404 Media

2025-07-07 19:28:07

Polymarket Gamblers Go to War Over Whether Zelenskyy Wore a Suit

Polymarket, an online betting marketplace that bills itself as the future of news, can’t decide whether or not Ukrainian president Volodomyr Zelenskyy wore a suit during a recent appearance in Europe. The gambling site is set to make a final judgement about the question in a few hours and more than $160 million in crypto is riding on it.

Polymarket is a gambling website where users predict the outcome of binary events. It gained prominence in the runup to the 2024 election, signed an exclusivity deal with X in June, and sees itself not just as an online betting parlor, but as an arbiter of truth. Its founder, Shayne Coplan, thinks that the future of media belongs to a website made for degenerate gamblers to make silly bets.
playlist.megaphone.fm?p=TBIEA2…
And yet this arbiter of truth had trouble figuring out if Zelenskyy wore a suit at the end of June during a NATO summit. The bet, started on May 22, is simple: “Will Zelenskyy wear a suit before July?” The answer, it turns out, is pretty hard. When Zelenskyy showed up at a NATO summit wearing a tailored jacket and a button up shirt, a stark contrast to his more casual military style garb, a community-run Polymarket account posted, “President Zelenskyy in a suit last night.”

President Zelenskyy in a suit last night pic.twitter.com/Uo3Rhuzkq1
— Polymarket Intel (@PolymarketIntel) June 25, 2025

But people who bet “no” cried foul, complaining that he wasn’t actually wearing a suit on social media and in Polymarket hosted chat rooms. Zelenskyy’s “suit” was an all black get-up with no tie and four cargo-style pockets, some pointed out. The jacket was suit shaped, but it didn’t quite fit everyone’s definition of formal dress. And, perhaps most telling on the side of “not an actual suit,” he was wearing tennis shoes.

According to the “rules” underneath the bet, the market would resolve as a “yes” if the Ukrainian president is photographed or videotaped wearing a suit. “The resolution will be the consensus of credible reporting.”

All the credible reporting around the scene described Zelenskyy’s outfit as a suit. He’s known for wearing military style outfits so the sudden formal outfit generated a lot of headlines. Reuters said the outfit was “suit-style,” a Fox News pundit joked that Trump won’t recognize Zelenskyy because he’s wearing a suit, and the NY Post said that he ditched a “T-shirt for a suit.” There were many more media outlets that noted the fashion upgrade.

At first, the betting market agreed with them. It resolved the bet as a “yes,” but the site’s “no” holders flagged the issue for a disputed resolution. Polymarket kicked the question to a third party, which considered the issue and changed the outcome to a “no.”

Some disputes on Polymarket, like this one, are resolved through a blockchain based third party system called UMA. In this system, the question of how to resolve a disputed market gets thrown to people who hold UMA tokens and who are, in theory, impartial. Holding a UMA token buys you a voice in the debate, which plays out in Discord servers and can be watched by the public.

On social media and in Discord, people are accusing UMA token holders of placing side bets on the suit question and attempting to manipulate the market so one side wins. The Discord conversation is full of people claiming UMA has failed and that Polymarket’s administrators are manipulating it directly.

“At the time of this clarification, 09:33am ET July 01, a consensus of credible reporting has not confirmed that Zelenskyy has worn a suit,” Polymarket administrators wrote below the bet. It did not elaborate on what amounted to a “consensus of credible reporting” and it didn’t return 404 Media’s request for a comment on the issue.

Unhappy “yes” betters disputed this resolution and it’s still in review at the time of publication. According to a timer on the bet, Polymarket will issue a final answer to the question by the end of the day.

So. Is it a suit or isn’t it? According to menswear expert and prolific fashion poster Derek Guy, it’s both. “If I were writing an article about Zelenskyy's dress, I would call it a suit because it's the shortest, easiest way to describe his outfit without getting into the history of men's tailoring. But I would also recognize this is not what most people recognize as a suit,” Guy said in a thread about the controversy on X.

The suit, then, is in the eye of the beholder. The problem is that people have bet more than $160 million on the outcome of the question.

Zelensky ditches T-shirt for a suit for sit-down meeting with President Trump

“I thank Mr President, I thank the United States,” Zelensky said.

^{Anthony Blair (New York Post)}

404 Media

2025-07-07 13:16:50

The Open-Source Software Saving the Internet From AI Bot Scrapers

For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a “program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies,” has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture.

Iaso decided to develop Anubis after discovering that her own Git server was struggling with AI scrapers, bots that crawl the web hoovering up anything that can be used for the training data that power AI models. Like many libraries, archives, and other small organizations, Iaso discovered her Git server was getting slammed only when it stopped working.

“I wasn't able to load it in my browser. I thought, huh, that's strange,” Iaso told me on a call. “So I looked at the logs and I figured out that it's restarted about 500 times in the last two days. So I looked in the access logs and I saw that [an] Amazon [bot] was clicking on every single link.”

Iaso knew it was an Amazon bot because it self identified as such. She said she considered withdrawing the Git server from the open web but that because she wants to keep some of the source code hosted there open to the public, she tried to stop the Amazon bot instead.

“I tried some things that I can’t admit in a recorded environment. None of them worked. So I had a bad idea,” she said. “I implemented some code. I put it up on GitHub in an experimental project dumping ground, and then the GNOME desktop environment started using it as a Hail Mary. And that's about when I knew that I had something on my hands.”

There are several ways people and organizations are trying to stop bots at the moment. Historically, robots.txt, a file sites could use to tell automated tools not to scrape, was a respected and sufficient norm for this purpose, but since the generative AI boom, major AI companies as well as less established companies and even individuals, often ignored it. CAPTCHAs, the little tests users take to prove they’re not a robot, aren’t great, Iaso said, because some AI bot scrapers have CAPTCHA solvers built in. Some developers have created “infinite mazes” that send AI bot scrapers from useless link to useless link, diverting them from the actual sites humans use and wasting their time. Cloudflare, the ubiquitous internet infrastructure company, has created a similar “AI labyrinth” feature to trap bots.

Iaso, who said she deals with some generative AI at her day job, told me that “from what I have learned, poisoning datasets doesn't work. It makes you feel good, but it ends up using more compute than you end up saving. I don't know the polite way to say this, but if you piss in an ocean, the ocean does not turn into piss.”

In other words, Iaso thinks that it might be fun to mess with the AI bots that are trying to mess with the internet, but in many cases it’s not practical to send them on these wild goose chases because it requires resources Cloudflare might have, but small organizations and individuals don’t.

“Anubis is an uncaptcha,” Iaso explains on her site. “It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server.”

Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.

Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we’ve repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she’s working on a non cryptographic challenge so it taxes users’ CPUs less, and also thinking about a version that doesn’t require JavaScript, which some privacy-minded disable in their browsers.

The biggest challenge in developing Anubis, Iaso said, is finding the balance.

“The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives,” she said. “And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario.”

Iaso has a Patreon and is also supported by sponsors on Github who use Anubis, but she said she still doesn’t have enough financial support to develop it full time. She said that if she had the funding, she’d also hire one of the main contributors to the project. Ultimately, Anubis will always need more work because it is a never ending cat and mouse game between AI bot scrapers and the people trying to stop them.

Iaso said she thinks AI companies follow her work, and that if they really want to stop her and Anubis they just need to distract her.

“If you are working at an AI company, here's how you can sabotage Anubis development as easily and quickly as possible,” she wrote on her site. “So first is quit your job, second is work for Square Enix, and third is make absolute banger stuff for Final Fantasy XIV. That’s how you can sabotage this the best.”

Developer Creates Infinite Maze That Traps AI Training Bots

"Nepenthes generates random links that always point back to itself - the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself."

^{Jason Koebler (404 Media)}

404 Media

2025-06-24 13:43:47

‘FuckLAPD.com’ Lets Anyone Use Facial Recognition to Instantly Identify Cops

A new site, FuckLAPD.com, is using public records and facial recognition technology to allow anyone to identify police officers in Los Angeles they have a picture of. The tool, made by artist Kyle McDonald, is designed to help people identify cops who may otherwise try to conceal their identity, such as covering their badge or serial number.

“We deserve to know who is shooting us in the face even when they have their badge covered up,” McDonald told me when I asked if the site was made in response to police violence during the LA protests against ICE that started earlier this month. “fucklapd.com is a response to the violence of the LAPD during the recent protests against the horrific ICE raids. And more broadly—the failure of the LAPD to accomplish anything useful with over $2B in funding each year.”

“Cops covering up their badges? ID them with their faces instead,” the site, which McDonald said went live this Saturday. The tool allows users to upload an image of a police officer’s face to search over 9,000 LAPD headshots obtained via public record requests. The site says image processing happens on the device, and no photos or data are transmitted or saved on the site. “Blurry, low-resolution photos will not match,” the site says.

“fucklapd.com uses data provided by the City of Los Angeles directly to the public,” McDonald told me in an email. “This data has been provided in response to either public records requests or public records lawsuits. That means all of this information belongs to the public and is a matter of public record. fucklapd.com is not scraping any data.”

In addition to potentially identifying officers by name and serial number, FuckLAPD.com also pulls up a police officer’s salary.

“Surprisingly it [the domain name] only costs $10 a year to exercise my first amendment right to say fucklapd.com,” McDonald said.
playlist.megaphone.fm?p=TBIEA2…
I tested the tools by grabbing an image of a white and bald police officer from an LAPD press conference addressing its use of force during the anti-ICE protests in Los Angeles. I uploaded the image to the site, and within a few seconds the site presented me with nine headshots of officers who could be possible matches, all of them bald white men. The first correctly identified the cop in the image I uploaded.

Clicking “view profile” under the result sent me to the Watch the Watchers site by the Stop LAPD Spying Coalition, a community group based in the Skid Row neighborhood of downtown Los Angeles. “All of the information on this website comes from records that were deliberately made public by the City of Los Angeles in response to either public records requests or public records lawsuits,” the Watch the Watchers site says. “We plan to keep refreshing this data from new public records requests as well as to add other data.” Stop LAPD Spying Coalition is not associated with FuckLAPD.com and did not endorse the site.

McDonald told me that since the site launched, it had around 50,000 visitors, but “Because the analysis happens on-device I have no way of knowing what people are using it for, except for some people who have posted screenshots to Twitter or Instagram,” he said.

In 2018 McDonald made another tool called ICEspy which used hundreds of photos of ICE employees from LinkedIn and does much the same thing as FuckLAPD.com. “This app is designed to highlight and embarrass the organization committing atrocities against refugees and immigrants to the United States,” ICEspy’s website says. That tool originally used a Microsoft API, before Microsoft restricted access to it. McDonald said on X that he recently relaunched the tool to run locally on devices. 404 Media tested ICEspy using images of ICE employees on LinkedIn to verify if the tool worked and each result was incorrect; McDonald indicated on X he was looking for others to re-scrape LinkedIn and update the database.

Over the last few months ICE officers have consistently worn masks, neck gaiters, sunglasses, and baseball caps to shield their identity while often refusing to provide their name or even confirm the agency they belong to. This includes while violently assaulting people, detaining U.S. citizens, and pointing weapons at bystanders, leaving little room for recourse or accountability against the individual agents or the agency.

ICE’s constant use of masks has created a climate where people cannot be sure that the heavily armed group of men coming towards them are really federal agents or not. In Philadelphia, a man pretended to be an ICE agent in order to rob an auto repair shop and zip tie an employee. In Brooklyn, a man posed as an immigration officer before attempting to rape a woman.

ICE claims that assaults against its officers have increased by 413 percent, and use this as the justification for covering their faces. But as Philip Bump showed in the Washington Postthere are still plenty of questions about those numbers and their accuracy. ICE says its officers’ family members have been doxed too.

Neither the LAPD or ICE responded to a request for comment.

Joseph Cox contributed reporting.

Woman says man posed as ICE agent before attempted rape in Brooklyn

A 51-year-old woman was approached by a man who said he was an ICE agent before attempting to sexually assault her.

^{Eyewitness News (ABC7 New York)}

404 Media

2025-06-11 16:45:52

Wikipedia Pauses AI-Generated Summaries After Editor Backlash

The Wikimedia Foundation, the nonprofit organization which hosts and develops Wikipedia, has paused an experiment that showed users AI-generated summaries at the top of articles after an overwhelmingly negative reaction from the Wikipedia editors community.

“Just because Google has rolled out its AI summaries doesn't mean we need to one-up them, I sincerely beg you not to test this, on mobile or anywhere else,” one editor said in response to Wikimedia Foundation’s announcement that it will launch a two-week trial of the summaries on the mobile version of Wikipedia. “This would do immediate and irreversible harm to our readers and to our reputation as a decently trustworthy and serious source. Wikipedia has in some ways become a byword for sober boringness, which is excellent. Let's not insult our readers' intelligence and join the stampede to roll out flashy AI summaries. Which is what these are, although here the word ‘machine-generated’ is used instead.”

Two other editors simply commented, “Yuck.”

For years, Wikipedia has been one of the most valuable repositories of information in the world, and a laudable model for community-based, democratic internet platform governance. Its importance has only grown in the last couple of years during the generative AI boom as it’s one of the only internet platforms that has not been significantly degraded by the flood of AI-generated slop and misinformation. As opposed to Google, which since embracing generative AI has instructed its users to eat glue, Wikipedia’s community has kept its articles relatively high quality. As I recently reported last year, editors are actively working to filter out bad, AI-generated content from Wikipedia.

A page detailing the the AI-generated summaries project, called “Simple Article Summaries,” explains that it was proposed after a discussion at Wikimedia’s 2024 conference, Wikimania, where “Wikimedians discussed ways that AI/machine-generated remixing of the already created content can be used to make Wikipedia more accessible and easier to learn from.” Editors who participated in the discussion thought that these summaries could improve the learning experience on Wikipedia, where some article summaries can be quite dense and filled with technical jargon, but that AI features needed to be cleared labeled as such and that users needed an easy to way to flag issues with “machine-generated/remixed content once it was published or generated automatically.”

In one experiment where summaries were enabled for users who have the Wikipedia browser extension installed, the generated summary showed up at the top of the article, which users had to click to expand and read. That summary was also flagged with a yellow “unverified” label.
An example of what the AI-generated summary looked like.
Wikimedia announced that it was going to run the generated summaries experiment on June 2, and was immediately met with dozens of replies from editors who said “very bad idea,” “strongest possible oppose,” Absolutely not,” etc.

“Yes, human editors can introduce reliability and NPOV [neutral point-of-view] issues. But as a collective mass, it evens out into a beautiful corpus,” one editor said. “With Simple Article Summaries, you propose giving one singular editor with known reliability and NPOV issues a platform at the very top of any given article, whilst giving zero editorial control to others. It reinforces the idea that Wikipedia cannot be relied on, destroying a decade of policy work. It reinforces the belief that unsourced, charged content can be added, because this platforms it. I don't think I would feel comfortable contributing to an encyclopedia like this. No other community has mastered collaboration to such a wondrous extent, and this would throw that away.”

A day later, Wikimedia announced that it would pause the launch of the experiment, but indicated that it’s still interested in AI-generated summaries.

“The Wikimedia Foundation has been exploring ways to make Wikipedia and other Wikimedia projects more accessible to readers globally,” a Wikimedia Foundation spokesperson told me in an email. “This two-week, opt-in experiment was focused on making complex Wikipedia articles more accessible to people with different reading levels. For the purposes of this experiment, the summaries were generated by an open-weight Aya model by Cohere. It was meant to gauge interest in a feature like this, and to help us think about the right kind of community moderation systems to ensure humans remain central to deciding what information is shown on Wikipedia.”

“It is common to receive a variety of feedback from volunteers, and we incorporate it in our decisions, and sometimes change course,” the Wikimedia Foundation spokesperson added. “We welcome such thoughtful feedback — this is what continues to make Wikipedia a truly collaborative platform of human knowledge.”

“Reading through the comments, it’s clear we could have done a better job introducing this idea and opening up the conversation here on VPT back in March,” a Wikimedia Foundation project manager said. VPT, or “village pump technical,” is where The Wikimedia Foundation and the community discuss technical aspects of the platform. “As internet usage changes over time, we are trying to discover new ways to help new generations learn from Wikipedia to sustain our movement into the future. In consequence, we need to figure out how we can experiment in safe ways that are appropriate for readers and the Wikimedia community. Looking back, we realize the next step with this message should have been to provide more of that context for you all and to make the space for folks to engage further.”

The project manager also said that “Bringing generative AI into the Wikipedia reading experience is a serious set of decisions, with important implications, and we intend to treat it as such, and that “We do not have any plans for bringing a summary feature to the wikis without editor involvement. An editor moderation workflow is required under any circumstances, both for this idea, as well as any future idea around AI summarized or adapted content.”

The Editors Protecting Wikipedia from AI Hoaxes

WikiProject AI Cleanup is protecting Wikipedia from the same kind of misleading AI-generated information that has plagued the rest of the internet.

^{Emanuel Maiberg (404 Media)}

404 Media

2025-06-09 14:00:42

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

This article was produced with support from WIRED.

A cybersecurity researcher was able to figure out the phone number linked to any Google account, information that is usually not public and is often sensitive, according to the researcher, Google, and 404 Media’s own tests.

The issue has since been fixed but at the time presented a privacy issue in which even hackers with relatively few resources could have brute forced their way to peoples’ personal information.

“I think this exploit is pretty bad since it's basically a gold mine for SIM swappers,” the independent security researcher who found the issue, who goes by the handle brutecat, wrote in an email. SIM swappers are hackers who take over a target's phone number in order to receive their calls and texts, which in turn can let them break into all manner of accounts.

In mid-April, we provided brutecat with one of our personal Gmail addresses in order to test the vulnerability. About six hours later, brutecat replied with the correct and full phone number linked to that account.

“Essentially, it's bruting the number,” brutecat said of their process. Brute forcing is when a hacker rapidly tries different combinations of digits or characters until finding the ones they’re after. Typically that’s in the context of finding someone’s password, but here brutecat is doing something similar to determine a Google user’s phone number.

Upgrade to continue reading

Become a paid member to get access to all premium content
Upgrade

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

^{Joseph Cox (404 Media)}