If you want to sniff out a North Korean hacker, try getting them to say something rude about the Glorious Leader, Kim Jong-un. CC-licensed photo by DonkeyHotey on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
There’s another post coming this week at the Social Warming Substack on Friday at 0845 UK time. Free signup.
A selection of 10 links for you. Dieting. I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. On Bluesky: @charlesarthur.bsky.social. Observations and links welcome.
Tulsi Gabbard reused the same weak password on multiple accounts for years • WIRED
Tim Marchman:
»
Tulsi Gabbard, the director of national intelligence, used the same easily cracked password for different online accounts over a period of years, according to leaked records reviewed by WIRED. Following her participation in a Signal group chat in which sensitive details of a military operation were unwittingly shared with a journalist, the revelation raises further questions about the security practices of the US spy chief.
WIRED reviewed Gabbard’s passwords using databases of material leaked online created by the open-source intelligence firms District4Labs and Constella Intelligence. Gabbard served in Congress from 2013 to 2021, during which time she sat on the Armed Services Committee, its Subcommittee on Intelligence and Special Operations, and the Foreign Affairs Committee, giving her access to sensitive information. Material from breaches shows that during a portion of this period, she used the same password across multiple email addresses and online accounts, in contravention of well-established best practices for online security. (There is no indication that she used the password on government accounts.)
Two collections of breached records published in 2017 (but breached at some previous unknown date), known as “combolists,” reveal a password that was used for an email account associated with her personal website; that same password, according to a combolist published in 2019, was used with her Gmail account. That same password was used, according to records dating to 2012, for Dropbox and LinkedIn accounts associated with the email address tied to her personal website. According to records dating to 2018 breaches, she also used it on a MyFitnessPal account associated with a me.com email address and an account at HauteLook, a now-defunct ecommerce site then owned by Nordstrom.
«
Now, you might say that she’s surely doing something different now she’s in government. No: leopards don’t change their spots, or their password habits. State hackers have probably been all over her accounts of every sort for years, because you never know your luck – an idiot like that might get put into government if you wait long enough.
unique link to this extract
Administration’s altered Signal chats pose new cyber risks, experts say • The Washington Post
Joseph Menn:
»
The system adopted by President Donald Trump’s administration to archive messages on the Signal app in the wake of the debacle over the Houthi strikes chat group has serious security vulnerabilities, cyber experts say, and probably already has been exploited by foreign intelligence groups.
The use of TeleMessage archiving software emerged after Reuters published a photo of a Cabinet meeting last week showing it on the phone of then-national security adviser Michael Waltz.
In the days since, two hackers have contacted the media and demonstrated that they have broken into TeleMessage systems, with one retrieving data about current officials, though not Cabinet members. The hackers provided screenshots accurately listing users of the software at U.S. Customs and Border Protection and at cryptocurrency exchange Coinbase, but not the contents of messages.
Founded in Israel by an Israeli military expert, TeleMessage was acquired this past year by Portland, Oregon-based Smarsh. TeleMessage recently took down most of its website and said it has suspended services as it investigates the hacks.
On Tuesday, Sen. Ron Wyden (D-Oregon) asked Attorney General Pam Bondi to investigate whether national security had been jeopardized by the use of TeleMessage, citing analysis of the tool’s code showing that message backups were stored inside ordinary programs from Microsoft, Google and other companies.
«
Just amazing: a company called Smarsh involved in a potentially gigantic hack of the US government. Just one letter away from the evil organisation in the James Bond series. Utterly perfect, no notes.
unique link to this extract
DOJ’s proposed Google changes would “deeply undermine user trust”, search chief says • The Verge
Lauren Feiner:
»
The government’s proposal to make Google share its search data with competitors would “deeply undermine user trust” by putting queries in the hands of potentially less secure rivals, the company’s search chief Elizabeth Reid testified Tuesday.
The Justice Department has proposed forcing Google to syndicate its ranking signals and other search data to competitors, something it says will level the playing field and end Google’s search monopoly. But Reid argued that exporting that data would shake users’ faith that their searches would stay private, and its value would create an incentive for hackers to go after small competitors. “Once it’s turned over to a qualified competitor, there’s no further protections we can give,” she said. “A startup is generally not a target because it’s small, but now it has this huge treasure trove of data.”
Google is fighting the DOJ’s sweeping proposals, which also include forcing it to sell its Chrome browser, by arguing for more limited changes to its search distribution contracts (it plans to appeal the monopoly ruling, but can’t do so until Judge Amit Mehta issues a remedies decision). Reid’s testimony follows that of other executives, including CEO Sundar Pichai, who claimed the government’s proposals could drastically change Google and the larger web. The DOJ says its proposals are all necessary to restore competition to the search market, and it’s argued that Google is exaggerating their dire effects.
«
This sounds desperate on Google’s part, to be honest. Do people really think that if they go on another search engine it’s all not to be trusted? Stories abound of people convicted because of their Google search history. (There’s a case ongoing in Australia reliant on this.)
unique link to this extract
A.I. is getting more powerful, but its hallucinations are getting worse • The New York Times
Cade Metz and Karen Weise:
»
Last month, an A.I. bot that handles tech support for Cursor, an up-and-coming tool for computer programmers, alerted several customers about a change in company policy. It said they were no longer allowed to use Cursor on more than just one computer.
In angry posts to internet message boards, the customers complained. Some canceled their Cursor accounts. And some got even angrier when they realized what had happened: the A.I. bot had announced a policy change that did not exist.
“We have no such policy. You’re of course free to use Cursor on multiple machines,” the company’s chief executive and co-founder, Michael Truell, wrote in a Reddit post. “Unfortunately, this is an incorrect response from a front-line A.I. support bot.”
More than two years after the arrival of ChatGPT, tech companies, office workers and everyday consumers are using A.I. bots for an increasingly wide array of tasks. But there is still no way of ensuring that these systems produce accurate information.
The newest and most powerful technologies — so-called reasoning systems from companies like OpenAI, Google and the Chinese startup DeepSeek — are generating more errors, not fewer. As their math skills have notably improved, their handle on facts has gotten shakier. It is not entirely clear why.
Today’s A.I. bots are based on complex mathematical systems that learn their skills by analyzing enormous amounts of digital data. They do not — and cannot — decide what is true and what is false. Sometimes, they just make stuff up, a phenomenon some A.I. researchers call hallucinations. On one test, the hallucination rates of newer A.I. systems were as high as 79%.
These systems use mathematical probabilities to guess the best response, not a strict set of rules defined by human engineers. So they make a certain number of mistakes. “Despite our best efforts, they will always hallucinate,” said Amr Awadallah, the chief executive of Vectara, a startup that builds A.I. tools for businesses, and a former Google executive. “That will never go away.”
«
That will never go away. Words to remember every time you come across one of these systems’ outputs. Might be correct. Then again, maybe not. And how are you going to tell?
unique link to this extract
Tesla sales collapse in Europe • Ars Technica
Jonathan Gitlin:
»
Tesla is in deep trouble in Europe. The electric vehicle maker, which once dominated EV sales in the region, is facing sales declines of more than 50% in France, the Netherlands, Sweden, Denmark, and the UK. Sales in Germany weren’t quite as bad—they fell by 46% in April, with slightly smaller decreases in Portugal and Spain. Only Italy and Norway saw any kind of sales growth.
The headwinds were already looking unfavourable for Tesla even before CEO Elon Musk threw his lot in with Donald Trump and his authoritarian makeover of the US government. A small and outdated product portfolio was already looking stale compared to the influx of EVs from Chinese brands and European automakers, but Musk’s hard-right turn and the US government’s ongoing antagonism toward the rest of the world has soured the brand entirely. And a recent styling refresh for the Model Y has failed to arrest the slide.
The UK has been one of Tesla’s biggest markets in Europe, and it’s seeing something of an EV boom, with 8.1% more BEVs registered in April 2025 than the year before, even as overall car sales have dropped by 10.4% year on year. But Tesla’s sales fell by 62%—the automaker registered just 512 cars all month. For context, 120,331 new cars were registered in the UK last month, of which 24,558 were BEVs.
In Germany, the overall car market fared much better, with new registrations decreasing by just 0.2% in April. Of those new cars, 45,535 were BEVs—a 53.5% increase year over year. In the context of those rising BEV sales, Tesla’s 46% year-on-year decline should have alarm bells ringing.
«
Blaming this on Musk’s politics (which the original headline does – I changed it) seems to me an overreach. As the story notes, Tesla’s lack of refresh for its models is in stark contrast to Chinese companies such as BYD. And there’s the most important point of all: price. Tesla hasn’t got a “cheap” model. Rivals have.
I think Musk’s politics might have put a few buyers off, but ageing pricey cars competing against new cheaper ones is a more likely explanation in an expanding market.
unique link to this extract
Collections: why archers didn’t volley fire • A Collection of Unmitigated Pedantry
Bret Deveraux:
»
This week we’re looking at a specific visual motif common in TV and film: the arrow volley. You know the scene: the general readies his archers, he orders them to ‘draw!’ and then holds up his hand with that ‘wait for it’ gesture and then shouts ‘loose!’ (or worse yet, ‘fire!’) and all of the archers release at once, producing a giant cloud of arrows. And then those arrows hit the enemy, with whole ranks collapsing and wounded soldiers falling over everywhere.
And every part of that scene is wrong.
«
He goes into this in some detail: the confusion seems to originate in how firearms such as muskets were used. But it’s strange how tropes become embedded.
unique link to this extract
Particle brings its AI-powered news reader to the web • TechCrunch
Sarah Perez:
»
Particle, the startup behind an AI-powered newsreader that aims to help publishers, not just steal their work, is bringing its product to the web. On Tuesday, the company announced the launch of the new Particle.news website that connects news consumers with headlines and AI summaries from a variety of sources, plus the ability to delve into various categories like Technology, Sports, Entertainment, Politics, Science, Crime, Economics, and Video Games, in addition to browsing the day’s most popular stories on the home page.
The company thinks that bringing its product to the web will help to reach more readers, giving them a different way to keep up with the news using AI technology enhancements.
Like the existing Particle mobile app, the site offers AI tools designed to help consumers better understand the news. Instead of just summarizing stories into key bullet points for quicker reading, Particle also extracts key quotes and allows users to ask questions about the story via an AI chatbot.
«
Had a look: it’s very thin, and doesn’t offer anything that you wouldn’t get from the analysis (or even liveblog) pages of a grown-up newspaper website. Other opinions welcome.
unique link to this extract
Ukraine pinning war hopes on expanded drone program • The New York Times
Andrew Kramer:
»
The Ukrainian soldiers rose in the predawn, stretching, rubbing their eyes and rolling up sleeping bags in a basement hide-out near the front line in the country’s east. Their day would not take them far afield. Most stayed in the basement, working with keyboards and joysticks controlling drones.
At a precarious moment for Ukraine, as the country wobbles between hopes that President Trump’s cease-fire talks will end the war and fears that the United States will withdraw military support, the soldiers were taking part in a Ukrainian Army initiative that Kyiv hopes will allow it to stay in the fight absent American weapons.
Should the peace talks fail, or the United States discontinue arms shipments, the Ukrainian drone initiative is likely to take on more importance. The program doubles down on unmanned systems that are assembled in Ukraine, mostly small exploding drones flown from basement shelters.
…“It’s not man against man anymore,” said the commander of the squad operating from the basement in eastern Ukraine.
The group flies first-person-view drones, which give the pilot the video equivalent of a front-row seat as bombs hurtle into Russian soldiers, cars, tanks or bunkers. In keeping with military protocol, the commander asked to be identified only by his first name and rank, Private Artem.
Even before the Line of Drones, Ukraine was relying heavily on unmanned weapons, which now inflict about 70% of all casualties in the war on both sides, the Ukrainian military says — more than all other weapons combined, including tanks, howitzers, mortars and land mines. While those other weapons are partly provided by the United States, the Ukrainians assemble the drones domestically from components mostly made in China.
«
This is very Black Mirror – specifically, S4E5, Metalhead.
unique link to this extract
There’s one question that stumps North Korean fake workers • The Register
Iain Thomson:
»
Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is an answer, for the moment at least.
According to Adam Meyers, CrowdStrike’s senior veep in the counter adversary division, North Korean infiltrators are bagging roles worldwide throughout the year. Thousands are said to have infiltrated the Fortune 500.
They’re masking IPs, exporting laptop farms to America so they can connect into those machines and appear to be working from the USA, and they are using AI – but there’s a question during job interviews that never fails to catch them out and forces them to drop out of the recruitment process.
“My favorite interview question, because we’ve interviewed quite a few of these folks, is something to the effect of ‘How fat is Kim Jong Un?’ They terminate the call instantly, because it’s not worth it to say something negative about that,” he told a panel session at the RSA Conference in San Francisco Monday.
Meyers explained the North Koreans will use generative AI to develop bulk batches of LinkedIn profiles and applications for remote work jobs that appeal to Western companies. During an interview, multiple teams will work on the technical challenges that are part of the interview while the “front man” handles the physical side of the interview, although sometimes rather ineptly.
“One of the things that we’ve noted is that you’ll have a person in Poland applying with a very complicated name,” he recounted, “and then when you get them on Zoom calls it’s a military age male Asian who can’t pronounce it.” But it works enough that quite a few score the job and millions of dollars are being funneled back to North Korea via this route.
«
That’s the cleverest Kryptonite I’ve ever seen.
unique link to this extract
Sam Altman, the architect of ChatGPT, is rolling out an orb that verifies you’re human • CBS News
Aimee Picchi:
»
Sam Altman, the CEO of OpenAI and the architect of ChatGPT, is behind a venture that wants to solve a modern-day problem: proving you’re human amidst a proliferation of bots and artificial intelligence.
The startup, called World (formerly Worldcoin), is launching in the U.S. with the distribution of 20,000 tech devices called Orbs that scan a person’s retina to verify they are human. After confirming a person’s humanity, World then creates a digital ID for users that proves their personhood, distinguishing them from a bot or AI program that can mimic human behavior.
The device, which looks like something out of “Black Mirror,” may seem ironic coming from Altman, given that its purpose is to help people stand out from the very same types of technology he helped develop. But World’s backers say the Orb and its “proof of personhood” is addressing a problem that can stymie everything from finance to online dating: bots impersonating people.
…The Orb doesn’t store any biometric data… The device takes photos to ensure a person is human, but then stores that info on the user’s device, not in the Orb, according to World’s website.
World also has a link to cryptocurrencies, as the Orb’s human-verification process is designed to be used in the World App, which is a digital wallet that gives people access to decentralized finance and cryptocurrencies.
The time is right for a rollout in the U.S., [project backer Jake] Brukhman said, with expectations of looser crypto regulations under Trump administration.
«
On the one hand, we do need a way to verify that people are people. On the other, how do you stop someone just using AI and verifying it with their login? Or giving the login to a system?
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 
Forcing Google to share personally identifiable search data with competitors would indeed be outrageous and a massive privacy catastrophe just waiting to happen.
This surely can’t be about that kind of data, but something else.
But giving “any data” to competitors is likely to have no effect whatsoever in terms of competition. Their uncompetitiveness is not caused by lack of “data”, whatever this “data” means.
We use Google simply because it’s Google and it’s good enough 🤷♂️ It’s even part of our vocabulary. Good luck against that.
(The Chrome sell off demand is even more ridiculous. Who would buy it for tens of billions of dollars and why? What happens if there is no buyer? The tech is free and the other big tech can’t buy it and use it as a launchpad for their own services.)
When it comes to court cases involving search data, they’ve probably just looked at a person’s computer or phone. For example, Chrome stores locally all your search history about burying someone.
Google is also obliged to share that data if they have it (I think they do if you search while logged in, but you can manage it) and you have a court order.
I don’t fully agree with you on Tesla sales (sorry Chas).
Previously Tesla were on my list of possibles when buying a new car, especially because of their charging network.
And since 2018 I’ve bought an electric and then a plug-in hybrid.
Now Tesla would not even get on that list of possibles all because of Mr Musk.
And the people who support him tend to think of net zero as ‘nonsense’ (see what Reform are saying about blocking green initiatives in their newly controlled councils), so they’re not a great source of new sales either.
That’s got to hurt.