How WIRED Lost $100,000 in Bitcoin

Back in 2013, when you could still mine bitcoins at home, WIRED was sent a small, sleek mining device manufactured by the now-defunct Butterfly Labs. We turned on the Roku-looking machine in our San Francisco offices and allowed it to do its job. A small fortune was soon amassed, now worth around $100,000. Then, we lost the money. Forever.

Here’s what happened to WIRED’s 13 Bitcoins—and to the millions of others that have faced the same fate.

Stefan Antonowicz, WIRED’s then-head of engineering, set up the miner. Robert McMillan, a former senior writer for WIRED (who now works at The Wall Street Journal), then wrote about it. “When we received that Butterfly miner, we had a new ethical question: What do you do with the proceeds of a review device that essentially prints money?” says McMillan.

First, it’s probably worth explaining how WIRED accrued its six-figure Bitcoin fortune. While fiat currencies, like the dollar, rely on banks and government regulators, Bitcoin runs on a peer-to-peer network monitored by an army of volunteer miners that run specialized software. Every 10 minutes, all the miners in the network race to solve a series of complex cryptographic math problems. The computers that win are awarded a slice of 12.5 new bitcoins. (That number halves every four years; it was 25 when we got our miner.) Usually, the fastest computers in the network solve the problems first.

Over time, the puzzles have gotten harder, leading to a kind of computing-power arms race. Back when Bitcoin first launched, it was possible to mine coins using an everyday computer. These days, you’ll need specialized hardware significantly more powerful than the Butterfly Labs miner WIRED had. Currently, there are about 17 million bitcoins in existence; by 2020, all 21 million planned Bitcoins will have been mined. You can learn more about the process in our Guide to Bitcoin.)

WIRED’s miner essentially won the Bitcoin math lottery a couple of times, allowing it to generate a little over 13 coins into the network. Then, the staff had to figure out what to do with them. “We had a very long conversation, over several weeks, about what to do with the money,” says Michael Calore, a senior editor at WIRED who has been at the magazine since 2006. Some staff members argued the Bitcoin should be donated, or set aside for a charitable purpose in the future. Others said it had to be destroyed permanently. What was agreed upon was that the money shouldn’t just sit there, because it could influence how the magazine reported on cryptocurrencies.

“I said we had to dump it and donate the money to charity soonest or we wouldn’t be able to cover Bitcoin,” says Adam Rogers, a deputy editor at WIRED. “We had to disclose it in every story.” Eventually, it was decided that the private key, which unlocks the Bitcoin wallet and allows the funds to be spent, should be destroyed.

“We talked about donating it to a journalism institution, or setting it aside as a scholarship. But we decided that if we gained any benefit from it at all, it would color our future coverage of bitcoin,” says Calore. “So we just destroyed the key, knowing full well that it could eventually be worth six or seven figures.” McMillan then posted a story announcing the key had been ripped to pieces.

Throwing Away the Key

To deal in bitcoin, you need at least two different keys, one public and one private (newer security protocols allow you to add more private keys). Together, the combination of codes lets you trade Bitcoin without an intermediary like a bank. You can look up WIRED’s public key to send us money, and then in theory, we could use our private key to access those funds—had we not destroyed it. It’s extremely unlikely we could successfully guess the code: it’s 64 digits long and no one remembers what it was.

No additional copies of the private key exist, at least according to the people who were there. “I didn’t make a copy of the paper, or commit the 64 characters on it to memory,” says Antonowicz, the technologist who set up the miner. The good news is that if someone did move the coins, the transaction would be public, allowing WIRED to see where they traveled to. In fact, you too can check out WIRED’s lost Bitcoins right here.

In theory, we might be able to recover the Bitcoin wallet from the hard drive where it was stored, but even that wouldn’t be much help. “There might have been a way to forensically recover the wallet—with the encrypted key—from my hard drive, but I shredded that particular drive years ago,” says Antonowicz.

Plus, even if the wallet was resurrected, it’s encrypted. Breaking that protection via brute force would take an unimaginable amount of time. There are three times more possible combinations than there are atoms in the observable universe, by Antonowicz’s count.

“Originally I was going to say that the closest metaphor I have is that we dropped a car key somewhere in the Atlantic, but I think it’s closer for me to say we dropped the key somewhere between here and the Alpha Centauri,” says Antonowicz.

Recovering our bitcoins is essentially like trying to recover a photo album on a lost computer. Except not only did you get rid of the hard drive, you also protected the album in an encrypted folder with a 64-digit passcode that you threw away.

Still, we wanted to make sure there was absolutely no way to get the bitcoins back. WIRED’s editor-in-chief, Nicholas Thompson, suggested that if we were able to recover the funds, they might go toward hiring a full-time cryptocurrency reporter. I reached out to the founder of Butterfly Labs, who didn’t respond. I also contacted Mark Frauenfelder, a writer and the author of a WIRED article about how he recovered $30,000 worth of Bitcoin. He agrees we’re screwed.

“If you lost your private keys I think it’s game over,” he says. I also looked into a service that tries to crack cryptocurrency wallets via sheer brute force. But their services would be no help, since we don’t have access to the hard drive itself. It looks like WIRED really did lose the money forever. The good news is we’re far from alone.

Lost and Never Found

Chainalysis, a research firm that analyzes activity across different cryptocurrency markets, estimates that between 2.78 and 3.79 million, or between 17 and 23 percent of all bitcoins have been lost. That includes wallets believed to belong to Satoshi Nakamoto, the mysterious founder of Bitcoin who hasn’t touched his estimated 1 million coins since 2011.

“The number of lost coins over time will drop,” says Michael Gronager, the CEO and co-founder of Chainalysis. He argues that it’s because there’s more awareness of Bitcoin’s enduring value, even if the price wildly fluctuates. He also says that even if Satoshi were to reemerge, his activity wouldn’t significantly impact the market because he wouldn’t likely spend a large sum of Bitcoin at once.

There are several ways you can lose Bitcoin. Like WIRED, you can simply lose track of your private key or your hard drive. One of the most famous cases of this is what happened to James Howells, an IT worker in London who lost 7,500 bitcoins, or around $56 million, when his laptop was thrown away in 2013. He reportedly wants to dig through five years of trash to unearth the computer. This is the most common way to lose Bitcoin; even Elon Must tweeted that he forgot how to access a portion of a coin.

You can also lose bitcoins by running buggy code or making software mistakes, though these instances are more rare. Last year, for example, someone forgot to collect their mining reward and burned 12.5 coins. In another similar incident, someone may have accidentally swapped a processing fee with the value of the transaction, resulting in nearly 300 coins lost. One time, someone even sent 2,600 coins to an incorrectly configured address, burning them into nonexistence. All of these examples come from BlockSci, a tool developed at Princeton University for analyzing the Bitcoin blockchain.

It can be difficult to assess whether any given bitcoin is really lost for good. “It’s actually pretty difficult to say for certain. A lot of what we do is look at the big picture,” says Harry Kalodner a PhD at Princeton who helped develop BlockSci. He says part of the problem is that you can rarely determine whether someone is just holding onto their Bitcoin, or whether they’ve definitively lost access to it. Since Bitcoin isn’t controlled by any single authority, there’s no one who can simply close your account.

So what could WIRED have done, were we to do the whole thing again? Since 2013, Bitcoin has added a number of new, more sophisticated features. For one, we could have locked our coins away until a certain date. “One Bitcoin feature that’s been added is that it now supports time-locked coins, that makes them completely un-spendable until a set point in the future,” says Kalodner. Like, say, May 2018, when the editor-in-chief could really use some money to hire another reporter.


More Great WIRED Stories

*Losing Bitcoin is shockingly easy. This guy lost $30,000 worth

That Awesome Switch Keyboard Peripheral Is Finally Released This June In Japan

, I cover gaming in Japan as well the pop-culture here. Opinions expressed by Forbes Contributors are their own.

Credit: Cyber Gadget, Nintendo

The upcoming USB keyboard for the Switch.

If you remember, in the Summer of last year there was news that Cyber Gadget was working on a new keyboard peripheral for the Switch. Well, it looks like it will be finally released this June.

Originally, the plan was to release this keyboard peripheral in September of last year. However, it was delayed but it now looks like it will finally come out.

While this is not the first keyboard peripheral for the Switch, as HORI also offers its own option, it is arguably the best in terms of incorporating the Joy-Cons.

The company behind this, that of Cyber Gadget, also makes the amazing Retro Freak console and if you don’t have one of those already, then you need to correct that oversight immediately.

As for this keyboard peripheral, it weighs 250g and comes with a 1.5m USB cable. Costing 3,758 yen, it is also quite reasonably priced.

What with Nintendo’s big new online service on the way this September, there are going to be a lot more games that will need a keyboard peripheral, so the June release for this is definitely timed well.

The only thing here is that currently this keyboard peripheral will only be released in Japan. However, you can still import it via retailers such as Amazon.

Follow me on Twitter, Facebook and YouTube. I also manage Mecha Damashii and do toy reviews over at hobbylink.tv.

Read my Forbes blog here.

Facebook's Scandal And GDPR Are Creating New Opportunities For Retail

Shutterstock

Have you noticed recently how all the tech giants have quietly updated all of their privacy policies, and small updates have been pushed out to consumers via mobile and desktops? Have you caught yourself wondering why?

Facebook. GDPR. Data Breaches. Oh my. The new era of consumer data protection is upon us.

While the use of data has opened the world to exciting, positive advancements like artificial intelligence (AI), machine learning, and digital, personalized commerce, with the lack of regulation or standards for the use of data, it was just a matter of time before things got real.

Thanks to Facebook’s Cambridge Analytica scandal, and endless breaches by Uber and others, consumer data protection is likely a defining theme for 2018 and beyond. GDPR (here’s a good primer for retailers), which went into effect May 25, puts consumers back in control of their personal information – at least in Europe –  but similar changes are likely coming to the U.S. Lawmakers are aligning behind broad privacy regulations which would put Google “on the hot seat next to Zuckerberg”, according to a recent article.

Many retailers and brands – widely known for amassing enormous quantities of consumer data – are befuddled with what to do now. It’s taken years, if not decades, to apply smart analysis and tools to the data they’ve accumulated on consumer preference and behavior. For the most part, retailers and brands are using their data responsibly and producing real consumer value through greater personalization, speed and simplicity. And consumers are responding positively, leading to greater sales.

But the focus on personal data protection has changed expectations for consumers. Many are weighing whether the convenience they enjoy by sharing their data outweighs the risk and reality of its misuse. While all eyes are trained on Facebook and GDPR right now, it is just the tip of the iceberg and the retail industry must be ready to address the changing expectations of consumers.

This doesn’t have to be all bad. Like with most challenges, the industry is being presented with an opportunity – one that can result in even more authentic experiences that strengthen connections with customers.

E-Book Revenues Decrease, Again

, I write about the publishing industry and its digital innovations. Opinions expressed by Forbes Contributors are their own.
Tweet This

BARCELONA, SPAIN – APRIL 23: Atmosphere at Casa del Llibre book store during ‘Sant Jordi’ 2018 on April 23, 2018 in Barcelona, Spain. (Photo by Miquel Benitez/Getty Images)

The Association of American Publishers released its quarterly data on publisher revenue today. In the first quarter of 2018, publishers (roughly 1,100 of them represented by AAP reporting) saw a 3.2% decrease of e-book revenue when compared to the same period in 2017.

It’s a well-told story at this point, that’s often mirrored by the success of audiobooks. In the first quarter of 2018, downloaded audio revenues increased by 32.1% compared to the first quarter of 2017. Physical audio, however, declined by 3.6%–something that’s unsurprising considering the formats of physical audiobooks: CDs and tapes.

That sort of inverse relationship, between the physical and the digital, is one that was expected of the book market. As e-books improved in functionality, many in the industry expected to see interest in physical books wane. Maybe that’s because physical books smell so good, perfumers are scrambling to bottle the scent.

Google Wants To Entice Enterprises With Enhanced Kubernetes Engine

, I cover Cloud Computing, Machine Learning, and Internet of Things Opinions expressed by Forbes Contributors are their own.

Google is enhancing its cloud platform to attract customers running contemporary workloads based on containers. From Shared VPC to improved auto-scaling mechanisms, Google Kubernetes Engine supports new capabilities.

Kubernetes is fast becoming the de facto platform to run contemporary, cloud-native, microservices-based applications. With almost every major cloud provider offering a managed Kubernetes environment, there is a competition to deliver additional capabilities to customers.

Source: Sysdig

Kubernetes

As original founder and a key contributor to the open source project, Google wants to make Kubernetes the preferred platform for running containerizing applications. Apart from this, it also has a hosted Kubernetes offering in the form of Google Kubernetes Engine (GKE). Google Cloud Platform (GCP) was one of the first public clouds to offer managed Kubernetes service. Since 2015, the platform has been regularly upgraded to keep it on par with the open source project.

GKE is one of the first managed Kubernetes platforms to offer the latest version of Kubernetes, 1.10. Along with this Google has added new capabilities to GKE that differentiate it from similar offerings in the public cloud.

Here are three mechanisms that make GKE appeal to enterprises:

Shared Virtual Private Cloud

Virtual Private Cloud (VPC) enables customers to create a network topology that mimics the traditional on-premises network which comes with a demilitarized zone and a private networking zone. By creating isolated subnets, customers will be able to segregate sensitive workloads to a cordoned-off portion of the network. Internet-facing applications will run in public subnets that are exposed to the outside world. VPC design is a critical part of deployment and migration.

Page 1 / 3

Bourjois' AR Magic Mirror Eyes An Extra Prize: Facebook's Deep Links Tool

Smart (magic) mirrors aren’t all created equal. Frequently dogged by clunky tracking and visualization technologies generating virtual overlays so extreme they’d make a drag queen queasy, there’s also confusion concerning how to capitalize on the experience. Redressing that, British creative technology agency Holition has reimagined the format for French beauty brand Bourjois, creating “the world’s first blended reality mirror”: an in-store augmented reality (AR) tool that elicits a compellingly interactive bespoke physical-virtual frisson. It’s even laying the groundwork for Facebook ’s incoming deep linking shopping feature, announced at its F8 developer summit earlier this month.

Holition

Bourjois’ Blended Reality Magic Mirror (Credit: Holition).

The concept, which currently lives in Bourjois’ relaunched Paris flagship and requires physical products to trigger the AR, builds on Holition’s own 2018 research revealing a significant uptick in buying if there’s a tangible physical experience connected to the wow-factor of virtual play; 86% of consumers said they’d like in-store technology to help them visualise products on themselves pre-purchase, while 72% wanted an in-store beauty experience to be a mixture of both physical and digital elements to make it feel more real, more believable.

Using 3D sensing smart camera tech devised by American retail technologists PERCH, when a shopper picks up a lipstick the chosen shade immediately appears on their lips as an ultra-realistic reflection in the mirror. The realism is made possible thanks to Holition’s FACE software that maps what its Marketing Strategist Adriana Goldenberg describes as, “the full topography of your face”, transcending the cruder paper doll look of standard mirrors. It’s a key component in upgrading the genre; while similar ‘trigger tech’ is used elsewhere, such as the digital testing device in Japanese brand Shiseido ’s store in Ginza, Tokyo it’s only product info and application instructions that are revealed, not the nuanced contours of unique faces.

The mirror simultaneously registers skin tone – offering a bespoke smorgasbord of cosmetic combinations including blush, foundation and eye shadow that can be previewed in the mirror. Users can switch products in and out, ensuring the vibe is more personal experimentation than tech-enabled mandate. It’s a sentiment that’s echoed in the follow-up mechanism: an emailable selfie (with filter options, of course) is accompanied by the relevant product links on Bourjois’ e-commerce site to peruse later. While sales matter, the power of play is currently deemed equally useful, offering a light-touch gateway to brand exploration and a window onto how people connect with the tech.

It’s an ‘engage now, trust sales will follow’ strategy that’s also being deployed by US technologists Memomi and its American partner brand, department store Neiman Marcus. Memomi’s ‘makeover mirrors’ filmstaff applying the cosmetics, subsequently sending on high quality, voice-note-embedded video footage – essentially brief clips showing each step – by email or text. Staff can even use the mirror like a sketchpad, noting products tried, bought and preferred. The recipient simply clicks on the links attached to the video to make a purchase.

Notably, the Bourjois mirror has been designed with a subtly domestic aesthetic edge. Well, in the chicest Parisienne sense. Striving to evoke the ‘digital empathy’ Holition holds as its company credo, it resembles a bathroom mirror to suggest, says Goldenberg, “the excitement of putting on your make-up for the first time at home”. It reflects the creep of tech-boosted domestic appliances; Korean telecoms company LG U+ and Japanese tech giant Panasonic have both created smart home mirrors that can analyze users’ faces and then use machine-learnt dermatological input to suggest products and skin-enhancing tutorials. Goldenberg believes the next generation of magic retail mirrors will amplify this foray into skincare diagnostics by pushing into new ‘frenemy’ territory – i.e. offering unbiased recommendations that could see specific products from different brands paired as complementary: “Imagine for instance the mirror advising a Glossier face wash but a Laura Mercier foundation”. Projecting yet further, expect connections to users’ diaries and social media accounts that will transform the devices into highly-skilled counselling services attuned to the users’ daily movements.

With consumers becoming increasingly brand promiscuous, it’s an idea brands would be smart to embrace and is borne out by Goldenberg’s observations: “Consumers are getting sick of the PR stunts with no benefit, they want websites such as [US beauty brand] Glossier’s that are as much a forum as an e-tail site, where people buy based on what others advise”.

These 15 Companies Have the Coolest (and Weirdest) Company Perks in America

These 15 Companies Have the Coolest (and Weirdest) Company Perks in America | Inc.com

You’re about to be redirected

We notice you’re visiting us from a region where we have a local version of Inc.com.

READ THIS ARTICLE ON

or remain on inc.com

Get Inc. Straight to Your Inbox

SIGN UP FOR TODAY’S 5 MUST READS

15 Most Unusual Benefits at Inc.’s 2018 Best Workplaces

add slide

delete slide

Primo Perks

At Inc.’s 2018 Best Workplaces, health insurance and retirement plans–often with an employer match–are table stakes to be even considered for the top tier. Here’s a look at some of the more unusual benefits these companies offer. 

IMAGE: Courtesy Podium

The 1 Troubling Aspect of Elon Musk Raging at the Media

Absurdly Driven looks at the world of business with a skeptical eye and a firmly rooted tongue in cheek. 

Elon Musk is unhappy.

I know this because I follow him on Twitter and his tweets today are coursing with something that looks like rage.

Tesla’s CEO seems to believe that the media are writing unfairly about his cars, including the Model 3. 

Oh, this doesn’t bother me so much.

As it happens, friends of mine bought a Model 3 recently. They love it, save for the first five minutes of embarrassment when they realized they’d never test-driven it and had no idea how to switch it on.

Still, some members of the media are concerned, for example, that the thing Tesla calls Autopilot isn’t really an autopilot and lulls drivers into a false sense of auto-relaxation which might lead to auto-mishap.

Musk, though, thinks the media auto-overplays accidents involving his cars.

This has now led him toward threatening to create a site that examines journalists’ truthiness.

Yes, Pravda already exists, but I doubt it will sue. I fear, though, a Russian person in a bedroom somewhere might get upset and, well, you know, start messing with Teslas from afar.

But this isn’t what bothers me either.

Nor is it even his accusation that because Tesla doesn’t do paid advertising — in the conventional sense — it’s likely to get poor media coverage when compared to, say, conventional car companies that advertise seemingly all the time, everywhere, until they really do sound like the car dealers so many try to avoid.

This does seems strange. Tesla really doesn’t have to advertise because Musk and the fascinating nature of cars garner so much free publicity.

I can think of few business or tech personas who receive more favorable fawning that does Musk. And sometimes, with good reason.

He’s engaging, forward-looking, even occasionally witty.

The fact that he’s suddenly railing against his fawners still doesn’t bother me too much.

No, what bothers me is the logic in another of Musk’s Wednesday tweets, the one that represents the core of his ire.

In it, Musk bristles about being compared with a certain president who’s not fond of being subject to negative media appraisal.

My eyebrows did commit a strange shivering motion here.

You see, if no one believes the media anymore, why should Musk worry about what the media writes?

And, well, there you have it. Just a bit of auto-suggestion.

Few Rules Govern Police Use of Facial-Recognition Technology

They call Amazon the everything store—and Tuesday, the world learned about one of its lesser-known but provocative products. Police departments pay the company to use facial-recognition technology Amazon says can “identify persons of interest against a collection of millions of faces in real-time.”

More than two dozen nonprofits wrote to Amazon CEO Jeff Bezos to ask that he stop selling the technology to police, after the ACLU of Northern California revealed documents to shine light on the sales. The letter argues that the technology will inevitably be misused, accusing the company of providing “a powerful surveillance system readily available to violate rights and target communities of color.”

The revelation highlights a key question: What laws or regulations govern police use of the facial-recognition technology? The answer: more or less none.

State and federal laws generally leave police departments free to do things like search video or images collected from public cameras for particular faces, for example. Cities and local departments can set their own policies and guidelines, but even some early adopters of the technology haven’t done so.

Documents released by the ACLU show that the city of Orlando, Florida worked with Amazon to build a system that detects “persons of interest” in real-time using eight public-security cameras. “Since this is a pilot program, a policy has not been written,” a city spokesperson said, when asked whether there are formal guidelines around the system’s use.

“This is a perfect example of technology outpacing the law,” says Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation. “There are no rules.”

Amazon is not the only company operating in this wide open space. Massachusetts based MorphoTrust provides facial-recognition technology to the FBI, and also markets it to police departments. Detroit police bought similar technology from South Carolina’s Data Works Plus, for a project that looks for violent offenders in footage from gas stations.

The documents released Tuesday provide details about how Orlando, and the sheriff’s department of Oregon’s Washington County use Amazon’s facial recognition technology. Both had previously provided testimonials about the technology for the company’s cloud division.

Orlando got free consulting from Amazon to build out its project, the documents show. In a prior testimonial, Orlando’s chief of police John Mina said that the system could improve public safety and “offer operational efficiency opportunities.” However a city spokesperson told WIRED that “this is very early on and we don’t have data to support that it does or does not work.” The system hasn’t yet been used in investigations, or on imagery of members of the public.

Washington County uses Amazon’s technology to help officers search a database of 300,000 mugshots, using either a desktop computer or a specially built mobile application. Documents obtained by the ACLU also show county employees raising concerns about the security of placing mugshots into Amazon’s cloud storage, and the project being perceived as “the government getting in bed with big data.”

There’s no mention of big data in the US Constitution. It doesn’t provide much protection against facial recognition either, says Jane Bambauer, a law professor at the University of Arizona. Surveillance technology like wiretaps are covered by the Fourth Amendment protections against search and seizure, but most police interest in facial recognition is in applying it to imagery gathered lawfully in public, or to mugshots.

State laws don’t generally have much to say about police use of facial recognition, either. Illinois and Texas are unusual in having biometric privacy laws that can require companies to obtain permission before collecting and sharing data such as fingerprints and facial data, but make exceptions for law enforcement. Lynch of EFF says hearings by the House Oversight Committee last year showed some bipartisan interest in setting limits on law enforcement use of the technology, but the energy dissipated after committee chair Jason Chaffetz resigned last May.

Nicole Ozer, technology and civil liberties director at the ACLU of Northern California, says the best hope for regulating facial recognition for now is pressuring companies like Amazon, police departments, and local communities to set their own limits on use of the technology. “The law moves slowly, but a lot needs to happen here now that this dangerous surveillance is being rolled out,” she says. She says Amazon should stop providing the technology to law enforcement altogether. Police departments should set firm rules in consultation with their communities, she says. In a statement, Amazon said all its customers are bound by terms requiring they comply with the law and “be responsible.” The company does not have a specific terms of service for law enforcement customers.

Some cities have moved to limit use of surveillance. Berkeley, California, recently approved an ordinance requiring certain transparency and consultation steps when procuring or using surveillance technology, including facial recognition. The neighboring city of Oakland recently passed its own law to place oversight on local use of surveillance technology.

Washington County has drawn up guidelines for its use of facial recognition, which the department provided to WIRED. They include a requirement that officers obtain a person’s permission before taking a photo to check their identity, and that officers receive training on appropriate use of the technology before getting access to it. The guidelines also state that facial recognition may be used as investigative tool on “suspects caught on camera.” Jeff Talbot, the deputy spokesperson for the Washington County Sheriff’s Office, said the department is not using the system for “public surveillance, mass surveillance, or for real-time surveillance.”

Ozer and others would like to see more detailed rules and disclosures. They’re worried about evidence that facial recognition and analysis algorithms have been found to be less accurate for non-white faces, and not accurate at all in law enforcement situations. The FBI disclosed in 2017 that its chosen facial-recognition system only had an 85 percent chance of identifying a person within its 50 best guesses from a larger database. A system tested by South Wales Police in the UK during a soccer match last year was only 8 percent accurate.

Lynch of EFF says she believes police departments should disclose accuracy figures for their facial recognition systems, including how they perform on different ethnic groups. She also says that despite the technology’s largely unexamined adoption by local police forces, there’s reason to believe today’s free for all won’t last.

Consider the Stingray devices that many police departments began to quietly use to collect data from cellphones. Amid pressure from citizens, civic society groups, and judges, the Department of Justice and many local departments changed their policies. Some states, such as California, passed laws to protect location information. Lynch believes there could soon be a similar pushback on facial recognition. “I think there is hope,” she says.

Louise Matsakis contributed to this article.


More Great WIRED Stories

After Meltdown and Spectre, Another Scary Chip Flaw Emerges

At the beginning of the year, everyone was talking about processor vulnerabilities called “Meltdown” and “Spectre” that potentially exposed data in everything from servers and desktops to tablets and smartphones. The flaws, which impacted the chips in many popular devices, allowed hackers to inconspicuously manipulate a common efficiency technique used to speed data processing. As a result, chip manufacturers and software makers scrambled to issue patches and work out the performance sluggishness that came along with blocking the risky optimizations.

At the same time, though, a larger concern was also looming: Spectre and Meltdown represented a whole new class of attack, and researchers anticipated they would eventually discover other, similar flaws. Now, one has arrived.

On Monday, researchers from Microsoft and Google’s Project Zero disclosed a new, related vulnerability known as Speculative Store Bypass Variant 4 (Meltdown and Spectre collectively make up variants 1-3) that impacts Intel, AMD, and ARM processors. If exploited, an attacker could abuse the bug to access data that is meant to be stored out of reach. It particularly could expose certain components often used in web browsing that are meant to be isolated, for example, a JavaScript module that shows ads.

Microsoft says that the risk to users from this bug is “low,” and Intel notes that there is no evidence that the flaw is already being used by hackers. Some systems, particularly browsers, already have some protection against Speculative Store Bypass attacks just from the initial Meltdown and Spectre patches. But as was the case before, chip manufacturers and software developers are now working to release tailored fixes—and SSB raises the same types of performance problems that emerged before.

“We know that new categories of security exploits often follow a predictable lifecycle, which can include new derivatives of the original exploit,” Leslie Culbertson, Intel’s executive vice president and general manager of product assurance and security, wrote in a statement on Monday. She explains that once they are generally available, some SSB protections will be off by default, requiring users to opt into protection. “If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks.”

Modern processors use a technique called “speculative execution” to make educated guesses about what data to work with as they complete tasks instead of waiting to have perfect information about what to do. Meltdown, Spectre, and Speculative Store Bypass flaws are all part of a category of “speculative execution side channels” in which attackers can potentially take advantage of flaws in how processors protect data during this speculative processing to grab information that leaks out in various ways. Systems can rein this in through relatively simple software and firmware (lower level coordinating software) patches. But some updates need to be changes to a processor’s “microcode” that tweak the fundamental behavior of how a chip operates, and most software developers will be depending on chip manufacturers to first release microcode updates.

[embedded content]

Once companies push all the various types of updates, though, users will decide case by case whether to install them, since bypassing processing efficiencies to neuter potential attacks can also slow systems down. Some Meltdown and Spectre updates caused real problems for businesses and consumers. For SSB—which seems like it may be a less dangerous bug—some users may consider the pros and cons of patching rather than immediately moving forward.

Microsoft says it began researching SSB in November, after Spectre and Meltdown were already being researched, but before the flaws were publicly disclosed in January. In March, Microsoft also began offering a $250,000 reward for information about new variants of “speculative execution” attacks. Google’s Project Zero, Intel, and numerous other security researchers in the industry have all also been working to understand and discover other similar attacks since last year. Given how complicated it is to distribute fixes for these types of flaws, and how much of that process hinges on what manufacturers release, analysts say that the work that went into pushing patches for Meltdown and Spectre will make things a bit more streamlined when addressing the new SSB flaw.

“We all just started digging in and saying ‘that uses speculation, that uses speculation, what could be wrong there?'” says Jon Masters, chief ARM architect at the open source enterprise IT services group Red Hat, which had early access to the SSB research findings as part of industry defense collaboration. “Unfortunately but also fortunately there was a last time this happened, so as a result of Meltdown and Spectre lots of effort was put in to make sure the update process would be easier.”

Researchers also say that more time to investigate this general type of attack means there’s more confidence now that other speculative execution flaws won’t crop up all the time. And observers are relieved that today’s SSB revelation isn’t related to a more dire attack. But the danger in this class of bugs is the sheer number of devices they impact and how persistent they will be over time. Full protection can only come from replacing vulnerable equipment with new devices that contain fundamentally more secure chips. This replacement process will take years, and in the meantime lots of devices will remain exposed to these niche, but potentially effective attacks.

U.S. will lift sales ban order against China's ZTE: WSJ

BEIJING (Reuters) – The U.S. government will lift an order banning U.S. companies from selling components and software to China’s ZTE Corp (000063.SZ) (0763.HK), the Wall Street Journal reported on its Chinese microblog account, citing unnamed sources.

FILE PHOTO – Visitors pass in front of the Chinese telecoms equipment group ZTE Corp booth at the Mobile World Congress in Barcelona, Spain, February 26, 2018. REUTERS/Yves Herman/File Picture

The paper, on its official Weibo account, said ZTE will also be required to make significant changes to its management and board as part of the agreement.

Reporting by Beijing Monitoring Desk; Editing by Muralikumar Anantharaman

Using Tinder Doesn’t Lead to More Casual Sex, a New Study Says

A new study has found that Tinder and other picture-based dating apps don’t increase users’ success in pursuing casual romantic connections. That’s not because the app doesn’t work, but because people inclined to have casual sex do so at similar rates whether they’re using an app, or more old-fashioned methods.

The study, conducted by researchers at the Norwegian University of Science and Technology and highlighted by Scienceblog.com, was based on a survey of over 600 young Norwegian students—so its findings can’t necessarily be globally generalized.

But they make intuitive sense. According to the researchers, rates of casual sexual activity are determined by an individual’s level of “sociosexual orientation,” or openness to sex outside of a serious relationship. That personality trait was far more determining of their level of sexual activity than whether or not they used dating apps. In other words, those looking for flings will find them online just as easily as at the grocery store or park.

Get Data Sheet, Fortune’s technology newsletter.

Tinder got its reputation as a “hookup app” quickly after its 2012 release. That was largely thanks to its focus on user portraits in place of the detailed personal profiles used on sites like Match.com or OkCupid, and the decisive “swipe” mechanism that let users rapidly filter dozens or hundreds of prospective dates. One writer notoriously slammed the app as a sign of a “dating apocalypse” and the end of romance.

If Tinder really were about nothing but detached sex with almost-strangers, the new study would be a turnoff for the entire userbase—they might as well go outside. But it was already increasingly clear that no-strings sex isn’t what all—or even most—Tinder users are looking for.

For some—particularly women—Tinder has long been at least as much a source of entertainment as a serious way to look for romantic partners. The new study affirmed that women spent more time on dating apps, but were more discerning about swiping right. Women also used the app to boost their own self-esteem. Men were, not too surprisingly, more focused on pursuing (short-term) connections.

Which, if it doesn’t make easier, Tinder does at least make more convenient.

'Hero' United Airlines Passenger: I Almost Didn't Take That Flight

You might have seen the name Chase Irwin. He’s a Nashville restaurant manager who became a little bit Internet famous and was hailed as a hero recently, after he aggressively called out a fellow passenger on United Airlines for “body shaming” a third passenger in a text message.

The whole episode never would have happened, Irwin told me, but for a ridiculously big change fee on another airline.

He’d had been in Oklahoma City for a graduation, and his ride to the airport got him there 12 hours before his scheduled departure. Switching to an earlier flight on Delta would have cost him $900, he said. So he scrapped that and bought a ticket on United Airlines instead.

That’s what landed him in seat 15C of a United flight to Chicago, for the first leg of his trip, which had a 30 minute delay. As they sat on the tarmac, he said had a clear view of the cell phone the male passenger diagonally ahead of him, in 14B, was texting on. 

“The guy had his phone out far from his face. The font size was really big. And I saw the words, ‘sitting next to a smelly fatty,'” Irwin said. 

Then, Irwin said, he saw that the woman in 14A was crying, and looked like she was trying hard to push against the window away from the man. Irwin leaned forward and read the rest of the man’s message. 

He grew incensed. Over the next few minutes he talked with two flight attendants, and worked out a plan with them to convince the man to change seats with Irwin, so that the woman wouldn’t have to sit next to him.

Irwin, 34, who is about six feet tall and 200 pounds, told me he stood up and grabbed the shoulder of the passenger who’d been texting, who was about 5-foot-6 and “160 or 170,” and seemed to be in his 50s or 60s.

“You’re a heartless person,” Irwin remembered saying, and ordered him to switch seats. “I wasn’t quiet. I wanted people around him to see he was a jackass.”

The other passenger actually said “thank you,” perhaps not understanding the context, and Irwin said he sat next to the woman and tried to take her mind off the offensive message (which she had in fact read) for the rest of the flight. 

Based on Irwin’s account alone, it might be a bit hard to know what to make of this whole thing. The unidentified texter was impolite, but he did seem to be sending a private message. 

Meantime, Irwin used his size to act aggressively against another passenger on an airliner, with the apparent assent of the flight crew. 

However, the story only came to light because the woman passenger, Savannah Phillips, posted about it publicly afterward on Facebook—-as a way to try to find Irwin and thank him for what he’d done. That post went viral (more than 1,500 shares  so far), and commenters almost unanimously praised Irwin for his actions.

“The flight attendant kept trying to give him free drinks and told him that he was her hero,” Phillips wrote. “He wasn’t her hero–he was mine. …  I told him that he was a blessing sent to me and how thankful I was that he was there.”

By the time his connecting flight landed in Nashville, Irwin, who is general manager of a bar there called Dierks Whiskey Row, said his company’s corporate office in Arizona had seen her post and had contacted him. He and Phillips reconnected within hours.  

United Airlines told Newsweek, which reported on the whole incident: “We appreciate the efforts of the customer and would like to hear from Ms. Phillips to understand what occurred.”

23andMe Goes Global In Its Data-Mining Efforts

Yanny or Laurel—could the secret to which word you hear be in your DNA? It’s a notion someone pitched at 23andMe headquarters Thursday, during the consumer genetics outfit’s annual Genome Research Day. (Spoiler: The company is not going to roll out a survey to see if the latest meme has a genetic component.)

The event—a sort of cross between a science fair and a recruiting booth—attracted more than 100 researchers to the company’s candy cane–colored lunchroom for a day of talks, poster presentations, and most importantly, information sessions about how to work with 23andMe’s consumer data riches.

23andMe owns more than 4 million genetic profiles from customers who’ve consented to be studied, one of the biggest genetic research resources in the US. And because most of those people fill out lots of surveys, each genetic profile comes attached to about 300 phenotypic data points—like how many cigarettes you’ve smoked during your lifetime or if anyone in your family has ever been diagnosed with mild cognitive impairment.

And while the company has doubled in size over the last two years, growing rapidly to mine that data for scientific discoveries, the sheer volume is too much for it to tackle on its own. That’s why 23andMe has also been amping up its research collaborations with outside academics and nonprofit institutions with meetings like this one. As CEO Anne Wojicki told the lunchroom full of researchers, “I’ve always wanted to help scientists do what they genuinely love—analyzing data, not just collecting it. That’s how we really accelerate research forward.”

But 23andMe won’t work with just anyone. The company accepts applications for research projects twice a year and only accepts 10 percent of proposals. Here’s a hint, though, if you want to join forces with the genetic juggernaut: Come up with a project that helps 23andMe’s bottom line.

That’s the message scientists got Thursday, in a standing-room-only breakout session about how to collaborate with 23andMe. Liz Noblin, a project manager at the company, walked researchers through the selection criteria the company uses to evaluate proposals: “We’re looking for the first, the largest, the most novel,” she said. This emphasis on quality and innovativeness pretty much aligns with what scientists looking to publish in top-notch publications would be looking to do anyway. After that it’s more about what researchers can bring to 23andMe. The company is looking for projects that will grow its business—new statistical methods to extract even more information from each customer’s genetic profile, association studies to power new consumer reports, basically, anything that will make the 23andMe products—both the spit kits and its database—more valuable.

That includes people of color, who are essential to making the company’s research and products more broadly relevant. Like almost every other genetic database in the world, 23andMe is overwhelmingly white. That means that its ancestry reports vary in quality depending on the color of your skin. People of European descent get a genetic equivalent of today’s Google Maps—precise, high-res, granular. Most everyone else gets the 2011 version—blurry and incomplete. 23andMe is also working to develop drugs in its therapeutics division and with pharma clients, but if it can only look at caucasian DNA, those treatments could be less effective for non-white patients.

It’s kind of a chicken and egg problem. People of color won’t buy the kits because the results don’t tell them much, and the results won’t tell them much until more people of color have profiles in the database. So 23andMe has recently begun subsidizing research projects that could fill in those gaps.

The latest is its Populations Collaborations Program, through which the company gives researchers free genotyping and DNA analysis services and up to $10,000 to collect samples from those blurry, unsequenced places, like Mongolia, Micronesia, and pretty much all of Africa and the Middle East. In return, 23andMe gets to add all that DNA to its database. The researchers don’t have to necessarily be geneticists—the company has already had one-off collaborations with anthropologists, linguists, even the odd econometrician to add a spit-gathering component to their projects. The company has now launched a formal application process for the grants, the first of which will be awarded this summer. One of the things the company says it’s evaluating is how the people sampled will ultimately benefit from the research. That’s important to prevent the appearance that the program is merely a bioprospecting expedition to enrich 23andMe’s data stores.

But most researchers at the event were more interested in how the company’s data could jumpstart their own projects. Take Jessilyn Dunn, a Stanford post-doc who’s on her way to Duke in the fall to start her own biomedical informatics lab. She made the trip to Mountain View to see if 23andMe profiles might be a good supplement to the data she plans to collect from wearables and other connected medical devices. “It’s really exciting to be striking off on my own, but it’s also really scary,” says Dunn.

She needn’t worry: If she decides she doesn’t like academia, there’ll probably be an opportunity waiting for her back in Mountain View. When asked by a scientist in the crowd what she hoped to accomplish with the Genome Research Day, Wojicki laughed. “I mean, I don’t want to be too obvious, but is anyone here looking for a job?” No one raised their hands. But the company is hoping that a taste of that 23andMe data might change their minds.


More Great WIRED Stories

Gadget Lab Podcast: How to Make Bike Commuting Less Daunting

It’s national bike month, which means if you have the means, it’s a good opportunity to gear up (see what we did there) and ride your bike to work instead of driving. But if you’re not a regular cyclist, the whole idea can be a bit daunting; so “Bikes” Calore talks you through the essentials and tells you what you really need to get started, from helmets to bike locks to pants that have some give in the areas that matter. And if you’re looking for more high-tech options, we’ve got suggestions for you there, too, like a bike helmet you can control with your Apple Watch, the best portable Bluetooth speaker for your bike, and important things to consider when you’re considering wearables.

Some notes: You can find Mike’s full Bike Commuter Buying Guide here, which lists 14 essentials that will improve your ride.

Recommendations this week: In keeping with the biking theme, Mike recommends these elastic shoelaces; Arielle recommends the book “Private Citizens” which she is currently racing home on her bike to read (it’s that good); and Lauren’s recommendation this week is a low-tech one: try ditching your phone at dinner time, if you’re the kind of person who usually has it stuck on the table like it’s a necessary utensil. You’d be amazed at how much more fun dining with friends can be.

Send the hosts feedback on their personal Twitter feeds. Arielle Pardes is @pardesoteric, Lauren Goode is @laurengoode, and Michael Calore is @snackfight. Bling the main hotline at @GadgetLab. Our theme song is by Solar Keys.

How to Listen

You can always listen to this week’s podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here’s how:

If you’re on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts, and search for Gadget Lab. And in case you really need it, here’s the RSS feed.

If you use Android, you can find us in the Google Play Music app just by tapping here. You can also download an app like Pocket Casts or Radio Public, and search for Gadget Lab. And in case you really need it, here’s the RSS feed.

We’re also on Soundcloud, and every episode gets posted to wired.com as soon as it’s released. If you still can’t figure it out, or there’s another platform you use that we’re not on, let us know.