The 404 Media Podcast (Premium Feed)

Hello, and welcome to the four zero four Media Podcast where we bring you unparalleled access to hidden worlds both online and IRL. Four zero four Media is a journalist founded company and needs your support. To subscribe, go to 404media.co. As well as bonus content every single week, subscribers also get access to additional episodes where we respond to their best comments. Gain access to that content at 404media.co.

I'm your host, Joseph, and with me are all of the four zero four media cofounders. The first being Sam Cole.

Hello.

Emmanuel Mayberg. Hello. And Jason Kevlar.

What's up? What's up?

Alright. Not really much housekeeping this week. So how about we just go straight into this story, which is also something of an announcement. The headline is we're suing ICE for its 2,000,000 spyware contracts. Jason, do you wanna lead the discussion on this one?

Who is we? It's us. It's four zero four Media who sued ICE in DC federal court. I think this is something that we have always wanted to do. Right?

Like, not necessarily sue ICE, but do FOIA lawsuits. So I guess what is this lawsuit about, and why are we doing it?

Yeah. I I've wanted to do this for a long time. You will see amazing FOIA based reporters like Jason Leopold, for example, who's now at Bloomberg, and he'll get these amazing documents. And pretty often, it will turn out that you need to sue the government for access to those documents because they're not just gonna hand them over. We've never really done this because it's expensive, obviously.

And when we were working at Vice, I don't know if we actually tried it, but I imagine it would be difficult probably to get the resources to be allowed to do this sort of thing. Now that we're independent, we can do it. Yes, this is a Freedom of Information Act lawsuit. Basically, I filed a FOIA request with ICE way back in October 2024 asking for documents related to this contract they have with a company called Paragon. We'll talk about it in a minute.

But basically, they sell spyware for breaking into phones. And ICE, I think they acknowledged the request once and never got back to me, and that is illegal. You're not supposed to do that. Of course, government agencies, especially US government agencies, often delay the release of any documents. You know, it's incredibly unusual for you to get the documents in the thirty day window or whatever it is, but usually they say, we're sorry.

We have a massive backlog. Give us another ten, twenty, thirty days or whatever. ICE just did not communicate at all, and these documents seem especially important now because ICE just reactivated this contract. It was put on hold during the Biden administration, and it's back now. So it seemed very timely and important to file this lawsuit so we could get the contract and we can see, you know, why I support this powerful tool, basically.

Yeah. Just like a little bit of FOIA nerdery before we get into the specifics here. As Joseph said, federal agencies have, I believe it is, 30 to respond to a FOIA request. Like he said, they almost never actually give you the documents in that time, you know, that in that time period. They will send, oh, we're we're working on it, blah blah blah.

But, unfortunately, it seems like the only way to get documents in a timely manner sometimes is to file a lawsuit. And so as Joseph mentioned, it's like we have filed many, many, many FOIAs over the years, some of which do get ignored like this, and, you know, we probably would have ideally wanted to file more lawsuits over the years, but they are expensive. They're logistically complicated. We're not lawyers, so we needed to find a lawyer to do this for us, and I think often you have to do a cost benefit analysis of, like, do we really want these documents enough to, like, go to court over them? Because as Joseph mentioned, a lot of journalists and organizations that sue for this sort of stuff are successful doing it because it's a pretty open and shut case.

It's like we're requesting this the cow taxpayer money is being spent, and the specific document that Joseph asked for this contract is very simple to provide. It's not something that is going to take the FOIA officer, which is the, you know, the people in the the Freedom of Information Office, that long to, like, pull a contract that should take a few seconds. We're not asking for, like, tons and tons and tons of documents and deliberations and and things like that. And so, I mean, our hope is that the system still works, that we'll be able to get these documents hopefully relatively quickly. But, anyways, let's let's dive deeper into what Paragon is.

So Paragon is a spyware company. Where are they based? Who do they sell to? What do they do?

Yeah. So some listeners may be familiar with the government spyware industry. These are companies that sell remote phone and computer hacking tools to law enforcement and intelligence agencies. Some of those names you may have heard of include Hacking Team from Italy, FinFisher, I think from Germany. It's been a long time since I've covered FinFisher.

Then you have the infamous NSO Group from Israel, and Paragon is also from Israel, and it has a US subsidiary, and that's the context in which Paragon sits. It's it develops a spyware, and it sells it to government agencies. Listeners may also be very much aware that the government spyware industry is full of scandal and abuse. Hacking team was used to target activists. Finn Fisher as well.

I remember way back basically when I started writing about this sort of thing in 2014, 2015, that sort of time frame, It was being used to target activists in The Middle East and North Africa, the Finn Fisher spyware. And then NSO Group has been used notoriously around the world to target activists and journalists as well with, you know, even some indirect connections to Jamal Khosoji as well. Paragon positions itself differently. It show it says it is almost like the ethical equivalent to those companies. So while some of those companies will sell to a lot of different governments, including authoritarian states, Paragon says it doesn't.

It really works with democracies. And, you know, one of those clients, and maybe we'll talk about in a minute, is Italy. Even with that being said, the last scandal going on in Italy with Paragon, and it's not just sort of the customers that separate it. It's also the product, and we'll go into more detail in a second. But it's it's still exceptionally powerful, but it focuses more on getting messages from encrypted chat apps like Signal or WhatsApp rather than taking control of the of the entire device.

Right. So it it essentially is spyware that compromises the phone for the purpose of reading encrypted messages that are on your device.

Yeah. And the product specifically is called Graphite, and it will use, you know, presumably various exploits. One that was previously discovered by researchers and fixed was one in WhatsApp where the user of Paragon would send a PDF file to the target in WhatsApp. And without the target even clicking a link, WhatsApp would, you know, render or load the PDF that would trigger an exploit, which would then be used and that would break into the phone. And that is, of course, what's especially notable about Paragon and other related spyware is that this stuff can infect a phone, broadly speaking, without the target really doing anything.

Of course, that's a massively powerful capability, which is more often than not outside of the realm and the budgets and the reach of even, you know, top tier cybercriminals. We are talking nation state and nation state contractor sort of spyware. Whereas NSO Group, you know, they'll break into the phone and they will get the location data, the text messages, the phone calls, graphite, and Paragon position it as we're doing a more limited ethical collection here. That being said, we don't know exactly what ICE is buying, which is why we're trying to get the contract in the first place because we don't actually know if it's for graphite or not. It could be for a different piece of software.

All it says in the public procurement records is something like it's a proprietary developed solution, and they'll give us training, blah blah blah. We don't know what ICE has exactly, but it costs $2,000,000. So presumably, it's it's capable of doing something.

Right. So what do we know about who graphite has been used against before? Like, what countries have used it? Like, what is the the history of it? Because as you said, like, there is a history of this spyware being used elsewhere at least.

Yeah. So, again, Paragon positions itself as we're just gonna work with democracies. We're gonna be very, very above board, that sort of thing, which is why presumably they sold to Italy. And eventually, the Italian government was open about this, but only really after it was discovered, they have been used by presumably Italian authorities to target journalists, to target activists who were trying to save migrants, you know, obviously, are crushing oceans and seas and are at great risk of harming themselves. Paragon's technology was used against them.

Eventually, Paragon even stopped selling the technology to Italy. Like, of course, we we don't hear about it this much. If listeners want to read more about that, definitely go check out our colleague at TechCrunch, Lorenzo Franceschi Bicarai, who has been covering spyware for years and he did it with me for a very, very long time as well. But he's been following Paragon closely and, of course, being Italian as well. He has, you know, some pretty good insight into that sort of stuff.

But it's not just Italy. Researchers at Citizen Lab, which is this academic security research body, they, as they often do, found fingerprints of this malware and this system online, and they identify deployments in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. That's not to say that those countries are a 100% using Paragon or or or Graphite. Pretty strong indication though, and the the research itself is very well caveated, very well hedged, but that's always an interesting sign when Citizen Labs starts to find, oh, there are deployments of NSO in this country or Paragon in this country or whatever. And then I didn't actually know this until I started to write up our article about the lawsuit, but the New York Times in one sentence, in one paragraph, in an older story about the spyware industry, they mentioned that the US DEA has used graphite, and there's no contract, at least not one under the Paragon Solutions US subsidiary name.

I have four years out with DEA as well. They haven't been particularly cooperative, but maybe it's already being used in the in The US as well.

Yeah. And I'm I think the context of, you know, ICE having this $2,000,000 contract, I know that the contract was paused for a while. I guess it it was paused due to outrage. Right?

Like Yeah. It's a bit, yeah, it's a bit of both. So the contract is signed in September 2024. Wired finds it fairly soon after and covers it. And then it seems that this took the Biden administration by surprise.

It seems that the White House did not know about it. Presumably, ICE just went and bought it. And to be fair, why would the White House know about every single purchase by every single law enforcement agency? Right? But the White House put a stop work order on this, basically saying, hey.

You can't do this until we review it because, weirdly, around the same sort of time, Biden had just signed an executive order that was designed to limit the use of spyware by government agencies, and that came after all of these abuses by companies such as NSO Group, you know, which presumably parts of The US and the White House did not want really to be anywhere near. You don't want to be near a company that is going around and being used to hack into the phones of activists and dissidents and that sort of thing. You know? And there's also potentially a national security risk in that. I don't know.

If a US law enforcement agency is using a tool developed by Israel, what's to say that that Israeli company may not be getting some sort of intelligence from it? Of course, that's more speculative, hypothetical, but, you know, there there's a concern there as well. So Biden puts this pause on it, the Biden White House. It's for a year. Time passes.

Obviously, Trump comes into power. Obviously, ICE starts its mass deportation campaign and effort, and now the contract's back. And then we filed the lawsuit because as you alluded to, Jason, it feels even more urgent now to think well, to find out, well, what is ICE using this incredibly powerful tool for? Probably the most powerful surveillance capability ICE has ever bought, really.

Yeah. And, I mean, we could get into it, but I feel like we've talked so much about the surveillance technology that ICE uses that we know that they have, and this is just something that is even more powerful if it is indeed graphite. And, you know, who knows who it could be turned against and in what contexts, but I think it's important that we do know the specifics of the contract and and how they're doing it, so that's why we're suing. Do you wanna talk a little bit more about that and just, like, what people can do if they want to support this?

Yeah. And I and I'll just say more specifically, the documents we're seeking are kind of what I nearly always request from agencies when I'm submitting a FOIA about a particular contract, it's like unsolicited bids, procurement contracts, documents, blah blah blah. The main one for me is something called a statement of work. This is a short document, one page, maybe two or three, and it lays out and they they have to create one of these because it explains sort of what the contract's for. It shows in explicit detail, this is the use case for this technology.

This is why we have to buy it from this provider, and this is what we're going to use it for. And, of course, I think that's really, really important. It would still be important to know this even during the previous Biden administration. That's why I filed a Freedom Information Request immediately because I wanna know what ICE or really any US government agency is using very powerful spyware for. The only other real case we know a little bit about is when the DEA bought hacking team, like, more than ten years ago, at this point.

And I think they were trying to do it for targets in Colombia, at least overseas and in South South America, that sort of thing. So it'd be very useful to know what ICE plan to do with it. That said, if we get the statement of work back and it says, oh, we bought it to deal with child abuse or money laundering or something like that, the context and sort of the ground underneath ICE's feet has shifted so much now that even if the spyware was sold to HSI, Homeland Security Investigations, it deals with all of that serious organized crime or child abuse stuff, they now are working closely with the with the immigration part of ICE that who's to say that that tool may not be used for them as well? And after the contract was reactivated, you had people like Senator Ron Wyden say that, quote, ICE is already shredding due process and ruining lives, and it's rushed to lock up kids, cooks, firefighters who pose no threat to anyone. I'm extremely concerned about how ICE will use Paragon's spyware to further trample on the rights of Americans and anyone who Donald Trump labels as an enemy, end quote.

And then, yeah, just last thing. Obviously, we are only able to do this because of the generous support of our paying subscribers. So the best way to support this, to allow us to do this, is to become paying recurring subscriber. That is it's not just about the money, although, of course, that is one of the main things. It's about the oh, when we have recurring revenue, we can attempt to forecast.

Okay. We're gonna have this money, and we can allocate it for this purpose, in this case, a lawsuit. Then maybe in the future, we can allocate it for, I don't know, trying to get these other documents or something like that. That so that is the main way you can you can help us. And if you are interested in making, you know, a larger donation, tax deductible donation to hope to help this work, you can email me at donate@404media.co.

But that's the pitch over. Don't wanna go too long about trying to get people to subscribe. But, yeah, that is the main way that we're gonna be able to do this. You think that summed it up fairly, Jason?

I think so. I think so. We'll obviously keep people updated as this goes through the legal process. It was filed on Monday, so we have not won yet. Fingers crossed.

No. Not yet. And as far as I know, the process is now there's court formalities and then maybe ICE responds, and then we go from there. I mean, I would like to join the hearings as much as I can. I'm sure many of them will be very boilerplate and procedural, but I'd definitely be interested to see some of the arguments.

Alright. We'll leave that there. When we come back, we're gonna talk about a couple of stories that Jason Emanuel have been doing. We'll be right back after this. All right.

We are back. So these two stories weirdly happened close together within weeks of each other, but I think that's kind of indicative of what's going on at the moment. The first one from Jason, AI work slop is killing productivity and making workers miserable. I mean, I've never heard that term before, Jason, work slop. I don't know if it was made up for this study or or or or for this piece exactly, but so what is AI work slop exactly?

Yeah. New word just dropped. New word. So, I mean, it's obviously playing off of the idea of AI slop, but it's AI slop at work, basically. But we're talking about, like, very standard, like, white collar work, things like, I don't know, accounting firms, marketing firms, like people who prepare presentations and reports and do emails and things like that at a big company in the office.

So this was a study done by Stanford University researchers and people at a company called BetterUp, which is a workplace productivity consulting firm. It's a survey of a little over a thousand white collar workers across various industries in The United States, and it was published in Harvard Business Review, which Harvard Business Review is not a traditional academic journal, but it is, like, a highly influential, like, publication that talks about business goings on. And I saw it this morning and thought it was very interesting because it it I don't know if in a vacuum I would have written specifically about this study and this study alone because I think any single study that's like a survey of different workers' experience and things like that is like, I don't know, you have to be not necessarily skeptical, but you need to to think like, was this peer reviewed? What journal was this in? How was the research done?

That sort of thing.

It made very easy to get selection bias in that Yeah.

I think I think the findings in this make sense to me, but they they align very closely with, like, five other pieces of research and reports that have come out over the last couple months. And so basically, they define Workslop as AI generated content that, quote, masquerades as good work but lacks the substance to meaningfully advance a given task.

Damn.

Yeah. And so, I mean, they don't have, like, specific examples of, like, this is AI work slot, but it's funny that they asked, you know, 1,150 workers about this. And I don't have the exact number in front of me, but it was something 40% of workers said that they had encountered this phenomenon. And it's basically like you ask your colleague or your direct report to do a presentation, to summarize a meeting, to do something like that, and they basically outsource it to AI. And the thing that they turn in looks good, but it's useless.

And it turns out that this is, having a really big problem for productivity because AI is supposed to make companies more productive, employees more productive, at least that's the promise. That's why, you know, there's billions and billions of dollars going into it. And it turns out that, like, these workers are, one, spending a lot of time correcting the garbage that their colleagues are turning into them. Then they're having to, like, you know, redo the work. And then very interestingly, they said they basically said so here's a here's a direct quote from the report.

Workslop uniquely uses machines to offload cognitive work to another human being. When coworkers receive Workslop, they are often required to take on the burden of decoding the content, inferring missed or false context. A cascade of effortful and complex decision making processes may follow, including rework and uncomfortable exchanges with colleagues. And then they

say That's so good.

Yeah. They say the most alarming cost may have been interpersonal. And so it's very interesting because it's like not only are people having to, like, redo the shoddy work of their colleagues that their colleagues outsourced AI, they're also having to figure out, like, how to deal with this and how to deal with their colleagues. Because if you're a manager and, you know, your worker is like someone who's working for you is just doing a bunch of AI bullshit and they're not supposed to be, or they weren't told that they could, or maybe they were told that they could, but then the work that they're turning in is, like, really low quality. You're having to, like, navigate, like, hey, get better.

Get better at, like, at doing your AI work, or don't use AI, or this is not how we do things around here. And so it's resulting in a lot more, like, disciplinary conversations, and very interestingly, it says that after, like, a regular worker received work slop, they saw the person who turned in that AI generated work as being less intelligent, less creative, less capable, and less reliable. So basically, I mean, it's pretty bad. It's pretty bad.

Yeah. It's fascinating because I imagine, and obviously, I'm gonna speak for the AI companies, maybe this is wrong, but I'm pretty sure they didn't anticipate that they're gonna introduce these tools. They're gonna be used to workplaces, and gonna be focused much more on the accuracy and the efficiency of the tool itself. I really doubt the AI companies are thinking about, oh, we're making people in offices, like, look down on each other because the other person is using AI, basically. Like, I seriously doubt that came up.

Was that sort of, like, the human element? Was that like the biggest takeaway for you and why you why you covered this? Because I haven't seen that before.

Yeah. I mean, that that is why it was very interesting to me. I'm curious what the others think because it it is like it's this interesting moment where companies are telling their workers to use AI, and a lot of them are, like, reticent to do so because their colleagues will look down upon them. And that's like it's not just this study. There's one other study that found, like, the exact same thing.

And, like, you know, Emmanuel can speak more of this, but I'm curious what both Emmanuel and Sam think because I think part of, like, working in any team, it's like, I don't know. If y'all were, like, sending me a bunch of AI generated bullshit, I'd probably be pretty mad.

I wanted to say that another reason we cover this study is that we have been circling this issue a little bit. Jason, you and I have been talking about this. Just anecdotally, we have heard at various companies, and there's been some reporting about this, maybe it was at Business Insider. I apologize if I'm wrong about that. But basically, there's a bunch of instances of managers coming to their teams and saying, the mandate is use AI.

For what purpose? Doesn't matter. It just we have heard from upper management that AI is the future, so you have to use it. Use it first and figure out why later. And obviously, that seems like that would lead to bad results and the bad results that this study has found.

So I don't find it surprising at all. I guess I did want to say, to play devil's advocate, to play AI advocate, I wonder if, like, the correct and useful application of AI is kind of invisible and will not turn up in a study like this because it's like if somebody asked us if we use AI, I guess we would note how we do use AI because we report on it and we try to be very transparent, but it is not, like, immediately apparent that we use transcription tools or, I don't know, spell check and various forms of search. I don't know. Like, the the the way that it works is probably kind of integrated into your workflow, and it's kind of invisible. And, Jason, you've you've written about this as it relates to to journalism, but, like, do you think that's possible?

Do you think, like, there's more productive generative AI use happening that is, like, not turning up in this study?

Yeah. I do. I mean, I think probably, except for that that's why I said, like, I don't know if I would've covered this study specifically in a vacuum if this is, like, the only thing that we had heard about this. But there's been a bunch of studies that have come out over the last couple months, and they all find, like, different things, but I think that they they create, like, a a narrative that is, like, this isn't actually leading to that, like, the transcendent productivity gains that were promised. So there was a Financial Times analysis yesterday that was, like, really good of just, like, shareholder meeting transcripts filed by S and P 500 companies and earnings reports and things like that.

And they found basically that, like, every company is like, oh, we're using AI. We're gonna use AI. We're gonna lean into AI. But then they're very, very vague about, like, what they're actually using it for and, like, what the actual benefits of of using it are. Like, they're really vague.

And so they say, quote, most of the anticipated benefits such as increased productivity were vaguely stated and harder to categorize than the risks. There was an MIT report in July that said despite 30 to $40,000,000,000 in enterprise investment into generative AI, this report uncovers a surprising result in that 95% of organizations are getting zero return. And it it that one's super interesting because they're saying, actually, a lot of companies are getting really specific productivity gains from AI and, like, very specific things, like, I don't know, customer service or something like that, but then aggregated out across, like, the entire an entire company or an entire industry is, like, AI is making something slightly more efficient, but then this issue of, like, hallucinations and, like, problem stuff coming up is hindering productivity even more than than, like, any sort of productivity gain. And then another one is a Gallup poll from June where it's like 40% of all workers say that they've used AI, but almost all of them say that they're, quote, using AI AI at work without guardrails or guidance. And so and they also said the benefits of using AI in the workplace are not always obvious.

And so I think that's how you get to this work slot question because, as you said, it's like the companies might say, use AI, or maybe a worker just, like, tried ChatGPT one time at home, and they're like, oh, I could just, like, have this do my job for me. And so they're using it, and then, like, that's how you end up with a bunch of, like, really shitty uses of AI because they are maybe not integrating it into their workflow. They're just, like, outsourcing their brain to this technology.

Yeah. Speaking of outsourcing, I think that brings us to the next story from Emmanuel. And you published this a few weeks ago, as I said, but it's amazing how these two lined up. The headline of this one is the software engineers paid to fix Vibe coded messes. I'm sure people know, but Vibe coding is basically using an AI assistant to develop code.

And maybe you're not the most familiar with code or maybe you have no knowledge of code whatsoever, but you want to build a video game or you want to build an app or something else, and you can do that through vibe coding, essentially. But it looks like that makes sometimes makes a mess and, you know, maybe even people are well, people are being paid to fix it as well. Just to step back a little bit, Emmanuel, what's this meme that you saw going around LinkedIn? Like, people were joking about, oh my god. I'm I'm just paid to fix people's messes or something.

Like, what

was the meme? Yeah. There was this screenshot going around on LinkedIn that showed a bunch of LinkedIn profiles where the person's job description was vibe coding cleanup specialist. And I don't know if you know this, but LinkedIn is definitely the most corny social media

Fully fully aware of that. Yeah.

So a bunch of people who thought they were really funny were kind of, like, screenshotting it and making the same joke about, like, vibe coding is supposed supposed to make coding easier, but then you've created, like, this whole new industry of people who fix Vibe coding projects because, actually, the end product is shoddy and somebody else has to come in and fix it, and really you haven't saved time or energy or money or nothing. You've just, like, created a new problem for an actual human programmer to solve. And I saw that, and I was kind of clicking around LinkedIn and looking up those profiles, and it wasn't clear to me that it was real. If you are one of those people on LinkedIn, please reach out to me. I'd like to talk to you.

But it seemed like some people changed their job description as a joke maybe. But I thought that the premise, like, felt true, and that's why jokes are funny usually is that they they speak to some truth. And I did some looking around, and it's definitely a thing. Like, it is a 100% a real job and increasingly a line of business for existing companies or an entirely new business for entirely new companies.

Yeah. So you spoke to a couple of these people who are fixing these vibe coded messes, basically. I think one was an individual and one was a entirely new company. Is that right? And like, what were they telling you about this this process?

Like, they're making real money doing this?

Yeah. So there's, like, two categories of people in this line of business now. One is, like, the freelance engineer, freelance computer programmer on platforms like Fiverr, and I think Upwork has some people that are doing this, but there's definitely a ton of them on Fiverr where it's basically like a gig working platform that we've covered before. And if you just search for Vibe Coding, there are a bunch of people who will Vibe Code stuff for you, and there is a bunch of people who will fix your Vibe Coded project and are essentially Vybe Coding cleanup specialists, and that's how they advertise their skill set. They're like, you're trying to make an app, you got what you wanted, but now it's kind of buggy.

I'll come in and I'll fix it for you. That's what I do. And Fiverr, I would say, in order to make money there, which is I think very hard to make a lot of money, but there's a lot of programmers in in India and other parts of the world where even though it's just, like, not a lot of money for a gig, it's that the money goes farther there, and there's a lot of people competing for the work. So they seem to kind of shift with the trends. Right?

It's like you offer in your skills whatever people are searching for. So a bunch of them have just shifted to this, like, I'll fix your VibeCode mess project. So there's those people. I talked to one guy. He says he has worked with, like, 15 to 20 clients.

He said that a lot of what he fixes is UI stuff. Right? So it's like somebody will vibe code an app. It will do what they want it to do, but it doesn't look like the thing they want it to look like, and he does all of that.

Probably security stuff as well. Like, I can't remember the specific examples, but there's been Vibe coding, and you can't imagine that, you know, the AWS keys and their permissions are handled in necessarily the best way when it's coupled together with AI. But, like, that's scary, the amount the amount of apps that are going out there about security probably.

That's a very good point. That hasn't come up, and I think it's not a coincidence that it hasn't come up. I think that nobody really wants to commit to, like, making your app super secure because the the stakes around that are very high and real. So I think our people are intentionally not talking about it. They're they're talking about more superficial things, but that's totally true.

Like, I would be very concerned about giving my information to a vibe coded app. I, a few months ago, reported about a vibe coded game that had a security issue that didn't compromise user's information, but, like, was abused to, like, deface the game that the person makes. So it's it's definitely a real issue. If you were to do something like that, if you if you wanted somebody to, like, fix your Vibe Coded project for security issues, I would recommend probably reaching out to one of these companies like Ulam Labs, which are based in Poland, I think, and, like, are a software engineering firm that has existed for a long time. But they just, like, open a new line of business where they advertise their skills to fix vibe coding projects.

And it's funny, like, I wish I had these people reach out before I published the story, but since I published the story, a bunch of other software engineering firms of that level got back to me, and they were like, yep. This is our business now. We totally do this. It's like, you wanna talk next time. So it's like, there's definitely a lot of people in that space.

And then one person I talked to who was very interesting, his name was Swatanatra Sani, and he's a vibe coder himself. And when he saw that vibe coding was catching on as a thing, he just went out and bought a bunch of domains that had Vibe Coding in the name, and one of those was Vibe Code Fixers. And when he realized that this was a problem because he started he himself as a Vibe Coder and other Vibe Coders who reached out for help and him helping other people, he realized that there's like a real business here. He used that domain name of vibecodefixers.com to create a platform where, like, you sign up as an engineer to offer your skills, and other people can come in with their projects and, like, connect with those engineers to fix those problems. So it's basically a Fiverr like, but the entire purpose of it is just to fix vibe coded vibe coded projects.

Yeah. It is admittedly smart where inserted himself as the middleman, which is the perfect software business. Right? Whatever, and, yeah, ride this wave of everybody making kind of shit apps. And if I could be the middleman that injects myself and connects them, I mean, did he give any indication how much money he's making or or or not yet?

I'm looking at the site right now, I don't know. It's a it's a real last website.

I don't think he he he is doing probably what what other tech startups would say is a smart thing to do, which is he doesn't care about monetization now. He just wants to be, like, the established place for this kind of thing. So I don't think he's charging anything. He's just getting as many engineers as possible to sign up so it's like a viable solution for this thing. He did have a lot of, like, really great insight, thought, not just as a person who operates this platform, but as somebody who is into vibe coding and has fixed other people's vibe coded projects.

And he said that often the biggest problem with clients is psychological in that you get someone who's not a software engineer who has an idea for an app, and they, like, start vibe coding the app and they get something semi functional, and they fall in love with it, they become very enamored with the fact that they made a thing, but then it's very shoddy and they come to him and they're like, please fix this thing. And he looks into it and he was and he's like, well, as an engineer, the smartest thing for me now to do is, like, put all of this in the garbage and start over and build it again without vibe coding because that will be a much better, much faster solution. But the client is like, no, no, no, my baby. You can't possibly do this. This is my app.

This is my dream. So I thought that was like a very interesting psychological aspect, and I could definitely see that being the case where you know, and this is what the promise of vibe coding is, right, where it's like you get a bunch of people who don't necessarily have the technical skills to build something, you suddenly let them build things, and that's great, but, you know, once you get to a real engineer, that dream can kind of fall apart. But he'll do it. Like, he'll fix he'll fix your shitty app and charge you for it, even though it's, like, probably not the best move.

Maybe we leave that there, and you can put that quote on his website. He'll fix your shitty app and charge you for it. We'll leave it there. If you're listening to the free version of the podcast on our Play Us Out, but if you are a paying four or four media subscriber, we're going be joined by our regular contributor, Matthew Gault, and we're to talk about a couple of other things. One is a malicious game on Steam that he covers, which targeted a cancer patient rather outrageously.

Then, keeping with the video game theme, we're gonna talk about a game that some people are finding very hard, including Jason, called Silksong. He's shaking his head. You can subscribe and gain access to that content at 404media.co. We'll be right back after this. Alright.

And we are back in the subscribers only section, and we've been joined by Matthew Gault. Thank you for joining us. We're talking about two stories that you did well, one, we published today, and the other is from a couple of weeks ago, but still incredibly relevant. The first one, Steam hosted malware game that stole $32,000 from a cancer patient live on stream. I mean, kind of explains itself in the headline.

Maybe we should just publish that. But you you went into this. It was blowing up on Infosec Twitter. It was over Twitch. You went through some blockchain records as well.

What was this game, and what did it claim to be? Is this like a fun little platformer? Like, what's this game?

It's called Blockblasters, and it was on PumpFun. It was not on Twitch. It's where the the stream happened. Blockblasters was the Steam game that came out on July 31, and it's like a Mega Man knockoff, basically. Side scrolling, jumping, got a little gun, shoot dudes.

I watched some gameplay of it. That's that's what it was. But in actuality, a month after it came out, Genesis Interactive, think is the name of the company that had published it, pushed a patch that had a nasty little dot bat file, a nice little batch file and some zips. And the batch file would run and unzip some things, and it would get into your computer and look at your Chrome extensions, your browser extensions, and looking for crypto wallets. And it drained a couple people's crypto wallets.

I think the last count was something like 400 that people had tracked down. I mean,

that's that's crazy. And I I know you had a couple of other examples in the piece. So it's not like widespread or anything, but it's happened multiple times. I just still think it's crazy that a game can be uploaded to Steam, which is, for all intents and purposes, the official, basically, PC clients of gaming on that platform, and it can just include malware. So it's come up a few times.

Right?

It's it's it's interesting because it doesn't happen often, but it's happened three times this year now. It was a PirateFi and some sniper game. And the sniper game, think, is one of the wilder ones because you you it had a demo, and you would click the button to download the demo, and it would redirect you to a GitHub to to download the demo, which is like Very sketchy. What's going on over there, quality control at Valve right now? And, you know, Valve Valve Steam is the biggest digital distributor of PC games.

It's it's always got some sort of issue around, like, shovelware and weird stuff in the store, and it seems like right now the the issue the big issue is this, this malware stuff.

Yeah.

The stakes are high here. Right? It's not just like a shovelware game. It's you could lose money.

Right. And and we'll get to that content moderation stuff in a second. But who who was this victim you focused on here? Because this very unfortunate cancer patient obviously catapulted this story into, like, another level. Like, people really, really cared about it.

So who was this victim? What happened to them? And sort of what happened after people learned about their story?

So it's a 26 year old Latvian guy named streams under name Rostaland, and mostly on PumpFun.

Can you just define can you just tell us what PumpFun is exactly first? Because I didn't know this.

It's a hellish place. It's it's a streaming platform where the streamer can create and then hype up their own MemeCoins. And so and, like, it's gotten it's calmed down a lot now, but it was the place for a while where, like, you would it was people that like, not not that had been banned from Twitch, but, like, Kik or Twitch would never touch. So it's stuff like a guy is gonna go to like, a guy is gonna, like, set things on fire in his house, destroy things. Like people did suicide attempts on there.

Like it was pretty dark on PumpFun for a while, and it was so you could hype up a meme coin and like cash out basically. So the streamer Ross Deland is using PumpFun to in part crowdfund like a cancer treatment in Latvia. Right. And he did a seven hour stream on the September 20 and like cashed out essentially into one of his crypto wallets. And then like you can see the the transactions in the the the blockchain like cashed out.

Seconds later, immediately, $32,000 drained.

Which is the malware kicking in from the Which

is the kicking in. And he had logged off, but the stream was still up. And so you watch him like discover this in real time and like break down. And his brothers are there and like trying to comfort him, and he obviously like he's in the middle of chemo, and it's like streaming's rough. Right?

Like being being on for that long is rough, and he just he just he has an emotional reaction. And so the whole crypto community and the pump fund people and the info sick people like all kind of see this, and then it becomes like a cause. He becomes a cause celeb. And so he's made whole people donate money to him, and then they they start to they start to deep like investigate blockbusters, and they find some things in in the code and are able to like they say zero zero in on the people that have created this thing on their Telegram channels and, like, really go after the the people that made it, they say.

Yeah. And and we don't go into that in the piece just because that is like another step of verification and reporting that maybe we'll get to, maybe we won't. But, yeah, the people are saying they've identified the creator. They issued a statement saying it wasn't me, blah blah blah. That's like a whole other thing.

So just briefly before we talk about Silksong, what do you think this shows us about content moderation on Steam? Because Steam has to moderate content, say, I know, Emmanuel did one about a game that was, you know, supporting her mass, so there's content moderation there. There's content moderation in I think they removed a bunch of sexual games recently. I think I think we covered that as well. How does this fit in?

Because it's a content moderation decision, but it's a little bit different. Like, what what do you make of it? Do they do they need to do a better job? Or

Yes. But it's like it's the same story we hear doing content moderation everywhere is that it's really really hard to do at scale in any kind of automatic fashion. And the people that are trying to slip a malicious code in, it's a cat and mouse game, and some things are gonna get through. And, you know, Valve is pretty good at catching stuff, but again, three times in the last couple months is a lot for this kind of thing. Yeah.

And so I just you know, with the amount of games that are coming through that digital store, it's it's really hard to catch everything.

Yeah. I mean, it's like thousands of games every single day, if not more. Right? Mhmm. Alright.

Let's get to the the main event. You wrote you wrote this piece while I was away in which you disparage, libel me, and I wasn't able to defend myself because I couldn't access the CMS and then right away encounter article or delete yours, but the headline is, does Silksong seem unreasonably hard? You probably took a wrong turn. Before we talk about the game a little bit more generally, and we and we won't deliberately spoil the game. I think everybody here has those who who those who have played it are still, you know, relatively early on.

But if you really don't wanna hear, then don't listen to this bit. But what is your piece specifically about? Because there are a lot of people when the game just came out, they were posting to TikTok TikTok, and they were very mad. Like, what were they mad about?

So libel is so does this whole podcast you luring me on so I can do slander as well on top of it?

Yeah. And then we own the IP of this, and then I and then I can use it against you, basically. Yeah.

Yeah. It's like NVIDIA investing in OpenAI. Anyway Right. So there is this early portion of Silksong, which is this two d platformer that people have been waiting for for eight years, where you have to do a pretty difficult jumping puzzle to get through an area called Hunter's March. There are these little red flowers and you have to like you have to pogo jump on them essentially.

Like it's a it's like you're you're doing it over some nasty thorns. You know, we've seen this in a thousand other platformers. But for whatever reason, and it's because I think Silksong and Hollow Knight have this reputation for being very difficult games, it became that specific area became like a thing that streamers and video game content makers and people that are publishing things on TikTok would focus on and use as evidence for the game being too hard and bad and poorly designed. And they would get like they would get very angry. So you'd see them trying to clear these red flowers and dying.

And one of the reasons it's so difficult is that the default down attack that Hornet, the main character, has is as a at a diagonal Yeah. Which makes those puzzles very, very difficult. But Hunter's March at that point that the point that you first encounter it in the game is not where you're supposed to go. I would argue that the game communicates that to you by being extremely difficult, and there are two upgrades that are available to you at that point in the game that you should be going and getting before you even attempt Hunter's Marge. Now you can brute force it and have a really unpleasant time and like get through those puzzles, but they're much easier if you go and get go into deep docks and get a dash, and then there's an optional crest you can go and get that changes your diagonal attack into a downward attack.

And it's pretty trivial.

And crucially, well, for the article at least where you're disparaging me, I did this, and you say that even 404 Media Zone Joseph Cox hit these red flowers and had declared silks I can't I can't remember where you got these quotes from. I guess I said I guess I said them in the group chat. But silksong, a bad game that he was, quote, disappointed in given his love of the original game. That's true. And then I think you continue to patronize me in some other form.

I just think, you know, that this was a game that you had said that you were really looking forward to and that you loved and that you had played the original Hollow understood Hollow Knight and that you were very good at these kinds of games. And then lo and behold, you're following into this you're falling into the same, like, streamer rage bait trap that is, like, TikTok fodder. It's like, you're better than that, man.

Sure.

I thought you were better than that.

Thank you. Emmanuel, I feel like you you're gonna say something.

I was gonna say something, but Sam is so embarrassed that I I I don't want to. Look my out eyes. I'm just looking at Sam.

He's like by the second.

Giga cringe just yeah. The sub counter is going down. I guess I do wanna say one thing. Anytime one of these games come out, whether it's like a a new Souls game or some other super hard game, it opens up the, like, Pandora's discourse box about, like, difficulty in games and, like, gatekeeping, and is it broken game design or is it challenging game design, or do you just need to, quote, get good or whatever? Two things that now that I hear Matthew explain this, I wish we would have put in an article, and that is, one, the people who are posting the videos of them being so frustrated with the jumping puzzle, they're just making content.

It's like great content, and it's like it was it was a trending subject at the time, and they're hamming it up for the camera. They're like playing and screaming, and that's what people kind of do on Twitch. And that's, I guess, not even necessarily like a critique of the game. It's just like, oh, the hard game is super hard, watch me, like, get frustrated.

Yep.

And then the other thing is you're totally right that there's this other like, the same thing happens in Dark Souls where you go down the wrong path and you can beat your head against the wall, but you can also just go a different way and then everything will be easier. But that is also, like that's probably that's not a mistake of of Team Cherry who made this game. Like, that was probably very intentionally, like, part of the fun. Mhmm. And it's like, I don't find it fun at all.

I hate this game. I think it's like really, really annoying. But I guess it just like it doesn't seem like a design flaw. It seems like very intentional.

Let me let me ask you this. Because I feel like we exist in this discourse bubble where there is both people that there are both people that complain about the games like this, Dark Souls, like Silksong, communicating their difficulty through gameplay and like trying to steer the player in a little bit more of an obtuse way. And I also see angry people complaining about yellow paint in Resident Evil four or Horizon, like leading you exactly where you need to go. And I feel like I hear the same thing, like both things all

the time. Yeah. I'm team yellow paint. I love the yellow paint. Paint the whole game yellow.

Yeah.

So my beef with beef with Donkey Kong Bonanza is that it tells you what to do at all times, and it's so boring. And I bought Silksong yesterday. I played it on a long airplane ride for, like, four hours, and it tells you nothing, and it was so boring also because I'm just like, what am I doing? I have no idea what I'm doing. I don't know how to get anything.

And it's like, I like I do really like hard games. I've beaten many, many hard games, but the games that I like that are difficult, I feel I feel like they're not punishing in this way. The way that this is punishing is, like, not enjoyable in any way. It's like you have to go, like, farm marbles to buy a map, like, not interested in this. It's like it's very difficult.

Like, you can barely do anything for quite a while in the game. Like, I feel like I'm very slow. I would like to I would like to be doing more stuff

It's not hard. Like, Enter the Gungeon is hard, where it's like, Enter the Gungeon, it's like, here's the game, and here are the rules, and it's really challenging. Here, it's like mind games. You know what I mean? It's like, I wanna torture you, and it's for sickos.

And I respect it, but not

for you. And I'm a sicko. I am that sicko, and even I have

cut the wall,

you know.

Yeah. We're what? We're we're clipping that when you just screamed I'm I'm the sicko. Oh, I'm

the sicko? Yeah. That means that's fair.

But related to what Jason said and Emmanuel said, go but this this leads me to a question I was gonna ask you, Matthew. There was a there was a piece even in the New York Times about Silksong, and I love it when, you know, niche games end up in, you know, the paper of record or whatever. And it was basically saying it was, you know, empty, and it was just pain for the sake of it. And I feel like that's related to what Emmanuel and Jason just said. Do do you agree with that?

Like, is that the vibe from this?

Yes. Having gotten into act two of Silksong, I resonate with that I think it's Youssef Cole, New York Times piece so much. He calls it empty masochism. So there is something about and I I Jason, I like to play the games of the hardest difficulty. I I like I like heavy friction in video games, but there's something about Silksong.

The farther I got into it, you do get the pieces like the dash, like the downward attack that allow you to overcome these problems, but it just unlocks new and more horrifying challenges that are even more oppressive and unpleasant once you get to them. And it really started to wear me down into the point where like I got into act two and I got I kind of saw the shape of what act two was going to be because it you know, I don't want to spoil it too much for you, Joseph, but some mechanics fundamentally change about the way the game works, and I kinda saw the whole, like, shape of the thing, and I was like, I don't wanna do this. I'm not I'm not going to put myself through the wood chipper for this anymore. And it's the New York Times piece really highlights like how beautiful the game is and like how it requires this mastery of you, but still that masochism ends up like, feels masochistic, and it feels empty. It's it's like you beat a boss and instead of feeling that elation that I feel in like Dark Souls, I feel dread in the pit of my stomach.

And it's not it has it has stopped being fun. Yeah. And there's too much other stuff out right now.

Yeah. That makes sense. Sam, so after you've heard heard all of that, Sam, are you gonna buy it?

No. No. No. I don't like I don't like hard anything. I don't like hard games at all.

I like to be immediately good at things. We had this exact discussion, I feel or everyone had this discussion around Elden Ring. Like Emmanuel said, it's just like it's like it's a conversation that keeps being had about, like, game design being too hard. I don't know. It's like, some games are just hard.

Go play something different. I will not be playing this.

Thank you. I also believe that when if this game's too hard for you, Matthew, just leave. It's it's fun.

Wild is too hard for me. So I'm button mashing Voltro currently. That's where I'm at.

Sure.

And I don't even know how the game works. I just like the noises. I'm basically a baby with a toy.

I think the problem is open world. Tell me where to go.

Yeah. Right.

Yeah. Or at least at least Alder Rank has, a cool horse. You know? The The Centimeters doesn't have any cool horses, I don't think.

I don't think so. No. The last thing I'll say sorry. Go ahead, Matthew. Oh, the horse, isn't it?

No. No. Don't tell me. Don't tell me. I don't I don't want to be spoiled.

The last thing I'll say is that I kind of agree that it's empty because in the original Hollow Knight, you do an insane challenge, and there'd be something cool at the end that would fundamentally change how you play the game. This is just a challenge for the sake of it, but now I know that I'm okay doing it because I'll just do the challenge, you know, for the sake of it. Anyway, how about So

Yes? So Go on. Sorry. So often it's like just one more thing. So often you're it's like some sort of an horrible platforming challenge, and then you get there and it's just a node that gives you shrapnel for the tool or like a bunch of rosary beads that I know I'm gonna lose the minute I die.

And it took so much to get up on that platform. And anyway, sorry.

No. No. I I I hear that, but now I know it, I feel like I can go into with that mentality. But again, we'll you quit.

Don't don't make me don't make me beat this game. No. Why are you doing this?

You quit just at the bit I'm about to get to, so who knows? I'm probably gonna do it as well. Alright. How about we leave that there? Maybe we should just do a gaming podcast, to be honest.

Anyway, okay. And I will play us out. As a reminder, four zero four media is journalist founded and supported by subscribers. If you do wish to subscribe to four zero four media and directly support our work, please go to 404media.co. You'll get unlimited access to our articles and an ad free version of this podcast.

You'll also get to listen to the subscribers only section where we talk about a bonus story each week. This podcast is made in partnership with Kaleidoscope. Another way to support us is by leaving a five star rating and review for the podcast. That stuff really helps us out. Here is one of those reviews from b m white Walt.

Great source of technology news, very approachable, five stars, and two thumbs up as well. This has been for media. We'll see you again next week.