Business of Betting - Ep 202 Manu Gambhir / Xpoint

Podcast Release Date:
Podcast Link:
hagrinBPR Review Date: 2024-02-21 01:34:00
Rating: 7.00

Notes:
If you're interested in geolocation services and how your US betting experience is being checked and monitored, this is a good, quick podcast that gives you a biased, but good view of the landscape.

Very good pod, Jason is wildly knowledgeable and well spoken as he's in the industry.

Both great that this was recommended to me by @BronerP4P, but terrible too. This pod basically blows away a good chunk of a two hour segment I likely would have done on "TBWC: Hagrin Part Two Electric Boogaloo". This is a big topic for me and, like many undelivered writings, hopefully one day I get to it. Geolocation software, whether a standalone app for desktops or integrated into the mobile app, is nothing more than a super pervasive and intrusive rootkit. That's it. The companies are collecting data on your devices that 99.9% of you wouldn't have dreamed they would be collecting.

2:30 - Xpoint, competitor of GeoComply. 3-4 years old. US operators prob spending $200-250 mill in geolocation products. $$ spent might go up as more states come online, but current pricing is "monopolistic". US ops doing ~2 bill geolocation checks/month.

6:45 - the closer you get to a border (and im also guessing exclusion zones) the geolocation checks have to become more frequent.

8:00 - Geocomply about 98% of the US market currently. Smarkets/SBK? rolled their own geolocation solution.

11:00 - Manu really believes that there's change coming in the pricing of Geolocation services because right now it's price gouging.

11:20 - "It's more complicated than checking your GPS". 3-5% GPS errors. Geolocation services can check your accelerometer if GPS check fails to see if you moved. Will also check your altimeter to verify location.

15:50 - Pro spoofing story performing bonus abuse - many accts checking in from one location in KY. 100s of checks in KY, one check in a foreign country. Turns out they "may" have replicated the WiFi network around that real KY area so when Xpoint's SDK scanned the area for WiFi signatures (another check its doing). Also were using a custom Android OS which by passed "rooting detection". What's funny is from Jason's "mmhmms" listening to the story, you can tell the realization just hit that maybe rolling your own geolocation service ends up much the same way of rolling your own cryptography. Jason tries to counter with "the cost of the geolocation service vs the bonus fraud is likely competitive" and if I was an attacker I sure know what my next target would be.

18:00 - Geocomply sued Xpoint, lost and had a patent invalidated. Crazy. Currently being appealed.

23:30 - PrizePicks using Xpoint, another announcement coming soon of a bid won vs Geocomply.

29:00 - Jason advocates for transaction rail/banking chokepointing to stop the offshores. I offer no further commentary on this point.

Questions I would want answered in any future geolocation service interview, which might require more formal requests in the future -
1) What data is being collected? (I know the answer already but lets get it out there in the public domain)
2) What's the data retention policy *really*?
3) What's the security practices securing this data? Is any of it anonymized, encrypted, etc?
4) Is any of this data being monetized by selling to 3rd parties?