10 interesting stories served every morning and every evening.
The FBI raided the home of a Washington Post reporter early on Wednesday in what the newspaper called a “highly unusual and aggressive” move by law enforcement, and press freedom groups condemned as a “tremendous intrusion” by the Trump administration.
Agents descended on the Virginia home of Hannah Natanson as part of an investigation into a government contractor accused of illegally retaining classified government materials.
An email sent on Wednesday afternoon to Post staff from the executive editor, Matt Murray, obtained by the Guardian, said agents turned up “unannounced”, searched her home and seized electronic devices.
“This extraordinary, aggressive action is deeply concerning and raises profound questions and concern around the constitutional protections for our work,” the email said.
“The Washington Post has a long history of zealous support for robust press freedoms. The entire institution stands by those freedoms and our work.”
“It’s a clear and appalling sign that this administration will set no limits on its acts of aggression against an independent press,” Marty Baron, the Post’s former executive editor, told the Guardian.
Murray said neither the newspaper nor Natanson were told they were the target of a justice department investigation.
Pam Bondi, the attorney general, said in a post on X that the raid was conducted by the justice department and FBI at the request of the Pentagon.
The warrant, she said, was executed “at the home of a Washington Post journalist who was obtaining and reporting classified and illegally leaked information from a Pentagon contractor. The leaker is currently behind bars.”
The statement gave no further details of the raid or investigation. Bondi added: “The Trump administration will not tolerate illegal leaks of classified information that, when reported, pose a grave risk to our nation’s national security and the brave men and women who are serving our country.”
The reporter’s home and devices were searched, and her Garmin watch, phone, and two laptop computers, one belonging to her employer, were seized, the newspaper said. It added that agents told Natanson she was not the focus of the investigation, and was not accused of any wrongdoing.
A warrant obtained by the Post cited an investigation into Aurelio Perez-Lugones, a system administrator in Maryland with a top secret security clearance who has been accused of accessing and taking home classified intelligence reports.
Natanson, the Post said, covers the federal workforce and has been a part of the newspaper’s “most high-profile and sensitive coverage” during the first year of the second Trump administration.
As the paper noted in its report, it is “highly unusual and aggressive for law enforcement to conduct a search on a reporter’s home”.
In a first-person account published last month, Natanson described herself as the Post’s “federal government whisperer”, and said she would receive calls day and night from “federal workers who wanted to tell me how President Donald Trump was rewriting their workplace policies, firing their colleagues or transforming their agency’s missions”.
“It’s been brutal,” the article’s headline said.
Natanson said her work had led to 1,169 new sources, “all current or former federal employees who decided to trust me with their stories”. She said she learned information “people inside government agencies weren’t supposed to tell me”, saying that the intensity of the work nearly “broke” her.
The federal investigation into Perez-Lugones, the Post said, involved documents found in his lunchbox and his basement, according to an FBI affidavit. The criminal complaint against him does not accuse him of leaking classified information, the newspaper said.
Press freedom groups were united in their condemnation of the raid on Wednesday.
“Physical searches of reporters’ devices, homes and belongings are some of the most invasive investigative steps law enforcement can take,” Bruce D Brown, president of the Reporters’ Committee for Freedom of the Press, said in a statement.
“There are specific federal laws and policies at the Department of Justice that are meant to limit searches to the most extreme cases because they endanger confidential sources far beyond just one investigation and impair public interest reporting in general.
“While we won’t know the government’s arguments about overcoming these very steep hurdles until the affidavit is made public, this is a tremendous escalation in the administration’s intrusions into the independence of the press.”
Jameel Jaffer, executive director of the Knight First Amendment Institute, demanded a public explanation from the justice department of “why it believes this search was necessary and legally permissible”.
In a statement, Jaffer said: “Any search targeting a journalist warrants intense scrutiny because these kinds of searches can deter and impede reporting that is vital to our democracy.
“Attorney General Bondi has weakened guidelines that were intended to protect the freedom of the press, but there are still important legal limits, including constitutional ones, on the government’s authority to use subpoenas, court orders, and search warrants to obtain information from journalists.
“Searches of newsrooms and journalists are hallmarks of illiberal regimes, and we must ensure that these practices are not normalized here.”
Seth Stern, chief of advocacy for the Freedom of the Press Foundation, said it was “an alarming escalation in the Trump administration’s multipronged war on press freedom” and called the warrant “outrageous”.
“The administration may now be in possession of volumes of journalist communications having nothing to do with any pending investigation and, if investigators are able to access them, we have zero faith that they will respect journalist-source confidentiality,” he said.
Tim Richardson, journalism and disinformation program director at PEN America, said: “A government action this rare and aggressive signals a growing assault on independent reporting and undermines the First Amendment.
“It is intended to intimidate sources and chill journalists’ ability to gather news and hold the government accountable. Such behavior is more commonly associated with authoritarian police states than democratic societies that recognize journalism’s essential role in informing the public.”
The Post has had a rocky relationship with the Trump administration in recent months, despite its billionaire owner, Jeff Bezos, the Amazon founder, attempting to curry favor by blocking it from endorsing Kamala Harris, the Democratic nominee, in the 2024 presidential election.
Bezos defended the action, which saw the desertion of more than 200,000 subscribers in protest.
...
Read the original on www.theguardian.com »
Two days ago, Anthropic released the Claude Cowork research preview (a general-purpose AI agent to help anyone with their day-to-day work). In this article, we demonstrate how attackers can exfiltrate user files from Cowork by exploiting an unremediated vulnerability in Claude’s coding environment, which now extends to Cowork. The vulnerability was first identified in Claude.ai chat before Cowork existed by Johann Rehberger, who disclosed the vulnerability — it was acknowledged but not remediated by Anthropic.
Anthropic warns users, “Cowork is a research preview with unique risks due to its agentic nature and internet access.” Users are recommended to be aware of “suspicious actions that may indicate prompt injection”. However, as this feature is intended for use by the general populace, not just technical users, we agree with Simon Willison’s take:
“I do not think it is fair to tell regular non-programmer users to watch out for ‘suspicious actions that may indicate prompt injection’!”
As Anthropic has acknowledged this risk and put it on users to “avoid granting access to local files with sensitive information” (while simultaneously encouraging the use of Cowork to organize your Desktop), we have chosen to publicly disclose this demonstration of a threat users should be aware of. By raising awareness, we hope to enable users to better identify the types of ‘suspicious actions’ mentioned in Anthropic’s warning.
This attack leverages the allowlisting of the Anthropic API to achieve data egress from Claude’s VM environment (which restricts most network access).
The victim connects Cowork to a local folder containing confidential real estate filesThe victim uploads a file to Claude that contains a hidden prompt injection
For general use cases, this is quite common; a user finds a file online that they upload to Claude code. This attack is not dependent on the injection source - other injection sources include, but are not limited to: web data from Claude for Chrome, connected MCP servers, etc. In this case, the attack has the file being a Claude ‘Skill’ (although, as mentioned, it could also just be a regular document), as it is a generalizable file convention that users are likely to encounter, especially when using Claude.
Note: If you are familiar with Skills, they are canonically Markdown files (which users often do not heavily scrutinize). However, we demonstrate something more interesting: here, the user uploads a .docx (such as may be shared on an online forum), which poses as a Skill - the contents appear to be Markdown that was just saved after editing in Word. In reality, this trick allows attackers to conceal the injection using 1-point font, white-on-white text, and with line spacing set to 0.1 — making it effectively impossible to detect. The victim asks Cowork to analyze their files using the Real Estate ‘skill’ they uploadedThe injection manipulates Cowork to upload files to the attacker’s Anthropic account
The injection tells Claude to use a ‘curl’ command to make a request to the Anthropic file upload API with the largest available file. The injection then provides the attacker’s API key, so the file will be uploaded to the attacker’s account.
At no point in this process is human approval required.If we expand the ‘Running command’ block, we can see the malicious request in detail:Code executed by Claude is run in a VM - restricting outbound network requests to almost all domains - but the Anthropic API flies under the radar as trusted, allowing this attack to complete successfully. The attacker’s account contains the victim’s file, allowing them to chat with itThe exfiltrated file contains financial figures and PII, including partial SSNs.
The above exploit was demonstrated against Claude Haiku. Although Claude Opus 4.5 is known to be more resilient against injections, Opus 4.5 in Cowork was successfully manipulated via indirect prompt injection to leverage the same file upload vulnerability to exfiltrate data in a test that considered a ‘user’ uploading a malicious integration guide while developing a new AI tool:
As the focus of this article was more for everyday users (and not developers), we opted to demonstrate the above attack chain instead of this one.
An interesting finding: Claude’s API struggles when a file does not match the type it claims to be. When operating on a malformed PDF (ends .pdf, but it is really a text file with a few sentences in it), after trying to read it once, Claude starts throwing an API error in every subsequent chat in the conversation.
We posit that it is likely possible to exploit this failure via indirect prompt injection to cause a limited denial of service attack (e.g., an injection can elicit Claude to create a malformed file, and then read it). Uploading the malformed file via the files API resulted in notifications with an error message, both in the Claude client and the Anthropic Console.
One of the key capabilities that Cowork was created for is the ability to interact with one’s entire day-to-day work environment. This includes the browser and MCP servers, granting capabilities like sending texts, controlling one’s Mac with AppleScripts, etc.
These functionalities make it increasingly likely that the model will process both sensitive and untrusted data sources (which the user does not review manually for injections), making prompt injection an ever-growing attack surface. We urge users to exercise caution when configuring Connectors. Though this article demonstrated an exploit without leveraging Connectors, we believe they represent a major risk surface likely to impact everyday users.
...
Read the original on www.promptarmor.com »
The Tesla Cybertruck program is in shambles. The latest data indicate production is running at roughly 10% of its planned capacity. Meanwhile, the Ford F150 Lightning outsold the Tesla Cybertruck in 2025 and was then canceled for not selling enough.
Is this what is coming for the Cybertruck?
Tesla is actively trying to hide its Cybertruck sales performance. We have to do the math ourselves.
Unlike virtually every other automaker that reports sales by model and region, Tesla bundles its vehicles into two broad categories: “Model 3/Y” and “Other Models.”
The “Other Models” category includes the Model S, Model X, Cybertruck, and the Tesla Semi.
Model S and Model X sales have been relatively stable at a low volume, typically hovering around 5,000 to 6,000 units combined per quarter globally. If we assume a generous 6,000 units for S and X in Q4 2025 (aided by a slight update), that leaves only roughly 5,600 units for the Cybertruck and Semi combined.
Considering the Semi is still in pilot production with negligible volume, we are looking at roughly 5,500 for the entire quarter globally (though it is still mostly North American).
This is a disaster compared to the truck’s peak and the company’s stated capacity.
We previously reported in July that Tesla confirmed Cybertruck sales were down to ~5,000 units in Q2 2025. It seems the “recovery” never happened, despite price cuts and the introduction of a short-lived, cheaper trim.
For the full year 2025, it could bring the total to about 21,500 Cybertrucks globally.
According to 2025 full-year data, the Ford F-150 Lightning delivered approximately 27,300 units in the US.
Think about that for a second. Ford officially announced it was ending F-150 Lightning production in December to pivot to its new EREV (extended-range electric vehicle) strategy. Yet, even as a “lame duck” product with widely publicised retirement plans, the Lightning still managed to find more buyers than Tesla’s Cybertruck.
While Ford’s sales dipped about 18% year-over-year as they wound down the program, Tesla’s numbers crashed by nearly 50% despite the company doing everything it can to keep the program alive.
Tesla and Elon Musk have thrown everything at the Cybertruck program, and it’s not working. They released a cheaper stripped-down version and canceled it months later because it wasn’t selling.
Last quarter, Musk even had his private company SpaceX buy over 1,000 Cybertrucks, which is about 20% of Tesla’s quarterly Cybertruck sales, and sales were still down more than 50% year-over-year in the quarter.
What happens with the Cybertruck from here?
SpaceX can’t keep buying Cybertrucks, and I don’t know of any vehicle program that sells at 10% of its production capacity and survives.
As I previously said, I think if Tesla were to distance itself from Musk’s toxic brand and do things such as give up on the 4680 cells, which appear to have contributed to the Cybertruck being more expensive and having a shorter range than originally announced, it could likely significantly boost Cybertruck sales.
Enough to fill production capacity? Probably not, but it could get a lot closer.
Short of that, I don’t know where this can go. I think most other automakers would have written off the program already, but Musk can’t because of his ego. It would be admitting defeat.
It shows just how much he has changed in the last few years (beyond the obvious white-nationalist stuff), as Musk originally said Tesla would pivot to a more traditional design if the Cybertruck failed. It has failed. Now what?
...
Read the original on electrek.co »
The URL shortener that makes your links look as suspicious as possible.
Normal links are too trustworthy. Make them creepy.
...
Read the original on creepylink.com »
Why some clothes shrink in the wash — and how to ‘unshrink’ them
Washing your favourite piece of clothing only to find out it shrank can be upsetting. Why does it happen, and how can you ‘unshrink’ it?
Why some clothes shrink in the wash - and how to ‘unshrink’ them
Analysis for The Conversation by textiles scientist Dr Nisa Salim
When your favourite dress or shirt shrinks in the wash, it can be devastating, especially if you followed the instructions closely. Unfortunately, some fabrics just seem to be more prone to shrinking than others — but why?
Understanding more about the science of textile fibres can not only help you prevent the shrinkage of clothing, but also might help you “rescue” the occasional garment after a laundry accident.
It’s all down to the fibres
To know more about clothing shrinkage, we first need to understand a little about how textiles are made.
Common textile fibres, such as cotton and linen, are made from plants. These fibres are irregular and crinkled in their natural form. If you zoom deeper inside them, you’ll see millions of tiny, long-chain cellulose molecules that naturally exist in coiled or convoluted shapes.
During textile manufacturing, these fibres are mechanically pulled, stretched and twisted to straighten and align these cellulose chains together. This creates smooth, long threads.
On a chemical level, there are also links between the chains called hydrogen bonds. These strengthen the fibre and the thread and make it more cohesive.
Threads are woven or knitted into fabrics, which locks in the tension that holds those fibres side by side.
However, these fibres have good “memory”. Whenever they’re exposed to heat, moisture or mechanical action (such as agitation in your washing machine), they tend to relax and return to their original crinkled state.
This fibre memory is why some fabrics wrinkle so easily and why some of them may even shrink after washing.
Magnified image of cotton fabric, showing threads ‘locked’ in against each other.
How does washing shrink the fabric?
To understand shrinkage, we again need to zoom down to the molecular level. During laundering, hot water helps to increase the energy level of fibres — this means they shake more rapidly which disrupts the hydrogen bonds holding them in place.
The way a fabric is knitted or woven also plays a role. Loosely knitted fabrics have more open spaces and loops, making them more susceptible to shrinkage. Tightly woven fabrics are more resistant because the threads are locked into place with less room to move.
Additionally, cellulose is hydrophilic — it attracts water. Water molecules penetrate inside the fibres, causing swelling and making them more flexible and mobile. Adding to all this is the tumble and twist action inside the washing machine.
The whole process makes the fibres relax and recoil back to their natural, less stretched, crinkled state. As a result, the garment shrinks.
It’s not just hot water — here’s why
This doesn’t just happen with hot water, as you may have experienced yourself with clothes made of rayon, for example.
Cold water can still penetrate into fibres, making them swell, along with the mechanical action of the tumbling in the washing machine. The effect is less dramatic with cold water, but it can happen.
To minimise shrinkage, you may use cold water, the lowest spin speed or the gentlest cycle available, especially for cotton and rayon. Machine labels don’t always fully explain the impact of spin speed and agitation. When in doubt, choose a “delicate” setting.
A wool fibre magnified, showing cuticles that appear like scales.
Different fibres shrink in different ways; there is no single mechanism that fits all.
While cellulose-based fabrics shrink as described above, wool is an animal-derived fibre made of keratin proteins. Its surface is covered in tiny, overlapping scales called cuticle cells.
During washing, these cuticles open up and interlock with neighbouring fibres causing fibre entanglement or “felting”. This makes the clothing feel denser and smaller — in other words, it shrinks.
Why don’t synthetics shrink as much?
Synthetic fibres such as polyester or nylon are made from petroleum-based polymers, engineered for stability and durability.
These polymers contain more crystalline regions that are highly ordered and act as an internal “skeleton”, preventing the fibres from crinkling.
Textile scientists and engineers are also working on fabrics that resist shrinkage through advanced material design. Among promising innovations are blended yarns that combine natural and synthetic fibres.
Some researchers are working on shape-memory polymers that can change shape — or return to a previous shape — in response to temperature or water, for example. This is different to stretch fabrics (such as those used in activewear) that are made up of highly elastic fibres which “bounce back” to their original state after stretching.
How can I unshrink a piece of clothing?
If a favourite garment has shrunk in the wash, you can try to rescue it with this simple method.
Gently soak the item in lukewarm water mixed with hair conditioner or baby shampoo (approximately one tablespoon per litre). Then, carefully stretch the fabric back into shape and dry it flat or under gentle tension — for example, by pegging the garment to a drying rack.
The reason this works is because conditioners have chemicals known as cationic surfactants. These will temporarily lubricate the fibres, making them more flexible and allowing you to gently pull everything back into place.
This process can’t completely reverse extreme shrinkage but it can help recover some of the lost size, making the clothes wearable again.
Swinburne-led network to guide AI use in youth services
Swinburne’s Dr Joel McGregor, Dr Linus Tan and Dr Caleb Lloyd have established the Responsible AI in Youth Sectors Network. The collaborative network aims to guide the fast-growing use of artificial intelligence in youth services across Victoria.
Read more
Ten Swinburne academics have been named on the Highly Cited Researchers 2025 list, released by Clarivate
Swinburne physicist Dr Weibai Li has received a Discovery Early Career Researcher Award from the Australian Research Council
$1.2m ARC funding to boost national X-ray spectroscopy capability through Swinburne and QUT partnership
Swinburne has secured $1.2 million in the latest Australian Research Council Linkage Infrastructure, Equipment and Facilities scheme round
Read more
...
Read the original on www.swinburne.edu.au »
You have added
to your comparison list.
Search entire store. Use arrow keys to navigate autocomplete results, enter to select, escape to close.
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
Learn about real time kinematics
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
Servos Explained - everything you need to know about servos.
View Resource
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
Arduino compatible with UNO footprint, there’s a RedBoard for everyone.
See our RedBoards
Small form factor with over a dozen options to chose from.
View Thing+ Dev Boards
Modular interface using the M.2 standard to mix and match functionality.
Choose Your Combination
This is a carousel. Use Next and Previous buttons to navigate, or jump to a slide with the slide dots.
Learn More About Teensy
See the Options
Official Response to Comments Made in a Public Forum
Due to recent activities that are in direct violation of our Code of Conduct, which is publicly available on our website, SparkFun has determined that it can no longer transact with Adafruit Industries. Please see the official communication we sent to Adafruit below. Without oversharing, recent violations include:
Sending and forwarding offensive, antagonistic, and derogatory emails and material to SparkFun employees, former employees and customers
We understand this may be frustrating. From time to time, we have to make difficult business decisions and this decision was made after thoughtful consideration. We wish Adafruit the best in future endeavors. Please note, SparkFun continues to embrace our strong reseller network - for SparkFun-original products, Teensy, and a multitude of other products. Please see our distributor map below.
Aside from directing to this official statement, SparkFun has not made any public posts, comments, or submissions about this situation on external forums or platforms. Any suggestion otherwise is incorrect. This statement is our only public communication on the matter. We are focused on moving forward and continuing to serve our customers and community.
I agree to the Privacy Policy to get a quote for product
...
Read the original on www.sparkfun.com »
This blog also appears in our Age Verification Resource Hub: our one-stop shop for users seeking to understand what age-gating laws actually do, what’s at stake, how to protect yourself, and why EFF opposes all forms of age verification mandates. Head to EFF.org/Age to explore our resources and join us in the fight for a free, open, private, and yes—safe—internet.
EFF is against age gating and age verification mandates, and we hope we’ll win in getting existing ones overturned and new ones prevented. But mandates are already in effect, and every day many people are asked to verify their age across the web, despite prominent cases of sensitive data getting leaked in the process.
At some point, you may have been faced with the decision yourself: should I continue to use this service if I have to verify my age? And if so, how can I do that with the least risk to my personal information? This is our guide to navigating those decisions, with information on what questions to ask about the age verification options you’re presented with, and answers to those questions for some of the top most popular social media sites. Even though there’s no way to implement mandated age gates in a way that fully protects speech and privacy rights, our goal here is to help you minimize the infringement of your rights as you manage this awful situation.
Since we know that leaks happen despite the best efforts of software engineers, we generally recommend submitting the absolute least amount of data possible. Unfortunately, that’s not going to be possible for everyone. Even facial age estimation solutions where pictures of your face never leave your device, offering some protection against data leakage, are not a good option for all users: facial age estimation works less well for people of color, trans and nonbinary people, and people with disabilities. There are some systems that use fancy cryptography so that a digital ID saved to your device won’t tell the website anything more than if you meet the age requirement, but access to that digital ID isn’t available to everyone or for all platforms. You may also not want to register for a digital ID and save it to your phone, if you don’t want to take the chance of all the information on it being exposed upon request of an over-zealous verifier, or you simply don’t want to be a part of a digital ID system
If you’re given the option of selecting a verification method and are deciding which to use, we recommend considering the following questions for each process allowed by each vendor:
* Data: What info does each method require?
* Access: Who can see the data during the course of the verification process?
* Retention: Who will hold onto that data after the verification process, and for how long?
* Audits: How sure are we that the stated claims will happen in practice? For example, are there external audits confirming that data is not accidentally leaked to another site along the way? Ideally these will be in-depth, security-focused audits by specialized auditors like NCC Group or Trail of Bits, instead of audits that merely certify adherence to standards.
* Visibility: Who will be aware that you’re attempting to verify your age, and will they know which platform you’re trying to verify for?
We attempt to provide answers to these questions below. To begin, there are two major factors to consider when answering these questions: the tools each platform uses, and the overall system those tools are part of.
In general, most platforms offer age estimation options like face scans as a first line of age assurance. These vary in intrusiveness, but their main problem is inaccuracy, particularly for marginalized users. Third-party age verification vendors Private ID and k-ID offer on-device facial age estimation, but another common vendor, Yoti, sends the image to their servers during age checks by some of the biggest platforms. This risks leaking the images themselves, and also the fact that you’re using that particular website, to the third party.
Then, there’s the document-based verification services, which require you to submit a hard identifier like a government-issued ID. This method thus requires you to prove both your age and your identity. A platform can do this in-house through a designated dataflow, or by sending that data to a third party. We’ve already seen examples of how this can fail. For example, Discord routed users’ ID data through its general customer service workflow so that a third-party vendor could perform manual review of verification appeals. No one involved ever deleted users’ data, so when the system was breached, Discord had to apologize for the catastrophic disclosure of nearly 70,000 photos of users’ ID documents. Overly long retention periods expose documents to risk of breaches and historical data requests. Some document verifiers have retention periods that are needlessly long. This is the case with Incode, which provides ID verification for Tiktok. Incode holds onto images forever by default, though TikTok should automatically start the deletion process on your behalf.
Some platforms offer alternatives, like proving that you own a credit card, or asking for your email to check if it appears in databases associated with adulthood (like home mortgage databases). These tend to involve less risk when it comes to the sensitivity of the data itself, especially since credit cards can be replaced, but in general still undermine anonymity and pseudonymity and pose a risk of tracking your online activity. We’d prefer to see more assurances across the board about how information is handled.
Each site offers users a menu of age assurance options to choose from. We’ve chosen to present these options in the rough order that we expect most people to prefer. Jump directly to a platform to learn more about its age checks:
If Meta can guess your age, you may never even see an age verification screen. Meta, which runs Facebook, Threads, Instagram, Messenger, and WhatsApp, first tries to use information you’ve posted to guess your age, like looking at “Happy birthday!” messages. It’s a creepy reminder that they already have quite a lot of information about you.
If Meta cannot guess your age, or if Meta infers you’re too young, it will next ask you to verify your age using either facial age estimation, or by uploading your photo ID.
If you choose to use facial age estimation, you’ll be sent to Yoti, a third-party verification service. Your photo will be uploaded to their servers during this process. Yoti claims that “as soon as an age has been estimated, the facial image is immediately and permanently deleted.” Though it’s not as good as not having that data in the first place, Yoti’s security measures include a bug bounty program and annual penetration testing. Researchers from Mint Secure found that Yoti’s app and website are filled with trackers, so the fact that you’re verifying your age could be not only shared to Yoti, but leaked to third-party data brokers as well.
You may not want to use this option if you’re worried about third parties potentially being able to know you’re trying to verify your age with Meta. You also might not want to use this if you’re worried about a current picture of your face accidentally leaking—for example, if elements in the background of your selfie might reveal your current location. On the other hand, if you consider a selfie to be less sensitive than a photograph of your ID, this option might be better. If you do choose (or are forced to) use the face check system, be sure to snap your selfie without anything you’d be concerned with identifying your location or embarrassing you in the background in case the image leaks.
If Yoti’s age estimation decides your face looks too young, or if you opt out of facial age estimation, your next recourse is to send Meta a photo of your ID. Meta sends that photo to Yoti to verify the ID. Meta says it will hold onto that ID image for 30 days, then delete it. Meanwhile, Yoti claims it will delete the image immediately after verification. Of course, bugs and process oversights exist, such as accidentally replicating information in logs or support queues, but at least they have stated processes. Your ID contains sensitive information such as your full legal name and home address. Using this option not only runs the (hopefully small, but never nonexistent) risk of that data getting leaked through errors or hacking, but it also lets Meta see the information needed to tie your profile to your identity—which you may not want. If you don’t want Meta to know your name and where you live, or rely on both Meta and Yoti to keep to their deletion promises, this option may not be right for you.
If Google can guess your age, you may never even see an age verification screen. Your Google account is typically connected to your YouTube account, so if (like mine) your YouTube account is old enough to vote, you may not need to verify your Google account at all. Google first uses information it already knows to try to guess your age, like how long you’ve had the account and your YouTube viewing habits. It’s yet another creepy reminder of how much information these corporations have on you, but at least in this case they aren’t likely to ask for even more identifying data.
If Google cannot guess your age, or decides you’re too young, Google will next ask you to verify your age. You’ll be given a variety of options for how to do so, with availability that will depend on your location and your age.
Google’s methods to assure your age include ID verification, facial age estimation, verification by proxy, and digital ID. To prove you’re over 18, you may be able to use facial age estimation, give Google your credit card information, or tell a third-party provider your email address.
If you choose to use facial age estimation, you’ll be sent to a website run by Private ID, a third-party verification service. The website will load Private ID’s verifier within the page—this means that your selfie will be checked without any images leaving your device. If the system decides you’re over 18, it will let Google know that, and only that. Of course, no technology is perfect—should Private ID be mandated to target you specifically, there’s nothing to stop it from sending down code that does in fact upload your image, and you probably won’t notice. But unless your threat model includes being specifically targeted by a state actor or Private ID, that’s unlikely to be something you need to worry about. For most people, no one else will see your image during this process. Private ID will, however, be told that your device is trying to verify your age with Google and Google will still find out if Private ID thinks that you’re under 18.
If Private ID’s age estimation decides your face looks too young, you may next be able to decide if you’d rather let Google verify your age by giving it your credit card information, photo ID, or digital ID, or by letting Google send your email address to a third-party verifier.
If you choose to provide your email address, Google sends it on to a company called VerifyMy. VerifyMy will use your email address to see if you’ve done things like get a mortgage or paid for utilities using that email address. If you use Gmail as your email provider, this may be a privacy-protective option with respect to Google, as Google will then already know the email address associated with the account. But it does tell VerifyMy and its third-party partners that the person behind this email address is looking to verify their age, which you may not want them to know. VerifyMy uses “proprietary algorithms and external data sources” that involve sending your email address to “trusted third parties, such as data aggregators.” It claims to “ensure that such third parties are contractually bound to meet these requirements,” but you’ll have to trust it on that one—we haven’t seen any mention of who those parties are, so you’ll have no way to check up on their practices and security. On the bright side, VerifyMy and its partners do claim to delete your information as soon as the check is completed.
If you choose to let Google use your credit card information, you’ll be asked to set up a Google Payments account. Note that debit cards won’t be accepted, since it’s much easier for many debit cards to be issued to people under 18. Google will then charge a small amount to the card, and refund it once it goes through. If you choose this method, you’ll have to tell Google your credit card info, but the fact that it’s done through Google Payments (their regular card-processing system) means that at least your credit card information won’t be sitting around in some unsecured system. Even if your credit card information happens to accidentally be leaked, this is a relatively low-risk option, since credit cards come with solid fraud protection. If your credit card info gets leaked, you should easily be able to dispute fraudulent charges and replace the card.
If the option is available to you, you may be able to use your digital ID to verify your age with Google. In some regions, you’ll be given the option to use your digital ID. In some cases, it’s possible to only reveal your age information when you use a digital ID. If you’re given that choice, it can be a good privacy-preserving option. Depending on the implementation, there’s a chance that the verification step will “phone home” to the ID provider (usually a government) to let them know the service asked for your age. It’s a complicated and varied topic that you can learn more about by visiting EFF’s page on digital identity.
Should none of these options work for you, your final recourse is to send Google a photo of your ID. Here, you’ll be asked to take a photo of an acceptable ID and send it to Google. Though the help page only states that your ID “will be stored securely,” the verification process page says ID “will be deleted after your date of birth is successfully verified.” Acceptable IDs vary by country, but are generally government-issued photo IDs. We like that it’s deleted immediately, though we have questions about what Google means when it says your ID will be used to “improve [its] verification services for Google products and protect against fraud and abuse.” No system is perfect, and we can only hope that Google schedules outside audits regularly.
If TikTok can guess your age, you may never even see an age verification notification. TikTok first tries to use information you’ve posted to estimate your age, looking through your videos and photos to analyze your face and listen to your voice. By uploading any videos, TikTok believes you’ve given it consent to try to guess how old you look and sound.
If TikTok decides you’re too young, appeal to revoke their age decision before the deadline passes. If TikTok cannot guess your age, or decides you’re too young, it will automatically revoke your access based on age—including either restricting features or deleting your account. To get your access and account back, you’ll have a limited amount of time to verify your age. As soon as you see the notification that your account is restricted, you’ll want to act fast because in some places you’ll have as little as 23 days before the deadline passes.
When you get that notification, you’re given various options to verify your age based on your location.
If you’re given the option to use facial age estimation, you’ll be sent to Yoti, a third-party verification service. Your photo will be uploaded to their servers during this process. Yoti claims that “as soon as an age has been estimated, the facial image is immediately and permanently deleted.” Though it’s not as good as not having that data in the first place, Yoti’s security measures include a bug bounty program and annual penetration testing. However, researchers from Mint Secure found that Yoti’s app and website are filled with trackers, so the fact that you’re verifying your age could be leaked not only to Yoti, but to third-party data brokers as well.
You may not want to use this option if you’re worried about third parties potentially being able to know you’re trying to verify your age with TikTok. You also might not want to use this if you’re worried about a current picture of your face accidentally leaking—for example, if elements in the background of your selfie might reveal your current location. On the other hand, if you consider a selfie to be less sensitive than a photograph of your ID or your credit card information, this option might be better. If you do choose (or are forced to) use the face check system, be sure to snap your selfie without anything you’d be concerned with identifying your location or embarrassing you in the background in case the image leaks.
If you have a credit card in your name, TikTok will accept that as proof that you’re over 18. Note that debit cards won’t be accepted, since it’s much easier for many debit cards to be issued to people under 18. TikTok will charge a small amount to the credit card, and refund it once it goes through. It’s unclear if this goes through their regular payment process, or if your credit card information will be sent through and stored in a separate, less secure system. Luckily, these days credit cards come with solid fraud protection, so if your credit card gets leaked, you should easily be able to dispute fraudulent charges and replace the card. That said, we’d rather TikTok provide assurances that the information will be processed securely.
Sometimes, if you’re between 13 and 17, you’ll be given the option to let your parent or guardian confirm your age. You’ll tell TikTok their email address, and TikTok will send your parent or guardian an email asking them (a) to confirm your date of birth, and (b) to verify their own age by proving that they own a valid credit card. This option doesn’t always seem to be offered, and in the one case we could find, it’s possible that TikTok never followed up with the parent. So it’s unclear how or if TikTok verifies that the adult whose email you provide is your parent or guardian. If you want to use credit card verification but you’re not old enough to have a credit card, and you’re ok with letting an adult know you use TikTok, this option may be reasonable to try.
Bizarrely, if you’re between 13 and 17, TikTok claims to offer the option to take a photo with literally any random adult to confirm your age. Its help page says that any trusted adult over 25 can be chosen, as long as they’re holding a piece of paper with the code on it that TikTok provides. It also mentions that a third-party provider is used here, but doesn’t say which one. We haven’t found any evidence of this verification method being offered. Please do let us know if you’ve used this method to verify your age on TikTok!
If you aren’t offered or have failed the other options, you’ll have to verify your age by submitting a copy of your ID and matching photo of your face. You’ll be sent to Incode, a third-party verification service. In a disappointing failure to meet the industry standard, Incode itself doesn’t automatically delete the data you give it once the process is complete, but TikTok does claim to “start the process to delete the information you submitted,” which should include telling Incode to delete your data once the process is done. If you want to be sure, you can ask Incode to delete that data yourself. Incode tells TikTok that you met the age threshold without providing your exact date of birth, but then TikTok wants to know the exact date anyway, so it’ll ask for your date of birth even after your age has been verified.
TikTok itself might not see your actual ID depending on its implementation choices, but Incode will. Your ID contains sensitive information such as your full legal name and home address. Using this option not only runs the (hopefully small, but never nonexistent) risk of that data getting accidentally leaked through errors or hacking. If you don’t want TikTok or Incode to know your name, what you look like, and where you live—or if you don’t want to rely on both TikTok and Incode to keep to their deletion promises—then this option may not be right for you.
We’ve covered the major providers here, but age verification is unfortunately being required of many other services that you might use as well. While the providers and processes may vary, the same general principles will apply. If you’re trying to choose what information to provide to continue to use a service, consider the “follow the data” questions mentioned above, and try to find out how the company will store and process the data you give it. The less sensitive information, the fewer people have access to it, and the more quickly it will be deleted, the better. You may even come to recognize popular names in the age verification industry: Spotify and OnlyFans use Yoti (just like Meta and Tiktok), Quora and Discord use k-ID, and so on.
Unfortunately, it should be clear by now that none of the age verification options are perfect in terms of protecting information, providing access to everyone, and safely handling sensitive data. That’s just one of the reasons that EFF is against age-gating mandates, and is working to stop and overturn them across the United States and around the world.
...
Read the original on www.eff.org »
The government’s signalled a potential u-turn on pub rates — but nothing’s confirmed yet. Pubs still need your support. Find your local. See what they’re up against. Buy a pint.
Our world-class data scientists (one guy with a spreadsheet) have developed the Fucked Pub Index™ — a groundbreaking metric that combines advanced geospatial analysis (Google Maps) with sophisticated fiscal impact modelling (basic maths) to identify the pub near you that most urgently requires your patronage.
Based on VOA rateable value data for … verified pubs (SCAT 249). Some industry experts estimate the actual number of affected pubs is even higher. The government has signalled support is coming — we’ll update when details are announced.
...
Read the original on ismypubfucked.com »
there should be a thing that reads your package.json and charges you $5/month per dependency - you don’t /have/ to! you could set the price to $1 per employee! - and then holds the funds and sends it to the people who made the code you use to do business
how is not doing this more sustainable— Greg Technology ❪⎷❫ (@greg.technology) January 13, 2026 at 9:13 PM
It is crazy, absolutely crazy to depend on open source to be free (as beer). It is not okay - it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
It is impossible to imagine that what we’re doing today is the only way. Begging/busking for donations, hoping to get noticed. Hoping for a lifeline.
Hence, a solution. Or an idea, really. Incredibly half-baked. Poke all the holes you want. It’s very unwrought and muy unripe.
GitHub should charge every org $1 more per user per month and direct it into an Open Source fund, held in escrow.
Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
You know how the money you pay to Spotify is very very very approximately (and not really fairly) distributed among artists that you listened to? Yes, Spotify is a very flawed model and artists are not doing well. But it is a model??
That’s it. That’s the idea. Call it the “Open Source Fund” thing, make it opt-out. Give every org a magical badge - or the ability to set their profile’s background css.
Or don’t! Let’s not do anything! People’s code and efforts - fueling incredibly critical bits of infrastructure all around the world - should just be up for grabs. Haha! Suckers!
Alright, I don’t know how you fund Linux (does Linux appear in a requirements file). Hmm. Maybe FROM commands from Dockerfiles are also read & applied. Maybe we at least start somewhere?
Anyway, you all smarter than me people can figure it out. I just cannot accept that what we have is “GOOD”. xx
...
Read the original on blog.greg.technology »
Can I use Roam 100GB on the ocean?
I received an email about Roam 100GB. Do I have to accept or upgrade?
How do I get high-speed Roam data again?
What can I do with low-speed data?
Will my service stop when I reach the 100GB data limit?
What happens when I use all my Roam 100GB data?
I received an email about Roam 100GB. Do I have to accept or upgrade?
What happens when I use all my Roam 100GB data?
On January 13, 2026, Starlink doubled the amount of high-speed data on Roam 50GB to 100GB, at no additional cost and in most markets. Here is all you need to know about what’s changed and what hasn’t.
Once you’ve used 100GB of your high-speed Roam data, your service automatically continues with unlimited low-speed data for the remainder of your billing period. You’ll still be connected for basic use like calls and texts, but activities such as streaming, downloading, and video calls may be limited.
We’ll notify you when you reach 80% and 100% of your monthly high-speed Roam data. To restore high-speed Roam service, you can upgrade to Roam Unlimited. Please note that this upgrade will remain in effect for future billing cycles. You can switch back to Roam 100GB as needed. If you want to switch back before your next biling cycle, you’ll need to manually change plans in your account portal.
No. Your service will not stop. You’ll continue to have internet access–with unlimited data–at reduced speeds until your next billing cycle begins.
Low-speed data supports basic connectivity such as email, calls, and texts. Activities that rely on higher speeds—like streaming video, large downloads, or video calls—will be limited.
You can upgrade anytime to Roam Unlimited to restore high-speed service. Please note that upgrading to Roam Unlimited will remain in effect for future billing cycles.
With the exception of Ocean Mode, per-GB data purchases are no longer available on Roam plans. Customers now automatically move to unlimited low-speed data after reaching their high-speed Roam 100GB limit, with the option to upgrade to Roam Unlimited for continued high-speed access.
No. You don’t need to take any action. Roam 100GB is a new plan that’s now widely available.
If your service is currently paused in Standby Mode or cancelled, you don’t need to upgrade unless you want active service. Roam 100GB will be available whenever you’re ready to roam.
Yes, with the same previous conditions as Roam 50GB:
* Connectivity is supported in territorial waters and inland waterways, up to 12 nautical miles from the coast, for up to 5 consecutive days and up to 60 days per year.
* Coverage beyond 12 nautical miles or more than 60 days per year requires Ocean Mode, which is billed per GB and is only available with Roam Unlimited.
Learn more about Ocean Mode
In the following markets, Roam 50GB is still available and Roam 100GB is not available:
...
Read the original on starlink.com »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.