Neither of us had prior ex­pe­ri­ence de­vel­op­ing mo­bile apps, but we thought, “Hey, we’re both smart. This should­n’t be too dif­fi­cult.”

Once upon a time, in the dis­tant mem­ory that is 2023, a new in­stant mes­sag­ing app called Converso was launched. Converso made some pretty im­pres­sive claims about its se­cu­rity: it claimed to im­ple­ment state of the art end-to-end en­cryp­tion, to col­lect no meta­data, and to use a de­cen­tral­ized ar­chi­tec­ture that in­volved no servers at all. Unfortunately, se­cu­rity re­searcher crnković did some ba­sic re­verse en­gi­neer­ing and traf­fic analy­sis and found all of these claims to be com­pletely base­less, with Converso col­lect­ing plenty of meta­data on every mes­sage and us­ing a third-party E2EE provider to store mes­sages on bog stan­dard cen­tral­ized servers. Even more un­for­tu­nately, crnković also found that Converso im­ple­mented the (perfectly func­tional if used prop­erly) Seald E2EE ser­vice in such a way that en­crypted mes­sages’ keys could be de­rived from pub­licly avail­able in­for­ma­tion, and also up­loaded a copy of every en­crypted mes­sage to an open Firebase bucket, mean­ing every mes­sage ever sent on the ser­vice could be triv­ially read by any­one with an Internet con­nec­tion. After be­ing in­formed of the vul­ner­a­bil­i­ties, Converso ini­tially re­leased an up­date claim­ing to fix them, then with­drew from the App Store and Google Play to “address and im­prove the is­sues.”

Not one to give up af­ter a set­back, Converso CEO Tanner Haas took a break from self-pub­lish­ing books on how to achieve and re­ceive any­thing you want to re­group and re­launch, as well as to bless the world with a lessons learned blog post de­scrib­ing his de­ci­sion to re­brand af­ter re­al­iz­ing that “privacy con­cerns were pri­mar­ily com­ing from con­ser­v­a­tive cir­cles,” and im­part­ing nuggets of wis­dom such as “accept crit­i­cism and get bet­ter: don’t com­plain” and “ensure the prod­uct has been thor­oughly tested and is ready for prime-time.” Presumably he had­n’t learned the first one yet when he re­sponded to crnković’s re­spon­si­ble dis­clo­sure with vague le­gal threats and ac­cu­sa­tions of be­ing a Signal shill. Let’s see how the sec­ond is go­ing.

As usual, I start out by down­load­ing the app from Google Play and run­ning it while mon­i­tor­ing traf­fic with HTTP Toolkit. I quickly ran into Freedom Chat’s first se­cu­rity fea­ture: as de­tailed on their web­site, the app “prevent[s] screen­shots and screen record­ings en­tirely with built-in screen­shot pro­tec­tion,” per­haps to ac­co­mo­date con­ser­v­a­tives’ com­pli­cated re­la­tion­ship with screen­shots. Screenshots aren’t re­ally cru­cial to any­thing be­ing dis­cussed here, but I like to pro­vide only the best blog posts to my tens of read­ers, so let’s hook the app with Frida and dis­able the FLAG_SECURE at­tribute. With that out of the way, the signup process works as ex­pected for an in­stant mes­sag­ing app - we type in a phone num­ber, get texted a 2FA code, and en­ter it to cre­ate an ac­count. We’re asked whether we want to cre­ate a PIN, which is ap­par­ently op­tional to log in on my own phone and re­quired if we want to re­store our ac­count on an­other de­vice, then get to the main UI of the app. There are two main fea­tures here: a Chat pane where we can start chats with con­tacts, and a Channels pane where we can sub­scribe to user-run mi­croblog­ging chan­nels à la Telegram.

Let’s start out with the ba­sics and have a con­ver­sa­tion with a sec­ond ac­count. Sending a text mes­sage trig­gers the fol­low­ing ex­change:

This is the en­crypted and Base64-encoded text we sent, along with some meta­data for things like read re­ceipts and edit­ing and the iden­ti­fiers needed for de­cryp­tion (they’re us­ing the same Seald back­end that Converso had, with­out up­load­ing every­thing to Firebase this time). Sending a photo and a voice mes­sage yields sim­i­lar re­sults. While ver­i­fy­ing that they’re us­ing Seald prop­erly this time would re­quire painstak­ingly de­com­pil­ing and re­verse en­gi­neer­ing React Native’s Hermes VM byte­code, at a high level this seems fine. Let’s move on to the Channels fea­ture. When we open the tab, we see that we’ve al­ready been added to a Freedom Chat chan­nel, which mostly posts about up­dates to the app and re­lated me­dia cov­er­age.

We’re also sug­gested a hand­ful of other chan­nels to join, in­clud­ing that of Tanner Haas and some peo­ple who are ap­par­ently con­ser­v­a­tive in­flu­encers. Tanner mostly seems to use his to post fas­ci­nat­ing po­lit­i­cal takes:

When we open a chan­nel, the fol­low­ing re­quest and mas­sive re­sponse hap­pen:

The mem­bers ar­ray has 1519 en­tries in that for­mat, ap­par­ently one for each mem­ber of the chan­nel. What’s go­ing on in that user ob­ject? The pin field seems sus­pi­ciously re­lated to the PIN we were asked to in­put af­ter cre­at­ing our ac­count… To con­firm, we can sort the ar­ray by cre­ate­dAt and find that the most re­cent en­try does in­deed have the PIN we just set when mak­ing our ac­count. So any­one who’s in a chan­nel (i.e. any­one who has­n’t left the de­fault Freedom Chat chan­nel) has their PIN broad­cast to every other user! There’s no di­rect link be­tween PINs and phone num­bers here, but this is still not great.

If we scroll back a bit in the Freedom Chat chan­nel, we see this mes­sage dunk­ing on WhatsApp:

The vul­ner­a­bil­ity they’re talk­ing about was pre­sented in a pa­per by re­searchers at the University of Vienna. The pa­per is in­ter­est­ing and you should go read it, but to sum­ma­rize, WhatsApp failed to rate limit the API that eats up every phone num­ber in your con­tacts and checks whether they also use WhatsApp or not. Researchers were thus able to test nearly every pos­si­ble phone num­ber in the world, and end up with a dump of every WhatsApp user’s phone num­ber, along with some other meta­data. It’s in­ter­est­ing that Freedom Chat is­n’t vul­ner­a­ble to this, be­cause they have the same con­tact dis­cov­ery fea­ture WhatsApp does, with the app of­fer­ing you to ei­ther start a chat or in­vite each of your con­tacts de­pend­ing on whether they al­ready have an ac­count:

Let’s find out for our­selves. When we open this con­tacts page, the fol­low­ing re­quest-re­sponse hap­pens:

The first two num­bers in the re­quest are the two we used to reg­is­ter Freedom Chat ac­counts. The third is a num­ber we did­n’t reg­is­ter, as a con­trol. A cou­ple things are in­ter­est­ing here. Most ob­vi­ously, this is ex­actly the WhatsApp API the Vienna re­searchers ex­ploited, and will con­tain the same vul­ner­a­bil­ity if not rate lim­ited. This end­point also pro­vides a link­age be­tween phone num­bers and UIDs - if we could run every reg­is­tered phone num­ber through it, we could get each num­ber’s UID and match it to the UIDs in the Channels re­sponse to get that num­ber’s PIN, en­tirely de­feat­ing the PIN mech­a­nism. Now we just need to test whether it’s rate lim­ited

This is pretty self-ex­plana­tory. We gen­er­ate every valid 7-digit North American phone num­ber, then for every area code, send every num­ber in batches of 40000, plus a num­ber we reg­is­tered so we can check for false empty re­sponses. We log re­sponses that don’t con­tain the string “uid” ex­actly once; if a re­sponse con­tains it 0 times it has failed to pro­duce our reg­is­tered num­ber and is thus faulty some­how, if a re­sponse con­tains it 2+ times we have found an­other num­ber. We also reau­then­ti­cate as needed and note if we start to slow down the server at all. Yes, there are a mil­lion ways to make this con­cur­rent and faster, but we’re try­ing to enu­mer­ate not DDOS their server, and at ~1.5 sec­onds av­er­age RTT we should be able to test every American phone num­ber in about a day.

The log file starts to fill up with en­tries within a few min­utes:

Starting area code 305

[{“uid”:“08171874-4b15-47d8-aa78-

Time to go do some­thing else for a while. Just over 27 hours and one ill-fated at­tempt at early sea­son ski tour­ing later, the script has fin­ished hap­pily, the log­file is full of en­tries, and no re­quest has failed or taken longer than 3 sec­onds. So much for rate lim­it­ing. We’ve leaked every Freedom Chat user’s phone num­ber, and un­less they hap­pened to leave the de­fault chan­nel, we’ve also matched their phone num­ber to their PIN, ren­der­ing the en­tire PIN fea­ture point­less.

* 2025-12-05: Freedom Chat re­sponds clar­i­fy­ing that PINs don’t al­low restor­ing past mes­sages, only log­ging into the ac­count, and that they “had al­ready been im­ple­ment­ing ad­di­tional au­dit pro­ce­dures fol­low­ing the Vienna ex­ploit,” promises fixes by next week

* 2025-12-09: Freedom Chat no­ti­fies us is­sues have been patched

* 2025-12-11: pub­li­ca­tion here and at TechCrunch

A few weeks ago, I was wrestling with a ma­jor life de­ci­sion. Like I’ve grown used to do­ing, I opened Claude and started think­ing out loud-lay­ing out the op­tions, weigh­ing the trade­offs, ask­ing for per­spec­tive.

Midway through the con­ver­sa­tion, I paused. I re­al­ized how much I’d shared: not just this de­ci­sion, but months of con­ver­sa­tions-per­sonal dilem­mas, health ques­tions, fi­nan­cial de­tails, work frus­tra­tions, things I had­n’t told any­one else. I’d de­vel­oped a level of can­dor with my AI as­sis­tant that I don’t have with most peo­ple in my life.

And then an un­com­fort­able thought: what if some­one was read­ing all of this?

The thought did­n’t let go. As a se­cu­rity re­searcher, I have the tools to an­swer that ques­tion.

We asked Wings, our agen­tic-AI risk en­gine, to scan for browser ex­ten­sions with the ca­pa­bil­ity to read and ex­fil­trate con­ver­sa­tions from AI chat plat­forms. We ex­pected to find a hand­ful of ob­scure ex­ten­sions-low in­stall counts, sketchy pub­lish­ers, the usual sus­pects.

The re­sults came back with some­thing else en­tirely.

Near the top of the list: Urban VPN Proxy. A Chrome ex­ten­sion with over 6 mil­lion users. A 4.7-star rat­ing from 58,000 re­views. A “Featured” badge from Google, mean­ing it had passed man­ual re­view and met what Google de­scribes as “a high stan­dard of user ex­pe­ri­ence and de­sign.”

A free VPN promis­ing pri­vacy and se­cu­rity. Exactly the kind of tool some­one in­stalls when they want to pro­tect them­selves on­line.

We de­cided to look closer.

For each plat­form, the ex­ten­sion in­cludes a ded­i­cated “executor” script de­signed to in­ter­cept and cap­ture con­ver­sa­tions. The har­vest­ing is en­abled by de­fault through hard­coded flags in the ex­ten­sion’s con­fig­u­ra­tion:

There is no user-fac­ing tog­gle to dis­able this. The only way to stop the data col­lec­tion is to unin­stall the ex­ten­sion en­tirely.

The data col­lec­tion op­er­ates in­de­pen­dently of the VPN func­tion­al­ity. Whether the VPN is con­nected or not, the har­vest­ing runs con­tin­u­ously in the back­ground.

The ex­ten­sion mon­i­tors your browser tabs. When you visit any of the tar­geted AI plat­forms (ChatGPT, Claude, Gemini, etc.), it in­jects an “executor” script di­rectly into the page. Each plat­form has its own ded­i­cated script - chat­gpt.js, claude.js, gem­ini.js, and so on.

Once in­jected, the script over­rides fetch() and XMLHttpRequest - the fun­da­men­tal browser APIs that han­dle all net­work re­quests. This is an ag­gres­sive tech­nique. The script wraps the orig­i­nal func­tions so that every net­work re­quest and re­sponse on that page passes through the ex­ten­sion’s code first.

This means when Claude sends you a re­sponse, or when you sub­mit a prompt to ChatGPT, the ex­ten­sion sees the raw API traf­fic be­fore your browser even ren­ders it.

The in­jected script parses the in­ter­cepted API re­sponses to ex­tract con­ver­sa­tion data - your prompts, the AI’s re­sponses, time­stamps, con­ver­sa­tion IDs. This data is pack­aged and sent via win­dow.postMes­sage to the ex­ten­sion’s con­tent script, tagged with the iden­ti­fier PANELOS_MESSAGE.

The con­tent script for­wards the data to the ex­ten­sion’s back­ground ser­vice worker, which han­dles the ac­tual ex­fil­tra­tion. The data is com­pressed and trans­mit­ted to Urban VPN’s servers at end­points in­clud­ing an­a­lyt­ics.ur­ban-vpn.com and stats.ur­ban-vpn.com.

* Every prompt you send to the AI

* The spe­cific AI plat­form and model used

The AI con­ver­sa­tion har­vest­ing was­n’t al­ways there. Based on our analy­sis:

* July 2025 - Present: All user con­ver­sa­tions with tar­geted AI plat­forms cap­tured and ex­fil­trated

Chrome and Edge ex­ten­sions auto-up­date by de­fault. Users who in­stalled Urban VPN for its stated pur­pose - VPN func­tion­al­ity - woke up one day with new code silently har­vest­ing their AI con­ver­sa­tions.

Anyone who used ChatGPT, Claude, Gemini, or the other tar­geted plat­forms while Urban VPN was in­stalled af­ter July 9, 2025 should as­sume those con­ver­sa­tions are now on Urban VPN’s servers and have been shared with third par­ties. Medical ques­tions, fi­nan­cial de­tails, pro­pri­etary code, per­sonal dilem­mas - all of it, sold for “marketing an­a­lyt­ics pur­poses.”

“Advanced VPN Protection - Our VPN pro­vides added se­cu­rity fea­tures to help shield your brows­ing ex­pe­ri­ence from phish­ing at­tempts, mal­ware, in­tru­sive ads and AI pro­tec­tion which checks prompts for per­sonal data (like an email or phone num­ber), checks AI chat re­sponses for sus­pi­cious or un­safe links and dis­plays a warn­ing be­fore click or sub­mit your prompt.”

The fram­ing sug­gests the AI mon­i­tor­ing ex­ists to pro­tect you-check­ing for sen­si­tive data you might ac­ci­den­tally share, warn­ing you about sus­pi­cious links in re­sponses.

The code tells a dif­fer­ent story. The data col­lec­tion and the “protection” no­ti­fi­ca­tions op­er­ate in­de­pen­dently. Enabling or dis­abling the warn­ing fea­ture has no ef­fect on whether your con­ver­sa­tions are cap­tured and ex­fil­trated. The ex­ten­sion har­vests every­thing re­gard­less.

The pro­tec­tion fea­ture shows oc­ca­sional warn­ings about shar­ing sen­si­tive data with AI com­pa­nies. The har­vest­ing fea­ture sends that ex­act sen­si­tive data - and every­thing else - to Urban VPN’s own servers, where it’s sold to ad­ver­tis­ers. The ex­ten­sion warns you about shar­ing your email with ChatGPT while si­mul­ta­ne­ously ex­fil­trat­ing your en­tire con­ver­sa­tion to a data bro­ker.

After doc­u­ment­ing Urban VPN Proxy’s be­hav­ior, we checked whether the same code ex­isted else­where.

It did. The iden­ti­cal AI har­vest­ing func­tion­al­ity ap­pears in seven other ex­ten­sions from the same pub­lisher, across both Chrome and Edge:

The ex­ten­sions span dif­fer­ent prod­uct cat­e­gories, a VPN, an ad blocker, a “browser guard” se­cu­rity tool, but share the same sur­veil­lance back­end. Users in­stalling an ad blocker have no rea­son to ex­pect their Claude con­ver­sa­tions are be­ing har­vested.

All of these ex­ten­sions carry “Featured” badges from their re­spec­tive stores, ex­cept Urban Ad Blocker for Edge. These badges sig­nal to users that the ex­ten­sions have been re­viewed and meet plat­form qual­ity stan­dards. For many users, a Featured badge is the dif­fer­ence be­tween in­stalling an ex­ten­sion and pass­ing it by - it’s an im­plicit en­dorse­ment from Google and Microsoft.

Urban VPN is op­er­ated by Urban Cyber Security Inc., which is af­fil­i­ated with BiScience (B. I Science (2009) Ltd.), a data bro­ker com­pany.

This com­pany has been on re­searchers’ radar be­fore. Security re­searchers Wladimir Palant and John Tuckner at Secure Annex have pre­vi­ously doc­u­mented BiScience’s data col­lec­tion prac­tices. Their re­search es­tab­lished that:

* The com­pany pro­vides an SDK to third-party ex­ten­sion de­vel­op­ers to col­lect and sell user data

* BiScience sells this data through prod­ucts like AdClarity and Clickstream OS

Our find­ing rep­re­sents an ex­pan­sion of this op­er­a­tion. BiScience has moved from col­lect­ing brows­ing his­tory to har­vest­ing com­plete AI con­ver­sa­tions-a sig­nif­i­cantly more sen­si­tive cat­e­gory of data.

“We share the Web Browsing Data with our af­fil­i­ated com­pany… BiScience that uses this raw data and cre­ates in­sights which are com­mer­cially used and shared with Business Partners”

To be fair, Urban VPN does dis­close some of this-if you know where to look.

The con­sent prompt (shown dur­ing ex­ten­sion setup) men­tions that the ex­ten­sion processes “ChatAI com­mu­ni­ca­tion” along with “pages you visit” and “security sig­nals.” It states this is done “to pro­vide these pro­tec­tions.”

The pri­vacy pol­icy goes fur­ther, buried deep in the doc­u­ment:

“AI Inputs and Outputs. As part of the Browsing Data, we will col­lect the prompts and out­puts queried by the End-User or gen­er­ated by the AI chat provider, as ap­plic­a­ble.”

“We also dis­close the AI prompts for mar­ket­ing an­a­lyt­ics pur­poses.”

However, the Chrome Web Store list­ing-the place where users ac­tu­ally de­cide whether to in­stall-shows a dif­fer­ent pic­ture:

“This de­vel­oper de­clares that your data is Not be­ing sold to third par­ties, out­side of the ap­proved use cases”

The list­ing men­tions the ex­ten­sion han­dles “Web his­tory” and “Website con­tent.” It says noth­ing about AI con­ver­sa­tions specif­i­cally.

The con­sent prompt frames AI mon­i­tor­ing as pro­tec­tive. The pri­vacy pol­icy re­veals the data is sold for mar­ket­ing.

The store list­ing says data is­n’t sold to third par­ties. The pri­vacy pol­icy de­scribes shar­ing with BiScience, “Business Partners,” and use for “marketing an­a­lyt­ics.”

Users who in­stalled be­fore July 2025 never saw the up­dated con­sent prompt-the AI har­vest­ing was added via silent up­date in ver­sion 5.5.0.

Even users who see the con­sent prompt have no gran­u­lar con­trol. You can’t ac­cept the VPN but de­cline the AI har­vest­ing. It’s all or noth­ing.

Nothing in­di­cates to users that the data col­lec­tion con­tin­ues even when the VPN is dis­con­nected and the AI pro­tec­tion fea­ture is turned off. The har­vest­ing runs silently in the back­ground re­gard­less of what fea­tures the user has en­abled.

Urban VPN Proxy car­ries Google’s “Featured” badge on the Chrome Web Store. According to Google’s doc­u­men­ta­tion:

“Featured ex­ten­sions fol­low our tech­ni­cal best prac­tices and meet a high stan­dard of user ex­pe­ri­ence and de­sign.”

“Before it re­ceives a Featured badge, the Chrome Web Store team must re­view each ex­ten­sion.”

This means a hu­man at Google re­viewed Urban VPN Proxy and con­cluded it met their stan­dards. Either the re­view did­n’t ex­am­ine the code that har­vests con­ver­sa­tions from Google’s own AI prod­uct (Gemini), or it did and did­n’t con­sider this a prob­lem.

The Chrome Web Store’s Limited Use pol­icy ex­plic­itly pro­hibits “transferring or sell­ing user data to third par­ties like ad­ver­tis­ing plat­forms, data bro­kers, or other in­for­ma­tion re­sellers.” BiScience is, by its own de­scrip­tion, a data bro­ker.

The ex­ten­sion re­mains live and fea­tured as of this writ­ing.

Browser ex­ten­sions oc­cupy a unique po­si­tion of trust. They run in the back­ground, have broad ac­cess to your brows­ing ac­tiv­ity, and auto-up­date with­out ask­ing. When an ex­ten­sion promises pri­vacy and se­cu­rity, users have lit­tle rea­son to sus­pect it’s do­ing the op­po­site.

What makes this case no­table is­n’t just the scale - 8 mil­lion users - or the sen­si­tiv­ity of the data - com­plete AI con­ver­sa­tions. It’s that these ex­ten­sions passed re­view, earned Featured badges, and re­mained live for months while har­vest­ing some of the most per­sonal data users gen­er­ate on­line. The mar­ket­places de­signed to pro­tect users in­stead gave these ex­ten­sions their stamp of ap­proval.

If you have any of these ex­ten­sions in­stalled, unin­stall them now. Assume any AI con­ver­sa­tions you’ve had since July 2025 have been cap­tured and shared with third par­ties.

This writeup was au­thored by the re­search team at Koi.

We built Koi to de­tect ex­actly these kinds of threats - ex­ten­sions that slip past mar­ket­place re­views and qui­etly ex­fil­trate sen­si­tive data. Our risk en­gine, Wings, con­tin­u­ously mon­i­tors browser ex­ten­sions to catch threats be­fore they reach your team.

Book a demo to see how be­hav­ioral analy­sis catches what sta­tic re­view misses.

Last month, the Atlanta Fed came out with a re­port show­ing a clear re­la­tion­ship be­tween con­sol­i­da­tion in gro­cery stores and the rate of food in­fla­tion. Unsurprisingly, where mo­nop­o­lies pre­vail, food in­fla­tion is 0.46 per­cent­age points higher than where there is more com­pe­ti­tion. The study showed that from 2006-2020, the cu­mu­la­tive dif­fer­ence amounted to a 9% hike in food prices, and pre­sum­ably since 2020, that num­ber has gone much higher.

Affordability, in other words, is a mar­ket power prob­lem.

And yes­ter­day, we got specifics on just how mar­ket power in gro­cery stores works. The rea­son is be­cause a non­profit just forced the gov­ern­ment to un­seal a com­plaint lodged by Lina Khan’s FTC against Pepsi for col­lud­ing with Walmart to raise food prices across the econ­omy. A Trump of­fi­cial tasked with deal­ing with af­ford­abil­ity tried to hide this com­plaint, and failed. And now there’s a po­lit­i­cal and le­gal storm as a re­sult.

Everyone knows the play­ers in­volved. Pepsi is a mon­ster in terms of size, a $90 bil­lion soft drink and con­sumer pack­aged goods com­pany with mul­ti­ple iconic bev­er­age and food brands each worth over $1 bil­lion, in­clud­ing Pepsi-Cola, Frito Lay, Mountain Dew, Starbucks (under li­cense), Gatorade, and Aquafina. Walmart is a key part­ner, with be­tween 20-25% of the gro­cery mar­ket.

Pepsi was also a key player in the post-Covid ‘greedflation’ episode. “I ac­tu­ally think we’re ca­pa­ble of tak­ing what­ever pric­ing we need,” said CFO Hugh Johnston in 2022. And the com­pany did just that, rais­ing prices by dou­ble digit per­cent­ages for seven straight quar­ters in 2022-2023.

The al­le­ga­tion is price dis­crim­i­na­tion, which is a vi­o­la­tion of the Robinson-Patman Act, a law passed in 1936 to pre­vent big man­u­fac­tur­ers and chain stores from ac­quir­ing too much mar­ket power. The specifics in the com­plaint are that Pepsi keeps whole­sale prices on its prod­ucts high for every out­let but Walmart, and Walmart in re­turn of­fers promi­nent place­ment in stores for Pepsi prod­ucts. This ap­proach in­ter­nally is called a “price gap” strat­egy. It’s a part­ner­ship be­tween two gi­ants to ex­clude ri­vals by en­sur­ing that Walmart has an ad­van­tage over smaller ri­vals in terms of what it charges con­sumers, and so that Pepsi main­tains its dom­i­nance on store shelves.

This part­ner­ship comes in a num­ber of forms. Pepsi of­fers al­lowances for Walmart, such as “Rollback” pric­ing, where spe­cially priced soft drinks go into bins in highly vis­i­ble parts of the store. The soft drink com­pany gives Walmart “Save Even More” deals, on­line coupons and ad­ver­tise­ments, and other mer­chan­diz­ing op­por­tu­ni­ties. Other out­lets don’t get these same al­lowances, mean­ing they are charged higher prices.

While Pepsi is a “must-have” prod­uct for gro­cery stores, Walmart is also mas­sively pow­er­ful. In its in­vest­ment doc­u­ments, Pepsi notes that Walmart is its largest cus­tomer, the the loss of which “would have a ma­te­r­ial ad­verse ef­fect” on its busi­ness. Walmart is so dom­i­nant that the in­ter­nal com­mu­ni­ca­tion of the two com­pa­nies would show a com­par­i­son of prices at Walmart ver­sus “ROM,” or “rest of mar­ket,” mean­ing gro­cery, mass, club, drug, and dol­lar chan­nels. It’s every­one in the world ver­sus Walmart.

And Pepsi does a lot of al­leged price dis­crim­i­na­tion to main­tain the ap­proval of Walmart. It goes far be­yond spe­cial al­lowances and con­ces­sions to Walmart; Pepsi even po­lices prices at ri­val stores and pre­pares re­ports for Walmart show­ing them their pric­ing ad­van­tages on Pepsi prod­ucts.

When the “price gap” would nar­row too much, Pepsi ex­ec­u­tives pan­icked with fear they might of­fend Walmart. They tracked “leakage,” mean­ing when con­sumers would buy Pepsi prod­ucts out­side of Walmart, which hap­pened most of­ten at stores where prices were more com­pet­i­tive. Pepsi kept logs on stores who would “self-fund” dis­counts, nick­nam­ing them “offenders” of the price gap. It would note that where com­pe­ti­tion was fierce, such as in the Richmond-Raleigh-CLT cor­ri­dor, it was harder to main­tain a price gap for Walmart. This re­la­tion­ship went both ways; Walmart ex­ec­u­tives would com­plain to Pepsi if the “price gap” got too thin.

To en­sure that prices would go up at ri­val stores, Pepsi would ad­just al­lowances, such as “adjusting roll­back levers.” It would pun­ish stores that re­fused to co­op­er­ate by rais­ing whole­sale prices. Retailers who were try­ing to dis­count Pepsi prod­ucts to bet­ter com­pete with Walmart would find it in­creas­ingly dif­fi­cult to do so; not only would Pepsi take away their pro­mo­tional al­lowances, but they might find that dis­count­ing six-packs of soda would lead to Pepsi charg­ing them higher whole­sale prices for the soda.

The FTC of­fered the ex­am­ple of Food Lion, a 1000-store chain in 10 states that cut prices on Pepsi prod­ucts on its own to match or beat Walmart prices.

In 2022, Pepsi be­lieved that Food Lion had “heavily in­dexe[d]” its re­tail prices “against re­tails at [Walmart] and Kroger” and “set[] re­tails rel­a­tive to these com­peti­tors.” Pepsi char­ac­ter­ized Food Lion as the “worst of­fender” on the price gap for “beating [Walmart] in price.”As a re­sult of Food Lion threat­en­ing Walmart’s price gap, Pepsi cre­ated a plan to nudge Food Lion’s re­tail prices on Pepsi prod­ucts up­ward by re­duc­ing pro­mo­tional pay­ments and al­lowances to Food Lion and rais­ing other costs for Food Lion. The plan ad­vised that Pepsi “must com­mit to rais­ing rate [on Food Lion] faster than mar­ket by min­i­mum an­nu­ally.”…Nonethe­less, even with these price in­creases, Pepsi lead­er­ship con­tin­ued to push its Food Lion sales team to “begin to CLOSE the gap” be­cause “[w]e ab­solutely have to demon­strate progress [to Walmart] in the im­me­di­ate term.”

This arrange­ment ben­e­fits each side by ex­tract­ing from con­sumers and ri­vals. Walmart gets to have a price ad­van­tage in Pepsi soft drink prod­ucts against ri­val gro­cery stores and con­ve­nience stores, and Pepsi is able to ex­clude com­peti­tor ac­cess to bet­ter shelf space at the most im­por­tant re­tailer. Consumers end up pay­ing more for soda, new com­pa­nies find it harder to get dis­tri­b­u­tion ac­cess for new soft drink prod­ucts to com­pete with Pepsi, and all non-Wal­mart re­tail stores are put at a dis­ad­van­tage to Walmart. ILSR’s Stacy Mitchell laid out the terms of the deal as “Keep us the king of our do­main and we’ll make you the king of yours.”

This dy­namic is why in­de­pen­dent gro­cery stores are dy­ing. “We can be al­most cer­tain that this is the same mo­nop­o­lis­tic deal Walmart has cut with other ma­jor gro­cery sup­pli­ers,” noted Mitchell. “It’s led to less com­pe­ti­tion, fewer lo­cal gro­cery stores, and higher prices.” To the end con­sumer, it cre­ates an op­ti­mal il­lu­sion. Walmart ap­pears to be a low-cost re­tailer, but that’s be­cause it in­duces its sup­pli­ers to push prices up at ri­vals. The net ef­fect is less com­pe­ti­tion at every level. There are more ar­eas with­out gro­cery com­pe­ti­tion, which in­creases food in­fla­tion. And sup­pli­ers like Pepsi gain pric­ing power, such as that they ex­ploited dur­ing the post-Covid mo­ment.

This kind of pre­sump­tively il­le­gal price dis­crim­i­na­tion is­n’t unique to the Pepsi-Walmart re­la­tion­ship. Pepsi is also be­ing sued in a class ac­tion com­plaint for giv­ing bet­ter deals for snack foods to big chains than it does to smaller stores, and Post is be­ing sued by Snoop Dogg for work­ing with Walmart to ex­clude sugar ce­re­als pro­duced by Snoop Dogg from its store shelves. You can find price dis­crim­i­na­tion every­where in the econ­omy, from ship­ping to ad buy­ing to phar­ma­ceu­ti­cal dis­tri­b­u­tion to liquor sales. And the re­sult­ing con­sol­i­da­tion and high prices is also per­va­sive.

So why are we only learn­ing about this sit­u­a­tion now? Well, the orig­i­nal al­le­ga­tion was filed in January, in the last days of the Khan FTC. We knew the gen­eral out­line of the ar­gu­ment, but we did­n’t know specifics, be­cause the com­plaint was highly redacted. Was it a real con­spir­acy? Was it just that Pepsi con­sid­ered Walmart a “superstore” and had dif­fer­ent prices for dif­fer­ent chan­nels? Was there co­er­cion? None of these ques­tions could be an­swered; there were so many blacked out words we could­n’t even say for sure that the large power buyer ref­er­enced in the doc­u­ment was Walmart.

Economists and fancy le­gal thinkers mocked the case end­lessly. The FTC hates dis­counts! Price dis­crim­i­na­tion is good, it ends up low­er­ing prices for con­sumers. The Robinson-Patman Act is stu­pid and pushes up prices. Suppliers al­ways can only charge what “the mar­ket will bear” and if they could charge higher prices they’d al­ready be do­ing it. And they’d never of­fer lower prices to any dis­trib­u­tor; no lower than they had to. Yet these claims re­lied on the com­plaint never see­ing the light of day.

The rea­son for the se­crecy was a choice by FTC Chair Ferguson. Normally, when the gov­ern­ment files an an­titrust case, the com­plaint is redacted to pro­tect con­fi­den­tial busi­ness in­for­ma­tion, as this one against Pepsi was. Then the cor­po­rate de­fen­dant and the gov­ern­ment hag­gle over what is gen­uinely con­fi­den­tial busi­ness in­for­ma­tion. Within a few weeks, com­plaints are un­sealed with a few mi­nor blacked out phrases, and the case goes on.

In this case, how­ever, Trump Federal Trade Commission Chair Andrew Ferguson abruptly dropped the case in February af­ter Pepsi hired well-con­nected lob­by­ists. Small busi­ness groups were an­gry, but what was most in­ter­est­ing was the tim­ing. Ferguson ended it the day be­fore the gov­ern­ment was sup­posed to go be­fore the judge to man­age the un­seal­ing process. And that kept the com­plaint redacted. With the com­plaint kept se­cret, Ferguson, and his col­league Mark Meador, then pub­licly went on the at­tack. Ferguson’s state­ment was a bit­ter and per­sonal in­vec­tive against Khan; he im­plied she was law­less and par­ti­san, that there was “no ev­i­dence” to sup­port key con­tentions, and that he had to “clean up the Biden-Harris FTC’s mess,” which fel­low com­mis­sioner Mark Meador later echoed.

And that was where it was sup­posed to stay, se­cret, with mean-spir­ited name-call­ing and in­vec­tive cam­ou­flag­ing the real se­cret Ferguson was try­ing to con­ceal. That se­cret is some­thing we all know, but this com­plaint helped prove - the cen­ter of the af­ford­abil­ity cri­sis in food is mar­ket power. If that got out, then Ferguson would have to lit­i­gate this case or risk deep em­bar­rass­ment. So the strat­egy was to hand­wave about that mean Lina Khan to lob­by­ists, while keep­ing the ev­i­dence se­cret.

However, the anti-mo­nop­oly move­ment and the court sys­tem ac­tu­ally worked. The Institute for Local Self-Reliance, an anti-mo­nop­oly group filed to make the full com­plaint pub­lic. Judge Jesse Matthew Furman agreed to hear ILSR’s case, with the U. S. Chamber of Commerce and Pepsi bit­terly op­posed. Last week, Furman di­rected the FTC un­seal the com­plaint. So we fi­nally got to see what Ferguson and Meador were try­ing to hide.

The po­lit­i­cal re­ac­tion is just start­ing. Ferguson has pre­tended that he’s tak­ing a lead­ing role in the ‘affordability’ strat­egy of the Trump ad­min­is­tra­tion, it would­n’t sur­prise me if there’s in­ter­nal anger at him among Republicans for flub­bing such an ob­vi­ous way to lower con­sumer prices and then ly­ing about it. The gro­cery in­dus­try, es­pe­cially rural gro­cers vic­tim­ized by this price dis­crim­i­na­tion, leans to the right.

On the Democratic side, al­ready we’re see­ing states in­tro­duc­ing price dis­crim­i­na­tion bills. There’s likely go­ing to be bi­par­ti­san pres­sure on the FTC, which can and should re­open the case. There are al­ready pri­vate Robinson-Patman Act cases, this com­plaint is likely to be picked up and used by plain­tiffs who are ex­cluded by the al­leged scheme re­vealed in it. As a re­sult of the pub­li­ca­tion of this com­plaint, Sabina Matos, the lieu­tenant gov­er­nor of Rhode Island, just said that her state should ban this kind of be­hav­ior.

But there’s also some­thing deeper hap­pen­ing. Earlier this week, More Perfect Union came out with an im­por­tant in­ves­tiga­tive re­port on a com­pany called Instacart, which is help­ing re­tail­ers charge in­di­vid­ual per­son­al­ized prices for goods based on a shop­per’s data pro­file. The story went vi­ral and caused im­mense out­rage be­cause it said some­thing we al­ready know. Pricing is in­creas­ingly un­fair and un­equal, a mech­a­nism to ex­tract in­stead of a means of send­ing in­for­ma­tion sig­nals to the pub­lic and pro­duc­ers to co­or­di­nate le­git­i­mate com­mer­cial ac­tiv­ity. And there’s a his­tor­i­cal anal­ogy to the in­creas­ing pop­u­lar frus­tra­tion.

The idea of the sin­gle price store, where a price is trans­par­ent and is the same for every­one, was cre­ated by de­part­ment store mag­nate John Wanamaker in the post-Civil War era. Before found­ing his de­part­ment store, Wanamaker was the first leader of the YMCA. He also cre­ated a Philadelphia mega-church. His sin­gle price strat­egy was part of an evan­gel­i­cal move­ment to morally pu­rify America, the “Golden rule” ap­plied to busi­ness. The price tag was po­lit­i­cal, an ex­plic­itly de­mo­c­ra­tic at­tempt to treat every­one equally by elim­i­nat­ing the hag­gling and ex­trac­tive ap­proach of mer­chants.

At the same time as Wanamaker op­er­ated his store, the Granger move­ment of farm­ers in the mid­west and later Populists fought their own war on un­fair pric­ing of rail­roads, with the slo­gan “public prices and no se­cret kick­backs.” In the 1899 con­fer­ence on trusts in Chicago, widely con­sid­ered the most im­por­tant in­tel­lec­tual and po­lit­i­cal fo­rum for the later treat­ment of the Sherman Act, there were bit­ter de­bates, but every­one agreed that price dis­crim­i­na­tion by rail­roads were fos­ter­ing con­sol­i­da­tion in a dan­ger­ous and in­ef­fi­cient roll-up of power. These move­ments took place at a mo­ment of great tech­no­log­i­cal change, when Americans were mov­ing to cities and leav­ing the tra­di­tional dry goods store be­hind.

Similarly, there was a big anti-chain store move­ment in the 1920s and 1930s to pro­tect lo­cal pro­duc­ers and re­tail­ers, which ended up re­sult­ing in the Robinson-Patman Act, among other changes to law. That was a re­sult of the Walmart or Amazon of its day, A&P, which would en­gage in price dis­crim­i­na­tion, open­ing out­lets it called “killing stores” just to harm ri­vals. Over the past five years, we’ve seen a sim­i­lar up­surge in anger over prices that drove the grangers, John Wanamaker, and the anti-chain store move­ment. Prices are be­com­ing po­lit­i­cal again.

This re­vival is be­ing dri­ven by two things. First, tech­nol­ogy is en­abling all sorts of new ways to price, which is to say, to or­ga­nize com­mer­cial and po­lit­i­cal power. And we all feel the co­er­cion. Second, we’re be­gin­ning to re­learn our tra­di­tions. Our his­tor­i­cal mem­ory was erased in the 1970s by econ­o­mists, who ar­gued that price dis­crim­i­na­tion is af­fir­ma­tively a good thing. But for­tu­nately, they are los­ing the de­bate.

As a re­sult, to­day we’re see­ing some­thing sim­i­lar to the anti-chain store move­ment of the 1920s and 1930s, with at­tempts to rein­vig­o­rate Robinson-Patman, and write and ap­ply an­titrust laws to al­go­rith­mic pric­ing choices. The Instacart scheme is a new way to ex­tract, the al­leged Walmart-Pepsi scheme is a clas­sic way to ex­tract. But in­creas­ingly, the pub­lic is re­al­iz­ing that pric­ing is po­lit­i­cal. And they don’t want to be cheated any­more.

Thanks for read­ing! Your tips make this newslet­ter what it is, so please send me tips on weird mo­nop­o­lies, sto­ries I’ve missed, or other thoughts. And if you liked this is­sue of BIG, you can sign up here for more is­sues, a newslet­ter on how to re­store fair com­merce, in­no­va­tion, and democ­racy. Consider be­com­ing a pay­ing sub­scriber to sup­port this work, or if you are a pay­ing sub­scriber, giv­ing a gift sub­scrip­tion to a friend, col­league, or fam­ily mem­ber. If you re­ally liked it, read my book, Goliath: The 100-Year War Between Monopoly Power and Democracy.

Hong Kong pro-democ­racy cam­paigner and me­dia ty­coon Jimmy Lai has been found guilty of col­lud­ing with for­eign forces un­der the city’s con­tro­ver­sial na­tional se­cu­rity law (NSL).The 78-year-old UK cit­i­zen, who has been in jail since December 2020, pleaded not guilty. He faces life in prison and is ex­pected to be sen­tenced early next year. Lai used his now-de­funct Apple Daily news­pa­per as part of a wider ef­fort to lobby for­eign gov­ern­ments to im­pose sanc­tions on Hong Kong and China, the court found.Hong Kong chief ex­ec­u­tive John Lee wel­comed the ver­dict, not­ing that Lai’s ac­tions “damaged the coun­try’s in­ter­ests and the wel­fare of Hong Kongers”. Rights groups called it “a cruel ju­di­cial farce”.

They say the NSL, which Beijing de­fends as es­sen­tial for the city’s sta­bil­ity, has been used to crush dis­sent. Delivering the ver­dict on Monday, Judge Esther Toh said there is “no doubt” that Jimmy Lai “harboured ha­tred” for the People’s Republic of China (PRC), cit­ing his “constant in­vi­ta­tion to the US to help bring down the gov­ern­ment of the PRC with the ex­cuse of help­ing the peo­ple of Hong Kong”.When Lai tes­ti­fied in November, he de­nied all the charges against him, say­ing he had “never” used his for­eign con­tacts to in­flu­ence for­eign pol­icy on Hong Kong.

Asked about his meet­ing with then US Vice President Mike Pence, Lai said he did not ask any­thing of him: “I would just re­lay to him what hap­pened in Hong Kong when he asked me.“He was also asked about his meet­ing with then-sec­re­tary of state Mike Pompeo, to which he said he had asked Pompeo, “not to do some­thing but to say some­thing, to voice sup­port for Hong Kong”.Lai, one of the fiercest crit­ics of the Chinese state, was a key fig­ure in the pro-democ­racy protests that en­gulfed Hong Kong in 2019. Beijing re­sponded to the months-long demon­stra­tions, which some­times erupted into vi­o­lent clashes with po­lice, by in­tro­duc­ing the NSL. The law was en­acted with­out con­sult­ing the Hong Kong leg­is­la­ture and gave au­thor­i­ties broad pow­ers to charge and jail peo­ple they deemed a threat to the city’s law and or­der, or the gov­ern­men­t’s sta­bil­ity. Lai was ac­cused of vi­o­lat­ing the NSL for his role in the protests and also through his tabloid Apple Daily, which be­came a stan­dard bearer for the pro-democ­racy move­ment. Monday’s rul­ing also found Lai guilty of pub­lish­ing sedi­tious ma­te­r­ial on Apple Daily un­der a sep­a­rate colo­nial-era law.Lai ap­peared calm as the ver­dict was read out and waved good­bye to his fam­ily as he was es­corted out of the court­room. Lai’s wife Teresa and one of his sons were in court, along with Cardinal Joseph Zen, a long-time friend who bap­tised Lai in 1997.

“Mr Lai’s spirit is okay,” his lawyer Robert Pang said af­ter the ver­dict. “The judge­ment is so long that we’ll need some time to study it first. I don’t have any­thing to add at the mo­ment.” He did not say whether they would ap­peal. Jimmy Lai’s son Sebastien urged the UK gov­ern­ment to “do more” to help free his fa­ther.“It’s time to put ac­tion be­hind words and make my fa­ther’s re­lease a pre­con­di­tion to closer re­la­tion­ships with China,” he told a press con­fer­ence in London. The UK con­demned what it de­scribed as “politically mo­ti­vated per­se­cu­tion” of Lai, say­ing he had been “targeted… for peace­fully ex­er­cis­ing his right to free­dom of ex­pres­sion”.“The UK has re­peat­edly called for the National Security Law to be re­pealed and for an end to the pros­e­cu­tion of all in­di­vid­u­als charged un­der it,” the Foreign, Commonwealth & Development Office said in a state­ment on Monday.“The Chinese gov­ern­ment abused Jimmy Lai with the aim of si­lenc­ing all those who dare to crit­i­cise the CCP [Chinese Communist Party],” said Elaine Pearson, Asia di­rec­tor at Human Rights Watch, fol­low­ing the ver­dict.“In the face of the farce of Jimmy Lai’s case, gov­ern­ments should pres­sure the au­thor­i­ties to with­draw the case and re­lease him im­me­di­ately.” Chinese for­eign min­istry spokesman Guo Jiakun re­sponded to the crit­i­cism “by cer­tain coun­tries”.“China ex­presses strong dis­sat­is­fac­tion and firm op­po­si­tion to the brazen defama­tion and smear­ing of the ju­di­cial sys­tem in Hong Kong,” he told re­porters.West­ern gov­ern­ments, in­clud­ing the UK and US, have for years called for Lai’s re­lease, which Beijing and Hong Kong have re­jected.US President Donald Trump had ear­lier vowed to “do every­thing to save” Lai, while UK PM Keir Starmer had said se­cur­ing his re­lease was a “priority”.

Lai’s trial came to be widely seen as yet an­other test of ju­di­cial in­de­pen­dence for Hong Kong’s courts, which have been ac­cused of toe­ing Beijing’s line since 2019, when it tight­ened its con­trol over the city. Hong Kong au­thor­i­ties in­sist the rule of law is in­tact but crit­ics point to the hun­dreds of pro­test­ers and ac­tivists who have been jailed un­der the NSL - and its nearly 100% con­vic­tion rate as of May this year. Bail is also of­ten de­nied in NSL cases and that was the case with Lai too, de­spite rights groups and Lai’s chil­dren rais­ing con­cerns about his de­te­ri­o­rat­ing health. He has re­port­edly been held in soli­tary con­fine­ment. Sebastien Lai told the BBC ear­lier this year that his fa­ther’s “body is break­ing down” - “Given his age, given his health… he will die in prison.“The Hong Kong gov­ern­ment has also been crit­i­cised for bar­ring for­eign lawyers from work­ing on NSL cases with­out prior per­mis­sion. They said it was a na­tional se­cu­rity risk, al­though for­eign lawyers had op­er­ated in the city’s courts for decades. Subsequently Lai was de­nied his choice of lawyer, who was based in the UK.

Lai now joins dozens of fig­ures of the city’s pro-democ­racy move­ment who have been sen­tenced to prison un­der the NSL. The chief of Hong Kong’s na­tional se­cu­rity po­lice ad­dressed the me­dia af­ter the ver­dict, say­ing Lai had “fabricated news” in pur­suit of “political goals”. On the main­land, state-run Global Times quoted a Hong Kong elec­tion com­mit­tee mem­ber as say­ing that the case sends a “clear mes­sage”: “Any at­tempt to split the coun­try or un­der­mine Hong Kong’s pros­per­ity and sta­bil­ity will be met with se­vere pun­ish­ment un­der the law.”

Lai, who was born in main­land China, fled to Hong Kong when he was 12 years old and got his foot­ing as a busi­ness­man af­ter found­ing the in­ter­na­tional cloth­ing brand Giordano. His jour­ney as a democ­racy ac­tivist be­gan af­ter China bru­tally crushed pro-democ­racy protests in Beijing’s Tiananmen Square in 1989. Lai started writ­ing columns crit­i­cis­ing the mas­sacre and went on to launch a string of pop­u­lar pro-democ­racy pub­li­ca­tions, in­clud­ing Apple Daily and Next.Even now, many Hong Kongers see him as a lead­ing voice for democ­racy - about 80 peo­ple had queued to en­ter the court ahead of the ver­dict on Monday. One of them was Ms Lam who did­n’t want to share her full name. An ap­ple in hand, she said she started queu­ing around 11:00 lo­cal time on Sunday — nearly a full day be­fore the ses­sion — be­cause dozens of peo­ple had come be­fore her. It was a cold night, she said, but she did it be­cause she had wanted to wish Lai good luck. “We all feel frus­trated and pow­er­less. Yet, there must be an end­ing to the whole is­sue and time comes when it comes,” a for­mer Apple Daily jour­nal­ist, who was also in court, told the BBC.“Jimmy al­ways said that he was in­debted to Hong Kong… but I think Hong Kong and most Hong Kongers are so grate­ful to have him up­hold­ing the core val­ues, good faith and in­tegrity for the com­mu­nity at the ex­pense of his well be­ing and per­sonal free­dom.“In his tes­ti­mony, Lai had said that he had “never al­lowed” his news­pa­per’s staff to ad­vo­cate for Hong Kong in­de­pen­dence, which he de­scribed as a “conspiracy” and “too crazy to think about”.“The core val­ues of Apple Daily are ac­tu­ally the core val­ues of the peo­ple of Hong Kong,” he had said. These val­ues, he added, in­clude the “rule of law, free­dom, pur­suit of democ­racy, free­dom of speech, free­dom of re­li­gion, free­dom of as­sem­bly”.

Paul Friday re­mem­bers when his hand started flop­ping in the cold weather — the first sign nerve cells in his brain were dy­ing.

He was even­tu­ally di­ag­nosed with Parkinson’s, a brain dis­ease that gets worse over time. His limbs got stiffer. He strug­gled to walk. He could­n’t keep liv­ing on his fam­ily farm. Shortly af­ter­ward, Friday came to be­lieve that decades of spray­ing a pes­ti­cide called paraquat at his peach or­chard in south­west­ern Michigan may be the cul­prit.

“It ex­plained to me why I have Parkinson’s dis­ease,” said Friday, who is now 83, and makes that claim in a pend­ing law­suit.

With ev­i­dence of its harms stack­ing up, it’s al­ready been banned in dozens of coun­tries all over the world, in­clud­ing the United Kingdom and China, where it’s made. Yet last year, its man­u­fac­turer Syngenta, a sub­sidiary of a com­pany owned by the Chinese gov­ern­ment, con­tin­ued sell­ing paraquat in the United States and other na­tions that haven’t banned it.

Health sta­tis­tics are lim­ited. Critics point to re­search link­ing paraquat ex­po­sure to Parkinson’s, while the man­u­fac­turer pushes back, say­ing none of it is peer-re­viewed. But the law­suits are mount­ing across the United States, as farm­ers con­front Parkinson’s af­ter a life­time of use, and much of the globe is turn­ing away from paraquat.

It has many crit­ics wrestling with the ques­tion: What will it take to ban paraquat in the United States?

“What we’ve seen over the course of decades is a sys­temic fail­ure to pro­tect farm­work­ers and the agri­cul­tural com­mu­nity from pes­ti­cides,” said Jonathan Kalmuss-Katz, a se­nior at­tor­ney at Earthjustice, an en­vi­ron­men­tal law or­ga­ni­za­tion that ad­vo­cates against paraquat.

It was hard for Ruth Anne Krause to watch her hus­band of 58 years strug­gle to move his hands. He was an avid wood­carver, shav­ing in­tri­cate de­tails into his cre­ations, be­fore it be­came too dif­fi­cult for him to hold the tools.

Jim Krause was di­ag­nosed with Parkinson’s dis­ease in 2019, af­ter he spent decades op­er­at­ing a 20-acre stone fruit farm in cen­tral California. His wife says he of­ten donned a mask and yel­low rub­ber boots to spray paraquat on the fields.

Krause, who had no fam­ily his­tory of neu­ro­log­i­cal dis­ease as is typ­i­cal, died in 2024.

“I want peo­ple to know what hap­pened,” said Ruth Anne Krause, who is wor­ried that paraquat is still be­ing sold to American farm­ers.

Krause is one of thou­sands of peo­ple who have sued Syngenta, a man­u­fac­turer, and Chevron USA, a seller, over paraquat ex­po­sure. They’re al­leg­ing the chem­i­cal com­pa­nies failed to warn of the dan­gers of paraquat de­spite know­ing it could dam­age hu­man nerve cells and stud­ies show­ing it’s linked to Parkinson’s dis­ease.

Chevron, which never man­u­fac­tured paraquat and has­n’t sold it since 1986, has “long main­tained that it should not be li­able in any paraquat lit­i­ga­tion.”

“And de­spite hun­dreds of stud­ies con­ducted over the past 60 years, the sci­en­tific con­sen­sus is that paraquat has not been shown to be a cause of Parkinson’s dis­ease,” the com­pany said in a state­ment.

Syngenta has em­pha­sized there is no ev­i­dence that paraquat causes Parkinson’s dis­ease.

“We have great sym­pa­thy for those suf­fer­ing from the de­bil­i­tat­ing ef­fects of Parkinson’s dis­ease,” a Syngenta spokesper­son said in a state­ment. “However, it is im­por­tant to note that the sci­en­tific ev­i­dence sim­ply does not sup­port a causal link be­tween paraquat and Parkinson’s dis­ease, and that paraquat is safe when used as di­rected.”

More than 6,400 law­suits against Syngenta and Chevron that al­lege a link be­tween paraquat and Parkinson’s are pend­ing in the U. S. District Court of Southern Illinois. Another 1,300 cases have been brought in Pennsylvania, 450 in California and more are scat­tered through­out state courts.

“I do think it’s im­por­tant to be clear that num­ber is prob­a­bly not even close to rep­re­sen­ta­tive of how many peo­ple have been im­pacted by this,” said Christian Simmons, a le­gal ex­pert for Drugwatch.

Syngenta told its share­hold­ers in March that an ad­di­tional 1,600 cases have been vol­un­tar­ily dis­missed or re­solved. In 2021, the com­pany set­tled an un­spec­i­fied num­ber in California and Illinois for $187.5 mil­lion, ac­cord­ing to a com­pany fi­nan­cial re­port. Some oth­ers have been dis­missed for miss­ing court dead­lines. None have gone to trial yet.

Behind these thou­sands of law­suits, a list grow­ing nearly every day, is a per­son suf­fer­ing from Parkinson’s dis­ease.

In Ohio, there’s Dave Jilbert a wine­maker who sprayed the pes­ti­cide on his vine­yard south of Cleveland. He was di­ag­nosed with Parkinson’s in 2020 and now he is su­ing and work­ing to get paraquat banned. Terri McGrath be­lieves years of ex­po­sure to paraquat at her fam­ily farm in rural Southwest Michigan likely con­tributed to her Parkinson’s. Six other fam­ily mem­bers also have the dis­ease. And in south Alabama, Mac Barlow is su­ing af­ter re­ceiv­ing a sim­i­lar di­ag­no­sis fol­low­ing years of re­ly­ing on paraquat.

“For about 40 years off and on, I’ve been us­ing that stuff,” Barlow said. “I’ll be hon­est with you, if I knew it was go­ing to be that bad, I would have tried to fig­ure out some­thing else.”

Since hit­ting the mar­ket in the 1960s, paraquat has been used in farm­ing to quickly “burn” weeds be­fore plant­ing crops. The pes­ti­cide, orig­i­nally de­vel­oped by Syngenta and sold by Chevron, rips tis­sue apart, de­stroy­ing plants on a mol­e­c­u­lar level within hours.

“It’s used be­cause it’s ef­fec­tive at what it does. It’s highly toxic. It’s very good at killing things,” said Geoff Horsfield, pol­icy di­rec­tor at the Environmental Working Group. “And un­for­tu­nately, when a pes­ti­cide like this is so ef­fec­tive that also means there’s usu­ally hu­man health im­pacts as well.”

By the 1970s, it be­came a tool in the war on drugs, sprayed to kill Mexican mar­i­juana plants. In 1998, that his­tory landed it in Hollywood when the Dude in “The Big Lebowski” calls some­one a “human paraquat,” a buz­zkill.

Today, be­tween 11 mil­lion and 17 mil­lion pounds of paraquat are sprayed an­nu­ally to help grow cot­ton, soy­bean and corn fields, among other crops, through­out the coun­try, the U. S. Geological Survey, USGS, re­ports. And de­spite the al­leged known risks, its use is in­creas­ing, ac­cord­ing to the most cur­rent fed­eral data, more than dou­bling from 2012 to 2018.

The USGS says on its web­site new pes­ti­cide use data will be re­leased in 2025. It has­n’t been pub­lished yet.

Because paraquat kills any growth it touches, it’s typ­i­cally used to clear a field be­fore any crops are planted. Low lev­els of paraquat residue can linger on food crops, but the fore­most threat is di­rect ex­po­sure.

Pesticides are among the most com­mon means of sui­cide world­wide, ac­cord­ing to the World Health Organization, and paraquat is fre­quently used be­cause of its lethal­ity. After some na­tions, like South Korea and Sri Lanka, banned it, they saw a sig­nif­i­cant drop in sui­cides, re­search shows.

The U. S. Environmental Protection Agency al­ready re­stricts paraquat, la­bel­ing it as “registered use,” with a skull and cross­bones, mean­ing it can only be used by peo­ple who have a li­cense. Because of its tox­i­c­ity, the fed­eral gov­ern­ment re­quires it to have blue dye, a sharp smell and a vom­it­ing agent, ac­cord­ing to the U.S. Centers for Disease Control, CDC. Sprayers are also told to wear pro­tec­tive gear.

Despite those safety mea­sures, U. S. poi­son cen­ters have got­ten hun­dreds of paraquat-re­lated calls in the past decade, their an­nual re­ports show.

Swallowing is the most likely way to be poi­soned by paraquat, ac­cord­ing to the CDC, but skin ex­po­sure can also be deadly. In fact, if it spills on some­one, health of­fi­cials say they should wash it off im­me­di­ately and quickly cut off their clothes. That way they don’t risk spread­ing more deadly pes­ti­cide on their body as they pull their shirt over their head.

In one 2023 case doc­u­mented by America’s Poison Centers, a 50-year-old man ac­ci­den­tally sipped blue liq­uid from a Gatorade bot­tle that turned out to be paraquat. After try­ing to throw it up, he went to the emer­gency room, strug­gling to breathe, nau­seous and vom­it­ing.

Doctors rushed to treat the man, but he turned blue from a lack of oxy­gen and his or­gans failed. He died within three days.

In an­other poi­son cen­ter re­port, a 65-year-old man spilled paraquat on his clothes and kept work­ing. Ten days later, he went to the emer­gency room with sec­ond-de­gree burns on his stom­ach. Dizzy and nau­seous, he was ad­mit­ted for two days be­fore go­ing home.

A week later, he went back to the ICU as his kid­ney, lungs and heart stopped work­ing. He died 34 days af­ter the spill.

These an­nual poi­son cen­ter case sum­maries pro­vide in­sight into paraquat’s tox­i­c­ity, but it’s un­clear ex­actly how many peo­ple in the U. S. have been in­jured or killed by the weed killer, be­cause there’s only a patch­work of data cre­at­ing an un­even and in­com­plete pic­ture.

The lat­est an­nual National Poison Data System re­port logged 114 re­ports and one death caused by paraquat in 2023. Over a decade, from 2014 to 2023, this sys­tem doc­u­mented 1,151 paraquat calls. And a sep­a­rate data­base shows the EPA has in­ves­ti­gated 82 hu­man ex­po­sure cases since 2014.

Even sec­ondary ex­po­sure can be dan­ger­ous. One case pub­lished in the Rhode Island Medical Journal de­scribed an in­stance where a 50-year-old man ac­ci­den­tally in­gested paraquat, and the nurse treat­ing him was burned by his urine that splashed onto her fore­arms. Within a day, her skin blis­tered and sloughed off.

And a for­mer Michigan State hor­ti­cul­ture stu­dent is su­ing the uni­ver­sity for $100 mil­lion, claim­ing that she de­vel­oped thy­roid can­cer from her ex­po­sure to pes­ti­cides in­clud­ing paraquat, glyphosate and oxy­flu­o­r­fen.

Meanwhile, a much more wide­spread threat looms large in the back­ground: long-term, low-level ex­po­sure.

Parkinson’s dis­ease is the fastest grow­ing neu­ro­log­i­cal dis­or­der in the world, with cases pro­jected to dou­ble by 2050, partly due to an ag­ing pop­u­la­tion, ac­cord­ing to a study pub­lished in The BMJ, a peer-re­viewed med­ical jour­nal. It oc­curs when the brain cells that make dopamine, a chem­i­cal that con­trols move­ment, stop work­ing or die.

The ex­act cause is un­known, likely a mix of ge­netic and, largely, en­vi­ron­men­tal fac­tors.

A Parkinson’s Foundation study found that 87% of those with the dis­ease do not have any ge­netic risk fac­tors. That means, “for the vast ma­jor­ity of Americans, the cause of Parkinson’s dis­ease lies not within us, but out­side of us, in our en­vi­ron­ment,” said neu­rol­o­gist and re­searcher Ray Dorsey.

That’s why Dorsey, who lit­er­ally wrote the book on Parkinson’s, calls the dis­ease “largely pre­ventable.”

There’s a long list of en­vi­ron­men­tal fac­tors linked to Parkinson’s, but pes­ti­cides are one of the biggest threats, ac­cord­ing to Dorsey.

“If we clean up our en­vi­ron­ment, we get rid of Parkinson’s dis­ease,” he said.

An early 1987 case re­port pub­lished in Neurology dis­cusses the case of a 32-year-old cit­rus farmer who started ex­pe­ri­enc­ing tremors, stiff­ness and clum­si­ness af­ter 15 years of spray­ing paraquat. But “a cause-and-ef­fect re­la­tion­ship is dif­fi­cult to es­tab­lish,” a doc­tor wrote at the time.

A decade later, an an­i­mal study from Parkinson’s re­searcher Deborah Cory-Slechta found that paraquat ab­sorbed by mice de­stroys the spe­cific type of dopamine neu­ron that dies in Parkinson’s dis­ease. More re­cently, her re­search has found paraquat that’s in­haled can also by­pass the blood-brain bar­rier, threat­en­ing neu­rons.

“It’s quite clear that it gets into the brain from in­hala­tion mod­els,” Cory-Slechta said.

Critics point to other epi­demi­o­log­i­cal stud­ies be­ing more de­fin­i­tive.

In 2011, re­searchers stud­ied farm­work­ers ex­posed to two pes­ti­cides, rotenone and paraquat, and de­ter­mined those ex­po­sures in­creased the risk of de­vel­op­ing Parkinson’s by 150%. Another study, pub­lished last year, looked at 829 Parkinson’s pa­tients in cen­tral California. It found peo­ple who live or work near farm­land where paraquat is used have a higher risk of de­vel­op­ing the dis­ease.

“It’s kind of like sec­ond­hand smoke,” Dorsey said. “You can just live or work near where it’s sprayed and be at risk.”

This is a grow­ing con­cern in American sub­urbs where new houses press up against well-main­tained golf courses. A study pub­lished in JAMA this year found that liv­ing within a mile of a golf course in­creased the risk of Parkinson’s dis­ease by 126%. It did­n’t name spe­cific chem­i­cals but did point to pes­ti­cides.

The EPA in 2021 banned paraquat from golf courses “to pre­vent se­vere in­jury and/​or death” from in­ges­tion.

Despite all that, it’s dif­fi­cult to prove whether paraquat di­rectly causes Parkinson’s be­cause it de­vel­ops years af­ter ex­po­sure.

“The dis­ease un­folds over decades, and the seeds of Parkinson’s dis­ease are planted early,” Dorsey said.

The le­gal case over paraquat inched to­ward a set­tle­ment ear­lier this year.

Most of the law­suits have been brought in Illinois un­der what’s known as multi-dis­trict lit­i­ga­tion. Unlike a class-ac­tion law­suit, this puts in­di­vid­ual cases in front of one fed­eral judge. A few bell­wether cases are then cho­sen to rep­re­sent the masses and stream­line the le­gal process.

Syngenta, Chevron and the plain­tiffs agreed to set­tle in April, which would wrap up thou­sands of cases, but an agree­ment is still be­ing ham­mered out, court records show. If de­tails can’t be fi­nal­ized, it will go to trial.

Syngenta has adamantly de­nied the law­suits’ al­le­ga­tions, say­ing it backs paraquat as “safe and ef­fec­tive” when it’s used cor­rectly and em­pha­siz­ing there has been no peer-re­viewed sci­en­tific analy­sis that shows paraquat causes Parkinson’s dis­ease.

“Syngenta be­lieves there is no merit to the claims, but lit­i­ga­tion can be dis­tract­ing and costly,” a spokesper­son said. “Entering in the agree­ment in no way im­plies that paraquat causes Parkinson’s dis­ease or that Syngenta has done any­thing wrong. We stand by the safety of paraquat.”

Chevron has also de­nied the claims say­ing the “scientific con­sen­sus is that paraquat has not been shown to be a cause of Parkinson’s dis­ease.”

A trove of in­ter­nal doc­u­ments re­leased dur­ing lit­i­ga­tion, as re­ported by The Guardian and the New Lede, ap­peared to show that the man­u­fac­tur­ers were aware of ev­i­dence that paraquat could col­lect in the brain.

But the New Lede ac­knowl­edged the doc­u­ments do not show com­pany sci­en­tists be­lieved that paraquat causes Parkinson’s, Syngenta of­fi­cials pointed out.

The trail of bread crumbs started as early as 1958 when a com­pany sci­en­tist wrote about a study of 2.2 dipyridyl, a chem­i­cal in paraquat, say­ing it ap­pears to have mod­er­ate tox­i­c­ity “mainly by af­fect­ing the cen­tral ner­vous sys­tem, and it can be ab­sorbed through the skin,” the in­ter­nal doc­u­ments said.

Imperial Chemical Industries, which later be­came Syngenta, started sell­ing paraquat un­der the brand name Gramoxone in 1962, ac­cord­ing to re­search. Gramoxone con­tains nearly 44% paraquat.

The in­ter­nal doc­u­ments show by 1974, the com­pany up­dated safety pre­cau­tions, rec­om­mend­ing that any­one spray­ing the pes­ti­cide wear a mask, as there were the first re­ports of hu­man poi­son­ing and con­cerns about the ef­fects of paraquat started to grow.

A year later, Ken Fletcher from Imperial Chemical wrote a let­ter to Chevron sci­en­tist Dr. Richard Cavelli, say­ing the chem­i­cal com­pany knew of “sporadic re­ports of CNS (central ner­vous sys­tem) ef­fects in paraquat poi­son­ing” that he be­lieved to be co­in­ci­den­tal.

Within months, Fletcher also in­di­cated “possible chronic ef­fects” of paraquat ex­po­sure, call­ing it “quite a ter­ri­ble prob­lem” that should be stud­ied more, the doc­u­ments say.

“Due pos­si­bly to good pub­lic­ity on our part, very few peo­ple here be­lieve that paraquat causes any sort of prob­lem in the field,” he wrote in the mid 1970s. “Consequently, any al­le­ga­tion of ill­ness due to spray­ing never reaches se­ri­ous pro­por­tions.”

By the 1980s, out­side re­search started to pick at the ques­tion of paraquat and Parkinson’s.

“As more re­searchers dug into it, it’s only been more firmly es­tab­lished,” said Horsfield with the Environmental Working Group.

Syngenta pushes back on this, though, say­ing two re­cent re­ports cast doubt on these claims.

A 2024 sci­en­tific re­port from California pes­ti­cide reg­u­la­tors found re­cent ev­i­dence was “insufficient to demon­strate a di­rect causal as­so­ci­a­tion with ex­po­sure to paraquat and the in­creased risk of de­vel­op­ing Parkinson’s dis­ease.” And a September analy­sis from Douglas Weed, an epi­demi­ol­o­gist and in­de­pen­dent con­sul­tant, reached a sim­i­lar con­clu­sion.

Syngenta also claims on its web­site to be a tar­get of a “mass tort ma­chine” that hov­ers be­hind multi-dis­trict lit­i­ga­tion.

In 1981, Norway be­came the first coun­try to out­law paraquat due to the risk of poi­son­ing. One by one, more coun­tries fol­lowed suit. In 2007, the European Union ap­proved a blan­ket ban for all 27 mem­ber coun­tries, ac­cord­ing to me­dia re­ports.

Yet Syngenta is still al­lowed to man­u­fac­ture paraquat in coun­tries that have banned its use. It’s been pro­hib­ited in the United Kingdom for 18 years and China banned paraquat to “safeguard peo­ple’s life, safety and health,” in 2012, ac­cord­ing to a gov­ern­ment an­nounce­ment.

Yet about two-thirds of the paraquat im­ported to the U. S. be­tween 2022 and 2024 came from com­pa­nies owned by the Chinese gov­ern­ment, SinoChem and Red Sun Group, ac­cord­ing to a joint re­port pub­lished by three ad­vo­cacy or­ga­ni­za­tions in October.

It found most of the 40 mil­lion and 156 mil­lion pounds im­ported an­nu­ally over the past eight years comes from Chinese man­u­fac­tur­ing fa­cil­i­ties, in ei­ther China or Syngenta’s big fac­tory in north­ern England.

Although hun­dreds of com­pa­nies sell paraquat, Syngenta says it ac­counts for a quar­ter of global sales.

According to pre­vi­ous me­dia re­ports, SinoChem, a Chinese state-owned con­glom­er­ate, ac­quired Syngenta in a 2020 merger. SinoChem posted $3.4 bil­lion in prof­its last year, but it’s un­clear how much came from paraquat sales be­cause the com­pany does­n’t make earn­ings re­ports pub­lic. Syngenta re­ported $803 mil­lion in sales of its “non-selective her­bi­cides,” the class that in­cludes paraquat-con­tain­ing Gramoxone, ac­cord­ing to its 2024 fi­nan­cial re­port.

While Chinese com­pa­nies sup­ply paraquat to American farm­ers, the re­port points out China is also a big pur­chaser of crops, like soy­beans, that are grown with help from the pes­ti­cide.

“In these two ways, China eco­nom­i­cally ben­e­fits from the ap­pli­ca­tion of paraquat in the U. S., where it out­sources many of its as­so­ci­ated health haz­ards,” the re­port said.

Paraquat, now pro­hib­ited in more than 70 coun­tries, ac­cord­ing to the Environmental Working Group, was reau­tho­rized by the EPA in 2021 when it passed a reg­u­larly sched­uled 15-year re­view — a move chal­lenged by crit­ics.

“EPA has the same in­for­ma­tion that those coun­tries have,” said Kalmuss-Katz, the at­tor­ney with EarthJustice. “EPA has just reached a fun­da­men­tally dif­fer­ent, and what we be­lieve is a legally and sci­en­tif­i­cally un­sup­ported po­si­tion, which is: mas­sive amounts of paraquat can con­tinue to be sprayed with­out un­rea­son­able risk.”

The fed­eral agency de­ter­mined paraquat re­mains “an ef­fec­tive, in­ex­pen­sive, ver­sa­tile, and widely used method of weed con­trol,” and any risks to work­ers are “outweighed by the ben­e­fits” of farms us­ing the weed killer.

“It is one of the mostly highly reg­u­lated pes­ti­cides avail­able in the United States,” the agency said in a state­ment.

This de­ci­sion al­lowed it to be used with “new stronger safety mea­sures to re­duce ex­po­sure,” like re­quir­ing buffer zones where pes­ti­cides can’t be sprayed.

For plants like cot­ton, al­falfa, soy­beans and peanuts, the EPA wrote in its de­ci­sion “growers may need to switch to al­ter­na­tive (weed-killers), which could have fi­nan­cial im­pacts.” Unlike other pes­ti­cides, paraquat works well in low tem­per­a­tures and early in the sea­son, ac­cord­ing to the agency.

More than 200,000 pub­lic com­ments have been sub­mit­ted to the EPA’s docket on paraquat over the years. Industry groups, farm­ers, ad­vo­cacy or­ga­ni­za­tions and oth­ers have all chimed in, ar­gu­ing for or against the weed killer.

One sub­mit­ted by a North Dakota farmer, Trey Fischbach, urged the EPA to con­tinue al­low­ing paraquat to fight re­sis­tant weeds like kochia, writ­ing it’s the “last tool in the tool­box.”

The EPA also noted there weren’t many other op­tions. “The chem­i­cal char­ac­ter­is­tics of paraquat are also ben­e­fi­cial as a re­sis­tance man­age­ment tool, where few al­ter­na­tives are avail­able.”

But farm­ers can get trapped on what crit­ics call the “pesticide tread­mill,” in which broad pes­ti­cide use leads to “superweeds” that re­quire stronger and stronger pes­ti­cides to be knocked down.

A com­ment sub­mit­ted by Kay O’Laughlin, from Massachusetts, urged in­stead: “Do your job and ban paraquat be­cause it is killing peo­ple. I speak as some­one who lost a brother to Parkinson’s. People should not be dis­pos­able so that big agro can make ever greater prof­its!”

The EPA’s 2021 de­ci­sion was chal­lenged within two months by en­vi­ron­men­tal and farm­worker groups who sued the EPA. Kalmuss-Katz said the groups chal­lenged the EPA over reap­prov­ing paraquat with­out “truly grap­pling” with the con­nec­tion to Parkinson’s.

“The EPA here failed to ad­e­quately pro­tect farm­work­ers,” he said.

After that, the en­vi­ron­men­tal agency shifted un­der President Joe Biden.

The EPA de­cided to con­sider the is­sues raised in the law­suits and started seek­ing ad­di­tional in­for­ma­tion last year. In early 2025, it asked the courts for more time to as­sess the hu­man health risks of paraquat.

But the EPA was­n’t fo­cused on Parkinson’s, say­ing in its de­ci­sion the “weight of ev­i­dence was in­suf­fi­cient” to link paraquat ex­po­sure to the neu­ro­log­i­cal dis­ease. Rather, the fed­eral ques­tion was over how the weed killer turns into a va­por that could harm peo­ple when in­haled or touched. “Parkinson’s Disease is not an ex­pected health out­come of pes­ti­ci­dal use of paraquat,” the EPA said in its re­view.

Ford is once again shift­ing its elec­tric ve­hi­cle man­u­fac­tur­ing plans, a re­sponse to a year that’s been tough for the pow­er­train tech­nol­ogy that’s still mak­ing waves over­seas but has seen do­mes­tic gov­ern­ment sup­port cut and cus­tomer en­thu­si­asm weaken.

Instead of plan­ning to make enough elec­tric ve­hi­cles to ac­count for 40 per­cent of global sales by 2030—as it pledged just four years ago—Ford says it will fo­cus on a broader range of hy­brids, ex­tended-range electrics, and bat­tery-elec­tric mod­els, which ex­ec­u­tives now say will ac­count for 50 per­cent of sales by the end of the decade. The au­tomaker will make hy­brid ver­sions of al­most every ve­hi­cle in its lineup, the com­pany says.

The com­pany will no longer make a large all-elec­tric truck, Ford ex­ec­u­tives told re­porters Monday, and will re­pur­pose an elec­tric ve­hi­cle plant in Tennessee to build gas-pow­ered cars. The next gen­er­a­tion of Ford’s all-elec­tric F-150 Lighting will in­stead be an ex­tended-range elec­tric ve­hi­cle, or EREV, a plug-in hy­brid that uses an elec­tric mo­tor to power its wheels while a smaller gaso­line en­gine recharges the bat­tery. Ford says the tech, which au­tomak­ers have touted in re­cent years as a mid­dle-ground be­tween bat­tery-elec­tric ve­hi­cles and gas-pow­ered ones, will give its truck ex­tended tow­ing ca­pac­ity and a range of over 700 miles.

Ford still plans to pro­duce a mid­size elec­tric pickup truck with a tar­get start­ing price of about $30,000, to be avail­able in 2027. That will be the first of the “affordable” elec­tric ve­hi­cle mod­els it’s cur­rently de­sign­ing at a skunkworks stu­dio in California, which are slated to use a “universal” plat­form ar­chi­tec­ture that will make the ve­hi­cles cheaper to pro­duce.

The new plans leave Ford with a bunch of ex­cess bat­tery-mak­ing ca­pac­ity, which the com­pany says it will use by open­ing a whole new busi­ness: a bat­tery en­ergy-stor­age side­line. This new busi­ness will pro­duce lower-cost and longer-liv­ing lithium iron phos­phate, or LFP, bat­ter­ies for cus­tomers in the pub­lic util­ity or data cen­ter in­dus­tries.

“Ford is fol­low­ing the cus­tomer,” says Andrew Frick, the pres­i­dent of Ford Blue and Ford Model e, the au­tomak­er’s gas- and bat­tery-pow­ered ve­hi­cle busi­nesses. US cus­tomer adop­tion of elec­tric ve­hi­cles is not where the in­dus­try ex­pected at decade’s start, he says. (Battery-electric ve­hi­cles cur­rently make up about 7.5 per­cent of US new car sales.) Frick also cited changes in the reg­u­la­tory en­vi­ron­ment, in­clud­ing the Trump ad­min­is­tra­tion’s roll­back of com­mer­cial and con­sumer tax in­cen­tives for elec­tric ve­hi­cles.

The com­pany has also can­celed an all-elec­tric com­mer­cial van planned for the European mar­ket. Instead, Ford will team up with Renault, in a part­ner­ship an­nounced last week, to de­velop at least two small Ford-branded elec­tric ve­hi­cles for Europe—a move that CEO Jim Farley called part of a “fight for our lives,” as US au­tomak­ers try to com­pete with af­ford­able EVs out of China.

Ford said Monday that it also plans to pro­duce a new gas-pow­ered com­mer­cial van for North America.

Like most peo­ple, you’re prob­a­bly an ab­solute ex­pert at land­ing on the air­craft car­rier in Top Gun for the NES. But if you’re in the silent mi­nor­ity that have not yet mas­tered this skill, you’re in luck: I’ve done a lit­tle re­verse en­gi­neerin­ing and fig­ured out pre­cisely how land­ing works. Hopefully now you can get things re­ally di­aled in dur­ing your next prac­tice ses­sion. Let’s get those wind­mill high-fives warmed up!

tl;dr: Altitude must be in the range 100-299, speed must be in the range 238-337 (both in­clu­sive), and you must be lat­er­ally aimed at the car­rier at the end of the se­quence.

As a re­minder in case you haven’t played Top Gun in the last few decades (weird), the land­ing por­tion of the stage looks like this:

Mercifully, the game sug­gests you aim right in the mid­dle of the ac­cept­able range per the “Alt. 200 / Speed 288” text on your MFD. Altitude and speed are both con­trolled by throt­tle in­put and pitch an­gle. There’s no on-screen head­ing in­di­ca­tor, but the game will tell you if you’re out­side of the ac­cept­able range (“Right ! Right !”). The ranges for speed and head­ing are pretty tight, so fo­cus on those: the range for al­ti­tude is much wider.

After about a minute of fly­ing the game checks your state and plays a lit­tle cutscene show­ing ei­ther a text­book land­ing or an ex­pen­sive fire­ball. Either way, you get a “Mission Accomplished!” and go to the next level (after all, you don’t own that plane, the tax­pay­ers do):

Speed and al­ti­tude are stored as bi­nary coded dec­i­mals, likely to sim­plify the ren­der­ing of on-screen text. For ex­am­ple, the num­ber 1234 is stored as 4660 (ie., hex 0x1234).

The func­tion at $B6EA per­forms the state check and writes the re­sult at $9E. If you’re just here to im­press your friends and don’t want to put in the prac­tice, the game ge­nie code AEPETA will guar­an­tee a land­ing that Maverick and Goose (spoiler: may he rest in peace

) would be proud of.

Here’s my an­no­tated dis­as­sem­bly for those fol­low­ing along at home:

land­ing_skil­l_check:

06:B6EA: LDA $3E  ; Load al­ti­tude High cent

06:B6EC: BEQ $B724  ; Branch if High cent == 0 (altitude < 100)

06:B6EE: CMP #$03

06:B6F0: BCS $B720  ; Branch if High cent >= 3 (altitude >= 300)

06:B6F2: LDA $41

06:B6F4: CMP #$04

06:B6F6: BCS $B720  ; Branch if High cent is >= 04 (speed >= 400)

06:B6F8: CMP #$02

06:B6FA: BCC $B724  ; Branch if High cent is < 02 (speed < 200)

06:B6FC: BEQ $B706  ; Branch if High cent == 02 (speed >= 200 && speed

Now get out there, and snag that third wire.

OK, so this is niche.

One of my wife’s guilty plea­sures is re­al­ity TV, usu­ally ones cen­tred around dat­ing - the more American, the bet­ter. By ex­ten­sion, I ab­sorb some of this noise and I’m happy to ad­mit I can some­times get in­vested.

At one point, she was (let’s face it, we were) watch­ing a show called “Are you the one?” on MTV. I’m go­ing to show you how this game is pretty much free money.

Consider a group of equal num­bers of men & women:

Each con­tes­tant has ex­actly one per­fect match of the op­po­site sex that is pre-de­ter­mined for them, as rep­re­sented by the colours. Click the “Match” but­ton to pair up the con­tes­tants cor­rectly. Crucially, they don’t ini­tially know who their per­fect match is. If the group can cor­rectly guess all the per­fect matches, they win a cash prize of $1M.

You prob­a­bly have the fol­low up ques­tion of how the per­fect matches are cal­cu­lated, which is a great ques­tion. In short: dunno, it’s black-boxed, but let’s just say “science”? How this is cal­cu­lated is­n’t re­ally the point, I could even ar­gue that it does­n’t mat­ter so long as you get your strat­egy right. For what it’s worth, the plot of the TV show men­tions em­ploy­ing “the most ex­ten­sive match-mak­ing process ever seen”.

Let’s get into it. Here are the two ways in which con­tes­tants can learn new pieces of in­for­ma­tion through­out the game: truth booths and match ups.

A truth booth is where a male & fe­male are cho­sen by the con­tes­tants, and it is re­vealed de­fin­i­tively whether they’re a per­fect match or not. So there are two po­ten­tial out­comes:

If you’ve found a way to stream this and want to skip straight to the good stuff, I’d fast-for­ward to the fall­out from these. In S1E6 it took Shanley an en­tire episode to come to terms with Chris T & Paige be­ing a per­fect match, even though in E1 she learned she was no match with him any­way (sigh).

At the end of each episode, all con­tes­tants match up and they are in­formed (via dra­matic light­ing) how many cor­rect matches they’ve got. If they’ve got all matches, the game is over and they win.

Crucially, they don’t know what the cor­rect matches are, just how many they got in to­tal. The only way they can de­fin­i­tively rule out a pair­ing is if they scored zero: the dreaded black­out. Though it might seem like a bad thing, a black­out can in fact be help­ful in the long-term, as it gives you a de­fin­i­tive an­swer for all pairs that were matched up, it’s like get­ting a free truth booth for each pair.

Much like a high school disco, let’s put all the boys on one side and the girls on the other, and re-use the pairs from the match up ex­am­ple above:

Here we have two cor­rect pairs red and pink at po­si­tion 1 and 5 re­spec­tively. The or­ange man at po­si­tion 2 was paired with the pur­ple woman from po­si­tion 6, and so on.

How good is a score of two? Is that any bet­ter than if you were to ran­domly pair peo­ple up? Let’s ex­per­i­ment by do­ing just that: click the ‘shuffle’ but­ton to re-pick:

You’ll no­tice that the av­er­age score comes out at around 1 af­ter a while, which this line chart keeps track of.

Below is a chart cap­tur­ing the fre­quency of each score, you’ll no­tice it even­tu­ally con­verges to a spe­cific shape.

The height of each out­lined bar is the prob­a­bil­ity of scor­ing that num­ber in a ran­dom pair­ing in a game of 6 cou­ples. Interestingly, both these prob­a­bil­i­ties and the av­er­age score stay the same no mat­ter how many cou­ples we use.

Whatever the se­lected # cou­ples, the prob­a­bil­ity stays this same. There’s tonnes of tan­gents we could ex­plore that you might find in­ter­est­ing here, but for our pur­poses we just wanted to put some data be­hind “how good is a score of X”.

I cre­ated a model that com­putes the re­main­ing vi­able match­ings of all cou­ples. By ‘viable’, I mean that there’s still a chance that it’s the per­fect match. Initially, as you can imag­ine, this is a big num­ber. The aim of the game then be­comes get­ting that num­ber down to 1 as quickly as pos­si­ble.

Each time new in­for­ma­tion is learned, we re­cal­cu­late the re­main­ing matches. For ex­am­ple if we have a pos­i­tive truth booth re­sult, the re­main­ing matches are fil­tered out to only those that con­tain these two peo­ple as a pair. Conversely, if the truth booth re­sult was neg­a­tive, then the re­main­ing matches can­not con­tain any where these two are paired. Imagine a huge a game of “Guess Who?” where each im­age is a vi­able match­ing and you flip down the op­tions that be­come in­valid each time you learn new in­for­ma­tion. Match ups also mas­sively help you re­duce this num­ber, how­ever their im­pact is a bit more in­di­rect and it’s very dif­fi­cult for a hu­man brain to fig­ure out the im­pli­ca­tions of the re­sult of one.

Here is a graph of the re­main­ing vi­able matches in Season 1 as the sea­son pro­gresses. It may sur­prise you that in this game of 10 men and 10 women, the ini­tial num­ber of vi­able matches is al­most 4 mil­lion:

Hovering over the dots will tell you what’s re­spon­si­ble for that change in the re­main­ing matches. As you can see, they gain enough in­for­ma­tion to win the game by episode 8, so why does it take them so long to get it right? As men­tioned ear­lier, it’s al­most im­pos­si­ble for hu­mans to keep tabs on all these po­ten­tial match­ings so it’s very likely they just did­n’t know.

That be­ing said, the graph it­self is­n’t par­tic­u­larly use­ful, is it? After a cou­ple of events, the line hugs the x-axis, and it’s hard to see the dif­fer­ence be­tween 1 and 5,773 seen in episodes 8 and 2 re­spec­tively. Let’s try a log base 2 graph:

That’s hope­fully a lot clearer. You can see how they learn in­for­ma­tion as they go, and at which point the model ‘cracks it’ with the match up in episode 8. You can also clearly see that the most valu­able piece of in­for­ma­tion they gained was the match up in episode 2 - with a de­cent early score of 4. This might be in­tu­itive to you, but as we found ear­lier you’ve got a less than 2% chance of scor­ing 4 when ran­domly se­lect­ing.

Let’s plot this again along with a few more sea­sons:

Other than S3 and S7, the con­tests math­e­mat­i­cally learn enough in­for­ma­tion to win the game with time to spare. Could they have got there sooner though? Could they have cho­sen bet­ter truth booths/​match ups to spare us all of the ex­tra episodes of trashy TV? Before I get into this, I need to cover some ba­sics of in­for­ma­tion the­ory.

We’re go­ing to re­visit the “Guess Who?” game now, which you can think of as a sim­pli­fied ver­sion of “Are you the one?”. Stick with me; the idea is that we can use the more straight­for­ward game me­chan­ics to es­tab­lish an in­for­ma­tion the­ory based strat­egy that we can then ap­ply to “Are you the one?”. These two games are sim­i­lar in that:

There is a cor­rect an­swer un­known to the player(s).

The player(s) are able to learn in­for­ma­tion by of­fer­ing up hy­pothe­ses, and get­ting de­fin­i­tive an­swers to them.

Consider an 8x8 grid of po­ten­tial an­swers:

Now I’m a ter­ri­ble artist so I thought I would be able to ar­tic­u­late this more clearly with shapes in­stead. There are 4 shapes (

and

), 2 dif­fer­ent types (opaque or out­lined), and 8 colours - this makes 64 unique com­bi­na­tions. The aim of the game is to guess the cor­rect an­swer be­fore your op­po­nent guesses yours. To give your­self the best chance of win­ning, you need to rule out as many an­swers as you can, as quickly as you can. Should you then em­ploy a strat­egy that splits the po­ten­tial an­swers in half (e.g “is it opaque?“), or some­thing a bit more spe­cific (e.g “is it an or­ange star?“). The lat­ter is high-risk, high-re­ward, whereas the for­mer will al­most al­ways rule out half of the re­main­ing an­swers.

Consider a bit of in­for­ma­tion as re­duc­ing the prob­lem space by half. That is, by rul­ing out half the re­main­ing an­swers. I want to stress that the word bit is a com­mon term in in­for­ma­tion the­ory, as op­posed to some­thing that might sound less ex­act as it’s in­tended in this con­text.

The opaque ques­tion is a sure-fire way of gain­ing 1 bit of in­for­ma­tion. On the other hand, let’s say you find out that the an­swer is a which al­lows you to flip down three quar­ters of the an­swers, that’s the same as halv­ing the prob­lem space twice and there­fore gain­ing two bits of in­for­ma­tion.

In this ex­am­ple the an­swer is :

As you can see, dif­fer­ent an­swers are more use­ful than oth­ers. “Opaque?” rules out half of the re­main­ing an­swers (1 bit), whereas “Blue?” rules out 7/8ths of them (3 bits).

Getting from 64 po­ten­tial an­swers to 1 in­volves halv­ing the prob­lem space 6 times - 64 be­comes 32, then 16, 8, 4, 2 and 1. In other words, if you’re able to gain 6 bits of in­for­ma­tion, you’ll know for sure what the an­swer is. This is sup­ported by the fact that the sum of the in­for­ma­tion gained by ask­ing all three above ques­tions is 6.

Let’s sim­u­late an ac­tual game now, keep­ing tabs on the in­for­ma­tion gained through­out.

Once every­thing but re­mains, you’ll have gained 6 bits of in­for­ma­tion and can be 100% con­fi­dent in the an­swer. Now we know we need to get to 6 bits of in­for­ma­tion as quickly as pos­si­ble, our strat­egy be­comes pick­ing the ques­tion that we ex­pect to give us the most in­for­ma­tion. That is, the sum of the in­for­ma­tion we would gain if that an­swer were true or false, mul­ti­plied by the prob­a­bil­ity of that spe­cific out­come. Let’s work through our three ques­tions to give the ex­pected in­for­ma­tion for each:

This table shows the ex­pected in­for­ma­tion for each of our 3 ques­tions. As you can see, the more “Hail Mary” the ques­tion, the lower ex­pected in­for­ma­tion. “Blue?” comes out at 0.54, which is al­most half the amount of ex­pected in­for­ma­tion as “Opaque?”. Therefore, we can spec­u­late that a de­cent strat­egy for this game would be to ask ques­tions that split the re­main­ing prob­lem space in half. To sup­port this, we can plot a graph for all pos­si­ble prob­a­bil­i­ties be­tween 0 and 1:

This shows that split­ting the prob­lem space in half (where the prob­a­bil­ity is 0.5), gives the high­est ex­pected in­for­ma­tion. This means that ask­ing a very spe­cific ques­tion like “Blue?” is sta­tis­ti­cally the worst thing you can do.

Let’s play one fi­nal game, this time I’ll show you the ques­tions or­dered by most to least ex­pected in­for­ma­tion:

How did you do? You’ll no­tice that pick­ing the ques­tions at the top of the list gets you to the an­swer quicker, whereas the op­po­site is true when pick­ing from the bot­tom. You’ll also no­tice that you’re never pre­sented with a ques­tion that gives you more than 1 ex­pected in­for­ma­tion, which is backed up by the above graph never go­ing higher than 1.

Now we’ve got a strat­egy that works well for “Guess Who?”, we can get back to the proper game.

Simulating “Are you the one?“#

Earlier on, I posed a (until now) rhetor­i­cal ques­tion as to the per­for­mance of the con­tes­tants on the show. In or­der to an­swer this ques­tion, we need two things:

A way to mea­sure per­for­mance: For this, we’ll use the av­er­age bits gained per event. That is, each time there is a match up or truth booth, how many bits of in­for­ma­tion did they gain?

A sen­si­ble bench­mark: How do the con­tes­tants stack up against some­thing that em­ployed a strat­egy of ran­domly se­lect­ing match ups and truth booths?

For this sen­si­ble bench­mark, I sim­u­lated over 100 fake sea­sons of “Are you the one?” to see how much in­for­ma­tion was gained if the match ups and truth booths were se­lected (almost) ar­bi­trar­ily.

The per­for­mance of the ran­dom sim­u­lated mod­els was . Let’s plot all the sim­u­la­tions on a graph, with trend­lines for ran­dom and ac­tual per­for­mance:

So the ac­tual per­for­mance hits the x-axis sooner, mean­ing it’s able to zero-in on the per­fect match ear­lier. That’s re­as­sur­ing, right? Maybe love is real af­ter all. That, or they’re just per­form­ing bet­ter than some­one shoot­ing fish in a bar­rel. Here’s the num­bers be­hind this com­par­i­son:

The suc­cess rate is cal­cu­lated as the num­ber of sea­sons in which they’re able to math­e­mat­i­cally de­ter­mine the per­fect match be­fore the game fin­ishes. As you can see the suc­cess rate for the ran­dom sim­u­la­tion is higher than in real life. The sam­ple of size of only 7 sea­sons of “Are you the one?” un­doubt­edly is too small for this to be a use­ful com­par­i­son.

Now that we know the con­tes­tants make bet­ter de­ci­sions than ran­domly se­lect­ing pair­ings, the re­main­ing ques­tion is ex­actly how much bet­ter. To show this, we’ll em­ploy our in­for­ma­tion the­ory strat­egy that we used for “Guess Who?” to this game.

This sim­u­la­tion works sim­i­larly to the ran­dom sim­u­la­tion, only the mech­a­nism for se­lect­ing pair­ings is dif­fer­ent. That is, the pair­ings that are se­lected for ei­ther a truth booth or a match up are the ones that are sta­tis­ti­cally like­li­est to give the most in­for­ma­tion.

Suppose we have cal­cu­lated the ex­pected in­for­ma­tion gained by po­ten­tial truth booths like be­low:

The model would there­fore pick and as it’s the most likely to give it the most in­for­ma­tion.

Match ups work sim­i­larly, how­ever we know that it’s not a sim­ple true or false ques­tion. Instead, we’ve got to cal­cu­late the in­for­ma­tion we would gain for every score be­tween 0 and 10 (where 10 is the num­ber of cou­ples), for every vi­able match­ing.

I ran this in­for­ma­tion the­ory sim­u­la­tion 41 times (for no other rea­son than I got bored wait­ing), and saw it per­form sig­nif­i­cantly bet­ter than ran­dom sim­u­la­tion or real life data:

Now we can com­pare all three sce­nar­ios:

This means that, all you need is a bit of code and a can-do at­ti­tude to per­form bet­ter than the “vibes” ap­proach of the con­tes­tants in the show. Before you pop the cham­pagne, we still haven’t shown if this is good enough such that we get to the per­fect match be­fore we run out of time (or episodes). In a game of , the prob­lem space is (for brevity, you can take my word for this), which is bits of in­for­ma­tion. This means you would need to gain bits of in­for­ma­tion per event min­i­mum to en­sure that you go into the fi­nal match up know­ing for cer­tain what the per­fect match is.

Wait, is­n’t that a lower num­ber than the ran­dom sim­u­la­tion? Doesn’t that mean that some­one shoot­ing fish in a bar­rel could win this game? I should stress that these are av­er­ages, and in 26% of ran­dom sim­u­la­tions they did­n’t get to there in time.

Hopefully now you agree with me that “Are you the one?” is free money, al­beit with a just about near-per­fect suc­cess rate. I showed that even pick­ing pair­ings at ran­dom will more of­ten than not give you enough in­for­ma­tion to win the game, as well as show­ing how to use clas­sic in­for­ma­tion the­ory prac­tices to get you there with episodes to spare. Maybe this haem­or­rhag­ing of money is what got the show can­celled in the first place, or maybe love is real, what­ever you pre­fer.

This post is my first foray into con­tent like this. I wanted to scratch the itch of an in­ter­est­ing maths prob­lem, with a light-hearted spin that I hope you en­joyed as much as I did mak­ing it. The tech­niques shown in this post are very com­mon in­for­ma­tion the­ory ap­proaches, though I was in­spired to ap­ply them based on this video on wor­dle by 3Blue1Brown. I very rarely watch youtube videos over 10 min­utes long (maybe that’s my loss), but I wholly rec­om­mend this one if you found this in­ter­est­ing.

Other than that, in my re­search I came across a boardgame called Mastermind, which has been around since the 70s. This is a very sim­i­lar premise - think of it as “Guess Who?” on hard mode.

I also pitched this idea to The Pudding, and had a great ex­pe­ri­ence with them nerd­ing out about this sub­ject. Though they did­n’t take my up on my idea, I left with re­ally great and ac­tion­able feed­back, and I’m look­ing for­ward to my next re­jec­tion.

Next steps for me would be to see if I can make a web-based game (don’t hold me to this) on this theme. I’m in­ter­ested in how peo­ple would in­tu­itively make de­ci­sions based on in­for­ma­tion gained so far so the plan would be to see if I can find a way to cap­ture that, and ide­ally make it fun.

Finally, the code for my OR Tools model can also be found here.

Sharp Monocular View Synthesis in Less Than a Second

We pre­sent SHARP, an ap­proach to pho­to­re­al­is­tic view syn­the­sis from a sin­gle im­age. Given a sin­gle pho­to­graph, SHARP re­gresses the pa­ra­me­ters of a 3D Gaussian rep­re­sen­ta­tion of the de­picted scene. This is done in less than a sec­ond on a stan­dard GPU via a sin­gle feed­for­ward pass through a neural net­work. The 3D Gaussian rep­re­sen­ta­tion pro­duced by SHARP can then be ren­dered in real time, yield­ing high-res­o­lu­tion pho­to­re­al­is­tic im­ages for nearby views. The rep­re­sen­ta­tion is met­ric, with ab­solute scale, sup­port­ing met­ric cam­era move­ments. Experimental re­sults demon­strate that SHARP de­liv­ers ro­bust zero-shot gen­er­al­iza­tion across datasets. It sets a new state of the art on mul­ti­ple datasets, re­duc­ing LPIPS by 25–34% and DISTS by 21–43% ver­sus the best prior model, while low­er­ing the syn­the­sis time by three or­ders of mag­ni­tude.

SHARP syn­the­sizes a pho­to­re­al­is­tic 3D rep­re­sen­ta­tion from a sin­gle pho­to­graph in less

than a sec­ond. The syn­the­sized rep­re­sen­ta­tion sup­ports high-res­o­lu­tion ren­der­ing of nearby views,

with sharp de­tails and fine struc­tures, at more than 100 frames per sec­ond on a stan­dard GPU. We

il­lus­trate on pho­tographs from Unsplash.

@inproceedings{Sharp2025:arxiv,

ti­tle = {Sharp Monocular View Synthesis in Less Than a Second},

au­thor = {Lars Mescheder and Wei Dong and Shiwei Li and Xuyang Bai and Marcel Santos and Peiyun Hu and Bruno Lecouat and Mingmin Zhen and Ama"{e}l Delaunoyand Tian Fang and Yanghai Tsin and Stephan R. Richter and Vladlen Koltun},

jour­nal = {arXiv preprint arXiv:2512.10685},

year = {2025},

url = {https://​arxiv.org/​abs/​2512.10685},

D-Bus is a dis­grace to the Linux desk­top

There has been quite a bunch of in­ter­est in this post, I’ve added a FAQ sec­tion at the bot­tom.

I will be adding stuff there if more FAQs pop up. Thanks!

D-Bus was in­tro­duced by GNOME folks about 20 years ago. For soft­ware made only 20 years ago, as op­posed to 40 like X, it’s sur­pris­ingly al­most equally as bad.

As a ser­vice, D-Bus is in­cred­i­bly handy and use­ful, and over­all, I be­lieve the idea should ab­solutely be used by more apps. However, the im­ple­men­ta­tion… oh boy.

Everyone has heard about D-Bus, but what is it, ac­tu­ally?

D-Bus’ idea is pretty sim­ple: let ap­pli­ca­tions, ser­vices and other things ex­pose meth­ods or prop­er­ties in a way that other apps can find them in one place, on the bus.

Let’s say we have a ser­vice that mon­i­tors the weather. Instead of each app know­ing how to talk to each weather ser­vice, or even worse, im­ple­ment­ing one it­self, it can con­nect to the bus, and see if any ser­vice on the sys­tem ex­poses some weather API, then use it to get weather.

Great, right? And yeah, the idea is won­der­ful.

D-Bus is a le­nient, un­or­ga­nized and for­giv­ing bus. Those three add to one of the biggest, fun­da­men­tal, and con­cep­tual blun­ders to any pro­to­col, lan­guage or sys­tem.

The most im­por­tant blun­ders are: Objects on the bus can reg­is­ter what­ever they want. Objects on the bus can call what­ever they want, how­ever they want, when­ever they want. The pro­to­col al­lows and even in a sense in­cen­tivises ven­dor-spe­cific unchecked garbage.

What this means in prac­tice is the de­f­i­n­i­tion of “Garbage in, garbage out”.

Okay, apps need to com­mu­ni­cate, right? Well, in some way right? Where do we find the way?

Uhh… some­where on­line, prob­a­bly. Nobody ac­tu­ally knows be­cause some of them are here, some there, many are un­fin­ished, un­read­able, or con­vo­luted garbage docs, and no client fol­lows them any­ways.

Let’s take a look at some gems. These are ac­tual docs

So is it a draft or widely used? source 1 and source 2

D-Bus stan­dards are a mess. And that’s if we as­sume that im­ple­men­tors on both sides ac­tu­ally fol­low them (they of­ten don’t, as we will learn in a mo­ment…)

Okay, let’s say we have a stan­dard and we un­der­stand it. Great! Now…

no­body gives a shit, lit­er­ally. Even if you read a spec, noth­ing, lit­er­ally noth­ing, guides, en­sures, or helps you stick to it. NOTHING. You send anony­mous calls with what­ever bull­shit you want to throw in.

Let me tell you a story…

Back when I was writ­ing xdg-desk­top-por­tal-hypr­land, I had to use a few dbus pro­to­cols (xdg por­tals run on dbus) to im­ple­ment some of the com­mu­ni­ca­tion. If we go to the por­tal doc­u­men­ta­tion, we can find the pro­to­cols.

Great! So I im­ple­mented it. It worked more-or-less. Then, I im­ple­mented re­store to­kens, which al­low the app to re­store its pre­vi­ously saved share con­fig­u­ra­tion. And here, dbus falls apart.

None of the apps, I re­peat, fuck­ing none fol­lowed the spec. I wrote a spec-com­pli­ant mech­a­nism and noth­ing fuck­ing used it. Why? Simple, they all used a dif­fer­ent spec, which came out of fuck­ing nowhere, I le­git could­n’t find a sin­gle doc with it. What I ended up do­ing was I looked at KDE which al­ready had an impl and mim­ic’d that.

What the ac­tual fuck. “Spec” my ass.

Fun fact: THIS IS STILL THE CASE! The spec ad­ver­tises a “restore_token” string prop on SelectSources and Start, where no app does this and uses “restore_data” in “options”.

Let me just say one word: vari­ants. What in the ac­tual, everlov­ing fuck? Half of D-Bus pro­to­cols have ei­ther this BS, or some “a{sv}” (array of string + vari­ant) passed some­where.

Putting some­thing like this, even al­low­ing that in a core spec should be sub­ject to a per­ma­nent ban from cre­at­ing soft­ware. What this al­lows, and even in­cen­tivises, is for apps to send ran­dom shit over the wire and hope the other side un­der­stands it. (see the ex­am­ple above in part 2, prime dbus) This has been tried many times, most no­tably in X with atoms, and it has time and time again proven to only bring dis­as­ter.

Ever heard of per­mis­sions? Neither have D-Bus de­vel­op­ers. D-Bus is as in­se­cure as it gets. Everybody sees every­thing and calls what­ever. If the app does­n’t have a spe­cific se­cu­rity mech­a­nism, cow­abunga it is. Furthermore, there is no such thing as a “rejection” in a uni­ver­sal sense. Either the pro­to­col in­vents its own “rejection” or just… some­thing hap­pens, god knows what, ac­tu­ally.

This is one of the prime rea­sons flat­pak apps can not see your ses­sion bus.

Ever seen kwal­let or gnome-keyring? Yeah, these things. These are sup­posed to be “secret stor­age” for things like sign­ing keys, pass­words, etc. They can be pro­tected by a pass­word, which means they are se­cure… right?

No. No, they aren’t. These se­crets may be en­crypted on disk, which tech­ni­cally pre­vents them from be­ing stolen if your lap­top is stolen. If you just cringed at that be­cause disk en­cryp­tion has been a thing for 20 years now or so, you’re not alone.

However, the best thing is this: any app on the bus can read all se­crets in the store if the store is un­locked. No, this is not a fuck­ing joke. Once you in­put that pass­word, any app can just read all of them with­out you notic­ing.

This is the real stance of GNOME de­vel­op­ers on the is­sue:

Honestly, I am at a loss of words as to how to de­scribe this with­out be­ing ex­tremely rude.

Security so good mi­crosoft might steal it for their re­call.

Enough is enough

I’ve had enough of D-Bus in my apps. I would greatly ben­e­fit from a ses­sion (and later, sys­tem) bus for my ecosys­tem, but I will not stand the ab­solute shit­fest that D-Bus is.

That is why, I’ve de­cided to take mat­ters into my own hands. I am writ­ing a new bus. From the ground up, with zero copy­ing, in­terop, or other recog­ni­tion of D-Bus. There are so many stu­pid ideas crammed into D-Bus that I do not wish to have any of them poi­son my own.

A lot of peo­ple quote this xkcd comic for each new im­ple­men­ta­tion. However, this is not ex­actly the same.

For ex­am­ple, with way­land, when you switch, you aban­don X. You can­not run an X11 ses­sion to­gether with a way­land one, sim­ply not how it works.

You can, how­ever, run two ses­sion buses. Or three. Or 17. Nothing stops you. That’s why grad­ual mi­gra­tion is ab­solutely pos­si­ble. Sure, these buses can’t talk to each other, but you can also cre­ate a proxy client that can “translate” dbus APIs into new ones.

The first thing I fo­cused on was hyprwire. I needed a wire pro­to­col any­ways for hypr* stuff like hyprlauncher, hyprpa­per, etc.

The wire pro­to­col is in­spired by how Wayland de­cided to han­dle things. Its most im­por­tant strengths are: con­sis­tency: the wire it­self en­forces types and mes­sage ar­gu­ments. No “a{sv}”, no “just send some­thing lol” sim­plic­ity: the wire pro­to­col is fast and sim­ple. Nobody needs com­pli­cated struct types, these just add an­noy­ances. speed: fast hand­shakes and pro­to­col ex­changes, con­nec­tions are es­ta­bil­ished very quickly.

Hyprwire is al­ready used for IPC in hyprpa­per, hyprlauncher and parts of hyprctl, and has been serv­ing us well.

The bus is called hyprtav­ern, as it is not ex­actly what D-Bus is, but it’s more like a tav­ern.

Apps reg­is­ter ob­jects on the bus, which have ex­posed pro­to­cols and key prop­er­ties de­fined by the pro­to­cols. These ob­jects can be dis­cov­ered by other apps con­nect­ing to the bus.

In a sense, hyprtav­ern acts like a tav­ern, where each app is a client, that can ad­ver­tise the lan­guages they speak, but also go up to some­one else and strike up a con­ver­sa­tion if they have a lan­guage in com­mon.

Some over­all im­prove­ments over D-Bus, in no par­tic­u­lar or­der: Permissions: baked in, in-spec per­mis­sions. Suitable for ex­pos­ing to sand­boxed apps by de­fault. Strict pro­to­cols: don’t know the lan­guage? Don’t poi­son the wire. Worth not­ing this does not stop you from mak­ing your own ex­ten­sions, it just en­forces you stay in-spec. Simplified API: D-Bus has a lot of stu­pid ideas (shoutout broad­cast) that we in­ten­tion­ally do not in­herit. Way bet­ter de­faults: The core spec also in­cludes a few things that are op­tional (and dumb) in D-Bus like an ac­tu­ally se­cure kv store.

With re­la­tion to the Secrets API dis­cussed a bit above, I wanted to men­tion kv.

hyprtav­ern-kv is the de­fault im­ple­men­ta­tion of the core pro­to­col for a kv store. A kv store is a “key-value” store, which means apps reg­is­ter val­ues for “keys”, e.g. “user_secret_key = pass­word”.

This is es­sen­tially what D-Bus Secrets API does, but in­stead of be­ing a se­cu­rity joke, it’s ac­tu­ally se­cure by-de­sign.

Any app can reg­is­ter se­crets, which only it can read back. Secrets can­not be enu­mer­ated. This means that when “/usr/bin/firefox” sets a “passwords:superwebsite.com = ani­me­booba”, an app called “~/Downloads/totally_legit.sh” can not see the value, or the key, or that fire­fox even set any­thing.

This also (will) work with Flatpak, Snap and AppImage ap­pli­ca­tions by ad­di­tion­ally us­ing their Flatpak ID, Snap ID or AppImage path re­spec­tively. This is not im­ple­mented, but planned.

This kv store is al­ways en­crypted, but a de­fault pass­word can be used which means it will be un­locked by de­fault and the store file can be triv­ially de­crypted. The dif­fer­ence is that if you set a pass­word here, it will ac­tu­ally be se­cure, even if an app with ac­cess to the bus tries to steal all of the se­crets.

Additionally, this pro­to­col is core. It must be im­ple­mented by the bus, which means all apps can ben­e­fit from a se­cure se­cret stor­age.

No, ab­solutely not. I started work on it just re­cently, and I still need to cook a bit. It’s com­ing though, re­ally!

I hope to get it widely used within hypr* by 0.54 of hypr­land (that is the re­lease af­ter the up­com­ing 0.53).

No, def­i­nitely not at the be­gin­ning. But, it’s an eas­ier tran­si­tion than X11 -> Wayland, and I did­n’t ex­pect Hyprland to be widely adopted ei­ther, but here we are.

Time will tell. All I can say is that it is just bet­ter than D-Bus.

An im­por­tant part of adop­tion will prob­a­bly be bind­ings to other lan­guages. The li­braries are all in C++, but since they aren’t very big (by de­sign), mak­ing Rust / Go / Python bind­ings should­n’t be hard for some­one ex­pe­ri­enced with those lan­guages.

The wire for­mat is also sim­ple and open, so you could also write a Memory-Safe™ lib­hyprwire in Rust for ex­am­ple.

D-Bus has been an an­noy­ance of mine for years now, but I fi­nally have the ecosys­tem and re­sources to write some­thing to re­place it.

Let’s hope we can make the user­space a bit nicer to work with :)

This post is quickly gath­er­ing at­ten­tion so I will an­swer some FAQs:

The wheel is fun­da­men­tally bro­ken. D-Bus is un­fix­able due to its core prin­ci­ples be­ing ter­ri­ble.

As I’ve said, hyprtav­ern is a heavy WIP. Once it is ready for app de­vel­op­ers, which I hope to be done with within a month, I will write ex­ten­sive docs about both the wire pro­to­col (so that you can im­ple­ment it your­self if you don’t like lib­hyprwire) and the tav­ern it­self.

Why not use way­land?

I’ve im­ple­mented a few im­prove­ments to hyprwire for bus us­age (e.g. ar­ray types), and ad­di­tion­ally way­land is not meant to be a generic IPC pro­to­col. Connecting is re­stricted to sock­ets and WAYLAND_DISPLAY, for ex­am­ple. One could fork it, but at this point, it’s bet­ter to write your own impl.

Yes. You can write a for ex­am­ple hyprtav­ern-dbus-no­ti­fi­ca­tion-proxy which sets up a dbus no­ti­fi­ca­tion ser­vice and ex­poses the events as an ap­pro­pri­ate tav­ern pro­to­col. Worth not­ing of course such a pro­to­col does­n’t ex­ist yet as I am work­ing on the core spec atm. There will be though.

Why C++ and not mem­ory safe rust?

Because I am a C++ dev. You are free to reim­ple­ment the bus / wire in Rust. You are also free to write bind­ings. BSD-3.

Hyprland (and re­lated) his­tor­i­cally have had less and less mem­ory is­sues over time thanks to our shift to hypru­tils and very com­mon (almost re­li­gious) re­f­count­ing prac­tices. However, noth­ing’s stop­ping you from rewrit­ing things in Rust.

The por­tal docs are ac­tu­ally cor­rect, you just were read­ing the wrong ones

Yes, a per­son on hack­ernews named mahkoh pointed this out (thanks!). This does­n’t change the fact that: the docs are poorly sep­a­rated, such that I could not eas­ily find that in­for­ma­tion. the names for things for app -> por­tal and por­tal -> por­tal impl are dif­fer­ent (wtf, what are you guys smok­ing?) the web­site he links did­n’t ex­ist (IIRC at all, or at least in its cur­rent state, IIRC it was a mostly blank page) back when I was im­pl’ing it. most im­por­tantly: DBus al­lows you to do what­ever while a real pro­to­col would en­force the types out­right and for­bid in­valid us­age.

Fragmentation, gnome and kde have dif­fer­ent needs

Hasn’t stopped them from both us­ing D-Bus to this day. Apparently you can have one bus for both.

What about sym­links in paths?

Just re­solve them. For ch­rooted apps, both Linux and BSD pro­vide a way to get root from pid. I’ve been told it will break on Nix, but I will let the Nix folks fig­ure this one out as I don’t use it.

Where can we fol­low de­vel­op­ment or see the pro­to­col?

Hyprwire’s wire for­mat is not yet doc­u­mented, but it’s quite sim­ple. Docs will be writ­ten by me once tav­ern’s ready.

For the core tav­ern pro­to­col spec WIP, please see here. Please note it’s of course a WIP so break­ing changes do hap­pen as I try to ac­co­mo­date more use­cases. Feedback is wel­come though, feel free to leave feed­back if you’re an app or DE de­vel­oper with a spe­cific use­case in mind.

Look, I re­al­ize in the cur­rent UNIX space it’s im­pos­si­ble to 100% ver­ify reg­u­lar sys­tem apps, but there are two im­prove­ments here.

Firstly, we raise the bar­rier to steal se­crets sig­nif­i­cantly. An at­tacker now needs to know what app they are in­side, what se­crets that app may store (apps them­selves can’t enu­mer­ate ei­ther). Additionally, it needs to do more than just a sin­gle query, which be­comes more de­tectable. It’s al­ways bet­ter to at least know you’ve been hacked.

Two, this is a re­quire­ment for sand­boxed apps to be able to in­ter­act with the tav­ern. The en­tire idea of the se­cu­rity model is so that flat­pak apps don’t need to be re­stricted from us­ing the ses­sion bus any­more and we don’t need a proxy (like xdp).