Total Chaos at Meta
YouTube version: https://youtu.be/ItOENEWAy3s.
‘It’s Total Chaos Internally at Meta Right Now’: Employees Protest Zuckerberg’s Anti LGBTQ Changes
Meta Deletes Trans and Nonbinary Messenger Themes
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
Online Behavioral Ads Fuel the Surveillance Industry—Here’s How
People Think AI Images of Hollywood Sign Burning Are Real
An Amazon Delivery Confirmation Photo Is the Last Time a Palisades Resident Saw Her Burnt Down House
‘We’re Fine’: Lying to Ourselves About a Climate Disaster
Subscribe at 404media.co for bonus content.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Listen and follow along
Transcript
CRM was supposed to improve customer relationships.
Instead, it's shorthand for can't resolve much.
Which means you may have sunk a fortune into software that just bounces customer issues around but never actually solves them.
On the ServiceNow AI platform, CRM stands for something better.
With AI built into one platform, customers aren't mired in endless loops of automated indifference.
They get what they need when they need it.
Bad CRM was then.
This is ServiceNow.
Hello, and welcome to the 404 Media podcast, where we bring you unparalleled access to hidden worlds, both online and IRL.
404 Media is a journalist-founded company and needs your support to subscribe.
Go to 404media.co, as well as bonus content every single week.
Subscribers also get access to additional episodes where we respond to their best comments.
Gain access to that content at 404media.co.
I'm your host, Joseph, and with me are 404 Media co-founders, Sam Cole.
Hi,
Emmanuel Mayberg, hello, and Jason Kebler.
Hey, good to be here.
Yeah, good to be here.
Jason, let's see the turnaround for the viewers at YouTube.
I want to see the merch.
Actually, this is the first time I'm seeing it.
It's beautiful.
Wow, wow, wow, wow, wow, wow, wow.
And for audio-only listeners, Jason is wearing the
sort of the sweatshirt of
our new merch, which Jason, you wanted to give us an update on that briefly before we get to this week's stories?
Yeah, so a few things.
I guess I've mentioned this a lot, but I mail out all the merch from
my garage.
And so, because of that, and because we're not like an e-commerce business, really,
we've been ordering not that many of each size of thing that we've bought.
And
very excitingly, like
we just got a lot of merch in stock and a lot of it is already sold out,
which we were not expecting and we're very thankful for.
So
I mailed like a hundred packages yesterday, which is a lot.
But we're out of a lot of the sizes and things like that.
We are going to try to restock as quickly as possible if you're interested in buying merch.
And
again, like one of the reasons why I don't keep a lot in stock is because it takes up a lot of space in my apartment.
And now we have like hoodies and sweatshirts and three different types of t-shirt and keeping all the different sizes has been like really hard.
So I know a few people have asked like, why don't you have XYZ size?
And that's because other people bought them, which is very, very thankful.
But we are going to reorder.
And I think that we're probably going to look into just like a different solution that will allow us to keep different sizes in stock
for longer.
So there's that.
Yeah.
If you go to our website for media.co at the top, there should be a merch tab, and you just click there.
It'll
take you to our Shopify, and you can order there.
And definitely looking forward to wearing the merch myself as well.
Let's get to this week's stories.
The first one is one that Jason wrote.
The headline is, it's total chaos internally at Meta right now.
Employees protest Zuckerberg's anti-LGBTQ changes.
This is sort of a follow-up to what we spoke about last week, what we covered last week, but of course, well, essentially every tech publication is covering because it's hugely important in that Mark Zuckerberg and Meta came out and they announced these sweeping speech policy changes and content moderation changes, in that they are lifting restrictions, as they phrase it, on some topics which are out of touch with mainstream discourse, which is how Zuckerberg phrases it.
I know that because I just watched the video, because I'm writing my own article about Meta at the moment.
And those include immigration, sexual orientation gender identity and sort of the top line takeaway is that yeah sure on facebook and instagram you can now just go and say that oh you're a you know gay people are mentally unwell trans people are mentally unwell or whatever um obviously it's not just the gender identity and the sexual orientation stuff that's just more what sort of came up in this article so that those changes will happen jason has been getting a ton of leaks from inside Meta, pieces last week, and then these more recent ones.
But Jason, how many Meta employees did you talk to for this one?
And, you know, what were they telling you about the reaction inside Meta to these policy changes?
Yeah, you're right.
We did talk about this last week, but it's continued to be like probably the biggest story in tech.
So we're going to talk about what's changed.
For this story, I talked to five people
who are current employees at Meta, but I also got tons of screenshots, sort of like of the internal reaction to these changes.
And so, you know, I spoke to and interviewed five different people, but then I also had screenshots that represented like hundreds of different comments from people who say that this change is going to make people less safe, that it is sort of, well, it's very interesting because Mark Zuckerberg said that he's anyone who leaves the platforms because of these sorts of changes is virtue signaling.
But this is part of like an entire
news cycle and shift at the company to virtue signal to the incoming Trump administration that Meta is going to like more closely align with that company's policies.
And I'm allowed to leave a platform if I think people are going to give me shit.
Like, why do I have to stay at your platform if I'm going to face that abuse myself?
or if my friends or my colleagues or whoever?
It's ridiculous to frame it like that, but sorry, continue.
Yeah, I mean, I think
there's a lot to it, which I think is why we wanted to talk about this again, which is the broader context that this is all happening in
is like
Mark Zuckerberg has been a punching bag for conservatives for a long time.
We've written a lot about this over the years.
Like Ted Cruz, for example, was obsessed, just absolutely obsessed with the fact that Facebook once deleted a Chick-fil-A appreciation group as like hate speech or something,
to show that, you know, Meta was biased against conservatives.
And Joseph, you and I did a really big story about how content moderation used to work at Facebook.
And it was clear that this was some sort of mistake.
The company said it was a mistake, but there's like billions of users posting all sorts of stuff all the time.
And so things get taken down by mistakes sometimes.
And
sort of like in the wake of Elon Musk saying, hey, there's no rules at all on Twitter, more or less.
You know, he's become Trump's best friend, more or less.
And there's a rivalry between Musk and Mark Zuckerberg.
They probably will never do an MMA fight, but they've discussed it at length.
Well, that's because that's something that Musk can't fake.
He can fake all he wants in Path of Exile 2 or Diablo 4, but you can't fake throwing a punch in MMA.
That's a good thing.
Zuck would also definitely win.
Not that it matters, but it's like Zuck has spent the last like several years just like obsessively training MMA, whereas like Elon, I don't know what he does, but he like plays video games and tweets all day.
But he doesn't even play video games.
He's a
alien.
Yeah.
That's a different story that I covered, which we're not going to talk about because I'll get really, really mad about it.
But that's that's the context.
So there's that, but then there's also the TikTok ban, which is like TikTok is the biggest competitor to meta right now.
Like,
you know, TikTok is destroying Instagram reels, at least among a certain subset of users.
It's a better platform.
It has a better algorithm.
There's less like insane stuff on there.
And Zuckerberg.
has been for years talking about how the US needs to beat China, blah, blah, blah.
Meanwhile, Trump has signaled that he's like not that interested in a TikTok ban.
But meanwhile, Zuckerberg is like going to Mar-a-Lago twice.
He's like sucking up to Trump.
He's moving the entire company to the right.
And we haven't written an article about this, but like I think that part of this is
Zuckerberg thinks that he can possibly
help get this TikTok ban over the line, like get it, get it banned.
Then one of his biggest biggest competitors is no longer in the U.S.
And he's like more closely allied with the Trump administration, blah, blah, blah.
He went on Rogan.
He talked all about like the U.S.
government and the Biden administration attacking him for years.
He's just like doing full-on like right-wing talking points at this point.
And I mean, just on that, because you brought up the Rogan podcast.
We have our resident Rogan whisperer, Emmanuel, who listens to all of the Rogan podcasts, because I'm not going to do that.
And I appreciate that he sits through them and interprets them for me.
Emmanuel, did you listen to the Zuckerberg Rogan podcast?
And sort of, what was your takeaway from that?
I listened to most of it, and it was very frustrating because most of it was
what Jason is describing and kind of
very transparent, appealing to the incoming administration and positioning of the company where I think Zuck sees the American mainstream, which is more to the right, obviously, because Trump won the election.
And it's frustrating because, like, the Rogan style of interviewing is, with the exception of people who are like anti-marijuana, he will not push back on anything.
He kind of just like flows with the views of whoever he has on.
He's not a confrontational interviewer.
I do think that it is worth listening to Zuckerberg when he talks about the Biden administration pressuring him to remove certain content from the platforms.
Like
most of this stuff is referring to like COVID era misinformation or perceived misinformation, but like even putting the merit of
those posts or the removing of those posts aside, I think it is, and I'm asking the rest of you if you agree, but like the fact that
the current administration would email
a social media company and pressure them to remove this type of content or that type of content is notable and it's kind of scary.
And I totally understand him
if he at first capitulated entirely to those pressures because of the panic around COVID and people weren't sure what is dangerous misinformation and what isn't.
And then, kind of having an awakening and being like, wow, that was like a really scary moment for me as a CEO of like a major social media company that has influence over billions of people.
Like, I think that's a fair thing to,
you know, bring up and be upset about and want to have better, different policies around.
I'm not saying that the current policies that he has are those policies, but kind of
pushing back on that, I think, is a legitimate thing.
What do you guys?
Yeah, I mean, I guess what I was going to say is that it's very interesting because I see this primarily as like literally virtue signaling.
Some people have called it vice signaling.
It's whatever, doesn't matter.
But it's like,
as we've written millions of times, it's like Meta's
content moderation is horrible and it has been horrible for a long time.
There was a period many years ago where it was slightly better, but they have like laid off these content teams.
We find horrifying shit on Facebook and Instagram all the time.
They like very rarely remove this stuff.
They take down stuff that they shouldn't be removing all the time, such as our articles and links to competitors' websites and like all this sort of thing.
So I think that like in practice,
like the content moderation situation is a disaster and has been for a long time.
And
the
administration like pressuring them to take stuff down, it's just like, it feels like some sort of like self-owned by the Biden administration, which is like not super shocking to me.
But I think that this entire like host of changes, the getting rid of fact checking, which is like a terrible program, should have never happened, should have never like existed because it was so shitty and like was checking the wrong things and was done by people who like I don't think did a very good job.
I just think that like rolling all of them out at the exact same time immediately before Trump takes office in this broader context is like
that that's the story.
The story is like meta mask off meta goes MAGA, the topic of like 15 different podcasts that I've seen before and things like that.
But it's like, I don't think that
I don't think meta platforms were a safe place for LGBTQ plus people.
I don't think it was a terribly like safe place for immigrants.
I don't think it was a safe place for sex workers.
We've written about it a lot.
And I think that to some extent, them saying like, we're not, we're overtly not going to care about this stuff anymore will have impacts and bad ones.
But at the same time, it's not like they were some bastion of like
good
policy before this.
I don't know, Sam, what do you think?
Yeah, I mean, the mask off thing is interesting because it's like, did you prefer the mask?
Like, it was still the case in a lot of ways.
Like, at least now, maybe they're being real about it.
But yeah, I mean, like, there's, like you said, there's been a million different
pieces, like, tearing this apart as part of like, like, Zuckerberg's effort to like align himself with Trump.
And it's not just like, I mean, it is partially like
big tech.
owners want to be
in bed with whatever's in power, whatever party's in power, whoever's in power.
It's also like
Zuckerberg's been like dragged in front of Congress several times in the last four years and like
has a lot of like antitrust criticism against him and stuff like that.
So
I think he's, he's like, this is my actual like
company on the line.
Like, or like, it was a conversation for a while.
I think it's not anymore, but whether or not Facebook as a monopoly was going to get broken up.
I think now that's not only off the table, it's like he's making sure it's not just like my company is going to be solid forever.
It's like my company is going to be like favored by the administration.
And also I'm going to have a lot of like lobbying leeway and I'm going to have a lot of like power in those rooms.
So it makes sense.
And yeah, the MMA thing is really interesting because like he's been hanging out with those guys.
And like obviously, obviously they have had some influence like was radicalized by MMA.
I don't know, but
yeah, I believe it's like a degree of like self-radicalization mixed with he's always been this way.
He's like a Silicon Valley billionaire, but he was wearing that mask.
And then one other thing he said on Rogan, and he, and there was a really good article in The Atlantic by Charlie Warzell about this with the title, We're All Trying to Find the Guy Who Did This.
It's like Zuckerberg has been professional victim player,
acting like these things, such as these fact checking programs, their content moderation policies, like all sorts of other things are things that like somehow just happened to Meta that he had no role or decision over.
And it's just like, he did all of this stuff.
Like he's the CEO of the company.
He's been the CEO since day one.
Meta, you know, oversaw
like credibly accused of sort of like overseeing a genocide in Myanmar.
It's just like, this is not, it's his fault.
It's been his fault the whole time and it will continue to be his fault.
And the last thing I'll say on that is like, there's also, Trump was also suing him over being banned in the aftermath of January 6th.
And there's some speculation like,
you know, Zuckerberg is groveling to him to drop that lawsuit or to settle that lawsuit or something.
And so we have some corporate bribery occurring as well, possibly.
It's just like, the whole thing is crazy.
Well, and saying that he could be in prison, it's like
I'm gonna put Zach in prison for the rest of his life.
Um, Emmanuel, what are you gonna say?
Something everyone should be in prison involved in this,
they should be in there together.
Yeah, the thing that I wanted to add is that
it is
more Mark's fault than it is anyone else's fault.
But
how bad Facebook is now, I guess you can also say,
is a societal failure.
Joe, you and Jason wrote this really deep dive into Facebook moderation.
I think it was in 2019.
We mentioned this piece a couple of times.
And the point of that piece, in my opinion, correct me if you have a different view on it, is that at the time, Facebook was trying really hard, or at least pretending to try really hard to be good moderators of its platforms, but it was an inherently impossible job, which I believe was the title of the piece.
And that's because the platform is too big, it owns too much of the internet, it's in too many parts of the world, and you can't have like concentrated power properly moderate all these different territories, all these different languages with different cultures, with different politics where things have contradictory meanings than they do in other locations, etc.
And that's a really good point and good article.
But that itself is a result of a failure of, I suppose, the FTC, right?
When in the 2010s, Facebook was on this spree where it had challengers.
And whenever it had a challenger, Facebook just bought it, right?
It bought Instagram.
It bought WhatsApp.
It copied and essentially killed a lot of the power that Snap had.
And I agree with Jason that a lot of what we're seeing now is maneuvering against like actual competition that we're seeing from TikTok, right?
And that this appeal
to the right, as Sam said, is pushing
against a solution to the inherent problem, which is like antitrust, right?
It's like for a few years now, we've heard kind of bipartisan support for antitrust moves against Facebook.
You had it from the Democrats who thought there was misinformation and abuse on the platform.
And then you had it from conservatives who,
you know, thought that their conservative opinions were being silenced.
And when Democrats are in power,
he goes before Congress and he pretends like they're trying to do a really good job moderating.
And now that Republicans are in power, he just is going to pretend like he's the most right-wing MAGA social media CEO that ever was.
And I mean, I don't think it could be any more obvious than that.
He's just trying to neutralize the lawmakers that who are now in power and previously said that they're going to, you know, break up his company.
So now he's saying the exact opposite of everything he said previously.
And, you know, I've listened to his justifications on Rogan and everything.
And
I think you can, I don't know, you can find a way to believe that story, but the actual reason is so obviously there on the table.
Yeah, it's very interesting because they're also like a super imperialistic company, obviously.
It's like they want to be in every country.
They want to be all things to all people everywhere across the entire world,
across every every language, blah, blah, blah.
And it's like,
you know, you don't have to do that, but they like are insistent upon being that.
And they're like very bad at,
like, despite all this, they are an American company.
Their focus is in the United States.
They make the vast majority of money in the United States because ad revenue is higher in the U.S.
for like fucked up, you know, economic reasons where the U.S.
is a richer market.
And so they can charge more.
And so you get these situations where where like people in other countries especially are fucked because they don't have as good of protections and like
meta does whatever it wants.
And I think that Zuckerberg here sees an opportunity for like,
you know, Trump who wants to buy Greenland or whatever and like,
you know, tariff everyone.
He sees an opportunity for to use the United States government as a shield.
And he specifically brought that up in Rogan, where he was like, the EU has been finding all of these American tech companies and the Biden administration hasn't protected us.
And in fact, the Biden administration was the tip of the spear attacking us, like is a specific thing that he said.
And
I don't know the extent to which like the Trump administration can protect Meta from EU fines and EU regulations and things like that.
But I think he sees an opportunity for like
if I super align myself with this very like nationalistic president, perhaps he can like
beef with France or the, or Switzerland or the EU or whatever to prevent my company from getting fined in the future.
Like, I think it's that simple.
It's like, how can he protect his company and make the, continue to make the most money with the least interference globally?
Yeah, I buy into that super cynical reading of it as well.
It's just that simple, really.
Speaking of gluing onto different administrations, I have a thought on that, but we'll take a quick break.
And then when we come back, we'll finish talking about this story and our other story as well about location data.
We'll be right back after
this.
It's a new year, so it's time for new actions.
That might mean starting a new business, launching a new line, or optimizing the business you already run.
For us, this means a total refresh of all of 404 Media's merch, which we could only do with Shopify.
Make this year different and better with Shopify.
The best time to start your business is right now.
Shopify makes it simple to create your brand, open for business, and get your first sale.
Get your store up and running easily with thousands of customizable templates, no coding or design skills required.
All you need to do is drag and drop.
Shopify's powerful social media tools let you connect all your channels and create shoppable posts and help you sell everywhere people scroll.
Shopify makes it easy to manage your growing business, helping with shipping, taxes, and payments from a single dashboard so you can focus on growing your business.
What happens if you don't act now?
Will you regret it?
What if someone beats you to the idea?
Don't kick yourself when you hear this again in a year because you didn't do anything now.
With Shopify, your first sale is closer than you think.
Established in 2025 has a nice ring to it, doesn't it?
Sign up for your $1 per month trial period at shopify.com slash media, all lowercase.
Go to shopify.com slash media to start selling with Shopify today.
Shopify.com slash media.
2025 is here and Mint Mobile has a resolution for you.
Skip the gym, skip the fad diets, skip the BS resolutions you'll forget about by next month.
Instead, make a resolution to save some serious cash by making the switch to Mint Mobile.
And right now, you can get half off their three-month unlimited plan.
Mint Mobile gives me an incredible nationwide network with none of the headache and most importantly, the cost of my old provider.
It's time to leave your overpriced wireless plans, jaw-dropping monthly bills, unexpected overages, and all of their other other BS in 2024.
Mint Mobile is dropping huge savings for the new year by offering any three-month plan for only 15 bucks a month, even their unlimited plan.
All plans come with high-speed data and unlimited talk and text delivered on the nation's largest 5G network.
You can even bring your current phone and your number.
Ditch overpriced wireless with Mint Mobile.
It's so easy.
Sign up online and get three months of premium wireless service for $15 a month.
Switch to Mint Mobile and new customers can get half off an unlimited plan until February 2nd.
To get your new wireless plan for just 15 bucks a month and get the plan shipped to your front door for free, go to mintmobile.com slash 404 media.
That's mintmobile.com slash 404 media.
$45 upfront payment required equivalent to $15 a month.
New customers on first three-month plan only.
Speed slower abovety gigabytes on unlimited plan.
Additional taxes, fees, restrictions apply.
See Admint Mobile for details.
You say you'll learn a new language every year, but few of us actually commit to it.
Babel makes it easy for you to learn one in less time than you think.
This year, speak like a whole new you with Babel, the language learning app that gets you talking.
Learning a new language is the pathway to discovering new cultures.
So why not embark on learning something new?
Babel's quick 10-minute lessons handcrafted by over 200 language experts gets you to begin speaking your new language in three weeks or whatever pace you choose.
And because conversing is the key to really understanding each other in new languages, Babel is designed using practical real-world conversations.
Spending months with private teachers is the old way of learning languages, and nothing screams tourist like holding a phone translation app up to your face all day.
With a focus on conversation, you'll be ready to talk wherever you go.
Last year, I used Babel to learn Italian before my trip to Rome, allowing me to better connect with the people I met.
This year, I'm brushing up on my rusty Spanish before a trip to South America.
This year, get talking with Babel.
Let's get more of you talking in a new language.
Babel is gifting our listeners 60% off subscriptions at babel.com/slash 404.
Get up to 60% off at babel.com/slash 404.
Spelled b-a-b-b-e-l dot com slash 404.
Babel.com/slash 404.
Rules and restrictions may apply.
All right, we're back.
To bring it back to
the story that Jason did, one thing that's bothering me is Mark Zuckerberg's quote where he says, you know, we're lifting these restrictions because
the restrictions are just sort of out of touch with mainstream discourse around gender identity and immigration, sexual orientation, and that sort of thing.
And as I think we've established with all of that context, you all very clearly laid out.
When he says mainstream discourse, he's talking about Trump won the presidency, but it's just a very, very easy
crutch that he can rely on.
And, you know, there are some very horrible people in the world.
There's very, very horrible people on Facebook.
I don't know if the majority of people participating in that discourse are like itching to get onto Facebook to call gay people mentally unwell.
Like, I don't think people are like, oh my God, finally I can do that.
You know, like the vast majority of people support gay marriage and that number goes up and up.
The idea that you can just say, oh, well, we're just reflecting mainstream discourse no you are creating the environment for that discussion as well um for good and for bad but bringing that up to bring us back to jason's piece you speak to these mesh employees with all of that context happening and all of these changes um
there's a real mix of things they tell you right i mean some are joking where they say on this internal message board well i'm lgbt and mentally mentally ill so i'm going to take the rest of the day off, if you don't mind.
What are some of the other things that people are saying?
And I think there's one here that I've just highlighted in our Google Doc, which is
sort of that mainstream discourse bit I'm talking about, where,
okay, these comments about trans people or whatever, they don't even reflect mainstream scientific consensus.
Yeah, I mean, they don't.
And
what you're highlighting is people are very interested in how this policy was made.
The New York Times had a report that basically like Zuckerberg directed this
decision alongside a couple, like very few, like maybe like six top executives, which is not how policy is normally made at meta.
Like I sat in on a policymaking decision
where there were like 200 people on a call and I was in a conference room listening to it.
I reported on this for motherboard back in the day and it was about the Tide Pod Challenge and it was specific, which is where like teens were allegedly eating Tide Pods.
And literally they were like, well, did we consult like eating disorder experts?
Did we consult poison control?
Did we consult like these teen safety organizations?
What did they say?
And this was like months after the Tide Pod challenge had gone viral and then already wasn't viral anymore.
It was like a very long process that was very considered.
And so people were like, why didn't you do that for the LGBTQ changes here?
It sort of didn't go through normal meta protocol.
And then also, it's just like, I talked to one person who said, quote, it's total chaos inside meta.
People have been threatening to quit.
Some people have quit.
One person said, I would resign in protest if I hadn't already resigned, meaning that they had recently like put in their two weeks notice and
were in that period.
And then also, there were a few people who
were team leaders who talked to me and sort of said, My team is very, very, very upset about this.
So
there's that.
And then there's another story that I did sort of immediately after this about Meta deleting trans and non-binary messenger themes, which is like a public-facing thing where in your DMs
with messenger, you can change the color scheme.
And Meta announced these during Pride Month a few years ago to like much.
I mean, people who pay attention to this sort of thing, like Meta product updates, like there's a pretty big rollout.
There's like a video, a live stream.
There were like non-binary employees talking to the Trevor Project, which is an LGBTQ rights organization.
And they just kind of like deleted that.
They got rid of tampons in the men's bathroom in their offices
for
trans people who were using them.
And this is, it's just all part of like a concerted,
like timed shift, right word.
That's all happening at once.
And I think part of it is like
these are not going to be popular changes for many of our employees, for many of our users.
They also announced they're not going to do
diversity.
They're not going to consider diversity in hiring anymore, which is like a big thing.
Yeah, they're just like rolling back all sorts of things that they have rolled out in the last few years.
And I think they're trying to like do it all at once, just to one, rip the bandaid off and two, signal to the incoming Trump administration, like
we're here to be, we're here to support your cause.
Whatever you want to do.
Like, so Meta deletes this trans and non-binary messenger theme, which is just, you know, a color theme and a messenger.
And then the same way you could download stickers or whatever in different apps.
It's a purely cosmetic thing,
but crucially, a way for people to express themselves, you know, and
I thought Zuck said we're lifting restrictions because we want more free speech.
And then, no, but not that free speech.
We've got to delete this thing where people can express.
uh their sexual orientation or gender identity anyway as stupid as that is did meta
because you you get details about this and you write it up and you obviously always ping Meta for comment.
Did they tell you why they had removed this theme from Messenger?
Do they give you a reason?
It's interesting.
They didn't comment on this.
They didn't respond to this.
They usually respond to me and they also didn't respond to the New York Times when the New York Times asked about this.
So they haven't spoken about it specifically.
It's like, literally, what would your response be?
If I'm like going to put on my sort of PR hat and just put myself in their shoes, it's like, yeah, we got rid of it because it's,
I don't know, dangerous.
It's like complete bullshit.
So yeah, they don't have a response.
They don't have anything to stand on.
Yeah, I did have an internal message from an employee who sort of like worked on this sort of thing and has been messaging this across the company, like on these internal boards.
And they were just like,
we're trying to like bring it more in line with
it was some corporate speak where it was basically like, oh, we have too many themes.
And so we're like consolidating them, blah, blah, blah.
But it was like, I wouldn't put much credence into it.
We didn't say this before.
And I promise I'll keep this quick, but like the cruelty of the specificity of these changes is the point.
I think it's just like, they don't need to have, we've talked about why they've had, have to have, or they think they have to have like specific.
content moderation guidelines, but like signaling the exact specific things that you can say about a trans person or that you can say about an immigrant or a gay person, like they do not need to be so specific.
And I think that by being so specific, they're causing like more harm than good, honestly.
Being like, yes, you can like say this type of person is quote trash, but you can't call them like something else is like, it's not necessary.
It's just not because they're not
When they were trying to do a good job at content moderation, maybe that specificity was was needed, but they're not even trying to do a good job anymore.
And therefore, it's just like, well,
if you're not going to moderate a lot of stuff, why do you need to say that?
Yeah.
Since they didn't give you a response to that messenger themes one, I'll just read out a quick quote from them, which was in your earlier story, where there's all this internal chaos and people are...
commenting on the internal threads.
A member of the policy team told employees in the thread that, quote, our core values have not changed, end quote.
And another quote was:
The changes to our hateful conduct policy seek to undo the mission creep that has made our rules too restrictive and too prone to over-enforcement.
Reaffirming our core value of free expression means that we might see content on our platforms that people find offensive.
Yes, those changes not only open up conversation about these subjects, but allow for counter speech on what matters to users.
Yeah, counter speech, because when somebody's yelling at a gay person, you're mentally well, oh, I'll stay here and have a nice civil chat with these.
No, it's fucking ridiculous.
This isn't how speech works.
Anyway,
Jason, anything else you want to add on that before we move to location data story?
Okay.
No, no, no.
I just want to add that.
Wow.
Okay.
During the Rogan interview, Rogan says, I'm really happy you got into MMA because it seems to have really changed you.
And he's like, yeah, for sure.
And then Rogan says, you know, what's really good about MMA it's that you know you can kill someone with your hands and Zuck is like yeah
so I feel like we should have let us that
yeah
just imagine Zuckerberg killing you in a in a in a triangle hold the first time he went on Rogan uh Rogan asked him what his biggest life's regret was and his answer was that he didn't wrestle in college because uh blah blah blah and this was like pretty soon after the Rohingya genocide incident.
And it's like, that's your biggest regret.
That's your biggest regret.
Good, good one.
Yeah, leaving some stuff on the table there.
All right.
We'll leave that there.
This second story we're going to chat about.
This one I wrote.
The headline is Candy Crush, Tinder, MyFitnessPal.
See the thousands of apps hijacked to spy
on your location.
I guess I'll just give a quick description of
where this data comes from.
So
Gravy Analytics is
a pretty important company in the
location data industry.
And by that, I mean they get lots of location data through various different means, from apps, from different companies, blah, blah, blah.
And then they'll do all sorts of stuff like, well, you can buy the data to see how many people went to this McDonald's or whatever or this business.
And we call that footfall traffic, and that's very, very normal.
That's sort of the commercial side.
They also have
a subsidiary called Ventel,
which listeners may already be aware of, which I've reported many times, and really great reporting in the Wall Street Journal as well and other places, is that Ventel sells that same data essentially to the government.
So that's the FBI,
the DEA, DHS, including ICE and CBP.
IRS
is in there as well, I think, although they tried to do it for some things, it wasn't so successful, blah, blah, blah.
But anyway, that company got hacked, Gravy, and there was a bunch of data published online.
Not all of the data stolen.
It was
basically an extortion effort saying, here are samples of the information.
Please contact us referring to Gravy.
And then we will potentially negotiate, you know, a ransom, a sort of a data dump and extortion rare comment
nowadays.
But yeah, there was a ton of
different files in there.
And I think, Jason, you want to ask about, you know, I guess more specifics on what it was really, right?
Yeah.
So this is like pretty complicated story.
Like you said, you've been reporting on this for a long time.
But
I guess, first of all,
what what specifically was hacked?
Because there was like a big sample that came out, but there was also
allegedly like terabytes of data that may
exist, may or may not exist, but has not come out yet.
Like what, what do you, what did you report on and what do you have so far?
Yeah.
So Gravy's now confirmed the hack, uh, both through a statement, not to me, they never respond to my emails.
I think they gave it to our friend Lorenzo at TechCrunch, but they never get back to me.
And they've confirmed the breach that way.
They also confirmed it through regulatory means with the Norwegian Data Protection Authority.
I think it's partly a Norwegian company.
And you know, when you get hacked, you have to tell them under GDPR, that sort of thing.
And in those disclosures, what they said is that hackers gained access to an AWS instance, Amazon Web Services,
where presumably a ton of data was being stored.
Now, the hackers said they had something like 17 terabytes of data, and that's what they were threatening to release.
And a lot of that would be location data.
We haven't seen that data because since then, the post on the underground Russian language forum called XSS,
where I first learned about this through somebody who told me about it,
that post was made private for about 24 hours and then it was deleted.
Don't know if Gravy paid the ransom, but security researchers are speculating, at least some of the ones I've spoken to, that, you know, it's potentially indicative of that.
What they did release and what I got a hold of and what research and other journalists are going through is, I don't know, maybe it's like 1.5 gigabytes, something like that.
Definitely not the biggest thing in the world, but
there's a lot of location data in there, which are simply coordinates of phones.
I've seen ones in Russia,
in Russia.
in Europe,
and then the US
as well.
And you plot these on the map, and it's
very damning, very, very scary, all of that sort of thing.
But for me,
it was a lot more interesting to look at the apps that were also mentioned in there as well.
Yeah, so it's this gigantic list of apps, like really, really, really long.
It's several thousand
lists of apps.
It includes things like Tinder, MyFitnessPal,
almost like Candy Crush, obviously, and almost anything you can think of.
And then, like, zillions of apps that you would not think of because they're small mobile games or they're prayer apps or they're Bible apps.
Like, there's all sorts of things.
You know, in the past, when you've reported on location data,
I feel like
some of the apps were selling
data to data brokers.
They were collecting GPS data surreptitiously and they were selling it.
In this case, that's not how this data was being harvested.
You want to explain that?
Like what?
Yeah.
Yeah.
So when I've covered it before, say in the case of an app called Muslim Pro,
which was an Android, I think an iOS
iOS app,
and baked in there was something called an SDK, a software development kit.
And this was code from a location data company that was basically like, you give us your user's location, we'll give you a certain amount of money.
So you're basically selling your users' location data.
That was pretty common back in the day.
I think it's potentially less common now after there's been a lot of reporting about it.
But you have all of these SDKs embedded in all of these apps.
And of course, the app developer knows because they're not only just
putting code into their apps from a location data company, they're also presumably signing a contract where they're like, we're going to get X amount of money, that sort of thing.
So, that's that's all well and good, and they all know about it, and that sort of thing.
And they get shut down, they get removed from the Google and the Apple App Stores, all of that stuff.
This is different in that it seems to be related to real-time bidding data.
And I will define that in a second, and I will define it in a way where I'm not just repeating myself from earlier podcasts, I'm going to refer to EFS definition for a bit of variety.
But basically,
that location data, which could be GPS, but but it's also a lot of it is IP address, which is then sort of
transferred into approximate location as well.
It's the adverts inside an app which are actually facilitating access to that data.
So
when you're running an app and there are banner ads in it in between rounds of your game, or there's just an advert at the bottom or whatever, in a lot of cases, the developer is not really going to have granular control over what ads are being delivered because it's basically outside parties doing it all of the time.
And I think pretty crucially, maybe the app developers are still responsible, but I would say that they may not even know that this data is actually being collected on users.
And every single company I contacted or app developer or app company in here,
they kept saying, we've never heard of Gravy.
We've never shared data with Gravy, et cetera, et cetera.
And I feel like they missed the point in that, I know you're not doing it.
It's the ads inside your app which are sharing your users' location data with a bunch of other companies that's eventually ending up on this
with this gravy company.
Yeah, I mean, I would argue that like,
you know, a big company like Tinder or I guess King makes Candy Crush, right?
Yeah.
should know about this ecosystem.
But a lot of these apps are probably just like somewhat like very small companies, random companies that are implementing some sort of like advertising, you know, SDK or something into their app and
probably don't have any clue that this is happening.
Like, I guess what I'm saying is that I believe it when these companies say they don't know what gravy is or they don't know what's happening here.
Yeah, yeah.
And that was sort of the nuance and some of the slight difficulty in reporting this story in that when you email all of these companies for comment and they say, we've never heard of gravy, we never gave data to them.
In a lot of cases, you'll be like, Oh,
okay.
Well, maybe my understanding of this is wrong.
And it's like, No, I think it's the other way around.
And one example is that when Grindr gave me a statement, they said, We're not doing this.
Here's a list on our website of all of the third parties that we give data to.
Because, of course, they had their own location scandal a few years ago where Grinder
user location data was being transferred or sold.
And, you know, one case that led to the
outing of a gay priest without his consent.
So they're very hot on the location data issue.
They send me a link to this webpage, but that's not what I'm talking about.
You go to another bit on Grindr's website and you can see all of the ad networks plugged into it.
And it just, you keep scrolling, keep scrolling forever and ever.
Like it's hundreds, if not thousands in there.
That's what we're talking about.
So even when you get a statement from these companies, they may not fully understand the issue.
I'm just going to quickly read out this EFF definition of RTB, real-time bidding data, just so people can get a better grip on it.
So this is how EFF says it works.
The moment you visit a website or app with ad space, it asks a company that runs ad auctions to determine which ads it will display for you.
This involves sending information about you and the content you're viewing to the ad auction company.
The ad auction company packages all of that information they can gather about you into a bid request and then broadcasts it to thousands of potential advertisers.
There's like a bidding war going on here.
That bundle of data could include your unique advertising ID or your mobile advertising ID, your made,
your location data, your IP address, device details, and then, you know, demographic information or interests and that sort of thing.
This is bid stream data.
This is what we're talking about and what it looks like has appeared in the gravy hack.
And advertisers use that to to be like, well,
I want to deliver my ad to somebody in this city with these interests, but everybody participating in that process also gets that data.
So they can basically use it to harvest all of this information as well.
That EFF description was way better than anyone I've attempted.
So I guess I'll put a link to that in the show notes as well.
I think just one of the last things I kind of want to say on this is that, well, first I sent
snippets of the the data I got to a couple of experts familiar with the location data and advertising industries.
And they said,
this does look like Bidstream data, in part because there was a lot of IP stuff in there.
In another, they were looking at the user agents, which sort of says where your phone is connected from or through what process.
And there was a Google advertising SDK in there.
So it looks like this data is coming through the advertising
ecosystem, essentially.
And basically my main takeaway is not only that, wow, we got a rare insight into BizStream data, it was just the sheer number of apps impacted really kind of blew me away, where the way we built this list was
in some of the location data, there's just an app attached to
each set of coordinates.
I wrote, well, I didn't write, I used a command line tool to extract all of the app names
from there.
Then we also got Wired to double-check our work and do a cleaner list as well.
And we published this with Wired, so it's also available on their site as part of our partnership.
It was around about the same, you know, between 11 and 12,000, and we included duplicates because the apps are sometimes named in slightly different ways.
And I want people to be able to go and search for whatever app is on their phone and see if it's in this list.
But I was
found the list staggering, to be honest, as because I'm so used to digging through particular SDKs.
And it's like, oh, I found 20 apps which have this API endpoint in them or something.
And this was just like a never-ending list, essentially.
And crucially, this isn't like the full list.
This is a snapshot of data that these hackers happened to leak.
You know, who knows how many more apps are going to be impacted as well.
Yeah.
I guess to end this, do you think that you're going to do more stories on this?
Like, what's the current state of what's been released?
And
I don't know.
It's a pretty major hack.
But as you said, it looked like there was an extortion attempt.
I'm not sure the current status of it.
I'm definitely going to keep going through the data.
I have some ideas that I haven't even told you all yet.
So I guess I'll tell you on Signal in a bit.
And I won't say it quite here.
But yeah, I'm still digging through the data.
I know researchers who are as well.
I guess, like,
maybe some people will do the usual, oh, look, we de-anonymize people with location data, more power to them.
I just, I'm not interested in that super specifically because it has been done a fair bit.
I am interested in sensitive locations, like, oh,
are there phones at abortion clinics?
Are there phones at places of worship?
All of that sort of thing.
But I'm going to keep focusing on the ads side, I think, especially.
And I guess we'll see if Gravy paid a ransom or not.
I'll keep an eye on that story and I will update everybody if I do get anything.
But we'll leave that there for the moment.
If you are listening to the free version of the podcast, I will now play us out.
But if you are a paying 404 media subscriber, we're going to talk about various stories we had around the LA fires.
There's AI images, Amazon drivers.
Jason wrote sort of his own personal story as well.
You can subscribe and gain access to that content at 404media.co.
As a reminder, 404 Media is journalist-founded and supported by subscribers.
If you do wish to subscribe to 404 Media and directly support our work, please go to 404media.co.
You'll get unlimited access to our articles and an ad-free version of this podcast.
You'll also get to listen to the subscribers-only section where we talk about a bonus story each week.
This podcast is made in partnership with Kaleidoscope.
Another way to support us is by leaving a five-star rating and review on the podcast.
That stuff really does help us out, and of course, just tell your friends about it too.
This has been 404 Media.
We will see you again next week.