Spotify is gambling its stock with an IPO that it concedes is risky

Most companies don’t take chances with the pomp and circumstance of an IPO. Here’s what Spotify is doing differently.

When startups prepare to sell their shares to the public for the first time, they tend to follow a tightly controlled and heavily scripted playbook that makes bankers, customers and, generally, CEOs happy.

Spotify, for better or worse, is trying something truly innovative.

The Swedish company on Wednesday spelled out how exactly it would execute its so-called direct listing, and it amounts to a gamble that mom-and-pop investors will understand and appreciate their music business.

But the company made a number of disclosures acknowledging the risk it’s accepting by selling shares directly to the public.

There are no bankers that will underwrite the listing, meaning no one is trying to make a market for shares. There are no institutional investors who will get first dibs at their shares who could prop up Spotify’s value. And a lot of the rules that are meant to keep a stock from soaring or crashing are out the window.

In short: Expect a wild first day of trading as people try to figure out whether they should buy or sell Spotify, or SPOT, all on their own. Shares in 2017 swung from as low as $ 37.50 to as high as $ 125.00.

“The public price of our ordinary shares may be more volatile than in an underwritten initial public offering and could, upon listing on the NYSE, decline significantly and rapidly,” Spotify says in its filing with the SEC as one of its “risk factors,” or the dire-sounding warnings that the company is required to list.

Here’s what that means:

  • There is no pomp and circumstance of the “roadshow,” during which big institutions get a chance to kick the tires on the company and decide if it makes sense to buy or sell shares. The company only promises an “investor day” — with a presentation to be posted online for others — as part of an attempt to educate possible buyers on the business.
  • There is no opening share price in advance of trading. Morgan Stanley is advising the company on what Spotify calls a “novel” transaction, but underwriters are not purchasing shares early and structuring the first-day trading with their pricing.
  • There is virtually no “lock-up” that prevents company insiders from selling shares for a certain amount of time in order to keep the price stable. The only Spotify owner who must hold shares — for three years from the date of listing — is Tencent and its affiliate.

Other startups are watching closely. If Spotify, last valued at more than $ 20 billion in private secondary transactions, falls sharply below that valuation, it probably won’t look like such a helpful roadmap to follow.

Recode – All

Spotify’s hardware ambitions seem like a risky distraction

Look, it's no secret that Spotify is out to make its own hardware. As of last April, Spotify was already looking for people to help craft "a category defining product akin to Pebble Watch, Amazon Echo and Snap Spectacles." (In hindsight, Spotify's HR…
Engadget RSS Feed

Risky Scripts Pose Threat to Web Surfers, Say Researchers

A popular technique used by website operators to observe the keystrokes, mouse movements and scrolling behavior of visitors on Web pages is fraught with risk. The technique offered by a number of service providers uses scripts to capture the activity of a visitor on a Web page, store it on the provider’s servers, and play it back on demand for a website’s operators. The idea behind the practice is to give operators insights into how users are interacting with their websites and to identify broken and confusing pages.

Which? calls on retailers to withdraw risky connected toys

Which? calls on retailers to withdraw risky connected toys

A recently published study by consumer watchdog Which? has found that connected toys pose a string of complex security risks.

Just in time for the start of the Christmas shopping season, Which? is calling on retailers to stop selling a number of connected toys.

The consumer watchdog organised testing of a range of WiFi and Bluetooth-connected toys on sale at many major retailers, including Argos, Hamleys, Toys R Us and Amazon. These included: Furby, I-Que Intelligent Robot, Toy-fi Teddy, CloudPets, Wowee Chip, Fisher-Price Smart Toy Bear and Mattel Hello Barbie. 

Read more: IoT teddy bears leak more than 2 million recordings between parents and kids

Riddled with flaws

In all cases, toys’ Bluetooth connections had not been secured, says Which?, “meaning during the tests, our hacker didn’t need a password, PIN code or any other authentication to get access.” 

More worrying, in four out of seven of the devices put through their paces, the researchers found that vulnerabilities would allow a stranger to communicate with a child, via that toy. These problems were found in:

  • Furby Connect: “Anyone within a 10-30 metre Bluetooth range can connect to the toy when it’s switched on, with no physical interaction required,” says Which? “This is because it does not use any security features when pairing. Plus, you can make the connection via a laptop, opening up more opportunities to control the toy. Our security experts were able to upload and play a custom audio file on the Furby.”
  • I-Que Intelligent Robot: This uses Bluetooth to pair with a phone or tablet through an app but the connection is unsecured. The Which? investigation found that, “anyone can download the app, find an I-Que within Bluetooth range and start chatting using the robot’s voice by typing into a text field.” The toy is made by Genesis Toys, Which? notes, which also manufactures a doll, Cayla, that was recently banned in Germany due to security and hacking concerns.
  • CloudPets: This cuddly toy purports to enable friends to send messages to a child, but Which? found that it was possible for a hacker to exploit its unsecured Bluetooth connection and make it play their own messages.
  • Toy-fi Teddy: This toy allows a child to send and receive personal recorded messages over Bluetooth via a smartphone or tablet app. Again, Which? found the Bluetooth lacks any authentication protections, meaning hackers could send their voice messages to a child and receive answers back.

Read more: IoT device makers: Tackle security or face legal action

Warning to parents and retailers

Alex Neill, managing director of home products and services at Which?, explained that his organisation has written to retailers to warn them of the risks.

“Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution,” he said.

“Safety and security should be the absolute priority with any toy. If that can’t be guaranteed, then the products should not be sold.”

All of the manufacturers involved were given a right of reply. A the time of writing, only Furby maker Hasbro and i-Que Robot distributor had answered and their responses can been seen here. Spiral Toys, the maker of CloudPets and Toy-fi Teddy declined to comment, according to Which?

Spiral Toys has been accused of lax security before – as recently as February 2017, in fact, when Internet-connected teddies made by the firm were found to have leaked the email addresses and password details of more than 800,000 customers online.

And in July this year, the US Federal Bureau of Investigation (FBI) issued a public guidance notice, urging parents to report weak security in children’s toys connected to the internet.

Read more: More than two-thirds of consumers are concerned about IoT device security

The post Which? calls on retailers to withdraw risky connected toys appeared first on Internet of Business.

Internet of Business