascinating about it is the headline is,
You know, this sort of the narrative that was spun around it, one of the largest data breaches in history, 16 billion user credentials. They're now online. You hear 16 billion user credentials and a quick gut check of that goes like, well, there's 8 billion people on Earth.
So even assuming that only some subset of them are on the internet and most of them have probably a lot of accounts, I have to assume some of my accounts are in there and it begets urgency because if there's a new leak of that many, even if I knew I wasn't in one of the old leaks, at that scale, I must be peppered in that new one.
It was a cybersecurity news outlet, CyberNews, revealed this discovery, talked about this massive set of credentials that have been exposed on the internet, billions of usernames and passwords stored in a format that's associated with a very common info stealer malware, like a little piece of malicious software that steals sensitive information from infected devices.
It is worth talking about this because there's a clarification about this massive credential leak that is warranted. This was not a new breach. No. No. Researchers at a couple different places have confirmed that these credentials, like most of these credentials, the vast majority had been previously leaked, stolen over years, going back. It's an aggregator. This is an aggregate.
Yes, these are from info stealers and credential stuffing attacks and a bunch of different data breaches. I'm guessing most of which we've talked about in this show, but they've been circulating for months and years. And what happened here was they were collected by a threat actor or security researcher. We don't know where it came from, but this was existing information that was collected and repackaged into this ginormous data set where it was then shared freely on the Internet and
I'm going to throw you a hypothetical, Jordan. Please. You're the vice president of marketing for a password manager. Is this not the greatest thing you've ever seen?
When Forbes, all of the major news articles start running this massive thing about how all your old passwords are compromised. Because it's true. If you go back to listen to episode five, Problem with Passwords, I talked about having tiers of passwords. I've since moved entirely to a password manager. I have massive unknowns for every account. And it makes my life so much easier. I just hope.
for the love of God that my password manager never gets hacked, which a few have. My password manager has the ability to look at all of these breach lists. Have I been pwned is obviously the big one. And it tells me what accounts have problematic passwords. And any of the accounts that get flagged are the ones running my passwords from episode five.
because they've been around long enough. And the funny thing is that they're all on accounts that I never use and most of those websites don't even exist anymore. So when I go through to clean up my dead password lists, half of them were forums about synthesizers and stuff that I was into at that time. And I had an account on it and I put it in a really garbage password that I used my lowest tier of password.
And yeah, sure. It existed in 60 places and at least 10 of those have probably been compromised over time. And now it's just publicly available. Like I could almost tell you, I could almost just read out. I'm sure somebody, some fan will go in and look up.
Find my emails and be able to go in there and tell me what my old passwords used to be. It wouldn't be hard. Yeah. They age out. Like that's a good way of thinking of passwords is that at a certain point, a password just simply ages out because somewhere down the line, some breach or compromise happened and,
But it is important that when we see a headline like 16 billion credentials leaked, there was Rock 2024 had 9 billion. There was Collection 1, which is 20. Whenever you get one of these, it is worth...
And you don't want to understate that passwords are still a huge vulnerability and credential identity theft is like, that is how most of this stuff happens. But it is not 16 billion new credentials have entered into the world. Exactly. It is that there is constantly this aggregation and collection process that is unfolding between bad actors, researchers, average, every curious people.
People make these collections and those collections get out in the world. And that is what has occurred here. So to go back to my hypothetical, you're the vice president of marketing. Sure. What are you doing? What are you doing with this information? I'm probably making a blog post that reads roughly like what we just said, which is couching this in context, which is that.
I mean, you could go a lot bigger than a blog post, but the sensible thing to do is like there was this event that occurred. Here's what it is. And it is a reminder that all of this information is ever presently sloshing around on the internet. And that's why you want a password manager. Like it, the threat is different than that headline characterizes it, but it is still a good reminder of the threat. Yeah. Well, that I like to, for me, like I'll flip it back on myself. It's like, this isn't one compromise, you know, it was,
If every password is unique to the site that it's used on,
then does it really upset you? Because the big thing is cross usage of these passwords. If I see that Jordan uses this password and then I go log into his email using that password and it works, even though Google Mail or whatever might not have been compromised, if you're reusing your password, voila, all of a sudden I'm into your email, which is again, as I've described, a key chain because now I can just reset all your passwords from there now that I have control of your email. Yeah.
Yeah, I mean, Bitcoin scams to all your friends. Yeah, it's the tiering of passwords thing that we always talk about. It's like you have to think about what is the top of that pyramid in terms of vulnerability. It's like, totally, all these accounts are not created equal. This one can turn into a compromise for this one, which can turn into a compromise for this really special one. So you have to like work your way backwards, hack yourself in your own head, and then secure against that and then just do that over and over again. And hope you're hope you're good.
So if this comes out and I'm VP marketing, I'm loving this. I'm reallocating our annual marketing budget to this quarter and I'm riding this stuff because this is... I've personally converted three people in the last two weeks to using password managers. And it's not even because of this story, but I'm sure it's because they passively read something on the internet and they asked me a question about it because they know that I know about it. And I'm like, yeah, you should definitely use one. One of them...
a friend of ours from Chicago who was just staying with me, he, he'd asked me a simple question about it and he wanted to give it to his entire family because I told him that honestly, one of the gifts that I often give nowadays is an annual subscription to a password manager. It's like, I give those out as like presents and, uh,
He did the same for his family. He looked up how much a family plan costs. And it was way less than I expected. It was like four bucks a month or something. And I was like, yeah. They're table stakes. It doesn't matter which one you use. There's so many of them. But the basic idea that like now you have these...
very long randomized passwords for every single one of these things. Like it, it's table stakes for existing on the modern internet. I would say. I do. And I think we talked about this recently, but I do love, like, I just reset a few passwords the other day. And one of the passwords that I entered into, it was PayPal. I reset a PayPal password on one of my PayPal accounts. They had a maximum character length. Really? And I was like, you were PayPal. Yeah.
Like you were a money service. Why do you have a maximum password length? Is there any technical reason why that like shouldn't. Okay. I was like, I'm trying to think of like, is there some galaxy brain thing of like, Oh, it passed a certain point. It could be a vulnerability. If you were able to do bit, bit, bit like through any technical reason you can think of why that's good. Or is it just bad for, for a company like PayPal to have that? Like when you put something through a hashing algorithm, it comes out as equal length. So it doesn't matter what you put in. You could put in a,
4.8 gigabyte text file. Sure. I saw it. It'll come out with like a specific fixed length. Yeah. Right. And it's like, so why do you care what length my password is? If you're, that implies that you're not using hashing. And then if you're not using some kind of hashing algorithm, what are you using? Like typically if it wasn't PayPal,
I would just assume that they were saving it unencrypted and that they'd set the field length to a specific number, which is terrible security. But we've talked about so many things where it's just like, oh yeah, it's just a plain text file. Maybe the file was encrypted, but inside of it, it wasn't. And it's just like that that's come up so many times on this show. And I'm sure that is not what PayPal is doing. No, definitely. It's PayPal. Yeah.
Yeah. Yeah. Like my bank is connected to it. An international banking institution for all intents and purposes. Like, yeah, it's PayPal. So I was shocked. I'm pretty sure it was PayPal. I should put a flag in there that if it wasn't PayPal, please don't sue me. But I'm pretty sure it was PayPal. Yeah. Come on the show and talk about security and we'll proudly correct that. Yeah.
Interesting. Yeah. Dodgy. Dodgy. Anyway, password managers, use them. Password manager, use them, reset your passwords. Go to haveibeenpwned and see all the times you have been pwned. Look up all your emails. I wonder if I go there now and look up Scott at Hack Podcast, what comes up. Anything else exciting happen? I feel like I've got a bunch of things ready for our next like,
I don't have like notes and stuff, but I just have like next chatty chat episode. Like whenever I read something, I'm like, well, I'm going to talk to Jordan about this. I want his take on it. I have a chat with myself and our team Slack that is just basically a list of links I want to talk about. I'm very excited for the next episode to do a true chatty chat. No pre-scripted, did a bunch of research story. We're going to try being just a hot mic podcast just for the fun of it.
I think one thing that I would like to just have a, if we're going to go into the, like talk about what we care about. Yeah.
We recently talked about how Apple was way behind in the AI war. Yes. And there's a bunch of news coming out that Apple might be buying Perplexity. And you're a Perplexity. Wow, I can't say that word. Yes, you can't. I really can't. You're perplexed by it. And I'm pretty good at saying words. And you are a Perplexity user. I am. I am. As I discussed earlier in the episode, I use Perplexity for on-flight research and stuff. Yeah.
Yeah, $16 billion. Am I making that up? Or am I just taking the number that we used from the credential link? I think there was a discussion around Apple might be paying upwards of $16 billion for Perplexity. It would make sense. I can't speak to what the rumored price would be. I had seen Apple, the people talking about that Apple, like Perplexity could make sense as an acquisition for Apple, who seems to be struggling with the development and implementation of their own LLMs, generative content.
Not that Genmoji aren't the future of computing or anything, but there's a story there and maybe some acquisition of a bunch of talent and pre-existing tech could be really cool. And maybe a perplexity is the thing. I also saw rumors that Meta was sort of like buzzing around them a little bit, but they seem to have a little bit of a better toehold on the tech. Meta was apparently going into open AI and throwing just insane amounts of money at senior people.
Oh, to try and like draw them away. Sure. Yeah. One of the, one of the news articles I read about that was that they were offering some senior people, a hundred billion dollar signing bonus to come join me. Yeah, exactly. I'm watching Jordan's eyes get huge. Like an involuntary response at the size of that. And that has to be like a psychological thing to be like, Oh, the head of that department went over to meta. That tells a story to all the other people that maybe that that's the place to go. Cause I cannot imagine that one person could provide that amount of
The crazy part of that story isn't that Meta's trying to buy talent because they see the market opportunity is going to keep growing. It's the fact that I didn't read of any successful conversions. So like what's going on at OpenAI when somebody's coming up to you and like handing you a blank check to come join and make a boatload of money? And you're saying, no, I'm good.
Oh, yeah. So there's a few ways you could go with that.
One is disinterest in working at Meta could supersede financial compensation in some way. That's a lot. I feel like 100 million pays for a lot of ethics. I would agree. But I'm just drawing out the space here. Yeah, yeah, yeah. I simply don't want to work at Meta so much. There's something about OpenAI's compensation model, be it the stock, the crazy trillion dollar evaluation. Maybe not for profit that they are. Maybe there's a path.
to a similar amount of money and they're going, you know what, I'm gonna stick on this road. It's been working really well. So there's not wanting to be at Meta, a financial reason for wanting to stay at OpenAI. And then there's the r/singularity. Oh no, they've invented God in a basement and they're about to release Gen Blink.
That level AGI and it's, there's that, there's the kind of crazy sci-fi conspiratorial direction, the money direction, and then the inverse money direction. And I don't know which, which it is. You've got to assume like, and this is just, you know, we are in the chat mode, but like you've got to assume that the hundred million dollar signing bonus is to offset employee option value. Yes. So like if you've been around for a long time. Yeah.
Your initial option, Dola, was at like 20 cents a unit and a $20 million valuation. Now OpenAI is valued at TBD. Lots. Sam Altman seems to be like at a generational level more gifted as a fundraiser than anyone alive, I would say. He has proven to be the person that can raise money
in a way that I can't think of any contemporary to. It is as, I'm not going to say as remarkable of what they've achieved technically, because they've achieved some stuff technically that's pretty damn remarkable, but boy, is he good at it. But also, if you've just given a $6.7 billion signing bonus to Johnny Ives, how much money do you theoretically have in enterprise value now?
I forgot what we were talking about. Perplexity, Apple, we got to open AI. I just want to jump back to perplexity because as a perplexity user and as somebody who's been building AI's agentic systems frequently and commonly these days, something I'm quite into, perplexity is just an agentic wrapper and it's a really good agentic wrapper but there are...
I feel like I could build some of the basic perplexity functionality, not in a deployable production-ready enterprise way, but in a couple weeks.
I was going to ask.
wraps around those models anyway. And I'll say that that gap is shrinking. Gemini has gotten very good. OpenAI has launched deep research. Deep research started as an open source project. And it's like, I can go fork that branch right now and build off of that and probably build a lot of perplexity-like functionality pretty quick.
That might, in the last episode, I made a big swing that for Apple, letting the LLM that a person interacts with be a customer choice and giving those like hooks into the system might be how Apple, uh,
steps into the AI world. And that kind of maybe makes a lot of sense with perplexity where they're like, oh, we're not really worried about the model. We're worried about the hooks and the user interactions. It's like, yeah, yeah, yeah. That's kind of what they might be doing. A super gifted team to be like, here is iOS and Mac OS. Yeah. Where do we hook this in and how do we best hook it in? Because I will say perplexity has done a great job of that.
And their agentic systems, like the Perplexity Labs thing, it will write code to generate me charts and graphs. I'll be in the middle of, make me a document on this so I can learn about it on the plane. And you'll be watching it go through doing all the subset research and gathering all the pieces and structuring the document. And then it'll want to show me a bunch of visuals and it'll write a bunch of Python scripts that output pings. I'm like,
Pretty good. They've done an exceptional job at it. I could see Apple finding value in that for sure. Because the thing for me is when I look at Apple intelligence and its implementation on my phone and my computer and my iPad, I don't see it. It's not there really. Not currently. It's like, sure, I'll open up a message to send you a message on text.
And I'll get this little rainbow text strip and it takes me longer to close it. Like, I just don't even want it there because that's not what I was going to say. It's never, it never guesses what you want to see, right? The text summaries are comically bad. I have more screenshots of those that I've sent to people of what their text was summarized as being like, this is how I receive it. It's like, and I think I've just turned them off at this point. It's not, it's not good.
Maybe that is what Apple's identified as their weakness, because I could see that. I don't love how they've integrated intelligence. From the sounds of it and the research that I've done, their backend teams, like the Apple ML people, the MLX people, seem really good. I think that they're really pushing the right direction with that, with the foundations models platform and the micro models that they're fine-tuning.
that will actually run locally on your devices. Great ideas. Yeah, I think they're moving in the right direction in a lot of those things, but the actual user experience piece has been, I would say, not good. It's been rickety. And then meanwhile, ex-Apple person Johnny Ive, you'd mentioned the $6.5 billion acquisition of OpenAI purchased the hardware startup co-founded by Apple designer Johnny Ive.
$6.5 billion, a very weird multimillion dollar rollout video about them being friends in San Francisco. Kind of cute. It was a whole thing, dominated a little tech news cycle for a minute here. And then last week, this must have stung, OpenAI scrubbed all mention of IO, the hardware startup that they actually purchased for $6.5 billion from their website, including the announcement that
including the nine minute video that I referenced due to a court order following a trademark complaint from a company called IO about their name IO spelled differently. But I'm just imagining what it must feel like.
to spend six and a half billion dollars to get to release a nine minute mini documentary about you and Johnny I bumming around San Francisco having a glass of wine and then getting a court order and having to just quietly take it all down oh that's gotta sting and here's the thing is like the they're proposed like all of the all of the leaks and chatter about what they're building like the little iPod shuffle that goes on your neck yeah
Google XR glasses, the Apple glasses, metas, the Ray-Bans, they just launched Oakley, Oakley meta glasses. I don't know. I just feel like without vision, like without some form of visual interface, there's going to be so much deficiency in the potential output that you could get from the AIs. Mm-hmm.
I don't know if you're getting, I'm getting flooded with gross online ads for Timu, AI bracelets. Just listen to everything that you say all day. Funnel it to an app on your phone. Funnel it to an app on your phone, which feeds it to an LLM so you can ask questions about it. Like, oh, what did Jordan say about this? What did Jordan say about that? The last thing on the planet that I would ever buy. But the...
I just don't see as much value in that as I do in something that's helping me interact with the world, not just paying attention to me interacting with the world and coming out with it. Yeah, it feels like what it's going to be is a big software innovation that they bottleneck behind a piece of hardware that everyone collectively, all three, two, one in unison goes, that could have just been an app. Like that seems like where this is going.
is that the hardware is like, well, no, but now it's closer to you so it can hear better and there's a camera so it's watching and it's like my phone does have all those things. Totally. Maybe there's something magical about wearing a necklace outside of your shirt and then you get into a whole, like I don't know, but it really sounds like it's going to be that OpenAI rolls out some kind of agentic life assistancy type piece of software that's probably very, very good. Oh, for sure. That they bottleneck behind hardware.
like that seems like what this is going to be it's like yes if openai made a phone this would be on their phone but it'll probably be hidden behind the paywall of a piece of very slick johnny i have johnny i've hardware so the i looked up perplexity's valuation just for interest 14 billion is a rough internet approximation and then i was like i wonder what open ai's is open ai is rough internet approximation of 300 billion
300 billion. 300 billion and they spent 65 billion on this. I'm so... We're going to follow this hardware thing because I find this... 6.5 billion. Oh, 6.5, sorry. 65 would be insane. I misspoke. Not that 6.7 isn't insane. It is. For a 30-person company. Yes, yes. You're paying for Johnny Ive. You're paying... He's an extremely good industrial designer. Obviously. Iconic. Johnny Ive, hooray. Yeah.
Six billion dollars? My God. You could buy the Bauhaus school. You could get all the designers in the world. So maybe there's some massive technical innovation on that hardware that none of us are seeing. And it truly is an iPod moment type thing. Like, I don't know. Probably an iPhone moment is a better analogy there. But maybe. Maybe. Or it was a really expensive video. Yeah.
$200 million per employee. Is my math right on that? Six point. That would be more than the meta $100 million acquisition cost. Yeah, true, true, true. But yeah, just an insane, insane, insane money. It's going to be fascinating to see what happens. And here's the thing. It's like we talked about earlier in the story about lottery is like,
the government's gonna have to step in and regulate and respond to this at some point and as they do it will be two to five to ten years later than it should have been we could point to crypto for this we could point to airbnb for this we could point to so many different things but they will step in eventually and it's like what is the next 10 years going to look like and that what are these companies going to do is going to be wild
Well, we'll talk about this in the next episode, the pure chatty chat. But there have been a bunch of Disney V mid journey esque lawsuits that have culminated in the last two weeks. And then as that's happening, some rumors of a Disney plus open AI collab. So the rubber of intellectual property versus intellectual property eating AI models is starting to get it's starting to get real, real hot.
I think that's definitely something that we need to talk about in the next episode of Hacked. Brought to you by Push Security. I think that's another one in the bucket for now, though. I agree. I agree. See you guys next time. We'll catch you in the next one.