The 404 Media Podcast (Premium Feed)
from 404 Media
This Podcast Will Hack You
Episode Notes
/Transcript
YouTube version: https://youtu.be/dugEQHxj71A
Timestamps:
2:00 - Story 1 - Someone Is Trying to ‘Hack’ People Through Apple Podcasts
21:55 - Story 2 - 'Unauthorized' Edit to Ukraine's Frontline Maps Point to Polymarket's War Betting
37:00 - Story 3 - Half of the US Now Requires You to Upload Your ID or Scan Your Face to Watch Porn
Hello, and welcome to the four zero four Media Podcast where we bring you unparalleled access to hidden worlds both online and IRL. Four zero four Media is a journalist founded company and needs your support. To subscribe, go to 404media.co, as well as bonus content every single week. Subscribers also get access to additional episodes where we respond to their best comments. Gain access to that content at 404media.co.
Joseph:I'm your host, Joseph. And with me is just one of the other four zero four media cofounders today, and that is Sam Cole.
Sam:Yo. Just me. Just the Joe and Sam podcast today and Matthew Gault later.
Joseph:And Matthew Gault later in the second section. I was gonna do what's that meme from the film, you know, Captain Phillips when the I've never seen that. Say, look look at me. Look at me.
Sam:Oh, yeah.
Joseph:We've run the website now.
Sam:Yeah. This is our ship now, baby.
Joseph:Exactly. Yes. So Jason and Emmanuel are out. They'll probably be back next week, and Matthew will join us in the second section. I'll just say very, very briefly, we mentioned this last time, but we did run a survey to get a better understanding of, frankly, who are our readers, not specifically, but, you know, why do they come to four zero four Media?
Joseph:How did they get here? That applies to the podcast as well, and a lot of people replied, and I think it's over for the moment. I don't think we need to resume it at this time, but thank you so, so much to everybody who, you know, gave us their anonymous information. It really, really helps us out better understand how we can serve you and maybe what coverage we can do and all of that sort of thing. It's gonna take us a little while to go through the results, but thank you once again.
Joseph:Sam, do you wanna take us through this first story as this one I wrote?
Sam:Yeah. Yeah. So this is a Joe story. The headline is someone is trying to hack people through Apple podcasts. I think it was probably a week and a half, maybe two weeks ago or maybe longer.
Sam:You messaged us at 404, and you were like, something weird is going on with my Apple Podcast app. Like, I'm being recommended things that I don't recognize. You were like, there's something weird going on. I don't know if it's just me or if it's, like, a system wide thing or if there's, like, a hack going on. And I think everyone was kind of like, that's bizarre and, like, so classically something that would happen to Joseph.
Sam:So we were kinda like, yeah. Okay. But you dug into it, you it turned out that it was actually there was something going on there. So do you wanna just kinda explain what exactly you've been seeing on the app?
Joseph:Yeah. I think I only told you and the others of four zero four Media weeks into me seeing all of this weird stuff. Like, maybe I just told you a couple of weeks ago, but it's been going on for months, really. And, honestly, my my first reaction was concern, worry, and potentially like, oh my god. Is this something that's really, really bad?
Joseph:Is this humiliating or something like that? And, of course, you know, worried about the security of my device and that sort of thing. Those worries did subside after I looked into it more and and I and I spoke to an expert that we'll get to. But, yes, what basically has been happening over the last few months is that I will go and unlock my Mac. The the screen will come on, type in my password or use biometrics or whatever.
Joseph:The the Mac will then open to the desktop. The podcast app will have opened by itself, and it will be displaying some random ass spirituality app, education app, religion as well. And I didn't know what to make of it as I said at first, but there were a couple of different scenarios where, yes, I would unlock the device, and then it would be automatically opened. Sometimes I would be using my Mac, and it would just happen in front of me. And I'd be like, woah.
Joseph:Okay. I I guess the podcast app is open now. And then in other cases, the app would already be open, but it would just seem seemingly random. And I I'm gonna guess it's not random, but, obviously, for to an observer, it looks random in that, oh, okay. It's just opened this podcast now.
Joseph:So really confusing and eyebrow raising and just making me wonder, well, what the hell is going on here? Is this something bad, or is this something just weird?
Sam:Yeah. I mean, it's it's definitely never good when apps and software just starts opening on your computer without you initiating
Joseph:Well, it could be any like like, it could be anything.
Sam:It could be something bad. It could be something really bad. It could just be I mean, my MacBook I'm primarily a PC user, and my MacBook is constantly opening what I think of as, like, trash, like, junkware, which I would include a lot of the Apple services in that, and it just opens stuff by itself. But what you were saying was, like, specifically certain kinds of podcasts, like you said, like the spirituality and religion, which is not your usual fare.
Joseph:Well, also and and it's a and it's specifically the native, quote, unquote, legitimate piece of Apple software. Right. Like, again, as you say, you're on Windows, and you're unfortunately used to there just being crap on Windows all the time, either that from Windows itself or I don't know.
Sam:I installed myself.
Joseph:Yeah. You installed yourself or I remember back back in the day, I mean, I feel like it's less of a problem now, but, like, malvertising was just you go to the wrong website or Windows machine and you're not blocking ads, you you might be surreptitiously downloading software. It just sounds scary. So
Sam:Yeah. For sure.
Joseph:Yes. This was strange because it was the real Apple piece of software.
Sam:Right. Yeah. And it was opening, like, this very specific it like, what it was opening was weird. I don't know if you can even, like, tell me the names of these podcasts on them. Have actual names on them are, like, basically Wingdings.
Sam:But what were the podcasts themselves? Like, what were they titled?
Joseph:I just tried to open one, and it's not loading, so maybe it got removed. But I have this email in front of me. I'll I'm not gonna read the whole one because I think people will realize that it's clearly a script or some sort of command, but one of the podcasts is titled five dot dot slash x e w e two single quote, double quote, double quote, ampersand, hash, x two two, and then it gets to on click alert, and it goes through. And it is clearly a command, and, you know, I think we'll talk about that in a minute. But another of the podcasts was it was actually in Arabic, and I can't remember off the top of my head, it was something like life advice or something like that, and there's a Gmail address included in the title as well, weirdly.
Joseph:There was one old from somebody called Lionel Pimenta, and then it had a specific URL for a Google Play Store app all in the podcast title. And then probably the last one. I think there were a couple more, but I only documented just most of them. And the form was called Free Will Free Will, and then that had a direct link to some sermon website as well. So a whole, I would say, mix of very weird podcasts, but not not the usual stuff I listen to.
Joseph:I'm usually listening to video game news or Hollywood news. I'm not listening to religious sermons through Apple Podcasts typically.
Sam:Yeah. Free Will Free Will. That's a great one. I like that podcast a lot. I'm a big fan.
Joseph:I'm a
Sam:top listener of Free Will Free Will. And do they are there like, did you try to listen to any of them? Do they actually have audio in them?
Joseph:Well, Free Will Free Will does. Yeah. I I played it, and I know some people will be like, oh, you you were clicking around and stuff, and it was because, again, looked into a bit, and I felt, well, I do need to probe this, whatever, and I think it would be very crazy if you got directly hacked just by playing some audio. You know? And I don't think that's what's going on here as we'll see.
Joseph:But that one did have some audio of someone just giving a sermon. But then that that first one I mentioned, as far as I could tell, it was just silence. There was there was nothing going on. And these podcasts, I should say, they're they're, like, several years old. Some date from 2018, 2019, 2021.
Joseph:So they're they're not 2025, 2024 necessarily, but they've clearly been co opted in some way or some shenanigans are going on where these podcasts are all of a sudden being surfaced and basically thrust in my face. I'm like the the Simpsons Smithers GIF. Surrounded by women, but it's that, but with, like, podcasts, basically.
Sam:You It's horrible. Like weird spirituality nonsense podcasts, spam podcasts. I mean, they like, these are, like, funny and dumb and, like, obviously, so far pretty innocuous, but there was one that was less innocuous and a little more malicious than the others. Can you tell us about that one?
Joseph:Yeah. It it was the first one I mentioned with that five dot dot slash x e one. And because
Sam:it was like a command almost.
Joseph:Yeah. Yeah. That's a command in itself. Profile isn't. Yeah.
Joseph:But you would have to you'd have to click on that or you'd have to run it. What was more interesting was that the same command was if you scrolled down on the podcast page, and it has the little section in the Apple Podcast app that says show website. Obviously, for us, I presume it says 404media.co. I haven't checked in a while, but it probably says that. This one, it had a link to go to that command, and maybe some listeners and I think readers of the article may have already figured this out, but that was it appeared to be a cross site scripting attack, a XSS attack.
Joseph:Now I remember again, it sounds like we're reminiscing about hacking or or something. I guess we are because malvertising years ago was a big thing on Windows. I remember XSS attacks being all over the place when I first started cybersecurity journalism around 2013, 2014, where, oh my god, hackers used cross site scripting to steal this data or to deface this website or something like that. And it was a really low hanging fruit attack. It was basically what script kiddies were doing, which are very technically unsophisticated hackers, but, you know, they they found a vulnerability in a in a pretty big website, and now they're gonna do it and get some notoriety.
Joseph:Or as our former colleague Lorenzo covered at motherboard way back when where we used to work, XSS was the underlying vulnerability used in the MySpace worm. Do do you remember that, Sam? It was before my time.
Matthew:But
Sam:Yeah. I remember that. I did, like, a my, like, community college, like, computers one zero two project was about viruses and worms, and that was one of the
Joseph:this a long time tell people I mean, I'm not expecting you to remember
Sam:the specifics. Mean, I don't remember the specifics. Do you remember? It was like
Joseph:think it was basically
Sam:Oh, his name is Sammy. Right? Yes. Sammy.
Joseph:Yes. Sammy Yeah. Who pretty famous hacker by this point who does lots of stuff. I think he was making himself Yeah. Everybody's top friend and propagate through Myspace knocking the infamous Tom off the off the top spot and making Sammy your best friend on Myspace.
Joseph:And Yeah. Because of the way it works, we just keep going, keep going, keep going. It was really sick. So, I mean, this Apple Podcast thing, it's it's not there
Sam:Right.
Joseph:As far as I can tell. But the link in the podcast kind of show notes, I guess, or page or whatever goes to this page. And when you click it, it does say test XSS from this domain, which I think has the top level domain of Ukraine, if I'm remembering correctly. It doesn't look like a fun website. I'll say that.
Sam:And
Joseph:yeah. The the the because because there's two things. There's the there's the random opening of the podcast and directing to weird ass podcast. There's then one of these is apparently being used to deliver or direct people potentially to a potentially malicious website, and that's sort of the more concerning part.
Sam:Yeah. Yeah. I mean, it's yeah. It's just it feels kind of it feels it does feel a little bit old school in that way, but it's just it's interesting how a lot of these systems have become, I don't know, at the same like, they're more closed than they used to be, but at the same time, it's like you can still get away with this kind of widespread. And, obviously I mean, do you think it's like one person doing this, or is it like a it's like a a known, like, kind of attack?
Sam:Right? I mean, well, I guess we shouldn't talk about the expert who talked about it because he kinda answered a lot of these questions for you or for us that were a little bit worrisome. You talked to Patrick Wardle. He's a Mac OS security expert. And what was his diagnosis of the situation?
Joseph:Yeah. So when I couldn't figure out what was going on and, you know, I can do a little bit of tech stuff, but I'm not gonna be able to figure out what attack is going on or anything like that. So I thought of Patrick who is a really, really, really good macOS researcher. He runs Objective C, which is, I was gonna say nonprofit, but I'm not sure if that's technically accurate. I'll just say organization, and he develops all of these macOS security tools.
Joseph:So you can download one of the tools, and it would tell you if any of your apps or any piece of software you've downloaded is trying to connect to the Internet, and you can block that forever. So I do that all the time where I'll like, a text editor I need because it can handle, like, files of five or 10 gigabytes or something. We often need that for stolen data, but I don't want that communicating with the Internet in case it is sketchy. So I just block all connections from that piece of software, that sort of thing. And Patrick makes those and makes it makes them freely available for anyone to download, and he's covered malware a lot of the time.
Joseph:And I think more importantly, he just understands the Apple ecosystem along as he's fully focused on it. So I messaged Patrick honestly thinking this is very much below his pay grade. He's he's he's, like, looking into serious stuff most of the time, and he very kindly got back to me and was actually pretty interested, and he said that, quote, the most concerning behavior is that the app can be launched automatically with a podcast of an attacker's choosing. He was very much focused on that. He did help me confirm, yes, it directs to this weird ass site with cross site cross site scripting or whatever, but he was focused on that.
Joseph:And he actually I don't think I even mentioned this in the piece or I did in passing, but he did a proof of concept where he sent me a link to a website that he controlled, and it automatically opened the four zero four Media Podcast on my device without it without a pop up. You know, like when you download Zoom or rather you click a link and it's like, hey. Just confirming you'd like to open Zoom. It doesn't have that. It just automatically opens straight on the podcast, which
Sam:he found crazy.
Joseph:Yeah. Which he found pretty interesting. And I guess this is me speculating, I guess it's a usability thing where Apple is like, well, we don't want people to do two clicks to get to a podcast. We just want people to click once and listen to a word, but that can be abused. The the other main thing that Patrick said was that, you know, slow down.
Joseph:This this isn't gonna be the biggest thing in the world. He said, quote, of course, very much worth stressing on its own. This is not an attack, but it does create a very effective delivery mechanism if, and yes, big if, a vulnerability exists in the podcast's app. So I think that's already interesting. It doesn't mean, as he says, that, oh my god.
Joseph:There's this massive issue with Apple Podcasts, but there's something something going on here.
Sam:Yeah. So we're not panicking. We're not being actively hacked is the good news.
Joseph:We're definitely we're definitely not panicking. I I should say that, yeah, when I was going through it first, I was I was looking on Reddit, like, has anybody else reported this? And I couldn't find anything. And then Patrick looked on Twitter slash x as well, and he didn't find anything. But kind of what pushed me over to over the edge to actually finally get around to writing it up, because, again, this has been happening for months, was that someone left a review on that really sketchy podcast with, like, one star saying, this is clearly a scam.
Joseph:How is Apple allowing this on their platform? And that signaled to me, oh, so it's not just me seeing this weird stuff. That also made me a lot more confident in that this isn't some highly sophisticated targeted attack against a journalist. Not that not that I thought it was that, but not a pleasant thing to be happening when you were trying to figure out, is someone really, really trying to fuck with me or not? But I saw that and then wrote it up.
Joseph:But, yeah, I don't I don't think panic. What came to mind for me was maybe last year or the year before, there was a huge wave of Google Calendar spam. Do you remember that?
Sam:Yeah. I got a ton of it, and I still get a ton of Google Calendar spam. But, yeah, it was a big, like, uptick in it last year.
Joseph:Yeah. And it sucks. And it usually is, oh, random guy has put an event on your calendar, and it includes links to their website or whatever. And Google I can't remember how they fixed it. Probably a change in permissions or something, the ability for who can add something to your calendar, but they had to shut that down.
Joseph:That for me, this podcast stuff is similar to that vibe where somebody's clearly fucking around and playing with the podcast app and sort of doing stuff to people, but it's not super alarming. That said, you know, if you could deliver, as Patrick said, if you could deliver malware to somebody on an iPhone or a Mac device through a native preinstalled, always installed, nearly always installed official Apple app, that's pretty bad.
Sam:Yeah. You talked to Apple about this. Right? I assume you contacted Apple. Did they have they responded?
Sam:They didn't respond for your story, don't think. Did they?
Joseph:Well, I I spoke at them. Not really not really to them. The first email, October 26, and then twenty seventh when I got more, November 5, November 10, then I sent another email directly to a press contact I have Apple, and he never replied. Yeah. So Apple has not responded to any of this.
Sam:This is a great, like because we always put, like, such and such company didn't respond or did respond. Or, you know, if they did respond, we put it. But yours, it says, Apple did not acknowledge or respond to five emails requesting comment. The company did respond to other emails for different articles I was working on across that time. It's just like they didn't just not comment, you know, like the usual.
Sam:They ignored you for this.
Joseph:Yeah. Yeah. And I know that some editors would, like, take that out, and I feel like I've done that before, and and Jason or or you or Emmanuel have taken it out because sometimes I can get a bit petty. But here, I think it's pretty important that, dude, there is this weird thing going on Apple Podcast. Like, why can you not even say we're looking into it?
Joseph:Why can't you even acknowledge that? But, I mean, Apple is Apple. They can be very difficult sometimes on PR stuff. Yeah. I don't know.
Joseph:A few people after it published we published this on Thanksgiving. We were all pretty, obviously, offline during that, but some people emailed and they said, I think it's related to this vulnerability I found in 2024, blah blah blah. I haven't had time to go through those yet, but I'll definitely go through those emails and sort of figure out, is there something else going on here? You know? Alright.
Joseph:Should we leave that there, and I'll get Matthew?
Sam:Yeah. Go get him.
Joseph:Alright. We'll be right back after this. Alright. And we are back, this time with Matthew. The headline of this one that you wrote is unauthorized edits to Ukraine's frontline maps point to poly markets war betting.
Joseph:This is a crazy story. People are really, really outraged in my mentions about it on various social media platforms. Good. Yeah. Oh, but I I think we'll get to that.
Joseph:We'll definitely get to your your your thoughts on it because it it combines scamming, predatory behavior, and warfare all into one story somehow. Let's start with Polymarket. I I think a lot of people will be familiar, but maybe some aren't. What is Polymarket for those who don't know?
Matthew:So Polymarket is what they call a predictive betting market. It's quite simply a place where you can lay money down on something that's got a binary outcome. Will president Trump win the twenty twenty four election? Yes or no?
Joseph:Which was a big one, obviously.
Matthew:Which was a big one, and a lot of people made a lot of money. Like, made so much money that, like, was the Wall Street Journal was, like, profiling the people that that made millions of dollars.
Joseph:A French guy.
Matthew:A French guy. Yeah. It was really fascinating. He, like, wouldn't his family was like, you're crazy. He's like, I'm gonna make a lot of money.
Matthew:And he did. He did. He made a lot of money. So that I mean, at its very basics, that's what polymarket is. And it it basically allows you to gamble on everything, including the outcomes of individual battles in a war zone.
Joseph:We'll we'll get to that. I'm just gonna well, I was gonna say we'll get to that, and I've opened up Polymarket to see what the bets are. The the top one is actually a Russia Ukraine one, as in Russia versus Ukraine ceasefire in 2025. Yes or no? Fed decision in December, yes or no.
Joseph:Honduras presidential election. So, yeah, you can bet on everything basically in current affairs or in the world. Do Maybe you don't know this off the top of your head, but do individual people make these bets or are they made oh oh, sorry. They like launch these campaigns, or is it Polymarket that does that? Do you know?
Matthew:I actually don't know off the top of my head. My informed guess is that so you somebody launches it, and they launch it with a simple bet on the yesno proposition. So they put like 5¢ or whatever on yes, and then other people can like take the odds. And then the odds change depending on who's voting yes and who's voting no. Just based on everything else I kind of know about how polymarket works, I think that's probably it's something like Probably something like that.
Joseph:Yeah. And the the creator of Polymarket, and I think Wall Street as well, they see it they see it way more than a gambling platform. They actually see it as a source of information where you can sort of tap into the sentiment of certain populations or the wider public about what is actually going on here. And, course, that goes back to the Trump one, right, where people say polymarket called the previous election while all of these other polls were wrong.
Matthew:Right? It's it's kind of it's extremely fascinating. I think I'm gonna I'm gonna half pitch you a story while we're on the podcast, in fact. So I've been thinking about this a lot because, yeah, the the the CEO builds Polymarket as the future of news. That's like one of his big taglines.
Matthew:And the reason that he says the future of news is that it's kind of this libertarian game theory mindset that that I would say permeates everything on the platform. That if you put your money where your mouth is, it changes the nature of what you think is going to happen. If you're willing to put like $5 on the presidential election instead of just your vote or instead of just your social media clout, It's like the that's that's pure somehow. It, you know, it tells you about the heart of a of a human being. Like, in that that Frenchman's heart of hearts, he knew Trump was going to win.
Matthew:Right. And that's why he put all those millions of dollars on there, and he was willing to put that money up in in the endorsement of that political candidate.
Joseph:Yeah. It is very interesting. I I don't know if I fully agree with all of the premises.
Matthew:Oh, I absolute I absolutely do not.
Joseph:So and then people have been betting specifically on things related to the Russian invasion of Ukraine. As I said, there was one about the ceasefire and that sort of thing. So let's just get to the the specific one you wrote about. This map that the article discusses, what is this map and who makes it?
Matthew:So I'm gonna apologize first and say that my my my Slavic is bad. Okay. And I cannot pronounce Ukrainian or Russian words, so I'm just gonna throw that out there at the beginning. So there's this this think tank called the Institute for the Study of War that's been around for a while. It kind of made its bones tracking, like, the movements of specific conflicts, like the fluteral frontline movements of specific conflicts in The Middle East and now has what is kind of like the gold standard map of where troops are and where the front lines are in the war in Ukraine.
Matthew:Typically, they update it, like, once a day around 01:30PM, and that map is the map that Polymarket uses to resolve its disputes about who controls what territory in Ukraine.
Joseph:Because it's a very reliable map.
Matthew:Because it's a very reliable map, because it it takes a bunch of different factors into account. It's kind of all run by experts. There is another map that's very popular called the Deep State Live Map, but that map also has like, it's it's kind of supported and tied in with the Ukraine Ministry of Defense. So it's kind of like, do you like, how much do you trust the people, like, the self reporting of the of the Ukraine's MOD? Right?
Matthew:Just the same as you wouldn't trust, like, a map that's put out and supported by the Russian side. Right? So ISW uses a bunch of different factors. They use open source intelligence. They read through the all the telegram channels.
Matthew:They look at what both sides are putting out in their propaganda to kind of like suss out where like the territorial lines are. And so like the way these polymarket disputes resolve, and specifically the one that we're gonna be talking about is around a city called Myrtlerod, which is in Donetsk, which is one of, like, the heavily fought over regions in the eastern portion of Ukraine that Russia, like, annexed. And Ukraine has kind of been holding this city for a long time, and it's been encircled by Russia, and it's kind of people know that it's probably going to fall. And in fact, like a couple hours ago, Russia had put out, like, its own propaganda video showing Russian soldiers in the town square. But Polymarket had a lot of bets on this specific town.
Matthew:There's like an over $1,000,000 worth of volume in this specific area, which is pretty unusual for these conflicts. Usually, it's just like a couple grand that people are betting. Right. So the way like, every bet on Polymarket has a very specific set of circumstances that resolve the bet in one way or another. And when it's something like territorial control over a war zone, they pick like they said this this cross section of streets, this part of the town, when it goes over to the Russian side, then this bet will be marked as resolved, and the cash will pay out.
Matthew:So will Russia control this town by November 15? We'll use the ISW map. We'll check it. And if this part of this town squares is taken, then people who voted yes that it will be taken get the money. So the weird thing happened is just, like, just about before, like, 6AM on November, which is not normally when the map updates.
Matthew:Suddenly, the map updates in just that little like, the the Russian lines kinda push out and just take that square. The Pali market resolves. The money gets paid out. And then, like, suddenly, that that that take disappears from the from the ISW map very strangely. And then ISW put out a statement that didn't mention polymarket, but said like, hey.
Matthew:We noticed that someone had made somebody with access to the map made an unapproved edit overnight. We're sorry. This didn't you know, this, you know, this was not real. We've reverted it, and we apologize. Somebody who's one of the geopolitics watchers on Polymarket called out ISW and pointed out, like, the timeline of the events and pointed how weird it was, like, the people had made money off of this bet, and that it was very odd.
Matthew:And I talked to ISW, and they kinda they stopped short of saying that the map was edited because of a polymarket bet, but they did say that, like, they are aware that people are using their map as the thing that resolves these bets, and that they are not happy about it. They they object to it, and ISW strongly disapproves of such activities and strenuously objects to the use of our maps for such purposes for which we emphatically do not give consent. So it's not we don't know that someone at ISW had money or, like, paid this bet. I wanna be very clear about that. It's just like all the circumstantial evidence around it sure does point in that direction.
Matthew:Right? Yeah. And the incentives make it look like that's what happened.
Joseph:Yeah. Let me summarize it just to make sure I'm understanding correctly. Mhmm. There, the the map is modified by someone. We don't know who it's to just to put cards on the table or options on the table.
Joseph:It could be someone who has legitimate access to the app. It could be a third party that potentially hacked into somebody's account to then change the map for whatever reason. That happens. This bet then gets resolved on Polymarket. Money is paid out, which is very interesting to me.
Joseph:And then the change reverses as well? Or
Matthew:Yeah. The change reverses on the ISW map, but that it the the the money did pay out, and that was that's something that was super interesting to me.
Joseph:Right.
Matthew:Because the way and this also ties back into the way Polymarket resolves disputes. So what would have to happen for the money to not be paid out is before the money is paid out, there's, like, a period where you can where people can dispute the resolution.
Joseph:Because it's still in escrow, essentially.
Matthew:Basically, yes. It's still in escrow. You have to have two separate people dispute the resolution, and then and this is my my pitch, is I think we should write a story about, like, how Polymarket resolves disputes because it's kind of insane.
Joseph:Mhmm.
Matthew:Like, when this thing happens. So there's a separate system called, like, Oracle UMA that's basically like a blockchain game theory based voting market. So what happens is it get like, the the dispute gets kicked to these people who have a separate discord and separate environment, and you they they adjudicate the dispute. And to have betting shares to adjudicate this dispute, you have to have, like, bought tokens. And the more tokens you have, the more votes you get in this wholly separate thing.
Matthew:Yes. So, like, not to get too into the weeds, but, like, it gets very strange if you start disputing things. But that didn't happen here. Nobody disputed anything. It did not get kicked to UMA Oracle.
Matthew:The money was paid out, and the ISW math reverted after that.
Joseph:Wait. Wait. Wait. So not even people who took the other end as the bet disputed? I mean, I guess Because
Matthew:I I would assumption I don't know why the dispute didn't happen. My assumption is that they looked at the ISW map, and they're like, nope. I guess that I guess Russia took the square.
Joseph:Right.
Matthew:But the these beds do have comment sections, and there there are pissed off bag holders Mhmm. In the comment sections of this specific bed, which is ongoing. Because they've updated it like to fifteen days, and like, will they take it by December 15 and this kind of thing. Gotcha. Because it's kinda it's all it's almost like it's been parlayed.
Joseph:Yeah. And I mean, this this was like a great original story, but I feel like there's so much more to come and to find out potentially. Of course, hopefully, the think tank themselves will find out more specifics and and release them.
Matthew:I would love for them to tell me who did it and why.
Joseph:That that would be ideal. Yeah. I I I guess until then, just more broadly, what do you think of betting on the conflict in general? Because as I said, people are really, really pissed off in my mentions.
Matthew:I think it's a moral state on your soul if you do it. Full stop. Sorry. Like, if you're betting on the outcome of a conflict like
Sam:It's just cynical.
Matthew:I don't know. It's awful. Yeah. It's it's an awful like, war is a horrifying thing where people die. This one like, they're all brutal.
Matthew:This one is particularly brutal. I've you know, I think a a lot of it has been filmed and broadcast across various social media channels, and people are like laying bets on it. That's Yeah. That's awful. That's awful.
Matthew:It is it is bad. You it is a bad thing to do, and you should not do it.
Joseph:Yeah. Well, I think that's a good place to leave it. Matthew, thank you so much for joining us and talking about this story. If you're listening to the free version of the podcast, I'll now play us out. But if you are paying for a full media subscriber, we're gonna talk about how in half of The US now, you have to either hand over your ID or scan your face to watch legal porn.
Joseph:Good good times. You can subscribe and gain access to that content at 404media.co. We'll be right back after this. Alright. And we are back in the subscribers only section.
Joseph:Sam, this is one you wrote. We originally gonna talk about another story, and then you published this one, and you were like, I'm big mad, so let's talk about this one.
Sam:Yeah. People are probably sick of talking about this topic, but I don't care. We're gonna
Joseph:keep talking about it. Well, actually, I'll I'll get to that immediately. But the head the headline is half of The US now requires you to upload your ID or scan your face to watch porn. And, I mean, I don't fully agree with you that people are gonna be, like, sick of Asia. Like, they shouldn't be because this is really, really important, and we cover it because it is important.
Joseph:But I do think we did something sort of useful here in the headline, which is rather than saying age verification in the headline, which I think, like, people might not get that. People might not understand what that really means. It's like, oh, I have to click a box or something to watch porn. It's like, no. No.
Joseph:No. You have to scan your face or upload your ID, and I don't think people understand that necessarily. Do do you think do you you think people get, like, what's going on?
Sam:No. I I don't think they get it until it comes to their state, and I think so more people get it now. Right. Because, like, the headline says, half of the country has these pretty restrictive age verification laws in place. So I think if you hear it, you're if you hear age verification, you're like, well, yeah, like, you should have to verify your age to you know, that's good.
Sam:Like, we don't want kids seeing things. It's just it's such a marketing hit job that has happened in this entire, like, industry slash topic. So Yeah.
Joseph:It's it's intuitive when you say, well, of course children shouldn't well, there's two things. Of course children shouldn't have access to pornography. That is what people intuitively may think or say or whatever, and, you know, and then people disagree with that or whatever. But that that that's what people intuitively think. They also intuitively think, well, you're just verifying age.
Joseph:That's no biggie. I think we'll get to why that's wrong.
Sam:Yeah. And maybe you also think, like, it's so on some websites, even before all this started, you either have to say, yes. I am an adult, which is something very common across, like, if you go to, like, a brewery's website or, like, a cannabis shop website or porn website, you just hit, like, are you over 18? Yes or no. And you hit enter or you hit go back.
Sam:I'm not 18, which who would ever hit go back? I don't know. But Dude, I
Joseph:some I sometimes click, like, when I go to a brewery website, like, are you over, you know, 18 or whatever? And I I sometimes just click no just to see what happens.
Sam:Yeah. Where does it take you usually?
Joseph:Just comes over like a passive aggressive message saying, well, sorry. Oh, well. You you can't come you can't enter this website.
Sam:You're not allowed to look at pictures of beer.
Joseph:No. No. No. Absolutely.
Sam:So, yeah, maybe people think it's like, oh, you just put in, like, verifying your age must be like putting in your birth date or birth month or some or your birthday. You know? It's like it's like, no. Actually, it's uploading your ID. We're scanning your face or the options now.
Sam:So
Joseph:Yeah. Yeah. Well, I guess let's do that now. And why I mean, it's a very obvious question, but I have to ask it. Why is that a bad thing to upload an image of your ID or to scan your face?
Joseph:Like, what are the issues that people have with that?
Sam:So there are a couple sides to this, which, again, if you're a listener to this podcast, you probably know them. But if not, every time I talk to someone new about this stuff, it's eye opening for them to hear kind of the the reasoning why it's bad. You might get one, but there are many. So for a while, a lot of these risks and, like, threats to your privacy were hypothetical. It's like people knew that this kind of thing was gonna happen, and then it happened.
Sam:And now we know for sure that it's possible, and it is a real risk. So that kind of thing being hacks, breaches, we saw what happened with Discord. Discord had a breach of its age verification service provider where, like, it was, like, 70,000 user IDs and photos and things like that were potentially exposed.
Joseph:It was real bad. Real, real bad.
Sam:Yeah. It was huge. And then we had the Tea App hack, which is taking your selfies and also your your ID to verify your gender, not even your age because that was part of the appeal of the app for some people that only women were on the app. And then they got breached. Obviously, that was a huge deal that we reported on first.
Joseph:We're And then there was the there was the one after that, which was Tea on Her, which was made by a bunch of men, presumably. We didn't really cover it, but I think Zach Whittaker at TechCrunch did a fair bit of coverage on it, and they exposed their personal identity documents as
Sam:well. Right.
Joseph:It's like, you just can't make a site where you upload docs without being an issue, apparently.
Sam:And especially so these are sites that are targets. Right? It's like once you are taking these pieces of personally personal identification and personal data, it becomes a target. You're creating a honeypot. Like, it's just and for porn sites, that's sensitive information already, you know, like, they're they're gonna get targeted.
Sam:Their people are gonna try to pop these sites. So the privacy and security thing is one. The fact that once you hit any trifurcation wall like this, the wall is like, you either need to choose to upload your face to get scanned or upload your ID or a credit card payment in some like, a picture of your credit card or make a payment in some cases. Once people hit that barrier, they go to a different site. It's like, why would I go to a site that's asking for all that if I could get porn on a different site that doesn't give a shit about The US or The UK and its laws.
Sam:Right. Which is Yeah.
Joseph:Why would I go to Pornhub, which to be clear for all of its issues, which you've reported on in-depth for the manuals reported on in-depth, is basically a different company now Yeah. In a in a lot of ways. Why would I go to Pornhub, which is asking for that, when I could just go to sketchy pornstate.com, which might have nonconsensual imagery on there or something.
Sam:Yeah. For sure. It might have, like, god knows what. So Pornhub verifies performers' identification consent forms. The people uploading there are the people who own the content, and that's not the case for a lot of foreign sites on the Internet.
Sam:And so and especially the ones that don't care about what the law is. They are just like, yeah. Whatever. We're gonna upload stolen content. We're gonna steal it from people's OnlyFans and put it on our Tube site.
Sam:And you're supporting those sites by making it harder to access the sites that are trying to comply with the law. So there's that aspect of it. And I think those are the two really big ones is that the the ease of to which people can just, like, go to a different site is very easy. And then also, you're promoting more, like, you're hollowing out the adult industry to make more more room for more exploit exploitation because people's content is getting stolen by these other sites, and then those other sites are profiting off of, you know, like, stolen content and noncontent
Joseph:content and things like that. Or OnlyFans or whatever. I mean, do so the argument that a child would go to Pornhub or one of the big sites, get presented with a well, sorry. No. Let me rephrase.
Joseph:If anyone would go to one of these sites, get the barrier, ask to verify the age, and then, like, screw that. I'll go to another site. Is that what you think will happen or what experts will think will happen, or do we do we know that happens? Like, I'm just curious. Like, is it too early to know for sure if that's happening?
Sam:No. It's not. Yeah. It's not too early. It's so the first age verification law of this kind, and they're all extremely, extremely similar, almost exactly the same wording, was in Louisiana in 2023.
Sam:So we've had a few years of seeing what happens when this happens. And what we see because, you know, these sites reported themselves is that people leave those sites and go to and traffic spikes on other sites. And, also, we see VPN searches spiking immediately after agentification law is enacted in a a state for the first time. People go searching for VPNs, and they try to get around the block. So it's like, it's not it's not working in any direction.
Sam:If people wanna just go to a VPN like, if you're old enough to be googling, like, around and looking for porn, you're probably old enough to be looking for a VPN also. So you can just get around it, and adults can get around it too. So, yeah, it's like and there's there's starting to be studies coming out about the way that atrial defecation is actually working or not working now that we've had a few years of this. But, yeah, it's it doesn't it doesn't work. We knew it wouldn't work.
Sam:Experts in the adult industry said it wouldn't work. Experts in, like, free speech and censorship said it wouldn't work. We've said it wouldn't work, and it doesn't. And I guess I guess we should also say the reason why we're talking about this because it's not in the headline is that Missouri enacted its atrophication law on the thirtieth, which I think was Sunday. And we saw the VPN searches spike through Google Trends and which is not a perfect way to see what people are interested in, but it is like
Joseph:Dude, it's great. You can see it's straight up. Trends.
Sam:Oh, I know. It's so interesting. But, yeah, you could see it was like immediately after, and that's always the case. And Missouri is the twenty fifth state that has enacted this specific kind of very restrictive age verification legislation, which is, you know, it feels like a milestone.
Joseph:Right.
Sam:It feels like we're halfway through the rest of the country adopting the same exact thing. So
Joseph:It's in absolutely no way like a fringe thing now. It is teetering on the edge of majority now that we're, you know, 25 or or whatever. Yep. And and I and I guess just briefly to go back to, you know, someone goes to a porn website and they get presented with the age verification check, scan their face, upload an ID or whatever, and may maybe they just give up and they're like, well, you know, screw this. I'm I'm just not gonna access this site or whatever.
Joseph:The people writing these laws and supporting these laws are probably absolutely fine with that. Like, they are fine Yeah. If somebody doesn't actually go through the age verification process and just gives up. Right?
Sam:Yeah. I mean, it's yeah. It's they've gotten the political win of protecting the children and saving the children, which is such a common reason why a lot of these really bad laws get passed passed in the first place that make everything less safe for everyone. But, yeah, they don't it's the they don't give shit. I mean, that's kind of the the end of it.
Sam:They get to say their stand about protecting children, and they they were like, the the Missouri attorney general, she put out a she put out a couple press releases about this because they love to make a big noise and, like, bang their chest about this stuff. But she was like, we're proud to stand on the side of parents, families, and basic decency. Missouri will not apologize for protecting children. It's like, you are so out of touch, and, like, it does not matter to you at all. And people are telling you constantly, I'm sure, that this is not working because people do make a big outcry about this when it is about to be passed in their states.
Sam:People are pushing back against this stuff, and the legislators just don't they don't wanna hear it. They don't care. They're not working with the adult industry to make any of this safer. You know, it's there are options for age verification. For for protecting, like, quote, unquote, protecting children, there are better options for keeping kids off of porn sites, and a lot these are just don't care.
Joseph:What what are some of the better options?
Sam:So, I mean, the main one is the fact that your phone and the phone that you're handing your kid an iPhone, the phone that you're giving your seven year old for god knows what reason, which is all their conversation. No judgment for parents to do that, but you should be putting parental controls on your kid's phone if you care about what they're seeing and if you care that deeply about them not going to harmful sites and porn sites where they shouldn't be. And these sites don't want children on their on their platforms either. You should be putting porn controls on there. You can go to your phone settings and make sure it's set so that they can't access porn.
Sam:And a lot of porn sites are part of this, like, restricted to adults label that's it's an organization that it's they're putting in their encoding in the site the thing that triggers the parental controls on your phone to say, don't show this site to a child. These are already in these have been in place for years. This is something that's been people have been able to do this on their phones for years, and people just don't do it.
Joseph:Right.
Sam:They just don't do it. They just they would rather have they would rather be so hands off and so whatever about it that they would have a porn site attempt to do it for them. But by doing that, they're forcing adults and everyone to go through this extremely invasive process of, you know, attempting to childproof the whole Internet, which just makes it all more dangerous for everybody.
Joseph:So Yeah.
Sam:Yeah. It's like the device based solutions are so much more safe and noninvasive than these, like, laws that put the onus on an actual platform?
Joseph:Well, there there's this, like, constant movement of who the onus is on. Right? As you say, there's parental and family controls already. Maybe some people use them. Maybe some people don't.
Joseph:To be fair, maybe a maybe a kid will get around that. You know? What's what's that Trump line that Baron Trump, really good at computer, gets around it or whatever. There's that. But then you have recently, I think just in this piece, you have either Pornhub or the the parent company, right, saying, we don't think we should be doing this.
Joseph:We think it should be the device manufacturers like Apple and Google. And I actually remember maybe six months ago, maybe it was when The UK law was being passed. Right? Meta made much the same comment where it's like, we don't want to be responsible for this. We think the device manufacturer should do it, and they would be a lot better at it as well.
Joseph:And you can see the argument there. You know, an Apple device, it's gonna have a secure enclave, which is used to store all sorts of cryptographic secrets. Maybe you could securely store somebody's age or an indicator of whether somebody is is a minor or not, and then that dictates what they're able to access on the device. I'm definitely not saying that's a good idea, but that is the argument. Right?
Joseph:And then I imagine from Apple and Google, they don't fucking wanna do that. Like, we don't wanna be and I'm paraphrasing what I think they're gonna think. We don't wanna be the sort of the arbiters of, like, what you can access on your device and what you cannot. And it seems everybody's just pointing the finger at everybody else, which is a classic tech problem when it comes to content moderation or cybersecurity, but it also seems to be the case here as well. Does that seem right?
Sam:Yeah. For sure. Yeah. It is. It's like everyone's pointing at everyone else.
Sam:And I do think it's like the adult industry who has a lot to lose here as far as, like, the censorship that's happening is happening to them. They are trying really hard to spread the word about better, more secure, more, you know, reliable ways to keep kids off of the platforms that they used to work while also being able to keep, like, working in their industry and not have these sites, you know, have to comply to these really restrictive laws. They're trying really hard to make this happen, and just, like, they're having, like, really intense conversations with legislators in some cases, but it's places like like Missouri and a lot of the other states. I don't know. I mean, it's, like, it's so let me read the states, I guess, because there are I don't I don't think people realize how many states.
Sam:There's 25 states. So in Louisiana Louisiana, Utah, Mississippi, Virginia, Arkansas, Texas, Montana, North Carolina, Idaho, Kansas, Kentucky, Nebraska, Indiana, Alabama, Oklahoma, Florida, South Carolina, Tennessee, Georgia, Wyoming, South Dakota, North Dakota, Arizona, and Ohio. You can't go to in a lot of in a lot of those places, you can't go to Pornhub because they've blocked access because they're saying we're not gonna be we're complying with the law by blocking access. Right. Or you have to show your ID and scan your face on different on other sites, other porn sites.
Sam:It's just like it's mind blowing. And the thing is, like, I mean, I, like, I looked at this out of curiosity after I read the Missouri attorney general's, like, we will not apologize for protecting children. She was, like, citing how much of these, like, really shoddy stats about, like, kids accessing porn, you know, at an early age. And I was like, okay. Well, fine.
Sam:Like, kids are gonna access porn now whether you like it or not, whether or not these laws are in place or not. So let's see what you're teaching 10 year olds about sexual health and consent and understanding their bodies since they're gonna see it anyway. You've made it this way. And this is the case in a lot of states. I'm sure people know this already.
Sam:It's and it's not it's certainly not just Missouri, but in Missouri, the schools are not required to teach sex ed. The local school boards decide whether or not they do teach anything. And if they do teach sex ed, they're required to teach and promote abstinence only sex ed, which there's tons of research and studies that that doesn't work. It doesn't give kids, like, a better understanding of their bodies. It doesn't give them a better understanding of consent and age age appropriate levels.
Sam:You know? We're not talking about just showing kids porn. We're talking about, like, talking to them about what they might encounter online and how they feel about it. So it's like there's this whole, like, blinder mindset in so many of these states and even in states that don't have these laws in place yet, but will, I'm sure, where the things that are happening are you're censoring content from adults, you're making it harder for adults to make a living, and then also you're just setting kids up for a really fraught understanding of sex in general and consent, especially. And that's if that's the big concern about porn being harmful, it's like, oh my god.
Sam:There's so much, you know, violent porn out there, which is whatever. It's for adults. Why are we not talking to kids about what that means and when it's in, like, appropriate bounds and, you know, helping them understand what they're gonna see? Because they're gonna see it anyway. So I don't know.
Sam:That really pissed me off when I looked that up. Was like, not only do they not have sex ed, they require schools to promote abstinence only sex ed, which is
Joseph:like It it's worst kind. Yeah. If you follow the argument that it is for safety and just, like, take that for granted even know, it's dubious. But if you take that for granted and it's like, they only did, like, half of it, and then they did another half that was really damaging as well. So it's just, like, a fuck up overall.
Joseph:But I think let's let's leave it on your point. That's a good place to end it, and I'll play us subscribers. If you do wish to subscribe to four zero four media and directly support our work, please go to 404media.co. You'll get unlimited access to our articles and an ad free version of this podcast. You'll also get to listen to the subscribers only section where we talk about a bonus story each week.
Joseph:This podcast is made in partnership with Kaleidoscope. Another way to support us is by leaving a five star rating and review for the podcast. That stuff really does help us out on Apple or Spotify or wherever. This has been four zero four Media. We'll see you again next week.