Apologies if this feels promotional - if you have any questions, I'd be happy to answer them. This is an area of web sec that we're, obviously, very dedicated to.
Hey all, this is a blog post that aims to simplify the findings from Egor Homakov in early December (http://homakov.blogspot.in/2014/12/the-no-captcha-problem.ht...). We've included a video (http://youtu.be/718EOIoWKAE) of a major exploit in action and chat about the implications of Mr. Homakov's findings. Hope you enjoy reading it as much as I enjoyed writing it. Any questions, fire away!
Shouldn't the brown-eyed people kill themselves on day 101? Or are they supposed to reason that they, and they alone might have some other coloured eyes.
Oh wow, I had no idea this happened! And it's actually true? This isn't the typical "we've cured this" then "loljk here's why we haven't cured this" news piece?
However, it's not like we couldn't cure hepatitis C before, we could, but just not very well.
The old regimen was interferon + ribavirin. You had to take it for months and months and the interferon makes you feel like you have the flu (it also put the patient at risk of depression and suicide). The cure rate was ~50%.
With the new drugs you don't need to get interferon injections anymore. You just pop one pill a day and 12 weeks later there is a 95%+ likelihood that you've been cured of HCV.
It's really amazing, as Hep C kills more Americans per year than HIV.
There's a bit of a dark side, though, in that this miraculous cure's creator was bid up to billions of dollars, and the cure is sold to American health insurance for ~$85k a course, which is out of reach for most people without health insurance.
Of course, if you limit the upside on the home runs, you may find yourself with fewer batters in the pharmaceutical industry. I'd personally prefer if governments directly funded research, or even better, offered X-prize style contests, rather than granting patents on drugs.
But none of that diminishes what a remarkable advance this is for millions of Americans.
Given the immense cost, but huge benefit, it will be interesting to see how it stands up to cold-hearted cost/benefit analysis. The decision as to whether it will be available on the NHS (i.e. at taxpayer expense) in the UK is due in January[1].
The British National Health Service can make that trade-off. Because the NHS covers the entire population, it knows that it will recoup the high up-front cost by avoiding other treatment later in the patient's life.
An American insurer would rather put you on the older treatment and make your life so miserable that you switch to another insurance company at the next open enrollment. It makes no sense in the aggregate, but it makes sense for any one insurer.
No insurer wants to have the most generous policy, because it will just attract Hepatitis C patients from other insurers, hitting them with the up-front costs. However, they would not get all the delayed savings, because the patients could switch to a different insurer after they were cured.
The only way to break the game-theory logjam is to force the drug to be covered nationwide. Then, all the insurers pay the up-front cost, and on average, all of them reap the savings.
An American insurer would rather put you on the older treatment and make your life so miserable that you switch to another insurance company at the next open enrollment. It makes no sense in the aggregate, but it makes sense for any one insurer.
The thing is, that's not happening at all. Nearly all US insurers are covering the new therapies. There are a couple that are holding out and only doing individual approvals.
You have to remember that private insurance competes on coverage, particularly for the insurance purchased by large employers.
Your comments about the NHS having a different viewpoint is correct. Since the NHS looks at total societal costs, they can reap the benefit of any immediate costs.
> The thing is, that's not happening at all. Nearly all US insurers are covering the new therapies. There are a couple that are holding out and only doing individual approvals.
So what are all the news articles about? A problem that is only hypothetical? The reporters don't seem to have a hard time finding cases of Hepatitis C patients who have been denied:
Then there's the fact that AbbVie and Merck are coming into the market soon with their own Hepatitis C drugs that also have 90% cure rates. It seems hard to believe that either of these companies will come in significantly below the price of Sovaldi, but that's what the insurance companies are hoping for.
Your take is correct, there are some insurers playing hard ball and saying "no" to patients. A few state Medicaid plans are the best example.
I should have be clearer as I was referring to private insurers. Yes, a few of them (Express Scripts is one) are saying no, initially, but appeals are getting approved.
I actually work in the HCV field and saw some data the other day that showed the vast majority of plans are reimbursing for Sovaldi. It was pretty surprising to me.
And yes, we'll have to see what Abbvie and Merck do. Rumor is they won't be competing on price although the insurance companies are hoping they do.
> Then there's the fact that AbbVie and Merck are coming into the market soon with their own Hepatitis C drugs that also have 90% cure rates. It seems hard to believe that either of these companies will come in significantly below the price of Sovaldi, but that's what the insurance companies are hoping for.
Why? If you apply game theory, one of the three will try to defect and undercut the other two.
> Why? If you apply game theory, one of the three will try to defect and undercut the other two.
Because they're playing a repeating game. AbbVie and Merck are big pharma companies. They don't particularly want to get into a price war.
It would be different if a small biotech firm were coming in. They might not get a second shot at it for a long time, so they are much more likely to undercut on price.
Also, three is a low number. Defection is more likely when the number of players goes up.
Of course, they're not going to come in dollar-for-dollar identical to the pricing of Sovaldi and Harvoni. However, the insurance companies seem to be hoping for some really sharp drops in price, which are less likely.
doing an X-prize style competition will probably cause a lot of "wastage" in resources spent by other contestents that _almost_ get the cure, but didn't make it. It will mean that only those who _know_ they have the cure (or it's within reach) would invest in it, and hence, won't get cures for diseases for which we don't know much about. I reckon better way is to have publically funded labs that do the lions share of research, budget split by how common the disease is.
How do you measure efficiency in research? If you use a commercial success metric - then drugs (or things in general) that aren't profitable because they target the most poor/vulnerable people don't get into consideration.
Not only that, but also a source of funds to pay x-prizes. Gilead will sell close to $10B worth of Sovaldi/Harvoni in 2014 alone. Probably close to $30-50B over their patent lifetime.
Considering most pharmaceutical companies have profit margins of ~30%, you'd need an x-prize of $10-$15B to equal their current "prize". The NIH total budget is under $40B.
If the choices offered to pharmaceutical companies are x prizes or the current patent regime, then sure, you need multi-billion dollar prizes. I'm not convinced patents are a good thing to continue to offer, in which case the option of the 30-50 billion dollar payday won't be available.
That would likely mean fewer baldness treatments, which I'm fine with. What's unclear is whether we'd get a more socially optimal investment level for DALY improvements. I tend to think we would.
The example I gave was a cure for hepatitis C, not a baldness treatment.
What you're suggesting is limiting the upside for investment. How do you think investors (the ones giving money to develop a drug) would react if you told them that the best they can do is a 2x return on their money when before they could get a 5-15x return?
Very low price means 2k/person for Egypt. It is immensely expensive for this country and not sustainable for the egyptian healthcare system.
But it's the same for developped countries. There is an inherent conflict of interest in producing a cure that heals a chronic disease. You only get the money once. So you'd better get as much as you can.
Solvadi could be paid for with monthly payments, say, 90% of the average price of conventional Hepatitis C treatment. Once the total payments add up to the price of Solvadi, they stop.
The patient gets cured right away. The healthcare system sees a 10% savings instead of a $90,000 bill. Gilead gets a smoothed-out income stream that helps to insulate it from the feast-or-famine cycle.
What's more, this places a built-in limit on the price of the drug. If Gilead sets the price too high, then the monthly payments never add up.
In a system where the patient could switch insurers, the monthly payments would have to be imposed on the new insurer. Otherwise, we're back to the US game-theory standoff.
People are looking at that already, believe it or not. Since it takes a number of years to see the benefit of curing HCV, it makes sense to spread the payments out.
The interesting thing is that Sovaldi is not more expensive than earlier therapies (last generation therapies were around $85K). The issue is that Sovaldi is so good that everyone wants to take it now, where before, very few patients were willing to put up with the old therapies.
As I live in Australia, to see a city like this in such a state is saddening. Of course, everyone has heard stories of Detroit's issues but to see them so starkly pictured is pretty confronting. What's the current economic state of Detroit? Is it still in decline or is there reason to be optimistic?
The city government is just beginning to emerge from bankruptcy, so there is some hope there. But they still have a chicken and egg problem: the city has to provide a reasonable level of services to attract businesses and their workers, but they need the tax base to provide those services. What the solution to that will end up being is anyone's guess.
And the double-problem is that given the pictures, they clearly have 5-10 times more streets, sewers, electric poles, to maintain than they would have with a compact city.
That is definitely a huge problem. If the city had money, I wonder if it would be efficient in some areas to try to buy out the remaining residents so that they could essentially "shut off" entire neigborhoods.
> so that they could essentially "shut off" entire neigborhoods.
Just to add to the complications: they'd almost have to–due to either social pressure or environmental pressure–demolish the streets/poles/etc as well, else they still pose a maintenance requirement and an eyesore.
That was my assumption. It appears Detroit could potentially be reliant on a wealthy entrepreneur to take a "leap of faith" or have a third party offer some sort of financial incentive to encourage businesses back. I'm not too well versed on US law but is the federal government able to help in this vein?
Detroit will recover due to its history as a hub. It is a cheap place to live that has direct flights to Europe, Asia, South America, and almost any city in the US.
Also, Detroit has plenty of wealth. It just all sits in the suburbs. The article even shows a mansion in Grosse Pointe and another with 23,000 square feet in West Bloomfield. These people are definitely executives at businesses in the Detroit area.
If anything these X box a month services pop up so frequently I'm surprised there is not a startup to help people make their own x box a month companies.
More seriously, automating the process of harvesting credit card numbers and signing them up for monthly billing, then taking a cut, is evil genius.
Even more seriously, the sex-trade people were way ahead on this, by happily offering canceling customers refund checks with mind-blowingly dirty names on them to discourage deposit.
Same here. It's like Ikea sending you a random box of do-it-yourself furniture every month. The "maker" mumbo-jumbo is about building things you actually want, not assembling stuff someone throws at you.
Interesting perspective on the changes! Our lead designer actually had similar concerns (can read them here: https://www.funcaptcha.co/2014/12/04/killing-the-captcha-wit...). You both look to be drawing the same conclusions. What are your thoughts on the metaphorical 'black box' being implemented into the new reCAPTCHA?
We were actually just discussing the "what if I trip their filter" concern at our morning meeting. Full disclosure: my company (as the username implies) builds FunCaptcha, a CAPTCHA alternative. Your concern, to us, is a very valid one and has been a driving force behind our own design and mentality. Our lead designer is (understandably) passionate about this so he actually wrote a few words on the blog that dives pretty deeply into the topic, if you're inclined: https://www.funcaptcha.co/2014/12/04/killing-the-captcha-wit....
Full disclosure: I'm from the team behind a leading CAPTCHA alternative and our concerns are two-fold -- privacy and vulnerabilities.
a) New reCAPTCHA relying on a 'black box' to verify users is of course, naturally concerning privacy wise.
b) the technology that has been implemented to cater to this black box has actually opened the door to more vulnerabilities.
Our Design Director explains the reasoning behind the concern regarding the 'black box' here: http://www.funcaptcha.co/2014/12/04/killing-the-captcha-with...
And I myself go into more detail about Egor Homakov's findings regarding the new vulnerabilities here: http://www.funcaptcha.co/2014/12/04/killing-the-captcha-with...
Apologies if this feels promotional - if you have any questions, I'd be happy to answer them. This is an area of web sec that we're, obviously, very dedicated to.