2026-02-07 01:54:33
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss AI bubble hysteria, "just go independent," and more.
JOSEPH: This week we reported how the FBI has been unable to get into a Washington Post reporter’s iPhone because it was in Lockdown Mode. Side note, I wonder how the insane cuts at The Post are going to impact its digital or physical protection of journalists, if at all. This court record was very, very interesting in that it’s a quite rare admission of why exactly authorities were unable to access a device.
I don’t think there’s an area of cybersecurity, which we have a lot of reporting on, that is constantly in flux as mobile forensics. Nothing stays still, even for what feels like five minutes. There are constant tech developments, both on the side of Apple and Google, then on companies trying to break into those phones, like Cellebrite and Grayshift, the creator of Graykey.
2026-02-07 00:11:27
The Department of Homeland Security’s Inspector General is investigating potential privacy abuses associated with Immigrations and Customs Enforcement’s surveillance and biometric data programs, according to a letter sent to two senators.
Last week, we reported that Senators Mark Warner and Tim Kaine demanded that DHS inspector general Joseph Cuffari investigate immigration-related surveillance programs across DHS, Customs and Border Protection, and ICE. Thursday, Cuffari said his office had launched an audit called “DHS’ Security of Biometric Data and Personally Identifiable Information.”
“The objective of the audit is to determine how DHS and its components collect or obtain PII and biometric data related to immigration enforcement efforts and the extent to which that data is managed, shared, and secured in accordance with law, regulation, and Departmental policy,” Cuffari’s letter reads. He adds that one of the purposes of the investigation will be to “determine whether they have led to violations of federal law and other regulations that maintain privacy and defend against unlawful searches.”
Kaine and Warner’s initial letter specifically focused on many of the technologies and programs 404 Media has been reporting on, including DHS’s contracts with Palantir, facial recognition company Clearview AI, its side-door access to Flock’s license plate scanning technology, its social media monitoring through a company called Penlink, its phone hacking contract through a company called Paragon, its face-scanning mobile app, as well as its use of various government biometric databases in immigration enforcement.
“DHS’ reported disregard for adhering to the law and its proven ambivalence toward observing and upholding constitutionally-guaranteed freedoms of Americans and noncitizens, including freedom of speech and equal protection under the law, leaves us with little confidence that these new and powerful tools are being used responsibly,” the senators wrote. “Coupled with DHS’ propensity to detain people regardless of their circumstances, it is reasonable to question whether DHS can be trusted with powerful surveillance tools and if in doing so, DHS is subjecting Americans to surveillance under the pretext of immigration enforcement.”
2026-02-06 05:40:42
Update 2/5/26, 5:20 p.m. EST: The DOJ told 404 Media that the unredacted version of the document in question contains an image of a victim’s face overlayed on the face of the Mona Lisa image.
The Department of Justice redacted the face of the Mona Lisa, a 522-year-old painting of an Italian woman who died centuries ago, as part of its release of files related to the late convicted sex offender Jeffery Epstein.
In a PDF of an email with the subject line “simply paris” sent on July 3, 2009, a redacted sender sent Epstein several photos of, presumably, himself and a woman sightseeing in Paris. The photos of the woman are all redacted with a black box over her face, but the man’s face is visible.
2026-02-06 00:47:04
According to a new study from a team of researchers in Europe, vibe coding is killing open-source software (OSS) and it’s happening faster than anyone predicted.
Thanks to vibe coding, a colloquialism for the practice of quickly writing code with the assistance of an LLM, anyone with a small amount of technical knowledge can churn out computer code and deploy software, even if they don't fully review or understand all the code they churn out. But there’s a hidden cost. Vibe coding relies on vast amounts of open-source software, a trove of libraries, databases, and user knowledge that’s been built up over decades.
Open-source projects rely on community support to survive. They’re collaborative projects where the people who use them give back, either in time, money, or knowledge, to help maintain the projects. Humans have to come in and fix bugs and maintain libraries.
Vibe coders, according to these researchers, don’t give back.
The study Vibe Coding Kills Open Source, takes an economic view of the problem and asks the question: is vibe coding economically sustainable? Can OSS survive when so many of its users are takers and not givers? According to the study, no.
“Our main result is that under traditional OSS business models, where maintainers primarily monetize direct user engagement…higher adoption of vibe coding reduces OSS provision and lowers welfare,” the study said. “In the long-run equilibrium, mediated usage erodes the revenue base that sustains OSS, raises the quality threshold for sharing, and reduces the mass of shared packages…the decline can be rapid because the same magnification mechanism that amplifies positive shocks to software demand also amplifies negative shocks to monetizable engagement. In other words, feedback loops that once accelerated growth now accelerate contraction.”
This is already happening. Last month, Tailwind Labs—the company behind an open source CSS framework that helps people build websites—laid off three of its four engineers. Tailwind Labs is extremely popular, more popular than it’s ever been, but revenue has plunged.
Tailwind Labss head Adam Wathan explained why in a post on GitHub. “Traffic to our docs is down about 40% from early 2023 despite Tailwind being more popular than ever,” he said. “The docs are the only way people find out about our commercial products, and without customers we can't afford to maintain the framework. I really want to figure out a way to offer LLM-optimized docs that don't make that situation even worse (again we literally had to lay off 75% of the team yesterday), but I can't prioritize it right now unfortunately, and I'm nervous to offer them without solving that problem first.”
Miklós Koren, a professor of economics at Central European University in Vienna and one of the authors of the vibe coding study, told 404 Media that he and his colleagues had just finished the first draft of the study the day before Wathan posted his frustration. “Our results suggest that Tailwind's case will be the rule, not the exception,” he said.
According to Koren, vibe-coders simply don’t give back to the OSS communities they’re taking from. “The convenience of delegating your work to the AI agent is too strong. There are some superstar projects like Openclaw that generate a lot of community interest but I suspect the majority of vibe coders do not keep OSS developers in their minds,” he said. “I am guilty of this myself. Initially I limited my vibe coding to languages I can read if not write, like TypeScript. But for my personal projects I also vibe code in Go, and I don't even know what its package manager is called, let alone be familiar with its libraries.”
The study said that vibe coding is reducing the cost of software development, but that there are other costs people aren’t considering. “The interaction with human users is collapsing faster than development costs are falling,” Koren told 404 Media. “The key insight is that vibe coding is very easy to adopt. Even for a small increase in capability, a lot of people would switch. And recent coding models are very capable. AI companies have also begun targeting business users and other knowledge workers, which further eats into the potential ‘deep-pocket’ user base of OSS.”
This won’t end well. “Vibe coding is not sustainable without open source,” Koren said. “You cannot just freeze the current state of OSS and live off of that. Projects need to be maintained, bugs fixed, security vulnerabilities patched. If OSS collapses, vibe coding will go down with it. I think we have to speak up and act now to stop that from happening.”
He said that major AI firms like Anthropic and OpenAI can’t continue to free ride on OSS or the whole system will collapse. “We propose a revenue sharing model based on actual usage data,” he said. “The details would have to be worked out, but the technology is there to make such a business model feasible for OSS.”
AI is the ultimate rent seeker, a middle-man that inserts itself between a creator and a user and it often consumes the very thing that’s giving it life. The OSS/vibe-coding dynamic is playing out in other places. In October, Wikipedia said it had seen an explosion in traffic but that most of it was from AI scraping the site. Users who experience Wikipedia through an AI intermediary don’t update the site and don’t donate during its frequent fund-raising drives.
The same thing is happening with OSS. Vibe coding agents don’t read the advertisements in documentation about paid products, they don’t contribute to the knowledge base of the software, and they don’t donate to the people who maintain the software.
“Popular libraries will keep finding sponsors,” Koren said. “Smaller, niche projects are more likely to suffer. But many currently successful projects, like Linux, git, TeX, or grep, started out with one person trying to scratch their own itch. If the maintainers of small projects give up, who will produce the next Linux?”
2026-02-06 00:37:23
In 2015, after reading a book about how the telegraph created a sort of proto-internet that helped make various robber barons rich and powerful, I wrote an article about Elon Musk that, a decade later, feels both very embarrassing and somewhat prophetic. Musk and SpaceX had just announced a plan to launch a constellation of low-earth orbit, internet-providing satellites.
I saw this at the time as a step toward a kind of everything company. SpaceX was working on reusable rockets that would drastically lower the cost of flying things to space, and I imagined at the time that, if successful, being able to fly things to space for a far lower cost than his competitors would give Musk incredible power and wealth. This was in part because of SpaceX’s potential ability to become a telecom company in addition to a space launch company.
“If he can successfully develop the reusable launch vehicles, that gives him a tremendous dominance over the mode of getting to space. Once you can do it relatively cheaply and in high volume, instead of launching five or six times a year, you’re launching [and] putting stuff into orbit once a week. That’s the hard part,” Marco Caceres, a space industry analyst, told me at the time. “All the other stuff is really dessert, in a way. It’s the satellites, the services that’ll make you the real money.” SpaceX said at the time that Starlink would have 4,000 satellites. Today, it has more than 9,000 satellites, and the majority of all satellites in space have been launched by SpaceX and are owned by SpaceX.
2026-02-05 23:36:40
A new tool searches your LinkedIn connections for people who are mentioned in the Epstein files, just in case you don’t, understandably, want anything to do with them on the already deranged social network.
404 Media tested the tool, called EpsteIn—as in, a mash up of Epstein and LinkedIn—and it appears to work.