404 Media

2025-03-26 15:47:36

You Need to Use Signal's Nickname Feature

You all already know the story about national security leaders, Signal, and The Atlantic by now. But to summarize in one sentence: a top U.S. official accidentally added the editor-in-chief of The Atlantic to a group chat on the secure messaging app Signal, and members of the group chat then discussed plans for striking Houthi targets (and with what weapons) before they happened or were public knowledge, resulting in a catastrophic leak of information bringing up all sorts of questions about why top U.S. brass were sharing these details on a consumer app, potentially on their personal phones, and not a communications channel approved for the sharing of classified information or combat plans.

According to screenshots of the chats and the group chat’s members published by The Atlanticon Wednesday, the outlet’s editor Jeffrey Goldberg used the display name “JG” on Signal. He also said in the original article that he displayed as JG. Presumably National Security Adviser Michael Waltz, who accidentally added Goldberg, added the wrong JG. This is a big, big mistake obviously.

But there is a somewhat overlooked setting inside Signal that can ensure you don’t make the same mistake. It’s the nickname feature. First, take a look at my Signal when I search for “Jason” when trying to make a new group and add members to it.

What a total fucking mess. As a journalist I receive Signal messages constantly, all day, every day, from people I know and people I don’t. More times than I can literally count, these people use or have names that are the same as people I’ve already spoken to. It gets even worse when someone pinging me uses the display name “M” or “A” or some other single initial.

A couple of those Jasons are Signal accounts belonging to 404 Media co-founder Jason Koebler, who I often have to add to group chats or talk to. But definitely not all of them. So, when creating a new group, I have to figure out, god, which Jason is the Jason I want to add this time. Previously I’ve worked it out by backing out of the create group section, finding the Jason I want, verifying their phone number if it’s available by clicking on my chat settings with them (which it seems you can’t do from within Signal’s create a group section), remembering what color Jason it is, then adding them. This information isn’t available for every contact though.

There is a much easier way, but it requires you to be proactive. You can add your own nickname to a Signal contact by clicking on the person’s profile picture in a chat with them then clicking “Nickname.” Signal says “Nicknames & notes are stored with Signal and end-to-end encrypted. They are only visible to you.” So, you can add a nickname to a Jason saying “co-founder,” or maybe “national security adviser,” and no one else is going to see it. Just you. When you’re trying to make a group chat, perhaps.

See what my Signal looks like after I use the nickname feature to label the correct Jason with “404”:

Signal could improve its user interface around groups and people with duplicate display names. But maybe, also don’t plan sensitive military operations in a group chat like this either.

Here Are the Attack Plans That Trump’s Advisers Shared on Signal

The administration has downplayed the importance of the text messages inadvertently sent to The Atlantic’s editor in chief.

^{Jeffrey Goldberg (The Atlantic)}

404 Media

2025-03-25 14:27:34

Texans Might Soon Have to Show Photo ID to Buy a Dildo Online

A newly introduced bill in Texas would require online sellers to show a photo ID before buying a dildo.

SB 3003, introduced by Senator Angela Paxton (wife of Texas Attorney General Ken Paxton), would criminally charge online retailers for selling “an obscene device” without verifying the buyers’ age. Sellers would have to require customers to submit their government-issued photographic identification, or use “third-party age verification services that use public records or other reliable sources to verify the purchaser's identity and age,” the bill says. Owning a credit card, which already requires the holder to be over 18 years of age, would not be enough.

Like the regressive and ineffective adult site age verification laws passing all across the country in the last few years, this law would drag Texans back to a not-so-distant time when sex toy sellers had to pretend vibrators were for “massage.”

Hallie Lieberman, journalist and author of Buzz: A Stimulating History of the Sex Toy, sold sex toys in Texas in the early 2000s under the state’s “six dildo” law, which criminalizes the possession of six or more “obscene devices,” defined as "a device including a dildo or artificial vagina, designed or marketed as useful primarily for the stimulation of human genital organs." That law is still on the books but is now considered unenforceable and unconstitutional. Lieberman told me sellers got around the law by claiming the toys were for “medical purposes.” This bill could send retailers back to that time.

“I can see something like that happening again, with people saying on their sex toy store websites that vibrators are for back massage and butt plugs are for rectal strengthening,” Lieberman said. “It's similar to how sex toys were marketed in the early 20th century to get around obscenity laws and the Comstock Act (which unfortunately still exists and may be used to prevent access to contraceptives and sex toys nationwide.) Butt plugs were sold as cures for asthma and vibrators for sciatica. We are literally going back in time with this law.”

Age Verification Laws Drag Us Back to the Dark Ages of the Internet
Invasive and ineffective age verification laws that require users show government-issued ID, like a driver’s license or passport, are passing like wildfire across the U.S.
404 MediaEmanuel Maiberg

Lieberman told me she had to call the clitoris “the man in the boat” at the time to avoid breaking the law. “When we can't speak openly about our bodies and sexual pleasure, when we're forced to use euphemisms, we not only are under informed about our bodies, but we also feel shame in seeking out pleasure,” she said.

Like age verification laws for websites, the bill would make buying sex toys online harder for everyone, not just minors, and would send consumers to less-safe retailers with lower-quality, possibly dangerous toys. And also like those laws, people who do upload their government ID or undergo other age verification measures could risk having their purchases exposed to a hostile government.

“The government should not have a record of what sex toys we buy. This isn't just a frivolous concern,” Lieberman said. “In a nation where the president has declared that there are only two genders and that transgender people don't exist, where trans people are erased from government websites and kicked out of the military, it would be dangerous for the government to have a record that you purchased sex toys designed for trans people. Imagine you're a school teacher at a public school in Texas and there's a record you purchased a sex toy designed for queer people in a state where a parental bill of rights bill was just passed prohibiting discussion of sexual orientation in schools.”

"We are literally going back in time with this law."

Texas legislators have been trying to limit access to sex toys for their constituents for years. In late 2024, Hillary Hickland, a freshman member of Texas’ Republican House, introduced a bill that would ban retailers in the state from selling sex toys unless they file paperwork to become sexually oriented businesses—effectively forcing stores like Walmart, CVS and Target, which sell vibrators and other sex toys, to take those products off their shelves and forcing brick-and-mortar boutiques to verify the ages of all customers. The bill was referred to Texas’ Trade, Workforce & Economic Development committee earlier this month.

Paxton’s bill would charge online retailers with a Class A Misdemeanor if they don’t verify ages, and would open them up to fines up to $5,000 for each violation.

Paxton did not respond to a request for comment.

Age Verification Laws Drag Us Back to the Dark Ages of the Internet

Invasive and ineffective age verification laws that require users show government-issued ID, like a driver's license or passport, are passing like wildfire across the U.S.

^{Emanuel Maiberg (404 Media)}

404 Media

2025-03-24 14:57:26

DNA of 15 Million People for Sale in 23andMe Bankruptcy

23andMe filed for Chapter 11 bankruptcy Sunday, leaving the fate of millions of people’s genetic information up in the air as the company deals with the legal and financial fallout of not properly protecting that genetic information in the first place. The filing shows how dangerous it is to provide your DNA directly to a large, for-profit commercial genetic database; 23andMe is now looking for a buyer to pull it out of bankruptcy.

23andMe said in court documents viewed by 404 Media that since hackers obtained personal data about seven million of its customers in October 2023, including, in some cases “health-related information based upon the user’s genetics,” it has faced “over 50 class action and state court lawsuits,” and that “approximately 35,000 claimants have initiated, filed, or threatened to commence arbitration claims against the company.” It is seeking bankruptcy protection in part to simplify the fallout of these legal cases, and because it believes it may not have money to pay for the potential damages associated with these cases.

CEO and cofounder Anne Wojcicki announced she is leaving the company as part of this process. The company has the genetic data of more than 15 million customers.

According to its Chapter 11 filing, 23andMe owes money to a host of pharmaceutical companies, pharmacies, artificial intelligence companies (including a company called Aganitha AI and Coreweave), as well as health insurance companies and marketing companies.

The filing is a devastating reminder that once you give your genetic information to a company like 23andMe, there is no way to have any clue what is going to happen to that data, how it is going to be analyzed, how it is going to be monetized, how it is going to be protected from hackers, and who it is going to be shared with for profit. Sharing your own DNA with 23andMe also necessarily implicates your close family members, who may or may not want their genetic information submitted to a company that is financially precarious and sitting on a trove of highly sensitive information.

On Friday, California Attorney General Rob Bonta issued an “urgent” alert to 23andMe customers telling them to ask the company to delete their data and destroy their genetic samples under a California privacy law: “Given 23andMe’s reported financial distress, I remind Californians to consider invoking their rights and directing 23andMe to delete their data and destroy any samples of genetic material held by the company.”

Other genetic sequencing companies have shared customer information with police and governments, pharmaceutical companies, and health insurers. GED Match, a non-profit that once claimed it would protect customers’ genetic data, was sold to a for-profit company called Verogen, which works with the FBI and was later sold to a Dutch multinational conglomerate. Police now regularly attempt to identify suspects using information pulled from commercial genetic databases like the one that 23andMe has created.

23andMe’s bankruptcy means that the company will be put up for sale, and there’s no way of knowing who is going to buy it, why they will be interested, and what will become of its millions of customers’ DNA sequences. 23andMe has claimed over the years that it strongly resists law enforcement requests for information and that it takes customer security seriously. But the company has in recent years changed its terms of service, partnered with big pharmaceutical companies, and, of course, was hacked.

In a letter to customers Sunday, 23andMe said “Your data remains protected. The Chapter 11 filing does not change how we store, manage, or protect customer data. Our users’ privacy and data are important considerations in any transaction, and we remain committed to our users’ privacy and to being transparent with our customers about how their data is managed.” It added that any buyer will have to “comply with applicable law with respect to the treatment of customer data,” which means essentially nothing because there are few laws that protect against the monetization of customer genetic data, as evidenced by the fact that other genetic databases proactively offer information to law enforcement and partner with big pharma.

The company now could be sold to anyone, and there is no way to know what that buyer will want to do with the reams of genetic information it has collected. Customers, meanwhile, still have no way to change their underlying genetic data.

An Open Letter to 23andMe Customers - 23andMe Blog

An Open Letter to 23andMe Customers

^23andMe