We talked to people living in the building whose views are being blocked by Tesla's massive four-story screen.
We talked to people living in the building whose views are being blocked by Teslax27;s massive four-story screen.#News #Tesla
Living Next To Tesla Diner Is 'Absolute Hell,' Neighbors Say
We talked to people living in the building whose views are being blocked by Tesla's massive four-story screen.Rosie Thomas (404 Media)
The Sig Sauer P320 has a reputation for firing without pulling the trigger. The manufacturer says that's impossible, but the firearms community is showing the truth is more complicated.
The Sig Sauer P320 has a reputation for firing without pulling the trigger. The manufacturer says thatx27;s impossible, but the firearms community is showing the truth is more complicated.#News
Gun Nerds Dismantle Infamous Pistol to Research If It Fires at Random
The Sig Sauer P320 has a reputation for firing without pulling the trigger. The manufacturer says that's impossible, but the firearms community is showing the truth is more complicated.Matthew Gault (404 Media)
This Company Wants to Bring End-to-End Encrypted Messages to Bluesky’s AT Protocol
Germ says it is the “first secure messaging service on the ATProtocol!”Joseph Cox (404 Media)
The wiping commands probably wouldn't have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.
The wiping commands probably wouldnx27;t have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.#News #Hacking
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
The wiping commands probably wouldn't have worked, but a hacker who says they wanted to expose Amazon’s AI “security theater” was able to add code to Amazon’s popular ‘Q’ AI assistant for VS Code, which Amazon then pushed out to users.Joseph Cox (404 Media)
The Tesla Diner has two gigantic screens, a robot that serves popcorn, and owners hope it will be free from people who don't like Tesla.
The Tesla Diner has two gigantic screens, a robot that serves popcorn, and owners hope it will be free from people who donx27;t like Tesla.#News #Tesla
'It's Not a Political Statement': Checking in With Tesla Superfans at Elon Musk's New Diner
The Tesla Diner has two gigantic screens, a robot that serves popcorn, and owners hope it will be free from people who don't like Tesla.Rosie Thomas (404 Media)
Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to to divorce lawyers and other industries.#News #OSINT
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
When your laptop is infected with infostealing malware, it’s not just hackers that might get your passwords, billing and email addresses, and a list of sites or services you’ve created accounts on, potentially including some embarrassing ones. A private intelligence company run by a young founder is now taking that hacked data from what it says are more than 50 million computers, and reselling it for profit to a wide range of different industries, including debt collectors; couples in divorce proceedings; and even companies looking to poach their rivals’ customers. Essentially, the company is presenting itself as a legitimate, legal business, but is selling the same sort of data that was previously typically sold by anonymous criminals on shady forums or underground channels.Multiple experts 404 Media spoke to called the practice deeply unethical, and in some cases the use of that data probably illegal. The company is also selling access to a subset of the data to anyone for as little as $50, and 404 Media used it to uncover unsuspecting victims’ addresses.
The activities of the company, called Farnsworth Intelligence, show a dramatic shift in the bevvy of companies that collect and sell access to so-called open source intelligence, or OSINT. Historically, OSINT has included things like public social media profiles or flight data. Now, companies increasingly see data extracted from peoples’ personal or corporate machines and then posted online as fair game not just to use in their own investigations, but to repackage and sell too.
“To put it plainly this company is profiting off of selling stolen data, re-victimizing people who have already had their personal devices compromised and their data stolen,” Cooper Quintin, senior public interest technologist at the Electronic Frontier Foundation (EFF), told 404 Media. “This data will likely be used to further harm people by police using it for surveillance without a warrant, stalkers using it to gather information on their targets, high level scams, and other damaging motives.”
💡
Do you know anything else about people selling data to debt collectors or these other industries? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.Infostealers are pieces of malware, often stealthily bundled in a piece of pirated software, that steal a victim’s cookies, login credentials, and often more information stored in their browser too. On its website, Farnsworth lays out several potential uses for that stolen data. This includes “skip tacing,” presumably a typo of skip tracing, which is where a private individual or company tracks someone down who owes a debt. The website says users can “find debtors up-to-date addresses.” Another use case is to “Find high impact evidence that can make/break the case of million dollar lawsuits, high value divorce cases, etc.” A third is to “generate lead lists of customers/users from competitors [sic] companies,” because the data could show which competing products they have login credentials for, and, presumably, use.
Calli Schroeder, senior counsel at the Electronic Privacy Information Center (EPIC), told 404 Media that the use cases Farnsworth offers are “not only morally questionable [...] but may not be legal or usable in some cases.” For the litigation one, courts are split on using stolen information as evidence in legal proceedings. When hackers targeted the dating site Ashley Madison, for example, a judge ruled that despite the data being publicly published it was still confidential and stolen and couldn’t be used. Most judges will not allow illegally obtained evidence in divorce proceedings either, Schroeder said.
Then for using the data to build a list of customers of competitors, Schroeder said that “may very well fall under corporate espionage and trade secrets violations, depending on what information is taken.”
“This is so gross and predatory. They are facilitating and enabling further exploitation of victims of a crime and bragging about how multiple criminal acts make their business better. Moral bankruptcy is common in this industry, but I rarely see a company so proud of it,” Schroeder added.
playlist.megaphone.fm?p=TBIEA2…
Farnsworth did not respond to multiple requests for comment. Aidan Raney, the company’s 23 year-old founder, did not respond to multiple Signal messages sent to an account he has previously used to communicate with 404 Media.Farnsworth offers two infostealer related products. The first is Farnsworth’s “Infostealer Data Platform,” which lists those above use cases. This can display hacking victims’ full text passwords, and requires potential users to contact Farnsworth for access. The company asks applicants to explain their use case, and can include “private investigations, intelligence, journalism, law enforcement, cyber security, compliance, IP/brand protection,” and several others, according to its website.
The second product is infostealers.info, a publicly available service that requires no due diligence to enter. It only asks for a minimum of $50 to search through the results. These don’t include victims’ full passwords, but the platform still includes a wide range of sensitive information. Recently infostealers.info introduced the ability to search for data stored in a hacking victim’s autofill. That is, data stored in the browser for convenience that can automatically populate when filling out a form, such as a billing address. Using this tool, 404 Media was able to extract multiple peoples’ billing addresses. One was in Staten Island, New York, which appeared to be someone’s private residence. Another address was in India.
Inside the Massive Crime Industry That is Hacking Billion Dollar Companies
When you download that piece of pirated software, you might be also getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that is fueling some of the biggest breaches on the planet.404 MediaJoseph Cox
In other words, these people had been hacked, and now anyone with $50 was able to search through data stolen from their computer.“This should also be an example of how once your data is lost in a breach you can't control what will happen to it. It can be used by law enforcement, stalkers, scammers, advertisers, or anyone with access to it. It's a stark reminder of why digital security is important even if you think you have nothing to hide,” Quintin from the EFF added.
Hackers running infostealer operations often create Telegram channels where they upload personal data their malware has stolen. Other criminals can then pay to access this stolen data. The administrator of one prolific infostealer campaign previously told 404 Media “this brings us good income, but I am not ready to disclose specific amounts.” Infostealers operators often then publish stolen credentials on Telegram for free, likely as a way to advertise their paid offerings. Farnsworth did not respond when asked if it is buying this stolen data from hackers to then put into its product.
Cybersecurity researchers have used infostealer data to unmask criminals. Hudson Rock, another company that sells infostealer-related services, used it to uncover information on two alleged fraudsters on the FBI’s Most Wanted List. Last year cybersecurity firm RecordedFuture said it found 3,334 unique credentials used to access child abuse imagery websites. It says it used that data to identify two individuals. In a LinkedIn post on Tuesday, Raney said the company has explored its own dataset in a similar way.
But those are different use cases to selling infostealer data on the open market or for potentially illegal use cases.
Quintin said “It would be illegal and unethical to sell stolen cell phones even if you didn't steal them yourself, and I don't see how this is any different.”
Infostealer data can unmask Tor users and attribute the users/admins of CSAM distribution forums...
Infostealer data can unmask Tor users and attribute the users/admins of CSAM distribution forums... After exploring our infostealer data at Farnsworth Intelligence we learned that the users and admins of countless dark web forums, such as those dist…Aidan Raney (www.linkedin.com)
Sweden's Moderate party allowed users to make the PM hold a sign bearing any name they wanted. You know what happened next.
Swedenx27;s Moderate party allowed users to make the PM hold a sign bearing any name they wanted. You know what happened next.#News
Swedish Prime Minister Pulls AI Campaign Tool After It Was Used to Ask Hitler for Support
Sweden's Moderate party allowed users to make the PM hold a sign bearing any name they wanted. You know what happened next.Matthew Gault (404 Media)
More than $160 million in crypto is riding on the definition of 'suit.'
More than $160 million in crypto is riding on the definition of x27;suit.x27;#News
Polymarket Gamblers Go to War Over Whether Zelenskyy Wore a Suit
Polymarket, an online betting marketplace that bills itself as the future of news, can’t decide whether or not Ukrainian president Volodomyr Zelenskyy wore a suit during a recent appearance in Europe. The gambling site is set to make a final judgement about the question in a few hours and more than $160 million in crypto is riding on it.Polymarket is a gambling website where users predict the outcome of binary events. It gained prominence in the runup to the 2024 election, signed an exclusivity deal with X in June, and sees itself not just as an online betting parlor, but as an arbiter of truth. Its founder, Shayne Coplan, thinks that the future of media belongs to a website made for degenerate gamblers to make silly bets.
playlist.megaphone.fm?p=TBIEA2…
And yet this arbiter of truth had trouble figuring out if Zelenskyy wore a suit at the end of June during a NATO summit. The bet, started on May 22, is simple: “Will Zelenskyy wear a suit before July?” The answer, it turns out, is pretty hard. When Zelenskyy showed up at a NATO summit wearing a tailored jacket and a button up shirt, a stark contrast to his more casual military style garb, a community-run Polymarket account posted, “President Zelenskyy in a suit last night.”President Zelenskyy in a suit last night pic.twitter.com/Uo3Rhuzkq1
— Polymarket Intel (@PolymarketIntel) June 25, 2025
But people who bet “no” cried foul, complaining that he wasn’t actually wearing a suit on social media and in Polymarket hosted chat rooms. Zelenskyy’s “suit” was an all black get-up with no tie and four cargo-style pockets, some pointed out. The jacket was suit shaped, but it didn’t quite fit everyone’s definition of formal dress. And, perhaps most telling on the side of “not an actual suit,” he was wearing tennis shoes.According to the “rules” underneath the bet, the market would resolve as a “yes” if the Ukrainian president is photographed or videotaped wearing a suit. “The resolution will be the consensus of credible reporting.”
All the credible reporting around the scene described Zelenskyy’s outfit as a suit. He’s known for wearing military style outfits so the sudden formal outfit generated a lot of headlines. Reuters said the outfit was “suit-style,” a Fox News pundit joked that Trump won’t recognize Zelenskyy because he’s wearing a suit, and the NY Post said that he ditched a “T-shirt for a suit.” There were many more media outlets that noted the fashion upgrade.
At first, the betting market agreed with them. It resolved the bet as a “yes,” but the site’s “no” holders flagged the issue for a disputed resolution. Polymarket kicked the question to a third party, which considered the issue and changed the outcome to a “no.”
Some disputes on Polymarket, like this one, are resolved through a blockchain based third party system called UMA. In this system, the question of how to resolve a disputed market gets thrown to people who hold UMA tokens and who are, in theory, impartial. Holding a UMA token buys you a voice in the debate, which plays out in Discord servers and can be watched by the public.
On social media and in Discord, people are accusing UMA token holders of placing side bets on the suit question and attempting to manipulate the market so one side wins. The Discord conversation is full of people claiming UMA has failed and that Polymarket’s administrators are manipulating it directly.
“At the time of this clarification, 09:33am ET July 01, a consensus of credible reporting has not confirmed that Zelenskyy has worn a suit,” Polymarket administrators wrote below the bet. It did not elaborate on what amounted to a “consensus of credible reporting” and it didn’t return 404 Media’s request for a comment on the issue.
Unhappy “yes” betters disputed this resolution and it’s still in review at the time of publication. According to a timer on the bet, Polymarket will issue a final answer to the question by the end of the day.
So. Is it a suit or isn’t it? According to menswear expert and prolific fashion poster Derek Guy, it’s both. “If I were writing an article about Zelenskyy's dress, I would call it a suit because it's the shortest, easiest way to describe his outfit without getting into the history of men's tailoring. But I would also recognize this is not what most people recognize as a suit,” Guy said in a thread about the controversy on X.
The suit, then, is in the eye of the beholder. The problem is that people have bet more than $160 million on the outcome of the question.
Zelensky ditches T-shirt for a suit for sit-down meeting with President Trump
“I thank Mr President, I thank the United States,” Zelensky said.Anthony Blair (New York Post)
Anubis, which block AI scrapers from scraping websites to death, has been downloaded almost 200,000 times.#News
The Open-Source Software Saving the Internet From AI Bot Scrapers
For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a “program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies,” has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture.Iaso decided to develop Anubis after discovering that her own Git server was struggling with AI scrapers, bots that crawl the web hoovering up anything that can be used for the training data that power AI models. Like many libraries, archives, and other small organizations, Iaso discovered her Git server was getting slammed only when it stopped working.
“I wasn't able to load it in my browser. I thought, huh, that's strange,” Iaso told me on a call. “So I looked at the logs and I figured out that it's restarted about 500 times in the last two days. So I looked in the access logs and I saw that [an] Amazon [bot] was clicking on every single link.”
Iaso knew it was an Amazon bot because it self identified as such. She said she considered withdrawing the Git server from the open web but that because she wants to keep some of the source code hosted there open to the public, she tried to stop the Amazon bot instead.
“I tried some things that I can’t admit in a recorded environment. None of them worked. So I had a bad idea,” she said. “I implemented some code. I put it up on GitHub in an experimental project dumping ground, and then the GNOME desktop environment started using it as a Hail Mary. And that's about when I knew that I had something on my hands.”
There are several ways people and organizations are trying to stop bots at the moment. Historically, robots.txt, a file sites could use to tell automated tools not to scrape, was a respected and sufficient norm for this purpose, but since the generative AI boom, major AI companies as well as less established companies and even individuals, often ignored it. CAPTCHAs, the little tests users take to prove they’re not a robot, aren’t great, Iaso said, because some AI bot scrapers have CAPTCHA solvers built in. Some developers have created “infinite mazes” that send AI bot scrapers from useless link to useless link, diverting them from the actual sites humans use and wasting their time. Cloudflare, the ubiquitous internet infrastructure company, has created a similar “AI labyrinth” feature to trap bots.
Iaso, who said she deals with some generative AI at her day job, told me that “from what I have learned, poisoning datasets doesn't work. It makes you feel good, but it ends up using more compute than you end up saving. I don't know the polite way to say this, but if you piss in an ocean, the ocean does not turn into piss.”
In other words, Iaso thinks that it might be fun to mess with the AI bots that are trying to mess with the internet, but in many cases it’s not practical to send them on these wild goose chases because it requires resources Cloudflare might have, but small organizations and individuals don’t.
“Anubis is an uncaptcha,” Iaso explains on her site. “It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server.”
Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.
Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we’ve repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she’s working on a non cryptographic challenge so it taxes users’ CPUs less, and also thinking about a version that doesn’t require JavaScript, which some privacy-minded disable in their browsers.
The biggest challenge in developing Anubis, Iaso said, is finding the balance.
“The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives,” she said. “And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario.”
Iaso has a Patreon and is also supported by sponsors on Github who use Anubis, but she said she still doesn’t have enough financial support to develop it full time. She said that if she had the funding, she’d also hire one of the main contributors to the project. Ultimately, Anubis will always need more work because it is a never ending cat and mouse game between AI bot scrapers and the people trying to stop them.
Iaso said she thinks AI companies follow her work, and that if they really want to stop her and Anubis they just need to distract her.
“If you are working at an AI company, here's how you can sabotage Anubis development as easily and quickly as possible,” she wrote on her site. “So first is quit your job, second is work for Square Enix, and third is make absolute banger stuff for Final Fantasy XIV. That’s how you can sabotage this the best.”
Developer Creates Infinite Maze That Traps AI Training Bots
"Nepenthes generates random links that always point back to itself - the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself."Jason Koebler (404 Media)
Airline-Owned Data Broker Selling Your Flight Info to DHS Finally Registers as a Data Broker
It’s a legal requirement for data brokers to register in the state of California. ARC, the airlines-owned data broker that has been selling your flight information to the government for years, only just registered after being contacted by the office …Joseph Cox (404 Media)
A free tool that allows anyone to upload a photo of an LAPD officer to get their name and badge number.#News
‘FuckLAPD.com’ Lets Anyone Use Facial Recognition to Instantly Identify Cops
A new site, FuckLAPD.com, is using public records and facial recognition technology to allow anyone to identify police officers in Los Angeles they have a picture of. The tool, made by artist Kyle McDonald, is designed to help people identify cops who may otherwise try to conceal their identity, such as covering their badge or serial number.“We deserve to know who is shooting us in the face even when they have their badge covered up,” McDonald told me when I asked if the site was made in response to police violence during the LA protests against ICE that started earlier this month. “fucklapd.com is a response to the violence of the LAPD during the recent protests against the horrific ICE raids. And more broadly—the failure of the LAPD to accomplish anything useful with over $2B in funding each year.”
“Cops covering up their badges? ID them with their faces instead,” the site, which McDonald said went live this Saturday. The tool allows users to upload an image of a police officer’s face to search over 9,000 LAPD headshots obtained via public record requests. The site says image processing happens on the device, and no photos or data are transmitted or saved on the site. “Blurry, low-resolution photos will not match,” the site says.
“fucklapd.com uses data provided by the City of Los Angeles directly to the public,” McDonald told me in an email. “This data has been provided in response to either public records requests or public records lawsuits. That means all of this information belongs to the public and is a matter of public record. fucklapd.com is not scraping any data.”
In addition to potentially identifying officers by name and serial number, FuckLAPD.com also pulls up a police officer’s salary.
“Surprisingly it [the domain name] only costs $10 a year to exercise my first amendment right to say fucklapd.com,” McDonald said.
playlist.megaphone.fm?p=TBIEA2…
I tested the tools by grabbing an image of a white and bald police officer from an LAPD press conference addressing its use of force during the anti-ICE protests in Los Angeles. I uploaded the image to the site, and within a few seconds the site presented me with nine headshots of officers who could be possible matches, all of them bald white men. The first correctly identified the cop in the image I uploaded.Clicking “view profile” under the result sent me to the Watch the Watchers site by the Stop LAPD Spying Coalition, a community group based in the Skid Row neighborhood of downtown Los Angeles. “All of the information on this website comes from records that were deliberately made public by the City of Los Angeles in response to either public records requests or public records lawsuits,” the Watch the Watchers site says. “We plan to keep refreshing this data from new public records requests as well as to add other data.” Stop LAPD Spying Coalition is not associated with FuckLAPD.com and did not endorse the site.
McDonald told me that since the site launched, it had around 50,000 visitors, but “Because the analysis happens on-device I have no way of knowing what people are using it for, except for some people who have posted screenshots to Twitter or Instagram,” he said.
In 2018 McDonald made another tool called ICEspy which used hundreds of photos of ICE employees from LinkedIn and does much the same thing as FuckLAPD.com. “This app is designed to highlight and embarrass the organization committing atrocities against refugees and immigrants to the United States,” ICEspy’s website says. That tool originally used a Microsoft API, before Microsoft restricted access to it. McDonald said on X that he recently relaunched the tool to run locally on devices. 404 Media tested ICEspy using images of ICE employees on LinkedIn to verify if the tool worked and each result was incorrect; McDonald indicated on X he was looking for others to re-scrape LinkedIn and update the database.
Over the last few months ICE officers have consistently worn masks, neck gaiters, sunglasses, and baseball caps to shield their identity while often refusing to provide their name or even confirm the agency they belong to. This includes while violently assaulting people, detaining U.S. citizens, and pointing weapons at bystanders, leaving little room for recourse or accountability against the individual agents or the agency.
ICE’s constant use of masks has created a climate where people cannot be sure that the heavily armed group of men coming towards them are really federal agents or not. In Philadelphia, a man pretended to be an ICE agent in order to rob an auto repair shop and zip tie an employee. In Brooklyn, a man posed as an immigration officer before attempting to rape a woman.
ICE claims that assaults against its officers have increased by 413 percent, and use this as the justification for covering their faces. But as Philip Bump showed in the Washington Postthere are still plenty of questions about those numbers and their accuracy. ICE says its officers’ family members have been doxed too.
Neither the LAPD or ICE responded to a request for comment.
Joseph Cox contributed reporting.
Woman says man posed as ICE agent before attempted rape in Brooklyn
A 51-year-old woman was approached by a man who said he was an ICE agent before attempting to sexually assault her.Eyewitness News (ABC7 New York)
