Le immagini pubblicate dalla Yale University documentano massacri di massa nella città sudanese di El-Fasher, conquistata dalle Forze di Supporto Rapido (RSF) domenica scorsa al termine di un assedio durato oltre 18 mesi. Pozze di sangue e cumuli di corpi testimoniano l’avvio di un processo sistematico e intenzionale di pulizia etnica delle comunità non arabe.

“Le azioni delle RSF documentate in questo rapporto potrebbero configurare crimini di guerra e crimini contro l’umanità e potrebbero raggiungere il livello di genocidio”, si legge.

Quella che sconvolge il Sudan dall’aprile 2023 non è però una guerra dimenticata. È diventata la più grave catastrofe umanitaria mondiale, con oltre 30 milioni di persone bisognose di assistenza e civili trasformati in bersagli di una violenza indiscriminata.

Oggi si assiste a una nuova escalation genocidiaria. Le condizioni che rendono possibili tragedie come l’eccidio di El-Fasher non sorgono dunque per caso. Sono il risultato del ridimensionamento incessante della diplomazia e della cooperazione internazionale, del cinismo di fronte a gravi violazioni dei diritti umani e del diritto umanitario, e della costante anteposizione del profitto dei mercanti di armi alla costruzione della pace. Da chi, insomma, si trincera dietro il principio per cui il diritto internazionale valga fino ad un certo punto.

Invece, la sicurezza e la pace si costruiscono guardando nella direzione opposta, quella dei diritti fondamentali. Prima di tutto.

L'articolo Sudan: il satellite racconta ciò che il mondo ignora proviene da Possibile.

When Microsoft decided they wanted to get into the game console market, they were faced with a problem. Everyone knew them as a company that developed computer software, and there was a concern that consumers wouldn’t understand that their new Xbox console was a separate product from their software division. To make sure they got the message though, Microsoft decided to show off a prototype that nobody could mistake for a desktop computer.

The giant gleaming X that shared the stage with Bill Gates and Seamus Blackley at the 2000 Game Developers Conference became the stuff of legend. We now know the machine wasn’t actually a working Xbox, but at the time, it generated enormous buzz. But could it have been a functional console? That’s what [Tito] of Macho Nacho Productions wanted to find out — and the results are nothing short of spectacular.

The key to this project is the enclosure itself, but this is no simple project box we’re talking about here. Milled from a solid block of aluminum, the original prototype’s shell reportedly cost Microsoft $18,000 to have produced, which would be around $36,000 when adjusted for inflation. Luckily, the state of the art has moved forward a bit in the intervening two decades. So after working with [Wesk] to create a 3D model from reference images (including some that [Tito] took himself of one of the surviving prototypes on display in New York), the design was sent away to PCBWay for production. It still cost the better part of $6 K to be produced, but that’s a hell of a savings compared to the original. Though [Tito] still had to polish the aluminum himself to recreate the original’s mirror-like shine.

To say the rest of the project was “easy” would be something of an understatement, but it was at least more familiar territory. Unlike the original prototype, this machine would actually play Xbox games, to [Tito] focused on cramming the original era-appropriate hardware (plus a few modern homebrew tweaks, such as HDMI-out) into the hollow X using a clever system of integrated rails and 3D printed mounts.

Some of the original parts, like the power supply, were simply too large to use. That’s where [Redherring32] came in. He designed a custom USB-C power supply that could satisfy the original console’s energy needs in a much smaller footprint. There’s also a modern SSD in place of the 8 GB of spinning rust that the console shipped with back in 2001. But overall, it’s still real Xbox hardware — no emulation or other funny tricks here.

At this point, the team had already exceeded what Microsoft pulled off in 2000, but they weren’t done yet. Wanting to really set this project apart, [Tito] decided to replace the center jewel with something a bit more modern. The original was little more than a backlit piece of plastic, but on this build it’s a circular LCD driven by a Raspberry Pi Pico, capable of showing a number of custom full-motion animations thanks to the efforts of [StuckPixel].

The end result of this team effort is a machine that’s not only better looking than Microsoft’s original, but also more functional. It’s a project that’s destined for a more than just sitting on a shelf collecting dust, so we’re happy to hear that [Tito] plans on taking it on a tour of different gaming events to give the public a chance to see it in person. He’s even had a custom crate made so he can transport it around in style and safety.

youtube.com/embed/0OMP8JvGWNY?…

hackaday.com/2025/10/30/iconic…

Force feedback joysticks are prized for creating a more realistic experience when used with software like flight sims. Sadly, you can’t say the same thing about using them with mech games, because mechs aren’t real. In any case, [zeroshot] whipped up their own stick from scratch for that added dose of realistic feedback in-game.

[zeroshot] designed a simple gimbal to allow the stick to move in two axes, relying primarily on 3D-printed components combined with a smattering of off-the-shelf bearings. For force feedback, an Arduino Micro uses via TMC2208 stepper drivers to control a pair of stepper motors, which can apply force to the stick in each axis via belt-driven pulleys. Meanwhile, the joystick’s position on each axis is tracked via magnetic encoders. The Arduino feeds this data to an attached computer by acting as a USB HID device.

We’ve seen some other great advanced joystick projects over years, too. Never underestimate how much a little haptic feedback can add to immersion.

youtube.com/embed/YdNP5jIJ0dU?…

hackaday.com/2025/10/30/build-…

Has anyone noticed that news stories have gotten shorter and pithier over the past few decades, sometimes seeming like summaries of what you used to peruse? In spite of that, huge numbers of people are relying on large language model (LLM) “AI” tools to get their news in the form of summaries. According to a study by the BBC and European Broadcasting Union, 47% of people find news summaries helpful. Over a third of Britons say they trust LLM summaries, and they probably ought not to, according to the beeb and co.

It’s a problem we’ve discussed before: as OpenAI researchers themselves admit, hallucinations are unavoidable. This more recent BBC-led study took a microscope to LLM summaries in particular, to find out how often and how badly they were tainted by hallucination.

Not all of those errors were considered a big deal, but in 20% of cases (on average) there were “major issues”–though that’s more-or-less independent of which model was being used. If there’s good news here, it’s that those numbers are better than they were when the beeb last performed this exercise earlier in the year. The whole report is worth reading if you’re a toaster-lover interested in the state of the art. (Especially if you want to see if this human-produced summary works better than an LLM-derived one.) If you’re a luddite, by contrast, you can rest easy that your instincts not to trust clanks remains reasonable… for now.

Either way, for the moment, it might be best to restrict the LLM to game dialog, and leave the news to totally-trustworthy humans who never err.

hackaday.com/2025/10/30/why-yo…

If you haven’t lived underneath a rock for the past decade or so, you will have seen a lot of arguing in the media by prominent figures and their respective fanbases about what the right sensor package is for autonomous vehicles, or ‘self-driving cars’ in popular parlance. As the task here is to effectively replicate what is achieved by the human Mark 1 eyeball and associated processing hardware in the evolutionary layers of patched-together wetware (‘human brain’), it might seem tempting to think that a bunch of modern RGB cameras and a zippy computer system could do the same vision task quite easily.

This is where reality throws a couple of curveballs. Although RGB cameras lack the evolutionary glitches like an inverted image sensor and a big dead spot where the optical nerve punches through said sensor layer, it turns out that the preprocessing performed in the retina, the processing in the visual cortex and analysis in the rest of the brain is really quite good at detecting objects, no doubt helped by millions of years of only those who managed to not get eaten by predators procreating in significant numbers.

Hence the solution of sticking something like a Lidar scanner on a car makes a lot of sense. Not only does this provide advanced details on one’s surroundings, but also isn’t bothered by rain and fog the way an RGB camera is. Having more and better quality information makes subsequent processing easier and more effective, or so it would seem.

Computer Vision Things

A Waymo Jaguar I-Pace car in San Francisco. (Credit: Dllu, Wikimedia)
Giving machines the ability to see and recognize objects has been a dream for many decades, and the subject of nearly an infinite number of science-fiction works. For us humans this ability is developed over the course of our development from a newborn with a still developing visual cortex, to a young adult who by then has hopefully learned how to identify objects in their environment, including details like which objects are edible and which are not.

As it turns out, just the first part of that challenge is pretty hard, with interpreting a scene as captured by a camera subject to many possible algorithms that seek to extract edges, infer connections based on various hints as well as the distance to said object and whether it’s moving or not. All just to answer the basic question of which objects exist in a scene, and what they are currently doing.

Approaches to object detection can be subdivided into conventional and neural network approaches, with methods employing convolutional neural networks (CNNs) being the most prevalent these days. These CNNs are typically trained with a dataset that is relevant to the objects that will be encountered, such as while navigating in traffic. This is what is used for autonomous cars today by companies like Waymo and Tesla, and is why they need to have both access to a large dataset of traffic videos to train with, as well as a large collection of employees who watch said videos in order to tag as many objects as possible. Once tagged and bundled, these videos then become CNN training data sets.

This raises the question of how accurate this approach is. With purely RGB camera images as input, the answer appears to be ‘sorta’. Although only considered to be a Class 2 autonomous system according to the SAE’s 0-5 rating system, Tesla vehicles with the Autopilot system installed failed to recognize hazards on multiple occasions, including the side of a white truck in 2016, a concrete barrier between a highway and an offramp in 2018, running a red light and rear-ending a fire truck in 2019.

This pattern continues year after year, with the Autopilot system failing to recognize hazards and engaging the brakes, including in so-called ‘Full-Self Driving’ (FSD) mode. In April of 2024, a motorcyclist was run over by a Tesla in FSD mode when the system failed to stop, but instead accelerated. This made it the second fatality involving FSD mode, with the mode now being called ‘FSD Supervised’.

Compared to the considerably less crash-prone Level 4 Waymo cars with their hard to miss sensor packages strapped to the car, one could conceivably make the case that perhaps just a couple of RGB cameras is not enough for reliable object detection, and that quite possibly blending of sensors is a more reliable method for object detection.

Which is not to say that Waymo cars are perfect, of course. In 2024 one Waymo car managed to hit a utility pole at low speeds during a pullover maneuver, when the car’s firmware incorrectly assessed its response to a situation where a ‘pole-like object’ was present, but without a hard edge between said pole and the road.

This gets us to the second issue with self-driving cars: taking the right decision when confronted with a new situation.

Acting On Perception

The Tesla Hardware 4 mainboard with its redundant custom SoCs. (Source: Autopilotreview.com)
Once you know what objects are in a scene, and merge this with the known state of the vehicle and, the next step for an autonomous vehicle is to decide what to do with this information. Although the tempting answer might be to also use ‘something with neural networks’ here, this has turned out to be a non-viable method. Back in 2018 Waymo created a recursive neural network (RNN) called ChauffeurNet which was trained on both real-life and synthetic driving data to have it effectively imitate human drivers.

The conclusion of this experiment was that while deep learning has a place here, you need to lean mostly on a solid body of rules that provides it with explicit reasoning that copes better with what is called the ‘long tail’ of possible situations, as you cannot put every conceivable situation in a data set.

This thus again turns out to be a place where human input and intelligence are required, as while an RNN or similar can be trained on an impressive data set, it will never be able to learn the reasons for why a decision was made in a training video, nor provide its own reasoning and make reasonable adaptations when faced with a new situation. This is where human experts have to define explicit rules, taking into account the known facts about the current surroundings and state of the vehicle.

Here is where having details like explicit distance information to an obstacle, its relative speed and dimensions, as well as room to divert to prevent a crash are not just nice to have. Adding sensors like radar and Lidar can provide solid data that an RGB camera plus CNN may also provide if you’re lucky, but also maybe not quite. When you’re talking about highway speeds and potentially the lives of multiple people at risk, certainty always wins out.

Tesla Hardware And Sneaky Radars

Arbe Phoenix radar module installed in a Tesla car as part of the Hardware 4 Autopilot hardware. (Credit: @greentheonly, Twitter)
One of the poorly kept secrets about Tesla’s Autopilot system is that it’s had a front-facing radar sensor for most of the time. Starting with Hardware 1 (HW1), it featured a single front-facing camera behind the top of the windshield and a radar behind the lower grille, in addition to 12 ultrasonic sensors around the vehicle.

Notable is that Tesla did not initially use the radar in a primary object detection role here, meaning that object detection and emergency stop functionality was performed using the RGB cameras. This changed after the RGB camera system failed to notice a white trailer against a bright sky, resulting in a spectacular crash. The subsequent firmware update gave the radar system the same role as the camera system, which likely would have prevented that particular crash.

HW1 used Mobileye’s EyeQ3, but after Mobileye cut ties with Tesla, NVidia’s Drive PX 2 was used instead for HW2. This upped the number of cameras to eight, providing a surround view of the car’s surroundings, with a similar forward-facing radar. After an intermedia HW2.5 revision, HW3 was the first to use a custom processor, featuring twelve Arm Cortex-A72 cores clocked at 2.6 GHz.

HW3 initially also had a radar sensor, but in 2021 this was eliminated with the ‘Tesla Vision’ system, which resulted in a significant uptick in crashes. In 2022 it was announced that the ultrasonic sensors for short-range object detection would be removed as well.

Then in January of 2023 HW4 started shipping, with even more impressive computing specs and 5 MP cameras instead of the previous 1.2 MP ones. This revision also reintroduced the forward-facing radar, apparently the Arbe Phoenix radar with a 300 meter range, but not in the Model Y. This indicates that RGB camera-only perception is still the primary mode for Tesla cars.

Answering The Question

At this point we can say with a high degree of certainty that by just using RGB cameras it is exceedingly hard to reliably stop a vehicle from smashing into objects, for the simple reason that you are reducing the amount of reliable data that goes into your decision-making software. While the object-detecting CNN may give a 29% possibility of an object being right up ahead, the radar or Lidar will have told you that a big, rather solid-looking object is lying on the road. Your own eyes would have told you that it’s a large piece of concrete that fell off a truck in front of you.

This then mostly leaves the question of whether the front-facing radar that’s present in at least some Tesla cars is about as good as the Lidar contraption that’s used by other car manufacturers like Volvo, as well as the roof-sized version by Waymo. After all, both work according to roughly the same basic principles.

That said, Lidar is superior when it comes to aspects like accuracy, as radar uses longer wavelengths. At the same time a radar system isn’t bothered as much by weather conditions, while generally being cheaper. For Waymo the choice for Lidar over radar comes down to this improved detail, as they can create a detailed 3D image of the surroundings, down to the direction that a pedestrian is facing, and hand signals by cyclists.

Thus the shortest possible answer is that yes, Lidar is absolutely the best option, while radar is a pretty good option to at least not drive into that semitrailer and/or pedestrian. Assuming your firmware is properly configured to act on said object detection, natch.

hackaday.com/2025/10/30/self-d…

Da agosto 2024, la campagna PhantomRaven ha caricato 126 pacchetti dannosi su npm, che sono stati scaricati complessivamente oltre 86.000 volte. La campagna è stata scoperta da Koi Security, che ha riferito che gli attacchi sono stati abilitati da una funzionalità poco nota di npm che gli consente di aggirare la protezione e il rilevamento.

Si sottolinea che al momento della pubblicazione del rapporto erano ancora attivi circa 80 pacchetti dannosi. Gli esperti spiegano che gli aggressori sfruttano il meccanismo Remote Dynamic Dependencies (RDD).

In genere, uno sviluppatore vede tutte le dipendenze di un pacchetto in fase di installazione, scaricate dall’infrastruttura NPM attendibile. Tuttavia, RDD consente ai pacchetti di estrarre automaticamente il codice da URL esterni, anche tramite un canale HTTP non crittografato. Nel frattempo, il manifest del pacchetto non mostra alcuna dipendenza.

Quando uno sviluppatore esegue npm install, il pacchetto dannoso scarica silenziosamente un payload da un server controllato dagli aggressori e lo esegue immediatamente. Non è richiesta alcuna interazione da parte dell’utente e gli strumenti di analisi statica rimangono inconsapevoli dell’attività.

“PhantomRaven dimostra quanto possano essere sofisticati gli aggressori quando sfruttano i punti ciechi delle soluzioni di sicurezza tradizionali. Le dipendenze dinamiche remote sono semplicemente invisibili all’analisi statica”, affermano i ricercatori.

Si noti che il malware viene scaricato dal server ogni volta che il pacchetto viene installato, anziché essere memorizzato nella cache.

Questo apre le porte ad attacchi mirati: gli aggressori possono controllare l’indirizzo IP della richiesta e inviare codice innocuo ai ricercatori di sicurezza, distribuire codice dannoso per le reti aziendali e distribuire payload specializzati per gli ambienti cloud.

Una volta infettato, il malware raccoglie attentamente informazioni sul sistema della vittima:

• variabili di ambiente con configurazioni dei sistemi interni dello sviluppatore;
• token e credenziali per npm, GitHub Actions, GitLab, Jenkins e CircleCI;
• l’intero ambiente CI/CD attraverso il quale passano le modifiche al codice apportate da diversi sviluppatori.

I token rubati possono essere utilizzati per attaccare le supply chain e iniettare codice dannoso in progetti legittimi. Il furto di dati è organizzato in modo ridondante, utilizzando tre metodi: HTTP GET con dati nell’URL, HTTP POST con JSON e connessioni WebSocket.

Gli esperti scrivono che molti pacchetti dannosi sono mascherati da strumenti GitLab e Apache.

Lo slopsquatting, ovvero lo sfruttamento delle allucinazioni dell’intelligenza artificiale, gioca un ruolo speciale in questa campagna. Gli sviluppatori chiedono spesso agli assistenti LLM quali pacchetti siano più adatti a un particolare progetto. I modelli di intelligenza artificiale spesso inventano nomi inesistenti ma plausibili. Gli operatori PhantomRaven tracciano queste allucinazioni e registrano i pacchetti con questi nomi. Le vittime alla fine installano il malware da sole, seguendo le raccomandazioni di LLM.

Gli sviluppatori di LLM non comprendono ancora le cause esatte di queste allucinazioni e non sono in grado di creare modelli che le prevengano, ed è proprio questo che gli aggressori stanno sfruttando. I ricercatori ricordano di non affidarsi a LLM nella scelta delle dipendenze e di controllare attentamente i nomi dei pacchetti e le loro fonti, installando solo pacchetti provenienti da fornitori affidabili.

L'articolo 100 pacchetti di Infostealer caricati su NPM sfruttando le allucinazioni delle AI proviene da Red Hot Cyber.

I ricercatori di Varonis hanno scoperto la piattaforma MaaS (malware-as-a-service) Atroposia. Per 200 dollari al mese, i suoi clienti ricevono un Trojan di accesso remoto con funzionalità estese, tra cui desktop remoto, gestione del file system, furto di informazioni, credenziali, contenuto degli appunti, wallet di criptovalute, dirottamento DNS e uno scanner integrato per le vulnerabilità locali.

Secondo gli analisti, Atroposia ha un’architettura modulare. Il malware comunica con i server di comando e controllo tramite canali crittografati ed è in grado di bypassare il Controllo Account Utente (UAC) per aumentare i privilegi in Windows.

Una volta infettato, fornisce un accesso persistente e non rilevabile al sistema della vittima. I moduli chiave di Atroposia sono:

HRDP Connect avvia una sessione di desktop remoto nascosta in background, consentendo agli aggressori di aprire applicazioni, leggere documenti ed e-mail e, in generale, interagire con il sistema senza alcun segno visibile di attività dannosa. I ricercatori sottolineano che gli strumenti standard di monitoraggio dell’accesso remoto potrebbero “non rilevare” questa attività.

Il file manager funziona come un familiare Esplora risorse di Windows: gli aggressori possono visualizzare, copiare, eliminare ed eseguire i file. Il componente grabber cerca i dati per estensione o parola chiave, li comprime in archivi ZIP protetti da password e li invia al server di comando e controllo utilizzando metodi in-memory, riducendo al minimo le tracce dell’attacco sul sistema.

Stealer raccoglie dati di accesso salvati, dati del portafoglio di criptovalute e file di chat. Il gestore degli appunti intercetta tutto ciò che l’utente copia (password, chiavi API, indirizzi del portafoglio) in tempo reale e lo conserva per gli aggressori.

Il modulo di spoofing DNS sostituisce i domini con gli indirizzi IP degli aggressori a livello di host, reindirizzando silenziosamente le vittime verso server controllati dagli hacker. Questo apre le porte a phishing, attacchi MitM, falsi aggiornamenti, iniezione di adware o malware e furto di dati tramite query DNS.

Lo scanner di vulnerabilità integrato analizza il sistema della vittima alla ricerca di vulnerabilità non corrette, impostazioni non sicure e software obsoleto. I risultati vengono inviati agli operatori di malware sotto forma di punteggio, che gli aggressori possono utilizzare per pianificare ulteriori attacchi.

I ricercatori avvertono che questo modulo è particolarmente pericoloso negli ambienti aziendali: il malware potrebbe rilevare un client VPN obsoleto o una vulnerabilità di escalation dei privilegi, che può quindi essere sfruttata per ottenere informazioni più approfondite sull’infrastruttura della vittima. Inoltre, lo scanner analizza i sistemi vulnerabili nelle vicinanze per rilevare eventuali movimenti laterali.

Varonis osserva che Atroposia prosegue la tendenza verso la democratizzazione del crimine informatico.

Insieme ad altre piattaforme MaaS (come SpamGPT e MatrixPDF), riduce la barriera tecnica all’ingresso, consentendo anche ad aggressori poco qualificati di condurre efficaci “attacchi in abbonamento”.

L'articolo Atroposia: la piattaforma MaaS che fornisce un Trojan munito di scanner delle vulnerabilità proviene da Red Hot Cyber.

When Wired published the contents of 911 calls coming from inside Immigration and Customs Enforcement detention centers, revealing shocking reports of overcrowding and sexual assault, the story wasn’t just harrowing. It was also freely available to anyone who wanted to read it.

And when 404 Media reported that law enforcement agents were tapping into a nationwide network of license plate readers — including one Texas officer who used the system to track a woman who’d self-administered an abortion — it made sure the news story and every record it was based on were unpaywalled.

Wired and 404 Media are two of the news organizations leading the way in removing paywalls for public records-based reporting. Recently, Freedom of the Press Foundation (FPF) sat down with Katie Drummond, global editorial director of Wired and an FPF board member; Joseph Cox, co-founder of 404 Media; and FPF’s Lauren Harper to discuss why reporting based on public records should be free.

Drummond, Cox, and Harper described how unpaywalling reporting based on records obtained through the Freedom of Information Act or other public records laws not only serves democracy but also strengthens journalism itself.

youtube.com/embed/Chj__TSiC_U?…

‘A very valuable public service’

For both Wired and 404 Media, the reasons for removing paywalls for public records-based reporting are self-evident.

“It’s a very valuable public service to make people aware of what tools and tactics are being deployed to monitor and surveil people,” said Drummond, speaking about some of Wired’s public records reporting. “They should know what’s sort of happening that they may not be aware of, and to be able, again, to make that available to our audience without a paywall is important.”

Similarly, Cox described how reporting based on public records can lead to real-world reforms, especially when it’s widely available to the public and lawmakers. For instance, 404 Media’s reporting on Flock Safety, the license plate reader company, didn’t just expose surveillance abuses. It also caused Flock to make “radical changes to its product” and triggered congressional investigations, Cox said.

Additionally, by making the reporting and records about Flock freely available, 404 Media helped other journalists. The free access “created this sort of wave of local media coverage where now local journalists are doing basically the same public records request, but for their own communities or towns or cities,” Cox said.

Free access to public records-based reporting at 404 Media “created this sort of wave of local media coverage where now local journalists are doing basically the same public records request, but for their own communities or towns or cities.”

Joseph Cox, co-founder of 404 Media

Flagging new sources for future reporting

Free access to public records-based reporting also builds trust and relationships with readers and sources.

“There’s just something about being able to have a government document,” Cox said. “It’s real. You got it from the government through a FOIA request, or a lawsuit, or whatever, and you can then show that to readers. We don’t want to get in the way of that.”

Making this reporting and the records it’s based on free can also draw the attention of important sources for future reporting. Cox described how his reporting based on FOIA requests sends a signal to readers and sources that he’s interested in particular companies or topics.

Sources reading the free articles realize, Cox said, “‘Oh, this journalist is interested in Flock, in Palantir, or whatever it might be.’ And then, lo and behold, because we make it so easy for potential sources to reach us securely, on Signal or through other methods, we’ll probably end up getting a leak from one of those companies as well.”

Harper, who often writes about her FOIA requests for FPF, shared how publishing FOIA work openly can attract new sources and deepen reporting. “The more obvious I make my FOIA work, the more feedback I get from folks” about what to file future FOIA requests for, she explained.

That kind of transparency fuels better journalism, she said. “It is a virtuous cycle. The more we talk about and advertise FOIA, the better our FOIA requests become as a result.”

The economics of openness

Yet, the public records reporting that Wired and 404 Media have made freely available isn’t free to produce. Both news outlets rely on subscriptions and paywalls to fund their journalism.

As Drummond explained, “The FOIA process can often be labor-intensive, resource-intensive, time-consuming — all of the things that would increase your incentive to put a paywall up on that work,” she said.

But both Wired and 404 Media have found that removing paywalls for public records-based reporting is actually the better decision, financially.

“We made a calculated bet that our audience would show up for us when we did this,” Drummond said. “That bet paid off above and beyond what I could have possibly imagined.”

“That bet paid off above and beyond what I could have possibly imagined.”

Katie Drummond, global editorial director of Wired

After Wired announced it would unpaywall its public records-based stories, Drummond said it saw a “huge increase in subscribers” and received “hundreds of emails from people thanking us for doing it.” Far from hurting the bottom line, she said, “It has been additive to the business rather than taking anything away, from a financial point of view.”

For Cox, the same principle holds true: Transparency drives reader trust, and trust drives support. Every FOIA-based story on 404 Media’s website includes a short note explaining that it’s free but inviting readers to support the outlet’s work through a subscription or one-time donation.

“Look, we’re trying to run a business,” Cox said. “But we’re in it for the journalism. That’s literally why we wake up every single morning, to go write articles and put them on the internet.” He added, “And it does pay off, I think, journalistically, ethically, and businesswise as well.”

‘It’s very hard for me to think of a compelling reason not to do this’

If public records laws like FOIA are tools for public accountability, then journalism that relies on them should be public too. Simply put, “Public records belong to the public,” as Harper said. In a moment when the public’s access to government information is being increasingly curtailed, Wired and 404 Media are proving that openness isn’t just ethical — it’s effective.

Other news outlets should follow their lead. “It is of tremendous value for your audience,” said Drummond. “It’s very hard for me to think of a compelling reason not to do this.”

Cox echoed the sentiment: “There’s a public interest in getting those documents in front of more people. And there is, maybe counterintuitively, but there definitely is, a business benefit to it as well.”

freedom.press/issues/wired-and…