2025-11-27 22:00:21
Something very strange is happening to the Apple Podcasts app. Over the last several months, I’ve found both the iOS and Mac versions of the Podcasts app will open religion, spirituality, and education podcasts with no apparent rhyme or reason. Sometimes, I unlock my machine and the podcast app has launched itself and presented one of the bizarre podcasts to me. On top of that, at least one of the podcast pages in the app includes a link to a potentially malicious website. Here are the titles of some of the very odd podcasts I’ve had thrust upon me recently (I’ve trimmed some and defanged some links so you don’t accidentally click one):
“5../XEWE2'""""onclic…”
“free will, free willhttp://www[.]sermonaudio[.]com/rss_search.asp?keyword=free%will on SermonAudio”
“Leonel Pimentahttps://play[.]google[.]com/store/apps/detai…”
“https://open[.]spotify[.]com/playlist/53TA8e97shGyQ6iMk6TDjc?...”
There was another with a title in Arabic that loosely translates to “Words of Life” and includes someone’s Gmail address. Sometimes the podcasts do have actual audio (one was a religious sermon); others are completely silent. The podcasts are often years old, but for some reason are being shown to me now.
I’ll be honest: I don’t really know what exactly is going on here. And neither did an expert I spoke to. But it’s clear someone, somewhere, is trying to mess with Apple Podcasts and its users.
“The most concerning behavior is that the app can be launched automatically with a podcast of an attacker’s choosing,” Patrick Wardle, a macOS security expert and the creator of Mac-focused cybersecurity organization Objective-See, said. “I have replicated similar behavior, albeit via a website: simply visiting a website is enough to trigger Podcasts to open (and a load a podcast of the attacker’s choosing), and unlike other external app launches on macOS (e.g. Zoom), no prompt or user approval is required.”
To caveat straight away: this isn’t that alarming. This is not the biggest hack or issue in the world. But it’s still very weird behavior and Apple has not responded to any of my requests for comment for months. “Of course, very much worth stressing, on its own this is not an attack,” Wardle continued. “But it does create a very effective delivery mechanism if (and yes, big if) a vulnerability exists in the Podcasts app.
That said, someone has tried to deliver something a bit more malicious through the Podcasts app. It’s the first podcast I mentioned, with the title “5../XEWE2'""""onclic…”. Maybe some readers have already picked up on this, but the podcast is trying to direct listeners to a site that attempts to perform a cross-site scripting, or XSS, attack. XSS is basically when a hacker injects their own malicious code into a website that otherwise looks legit. It’s definitely a low-hanging fruit kind of attack, at least today. I remember it being way, way more common 10 years ago, and it was ultimately what led to the infamous MySpace worm.
The weird link is included in the “Show Website” section of the podcast’s page. Visiting that redirects to another site, “test[.]ddv[.]in[.]ua.” A pop-up then says “XSS. Domain: test[.]ddv[.]in[.]ua.”
I’m seemingly not the only one who has seen this. A review left in the Podcasts app just a few weeks ago says “Scam. How does Apple allow this attempted XSS attack?” The person gave the podcast one star. That podcast itself dates from around 2019.
“Whether any of those attempts have worked remains unclear, but the level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target,” Wardle said.
Overall, the whole thing gives a similar vibe to Google Calendar spam, where someone will sneakily add an event to your calendar and include whatever info or link they’re trying to spread around. I remember that being a pretty big issue a few years ago.
Apple did not acknowledge or respond to five emails requesting comment. The company did respond to other emails for different articles I was working on across that time.
2025-11-27 01:50:20
An astronomer has reported a possible new signature of dark matter, a mysterious substance that makes up most of the universe, according to a study published on Tuesday in the Journal of Cosmology and Astroparticle Physics.
Dark matter accounts for 85 percent of all matter in the universe, but its existence has so far been inferred only from its indirect effects on the familiar “baryonic” matter that makes up stars, planets, and life.
Tomonori Totani, a professor of astronomy at the University of Tokyo and the author of the study, believes he has spotted novel indirect traces of dark matter particles in the “halo” surrounding the center of our galaxy using new observations from NASA’s Fermi Gamma-ray Space Telescope. When these speculative particles collide—a process called dark matter annihilation—the crash is predicted to emit bright gamma rays, which is the light that Totani thinks he has identified.
“The discovery was made possible by focusing on the halo region (excluding the galactic center), which had received little attention, and by utilizing data accumulated over 15 years from the Fermi satellite,” Totani told 404 Media in an email. “After carefully removing all components other than dark matter, a signal resembling dark matter appeared.”
“It was like playing the lottery, and at first I was skeptical,” he added. “But after checking meticulously and thinking it seemed correct, I got goosebumps!”
If the detection is corroborated by follow-up studies, it could confirm a leading hypothesis that dark matter is made of a hypothetical class of weakly interacting massive particles, or “WIMPs”—potentially exposing the identity of this mysterious substance for the first time. But that potential breakthrough is still a ways off, according to other researchers in the field.
“Any new structure in the gamma-ray sky is interesting, but the dark matter interpretation here strikes me as quite preliminary,” said Danielle Norcini, an experimental particle physicist and
assistant professor at Johns Hopkins University, in an email to 404 Media.
Dark matter has flummoxed scientists for almost a century. In the 1930s, astronomer Fritz Zwicky observed that the motions of galaxies hinted that they are much more massive than expected based solely on visible baryonic matter. Since then, astronomers have confirmed that dark matter, which accumulates into dense halos at the centers of galaxies, acts like a gravitational glue that holds structures together. Dark matter is also the basis of a vast cosmic web of gaseous threads that links galaxy clusters across billions of light years.
But while dark matter is ubiquitous, it does not interact with the electromagnetic force, which means it does not absorb, reflect, or emit light. This property makes it difficult to spot with traditional astronomy, a challenge that has inspired the development of novel instruments designed to directly detect dark matter such as the subterranean LUX-ZEPLIN in South Dakota and the forthcoming DAMIC-M in France.
For years, scientists have been probing possible emission from dark matter annihilation at the center of the Milky Way, which is surrounded by a halo of densely-clustered dark matter. Those previous studies focus on an excess emission pattern of about 2 gigaelectronvolts (GeV). Tontani’s study spotlights a new and different pattern with extremely energetic gamma rays at 20 GeV.
“A part of the Fermi data showed a peculiar excess that our model couldn't explain, leading me to suspect it might be due to radiation originating from dark matter,” he said. “The most difficult part is removing gamma-ray emissions of origins other than dark matter, such as those from cosmic rays and celestial objects.”
This tentative report may finally fill in a major missing piece of our understanding of the universe by exposing the true nature of dark matter and confirming the existence of WIMPs. But given that similar claims have been made in the past, more research is needed to assess the significance of the results.
“For any potential indirect signal, the key next steps are independent checks: analyses using different background models, different assumptions about the Milky Way halo, and ideally complementary data sets,” Norcini said.
“Gamma-ray structures in the halo can have many astrophysical origins, so ruling those out requires careful modeling and cross-comparison,” she continued. “At this point the result seems too new for that scrutiny to have played out, and it will take multiple groups looking at the same data before a dark matter interpretation could be considered robust.”
Though Totani is confident in his interpretation of his discovery, he also looks forward to the input of other dark matter researchers around the world.
“First, I would like other researchers to independently verify my analysis,” he said. “Next, for everyone to be convinced that this is truly dark matter, the decisive factor will be the detection of gamma rays with the same spectrum from other regions, such as dwarf galaxies. The accumulation of further data from the Fermi satellite and large ground-based gamma-ray telescopes, such as the Cherenkov Telescope Array Observatory (CTAO) will be crucial.”
2025-11-26 23:47:11
It’s hard to believe it’s only been a few years since generative AI tools started flooding the internet with low quality content-slop. Just over a year ago, you’d have to peruse certain corners of Facebook or spend time wading through the cultural cesspool of Elon Musk’s X to find people posting bizarre and repulsive synthetic media. Now, AI slop feels inescapable — whether you’re watching TV, reading the news, or trying to find a new apartment.
That is, unless you’re using Slop Evader, a new browser tool that filters your web searches to only include results from before November 30, 2022 — the day that ChatGPT was released to the public.
The tool is available for Firefox and Chrome, and has one simple function: Showing you the web as it was before the deluge of AI-generated garbage. It uses Google search functions to index popular websites and filter results based on publication date, a scorched earth approach that virtually guarantees your searches will be slop-free.
Slop Evader was created by artist and researcher Tega Brain, who says she was motivated by the growing dismay over the tech industry’s unrelenting, aggressive rollout of so-called “generative AI”—despite widespread criticism and the wider public’s distaste for it.
Slop Evader in action. Via Tega Brain
“This sowing of mistrust in our relationship with media is a huge thing, a huge effect of this synthetic media moment we’re in,” Brain told 404 Media, describing how tools like Sora 2 have short-circuited our ability to determine reality within a sea of artificial online junk. “I’ve been thinking about ways to refuse it, and the simplest, dumbest way to do that is to only search before 2022.”
One under-discussed impact of AI slop and synthetic media, says Brain, is how it increases our “cognitive load” when viewing anything online. When we can no longer immediately assume any of the media we encounter was made by a human, the act of using social media or browsing the web is transformed into a never-ending procession of existential double-takes.
This cognitive dissonance extends to everyday tasks that require us to use the internet—which is practically everything nowadays. Looking for a house or apartment? Companies are using genAI tools to generate pictures of houses and rental properties, as well as the ads themselves. Trying to sell your old junk on Facebook Marketplace? Meta’s embrace of generative AI means you may have to compete with bots, fake photos, and AI-generated listings. And when we shop for beauty products or view ads, synthetic media tools are taking our filtered and impossibly-idealized beauty standards to absurd and disturbing new places.
In all of these cases, generative AI tools further thumb the scales of power—saving companies money while placing a higher cognitive burden on regular people to determine what’s real and what’s not.
“I open up Pinterest and suddenly notice that half of my feed are these incredibly idealized faces of women that are clearly not real people,” said Brain. “It’s shoved into your face and into your feed, whether you searched for it or not.”
Currently, Slop Evader can be used to search pre-GPT archives of seven different sites where slop has become commonplace, including YouTube, Reddit, Stack Exchange, and the parenting site MumsNet. The obvious downside to this, from a user perspective, is that you won’t be able to find anything time-sensitive or current—including this very website, which did not exist in 2022. The experience is simultaneously refreshing and harrowing, allowing you to browse freely without having to constantly question reality, but always knowing that this freedom will be forever locked in time—nostalgia for a human-centric world wide web that no longer exists.
Of course, the tool’s limitations are part of its provocation. Brain says she has plans to add support for more sites, and release a new version that uses DuckDuckGo’s search indexing instead of Google’s. But the real goal, she says, is prompting people to question how they can collectively refuse the dystopian, inhuman version of the internet that Silicon Valley’s AI-pushers have forced on us.
“I don’t think browser add-ons are gonna save us,” said Brain. “For me, the purpose of doing this work is mostly to act as a provocation and give people examples of how you can refuse this stuff, to furnish one’s imaginary for what a politics of refusal could look like.”
With enough cultural pushback, Brain suggests, we could start to see alternative search engines like DuckDuckGo adding options to filter out search results suspected of having synthetic content (DuckDuckGo added the ability to filter out AI images in search earlier this year). There’s also been a growing movement pushing back against the new AI data centers threatening to pollute communities and raise residents’ electricity bills. But no matter what form AI slop-refusal takes, it will need to be a group effort.
“It’s like with the climate debate, we’re not going to get out of this shitshow with individual actions alone,” she added. “I think that’s the million dollar question, is what is the relationship between this kind of individual empowerment work and collective pushback.”
2025-11-26 22:00:25
We start this week with Sam's piece about a massive leak of an AI chatbot, and how it showed that people were taking ordinary women’s yearbook photos and using them to make AI porn. After the break, Jason explains how a recent change on X exposed a bunch of grifters all around the world. In the subscribers-only section, we talk about how our reporting contributed to the shut down of a warrantless surveillance program.
Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
1:23 - Intro - Please, please do our reader survey
3:57 - Story 1 - Massive Leak Shows Erotic Chatbot Users Turned Women’s Yearbook Pictures Into AI Porn
30:05 - Story 2 - America’s Polarization Has Become the World's Side Hustle
49:39 - Story 3 - Airlines Will Shut Down Program That Sold Your Flights Records to Government
2025-11-26 06:24:25
A new website is holding Arc Raiders players accountable when they betray their fellow players. Speranza Watchlist—named for the game’s social hub—bills itself as “your friendly Raider shaming board,” a place where people can report other people for what they see as anti-social behavior in the game.
In Arc Raiders, players land on a map full of NPC robots and around 20 other humans. The goal is to fill your inventory with loot and escape the map unharmed. The robots are deadly, but they’re easy to deal with once you know what you’re doing. The real challenge is navigating other players and that challenge is the reason Arc Raiders is a mega-hit. People are far more dangerous and unpredictable than any NPC.
Arc Raiders comes with a proximity chat system so it’s easy to communicate with anyone you might run into in the field. Some people are nice and will help their fellow raider take down large robots and split loot. But just as often, fellow players will shoot you in the head and take all your stuff.
In the days after the game launched, many people opened any encounter with another human by coming on the mic, saying they were friendly, and asking not to shoot. Things are more chaotic now. Everyone has been shot at and hurt people hurt people. But some hurts feel worse than others.
Speranza Watchlist is a place to collect reports of anti-social behavior in Arc Raiders. It’s creation of a web developer who goes by DougJudy online. 404 Media reached out to him and he agreed to talk provided we grant him anonymity. He said he intended the site as a joke and some people haven’t taken it well and have accused him of doxxing.
I asked DougJudy who hurt him so badly in Arc Raiders that he felt the need to catalog the sins of the community. “There wasn’t a specific incident, but I keep seeing a lot (A LOT) of clips of people complaining when other players play dirty’ (like camping extracts, betraying teammates, etc.)”
He thought this was stupid. For him, betrayal is the juice of Arc Raiders. “Sure, people can be ‘bad’ in the game, but the game intentionally includes that social layer,” he said. “It’s like complaining that your friend lied to you in a game of Werewolf. It just doesn’t make sense.”
That doesn’t mean the betrayals didn’t hurt. “I have to admit that sometimes I also felt the urge to vent somewhere when someone betrayed me, when I got killed by someone I thought was an ally,” DougJudy said. “At first, I would just say something like, ‘I’ll find you again, the only thing that doesn’t cross paths are mountains,’ and I’d note their username. But then I got the idea to make a sort of leaderboard of the least trustworthy players…and that eventually turned into this website.
As the weeks go on and more players join the Arc Raiders, its community is developing its own mores around acceptable behavior. PVP combat is a given but there are actions some Raiders engage in that, while technically allowed, feel like bad sportsmanship. Speranza Watchlist wants to list the bad sports.
Take extract camping. In order to end the map and “score” the loot a player has collected during the match, they have to leave the map via a number of static exits. Some players will place explosive traps on these exits and wait for another player to leave. When the traps go off, the camper pops up from their hiding spot and takes shots at their vulnerable fellow raider. When it works, it’s an easy kill and fresh loot from a person who was just trying to leave.
Betrayal is another sore spot in the community. Sometimes you meet a nice Raider out in the wasteland and team up to take down robots and loot an area only to have them shoot you in the back. There are a lot of videos of this online and many players complaining about it on Reddit.
Enter Speranza Watchlist. “You’ve been wronged,” an explanation on the site says. “When someone plays dirty topside—betraying trust, camping your path, or pulling a Rust-Belt rate move—you don’t have to let it slide.”
When someone starts up Arc Raiders for the first time, they have to create a unique “Embark ID” that’s tied to their account. When you interact with another player in the game, no matter how small the moment, you can see their Embark ID and easily copy it to your clipboard if you’re playing on PC.
Players can plug Embark IDs into Speranza Watchlist and see if the person has been reported for extract camping or betrayal before. They can also submit their own reports. DougJudy said that, as of this writing, around 200 players had submitted reports.
Right now, the site is down for maintenance. “I’m trying to rework the website to make the fun/ satire part more obvious,” DougJudy said. He also plans to add rate limits so one person can’t mass submit reports.
He doesn’t see the Speranza Watchlist as doxxing. No one's real identity is being listed. It’s just a collection of observed behaviors. It’s a social credit score for Arc Raiders. “I get why some people don’t like the idea, ‘reporting’ a player who didn’t ask for it isn’t really cool,” DougJudy said. “And yeah, some people could maybe use it to harass others. I’ll try my best to make sure the site doesn’t become like that, and that people understand it’s not serious at all. But if most people still don’t like it, then I’ll just drop the idea.”
2025-11-26 02:04:00
The FOIA Forum is a livestreamed event for paying subscribers where we talk about how to file public records requests and answer questions. If you're not already signed up, please consider doing so here.
Recently we had a FOIA Forum where we focused on our reporting about Flock. This includes how to file public records requests for audit logs, footage, and other ideas for FOIAing surveillance companies.
We showed subscribers how we got the records behind that story, the specific request language was used, tips for turning records into articles, and much more.
Check out all of our FOIA Forum archives here. And the video is below.
