'Hero' United Airlines Passenger: I Almost Didn't Take That Flight

You might have seen the name Chase Irwin. He’s a Nashville restaurant manager who became a little bit Internet famous and was hailed as a hero recently, after he aggressively called out a fellow passenger on United Airlines for “body shaming” a third passenger in a text message.

The whole episode never would have happened, Irwin told me, but for a ridiculously big change fee on another airline.

He’d had been in Oklahoma City for a graduation, and his ride to the airport got him there 12 hours before his scheduled departure. Switching to an earlier flight on Delta would have cost him $900, he said. So he scrapped that and bought a ticket on United Airlines instead.

That’s what landed him in seat 15C of a United flight to Chicago, for the first leg of his trip, which had a 30 minute delay. As they sat on the tarmac, he said had a clear view of the cell phone the male passenger diagonally ahead of him, in 14B, was texting on. 

“The guy had his phone out far from his face. The font size was really big. And I saw the words, ‘sitting next to a smelly fatty,'” Irwin said. 

Then, Irwin said, he saw that the woman in 14A was crying, and looked like she was trying hard to push against the window away from the man. Irwin leaned forward and read the rest of the man’s message. 

He grew incensed. Over the next few minutes he talked with two flight attendants, and worked out a plan with them to convince the man to change seats with Irwin, so that the woman wouldn’t have to sit next to him.

Irwin, 34, who is about six feet tall and 200 pounds, told me he stood up and grabbed the shoulder of the passenger who’d been texting, who was about 5-foot-6 and “160 or 170,” and seemed to be in his 50s or 60s.

“You’re a heartless person,” Irwin remembered saying, and ordered him to switch seats. “I wasn’t quiet. I wanted people around him to see he was a jackass.”

The other passenger actually said “thank you,” perhaps not understanding the context, and Irwin said he sat next to the woman and tried to take her mind off the offensive message (which she had in fact read) for the rest of the flight. 

Based on Irwin’s account alone, it might be a bit hard to know what to make of this whole thing. The unidentified texter was impolite, but he did seem to be sending a private message. 

Meantime, Irwin used his size to act aggressively against another passenger on an airliner, with the apparent assent of the flight crew. 

However, the story only came to light because the woman passenger, Savannah Phillips, posted about it publicly afterward on Facebook—-as a way to try to find Irwin and thank him for what he’d done. That post went viral (more than 1,500 shares  so far), and commenters almost unanimously praised Irwin for his actions.

“The flight attendant kept trying to give him free drinks and told him that he was her hero,” Phillips wrote. “He wasn’t her hero–he was mine. …  I told him that he was a blessing sent to me and how thankful I was that he was there.”

By the time his connecting flight landed in Nashville, Irwin, who is general manager of a bar there called Dierks Whiskey Row, said his company’s corporate office in Arizona had seen her post and had contacted him. He and Phillips reconnected within hours.  

United Airlines told Newsweek, which reported on the whole incident: “We appreciate the efforts of the customer and would like to hear from Ms. Phillips to understand what occurred.”

23andMe Goes Global In Its Data-Mining Efforts

Yanny or Laurel—could the secret to which word you hear be in your DNA? It’s a notion someone pitched at 23andMe headquarters Thursday, during the consumer genetics outfit’s annual Genome Research Day. (Spoiler: The company is not going to roll out a survey to see if the latest meme has a genetic component.)

The event—a sort of cross between a science fair and a recruiting booth—attracted more than 100 researchers to the company’s candy cane–colored lunchroom for a day of talks, poster presentations, and most importantly, information sessions about how to work with 23andMe’s consumer data riches.

23andMe owns more than 4 million genetic profiles from customers who’ve consented to be studied, one of the biggest genetic research resources in the US. And because most of those people fill out lots of surveys, each genetic profile comes attached to about 300 phenotypic data points—like how many cigarettes you’ve smoked during your lifetime or if anyone in your family has ever been diagnosed with mild cognitive impairment.

And while the company has doubled in size over the last two years, growing rapidly to mine that data for scientific discoveries, the sheer volume is too much for it to tackle on its own. That’s why 23andMe has also been amping up its research collaborations with outside academics and nonprofit institutions with meetings like this one. As CEO Anne Wojicki told the lunchroom full of researchers, “I’ve always wanted to help scientists do what they genuinely love—analyzing data, not just collecting it. That’s how we really accelerate research forward.”

But 23andMe won’t work with just anyone. The company accepts applications for research projects twice a year and only accepts 10 percent of proposals. Here’s a hint, though, if you want to join forces with the genetic juggernaut: Come up with a project that helps 23andMe’s bottom line.

That’s the message scientists got Thursday, in a standing-room-only breakout session about how to collaborate with 23andMe. Liz Noblin, a project manager at the company, walked researchers through the selection criteria the company uses to evaluate proposals: “We’re looking for the first, the largest, the most novel,” she said. This emphasis on quality and innovativeness pretty much aligns with what scientists looking to publish in top-notch publications would be looking to do anyway. After that it’s more about what researchers can bring to 23andMe. The company is looking for projects that will grow its business—new statistical methods to extract even more information from each customer’s genetic profile, association studies to power new consumer reports, basically, anything that will make the 23andMe products—both the spit kits and its database—more valuable.

That includes people of color, who are essential to making the company’s research and products more broadly relevant. Like almost every other genetic database in the world, 23andMe is overwhelmingly white. That means that its ancestry reports vary in quality depending on the color of your skin. People of European descent get a genetic equivalent of today’s Google Maps—precise, high-res, granular. Most everyone else gets the 2011 version—blurry and incomplete. 23andMe is also working to develop drugs in its therapeutics division and with pharma clients, but if it can only look at caucasian DNA, those treatments could be less effective for non-white patients.

It’s kind of a chicken and egg problem. People of color won’t buy the kits because the results don’t tell them much, and the results won’t tell them much until more people of color have profiles in the database. So 23andMe has recently begun subsidizing research projects that could fill in those gaps.

The latest is its Populations Collaborations Program, through which the company gives researchers free genotyping and DNA analysis services and up to $10,000 to collect samples from those blurry, unsequenced places, like Mongolia, Micronesia, and pretty much all of Africa and the Middle East. In return, 23andMe gets to add all that DNA to its database. The researchers don’t have to necessarily be geneticists—the company has already had one-off collaborations with anthropologists, linguists, even the odd econometrician to add a spit-gathering component to their projects. The company has now launched a formal application process for the grants, the first of which will be awarded this summer. One of the things the company says it’s evaluating is how the people sampled will ultimately benefit from the research. That’s important to prevent the appearance that the program is merely a bioprospecting expedition to enrich 23andMe’s data stores.

But most researchers at the event were more interested in how the company’s data could jumpstart their own projects. Take Jessilyn Dunn, a Stanford post-doc who’s on her way to Duke in the fall to start her own biomedical informatics lab. She made the trip to Mountain View to see if 23andMe profiles might be a good supplement to the data she plans to collect from wearables and other connected medical devices. “It’s really exciting to be striking off on my own, but it’s also really scary,” says Dunn.

She needn’t worry: If she decides she doesn’t like academia, there’ll probably be an opportunity waiting for her back in Mountain View. When asked by a scientist in the crowd what she hoped to accomplish with the Genome Research Day, Wojicki laughed. “I mean, I don’t want to be too obvious, but is anyone here looking for a job?” No one raised their hands. But the company is hoping that a taste of that 23andMe data might change their minds.


More Great WIRED Stories

Gadget Lab Podcast: How to Make Bike Commuting Less Daunting

It’s national bike month, which means if you have the means, it’s a good opportunity to gear up (see what we did there) and ride your bike to work instead of driving. But if you’re not a regular cyclist, the whole idea can be a bit daunting; so “Bikes” Calore talks you through the essentials and tells you what you really need to get started, from helmets to bike locks to pants that have some give in the areas that matter. And if you’re looking for more high-tech options, we’ve got suggestions for you there, too, like a bike helmet you can control with your Apple Watch, the best portable Bluetooth speaker for your bike, and important things to consider when you’re considering wearables.

Some notes: You can find Mike’s full Bike Commuter Buying Guide here, which lists 14 essentials that will improve your ride.

Recommendations this week: In keeping with the biking theme, Mike recommends these elastic shoelaces; Arielle recommends the book “Private Citizens” which she is currently racing home on her bike to read (it’s that good); and Lauren’s recommendation this week is a low-tech one: try ditching your phone at dinner time, if you’re the kind of person who usually has it stuck on the table like it’s a necessary utensil. You’d be amazed at how much more fun dining with friends can be.

Send the hosts feedback on their personal Twitter feeds. Arielle Pardes is @pardesoteric, Lauren Goode is @laurengoode, and Michael Calore is @snackfight. Bling the main hotline at @GadgetLab. Our theme song is by Solar Keys.

How to Listen

You can always listen to this week’s podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here’s how:

If you’re on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts, and search for Gadget Lab. And in case you really need it, here’s the RSS feed.

If you use Android, you can find us in the Google Play Music app just by tapping here. You can also download an app like Pocket Casts or Radio Public, and search for Gadget Lab. And in case you really need it, here’s the RSS feed.

We’re also on Soundcloud, and every episode gets posted to wired.com as soon as it’s released. If you still can’t figure it out, or there’s another platform you use that we’re not on, let us know.

PayPal agrees to buy Sweden's iZettle in $2.2 billion deal

(Reuters) – PayPal Holdings Inc (PYPL.O) has agreed to acquire iZettle, one of Europe’s best known financial technology startups, for $2.2 billion, the companies said on Thursday.

FILE PHOTO: The PayPal logo is seen at a high-tech park in Beersheba, southern Israel August 28, 2017. REUTERS/Amir Cohen/File Photo

The deal will enable PayPal to expand its presence in in-store payments globally, and will mark the largest-ever acquisition by the San Jose, California- based company.

iZettle is best known for offering small businesses a mini credit card reader that can turn smartphones and tablets into payment registers, akin to that offered by U.S.-based Square Inc (SQ.N), the company founded by Twitter (TWTR.N) Chief Executive Officer Jack Dorsey.

A logo of the iZettle company is pictured in the headquarters in Stockholm, Sweden, August 12, 2016. Picture taken August 12, 2016. REUTERS/Violette Goarant

Stockholm-based iZettle is present in 11 countries and offers other services for small businesses such as lending. It had advanced plans to go public.

By joining forces with PayPal, which operates in 200 countries, iZettle will be able to accelerate its international expansion, including to the U.S., the companies said.

Since separating from online marketplace eBay (EBAY.O) in 2015, PayPal has reshaped itself from mostly processing transactions for its parent company online to offering a suite of digital payment services across the world.

These range from lending to small businesses, to facilitating money transfers between merchants and customers as well as friends and family.

Under the leadership of CEO Dan Schulman, the company has been expanding aggressively through acquisitions and partnerships with large banks and technology firms including Bank of America Corp (BAC.N), JPMorgan Chase & Co (JPM.N), Apple Inc (AAPL.O) and Facebook Inc (FB.O).

The deal will also help PayPal provide a more comprehensive suite of services to its merchants.

iZettle CEO Jacob de Greer and the company’s management team will continue to lead the business, which expects to process $6 billion in payments in 2018 and have gross revenues of $165 million.

Reporting by Anna Irrera in New York and Parikshit Mishra in Bengaluru; Editing by Sriraj Kalluvila and Chris Reese

Apple CEO Tim Cook Says Apple Music Has Over 50 Million Users

Apple CEO Tim Cook said that Apple Music has more than 50 million users.

The Apple (aapl) executive made his comments this week in an interview with Bloomberg Television and said that the 50 million number includes users with paid subscriptions and free trials.

In April, Variety reported that Apple Music had 40 million paid subscribers in 115 countries, with 8 million people signed up for free trials of the company’s online music streaming service.

Apple has been heavily promoting Apple Music as it continues to push hard into augmenting its core iPhone and Mac computer business with different software services. The company’s “services business,” which includes Apple Music and the App Store, grew 31% year-over-year to $9.1 billion during the company’s latest quarter.

Meanwhile, Apple faces competition from rivals like Spotify. Spotify (spot) said in early May that it has 75 million paid subscribers out of a total of 170 million monthly active users. Apple does not have a free version of its music service like Spotify.

Get Data Sheet, Fortune’s technology newsletter.

Other companies investing in online music streaming services include Amazon (amzn), Google (goog), and the French firm Deezer.

Uber, Lyft scrap mandatory arbitration for sexual assault claims

(Reuters) – Ride-hailing companies Uber Technologies Inc [UBER.UL] and Lyft Inc scrapped mandatory arbitration to settle sexual harassment or assault claims, giving victims several options to pursue their claims including public lawsuits.

Uber’s decision on Tuesday comes after several high-profile scandals and is a step in the right direction, according to several legal experts, but does not address class action lawsuits.

Chief Executive Officer Dara Khosrowshahi has unveiled a series of safety measures to restore Uber’s brand and image since taking the top job last August.

Victims were previously required to enter into confidentiality agreements as part of arbitration to settle claims, which prevented them from speaking publicly about the facts surrounding any sexual assault or harassment.

They can now settle claims through mediation, where they can choose confidentiality; in arbitration, where they can choose to maintain their privacy while pursuing their case; or in court, Uber said in a blog post.

“We commit to publishing a safety transparency report that will include data on sexual assaults and other incidents that occur on the Uber platform,” Uber’s chief legal officer, Tony West, wrote in the blog here

“So moving forward, survivors will be free to choose to resolve their individual claims in the venue they prefer.”

Lyft also removed the confidentiality requirement for sexual assault victims and ended mandatory arbitration for individuals. “This policy extends to passengers, drivers and Lyft employees,” it said.

Jeanne Christensen, a lawyer at Wigdor LLP who has been handling sexual harassment cases against Uber, agreed with the ride-hailing company’s move.

“It’s one step toward making a change, but just bringing the issue into the open doesn’t solve the problem,” Christensen told Reuters.

Uber did not provide details on the number of sexual harassment cases that are pending or have been settled, but when contacted by Reuters it said it will not revisit past cases that have been settled through the confidentiality agreement.

Uber became the second major company to end forced arbitration clauses, after Microsoft Corp said here in December victims would no longer need to settle cases privately.

“It is a move in the right direction but the problem is the arbitration agreement prevents class action lawsuit which is essential for a policy change,” said Veena Dubal, associate professor of law at the University of California, Hastings.

Uber is currently facing a class action lawsuit in the United States for poor driver vetting that has led to a series of sexual harassment incidents, including rape.

FILE PHOTO: The logo of Uber is pictured during the presentation of their new security measures in Mexico City, Mexico April 10, 2018. REUTERS/Ginnette Riquelme/File Photo

Reporting by Arjun Panchadar and Laharee Chatterjee and Anirban Paul in Bengaluru; Editing by Bernard Orr and Saumyadeb Chakrabarty

Popular encrypted email standards are unsafe: researchers

FRANKFURT (Reuters) – European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately.

FILE PHOTO: WhatsApp and Facebook messenger icons are seen on an iPhone in Manchester , Britain March 27, 2017. REUTERS/Phil Noble -/File Photo

University researchers from Muenster and Bochum in Germany, and Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular email applications such as Microsoft Outlook and Apple Mail.

“There are currently no reliable fixes for the vulnerability,” lead researcher Sebastian Schinzel, professor of applied cryptography at the Muenster University of Applied Sciences, said on Monday.

“If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”

The team had been due to publish its full findings on Tuesday but rushed them out after the news made waves among the community of encrypted email users that includes activists, whistleblowers and journalists working in hostile environments.

Titling the exploit ‘Efail’, they wrote that they had found two ways in which hackers could effectively coerce an email client into sending the full plaintext of messages to the attacker.

There’s no immediate suggestion that spy agencies or state-sponsored hackers have already used the technique to burrow into people’s emails.

The researchers have informed email providers of their findings, under so-called responsible disclosure, and it now falls to others to establish whether the exploits can be replicated.

DIRECT EXFILTRATION

In the first exploit, hackers can ‘exfiltrate’ emails in plaintext by exploiting a weakness inherent in Hypertext Markup Language (HTML), which is used in web design and in formatting emails.

Apple Mail, iOS Mail and Mozilla Thunderbird are all vulnerable to direct exfiltration, they said.

A second attack takes advantage of flaws in OpenPGP and S/MIME to inject malicious text that in turn makes it possible to steal the plaintext of encrypted emails.

The vulnerabilities in PGP and S/MIME standards pose an immediate risk to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a U.S. digital rights group.

In a blog post, the EFF recommended that PGP users uninstall or disable their PGP email plug-ins while the research community evaluates the seriousness of the flaws reported by the European research team.

It also said that users should switch for the time being to non-email-based secure messaging apps such as Signal for sensitive communications.

Germany’s Federal Office for Information Security (BSI) said in a statement there were risks that attackers could secure access to emails in plaintext once the recipient had decrypted them.

It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.

“Securely encrypted email remains an important and suitable means of increasing information security,” it said in a statement, adding that the flaws which have been discovered can be remedied through patches and proper use.

PGP – short for Pretty Good Privacy – was invented back in 1991 by Phil Zimmermann and has long been viewed as a secure form of end-to-end encryption impossible for outsiders to access. Zimmermann is co-founder and chief scientist of Silent Circle, an encrypted communications firm.

PGP has in the past been endorsed, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russia.

PGP works using an algorithm to generate a ‘hash’, or mathematical summary, of a user’s name and other information. This is then encrypted with the sender’s private ‘key’ and decrypted by the receiver using a separate public key.

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.

It advised users to disable the use of active content, such as HTML code and outside links, and to secure their email servers against external access.

Editing by Matthew Mpoke Bigg

Electrified roads: Swedish project could slash cost of electric vehicles

OSLO (Reuters) – An electrified road in Sweden that is the first in the world to charge vehicles as they drive along is showing promise and could potentially help cut the high cost of electric cars, project backers Vattenfall [VATN.UL] and Elways told Reuters.

The state-funded project, named eRoadArlanda and costing about 50 million crowns ($5.82 million), uses a modified electric truck that moves cargo from Stockholm’s Arlanda airport to Postnord’s nearby logistics hub to test the technology.

A electrified rail embedded in the tarmac of the 2-km-long (1.24 miles) road charges the truck automatically as it travels above it. A movable arm attached to the truck detects the rail’s location in the road, and charging stops when the vehicle is overtaking or coming to a halt.

The system also calculates the vehicle’s energy consumption, which enables electricity costs to be debited per vehicle and user.

Elways’ chief executive Gunnar Asplund said the charging while driving would mean electric cars no longer need big batteries — which can be half the cost of an electric car — to ensure they have enough power to travel a useful distance.

“The technology offers infinite range — range anxiety disappears” he said. “Electrified roads will allow smaller batteries and can make electric cars even cheaper than fossil fuel ones.”

Asplund said the Swedish state, which is funding the project, was happy with the results so far, with the only issue — now resolved — having been dirt accumulating on the rail.

Elways has patented the electric rail technology and is part of a Swedish consortium backing the eRoadArlanda project that also includes infrastructure company NCC and utility Vattenfall, which provides power from the national grid to the rail.

“Such roads will allow (electric vehicles) to move long distances without big, costly and heavy batteries,” said Markus Fischer, a Vattenfall spokesman, adding that installing the arm in new cars would be cheaper than retrofitting current models.

Vattenfall said in a statement electrified roads could reduce carbon dioxide emissions from lorries, which account for about 25 percent of total road traffic emissions.

“The investment cost per kilometer is estimated to be less than that of using overhead lines, as is the impact on the landscape,” it added.

Testing at eRoadArlanda started in April and will last at least 12 months so that the electric truck can use it under different weather conditions.

Editing by Catherine Evans

In concession, Trump says will help China's ZTE 'get back into business'

WASHINGTON (Reuters) – U.S. President Donald Trump said in a tweet on Sunday that he has asked the Commerce Department to help Chinese technology company ZTE Corp “get back into business, fast,” a concession to Beijing ahead of high-stakes trade talks that will take place this week.

FILE PHOTO: A ZTE smart phone is pictured in this illustration taken April 17, 2018. REUTERS/Carlo Allegri/Illustration/File Photo

ZTE, one of the world’s largest telecom equipment makers, suspended its main operations after the U.S. Commerce Department banned American supplies to its business for seven years.

Trump’s offer to help comes as Chinese and U.S. officials prepare for talks in Washington with China’s top trade official Liu He to resolve an escalating trade dispute between the world’s two largest economies.

In trade talks in Beijing earlier this month, China asked the United States to ease crushing sanctions on ZTE, according to people with knowledge of the matter.

Trump’s reversal could have a significant impact on shares of American optical components makers such as Acacia Communications Inc and Oclaro Inc which saw their stock prices fall when U.S. companies were banned from exporting goods to ZTE.

ZTE paid over $2.3 billion to 211 U.S. exporters in 2017, a senior ZTE official said on Friday.

“Too many jobs in China lost. Commerce Department has been instructed to get it done!” Trump wrote on Twitter, saying he is working with Chinese President Xi Jinping on a solution.

The U.S. government launched an investigation into ZTE after Reuters reported in 2012 the company had signed contracts to ship millions of dollars’ worth of hardware and software from some of the best known U.S. technology companies to Iran. (Reuters report that exposed the practice: reut.rs/2GbpCmO)

ZTE pleaded guilty last year to conspiring to violate U.S. sanctions by illegally shipping U.S. goods and technology to Iran and entered into an agreement with the U.S. government. The ban is the result of ZTE’s failure to comply with that agreement, the Commerce Department said.

The ban came two months after two Republican senators introduced legislation to block the U.S. government from buying or leasing telecommunications equipment from ZTE or Huawei [HWT.UL], citing concern the companies would use their access to spy on U.S. officials.

ZTE relies on U.S. companies such as Qualcomm Inc and Intel Corp and American companies are estimated to provide 25 percent to 30 percent of the components used in ZTE’s equipment, which includes smartphones and gear to build telecommunications networks.

The Commerce Department did not immediately respond to a request for comment on Sunday.

Republican Representative Robert Pittenger, a sponsor of legislation that would strengthen the U.S. national security review process for foreign investment, said after the Commerce ban was announced that the United States “must be vigilant against Chinese threats to both our economic security and national security.”

Experts said Trump’s policy reversal was unprecedented.

“This is a fascinating development in a highly unusual case that has gone from a sanctions and export control case to a geopolitical one,” said Washington lawyer Douglas Jacobson, who represents some of ZTE’s suppliers.

“There’s no legal mechanism for this. How this will play out remains to be seen. They are not simply going to be able to resume business as usual,” he said.

ZTE suppliers including Acacia, Oclaro, Lumentum Holdings Inc, Finisar Corp, Inphi Corp and Fabrinet, all fell sharply after the ban was announced.

Shares of Acacia, which got 30 percent of its total revenue in 2017 from ZTE, hit a record low after the ban was announced. Oclaro, which earned 18 percent of its fiscal 2017 revenue from ZTE, fell 17 percent.

Reporting by Valerie Volcovici, Karen Freifield and Chris Sanders; Editing by Lisa Shumaker

Hidden Alexa Commands, Cell Phone Tracking, and More Security News This Week

This week, the United States officially backed out of the Iran nuclear deal. The geopolitical reverberations should continue to play out in a variety of fields, but make sure you count cybersecurity among them. Iran targeted the US frequently—particularly financial institutions before the deal went into place. Security experts warn that with the agreement no longer in place, the barrage could begin again. So, look out for that!

We also took a look at facial recognition technology. Law enforcement around the world uses it more than ever, but picking out a single face out of a crowd of 60,000 feels downright dystopian—as does wrongly identifying several thousand people as potential criminals. It’s off-putting at either extreme, which seems like a decent argument to slow down its deployment.

Microsoft, meanwhile, has introduced JavaScript to Excel, which makes security researchers as anxious as it delights hackers and phishers. Speaking of which, your Facebook and Twitter accounts are vulnerable. Here’s how to lock them down once and for all.

And this isn’t security, specifically, but if, hypothetically, Donald Trump had bought up so many properties in cash as part of an elaborate money laundering scheme? Here’s how that would work.

And there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Researchers Send Secret Commands to Voice Assistants

You know how dogs can hear noises you can’t? Guess what! So can Alexa and Google Assistant and Siri. And while research along those lines has been fomenting for the last several years, a team from UC-Berkeley this month demonstrated that they can hide voice-assistant commands not just in white noise, but behind actual voices or music. It’s not a hack that appears to have hit the wild yet, but there’s every reason to expect that it will eventually. And given the amount that we offload to voice assistants—purchases, door locks, and more—that could have serious consequences.

Signal’s “Disappearing Messages” Don’t Always Disappear on Macs

Signal remains our pick for the best encrypted messaging service. But those who use its desktop client with the default settings may have inadvertently stored those messages indefinitely on their Mac’s notification bar, even if they had been set to self-destruct. Not ideal! On Thursday, Signal pushed an update that should fix the issue, but just to be safe, any desktop Signal users should do what they can to triple check that messages they thought were gone forever really are.

The Ring Video Doorbell Had a Major Security Oversight

On the one hand, a video doorbell helps you increase your personal security, keeping close tabs on who’s coming and who’s going. On the other hand, yikes! Popular model Ring, recently acquired by Amazon, until recently wouldn’t log users out of its app after the password changed. That meant that if you switched up your authentication to, say, deny access to an ex, they could still essentially spy on your front door. (In fact, that’s precisely what happened in an incident outlined by The Information.) Ring says it updated the app in January such that everyone has to log back in now after a password reset, but even now it doesn’t take effect for several hours.

A Service Can Track Nearly Any Cell Phone in the US

As if Facebook didn’t give you enough surveillance hassles lately, The New York Times takes a look at a company called Securus, which advertises the ability to track nearly any cell phone in the US within seconds. They’re able to do so because carriers regularly sell access to location services to third parties with no customer consent and little oversight. Meanwhile, not every state even requires a warrant to gather location data, which all ads up to a pretty nightmarish scenario of being snooped on without any knowledge—or any way to prevent it.

Uber's Flying Cars, Tesla's Troubles, and More Car News This Week

Transportation is a world full of visionaries: big ideas gone even bigger. It attracts world shakers (and breakers) like Grimes’ Boyfriend, Travis Kalanick, and Mark Moore, a 30-year NASA veteran who decamped last year for Uber’s new flying car project. There are lots of fanciful renderings and prototypes, lots of pulled-off covers and pointing of spotlights. But there’s a lot of busted dreams too. Plans that run out of money, petering out and puttering toward death. Collectors who come calling. Cars that crash and kill.

Which is all to say: It was a mixed bag of a week. Senior writer Jack Stewart covered the two-day bonanza that was Uber’s second-annual, and completely serious, flying car summit. Editor Alex Davies took a close look at startup Drive.ai’s upcoming self-driving shuttle launch in unlikely Frisco, Texas. Fun stuff! But ugly stuff too: Tesla’s investor insurrection, thanks (in part) to Grimes’ Boyfriend’s indelicate earnings call comments. A Waymo crash in Arizona that doesn’t appear to have anything to do with self-driving tech but had really unfortunate timing anyway. And a jump in pedestrian deaths—which we’ll need much more than autonomous vehicles to prevent.

Let’s get you caught up.

Headlines

Stories you might have missed from WIRED this week

  • Uber wants to play middleman in the flying car future, slinging app-ordered rides that take riders smoothly from A to B as the fools in ground-bound vehicles sit in traffic below. But that doesn’t mean it won’t have a hand in the flying car design. This week, the ride-hailing giant turned transportation-everything unveiled an all-electric VTOL concept, and reiterated its commitment to an ambitious timeline: commercial flights by 2022.

  • Last week’s Tesla fireworks continue, with an activist investor now pushing the electric carmaker’s shareholders to banish three of its nine board members in favor of folks with relevant manufacturing expertise. One way Grimes’ Boyfriend could kill the insurrection? By making more cars.

  • In more Tesla news: The National Highway Traffic Safety Administration clarified that the carmaker, and not the federal agency, came up with a much-cited Autopilot safety statistic. Which meant it was a good time for me to ask: How much do we know about Autopilot’s safety record, anyway?

  • Late last week, a Waymo minivan being driven by a human got seriously banged up by an out-of-control Honda driver. Police in Chandler, Arizona, determined the Waymo vehicle wasn’t at fault, but the scary photos of the banged-up Chrysler Pacifica were spookily reminiscent of this spring’s fatal Uber crash.

  • Yeehaw! Alex explores Drive.ai’s plans to launch a self-driving shuttle service in the Lone Star State, and why geofenced and limited shuttle routes just might be lots of Americans’ first experiences with autonomous vehicles.

  • Heck naw! Contributor Nick Stockton tries to get to the bottom of why Nashville, Tennessee, voters soundly rejected an ambitious transit revamp meant to improve transportation in the traffic-choked city.

  • The Insurance Institute for Highway Safety released a disturbing study on pedestrian deaths, finding fatalities jumped by 46 percent between 2009 and 2016. Some say autonomous vehicles will solve all our road safety problems, but the tech has a ways to go. I explore another option: getting much smarter about road design. ADDLINK

  • Alex finds out everything (really, everything) you have ever wanted to know about engineering a luxury convertible roof.

  • You should read contributor Eric Adams’ spec analysis before plopping down $325,000 and spitting in the face of the proletariat to buy Rolls-Royce’s Cullinan SUV.

Glorious Chrome Extension of the Week

I love a good celebrity gossip-automotive crossover story, and we got one in spades when Tesla’s CEO showed up to the Met Gala with Canadian musician and artist Grimes. The meme-ers went wild, I went wild, and someone created a Chrome browser extension that replaces “Grimes’ Boyfriend” with “Grimes’ Boyfriend”. OK, maybe I’ve had it turned on all day.

Required Reading

News from elsewhere on the internet

In the Rearview

Essential stories from WIRED’s canonRogue CEOs: good or bad? Once you’ve gotten your fill of Grimes’ Boyfriend, check out this 2012 WIRED meditation on the granddaddy of polarizing tech leaders, Steve Jobs.

Deciding Whether To Fear or Celebrate Google’s Mind-Blowing AI Demo

This article first appeared in Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.

Are there imaginable digital computers which would do well in the imitation game?

Good morning. Aaron in for Adam, contemplating computer scientist and mathematician Alan Turing’s famous conjecture to test whether a machine could think.

The wow factor was quite high, maybe off the charts, this week when Google (googl) debuted recordings of its Duplex AI app making phone calls and conversing with regular people at restaurants and a nail salon. Duplex sounded amazingly human, smoothly navigating the minor inconveniences of booking appointments and even uttering the occasional “um” and “mmhm” to make sure the person on the other end knew it was still there. It sure seemed like Duplex had aced the “imitation game.”

But somewhere between the “um” and the “mhmm,” the creepiness factor started to rise and people began to imagine how this creation could be used for ill. Would robocallers, scam artists, and hackers start employing Duplex the better to dupe unwitting consumers? Would interactions with workers in the service industry be further dehumanized? Was the service just the latest “invasive” and “infantilizing” development from the clueless coders of Silicon Valley?

Most of the concerns revolved around how Duplex works and how it will be used. Most could also apply to virtually any AI app intended to interact with humans. Perhaps a deeper question, then, is how should society regulate the coming wave of artificial intelligence, if at all. Will we rely on self regulation by industry, as we have in so many other areas? Perhaps just a further evolution of Isaac Asimov’s Three Laws of Robotics is required? Or should laws be passed setting out acceptable and unacceptable AI practices?

Whatever choices are made, they should be made intentionally and with serious consideration. We are almost 20 years out from Harvard Professor Larry Lessig’s groundbreaking essay “Code Is Law,” and it still feels like one of the most important texts guiding us into the future.

Our choice is not between “regulation” and “no regulation.” The code regulates. It implements values, or not. It enables freedoms, or disables them. It protects privacy, or promotes monitoring. People choose how the code does these things. People write the code. Thus the choice is not whether people will decide how cyberspace regulates. People—coders—will. The only choice is whether we collectively will have a role in their choice—and thus in determining how these values regulate—or whether collectively we will allow the coders to select our values for us.

Let us know what you think of the debate.

Undetectable Commands for Apple’s Siri and Amazon’s Alexa Raise Serious Security Risks

Researchers in the U.S. and China have discovered ways to send hidden commands to digital assistants—including Apple’s Siri, Amazon’s Alexa, and Google’s Assistant—that could have massive security implications.

In laboratory settings, researchers have been able to activate and issue orders to the systems via means that are undetectable to the human ear, according to a new report in The New York Times. That could, conceivably, allow hackers to use the systems to unlock smart locks, access users’ bank accounts, or access all sorts of personal information.

A new paper out of the University of California, Berkeley said inaudible commands could be imbedded into music or spoken text. While at present this is strictly an academic exercise, researchers at the university say it’s foolish to assume hackers won’t discover the same methods as well.

“My assumption is that the malicious people already employ people to do what I do,” said Nicholas Carlini, a fifth-year Ph.D. student in computer security at U.C. Berkeley and one of the paper’s authors.

Last year, researchers at Princeton University and China’s Zhejiang University also found voice-activated devices could be issued orders using inaudible frequencies. Chinese researchers called the technique DolphinAttack.

Amazon told The New York Times it has taken steps to ensure its speaker is secure. Google said its platform has features that mitigate such commands. And Apple noted an iPhone or iPad must be unlocked before Siri will open an app.

Still, there are several examples of companies taking advantage of weaknesses in the devices, from Burger King’s Google Home commercial to South Park‘s stunt with Alexa.

And the number of devices in consumers’ homes is on the rise. Digital assistants have been among the hottest gifts of the past two holiday seasons. And Amazon, alone, is expected to sell $10 billion worth of the devices by 2020.

Walmart acquiring India's Flipkart, says SoftBank's Son

MUMBAI/NEW YORK (Reuters) – Walmart Inc (WMT.N) has agreed to pay $16 billion for a roughly 77 percent stake in Indian online shopping site Flipkart, the U.S. retailer’s biggest foreign investment as it battles rival Amazon.com Inc (AMZN.O) in one of the world’s biggest emerging markets.

FILE PHOTO: The logo of India’s e-commerce firm Flipkart is seen on the company’s office in Bengaluru, India April 12, 2018. REUTERS/Abhishek N. Chinnappa/File Photo

The deal, capping almost two years of talks, will help the Bentonville, Arkansas-based retailer fortify and boost market share against Amazon.com, which reportedly had tried to make a competing offer for a stake.

“India is one of the most attractive retail markets in the world, given its size and growth rate, and our investment is an opportunity to partner with the company that is leading transformation of e-commerce in the market,” Doug McMillon, Walmart’s Chief Executive Officer, said in a statement on Wednesday.

The Walmart logo is displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., May 1, 2018. REUTERS/Brendan McDermid

Buying a stake in Flipkart, which sells everything from soaps to smartphones and from books to clothes, gives Walmart access to the fledgling Indian e-commerce market that could potentially be worth $200 billion in a decade, according to Morgan Stanley.

Walmart said it plans to fund the deal through a combination of newly-issued debt and cash on hand.

Walmart warned that it expects the deal to hit its fiscal 2019 earnings per share by 25 cents to 30 cents, if the deal closes as expected before the end of the second quarter.

The remainder of the business will be held by some of Flipkart’s existing shareholders, including Flipkart co-founder Binny Bansal, China’s Tencent Holdings Ltd (0700.HK), Tiger Global Management LLC and Microsoft Corp (MSFT.O), the company said.

Earlier on Wednesday, SoftBank (9984.T) Chief Executive Officer Masayoshi Son unexpectedly spilled the beans on the deal by confirming on a conference call that Walmart had decided to purchase Flipkart, ahead of the highly-anticipated official announcement.

Son said his firm’s investment in the Indian online retailer had grown to $4 billion. SoftBank’s Vision Fund, the world’s biggest private equity fund, had invested $2.5 billion in Flipkart last August.

Sources have previously told Reuters that SoftBank would sell all its shares in Flipkart to Walmart.

Additional reporting by Sam Nussey; Editing by Patrick Graham, Bernard Orr

Cyber security firm Avast poised to list at 250 pence at bottom of price range

LONDON (Reuters) – Private equity-backed cyber security firm Avast [IPO-AVAS.L] is set to price its initial public offering at 250 pence a share, a bookrunner source on the deal said on Wednesday, at the bottom of a 250-270 pence price range set earlier.

The logo of Avast Software company is seen at its headquarters in Prague, Czech Republic, April 12, 2018. REUTERS/David W Cerny

The company aims to sell around 25 percent of its stock and raise up to $200 million in proceeds in what is expected to be one of Britain’s biggest ever technology IPOs.

Based on the latest price guidance, Avast would achieve a market capitalization of 2.5 billion pounds upon listing.

The market admission will take place on Thursday, one of the bookrunners said, adding that books for the offering have been covered multiple times.

Avast is 46 percent-owned by its founders, Czech entrepreneurs Pavel Baudis and Eduard Kucera. CVC Capital Partners [CVC.UL] has a 29 percent stake, with Summit Partners holding 7 percent.

The security software services provider had already planned a U.S. IPO in 2012 before backtracking citing market conditions.

The listing is expected to be the biggest by market capitalization in London since July when the flotation of Russian gold company Polyus gave it a 6.3 billion pound market value.

In 2017, Avast’s adjusted revenue was $780 million and adjusted cash earnings before interest, tax, depreciation and amortization (EBITDA) was $451 million.

With net debt of around $1.35 billion, the enterprise value of the company could be up to $5.9 billion after the offering.

($1 = 0.7399 pounds)

Reporting by Clara Denina, editing by Sinead Cruise and Jane Merriman