2025-12-13 01:06:05
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss conversational AI, a behind the scenes of the zine, and more.
EMANUEL: I made the terrible mistake of looking at some Hacker News comments this week for my story about a developer whose Google accounts were banned after he uploaded training data to Google Drive. Unbeknownst to him, the training data contained CSAM.
As we’ve explained in previous stories, CSAM is a subject we dread covering not only because it’s one of the most awful things one could think about, but because it’s extremely difficult and legally risky. For understandable reasons, the laws around viewing, let alone possessing CSAM, are strict and punishing, which makes verification for reporting reasons challenging. For similar reasons, it’s something we need to write about very carefully, making sure we don’t wrongfully associate or whitewash someone when it comes to such horrible behavior.
2025-12-12 02:10:47
The degenerate gamblers of Polymarket and Kalshi who bet that “AI” would win the Time Person of the Year are upset because the magazine has named the “Architects of AI” the person of the year. The people who make AI tools and AI infrastructure are, notably, not “AI” themselves, and thus both Kalshi and Polymarket have decided that people who bet “AI” do not win the bet. On Polymarket alone, people spent more than $6 million betting on AI gracing the cover of Time.
As writer Parker Molloy pointed out, people who bet on AI are pissed. “ITS THE ARCHITECTS OF AI THISNIS [sic] LITERALLY THE BET FUCK KALSHI,” one Kalshi better said.
2025-12-12 00:48:39
The first thing I saw this morning when I opened X was an AI-generated trailer for Avengers: Doomsday. Robert Downey Jr’s Doctor Doom stood in a shapeless void alongside Captain America and Reed Richards. It was obvious slop but it was also close in tone and feel of the last five years of Disney’s Marvel movies. As media empires consolidate, nostalgia intensifies, and AI tools spread, Disney’s blockbusters feel more like an excuse to slam recognizable characters together in a contextless morass.
2025-12-11 23:56:21
Dozens of government and university websites belonging to cities, towns, and public agencies across the country are hosting PDFs promoting AI porn apps, porn sites, and cryptocurrency scams; dozens more have been hit with a website redirection attacks which lead to animal vagina sex toy ecommerce pages, penis enlargement treatments, automatically-downloading Windows program files, and porn.
“Sex xxx video sexy Xvideo bf porn XXX xnxx Sex XXX porn XXX blue film Sex Video xxx sex videos Porn Hub XVideos XXX sexy bf videos blue film Videos Oficial on Instagram New Viral Video The latest original video has taken the internet by storm and left viewers in on various social media platforms ex Videos Hot Sex Video Hot Porn viral video,” reads the beginning of a three-page PDF uploaded to the website of the Irvington, New Jersey city government’s website.
The PDF, called “XnXX Video teachers fucking students Video porn Videos free XXX Hamster XnXX com” is unlike many of the other PDFs hosted on the city’s website, which include things like “2025-10-14 Council Minutes,” “Proposed Agenda 9-22-25,” and “Landlord Registration Form (1 & 2 unit dwelling).”
It is similar, however, to another PDF called “30 Best question here’s,” which looks like this:
Irvington, which is just west of Newark and has a population of 61,000 people, has fallen victim to an SEO spam attack that has afflicted local and state governments and universities around the United States.
Researcher Brian Penny has identified dozens of government and university websites that hosted PDF guides for how to make AI porn, PDFs linking to porn videos, bizarre crypto spam, sex toys, and more.
Reginfo.gov, a regulatory affairs compliance website under the federal government’s General Services Administration, is currently hosting a 12 page PDF called “Nudify AI Free, No Sign-Up Needed!,” which is an ad and link to an abusive AI app designed to remove a person’s clothes. The Kansas Attorney General’s office and the Mojave Desert Air Quality Management District Office in California hosted PDFs called “DeepNude AI Best Deepnude AI APP 2025.” Penny found similar PDFs on the websites for the Washington Department of Fish and Wildlife, the Washington Fire Commissioners Association, the Florida Department of Agriculture, the cities of Jackson, Mississippi and Massillon, Ohio, various universities throughout the country, and dozens of others. Penny has caught the attention of local news throughout the United States, who have reported on the problem.
The issue appears to be stemming from websites that allow people to upload their own PDFs, which then sit on these government websites. Because they are loaded with keywords for widely searched terms and exist on government and university sites with high search authority, Google and other search engines begin to surface them. In the last week or so, many (but not all) of the PDFs Penny has discovered have been deleted by local governments and universities.
But cities seem like they are having more trouble cleaning up another attack, which is redirecting traffic from government URLs to porn, e-commerce, and spam sites. In an attack that seems similar to what we reported in June, various government websites are somehow being used to maliciously send traffic elsewhere. For example, the New York State Museum’s online exhibit for something called “The Family Room” now has at least 11 links to different types of “realistic” animal vagina pocket masturbators, which include “Zebra Animal Vagina Pussy Male Masturbation Cup — Pocket Realistic Silicone Penis Sex Toy ($27.99),” and “Must-have Horse Pussy Torso Buttocks Male Masturbator — Fantasy Realistic Animal Pussie Sex Doll.”
Links Penny found on Knoxville, Tennessee’s site for permitting inspections first go to a page that looks like a government site for hosting files then redirects to a page selling penis growth supplements that features erect penises (human penises, mercifully), blowjobs, men masturbating, and Dr. Oz’s face.
Another Knoxville link I found, which purports to be a pirated version of the 2002 Vin Diesel film XXX simply downloaded a .exe file to my computer.
Penny believes that what he has found is basically the tip of the iceberg, because he is largely finding these by typing things like “nudify site:.gov” “xxx site:.gov” into Google and clicking around. Sometimes, malicious pages surface only on image searches or video searches: “Basically the craziest things you can think of will show up as long as you’re on image search,” Penny told 404 Media. “I’ll be doing this all week.”
The Nevada Department of Transportation told 404 Media that “This incident was not related to NDOT infrastructure or information systems, and the material was not hosted on NDOT servers.This unfortunate incident was a result of malicious use of a legitimate form created using the third-party platform on which NDOT’s website is hosted. NDOT expeditiously worked with our web hosting vendor to ensure the inappropriate content was removed.” It added that the third-party is Granicus, a massive government services company that provides website backend infrastructure for many cities and states around the country, as well as helps them stream and archive city council meetings, among other services. Several of the affected local governments use Granicus, but not all of them do; Granicus did not respond to two requests for comment from 404 Media.
The California Secretary of State’s Office told 404 Media: “A bad actor uploaded non-business documents to the bizfile Online system (a portal for business filings and information). The files were then used in external links allowing public access to only those uploaded files. No data was compromised. SOS staff took immediate action to remove the ability to use the system for non-SOS business purposes and are removing the unauthorized files from the system.” The Washington Department of Fish and Wildlife said “WDFW is aware of this issue and is actively working with our partners at WaTech to address it.” The other government agencies mentioned in this article did not respond to our requests for comment.
2025-12-11 22:17:04
Humans made fires as early as 400,000 years ago, pushing the timeline of this crucial human innovation back a staggering 350,000 years, reports a study published on Wednesday in Nature.
Mastery of fire is one of the most significant milestones in our evolutionary history, enabling early humans to cook nutritious food, seek protection from predators, and establish comfortable spaces for social gatherings. The ability to make fires is completely unique to the Homo genus that includes modern humans (Homo sapiens) and extinct humans, including Neanderthals.
2025-12-10 22:45:55
Google suspended a mobile app developer’s accounts after he uploaded AI training data to his Google Drive. Unbeknownst to him, the widely used dataset, which is cited in a number of academic papers and distributed via an academic file sharing site, contained child sexual abuse material. The developer reported the dataset to a child safety organization, which eventually resulted in the dataset’s removal, but he claims Google’s ban has been "devastating.”
A message from Google said his account “has content that involves a child being sexually abused or exploited. This is a severe violation of Google's policies and might be illegal.”
