When white nationalists met up in a small town in north Texas to take part in yet another fight night event, we set about locating where it took place.
Billed as the third in a series dating back to 2022, the event was hosted by white nationalist group Patriot Front. Last year, Bellingcat geolocated an event to a gym space in the Los Angeles metropolitan area.
On March 8, 2024, a Telegram channel associated with US far-right extremist Robert Rundo posted eight photos of the combat sports event (Bellingcat is not naming the outlet to avoid amplification). The outlet promised that a promotional “documentary” film of the event would be “coming soon” and claimed the event took place in north Texas. In addition, the outlet claimed that Rundo’s far-right fashion brand was responsible for organising the event.
Bellingcat only needed the very first photo in the post, and a few minutes of web searching, to geolocate the event to a hall available for rent in Muenster, a town of fewer than 2,000 people in north Texas.
Here’s how we did it:
The first hint was the American flag.
In a Telegram chat discussing the event, one person commented on the presence of the large US flag hung in the building. Someone who claimed to have attended the event replied “it was part of the venues [sic] decoration so it couldn’t really be removed.” This led Bellingcat to assume that other public photos of the venue would likely have a large American flag hanging inside.
The second hint — and the one that led Bellingcat right to the venue — was a small detail on the table in the front of the image.
The letters ‘MVFD’ are visible on the table (though upside down), suggesting that the table belongs to a volunteer fire department (i.e., ‘VFD: Volunteer Fire Department’).
With this clue, Bellingcat then searched for ‘MVFD Texas’.
We found results for several towns beginning with the letter ‘M’ in north Texas whose fire departments used that abbreviation, and checked available images from these towns to see if anything resembled the venue seen in the photos.
Scrolling results from Muenster, Bellingcat noticed a photo of a similar-looking venue, including a similar ceiling, windows and two doors at one end.
Next, we searched for “hall Muenster Texas” and found more photos of a venue — Fuhrmann Hall at the Heritage Park Events Center, a venue available to the public to rent.
We were able to match the the large American flag, the ceiling, the air conditioners and the light fixtures and doors to the images posted in Telegram.
Thus, Bellingcat was able to locate the Patriot Front event to the Fuhrmann Hall located an hour’s drive from the Dallas-Fort Worth Metroplex.
Two images of the Fuhrmann Hall, from a user-uploaded photo on Google Maps and an image of the hall posted on Facebook.
Bellingcat contacted the Heritage Park Events Center and asked them whether they were aware that they had rented their facilities to representatives of a far-right network. We had not received a response at time of publication.
Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Twitter hereand Mastodon here.
Last night, just before I was about to go to bed, I had a sudden thought: There has to be a way to determine who Lineup Publishing is.
The acquirers of Deadspin, the once-beloved-now-beleaguered sports site whose legendary initial run was destroyed the day that the new CEO of the equally beleaguered G/O Media felt the site needed to “stick to sports,” may be the biggest mystery in all of media right now. G/O owner Great Hill Partners gave few details about the acquirer, which bought the brand and the archives, but not the team.
Very strong “oops, we forgot to build the website” energy.
The domain for this company was purchased a mere five days ago. There are literally no details on this firm other than a very basic WordPress landing page. It was such an unlikely situation, and such an obscure company, that AdWeek initially mistook the purchaser for another company with the same name.
And so, this brain thought I had last night took me to some of the weirdest, spammiest corners of the internet, in a general obsession with the idea that there has to be a way to weed this out. Next thing I knew, it was 3AM and I had written a massive thread on Bluesky breaking down random spam blogs and casino marketers. While I do not have an answer as to who Deadspin’s new owners are, I do have some interesting takeaways from this journey that may lead to the answer.
The detail I found which could give away the game: The discovery that kind of broke things open for me came down to the domain’s IP. For some reason, the company took the step of locking down the site’s DNS records, but did not put the site behind a security tool like CloudFlare, which would have hidden the site’s IP address. The result was that it was very easy to trace the site’s IP address to the company Cloudways, a Maltese website host that’s owned by DigitalOcean. Cloudways gives each customer its own dedicated IP address, which means that, unlike a smaller WordPress host, Lineup Publishing should be living on a single server, by itself, unless the site owner used a proxy to add a secondary site. And lo and behold, there was one other site on the IP address, and it was … a Finnish casino splog.
This extremely spammy website shares an IP address with Lineup Publishing.
Now, nothing against Finnish gamblers, but this is actually a very telling detail. Offshore countries or territories in the Mediterranean, particularly Malta, Cyprus, and Gibraltar, are known as online gambling havens, and the website had numerous references to Maltese-operated online casinos targeting the Finnish market.
And in my efforts to follow the money, I found the eventual SEO payload for this site hiding in an unlinked page buried on the Finnish casino splog’s domain. And that led to …
The unexpected discovery which might explain Google Groups’ closure: Buried in the links on this casino splog, I found a bunch of URL redirects that led to, of all things, a Google Groups post on Usenet. The post featured text in Swedish (not Finnish) that promoted a specific casino affiliate site, which was was also hosted on Cloudways. (By the way, Cloudways, despite Digital Ocean’s ownership, has its main office in Malta.)
The spammy blog above linked to this Usenet post on Google Groups numerous times.
Google Groups recently shut down the ability to post new content, and the fairly recent threads I found hinted at why they did. It appeared to be conversations between bots about online casino sites flooding different unrelated Usenet groups. Essentially, Google Groups may have been suffering the effects of generative AI. Even the avatars were Midjourney specials.
With that in mind, no wonder Google decided to close off new posts. Spammers were apparently turning Google Groups into yet another spamming medium. But that’s an aside, really, in light of the real story …
The speculative thread that makes this interesting: While we won’t know what, exactly, Lineup Publishing has in store for Deadspin now that Jim Spanfeller and Great Hill have agreed to sell it, we do know that this affiliation hiding in its hosting might speak to a broader trend in sports journalism in 2024: The piggybacking of sports brands with online betting.
Sports Illustrated, a similarly gutted media empire, is now associated with a betting platform. Barstool Sports was at one point owned by Penn Gaming in an attempt to build a sports-betting brand, only for Penn to sell it back to Dave Portnoy because Dave Portnoy proved too toxic. Penn upgraded its media partner to, of all companies, ESPN.
This is a bit connect-the-dots, but the publishing firm is very close to the island headquarters of a major U.S. sports-betting operation.
And these betting platforms are actually known to be associated with offshore havens. BetMGM, for example, is part-owned by Entain, a sports-betting company based in Gibraltar. And betting platforms with American presences, like Bet365, have offices in Malta. (Bet365’s offices are about 3 kilometers away from Lineup Publishing’s supposed home base, in fact.)
Deadspin did not have this sort of affiliation before its recent sale, but the apparent Maltese ownership would be a great inroad to add such an affiliation. I can’t nail down who would be interested, but the cloak of secrecy its owners have thus far taken raises serious questions for fans of the site, which it should be pointed out, has nearly two decades of archives, including some legendary stories.
Even if there’s a legitimate goal for launching Deadspin as a premium news site, there are still questions to raise. One discovery I made in the midst of all this is that another site with a long digital legacy, Salon, was recently sold to another Maltese company with apparent interests in the online gaming affiliate business—it is currently hiring for an “iGaming account manager,” a fancy way of saying “online casino marketer.” Salon is not going to become a platform for betting, to be clear, and Find.co does appear to be a legitimate business that, to its credit, kept on Salon’s entire team.
But I do think that it offers an interesting window through which to see the Deadspin acquisition—what if Deadspin is there to lend legitimacy to an online betting site or a casino affiliate network? We already have signs that its new owners appear to have a not-so-savory toe dipped into that market. The lack of information creates a vacuum within which we’ll have to see this site.
At a time when not even Deadspin’s own primary vendor, a wire service that is flooding the website with reams of zombie content as we speak, can reach the new owners of this once-famous website, one has to wonder: Was its former owner willing to sell it to anyone?
They may claim they have standards. But what we’ve learned in the last day and a half doesn’t seem to suggest it.
Thread-Tying Links
The first step to solving your cloud-storage problem is admitting you have a problem. The Atlantic’s Charlie Warzel, to his credit, just took that step.
Over the weekend, I watched the famed music documentary Dig! for the first time, and it is as good as everyone says it is, mostly because of the Brian Jonestown Massacre, whose cult hit “Anemone” is above. Dandy Warhols singer Courtney Taylor-Taylor implied in the film that while his band might become more famous in the moment, BJM would be more important over time. I think that’s starting to play out.
Breaking my no-NYT rule because of a very important story that they published about car companies selling owners’ data to insurers. The story, by Kashmir Hill, is good enough to change laws.
Closing arguments in the trial between various people and Craig Wright over whether he's Satoshi Nakamoto are wrapping up today, amongst a bewildering array of presented evidence. But one utterly astonishing aspect of this lawsuit is that expert witnesses for both sides agreed that much of the digital evidence provided by Craig Wright was unreliable in one way or another, generally including indications that it wasn't produced at the point in time it claimed to be. And it's fascinating reading through the subtle (and, in some cases, not so subtle) ways that that's revealed.
One of the pieces of evidence entered is screenshots of data from Mind Your Own Business, a business management product that's been around for some time. Craig Wright relied on screenshots of various entries from this product to support his claims around having controlled meaningful number of bitcoin before he was publicly linked to being Satoshi. If these were authentic then they'd be strong evidence linking him to the mining of coins before Bitcoin's public availability. Unfortunately the screenshots themselves weren't contemporary - the metadata shows them being created in 2020. This wouldn't fundamentally be a problem (it's entirely reasonable to create new screenshots of old material), as long as it's possible to establish that the material shown in the screenshots was created at that point. Sadly, well.
One part of the disclosed information was an email that contained a zip file that contained a raw database in the format used by MYOB. Importing that into the tool allowed an audit record to be extracted - this record showed that the relevant entries had been added to the database in 2020, shortly before the screenshots were created. This was, obviously, not strong evidence that Craig had held Bitcoin in 2009. This evidence was reported, and was responded to with a couple of additional databases that had an audit trail that was consistent with the dates in the records in question. Well, partially. The audit record included session data, showing an administrator logging into the data base in 2011 and then, uh, logging out in 2023, which is rather more consistent with someone changing their system clock to 2011 to create an entry, and switching it back to present day before logging out. In addition, the audit log included fields that didn't exist in versions of the product released before 2016, strongly suggesting that the entries dated 2009-2011 were created in software released after 2016. And even worse, the order of insertions into the database didn't line up with calendar time - an entry dated before another entry may appear in the database afterwards, indicating that it was created later. But even more obvious? The database schema used for these old entries corresponded to a version of the software released in 2023.
This is all consistent with the idea that these records were created after the fact and backdated to 2009-2011, and that after this evidence was made available further evidence was created and backdated to obfuscate that. In an unusual turn of events, during the trial Craig Wright introduced further evidence in the form of a chain of emails to his former lawyers that indicated he had provided them with login details to his MYOB instance in 2019 - before the metadata associated with the screenshots. The implication isn't entirely clear, but it suggests that either they had an opportunity to examine this data before the metadata suggests it was created, or that they faked the data? So, well, the obvious thing happened, and his former lawyers were asked whether they received these emails. The chain consisted of three emails, two of which they confirmed they'd received. And they received a third email in the chain, but it was different to the one entered in evidence. And, uh, weirdly, they'd received a copy of the email that was submitted - but they'd received it a few days earlier. In 2024.
And again, the forensic evidence is helpful here! It turns out that the email client used associates a timestamp with any attachments, which in this case included an image in the email footer - and the mysterious time travelling email had a timestamp in 2024, not 2019. This was created by the client, so was consistent with the email having been sent in 2024, not being sent in 2019 and somehow getting stuck somewhere before delivery. The date header indicates 2019, as do encoded timestamps in the MIME headers - consistent with the mail being sent by a computer with the clock set to 2019.
But there's a very weird difference between the copy of the email that was submitted in evidence and the copy that was located afterwards! The first included a header inserted by gmail that included a 2019 timestamp, while the latter had a 2024 timestamp. Is there a way to determine which of these could be the truth? It turns out there is! The format of that header changed in 2022, and the version in the email is the new version. The version with the 2019 timestamp is anachronistic - the format simply doesn't match the header that gmail would have introduced in 2019, suggesting that an email sent in 2022 or later was modified to include a timestamp of 2019.
This is by no means the only indication that Craig Wright's evidence may be misleading (there's the whole argument that the Bitcoin white paper was written in LaTeX when general consensus is that it's written in OpenOffice, given that's what the metadata claims), but it's a lovely example of a more general issue.
Our technology chains are complicated. So many moving parts end up influencing the content of the data we generate, and those parts develop over time. It's fantastically difficult to generate an artifact now that precisely corresponds to how it would look in the past, even if we go to the effort of installing an old OS on an old PC and setting the clock appropriately (are you sure you're going to be able to mimic an entirely period appropriate patch level?). Even the version of the font you use in a document may indicate it's anachronistic. I'm pretty good at computers and I no longer have any belief I could fake an old document.
(References: this Dropbox, under "Expert reports", "Patrick Madden". Initial MYOB data is in "Appendix PM7", further analysis is in "Appendix PM42", email analysis is "Sixth Expert Report of Mr Patrick Madden")
Two days after I visited North Korea with my father Eric — then Google’s executive chairman — in January 2013, I sent a trip report to my friends. The report went...
This blog post is part of a series on file formats research. See this introduction post for more information.
I was getting so overwhelmed surfing the old web for this format. It was absolutely thrilling but exhausting too, like when you’re on your 13th day of vacation and you’re so worn out but there’s so much more to see. Nothing is more exciting to me than looking into VIRTUAL WORLDS. I felt like it looked like I was having a total manic episode on Mastodon because I kept finding so many things to post. I wasn’t even caffeinated, it was just pure childlike glee.
“support for extremely large worlds (we’ve tested worlds up to 12MB)” (source)
“The viewer for this format should be built into your WWW browser. If you can not view it, your WWW browser is probably installed incorrectly” (source)
“P.S. If I lost you at the Web, (World Wide Web or WWW) you might try using Mosaic or Netscape to look at one of these: The Web Project page: (URL is http://www.w3.org/hypertext/WWW/TheProject.html)” (source)
His argument boils down to: “Accessibility is too hard for designers. Let’s just give it to AI and wash our hands of the whole thing.” It shows a complete lack of faith in the whole idea of design as a way to solve problems, and a lack of faith in UX designers to understand disability and make informed design choices.
The door is wide open to claiming that users will in many cases use voice, text, keyboards and eye-trackers in the future to ask AI assistants to navigate and fetch content for them under their own supervision. Something that could mean volumes for accessibility without requiring any new interfaces at all for existing websites. But a unique, individualised UI for each user, generated without supervision by any designer, is an extreme take with very little foundation in feasibility or desirability.
It’s… thoughtless. Hopeless. Soulless. Nielsen built his reputation on sharing his hot takes with a nascent blogosphere in the 1990s and early aughts, and if he hasn’t spent it all by now, I hope this finishes the job. What concerns me, though, is that he’s selling a class of executives hostile to disabled access a convenient fiction that will end up putting accessibility work on the back burner for a future which may never arrive.
There isn’t much I can add that hasn’t already been highlighted in those posts. As I thought more about Nielsen’s post, I kept coming back to three areas:
Privacy risk: Nielsen doesn’t take into account that the idea would require people to identify as disabled to get that magical, personalized experience. That turns into a privacy risk for people with disabilities.
Artificial intelligence fixes everything: One of Nielsen’s main points centers on how accessibility creates a substandard user experience. This happens for those who are blind, thanks to “ a linear (one-dimensional) auditory user interface to represent the two-dimensional graphical user interface (GUI) designed for most users.” Won’t many of the personalized experiences created by artificial intelligence come in as substandard? Yes they will.
The awareness and operations aspects of accessibility: Many of the common accessibility problems come from basic mistakes like missing form labels. That happens because of a lack of awareness around accessibility. You can nail the basics, but you need to know about them and do the work. That’s harder when you have thought leaders telling you not to worry about it at all. Making accessibility happen takes operational expertise, especially at larger organizations. Nielsen doesn’t cover any of that, leaving artificial intelligence to solve process challenges as well.
There’s nothing wrong with speculating about how a new technology could improve experiences for people. But coming at it with a clickbait headline, no research, a faulty premise and a deep misunderstanding of the technology in question means you’re not speculating thoughtfully, but thoughtlessly.