We’ve repeatedly noted how the Ellison family’s acquisition of Warner Brothers (after their recent acquisitions of CBS and a part of TikTok) would be very bad for a long list of reasons. The gargantuan debt load will result in unprecedented layoffs and price hikes. And the Saudi funding, and Larry’s anti-democratic interests, raise no limit of propaganda and foreign influence concerns.

It’s also worth noting that absolutely nobody in charge of this new Paramount appears to be competent.

But because our federal government is currently too corrupt to function, there’s zero real hope this merger gets blocked on the federal level. That leaves a fleeting coalition of states, who’ll likely have to band together to file a long-shot lawsuit to try and scuttle the deal.

To get out ahead of such a lawsuit, Larry Ellison’s nepobaby son David, freshly gifted not one but two giant Hollywood studios, has been making the rounds in California insisting to everyone that the merger will be great for Hollywood and for jobs. This was what he said in a response to California lawmakers about the precarious nature of the deal:

“I firmly believe that uniting Paramount and Warner Bros. Discovery presents a unique opportunity to build a true champion for the creative community, one that can and will bring more stories to life, support filmmakers and talent with real scale, and compete effectively on the global stage as an independent media leader,” Ellison said in response to a question about the merger’s impact on California and Hollywood specifically. “That is the true legacy of Hollywood, and my promise to you is to build a stronger Hollywood, by keeping both of these legacy studios operating separately, thereby preserving and potentially increasing jobs.”

None of that, to be very clear, will be happening. And outside of some (more) tax incentives thrown at the already rich, neither California Sen. Adam Schiff nor Rep. Laura Friedman (who peppered the Ellisons with some light performative questioning), can or will do anything meaningful to thwart the consolidation or hold the new, bigger company accountable for false pre-merger promises.

Any real hope rests with a handful of state AGs, and their road will be a very rocky one now that the federal government has rubber stamped the deal.

Hollywood is already rocked and reeling from COVID, previous pointless consolidation, and massive migration of production overseas. You’ve got numerous high level technically skilled production folks resorting to driving Ubers amidst historic layoffs.

Enter Warner Brothers, a company that’s been acquired four times in the last two decades, with each acquisition being more pointless and devastating than the one that preceded it. With this merger having just unprecedented levels of debt at a very precarious time for traditional TV:

“Look, there is incredible IP sitting inside of Warner Bros. Now, the flip side is, you paid a lot for it. You also leveraged up to seven times. Seven times debt to EBITDA leverage; that’s a lot of debt that you’ve got to work off over the course of the next five years. Plus, you got a lot of linear TV, and like we were just talking about earlier on the podcast, nobody’s watching linear TV. And so you spent a lot of money to get assets that are in secular decline.”

That debt does not get paid off by Larry Ellison or the Saudis, or by a massive boon in badly-automated AI batman slop.

It gets paid off by brutal layoffs, corner cutting, production cuts, and consumer price hikes. That’s not up for debate. There’s also zero indication that the kind of folks leading CBS and Paramount are any more competent than the kind of folks we saw at AT&T who loudly and repeatedly demonstrated they had no idea what they were doing.

The accumulated debt from the CBS and Warner Brothers mergers, combined with Larry Ellison’s precarious footing atop the AI bubble, combined with a potential economic collapse at the hands of our bumbling kakistocracy, together form a super unstable cocktail that could result in this merger being one of the more disastrous “business” exercises conceived by modern man.

Every single time Warner Brothers changes hands the press and public are peppered with claims that this will unleash vast new innovation and jobs, and every single time that winds up being a lie. Anybody claiming this time will magically be different is either lying or not particularly bright.

All the way back in August of 2025, RFK Jr. made the extraordinary decision to fire his own CDC Director, Susan Monarez, after only a few weeks on the job. Kennedy claimed at the time that he fired Monarez because she told him affirmatively that she wasn’t trustworthy. That was obviously laughable and Monarez herself disputed that, saying she was instead fired for not agreeing to rubber stamp everything that came out of Kennedy’s remade version of ACIP and for daring to talk to members of Congress about the goings on at CDC. One of those stories is much more believable than the other.

Regardless, she was fired and replaced as Director of CDC by… nobody. Nobody Senate-confirmed into a permanent role, at least. And it turns out there is a time limit for how long the role could remain vacant, which Kennedy and the Trump administration have now blown past.

According to federal law, there’s a 210-day limit on a Senate-confirmed position being filled by someone in an acting capacity. The clock started when anti-vaccine Health Secretary Robert F. Kennedy Jr. fired Susan Monarez from her Senate-confirmed role as CDC director in late August—allegedly after she refused to rubber-stamp changes to CDC vaccine recommendations. Until yesterday, Jay Bhattacharya, who heads the National Institutes of Health, had stepped in to also be the acting director of the CDC. But he can no longer hold the position officially.

It’s not that Kennedy doesn’t want a CDC Director. It just appears he’s having trouble finding one that wants to take the job and is willing to be his sycophant. I’ll remind you all that the country currently has a measles outbreak problem on its hands and having the role of CDC Director vacant at such a time is mountains of stupid. The CDC itself isn’t publicly commenting on why the role has been so difficult to fill, but it’s fairly obvious to this writer.

Who could possibly see all of the chaos at CDC, the strong-arming of staff there to bend to Kennedy’s wishes, the quick exits and resignations of top talent, and say, “Sure, sign me up to manage that.”?

So far, Kennedy seems to be struggling with the search. According to reporting from The Washington Post, sources close to the matter said the goal was to name a nominee before the deadline Wednesday, but Kennedy was unable to do so. Sources said around half a dozen people were being seriously considered for the role.

A spokesperson said only that Kennedy and Chris Klomp, the operational leader of HHS and a close advisor to Kennedy, “are working with the White House on the CDC director search by evaluating candidates that can further the Trump administration’s objective of restoring the CDC to its original mission of fighting infectious disease.”

Good luck and Godspeed. The last nomination of Kennedy’s hasn’t been going all that well, with his Surgeon General pick languishing in limbo over her lack of qualifications for the position combined with a disastrous performance in confirmation hearings.

One of the chief duties of a Secretary-level administrator in government is to fill lower roles with good people. If Kennedy can’t even do that, then what’s the point of keeping him in place?

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Martha Gellhorn stowed away on a hospital ship to become the only woman journalist to land on Normandy Beach on D-Day. She carried stretchers before writing her harrowing account of the invasion.

The New Yorker’s famously epicurean writer A.J. Liebling subsisted on military rations and came under fire during World War II to describe what it was like for the soldiers and sailors at war.

Syndicated columnist Ernie Pyle died, in a helmet and Army fatigues, among some of the troops whose names and hometowns he carefully included in his dispatches. “At this spot, the 77th Infantry lost a buddy,” read the makeshift sign posted at the place where a Japanese machine gun bullet felled him.

Those reporters told stories of war in all its gore and its glory, its exhilaration and its ennui. Others have laid bare the anxiety and doubts.

Veteran Vietnam correspondent Neil Sheehan broke the story of the Pentagon Papers, which showed how government officials deceived the public about the Vietnam war. Sheehan won a Pulitzer Prize for his book, “A Bright Shining Lie,” which chronicled the war’s impact on idealists who once believed in it, through the story of his relationship with an inside source.

Well before bombs started dropping on Iran and President Donald Trump began to tease the notion of a ground invasion, his defense secretary, Pete Hegseth, began putting obstacles in the way of the reporters with the most experience covering the nation’s military. While Hegseth’s moves haven’t stopped the reporters from doing their jobs, it has made it harder for them to keep the public informed.

As someone who worked as a Washington correspondent for decades, I worry that these obstacles could limit the number of reporters who have the experience with – and trust of – key sources to do the kind of in-depth, nuanced journalism that a war, with its price in lives and resources, deserves.

Corralling the watchdogs

Generally, war correspondents need the cooperation of the military they are covering to get to the front. For the U.S. press, that requires relationships and credibility at the Pentagon.

Early in 2025, Hegseth ordered major news organizations to give up their desks in the Pentagon press room to MAGA favorites. NPR’s desk went to Breitbart News. Roaming the hallways, where reporters sometimes found sources who would deviate from the company line, became verboten.

Eventually, the area in the Pentagon where reporters were allowed was circumscribed to a single corridor outside the press room – even though the public affairs officers who worked most closely with reporters were in an office on the other side of the 6½-million-square-foot building.

Then Hegseth conditioned the issuance of press credentials on reporters, effectively giving military brass the right to censor or sanitize their reports.

As a result, almost the entire Pentagon press corps, which included outlets ranging from The Associated Press to The New York Times to Fox News and USNI News, which covers the Navy, moved out of the building in October 2025. Some have been invited back for the press briefings Hegseth and Gen. Dan Caine, chairman of the Joint Chiefs of Staff, have begun to give on progress of the battle in Iran.

But after the first of these briefings, the Pentagon abruptly banned photographers from attending, reportedly because Hegseth’s staff found some of their images of him to be unflattering.

Secretary on defense

Gone are the off-camera “background” briefings where Department of Defense brass could give trusted reporters greater context and nuance for battlefield decisions. Gone are the impromptu hallway meetings where reporters have, with luck or persistence, picked up information that deviates from an administration’s agreed-upon script.

Also not in evidence, at least not so far: the deployment of the kind of journalistic embed program that the Pentagon used during the Iraq war to give the American people an up-close look at troops in the conflict zone.

How might that affect what you, the public, gets to know? It was a combination of an anonymous tip and insider access that led the legendary investigative reporter Seymour Hersh to break the devastating story of My Lai, the American soldiers’ massacre of civilians during the Vietnam War.

At the made-for-TV briefings he does hold, Hegseth devotes most of the session to questions from outlets such as the Epoch Times, The Daily Caller and LindellTV – owned by Mike Lindell, the head of the well-known pillow company.

At one recent briefing, one of the favored new cadre tossed Hegseth a shameless softball. Referring to American troops in the Middle East, the questioner asked: “What is your prayer for them?”

Yet as hostilities drag on, even some among Hegseth’s chosen press corps have begun to ask irksome questions about the war. The normally Trump-friendly Daily Caller ran a less-than-flattering piece about the president berating a reporter for asking about troop deployments.

On March 4, 2026, Hegseth accused journalists of focusing on war casualties to make “the president look bad.” On March 13, Hegseth castigated as “more fake news” CNN’s report that the Trump administration had underestimated the impact of the war on shipping traffic in the Strait of Hormuz.

“The sooner David Ellison takes over that network, the better,” Hegseth concluded, adding fuel to the speculation that a Trump supporter who won a bidding war for CNN’s corporate parent is going to turn the network into a more administration-friendly outlet.

Soon after, Federal Communications Commission chairman Brendan Carr threatened network broadcast licenses over coverage critical of the administration’s conduct of the war. Echoing Carr’s threats the next day: the president himself.

‘Be a Marine’

The Trump administration is not alone in its disdain for a free press: Israel has long been notorious for restricting press access from areas where it is conducting military operations.

Leaders of the theocratic Iranian regime are even worse; the country is cited by press freedom advocate Reporters Without Borders as “one of the world’s most repressive countries in terms of press freedom.”

But the United States has historically distinguished itself by making freedom its calling card, even – or perhaps especially – in wartime.

“The news may be good, or bad. We shall tell you the truth,” Voice of America, a U.S. government-launched radio network, promised – in German – in its very first broadcast to Nazi Germany in 1942.

Now, however, the Trump administration, is busy trying to undermine the editorial independence of Voice of America, which broadcasts news to countries that don’t have a free press.

Pentagon reporters are continuing to find ways to get around the propaganda. NPR’s Tom Bowman told me that he takes inspiration from a pep talk he overheard a military source deliver to another reporter crestfallen over the lack of access.

“Quit whining and be a Marine,” the official said. “Go over, under or around the obstacle. Find a way to do it.”

Most reporters and their organizations are doing just that, finding sources outside the administration, like the ones in Congress who told The Hill how much money the war is costing taxpayers per day. And they’re continuing to get information from sources on the inside, like the ones who told The Wall Street Journal that Trump’s military advisers warned him that Iran might block the Gulf of Hormuz, but that he opted for war anyway.

So far, neither Hegseth’s obstacle course nor threats from the White House and the FCC have stopped the press from reporting stories or asking questions that the administration would rather not see or hear.

But restrictions on press freedom have a corrosive effect. We already have seen how Trump, using lawsuits and licensing threats, has used his power to make corporate media owners think twice about pursuing news he doesn’t like.

Seasoned Pentagon reporters will still find ways to get to sources they already have. But Hegseth’s tactic of blocking press access to the military keeps reporters from developing new sources and keeps new reporters from building the relationships they need to become seasoned Pentagon reporters.

Americans have long been able to understand the triumphs and tribulations of American troops at war, and to make intelligent decisions about whether they approve of a war’s cost, because a free press has been able to tell the story – good or bad. That tradition is now at risk.

Kathy Kiely is Professor and Lee Hills Chair of Free Press Studies at the University of Missouri-Columbia

As if we needed any more evidence showing just how deep and thoroughly corrupted the Trump administration is. It’s an endless cycle of self-serving actions, pushed forward by bigots, grifters, and loyalists who sold off what was left of their souls and spines when Trump took office.

It’s an endless cycle of perverse self-involvement performed by people who openly loath America and Americans, but tout themselves as the only real patriots left. It’s an ouroboros, except the snake is sucking itself off, rather than symbolizing the live/die/repeat process that is supposed to iterate its way towards enlightenment.

I mean, look at this bullshit:

The Justice Department has reached an agreement with President Donald Trump’s former national security adviser Michael Flynn to pay him roughly $1.2 million to settle a lawsuit brought by the former general claiming he was politically targeted for prosecution during Trump’s first administration, sources familiar with the matter tell ABC News. 

Pay special attention to the phrase “reached an agreement.” That shouldn’t be there, much like everything else surrounding that phrase. Here’s Julian Sanchez, breaking down the perversity of this “agreement” succinctly:

Here’s what Sanchez said, for those of you who can’t see the embed or access the Bluesky post:

Just to be very clear: The Trump DOJ is stealing $1.2 million of your money to gift one of Trump’s cronies, who pled guilty to the crimes he was charged with, and whose suit against the government had already been tossed by a judge.

It’s not just the lifting of $1.2 million from the public’s wallet. It’s not just Trump deciding to reward a loyalist. It’s also that there should be no settlement at all. You don’t “settle” lawsuits that are no longer viable.

Flynn’s malicious prosecution lawsuit was tossed by a judge in 2024 after Biden’s DOJ responded to it. And it’s pretty difficult to both plead guilty to charges and claim the prosecution was malicious. It would be one thing if a jury rung Flynn up while his defense team maintained his innocence. But that’s not what happened here.

And that’s not the only thing that doesn’t add up… at least to anything else but patented Trump administration corruption.

Flynn previously pleaded guilty to charges brought by former special counsel Robert Mueller for lying to FBI agents during a January 2017 interview in the White House about his contacts with then-Russian Ambassador Sergey Kislyak. 

The Trump Justice Department under former Attorney General William Barr then moved to drop the case in 2020… 

This prosecution was already short-circuited by Bill Barr while Trump was still in office the first time. And then Trump pardoned Flynn on his way out the door following an election loss both Trump and Flynn continue to claim wasn’t a loss.

But that’s apparently not enough for Flynn. He also wanted up to $50 million for allegedly being maliciously prosecuted. He’s only getting a fraction of that but it’s far more than he deserves. Unless this is just Trump buying a bit more loyalty from a guy who’s just as determined to prove any election that doesn’t favor Trump or MAGA legislators is “stolen.”

According to information gathered by the House select committee that investigated the Jan. 6 Capitol attack, Flynn was among a number of advisers who urged Trump to seize voting machines after the 2020 election and said in media appearances that Trump should use the military to “basically rerun” elections in states that he had lost. 

Here’s what Flynn is doing now:

According to videos, photos and social media posts reviewed by ProPublica, the meeting’s participants included Kurt Olsen, a White House lawyer charged with reinvestigating the 2020 election, and Heather Honey, the Department of Homeland Security official in charge of election integrity. The event was convened by Michael Flynn, Trump’s former national security adviser, and attended by Cleta Mitchell, who directs the Election Integrity Network, a group that has spread false claims about election fraud and noncitizen voting. 

So, this is all very gross and ugly and being done right out there in the open by people who don’t care how this looks. When most politicians would at least balk at the appearance of impropriety, this administration absolutely revels in it. Yeah, $1.2 million isn’t even a rounding error in this deficit, but it still matters. The administration is repeating itself: if you lie, cheat, steal, or actually fucking raid the US Capitol building for Trump, you’re gonna be just fine.

Call me crazy, but I don’t think an official government app should be loading executable code from a random person’s GitHub account. Or tracking your GPS location in the background. Or silently stripping privacy consent dialogs from every website you visit through its built-in browser. And yet here we are.

The White House released a new app last week for iOS and Android, promising “unparalleled access to the Trump Administration.” A security researcher, who goes by Thereallo, pulled the APKs and decompiled them — extracting the actual compiled code and examining what’s really going on under the hood. The propaganda stuff — cherry-picked news, a one-tap button to report your neighbors to ICE, a text that auto-populates “Greatest President Ever!” — which Engadget covered, is embarrassing enough. The code underneath is something else entirely.

Let’s start with the most alarming behavior. Every time you open a link in the app’s built-in browser, the app silently injects JavaScript and CSS into the page. Here’s what it does:

It hides:

• Cookie banners
• GDPR consent dialogs
• OneTrust popups
• Privacy banners
• Login walls
• Signup walls
• Upsell prompts
• Paywall elements
• CMP (Consent Management Platform) boxes

It forces body { overflow: auto !important } to re-enable scrolling on pages where consent dialogs lock the scroll. Then it sets up a MutationObserver to continuously nuke any consent elements that get dynamically added.

An official United States government app is injecting CSS and JavaScript into third-party websites to strip away their cookie consent dialogs, GDPR banners, login gates, and paywalls.

Yiiiiiiiiiiiiikes.

And, yes, I can already hear a certain subset of readers thinking: “Sounds great, actually. Cookie banners are annoying.” And sure, there are good reasons why millions of people use browser extensions like uBlock Origin to do exactly this kind of thing. In fact, if you don’t use tools like that, you probably should. Those consent dialogs are frequently implemented as obnoxious dark patterns, and stripping them out is a perfectly reasonable personal choice.

But the key word there is choice. When you install an ad blocker or a consent-banner nuker, you’re making an informed decision about your own browsing experience. When the White House app does it silently, on every page load, without telling you — that’s the government making that decision for you in a deceptive and technically concerning way. And those consent dialogs exist in the first place because of legal requirements, in many cases requirements that governments themselves have enacted and enforce. There’s something almost comically stupid about the executive branch of the United States shipping code that silently destroys the legal compliance infrastructure of every website you visit through its app.

Then there’s the location tracking. The researcher found that OneSignal’s full GPS tracking pipeline is compiled into the app:

Latitude, longitude, accuracy, timestamp, whether the app was in the foreground or background, and whether it was fine (GPS) or coarse (network). All of it gets written into OneSignal’s PropertiesModel, which syncs to their backend.

The White House app. Tracking your location. Synced to a commercial third-party server. For press releases.

Oh and:

There’s also a background service that keeps capturing location even when the app isn’t active.

To be clear — and the researcher is careful to be precise about this — there are several gates before this tracking activates. The user has to grant location permissions, and a flag called _isShared has to be set to true in the code. Whether the JavaScript bundle currently flips that flag is something that can’t be determined from the decompiled native code alone. What can be determined is that, as the researcher puts it:

the entire pipeline including permission strings, interval constants, fused location requests, capture logic, background scheduling, and the sync to OneSignal’s API, all of them are fully compiled in and one setLocationShared(true) call away from activating. The withNoLocation Expo plugin clearly did not strip any of this.

So at best, the people who built this app tried to disable location tracking and failed. At worst, they have it set up to actually use. The plumbing is all there, fully functional, waiting to be turned on. And this is detailed, accurate GPS data, collected every four and a half minutes when you’re using the app and every nine and a half minutes when you’re not, synced to OneSignal’s commercial servers. For a government app. That’s supposed to show you press releases.

While it’s true that the continued lack of a federal privacy law probably means this is all technically legal, it’s still a wild thing for an app from the federal government to do.

And it gets better. Or worse, depending on your perspective. The app embeds YouTube videos by loading player HTML from… a random person’s GitHub Pages account:

The app embeds YouTube videos using the react-native-youtube-iframe library. This library loads its player HTML from:

https://lonelycpp.github.io/react-native-youtube-iframe/iframe_v2.html

That’s a personal GitHub Pages site. If the lonelycpp GitHub account gets compromised, whoever controls it can serve arbitrary HTML and JavaScript to every user of this app, executing inside the WebView context.

This is a government app loading code from a random person’s GitHub Pages.

Cool, cool. Totally normal dependency for critical government infrastructure.

It also loads JavaScript from Elfsight, a commercial SaaS widget company, with no sandboxing. It sends email addresses to Mailchimp. It hosts images on Uploadcare. It has a hardcoded Truth Social embed pulling from static CDN URLs. None of this is government-controlled infrastructure. The list goes on and on and on.

There’s way more in the full breakdown by Thereallo — this is just the highlights. The app is a toxic waste dump of code you should not trust.

Each of these findings individually might have a charitable explanation. Libraries ship with unused code all the time. Lots of apps use third-party services. Dev artifacts occasionally slip through. But stack them all together — the silent consent stripping, the fully compiled location tracking pipeline, the random GitHub dependency, the commercial third-party data flows, the dev artifacts in production, the zero certificate pinning — and the picture is software built by people who either don’t know or don’t care about the standards government software is supposed to meet.

Which brings us to the part that makes all of this even more inexcusable. The United States government used to have people whose entire job was to prevent exactly this kind of thing.

The U.S. Digital Service was created after the Healthcare.gov disaster during the Obama administration, specifically to bring real software engineering talent into the federal government. For over a decade, across three administrations — including Trump’s first term — USDS and its sibling organization 18F recruited experienced engineers, designers, and product managers from the private sector to build government technology that actually worked. These were people who would have caught a full GPS tracking pipeline sitting one function call from activation in what is supposed to be a press release reader, and who would never have loaded executable code from a random person’s GitHub account.

DOGE fired them. Elon Musk’s “Department of Government Efficiency” gutted USDS and 18F — the organizations that were actually doing what DOGE claimed to be doing — and replaced their expertise with… whatever this is. An app built by an outfit called “forty-five-press” according to the Expo config, running on WordPress, with “Greatest President Ever!” hardcoded in the source, loading code from some random person’s GitHub Pages, and shipping the developer’s home IP address to the public.

This is what you get when you fire the people who know what they’re doing and replace them with loyalists: a government app that strips privacy consent dialogs, has a GPS tracking pipeline ready to flip on, depends on infrastructure the government doesn’t control, and ships with the digital equivalent of leaving your house keys taped to the front door. But hey, at least it makes it easy to report your neighbors to ICE.

StackSkills Premium is your destination for mastering today’s most in-demand skills wherever and whenever your schedule allows. Now, with this exclusive limited-time offer, you’ll gain access to 1000+ StackSkills courses for just one low annual fee! Whether you’re looking to earn a promotion, make a career change, or pick up a side hustle to make some extra cash, StackSkills delivers engaging online courses featuring the skills that matter most today. From blockchain to growth hacking to iOS development, StackSkills stays ahead of the hottest trends to offer the most relevant courses and up-to-date information. Best of all, StackSkills’ elite instructors are experts in their fields and are passionate about sharing learnings based on first-hand successes and failures. If you’re ready to commit to your personal and career growth, you won’t want to pass on this incredible all access pass to the web’s top online courses. It’s on sale for $60.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Call me a sicko, but I’m almost always happy when a top-level government official’s communications get hacked. That’s because — in almost every case — either the official seems to be a bit shady, or holds a high-level position in an agency involved in some shady stuff. I mean, it’s not like hackers are targeting the head of HUD or the transportation secretary. They’re targeting people like Kash Patel, who’s currently mismanaging the FBI.

Sure, the reason these people are targeted is because their information is more useful to hackers and foreign adversaries. But there are plenty of hackers not tied to foreign entities that go after the same people with the goal of forcing the sort of transparency and accountability these people and the agencies they lead persistently resist.

(And I have no love for hackers targeting entire government agencies just to harvest sensitive info to engage in identity fraud or hold the data for ransom. Government agencies serve the public. Most top-level government officials — especially in this administration — are only serving themselves.)

So, it gives me no pleasure a certain amount of pleasure to report that Kash Patel has been hacked. Reuters was the first to report on the breach:

Iran-linked hackers have broken into ​FBI Director Kash Patel’s personal email inbox, publishing photographs of the director and other documents to the internet, the hackers and the ‌bureau said on Friday.

On their website, the hacker group Handala Hack Team said Patel “will now find his name among the list of successfully hacked victims.” The hackers published a series of personal photographs of Patel sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle ​of rum.

A picture is worth a thousand words. And I don’t mean to malign the messenger, but perhaps some better words might have been chosen to describe the photos seen by Reuters reporters. “Selfie with a bottle of rum” maybe doesn’t quite capture the entire essence of this photo, but it’s far less unwieldy than “making a face while taking a picture of himself in the mirror with a large bottle of rum.”

That bit of mild criticism aside, the report is a bit of a blockbuster. First, the FBI has already confirmed this hack by Handala, which seems counter to its usual insistence on pretending things didn’t happen and/or insulting the press for reporting on it.

Second, while it probably contains some juicy stuff from Patel’s Gmail account, it doesn’t contain the stuff we really want to see: his communications since being elevated to FBI director.

Alongside the photographs of Patel, the hackers published a sample of more than 300 emails, which appear to show a mix of personal and work correspondence dating between 2010 and 2019.

The FBI’s statement is correct in the fact that this breach seems to contain nothing more than “historical” communications. But the second part of the statement — that this “involves no government information” — cannot possibly be true.

This is from TechCrunch’s report on breach, following the journalists’ attempts to verify the contents of communications shared by Handala:

We used a tool to verify several emails in the leaked cache of files that were sent by Patel from his Gmail account. These emails contained cryptographic signatures that matched the messages, which strongly suggests that the emails we checked are authentic. In some cases, Patel appears to have sent emails from his former Justice Department email address in 2014 to his Gmail account. TechCrunch found that the emails sent from Patel’s DOJ account also appeared to be authentic.

Sure looks like “government information” to me. And it’s especially notable because Patel decided OpSec is for other people by routing DOJ email to his personal inbox. If he had just done the sort of stuff he would logically be expected to do as (in running order) a federal prosecutor and the goddamn deputy director of national intelligence during Trump’s first term, none of that would have ended up exposed by the Handala hack.

All of this makes it very difficult to believe the FBI’s assertion. Either it has already managed to look through everything accessed by the hackers (maybe?) or it’s just taking it’s boss’s word for it (probably). Either way, not a great look. But if we’ve learned anything from the multiple OpSec failures that have defined Trump’s second term, nothing will happen to Patel for violating internal rules governing official US email account security. No one will learn anything from this directly. But if there’s anything Iran can use against us slid between the cigar-sniffing and rum selfies, we — as a nation — might learn a few things indirectly.

Republicans spent three years suffering an embolism over Chinese influence over TikTok, but have suddenly gone mysteriously quiet now that $25 billion in Saudi, Chinese, and other foreign cash is helping to bankroll right wing billionaire Larry Ellison’s $111 billion acquisition of Warner Brothers. They’re also suddenly quiet about Larry buying up huge sections of the media environment (TikTok, CNN, CBS, HBO, Warner, Paramount), despite previously pretending to care about media consolidation.

There’s an opportunity for Democrats to highlight the hypocrisy here, provided they’re competent enough to message their concerns in a way that resonates with the press, public, and social media (not historically the party’s strong suit).

In a letter to the FCC, seven Democrats urged the agency to launch an investigation into Saudi and Chinese backing of the deal in the hopes of bringing some additional press attention to journalist-murdering autocracies being tightly intertwined with U.S. media and journalism:

“The national security concerns are specific and serious. Tencent’s relationship with the Chinese Communist Party is well-documented. Chinese law also requires domestic technology companies to cooperate with state intelligence services on demand. A Tencent stake in the parent company of CBS News and CNN, no matter how “passive” on paper, creates concrete avenues for potential foreign influence over the editorial independence of American broadcast journalism and content.”

Brendan Carr’s FCC will, of course, ignore the request. Brendan Carr spent years on cable TV hyperventilating about China’s distant proxy relationship with TikTok, but has since gone curiously silent despite China’s Tencent involvement in the deal.

Paramount is trying to avoid triggering CFIUS scrutiny of foreign influence by insisting that the three Middle Eastern sovereign wealth funds (Saudi Arabia’s Public Investment Fund (PIF), the Qatar Investment Authority (QIA) and the Abu Dhabi Investment Authority (ADIA) “have agreed to forgo any governance rights — including board representation — associated with their non-voting equity investments.”

We’ve noted how the U.S. right wing is trying to mirror Victor Orban’s assault on media in Hungary, which involved autocrat-friendly oligarchs buying up all the media companies while the government strangles independent truth-telling journalism just out of frame. Over long enough of a timeline, this trajectory routinely leads to first the arrest — and eventually murder — of journalists critical of party power.

Republicans are making obvious, steady progress in that goal so far, and will keep pushing until they run into opposition that consists of more than just feckless Democrat “concerns.” Democrats should be highlighting, at every opportunity, not just the potential soft power foreign influence over the deal, but the right wing’s unsubtle goal of widespread information warfare and control.

Even free of autocratic issues, the Warner Brothers Paramount deal is just generally terrible; the massive debt load is expected to trigger unprecedented layoffs across a Hollywood production industry that’s already reeling. The best chance for blocking the deal outright currently sits with a coalition of state attorneys general, though even they likely face a steep uphill climb without some significant political, press, and public support.

This week, our first place winner on the insightful side is Stephen T. Stone with a rebuke to someone defending the Fifth Circuit’s ruling about whether a cop could sue Twitter:

By the logic of the Fifth Circuit’s rulings, Donald Trump can and should be held responsible for the actions of the rioters on the 6th of January 2021. Is that the position you wish to take?

In second place, it’s a long comment from Azuaron disagreeing with many parts of our post about the verdict against Meta:

Hold up

I don’t wholly agree with this ruling or it’s implications–The Encryption Problem, in particular, is a terrible argument that has to die–but I really have to address this section because it’s not accurate:

The trial judge in the California case bought this argument, ruling that because the claims were about “product design and other non-speech issues,” Section 230 didn’t apply. The New Mexico court reached a similar conclusion. Both cases then went to trial.

This distinction — between “design” and “content” — sounds reasonable for about three seconds. Then you realize it falls apart completely.

Here’s a thought experiment: imagine Instagram, but every single post is a video of paint drying. Same infinite scroll. Same autoplay. Same algorithmic recommendations. Same notification systems. Is anyone addicted? Is anyone harmed? Is anyone suing?

Of course not. Because infinite scroll is not inherently harmful. Autoplay is not inherently harmful. Algorithmic recommendations are not inherently harmful. These features only matter because of the content they deliver. The “addictive design” does nothing without the underlying user-generated content that makes people want to keep scrolling.

Instagram has, I’m sure, thousands of videos of paint drying that, I’m also sure, have very few views. Those videos have very few views because part of Instagram’s algorithmic recommendation system is to not serve videos of paint drying to people, because the design goal of Instagram is maximum addiction and use, which would not happen if their algorithm only recommended videos of paint drying.

The scenario of “Instagram, but with videos of paint drying. Same infinite scroll. Same autoplay. Same algorithmic recommendations. Same notification systems,” is the scenario we’re in now where we do have people addicted, we do have people harmed, and people are suing. Constraining Instagram to have “only” videos of paint drying is a straw man because it nearly eliminates all the design decisions that caused the harm. So, yeah, if you eliminate all that design that causes harm, the harm isn’t caused, but that’s not what anyone’s talking about.

First, however, let’s start with what Section 230 actually says:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

No provider or user of an interactive computer service shall be held liable on account of—

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

There’s more that I believe isn’t currently relevant, but by all means look and correct me.

In every day language, what does 230 say? It’s a narrow carve out for responsibility based only on “providers are not necessarily publishers” and “providers can choose what content appears, or does not”.

Now, what are these lawsuits claiming? They claim (I’m going to speak to just Instagram here, but this applies to all the others as well):

• That Instagram, as a system, has been specifically designed to be addictive
• That Instagram, as a system, has been specifically designed to worsen the mental health of its users
• That Instagram, as a system, has been specifically designed to maximize user engagement at the expense of that user
• That children deserve additional protection–just like children get additional protection from advertisement–from hostile systems because their brains are still developing and they’re particularly vulnerable to it

None of those are content arguments, and saying, “But what if the content was paint drying?” is not relevant or helpful. People aren’t addicted to “a single Instagram video” or even “a single Instagram channel” (you can probably tell I’m not on Instagram; I’m sure they’re not called “channels”). People are addicted to the system of Instagram that feeds them content specifically tailored to maximize addiction and use, and feeds them content in a way that maximizes addiction and use. For some people that’s makeup videos, for some people that’s movie clips; the specific content is not the point. Hell, there’s probably one guy in Minnesota who’s hopelessly addicted to paint drying videos.

The problem, as with practically everything we’re dealing with in the world, is not single bad actors or individual responsibility. The problem is the system, and the system has, in fact as documented in court, been specifically designed to be addictive, to ruin people’s mental health, and to cause harm. The only way we’re going to be able to address this is by focusing on the system.

Finally, we’ve got to address this statement as well:

If every editorial decision about how to present third-party content is now a “design choice” subject to product liability, Section 230 protects effectively nothing. Every website makes decisions about how to display user content. Every search engine ranks results. Every email provider filters spam. Every forum has a sorting algorithm, even if it’s just “newest first.” All of those are “design choices” that could, theoretically, be blamed for some downstream harm.

Instagram’s targeted recommendation and addiction algorithm dark patterns are not the same thing as “newest first”. This is a slippery slope argument with no evidence that such a slope exists. If “newest first” was equally addictive and harmful, Meta would not have spent probably billions creating its various “engagement” systems. This is like saying a lawsuit against a restaurant that poisoned someone with puffer fish will lead to lawsuits against restaurants for selling salmon because they’re both fish.

Another example: we didn’t ban normal darts after we banned lawn darts, despite their similar design decisions, because of the key differences in their design decisions that resulted in clear and obvious differences in their harmful outcomes. No one’s going to get sued for “newest first” specifically because of how it’s different to the engagement algorithms.

The people and companies who make products have always been responsible for the designs of their products when those designs cause harm, from the lawn dart to the Pinto. And, we have long recognized that mental harms are harms: “Intentional infliction of emotional distress”, for instance, has been a recognized tort for decades. That we now have products that cause mental harm is new simply because we didn’t used to have the technology to create those products. But, “products have designs that cause harm” is not a new concept, and neither is “mental harms are tortable harms”.

Furthermore, “every editorial decision” is not now a “design choice”; just the design choices. Providers are–still!–not publishers or speakers of third-party content, and–still!–are not liable for moderation. Nothing in these lawsuits can be reasonably construed to impact decisions to publish–or not–specific content, which is all 230 protects. These lawsuits are, fully, not about the content, any more than California’s ban on Amazon’s dark patterns are a ban on having a web store. This lawsuits are fundamentally not about speech, because the problem is not the speech, but the system around the speech.

That some people might benefit from social media doesn’t negate the harm done to other people, nor make the company not liable for the harm it causes. No matter how many people found joy and friendship playing lawn darts with their friends, that doesn’t resurrect the kids who died, or replace the eyes that were lost. “Someone who was not harmed by lawn darts” would never be invited to a lawsuit about someone who was harmed by lawn darts; that just doesn’t make sense.

I’ve come down pretty hard, here, like I’m fully in favor of these lawsuits. While I definitely believe the nature of these social media sites is specifically designed to be harmful, and we do need a way to address that, ehhhhh, the plaintiffs in these cases made some pretty bad arguments. “Encryption is harmful”, well, guess what, lack of encryption is more harmful! We absolutely can’t be saying that companies are damned if they do, damned if they don’t, and we definitely don’t want to be restricting encryption. As rightly pointed out by the author, mental harms are complex, multifaceted, and it’s difficult to determine a reliable causality; I don’t know enough about the people in question to speak on the analysis that happened here, but it probably wasn’t sufficient. But, that doesn’t mean that such an analysis is impossible, and being on social media for 16 hours a day is certainly a compelling starting point.

So, more broadly speaking, what should we do about it? I don’t know! There’s a needle that needs to be threaded, and I’m not the one to thread it. The big algorithmic social media sites are really bad and I love every cut that someone gets against them, but there were certainly arguments being made on the plaintiff’s side (encryption? Come on!) that were pure BS and bad for everyone.

All that being said, one thing we absolutely must not do is misrepresent the actual harm and problems caused by the systems these companies created, and we need some kind of law or regulation to end it and make them liable for it. Hell, a basic goddamn privacy law would probably get us most of the way there on its own just by cutting down on the fodder that goes into their algorithms. Good luck to us all on that.

For editor’s choice on the insightful side, we start out with a comment from MrWilson about the Trump administration trying to rein in RFK Jr.:

Junior should check the schedule. There might be a bus coming and he might be under it soon.

Next, it’s frankcox with a comment about Brendan Carr lazily trying to ban all foreign routers:

Ban MS Windows instead?

If the objective is to increase Internet security with no regard to secondary/downstream ramifications, then wouldn’t it make more sense to ban Microsoft Windows?

MS Windows has been responsible for more security issues than any other single factor pretty much since from the first day showed up on the Internet.

Over on the funny side, our first place winner is MrWilson again, this time with a comment about learning HTML back in the early days of the web:

This comment is best viewed in Netscape Navigator 3.0.

In second place, it’s Thad with a comment about a bad take from the Washington Post editorial board:

Well jeez, if you can’t trust an unsigned editorial from a paper whose owner has actively and publicly interfered with its content to favor the Trump Administration, who can you trust?

For editor’s choice on the funny side, we start out with a comment from Pixelation about the deployment of “synergy” corporate speak to announce layoffs:

Pushing the envelope

Well, they can use those synergies and circle back to their core competencies, which will streamline the deliverables for a deep dive so they can move the needle. It will be a paradigm shift when everyone has skin in the game!

Finally, it’s Bloof with a comment about the court’s rejection of attempts to take down the DOGE deposition videos:

Once again biased judges fail to protect the most delicate treasure that america owns, the egos of unqualified white men promoted well beyond anything their mediocrity would justify.

That’s all for this week, folks!