Tech News Weekly 323 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
0:00:00 - Mikah Sargent
Coming up on Tech News Weekly. I, Mikah Sargent, am joined by Amanda Silberling of Tech Crunch, and we've got some great stories of the week. Amanda's story is all about Bluesky, the social media network going public. Yes, it's available to everyone. We talk about the current state of the various social media networks, how some of them are competing, how they're not, and everything in between.
Then I talk about how turns out those three million malware-infected toothbrushes that have joined together to form a botnet and take down a huge company. It's all untrue, so we discuss how you can make sure you don't get tricked by poor reporting. Then we head into the interview portion of the show where Joseph Cox joins us from 404 Media to talk about this site that will generate fake IDs that are incredibly convincing and can be used for online verification purposes. We round things out with I call it a sober review from Brian X Chen of the New York Times, who tells us about his experience with the Apple Vision Pro and what he sees as the future of this new platform. All of that coming up on Tech News Weekly. This is Tech News Weekly, episode 323, recorded Thursday, February 8th 2024. A Sober Review of Apple Vision Pro.
0:01:46 - Leo Laporte
Listeners of this program get an ad-free version if they're members of Club Twit. $7 a month gives you ad-free versions of all of our shows, plus membership in the Club Twit Discord, a great clubhouse for Twit listeners. And finally the Twit Plus feed with shows like Stacey's Book Club, the Untitled Linux Show and more. Go to twit.tv/clubtwit, and thanks for your support.
0:02:11 - Mikah Sargent
Hello and welcome to Tech News Weekly, the show where we talk to and about the people making and breaking the tech news. I am your host, Mikah Sargent, and I am joined virtually by my guest co-host, Amanda Silberling of Tech Crunch. Welcome back, Amanda.
0:02:29 - Amanda Silberling
Hello, I am happy to be back in the little box next to your head.
0:02:34 - Mikah Sargent
I'm happy to have you there in the little box next to my head. I'm glad that you had a good first experience so that you decided to come back and join us again. And yeah, it's great to have you here. And, as folks may or may not know, if you're tuning in for the first time, amanda will be here for the first half of the show, where we have both brought stories of the week to the table and, as is the way of things, amanda will kick things off, tell us about your story of the week.
0:03:04 - Amanda Silberling
My story of the week is that Bluesky is now open to the public and you might be wondering oh, are people still on Bluesky? Or what is Bluesky? It is another one of those Twitter alternatives that is cropping up, but I think this one is particularly interesting because they're trying to build another decentralized, federated social network which that might sound a lot like Mastodon and it does but they built their own protocol, the at protocol, which is separate from Mastodon, which runs on Activity Pub, and some people initially were mad about that, like why build a whole new thing? But they said that they wanted to use the at protocol and build that out because they're able to do some more complex things. Also, I think a key difference between Bluesky and Mastodon is that when you sign up for Mastodon, it's very clear like this is a federated, decentralized setup and there's all these tech words that get thrown out. You and Bluesky has taken the approach of making it like we just want you to sign up for this social platform because you're going to have fun on it and then if you want to get into the tech behind it, then cool, that's fine too.
So I just think the kind of the dual or lack there of between Bluesky and Mastodon is really interesting. I say dual or lack thereof because I don't know if they're dueling, but in my head they are.
0:04:48 - Mikah Sargent
Yeah, I mean, there are these. There's this very nerdy kind of background right to these social media services that I think I almost wonder if the people in charge don't necessarily want that to be the main aspect of these social media services, that you don't think about the protocols and all that first. Maybe that's a little different. On Mastodon, because it does seem like there's some sort of tribal nature where we all are very aware of what federated means and what Mastodon stands for as a concept and how you know, don't call it Mastodon the app and don't call it Mastodon the this and that, and maybe that's more the case there. But I do feel like with Bluesky, yeah, they, yes, there's the protocol for the people who are nerdy about that kind of thing and, yes, that's part of what we do.
But for Bluesky it feels like they really are or it really is more attempting to just give people a place to be and to communicate. And you know, it's striking to me when I look at Bluesky how much it compares to X, formerly known as Twitter. It looks physically, visually, a lot like X, formerly known as Twitter, and I don't think that's a, that's an accident. I think that this really is attempting to do what, what T2 did, what some others did, and maybe it's successful. I always end up asking a question that I don't necessarily personally pay attention to or care about, but I know it's a common question that gets asked and that it is something that people are interested in. What's your engagement been like on Bluesky and how does it compare to the other social media networks out there?
0:06:55 - Amanda Silberling
Me personally or the you personally? Yeah, I thought we were like getting it's like statistics and I was like, well, there's a statistics site, because Bluesky is open source, so you can see all of their usership stats, which is very.
0:07:09 - Mikah Sargent
Oh God, let me find the exact URL.
0:07:14 - Amanda Silberling
Okay, it's bskyjazcodev slash stats. All right, it's really useful. But yeah, looking at it now, when they opened to the public on Monday no, tuesday morning they had about 3.2 million users and now they're at 4.4 million. So good for them. And I think it's really cool how you see on that graph, like the last day, look how much higher the unique users are, which that is possibly because right now they are in the hype cycle of we just opened up. There's a lot of people that in the closed beta made accounts and then maybe got bored and then now they're back because it's in the news again and they're like well, how's it going over here? But I personally enjoy using Bluesky. I never really got into Mastodon. I think I found the onboarding process a little tedious, which is probably because I just want to join like the general thing. I wanted to just join like Mastodon social because, I don't know, I didn't want to be in a specific server.
0:08:29 - Mikah Sargent
Yeah, it's choosing right. Yeah, if you, if you pick a server, then you're like making a statement, and when I'm joining a new social media service, I just want to be. I want to give my chance to be a, give myself a chance to be a wallflower, and I think that the best way to do that is, yeah, the Mastodonsocial. I agree with you about it being tedious. I totally understand that.
0:08:50 - Amanda Silberling
Yeah, I originally so. When I made my account on Mastodon, you couldn't join the social one at the time because it was full. So I joined a climate justice one, which, like I care about climate justice, but that's not something that I post about a lot or is like related to my career. I just kind of picked. It was like sure, climate justice, I can get behind that. And then someone made a journalism one, so I switched over. But then the journalism one started getting blocked by a bunch of other servers because they were like we don't want the journalists looking at us. And so I just was like this is, this is a lot, but blue skies so far there's only really the one blue sky social server that you can just join off the bat. They haven't like federated fully yet. So I think they said later this month they're going to make it so that developers can just go on and make their own servers.
And I'm really fascinated by the content moderation issues that arise on federated decentralized platforms, because on one hand, it's not like centralized program or centralized platforms are getting it right. There's a lot of issues all the time, like we all have been on Twitter, right, but yeah. But then let's say, on these decentralized platforms, like if the blue sky social server, for example, they have been pretty lax when it comes to content moderation. Early, early on, when there was like 100,000 users, there was an incident where someone threatened a black user and the moderators were like, well, maybe it was a figure of speech. And then people got very upset about that and that kind of opened up a can of worms about what role should the platform play in deciding. Like was that a threat, which the person who received the message certainly felt it was, which I think should not be discounted? And then like can you truly be decentralized if you have the people working at loose guy who are deciding? Actually, I don't think that was a threatening message when a lot of people perceived it that way.
But then I guess the beauty of it also is that if you want to have a platform with more defined rules of what is okay and not okay to say, you can make your own platform, make your own server and still interact with the other servers, even if you're on some new server that doesn't exist yet.
But then the other issue you've run into is like on mastodon, they had issues with gab, which is like a all right, kind of Nazi sympathetic server that it used to be on cloudflare, I believe, or no, go daddy and then they got kicked off of there and then they remade their server on mastodon and then, like it was literally one of the places used to plan the January 6 attacks. So consequences, but yeah, I mean it's kind of like a On one hand, the way that Jay Graber, the CEO of Bluesky, explained it to me is this is a microcosm of the internet, like on the internet right now. Maybe you think that 4chan is a scary place, you don't have to go there, you don't have to engage with them, or. But like we still run into these issues, like with Cloudflare and Kiwi Farms. It's just really complicated and I think I'm sort of feeling like wait and see to see if that sort of moderation is successful or if it just opens more of a can of worms than centralized platforms already have.
0:12:47 - Mikah Sargent
Yeah, I mean and this is still, as you've said, it's a wait and see kind of thing we it's not only from the aspect of the decentralized nature versus the centralized nature, but also from the sort of cultural implications that pop up, where. I don't know if you've noticed this, but I feel, like on Mastodon in particular, there are a lot of unspoken rules and you have to catch up real quick and understand what the rules are, even though you don't necessarily get to ask what the rules are. And if you don't know the rules, then you can get shamed off of the platform pretty quickly. And it can be things as simple as the way that you engage with other users, whether you are doing, whether you're adding alt text images which frankly everyone should do in every single image, but all sorts of different things that are kind of it feels very you can't sit with us at times and I don't know that that leads to a thriving social media network in the end. But I guess it depends on one's definition of thriving, because the platform is doing fine and there is interconnectivity and interplay between the two and of course we've seen threads sort of looking to play ball and pushing towards being more open so that you can follow your threads, users via masted on all that kind of thing. So yeah, again, it's just for me kind of a wait and see situation where who knows what social media network will win out in the end, or whether there will just be all of these social media networks.
So my last question for you on this topic is what is your posting strategy, assuming that you do regularly use different social media networks, or maybe you don't, and that's what's made it easy for you? Do you post on X formal and on Twitter the same thing that you post on threads, the same thing that you post on Bluesky? Or have you said you know what? I'm sticking with this, this is where I post what I want. How does that work for you?
0:15:16 - Amanda Silberling
Yeah, I haven't really formulated like a clear strategy, but I probably still use Twitter, slash X the most, for better or worse, just because I've been there for so long. I feel like that's where I have built a following, that I get attention. But I would say I post on Bluesky, the second most. I don't post the same things either, like I don't blame people who do, but something about it feels weird to me. So I feel like on Bluesky I'm a bit more like, less guarded, not that like if you looked at my Twitter you'd be like what is she talking about? She's not guarded on Twitter. But like I am very deliberate. There are certain things I will not say on Twitter and maybe I would be more likely to say those things on Bluesky, just like I don't know.
There's a distinction in my head, I think because Bluesky, even though it is public, because it is smaller, it feels safer, even though that's probably not true, because if someone wanted to attack me, they could do it on either platform. But threads I hadn't used threads in months and then I found out that Rick Riordan, the author of the Percy Jackson series, was posting on threads about the Percy Jackson TV show and I was like, oh man, I'm missing all the content. I need to go follow Rick Riordan. So I'm on threads now specifically for Rick Riordan. So that's where I'm at.
0:16:51 - Mikah Sargent
I love that. Yeah, I don't have a strategy either. Really, if it's something that I think is something that's important to me, then I will just post the same thing across the different platforms that I use regularly. I'll be honest in saying that Bluesky I've not posted to in a long time because I just kind of joined it to A claim my name and then also try it out. But I don't really have a strategy and, frankly, all of these different platforms have just made me far less likely to ever open up any of them and regularly post. I think the social media app that I most regularly open these days is Instagram, and that's not even to post or comment either. It's just to look at different posts.
So, yeah, it's all made me very exhausted. All right, yeah, it's again. We're going to watch, we're going to see, we're going to see if Bluesky has a long life ahead of it or not. Any last thoughts on that before we move on.
0:17:57 - Amanda Silberling
I will say one of the features I like that Bluesky is implemented so far that I think is unique is that third party developers can just make their own feeds. So it's not only algorithmic choice in the sense of following versus for you. It's like on my Bluesky I have a pinned feed for people posting solely about the Philadelphia Phillies and then you can do a feed. A popular one right now is like quieter follows, so people that you follow but who don't post that often, and then it's those people's posts. You could do like everyone who's following you, which is kind of interesting, that is interesting.
And then some of them, like the one that Jay Graber, the CEO, keeps bringing up in interviews is Moss. She's mentioned this in like three interviews and good for her, because the Moss is cool, but there's a feed that's just Moss.
0:18:53 - Mikah Sargent
Oh, I thought you meant it was. You know you're going to tell me it means moms on Sky Social. Yeah, exactly. Yeah, I didn't know what it was going to be, but literally it's just about Moss. It's like posts of Moss. Moss is cool, so maybe I'll check that one out. Go Moss. All right, go Moss. Let's take a break and we'll come back with my story of the week.
I want to mention to all of you out there that you should consider joining Club Twit, if you haven't already. Twittv slash. Club twit is where you go to sign up $7 a month, $84 a year. When you join the club, you get every single Twitch show completely ad free. It's just the content. You're, in effect, supporting the show, so we want to give it to you as the show. You'll also get access to the Twit plus bonus feed that has extra content you won't find anywhere else behind the scenes, before the show, after the show, special Club Twit events, like the escape room in a box that we did for the club, and access to the members only discord server, a fun place to go to chat with your fellow Club Twit members and also those of us here at twit. It is always lively and always stuff going on there, and it also grants you access to watching the live recordings of many of our shows, including sort of the setup process and the takedown process afterward. All of that at twittv slash club twit, and when you join you will get some Club Twit exclusive shows. There's the hands on Windows program from Paul Theriot that covers Windows tips and tricks. Hands on Mac from yours truly, the covers Apple tips and tricks. Ios today with Rosemary Orchard and yours truly, that's all about iOS. Tv. It's basically many platforms, save for Mac OS, although we do occasionally talk about Mac OS as well. And home theater geeks from Scott Wilkinson that covers theater or home theater tips and tricks, not theater tips and tricks, that's a different show and start spreading the news, anyway, so you could check all of that out in Club Twit. Twittv slash club twit. Consider signing up, helping support the stuff that we do, making sure we can keep doing what we do here on the network.
All right back from the break and it's time for my story of the week, and this is, frankly, it's me pointing the finger at myself and then taking my other finger perpendicular to my first finger and moving that finger toward the finger that's pointing at me as I say shame, shame, shame, because the other day I saw a story on Tom's hardware and I'm probably going to end up finding out that this is like a horrible gesture to do. If you pointed it yourself or something, who knows, who knows what this means. Maybe I should stop doing it, in case I ever want to run for office All right, I don't, never, not ever. Well, don't take me in my word. Anyway, so the Tom's hardware posted a story about 3 million toothbrushes that were basically combined as a botnet to cause millions of euros and damages.
So the concept here is that there are many, many smart toothbrushes around the world and allegedly, a Swiss company experienced a, an outage caused by the botnet of these connected toothbrushes. Right, it was a DDoS attack, a denial of service attack, and so what happens at a denial of service attack is that you basically get a bunch of computers all working together to go to a website or try to access a service and because there are so many at one time, it overloads the service and it crashes, it fails, it can't keep up with the amount of requests that it's getting, and this is a common attack. It happens a lot, and so we had heard that toothbrushes were being used. Now there was a question the it was actually just yesterday on this week in Google about toothbrushes and how that could be possible at all. And so I want to say, if you don't know some people may not know there are some toothbrushes that have Bluetooth connectivity and these toothbrushes will connect to your smartphone and, via an app, can kind of track your brushing.
There are some that have like a gyroscope built in so they can start to kind of figure out how you're holding the toothbrush and if you use the app that has a camera as well. All of that combines to kind of tell you oh, you know, you're regularly missing your back teeth on the on the top, on the left and right side, and so it gives you some feedback about that. It also tells you if you're pressing too hard, all sorts of stuff to give you some tips on brushing your teeth and doing it properly. But here's the thing these toothbrushes you may have just heard me say connect to the phone via Bluetooth and they are sort of accessed and interacted with via an app. So we have to stop there and think is it possible for a toothbrush that is connected via Bluetooth to an app able to be networked with other toothbrushes.
Ooh, what's the plural of toothbrushes? Is it toothbrush, toothbrie, toothbrie, toothbrie, toothbrie? How can these be networks together to perform a denial of service attack? Well, as cool as this story sounds because I thought it was kind of I mean, it's a terrible thing if this was the case. And, wow, who knew toothbrushes could be this? And I need to worry about the Opssec involving my toothbrush and I need to, you know, change the password on my electric toothbrush. Now I'm going to do front molar, right molar canine. Canine will be my password going forward. Don't tell anyone.
It turns out that this is almost certainly not true. So Bleeping Computer wrote about this and said, and I'm going to quote this the story is dramatic and definitely newsworthy if accurate, and began sweeping through other technology news sites yesterday. However, there is one problem with the story. There is no record that this attack ever happened. Fortinet, who was attributed as the source of the article, has not published any information about this attack and has not responded to repeated requests for comment from Bleeping Computer since the toothbrush botnet story went viral yesterday.
Now, increasingly it's sounding like this was a sort of because there's some sort of some language translation stuff involved here, where that may have played a role in turning what was one thing into another. It's sort of like a game of telephone, except none of you speak the same language, which obviously would make it even harder, and it sounds like it was a proof of concept almost that got in in, you know, getting passed through the line. Then it went from proof of concept to this happened. But even as a proof of concept it doesn't necessarily make sense because of the fact that again, these are Bluetooth toothbrushes, so instead it would be somehow the app on the phone was able to break, jailbreak the phone and then the phone was used as part of a botnet thing. But that is so much more involved. And so here is an update of Bleeping Computer got where Fortinet actually was able to, and it turns out I was correct in my assumption or my theory here.
Quote to clarify the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack and is not based on research from Fortinet or Fortiguard Labs. It appears that, due to translations, the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred. What a weird way to say that. I really like that. It has been stretched to the point where hypothetical and actual scenarios are blurred. So, yeah, it was just an error in translation and your toothbrush is not trying to take down a Swiss company that experienced a bunch of you know, arose and damages.
And overall, amanda, I wanted to highlight this story because even those of us who have been at this for a while and who are, you know, regularly trying to provide truthful information may end up getting duped at times, and it's important to sort of follow things back to the original source, not rely on headlines, and make sure that you know you're doing your own due diligence. Luckily, the, as far as Twitter goes, the only place where the story was shared in its original form was on our show, security Now, which is a show that is specific to cybersecurity, and so I know that there will be dozens of emails between now and next week that will serve as a reckoning for having shared this story. But yeah, I don't know. I kind of wanted to ask you, and I might be putting you on the spot here a little bit, but maybe you could talk a little bit about your online skepticism and how you, how you, you know, kind of regularly reinforce that skepticism to make sure that you are reporting the truth.
0:29:23 - Amanda Silberling
Yeah, I think I try to make sure that if I'm quoting something, that it's like if I'm quoting, how many daily active users does Facebook have? Like I want that data from Facebook, I don't want that data from like NBC quoting Facebook. Not that NBC is bad, they're great but like I would rather go to the source than a second party, because you never know like something could have been misunderstood. I think, as a writer, something that I am learning is that you need to assume that someone reading your story is only going to read the headline, because I had an issue recently where I wrote a headline that was accurate but it was like I see how it could have been interpreted in like a different way. And then some other outlets picked up the story, like based on the headline, and then it kind of started creating this like tiny misinformation thing and it's a hard pill to swallow because it sounds such, it sounds like such bad advice to be like, oh, assume your readers aren't reading you. But like I kind of see where the breakdown and communication happened and I think it is definitely journalists' jobs to be very diligent about that and that was definitely a learning thing for me, that like, even if I get what I'm saying. I need to think very clearly about how other people are going to read something. But also, I think it's one of those things where you're like working so hard to try to get a story up and you're just so deep in that story that you can't step away from it and like notice if something could have a double meaning or if something could be misconstrued, and sometimes when you're blogging on websites, you're the last person and the first person to see the article. So, yeah, that was a learning thing that I think is kind of related to this. But I guess, in the case of the Tom's article, where it seems like they just sort of like re-blogged this Swiss publication, that was like translated badly, I think, or not. They maybe didn't translate it well.
I think in those situations that shows why we always need to be going directly to these companies and saying like, can you confirm or deny that there was a breach? And I think the more that we can get firsthand information by like asking these companies things, the better. But then, of course, the trick there is that sometimes the companies don't want to tell you things and then that's when you have to get some pretty solid sourcing from inside the company and I don't know. I think it's a problem I think about every day. That is challenging and I think the best answer even though it's not necessarily scalable per se is I hope that people read things and if something seems like it sparks their alarm bells, then maybe they try to like Google it a little bit themselves. But ideally, journalists should be not leading the public straight, but sometimes things happen even if we don't think that it's going to happen. Nice.
0:33:05 - Mikah Sargent
I mean, obviously, it's something that we all are striving to be mindful of and pay attention to, and we continue to do that work and these little reminders come in at times and it helps us to make sure that we're properly sharing that news. All right, amanda Silberling, I wanna thank you so much for your time today. Thank you for being here and we'll see you again next month. Yeah, thanks for having me.
0:33:33 - Amanda Silberling
I'll be back in the little box next to your head, ready to go.
0:33:37 - Mikah Sargent
And, of course, you can follow Amanda Silberling on many social media network and over on TechCrunchcom. That's where you can check out Amanda's work. Maybe you could tell us what's the social media network they should follow you on. What's your username there?
0:33:54 - Amanda Silberling
I guess the one in the little bar below is my Twitter. It's at a Silb writes and then on Bluesky I am Amandaomglol, which is a URL that I have. I love it and you can use custom domains, so get a funky URL. I think that's a great purchase. Sometimes my friends just buy weird URLs and it's a great thing. Go do that, omgol, lovely.
0:34:28 - Mikah Sargent
All right, thank you, Amanda. Bye-bye, Thank you Up. Next it is time to talk about, I think, a fascinating and a little bit terrifying story About fake IDs. Joining us to talk about a quick system for generating fake IDs and everything involved is Joseph Cox of 404 Media. Welcome back to the show, Joseph. Hi. Thank you for having me.
0:34:56 - Joseph Cox
Yeah, so thank you for being here, of course, as I always say thank you for writing about this.
0:35:01 - Mikah Sargent
I think it's incredibly important, and we just had a regular contributor on the show who experienced a whole bunch of sort of hacks and scams and multiple tens of thousands of dollars pulled on his credit and business loans taken out in his name, and part of that involved having an ID of him that had his face, but the owner of the company had his face, but the signature was different, and it made me kind of wonder if, at the time, the people who did this did not use this program. So all of that is to say, could you start by telling us about only fake, what it is and how it works?
0:35:51 - Joseph Cox
Yeah, so only fake is a website and I guess a service as well where anybody of any sort of skill level can log on and generate, I mean, hyper realistic photos of fake IDs in minutes, and you don't have to have any skill like either in a technical sense or in making those IDs as well. All you need is the information that you want to have in the ID, $15 worth of Bitcoin and basically the motivation to go and do it. It dramatically lowers the barrier of entry for generating photos of fake IDs. Wow.
0:36:31 - Mikah Sargent
Oh, my goodness, I mean it's kind of incredible that and I mean that in the negative sense, that this is possible it's a little, again terrifying. So it makes me kind of wonder you know who uses a? Obviously, on the face of it, we could say a bad actor, a person who's up to no good, but who specifically would use a tool like this, and what is it typically used for? As I kind of noted, I don't think that this is the situation is someone has just posted in our Discord a fake ID that someone's using to buy alcohol. I imagine this is used elsewhere.
0:37:09 - Joseph Cox
Yeah, I mean, the key thing is that you're not getting a physical ID in your hand, right, and I mean that's part of the appeal, that you don't have to wait for a criminal to send you an ID and maybe that gets intercepted in the mail or whatever. And also, of course, that takes time, right, you don't need that because, as you can see, on the screen right now is just a photo of an ID. As for the people who would use it I mean the cybersecurity researcher who first put me on to it they said that they've seen it being used by criminals of bank fraud setting up credit card accounts and getting access to cryptocurrency accounts as well, and maybe that's creating an account in the first place, or maybe that is regaining access to one that has been locked off, but that's sort of what they've seen it being used for. But even to extrapolate from that, you can imagine all sorts of things, maybe like full-blown identity theft as well.
Maybe you don't want to make an ID with your face, but with different details. Maybe you have, you know, the biographical information of a target. You have a photo of them and you just upload that and you make a driver's license of them and then make an account in their name or something like that. That honestly didn't occur to me at the time. Somebody else pointed that out on Twitter after my article came out, but I think that just goes to show that the possibility is like almost endless with this right, and we're just thinking of these new ideas constantly, these different use cases.
0:38:34 - Mikah Sargent
Yeah, absolutely. That's kind of what shocked me at the end and in reading about what you were able to do with it. Then you start to and I think particularly because I just heard of this story with a contributor who was going through all of this how suddenly it opens up the door for so many ways to kind of really dig in on. If you're focused on a specific person, you know you're generating all of these documents and you're making it possible. You were able to try only fake and I'm curious, you know, if you're using this for automatic ID verification versus maybe with a person, since it's not physical, how successful was it? Did you find that it worked every time, that it only worked some of the time, that most of the identity verification didn't work? How did that stack up?
0:39:28 - Joseph Cox
Yeah. So for the article, I created two IDs. First was a California driver's license and the second was a British passport. Obviously, being English myself, the British passport jumped out especially to me because it just looked completely authentic to me. It's like, obviously I have a passport and this just stood out. So when I made those, I decided well, the IDs look great, but I want to know if they actually work for bypassing identity verification in any sort of form.
There's a cryptocurrency exchange which I've just noticed is in a lot of court Records recently is being used by criminals. That's not to say, of course, you know, even the majority of them are criminals. I don't mean to apply that at all. It's more criminals are using this platform for some reason. So I then create an account, I go through the verification process. It asks me to provide sort of a photo of my ID and obviously, very fun. I only have a photo of my ID, so I have to take a photo of the photo. But it worked immediately and I was like, oh okay, that's quite strange. And then the next step is taking a selfie and I just pointed my device's camera at myself.
That's not what I was testing you know, to be clear so like maybe there's this issue that I want to know, not about the selfie stuff, I want to know about the document stuff. So I stepped through that and then I think it was a Saturday night and I was sat on the sofa doing it and it worked this time and I was kind of blown away and it came up with identity successfully verified or whatever the message was when I've done tests before I created a clone of my voice with AI to break into my own bank account.
That took many tries. This, it was one and done, and after then I feel like I didn't even need to try it again Because I was like, well, that was crazy easy.
0:41:14 - Mikah Sargent
Yeah, wow, wow. I mean there's more than I want to ask you, and you know we'll get into it. I am curious, though, just in reading this story and, frankly, the work that 404Media does can you tell us just how did you come across only fake? This is the first time I was hearing about something like this. I mean, I'm not in the market necessarily for something like this, so I understand that plays a role, but what led you to reporting on it? How did you come across it?
0:41:42 - Joseph Cox
Yeah, yeah, so it started when the cybersecurity researcher I mentioned actually posted about it on LinkedIn. They were just describing it like there's a service going around that some people are using. They didn't provide the URL, I believe I went and I figured that out myself and then, you know, just through trial and error and looking around online, I was able to find it and create an account. What I also did was find the respective Telegram groups. So it's very easy to go on Telegram nowadays, the messaging app, to find all sorts of criminal activity, like the old days when you start to download Tor and like go to the Silk Road or Alphabet or these other underground markets very long, complicated URLs.
That's just not the case anymore. You go on Telegram. You can find stuff instantly. So I did that with only fake and I found their official channel and then two other group chats which are really interesting a Russian language one and English language one, and they are used by people who are presumably users of the service or they're at least interested in it. And you go in there and people are talking about hey, I'm trying to do this, can anybody help out? Hey, I have a driver's license for Minnesota or war or whatever, and they're trading tips and tricks to even go beyond only fake and try to bypass stuff like live video verification, with some mixed results. I haven't seen a slam dunk that people are doing it reliably, but they're sharing videos in those chat rooms of at least I'm trying it, so it can be one tool in the toolkit for these folks.
0:43:19 - Mikah Sargent
and you start here and kind of build on that. That is wow. So of course we know humans have been creating convincing fake IDs for some time. It's a lucrative market in theory. What is the upside to using a tool like only fake? And then how does that compare to the actual human creation of fake IDs?
0:43:45 - Joseph Cox
Yeah, I would guess the main benefit is just the incredible speed From the moment I clicked generate to the moment I had the ID.
It was minutes, if not one minute. The actual most time consuming part was typing in the information I wanted, and if you were a criminal who knew exactly what they were doing, you could do a hell of a lot quicker than I did. So the first one is the speed. I guess there is sort of that anonymity component there as well. Of course, the website's going to see your IP address, you can connect via proxy and then you're paying in Bitcoin as well, which we all know is pretty damn traceable now. But if you handle it properly as a criminal, you'll be able to do that as well. So I'm not trying to advertise the service, I'm just letting out the security benefits and just I mean basically, to put it in a nutshell, it is better in every single way unless you specifically need a physical ID, like unless you need to go into a bank branch and show them. Here's my driver's license or my passport. This is like better in every single way, essentially, wow.
0:44:54 - Mikah Sargent
Wow, and this, I think, is where we can kind of break into the specifics, because, yeah, you talk about how it's not just ID, it's also passport, some of the documents. 404 Media actually spoke to the proclaimed owner of OnlyFake. Tell us a little bit about how the service was created in the first place and what's changed over time, except for the most recent update, which we'll talk about in the next question.
0:45:22 - Joseph Cox
Yes, so the creator, they call themselves John Wick, obviously after Kanye Reeves' action star, and then you go through the telegram and there's all examples of the IDs and they all have the face of John Wick, which is very entertaining. Just on the Russian passport, a British passport, whatever. So in short, well, I'll say two things. We don't know exactly how it works. They say they use neural networks, and that's kind of a broad term, right, and we don't know whether it's neural networks for a certain part or maybe another. There's unknown questions there and you know, we don't know exactly, but we know that it creates exceptional IDs. So I kind of leave that there.
As for how it was developed, they did say that they basically built a corpus of all of these other scans of IDs. So they mentioned that. Oh, when you need to figure out what a serial number on a certain ID looks like, you look at hundreds, if not thousands, of examples of those IDs, and I presume that applies to other parts of the formatting as well. But at one point they were even saying like, hey, I'm looking for IDs, especially on America. If you have like a high-quality scan of an ID, sell it to me, I will buy it off you and presumably that was to go into that corpus of data so they could build like this highly accurate tool. You know, even though we don't know all the specifics neural networks, ai or whatever I mean there's almost clearly some sort of machine learning going on, or, you know, it's either that or he's doing it very, very quickly manually, which I don't think is the case.
0:46:57 - Mikah Sargent
Right, I didn't understand. And lastly, after you reported on the service, the site went dark. What do you think happened there? And that leads me to wondering if it was just security through obscurity up to this point. And so then, once it had been reported on, then it's like oh well, now we can't be where we were before. Tell me what you think happened there.
0:47:24 - Joseph Cox
Yeah. So John Wick, the pseudonymous creator, didn't tell me this, but this is my read from the situation. I mean, I think they basically freaked out. You know, we published this article very, very in depth. They then pushed a statement to Telegram saying you can't use our service for fraud. It's never been used for fraud, despite John Wick telling me that you can specifically use it to bypass verification.
You know, make of that what you will. There's two contradictory statements, right, and then eventually, yes, the website goes dark, there's nothing on there. And now, interestingly, he says he's going to come back. I will be honest, I did kind of expect that. It was sort of the immediate freak out. And now maybe he's going to come back and apparently ask for your phone number if you sign up other identity information. I find it very, very funny that he's basically doing a know your customer process on an underground services designed to bypass know your customer methodologies. But we'll see what happens. But like it almost doesn't matter what the only fake site does now. What is much more important is that whoa, this site existed and showed it was possible. And now who else may do it now and who else may take that idea and start implementing it with, you know, facial, like deep fakes and that sort of thing, where you could generate the face of anybody you want onto an ID. I mean, that would be the next and almost final step in the identity first.
0:48:51 - Mikah Sargent
Absolutely. Yeah, a rather harrowing tale. I remember just yesterday, I think it was a hearing about a situation where a finance worker was on a video call and allegedly, or reportedly, the video call folks were fakes, were deep fakes, and they convinced this finance worker to send money to somewhere else. And so, yeah, this all is just happening so quickly and this is a full proof of concept in the wild of this technology being used in theory, unless, as you said, it's somebody who somehow can move very quickly and make this happen. It's rather frightening and something we, you know, need to be aware of, and so, as always, I'm grateful that you're reporting on this. Of course, folks can head to 404mediacoco to check out your work. Is there anywhere else that they should look for staying up to date with what you're doing?
0:49:49 - Joseph Cox
Thank you for sayingco. We can't afford acom, so I really appreciate that as an independent media outlet, that is the main place you sign up for our newsletter and you'll never miss a story from us. But more broadly, you can just follow me on Twitter, slash ex at Joseph Cox, or I'm Joseph Cox on Fred's Bluesky. Linkedin Mastered On. I mean, you know how it goes now. This is why you just sign up for the email, so you don't have to worry about all the fat stuff.
0:50:13 - Mikah Sargent
Exactly, exactly. Thank you so much for your time. We appreciate it. Thank you, alrighty folks.
Up next we are going to hear what I would call a sober review of the Apple Vision Pro, but I do want to take a quick break to tell you out there, if you are a company, a service who is looking to advertise, or maybe you're a brand ambassador and you are wanting to make sure that your company is getting the advertising they deserve, well, you have an opportunity to partner with us here at Twitter. We are an excellent source for tech news, reviews and info. You need to use technology. Today you just saw that wonderful interview and conversation about something that is incredibly important involving artificial intelligence, cybersecurity, identity theft, everything. Our network features the Gold Standard of podcast advertising. Many long-term partners would agree with that. Also, as someone who watches what the team here the sales and continuity team does, I can definitely say that it is the Gold Standard. It's incredible what all the team is capable of doing. Not only do we offer video and audio formats of our shows, of course, we also have a highly dedicated continuity team I was just talking about to support your every step of the way, to support the process, every step of the way to have the most successful campaign possible.
Our community, the folks who listen to these shows, who watch these shows, are unique and we, the hosts, deliver ads with integrity to a highly educated audience who know they can trust us and the products that we recommend. 88% of our audience are company decision makers in upper management who listen to most, if not all, of our podcasts. So not just the big show, not just security now, but all of the podcasts. So join our roster of trusted partners today and get benefits that are unique to Twitter, including embedded unique host read ads, guaranteed over delivery of downloads, presence on our sponsor page, our show episode pages and the RSS feed episode descriptions, and lots of other benefits that you won't get anywhere else. So if you're ready to elevate your brand, your service, your company and make an impact, reach out to Advertise at Twittertv today and get started. That's Advertise at Twittertv. All right, folks, we are back from the break and that means it is time for the second interview today. Joining us from the New York Times is Brian X Chen. Welcome back to the show, brian.
0:52:49 - Brian X. Chen
Hey, thanks, good to see you.
0:52:50 - Mikah Sargent
Good to see you too, so let's get right into it. My first question for you is how long have you been using the Apple Vision Pro, and I would love to hear about the initial thoughts when you first put it on.
0:53:06 - Brian X. Chen
So I bought it on Friday. It's been almost a week now and, by the way, I already used it last year at WWDC, so I already knew what to expect. But when I put it on for the first time at home, the first thing I thought was this user interface is so easy for me to understand. Like no one needs to remind me how to use this thing. It's very much like an iPhone. Instead of tapping on icons, I'm just looking at them and I'm pinching. That was my first thought was just how easy to use the interface was.
0:53:38 - Mikah Sargent
And then I'm curious how your thoughts have changed the new impressions that you've had since you've been able to use it for an extended period of time over the past week, as the level of the display or the resolution of the display and the wear and all of these things. How has it changed?
0:53:59 - Brian X. Chen
When I first set it up to actually use it for work. That's when it became very clear to me how important it is to use the product outside of Apple's controlled demos. In the demos they have you look at one app at a time somewhere doing iPad. You're looking at dinosaur, or you're looking at a video, one at a time. But when you actually start using it in your everyday workflow, like whatever you do with a computer, you start opening multiple applications and so in this interface you start having these floating windows all around you. People compare it to Minority Report, which is inevitable because it's a very fair comparison. So for me, I had Microsoft Word in the center, I had Slack on the left, I had Notepad on the right when I'm trying to write these articles, and that's when my impressions started to change.
I thought, even as cool as this looks, it is really exhausting to have to keep turning my head like look at my Notepad and then go back to the word processor, or look at Slack and go back to the word processor. You know, versus the old way of on a Mac, I just hit Command Tab and I glance at the other window, which takes way less effort, way less time. You do this repeatedly over and over for the course of hours and you realize, you know, maybe there's something to PCs in Macs, you know, like they've been around for so long because they're so efficient and so good at what they do, so that's what was really starting to evolve. I mean, you know things like the graphics were all they look amazing. I mean it's very clear.
You know high resolution, 4k. You know display quality looks really good. But also, as I had at home versus Apple's demo, like when you looked at the outside camera, you could realize that looks pretty grainy too. You know it doesn't look awesome when the lighting is not super bright in your room and then other things start to happen, like as the room gets darker, it gets worse and worse at eye tracking, it gets worse at recognizing the pinches, and then at night time it just totally stops working, like when you're trying to watch a movie alone in bed and it's totally dark. It just stops tracking your hand and it doesn't really start. It doesn't really work anymore after that. So that was sort of the evolution of my experience with it, like you know, from day to night.
0:56:22 - Mikah Sargent
Yeah, absolutely, and thank you for that. You know level of in-depth understanding there. I am curious. You've kind of touched on some of the things that stood out to you, but what was your favorite app or maybe experience within the system? And then I'd also like to hear what was your least favorite, what really stood out as okay. This is not good.
0:56:45 - Brian X. Chen
By far my favorite app was Disney Plus, because they have a bunch of movies on there that are optimized for the Vision Pro, so you could take, you know, these Marvel movies and you can almost get what you had in the theater. You know, like back in the theater when you went to IMAX to watch the Avengers. You can grab the window and you can drag it outward to expand it and be really big. The sound is really great too. It's very immersive sound and very loud, and if you want to watch privately, you probably need a good pair of AirPods to go with that. It didn't work with my Bose headphones, which really disappointed me, by the way. But then I was watching Amazon Prime TV and I was scrolling through it and I saw this show on there, mr and Mrs Smith, and I realized, oh, this is a show that my wife and I have wanted to watch together and that got me thinking like oh, $3,500 TV, wouldn't it be great if I could watch this with somebody? You know, that's kind of the downside of any headset, of course, but that was my favorite application, lee's favorite.
I wouldn't say there's a specific application, but really anything to do with typing. It really doesn't do anything for me that I have iMessages on my face. I open the Messages app and it's there just like it is on the phone, and it kind of raises the question why wouldn't I just use my phone for iMessage? And then, of course, everybody's complaining about the floating keyboard. You've got the digital keyboard and you're reaching out and you're poking one key at a time and that's got to be the worst typing experience I've seen on an Apple product in a long time.
The last one I could think of was the Apple TV with the remote control and hitting one key at a time, which is also pretty bad, but they improved that a lot with the Apple TV remote app and you're just using your phone to type in your password and that kind of thing, but really anything that had a lot of typing in it. It pushes you back toward a physical keyboard and suddenly you're using a physical keyboard inside the headset and then you're realizing, oh, these are peripherals from the past, so you're pushing me more and more towards the past as you're trying to push me into the future. It's kind of this mixed experience, right? I don't think that's what they mean by mixed reality. So yeah, long story short, anything to do with typing.
0:58:54 - Mikah Sargent
Understood, and I've seen quite a few glowing reviews of the Apple Vision Pro. Mine will not be, yours is also not, and I'm curious what do you think makes some people really love this device? And then, how does their experience and their seeming enjoyment of the device compare to the experience that you have had with it?
0:59:21 - Brian X. Chen
Well, before I get into that, one thing I'll challenge you on is when I remember I mean I didn't read all the reviews, but I read a few and I recall that the Verge called it a dead end for mixed reality, which I think is pretty damning for many of Apple's ambitions. The journal also said it was heavy, the battery life sucks and there's all these issues with it as a first generation product, so also not glowing to me. All pretty mixed, and I would say that I had a pretty mixed review as well. For those who are writing a glowing review and I can't think of the top of my head who did that- that's fair, yeah, to write some clarity, because that is a fair thing.
1:00:03 - Mikah Sargent
I should say, not tech journalists, but basically developers and other folks who don't have it yet Normal people. Okay yeah, mm-hmm no-transcript.
1:00:17 - Brian X. Chen
From what I've seen, like you know, I watch TikTok I see some people react to these things. My first question is have they ever used a headset before? I think the first time you use any sort of virtual reality headset, you kind of have this mind-blowing experience because it's so different from a phone or a computer, anything you've experienced before. And that was my experience too with the first Oculus Rift back in the day, about seven, eight years ago or so. So you know, like I saw some fashion bloggers, for example, saying like all this thing is mind-blowing and even though I say it's impressive, it's not mind-blowing to me, you know.
But I think like as people bring them home and start to use them and they get acclimated to this virtual reality in 3D, they're going to probably have the same experiences a lot of us. Which is like when you start trying to use it for your ordinary workflow, you kind of start to realize you're moving around a lot, it could be nauseating, and then you start sobering up from that. I like that. You call it a sober review, by the way, and you realize like, well, you know there's something here, but nobody really knows where it's going yet. And you know, for all that initial glamour and novelty. When that starts to fade, you start to realize this might not necessarily replace my laptop yet, but I think that's. The main difference is the experience that you've already had with VR versus a brand new experience with the Vision Pro.
1:01:45 - Mikah Sargent
Yeah, I think that's. I can see what that would be the case and I certainly agree. Yeah, depending on what you've experienced before, this might be something that's so blow away that you just get really drawn in. Now the last question I want to ask you a little conceptual here, I guess, but when it was first introduced, the Apple Watch, I can remember it being billed because the most personal device that Apple had ever made, and we saw the heart rate share, the heartbeat sharing and all of the digital touch taps and things that you could send to your, you know, somebody else wearing the Apple Watch. But over time it has shifted to be a device that is focused on its health tracking and health monitoring features.
I'm curious, having been someone who's paid attention to the tech space for a long time do you think the Apple Vision Pro, which is currently being marketed as a spatial computing device, will continue to be described as such? Or, in other words, do you think that the spatial computing features are that most compelling aspect of this and perhaps future iterations of this? Is spatial computing the future?
1:03:00 - Brian X. Chen
I do think you're making a very smart comparison, because with the Apple Watch they kind of came out with this general purpose wearable computer and they were saying it's going to do all these different things and eventually people narrowed it down to like this is how I'm going to use it. I'm going to use it as a fancy fit bit for the most part, and then they kept focusing on that more and more. I mean I still think it's a fine description to call it personal device, because there's nothing more personal than your health. So it still kind of fits that description. I think spatial computing I mean it's a jargon word. I think they're probably going to keep pushing that.
But I think, based on the early impressions that people have had with this device and the reviews coming out, everybody seems to really just want to use it for entertainment. They're probably going to lean into that in the coming years for TV, movie partnerships and so on. I wouldn't be surprised that they keep pushing the spatial computing term but more and more over time call it an entertainment platform, because that seems to be what makes the most sense. I think a lot of people agree that we're probably not going to work in this anytime soon for ordinary tasks like you know, word processing, things like that. So I think we can expect them to market it as more of like the future of the Apple TV versus the future of computing.
1:04:22 - Mikah Sargent
Interesting. Well, we will certainly keep an eye. Oh dear, that was a truly an unintended pun there on all of this. Brian, I want to thank you so much for taking the time to join us today to share your thoughts on the Apple Vision Pro. Of course, folks can head over to nytimescom, the New York Times, to check out your work, but if they want to follow along with you specifically, is there a place they should go to do?
1:04:47 - Brian X. Chen
that Not very active on Twitter these days, but you can, yeah, just follow me on the New York Times.
1:04:53 - Mikah Sargent
That works, that works. Thank you so much.
1:04:56 - Brian X. Chen
Thank you, take care.
1:04:58 - Mikah Sargent
All righty folks. Tech News Weekly publishes every Thursday at twit.tv/tnw. That is where you head to go to subscribe to the show in audio and video formats. You will see buttons you can click or tap to subscribe to the audio and video versions of the show. As I mentioned earlier, if you'd like to get ad-free versions of all of our shows, check out Club TWiT, twit.tv/clubtwit $7 a month, $84 a year.
If you'd like to follow me online, I'm at Mikah Sargent on many social media networks or you can head to chihuahua.coffee. That's c-h-i-h-u-a-h-u-a.coffee where I've got links to the places I'm most active online. Check out my shows that'll publish later today. Since it's ClubTweet Thursday Hands on Mac and iOS Today, which I co-host with Rosemary Orchard. You can check out on Sunday, Ask The Tech Guys, the show that I co-host with Leo Laporte, where we take your questions live on air and do our best to answer them. Importantly, if you're tuning in this Sunday, you'll want to tune in an hour early. That's correct. Yes, it is this Sunday, because this Sunday is the "Superb Owl" and therefore we want to shift things up so that people can watch their football. So, yes, that is what you need to know. And now it's time to say goodbye because the show is over. Goodbye, because the show is over.
1:06:21 - Rod Pyle
Hey, I'm Rod Pyle, editor-in-chief of Ad Astra Magazine, and each week I join with my co-host to bring you, this week in space, the latest and greatest news from the final frontier. We talk to NASA chiefs, space scientists, engineers, educators and artists and sometimes we just shoot the breeze over what's hot and what's not in spacebooks and TV, and we do it all for you, our fellow true believers. Whether you're waiting for your turn to grab a slot in Elon's Mars rocket, join us on This Week in Space and be apart of the greatest adventure of all time.
