Month: February 2026

The CIA Killed the World Factbook cia.gov

Bad news from the CIA. I mean, probably not what Senator Ron Wyden was referring to and, on a relative scale for the CIA, this is pretty tame. But, still, disappointing:

One of CIA’s oldest and most recognizable intelligence publications, The World Factbook, has sunset. The World Factbook served the Intelligence Community and the general public as a longstanding, one-stop basic reference about countries and communities around the globe. Let’s take a quick look into the history of The World Factbook.

Simon Willison:

In a bizarre act of cultural vandalism they’ve not just removed the entire site (including the archives of previous versions) but they’ve also set every single page to be a 302 redirect to their closure announcement.

The Factbook has been released into the public domain since the start. There’s no reason not to continue to serve archived versions – a banner at the top of the page saying it’s no longer maintained would be much better than removing all of that valuable content entirely.

I am just guessing here, but I think the CIA can afford to keep this stuff available online indefinitely. The Internet Archive can and it is not being given tens of billions of dollars annually

Leaks and Leakers zetter-zeroday.com

There have been a few stories recently involving the investigation of leaks by U.S. government employees and contractors, and the naked aggression shown toward leakers, and I thought it would be useful to round them up.

First, the U.S. Department of the Treasury, in a press release announcing the cancellation of contracts with Booz Allen Hamilton:

Most notably, between 2018 and 2020, Charles Edward Littlejohn — an employee of Booz Allen Hamilton — stole and leaked the confidential tax returns and return information of hundreds of thousands of taxpayers. To date, the IRS determined that the data breach affected approximately 406,000 taxpayers. Littlejohn has pled guilty to felony charges for disclosing confidential tax information without authorization.

Littlejohn was prosecuted under the Biden administration, and is being sued by the current president. The stories produced from the information he revealed, however, thankfully remain available. The New York Times and ProPublica each have stories revealing how little income tax is paid by the wealthiest Americans. It is not just a pittance relative to their net worth; in some cases, it is absolutely nothing.

Kim Zetter, Zero Day:

In February 2018, he was back in a position with access to IRS taxpayer data but didn’t immediately steal records. Prosecutors say he developed a “sophisticated” scheme to download the documents nine months later. This included not searching directly for documents related to the government official, which might have triggered a system alert, but querying the database “using more generalized parameters.” Prosecutors don’t specify the search terms Littlejohn used, but they note that the search parameters he used would have produced not only the tax records of the government official he sought to expose, but also those of other taxpayers he wasn’t targeting. By November 2018, he had extracted 15 years worth of tax records for President Trump, prosecutors say.

Because IRS protocols can detect and prevent “large downloads or uploads from IRS systems and devices,” according to prosecutors, Littlejohn avoided copying the records to removable media such as a USB stick — as Edward Snowden had done when he took documents from NSA servers. Instead Littlejohn “exploited a loophole in those controls” by transmitting the stolen tax records to a private website that he controlled, which was not accessible to the public.

Despite these careful steps, Littlejohn was ultimately caught, though I am not sure how. I read through relevant docket entries and, unless I missed something, I am not sure the government has explained its investigation, particularly since Littlejohn pleaded guilty.

A different case — Richard Luscombe and Jeremy Barr, reporting for the Guardian, last month:

The FBI raided the home of a Washington Post reporter early on Wednesday in what the newspaper called a “highly unusual and aggressive” move by law enforcement, and press freedom groups condemned as a “tremendous intrusion” by the Trump administration.

Agents descended on the Virginia home of Hannah Natanson as part of an investigation into a government contractor accused of illegally retaining classified government materials.

Nikita Mazurov, the Intercept:

Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with “the offense of unlawful retention of national defense information,” according to an FBI affidavit. The case attracted national attention after federal agents investigating Perez-Lugones searched the home of a Washington Post reporter. But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: an office printer with a photographic memory.

It is particularly rich for the Intercept to be pointing to the printer as a reason this individual was allegedly outed. Secret documents published by the site in 2017 included printer stenography that, while not directly implicated (PDF) in revealing the leaker’s identity, was insufficiently protective of their source.

In the case of Perez-Lugones, investigators were apparently able retrace his footsteps, as described in paragraphs 16 through 29 of the affidavit (PDF). It does not sound like he took particularly careful steps to avoid leaving a history of the documents he accessed and then printed. I have no illusions that my audience is full of people with top secret clearance and an urge to leak documents to the press, but anyone who is should consider reading — on their personal device in private browsing mode — the guidance provided by Freedom of the Press Foundation and NiemanLab.

Joseph Cox, 404 Media:

The FBI has been unable to access a Washington Post reporter’s seized iPhone because it was in Lockdown Mode, a sometimes overlooked feature that makes iPhones broadly more secure, according to recently filed court records.

Some general-audience publications, like the HuffPost, are promoting the use of Lockdown Mode as a “useful and simple built-in tool you should turn on ASAP” for anyone who “feels targeted by cybersecurity threats”. But we are all targeted, to some extent or another, by cybersecurity threats. Most people should not use Lockdown Mode. It is an enormously disruptive option that is only a reasonable trade-off for anyone who has good reason to believe they would be uniquely targeted.

Cox:

The FBI was still able to access another of Natanson’s devices, namely a second silver Macbook Pro. “Once opened, the laptop asked for a Touch Id or a Password,” the court record says. Natanson said she does not use biometrics for her devices, but after investigators told her to try, “when she applied her index finger to the fingerprint reader, the laptop unlocked.” The court record says the FBI has not yet obtained a full physical image of the device, which provides an essentially complete picture of what was stored on it. But the agents did take photos and audio recordings of conversations stored in the laptop’s Signal application, the court record says.

Warrants for seizing electronic devices have, for several years now, sometimes contained a clause reading something like “law enforcement personnel are authorized to […] press or swipe the fingers (including thumbs) of (the warrant subject) to the fingerprint scanner of the device(s) [and] hold the device(s) in front of the face of (the warrant subject to activate the facial recognition feature”.

One thing every iPhone owner should know is that they can temporarily disable biometric features by pressing and holding the power button (on the right-hand side of the device) and either volume button for a few seconds, until the “slide to power off” option appears. To reactivate biometric features, you will need to enter your passcode. You can press these buttons while your phone is in your pocket. You should do this any time you are anticipating an interaction with law enforcement or those working on their behalf.

However, I cannot find a similar capability for a MacBook with a Touch ID sensor. If you are the kind of person who feels like Lockdown Mode might apply to you, you should consider turning off Touch ID, too, and sticking with a strong and memorable passphrase.

Using an iPod in 2026 disconnect.blog

Paris Marx is trying to wean himself off U.S. tech services, in large part because of the leverage this dependence enables. On streaming music, and with a reasonable rejection of Sweden-based Spotify, Marx was left with a couple other options:

I’ve been on Apple Music for the past few years, but recently switched to Deezer 🇫🇷 and don’t see why I would need to go back given the catalogs of music-streaming services are pretty similar — unlike on the video side of things. Maybe another plus: Deezer isn’t trying to push video at me like Spotify does.

[…] Like streaming video though, there is another option: grabbing an old iPod or new MP3 player and loading it up with the music you want to listen to.

Well, Marx found his old iPod and is figuring out what needs modernizing and fixing up.

For Christmas this past year, a family member wanted a replacement for their iPod Nano. I looked up and down for options — something small and usable while running, but still a quality product with an easy syncing experience. I found I had basically two options: cheap iPod Shuffle lookalikes that are slow and difficult to use, and extremely expensive players for enthusiasts. So I bought a refurbished iPod Nano — and they love it.

While I was shopping in that store, it was awfully tempting to pick up a refurbished iPod Classic for myself. I still have a 60 GB fifth-generation model, though I do not think it can hold a charge. I remember when that felt like a lot of storage. I do not miss my iPod Touch or old iPhones, but I miss that iPod.

What’s Up With All Those Equals Signs Anyway? lars.ingebrigtsen.no

Lars Ingebrigtsen:

For some reason or other, people have been posting a lot of excerpts from old emails on Twitter over the last few days. The most vital question everybody’s asking themselves is: What’s up with all those equals signs?!

And that’s something I’m somewhat of an expert on. I mean, having written mail readers and stuff; not because I’ve been to Caribbean islands.

Good to know for anyone reading a giant tranche of someone else’s email which, through context clues, you may realize is the least creepy part of it all.

News Sites Are Bringing Comments Sections Back as a Paid Feature open.substack.com

Ben Whitelaw, writing for the New Public:

Publishers saw comment sections as a reputational hazard and a cost centre and, by the middle of the decade, a dozen sites — including Popular Science, Chicago Sun-Times, Motherboard, Reuters, and NPR — had significantly reduced or completely disabled commenting features. Each argued, often without the data to back it up, that its readers preferred to discuss stories via social media. And so, what was once heralded as a new frontier of reader dialogue died a not-so-quiet death.

A decade on, something surprising is happening: reader comments are having a mini renaissance. After years of chasing social media engagement and being burned in the process, publishers have realised that commenting has a tangible value — to the broader public, yes, but also in terms of advertising and subscription revenue.

Via Karl Bode, Techdirt:

The rush to vilify and eliminate the comment section ignored, as Ben notes, that a subscription to news outlets doesn’t just have to provide access to journalism, it can feature participation in journalism. As an online writer for decades, I’ve seen every insult known to man; at the same time I’ve routinely seen comment insight that either taught me something new or helped me correct errors in my reporting that both I and my editors missed.

The obliteration of the comment section threw that baby out with the bath water. Facebook comments are, if you haven’t noticed, a homogenized shit hole full of bots, rage, and bile that undermines connection and any effort at real conversation. These sorts of badly run systems are also more easily gamed by bad actors (like, say, authoritarians using culture war agitprop to confuse the electorate and take power).

I think I remain personally uninterested in having a comments section, but Whitelaw’s article has certainly made me consider how strongly I have that stance. It is tough because, while I expect readers would be respectful of one another — I often appreciate the comments under one of Michael Tsai’s posts — I am still wary of taking on the role of a moderator.

One thing both of these articles reinforced, however, is my pet theory that anonymity was never the problem. Whitelaw, who formerly led moderation of the Times of London’s comment section, writes of a commenter who wrote under their real name and was so “infamously combative” that they were eventually banned. Bode’s reference to the Facebook comments plugin — which goes away next week — is also a reminder that even people using their real identity were hostile commenters. The problem has always been with overly permissive moderation policies.

WhatsApp Encryption, a Lawsuit, and a Lot of Noise blog.cryptographyengineering.com

Joseph Menn, the Washington Post:

Most of WhatsApp’s 3 billion users probably don’t know it, but a prominent Los Angeles law firm is trying to speak on their behalf in a lawsuit filed against its owner Meta that alleged the company can “access virtually all of WhatsApp users’ purportedly ‘private’ communications.”

Security experts questioned the lack of technical detail in the lawsuit, and WhatsApp denied the claims.

I read the suit (PDF) last week after I stumbled across it while trying to find a different Meta lawsuit on CourtListener, and it can be accurately summarized as big, if true, with a heavy emphasis on if. There is basically no evidence presented for the claims, and I wrote it off as some kind of rambling nonsense because I completely missed it was filed by attorneys working at Quinn Emanuel.

Matthew Green:

The Internet has mostly divided itself into people who already know these allegations are true, because they don’t trust Meta and of course Meta can read your messages — and a second set of people who also don’t trust Meta but mostly think this is unsupported nonsense. Since I’ve worked on end-to-end encryption for the last 15+ years, and I’ve specifically focused on the kinds of systems that drive apps like WhatsApp, iMessage and Signal, I tend to fall into the latter group. But that doesn’t mean there’s nothing to pay attention to here.

Hence: in this post I’m going to talk a little bit about the specifics of WhatsApp encryption; what an allegation like this would imply (technically); we can verify that things like this are true (or not verify, as the case may be). More generally I’ll try to add some signal to the noise.

Green is careful to describe the limited visibility any outsider has when it comes to closed-source applications. Even so — and even with Meta’s scumbag reputation — it is difficult for me to believe the company is simply lying about end-to-end encryption, and Green presents compelling evidence for why this is unlikely. A vulnerability? Perhaps. But the claims in this apparently serious lawsuit go well beyond that.

Elon Musk Gives Himself the Biggest Handshake theregister.com

You may remember how, a little under a year ago, Elon Musk’s company xAI bought Elon Musk’s other company X, “valuing” it at $44 billion, exactly the same as the amount he paid for it despite Fidelity valuing it at more like $9 billion. Then, just a few months later, Elon Musk’s company SpaceX gave Elon Musk’s company xAI $2 billion. And, just last week, Tesla — a publicly traded company Elon Musk runs — gave xAI another $2 billion.

Anyway, here is Tobias Mann, with the Register:

Elon Musk on Monday revealed his space company SpaceX has acquired his AI outfit xAI, and that the two will work together to escape the surly bonds of Earthly powers by tapping the sun’s enduring glow.

“This marks not just the next chapter, but the next book in SpaceX and xAI’s mission: scaling to make a sentient sun to understand the Universe and extend the light of consciousness to the stars,” Musk wrote in a bizarre blog post published to SpaceX’s website on Monday.

Apparently, the combined company is worth $1.25 trillion on annual revenue of $15 billion, up from a valuation of $400 billion six months ago, presumably because investors love stuff like this:

“My estimate is that within two to three years, the lowest cost way to generate AI compute will be in space,” Musk contends in his post. “Long term space-based AI is obviously the only way to scale.”

“Obviously”. Sure, man. How else would you scale up your massive CSAM generator if not for the vastness of outer space? All of this is completely reasonable, and I am just a very stupid person for not getting it.

Call Screening Is the Best Reason to Update to iOS 26 businessinsider.com

Apple:

Call Screening automatically answers calls from unknown numbers without interrupting you. Once the caller shares their name and reason for their call, your iPhone rings and shares their response so you can decide if you want to pick up. You can also choose to silence calls from unknown callers and send them directly to voicemail.

I understand being reluctant to update to iOS 26, but if you are as irritated by spam calls throughout your day as I am, this feature is a compelling reason to make the leap. I have had it switched on since the first iOS 26 beta releases and, while I still receive spam calls, virtually none of them have actually notified me.

If you frequently get calls from numbers you are not saving to your contacts, this is probably not a feature for you. It is also something you have to remember to turn off in instances where you might get calls from an unknown number. I have forgotten to do so before and then I need to rush to answer the phone. But I do not live the life of a publicist or celebrity lawyer, and the main reason I get phone calls to my personal number is because someone is trying to defraud me, and I would rather not speak to them.

Katie Notopoulos, of Business Insider, does not like this feature:

Sure, you say, most of those unknown calls are junk. Well, not exactly — there’s already a spam filter that’s separate from unknown callers. I wouldn’t say it’s perfect, but I find it’s pretty accurate in assessing “spam risk.” (Android users here will probably laugh, since they’ve had this feature for a long time.)

This feature — unknown call screening — is for non-spam unknown callers — a doctor’s office, your kid’s school, a friend with a new number, someone from work whose number you don’t have saved yet. Sure, some of these may be annoyances that you don’t actually want to deal with (I don’t want to “deal” with my dentist reminding me of my appointment, but that’s life). Still, having a phone number where people who need to reach you can reach you is the point of the phone.

The separate spam filtering feature appears to be carrier-specific; it is not an option available to me.

I am not someone who is opposed to phone calls in general; I do not usually mind answering them even when I am doing something else. However, one of the things Notopoulos’ article omits is how the reception of the cold phone call changed as cell phones became the norm. The fact that someone can call me anywhere does not mean I wish to be reached everywhere I happen to be carrying the device that is, among many other things, a phone.

Notopoulos is nostalgic for “having a clever outgoing answering machine message” and seems to be fine with voicemail, so the principle of deciding whether to answer the phone does not seem to be a problem. But having a middle layer that gives the recipient more information is, apparently, a step too far, for reasons I do not understand. Nothing about this prevents making or receiving phone calls. It just means I get to decide whether I want to interact with criminals.