Online tipsters have had a mixed record when it comes to providing
information about mass casualty incidents. But Rhode Island
Attorney General Peter Neronha said this Reddit user “blew the
case wide open” after posting about their encounter on Saturday
with the suspect.
“I’m being dead serious,” wrote the Reddit user, identified in an
affidavit as “John,” three days after the shootings at Brown. “The
police need to look into a grey Nissan with Florida plates,
possibly a rental.”
TAE Technologies’ fusion research reactor ‘Norm.’ | Photo: TAE Technologies
Trump Media - yup, the parent company of Truth Social - is the latest entrant in the near century-long race to develop a nuclear fusion power plant. It announced a merger agreement with fusion company TAE Technologies on Thursday and a bold plan to break ground on the first utility-scale fusion plant some time in 2026.
TAE doesn't plan to start generating power from its first plant until 2031, which is still an incredibly ambitious timeline. There will likely be a myriad of financial and regulatory issues to contend with along the way, of course. But the scientific and engineering challenges to overcome, which we'll dive into here, are also …
In the Settings section of the Passwords app, there’s an option to
manage websites where passwords are not saved when signing in.
This new setting is about managing sites that you have previously excluded from having a password entry saved. (In the Settings app, go to Apps → Passwords and then tap “Show Excluded Websites”.)
What I was hoping this was about is a feature Passwords doesn’t have, but that I want. There are many sites — and the trend seems to be accelerating — that do not use passwords (or passkeys) for signing in. Instead, they only support signing in via expiring “magic links” sent by email (or, sometimes, via text messages). To sign in with such a site, you enter your email address, hit a button, and the site emails you a fresh link that you need to follow to sign in.1 I despise this design pattern, because it’s inherently slower than signing in using an email/password combination that was saved to my passwords app and autofilled by my web browser. My password manager is Apple Passwords and my browser is Safari, but this true for any good password manager and web browser. It’s not just a little slower but a lot slower to sign in with a “magic link”. It sometimes takes minutes for the email to arrive, and even in the best case, it takes at least 15 seconds or so. Saved-password autofill, on the other hand, happens instantly.2
To make matters worse, when you create a new account using a “magic link”, nothing gets saved to Apple Passwords. I don’t have many email addresses in active use, but I do have several. Sometimes I don’t remember which one I used for my account on a certain site. It doesn’t get autofilled by Apple Passwords because account entries in Apple Passwords require a password. I was hoping the above feature mentioned by Clover was a way to address this — that you could now enable a setting to get Passwords to save just your email address for websites and services that exclusively use “magic links” for signing in. No dice. Apple Passwords team, if you’re reading this, please give this some thought. I can’t be the only person irritated by this.
One workaround I’ve used for a few sites with which I keep running into this situation (Status, I’m looking in your direction) is to manually create an entry in Apple Passwords for the site with the email address I used to subscribe, and a made-up single-character password. Apple Passwords won’t let you save an entry without something in the password field, and a single-character password is a visual clue to my future self why I did this. When I do this, I also put a note to myself in the notes field for the entry. And by using just a single character for the made-up password, I can tell what I did even when the password is displayed using bullets to obscure its actual characters. (Screenshot.) If you feel like I do about “magic links”, the 🖕 emoji is a good “password” for such entries.
Once saved like this, my email address still doesn’t autofill on such sites in Safari, but the list of my saved email addresses in the suggestion list that appears when I click in the Email text field will have a “saved password” label next to the one for which I made this entry in Apple Passwords. This at least solves the problem when I can’t remember which address I used to create my account on a site.
Better would be a way for Passwords to ask if you want to save just your email address for sites with “magic link” sign-ins, and then for Safari to autocomplete that address just like it does for username/password combinations. I can see how this would be a tricky problem for Apple Passwords to solve in a way that makes clear to the user why certain entries do not have passwords, but it’s a problem worth solving.
This design pattern is common with paywalled subscription content sites, like email newsletters, to cut down on password sharing. Let’s say someone pays $10/month for a subscription-based newsletter. If they can sign in using an email/password combination, they might be willing to share their email/password combination for that particularly site with a few friends or colleagues, to give them access to the same paywalled content without paying for their own subscriptions. Same goes for sharing email/password combinations for streaming services like Netflix. Well, you can’t share a password if there is no password to share. If the only way to log in to a subscription-based account is via a magic link that expires within minutes, it’s a lot harder for person A to share their account with person B (let alone with persons C, D, E, and F...). Person B has to tell person A that they’re signing in again, then person A has to wait for the email to arrive, and then person B needs to wait for person A to copy and paste the “magic” link, and hope it arrives before it expires. This pattern adds a significant convenience cost to account sharing — but it also makes signing in more annoying for honest users who aren’t sharing their account. ↩︎
Proponents of “magic links” argue that they’re beneficial for technically befuddled users who don’t use a password manager. That’s a good argument for offering “magic links” as an option, but it’s not a good argument for making them the exclusive way to sign in to a site or service. Good password managers are built into modern OSes and web browsers. Those of us who use them should not be punished with a significantly worse experience just because some users do not. When “magic links” are offered as an alternative to a saved password or passkey, there’s a path for all users. When “magic links” are the exclusive method for signing in, all users get the slowest experience.
(And yes, Passport, the subscription system behind Dithering and the rest of Ben Thompson’s Stratechery media empire, exclusively uses “magic links” for sign-in. I don’t like it, but, in Passports’s defense, once you’re signed in, Passport keeps you signed in for a very long time. Other CMSes tend to expire sign-ins far too quickly, which makes for a particularly frustrating experience with “magic links” because you need to keep using them every few weeks.) ↩︎︎
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss history repeating itself and Meta's relationship with links.
In the piece I did not focus on Tunick’s activism because frankly we don’t know yet how big a role it played in CBP stopping him. I mentioned it but didn’t focus on it. I think regardless, someone being charged for allegedly wiping a phone is interesting essentially no matter who they are.
Yes, it absolutely may turn out that he was stopped specifically because of his activism. Maybe lots of people think it’s very likely that’s the reason. But I can’t frame a story because it feels like that’s maybe the case. I have to go on what actual evidence I have at the moment.
While reporting out the story and speaking to various people before publishing, I did speak to some activists from the area. They said stuff like they believed the phone was running a certain operating system, etc. But it was third-, at absolute best, second-hand information. I couldn’t use it at all.
After publication I did get a statement and some answers to questions I asked the group that started a fundraising drive for Tunick, and who do know him.
I’ll definitely be keeping an eye on the case and looking to cover it as it develops. The statement I got wasn’t really enough for a follow-up article just by itself, so I thought I’d put it here for those interested in the case. These are my questions I sent to the ‘Free Sam Committee’ and their answers:
- Was this arrest a surprise to Samuel and his family?
Sam was arrested on his way home from work in relation to an interaction from almost a year ago. While Sam has been harassed by police in the past, this arrest was a surprise for him and a scare for his loved ones.
- Do you have any more specifics on the reason for the charges?
We don't know any more details on the charges, but the wider political moment gives us a clear picture of reasoning. We see a direct connection between this baseless, unprecedented charge, the targeted attacks against the Stop Cop City movement as a whole, and the Trump administration's attacks on dissent of any kind. The federal government is disrupting lives and destroying families across the country to fabricate a narrative that anyone can be targeted simply for their beliefs.
- What phone was Samuel using? Was it a GrapheneOS phone? I ask because that sort allows wipes
I will leave the question of operating system for his lawyer. What was said in court was that it was a Google pixel, which is known to be compatible with graphene.
Then the group shared this statement:
“Earlier this year, federal agents detained Samuel at the US border, upon his return from an international flight. They attempted to coerce Samuel into providing full access to his phone. Today in court, the prosecution claimed that Samuel provided a password that wiped his phone clean. The state gave no explanation of what evidence, if any, they expected to find on Samuel's phone.
The coercion that Samuel faced toward abdicating his right to privacy at the border is becoming a regular occurrence for lawyers, activists, and immigrants. If Samuel's use of legal and freely available technology did indeed protect his personal information from an overreach of state surveillance, his case becomes a fundamental fight over the right to privacy, free speech, and free association. What is at stake is the future of any technology that preserves the rights of users to own, manage, and protect their personal information.
Despite the ongoing, persistent harrasment [sic] of local activists, the state remains unsuccessful in procuring convictions of Stop Cop City protestors. Samuel's case exposes the desperation, incompetence, and lack of technical expertise of an FBI reduced to a puppet agency for the Trump administration's far-right agenda. It is clear that their goal is to eliminate political dissent through programs of mass surveillance and the proliferation of coercive technologies in collusion with Big Tech. What seems like the prosecution of a single activist is in fact a test case for criminalizing the tools and practices essential for exercising basic democratic freedoms. Samuel was targeted because digital security practices are a threat to the state's unrestrained violations of civil liberties.”
EMANUEL: This week I wrote about a hack that exposed an AI influencer operation that’s funded by Andreessen Horowitz (a16z), one of the biggest venture capital firms in tech. This is my second story about the company that’s operating these AI influencers, Doublespeed, and far from the first story I’ve written about the kind of companies a16z backs. You’d think I’d get some kind of comment from a16z by pointing out a major hack that exposed clients and showed how a16z is funding an operation that clearly violates the policies of every social media platform, including Meta, where Marc Andreessen is a board member, but no.
A16z has not commented on any of the stories I wrote at 404 Media, including those about Civitai, an a16z-backed company that AI-generated CSAM, or stories that we’ve written about the firm at Vice.
I couldn’t tell you why that is because we’ve never talked to anyone at a16z. Maybe they don’t think the stories are newsworthy and worth commenting on. Maybe they think we are too small of a publication to bother responding to. Maybe it’s a public relations tactic to minimize the story or make it harder for us to report on it. All I know is that Andreessen himself is famously hostile to critics of his companies, technology broadly, and AI specifically. My only interaction with him is that he blocked me on Twitter.
It’s not unusual for companies or government agencies to stonewall us. There was a period of time when every email to X’s press email auto-responded with a poop emoji. Many government agencies under the current administration don’t respond at all or respond with canned replies blaming Democrats, regardless of the question. Sometimes, with enough pressure from our reporting, the organizations we report on eventually have no choice but to tear down those walls. The pressure from us, the public, and sometimes the government, build to a point that they would rather have their perspective in the story than not. This was definitely the case with my reporting and Civitai itself, which eventually opened up about what it is and isn’t doing in terms of content moderation.
Sometimes those walls stay up forever, and I can easily imagine that being the case with a16z, which has enough money and power to probably ignore a small publication like us. I can imagine how that could demoralize some journalists. It can start to feel like you’re not making a difference, but it’s not going to stop me.
What Doublespeed is doing is completely bonkers and people deserve to know how it's messing up the internet regardless of what a16z says, or doesn’t. The story also may not matter to a16z, but TikTok is taking action on those AI-influencers because of our reporting. We’re going to keep reporting on a16z as long as it’s in the public interest, and we’re going to reach out to them for comment every single time because that’s the correct thing to do, even if they never respond.
SAM: I can feel my two remaining braincells rubbing together furiously in an attempt to stay on top of anything at all this week. I’ve had a migraine almost constantly (and at times honestly terrifyingly) for the last two weeks and I just had a cinnamon roll for breakfast.
Because screens have been somewhat difficult, I’ve been trying to read physical books more in my downtime. I mostly read on my Kindle because we’re out of space for real paper books in this apartment (and one of the cats, Garp — pictured below — loves to eat the corners of books), but I look at big screen then small screen all day, and looking at medium screen, even if it’s e-ink, becomes annoying eventually. Which means I’ve been getting around to a stack of books I’ve been meaning to read. This week that book is The Secret Museum: Pornography in Modern Culture by Walter Kendrick (Thriftbooks link). The book covers the history of porn, with a focus on the ways it’s been censored or pushed to the margins over the centuries, from Pompeii to Comstock’s tirade and the “feminist sex wars.” Kendrick finished writing the original version in 1985, just before the Meese Report was released.
He ends the first edition:
“The most dismaying aspect of the feminist antipornography campaign is its exact resemblance to every such effort that preceded it, from Lord Campbell's and Justice Cockburn's, through that of Comstock and all the Societies for the Suppression of Vice, to the modern vigilantism of Leagues and Legions of Decency. Whatever its guise, the pornographic urge remains unchanged-immune to argument, invincibly self-righteous, engorged with indignant passion. If the twisted history of 'pornography' shows nothing else, it shows that forgetfulness of history is the chief weapon in the armory of those who would forbid us to see and know. ‘Pornography’ is not eternal, nor are its dangers self-evident; to remember that is to win strength against fear. I have written this book in the hope of reminding us that we have fought ignorant battles, and that we ought not to be so stupid as to believe that we must fight them again.”
Sometimes I feel like a broken record blogging about every new piece of invasive anti-porn legislation, every new state that introduces or enacts age verification laws, every indictment or sentencing of a sex trafficking criminal, every platform that overreaches its TOS or mass-bans people making adult content... I often wonder if people start getting tired of reading it, or just stop paying attention. I know people who cover reproductive and abortion rights, and even immigration and civil rights journalists, often feel the same. Do people give a shit anymore? It starts to get hard to tell. But then I read something like Secret Museum and remember a big part of journalism, and maybe the biggest part, is recording history. We’re keeping track because if journalists don’t, who will? And in the future, when all of this continues to repeat itself, we’ll be able to learn from the past (or see the ways we’re not learning). Kendrick's reasons for writing his book are also my reasons for writing mine.
I’ll be thinking about that a lot as I look back on the last year, and going into a new one. Here's Garp:
Garp taking a break from eating books
JASON: I wanted to just check in quickly on what is happening at Meta’s discombobulation station over in Menlo Park, where Mark Zuckerberg is burning cash on Manhattan-sized fossil fuel powered AI data centers, CTO Andrew Bosworth is running around in circles screaming “VR IS NOT DEAD” as the company lays off a lot of the team previously in charge of burning cash, and the formerly-a-social-media-company-for-humans platform decides that it might want to charge people between $15 and $499.99 per month to post more than two links per month.
After the brief period where Meta’s perpetual cash burning machine was focused on paying media companies to explode watermelons on Facebook Live, Meta, like Elon Musk at Twitter, has decided that hyperlinks—a core functionality of the web that are beloved by all—are bad actually and must be disincentivized to the maximum extent possible. In a test being rolled out to a few people around the world, Meta says that “certain Facebook profiles without Meta Verified, including yours, will be limited to sharing links in 2 organic posts per month. Subscribe to Meta Verified to share more links on Facebook.” This was shared in a message called “an update to sharing links in posts on Facebook,” which is extremely funny. Also funny: the words “organic posts.” Facebook is of course not considering limiting this if you buy an ad with them, because of course. I’d encourage you to check out what the “Meta Verified” program actually entails because it is quite dark. The main thing it offers is “Impersonation protection” and the ability to email Meta customer support (you only unlock the ability to call a human being if you are paying $150 per month). As a verified member, you also get the ability to “add images to your links” and “exclusive stickers.” For $50 per month, you get the power to put links in your video reels a total of two times per month. For an extra hundred dollars you get a whopping four reel links per month.
As TechCrunch pointed out, Meta now says that 98 percent of views on Facebook come to content that doesn’t have any sort of link in it, and that the views to content that does have a link overwhelmingly came when a person was already following a page. This means, as we knew already, that it is only very rarely showing link posts in its broader discover algorithm, highly limiting the virality of posts that push people off the platform.
It has been obvious for a very long time that Meta has been punishing links in the algorithm, which has led to the incredibly annoying Elon Musk-era Twitter thing where anyone who wants to share a link does so at the bottom of a zillion post thread, or in the comment to an image, or elsewhere where people are less likely to find it and thus the algorithm is less likely to punish it. Scrolling through Threads this morning, a thing I can only bring myself to do under duress, it’s obvious that the platform has basically just duplicated Instagram. Most of the viral posts there are image carousels or longer threads. There are very few links and the links that I do see are from pages that I already follow and engage with heavily (for example, I am seeing the 404 Media posts with links in them because I am boosting those pretty regularly). Government transparency activist Alex Howard also pointed out that he was getting warned by the company to not post links in a post caption because “links in your caption can be distracting and reduce your reach.”
“Tell me more about how Meta is embracing links, when their advice to creators using their service is keep them out of the caption? This is antithetical to how academics, journalists, librarians, and scientists show their work online, where footnotes are links and vice versa,” Howard wrote. “Hyperlinks are the dendrites of the internet. Mark Zuckerberg should incent their use, not penalize people who link out.”
I would also encourage you at some point to watch Instagram head Adam Mosseri’s reels at some point because they are almost all videos of him explaining how you can expand your reach on the platform by behaving like a giant asshole, use Meta’s new annoying features, don’t do things like use a hyperlink, etc. It is essentially a compendium of ways Meta artificially fucks with the algorithm to incentivize its new features and punish ones that take you away from the platform, which is cool.
This is all something of a losing battle at this point because Meta has become aggressively anti-user in almost everything it does, and long ago turned its back on the media companies that endlessly posted free content to its platforms to turn it into the behemoth that it is. But I still think it’s worth pointing out how incredibly stupid this is; a tax to access basic functionality of a platform and an extremely aggressive stance toward the magical portals that take you away from their platforms to other websites where Meta doesn’t have as much ability to track your behavior or show you ads, which is of course the entire point behind all of this. It is pretty wild to see how mask off the company has become. Thanks I hate it, very very much.
"You’d think I’d get some kind of comment from a16z by pointing out a major hack that exposed clients and showed how a16z is funding an operation that clearly violates the policies of every social media platform, including Meta, where Marc Andreessen is a board member, but no."
Would you think, though? Of course not. Marc hates being called out for his hypocrisy.
It was also exhausting. The weight of these stories – human trafficking networks, sanctions evasion, the machinery of impunity – doesn't get lighter with time. But neither does the conviction that this work matters.
So as we close out the year, we wanted to do something a little different: a Weekender that's also a year in review. Not a dry retrospective, but a look at what we learned, what we're still chasing, and what kept us sane along the way.
Thank you for being here. For reading, for sharing, for the tips that led to stories we couldn't have found otherwise. The community of Whale Hunters that's grown around this newsletter is the reason we can keep doing this work.
Thank you for reading. Thank you for subscribing. Thank you for caring about our journalism when it would be so much easier not to.
Look out for a soecial two-part magazine piece in Whale Hunting next week, a preview of our new long form publication called The Foundry (debuting next year).
— Bradley and Tom
📰
Get the full story—free with your email.
This story is open to all and our work is available for free to anyone who signs up with their e-mail. But investigations like this aren't cheap. If you believe accountability journalism matters, consider upgrading to a paid subscription – or sending a one-time boost. Every contribution directly funds more reporting like this.
Before we get to the recommendations, a quick look back at the investigations that defined our year.
The $1.5 Billion Network
What started as a tip about a South African financier named Benjamin Mauerberger became our biggest investigation yet. The trail led from New York to Bangkok, from shell companies in Singapore to real estate in London, ultimately exposing a network that targets Americans with fake crypto and romance scams.
These "pig butchering" scams, run by workers held against their will in Cambodia, are generating billions of dollars in profit. Mauerberger was able to bribe Thailand's entire governing class, from Prime Ministers to bureaucrats and police. In December, Thai authorities announced a $300 million asset seizure connected to our reporting – a rare moment of accountability in a story that's far from over.
Following the Money
We traced KuCoin's sanctions evasion infrastructure (and received legal threats for our trouble). We documented Iran's shadow fleet of oil tankers. We mapped the networks that let sanctioned regimes move billions while the rest of us follow the rules.
Offshore wind farms boost aquatic ecosystems, new research suggested.
The study found that the rough concrete surfaces of wind turbine foundations allow sessile organisms — immobile living things like barnacles, sea sponges, and algae — to thrive, and form the basis of a complex food chain.
Areas with wind farms had more species of fish, and twice the biomass of comparable regions. Artificial reefs, created by scuttling ships, sinking oil rigs, or dropping rubble into the sea, have long been known to improve aquatic life, so perhaps these findings are unsurprising. But researchers have previously expressed concern over damage to sea beds caused by turbine construction, and leaching of toxic materials from corroding metals.
This makes sense. Fishermen have long used "FADs" (Fish Attracting Devices) which are basically just a flowing thing left in the water to encourage a marine ecosystem to develop around it (which attracts fish that the fishermen can catch later). These perform the same function coincidentally. Win-win!
Log in
