Can’t afford Netflix and HBO and Spotify and Disney+…? Now there’s an app specially built for giving pals your passwords while claiming to keep your credentials safe. It’s called Jam, and the questionably legal service launched in private beta this morning. Founder John Backus tells TechCrunch in his first interview about Jam that it will let users save login details with local encryption, add friends you can then authorize to access your password for a chosen service, and broadcast to friends which of your subscriptions have room for people to piggyback on.
Jam is just starting to add users off its rapidly growing waitlist that you can join here, but when users get access, it’s designed to stay free to use. In the future, Jam could build a business by helping friends split the costs of subscriptions. There’s clearly demand. Over 80% of 13-24 year olds have given out or used someone else’s online TV password, according a study by Hub of over 2000 US consumers.
“The need for Jam was obvious. I don’t want to find out my ex-girlfriend’s roommate has been using my account again. Everyone shares passwords, but for consumers there isn’t a secure way to do that. Why?” Backus asks. “In the enterprise world, team password managers reflect the reality that multiple people need to access the same account, regularly. Consumers don’t have the same kind of system, and that’s bad for security and coordination.”
Thankfully, Backus isn’t some amateur when it comes to security. The Stanford computer science dropout and Thiel Fellow founded identity verification startup Cognito and decentralized credit scoring app Bloom. “Working in crypto at Bloom and with sensitive data at Cognito, I have a lot of experience building secure products with cryptography at the core.
He also tells me since everything saved in Jam is locally encrypted, even he can’t see it and nothing would be exposed if the company was hacked. It uses similar protocols to 1Password, “Plaintext login information is never sent to our server, nor is your master password” and “we use pretty straightforward public key cryptography.” Remember, your friend could always try to hijack and lock you out, though. And while those protocols may be hardened, TechCrunch can’t verify they’re perfectly implemented and fully secure within Jam.
Whether facilitating password sharing is legal, and whether Netflix and its peers will send an army of lawyers to destroy Jam, remain open questions. We’ve reached out to several streaming companies for comment. When asked on Twitter about Jam helping users run afoul of their terms of service, Backus claims that “plenty of websites give you permission to share your account with others (with vary degrees of constraints) but users often don’t know these rules.”
However, sharing is typically supposed to be amongst a customer’s own devices or within their household, or they’re supposed to pay for a family plan. We asked Netflix, Hulu, CBS, Disney, and Spotify for comment, and did not receive any on the record comments. However, Spotify’s terms of service specifically prohibit providing your password to any other person or using any other person’s username and password”. Netflix’s terms insist that “the Account Owner should maintain control over the Netflix ready devices that are used to access the service and not reveal the password or details of the Payment Method associated to the account to anyone.”
Some might see Jam as ripping off the original content creators, though Backus claims that “Jam isn’t trying to take money out of anyone’s pocket. Spotify offers [family plan sharing for people under the same roof]. Many other companies offer similar bundled plans. I think people just underutilize things like this and it’s totally fair game.”
Netflix’s Chief Product Officer said in October that the company is monitoring password sharing and it’s looking at “consumer-friendly ways to push on the edges of that.” Meanwhile, The Alliance For Creativity and Entertainment that includes Netflix, Disney, Amazon, Comcast, and major film studios announced that its members will collaborate to address “piracy” including “what facilitates unauthorized access, including improper password sharing and inadequate encryption.”
That could lead to expensive legal trouble for Jam. “My past startups have done well, so I’ve had the pleasure of self-funding Jam so far” Backus says. But if lawsuits emerge or the app gets popular, he might need to find outside investors. “I only launched about 5 hours ago, but I’ll just say that I’m already in the process of upgrading my database tier due to signup growth.”
Eventually, the goal is not to monetize not through a monthly subscription like Backus expects competitors including password-sharing browser extensions might charge. Instead “Jam will make money by helping users save money. We want to make it easy fo users to track what they’re sharing and with whom so that they can settle up the difference at the end of each month” Backus explains. It could charge “either a small fee in exchange for automatically settling debts between users and/or charging a percentage of the money we save users by recommending more efficient sharing setups.” Later, he sees a chance to provide recommendations for optimizing account management across networks of people while building native mobile apps.
“I think Jam is timed perfectly to line up with multiple different booming trends in how people are using the internet”, particularly younger people says Backus. Hub says 42% of all US consumers have used someone else’s online TV service password, while amongst 13 to 24 year olds, 69% have watched Netflix on someone else’s password. “When popularity and exclusivity are combined with often ambiguous, even sometimes nonexistent, rules about legitimate use, it’s almost an invitation to subscribers to share the enjoyment with friends and family” says Peter Fondulas, the principal at Hub and co-author of the study. “Wall Street has already made its displeasure clear, but in spite of that, password sharing is still very much alive and well.”
From that perspective, you could liken Jam to sex education. Password sharing abstinence has clearly failed. At least people should learn how to do it safely.
PROTIP: Feeling lonely? Go to your Netflix settings, click “Sign out of all devices,” and wait a few hours. Voilà! If you check your phone now, you’ll find you have several new texts from friends you haven’t spoken to in years. — John Backus (@backus) January 15, 2020