521 stories
·
0 followers

Vought’s manufactured budget crisis is picking nearly $1 Billion from consumers’ pockets

1 Share

Vought has until Sept 30 to access over $329 Million in authorized CFPB funding, which would return nearly $1 Billion to ripped off Americans. Since 2011, a cavalcade of politicians, big business lobbies, and billionaires have been trying to shut …

Vought’s manufactured budget crisis is picking nearly $1 Billion from consumers’ pockets Read More »

The post Vought’s manufactured budget crisis is picking nearly $1 Billion from consumers’ pockets appeared first on CFPB Union.

Read the whole story
rosskarchner
2 hours ago
reply
Share this story
Delete

RFK Jr. Vowed To Find The Environmental Causes Of Autism. Then He Shut Down Research Trying To Do Just That.

1 Share

This story was originally published by ProPublica. Republished under a CC BY-NC-ND 3.0 license.

Erin McCanlies was listening to the radio one morning in April when she heard Robert F. Kennedy Jr. promising to find the cause of autism by September. The secretary of Health and Human Services said he believed an environmental toxin was responsible for the dramatic increase in the condition and vowed to gather “the most credible scientists from all over the world” to solve the mystery.

Nothing like that has ever been done before, he told an interviewer.

McCanlies was stunned. The work had been done.

“That’s exactly what I’ve been doing!” she said to her husband, Fred.

As an epidemiologist at the National Institute for Occupational Safety and Health, which Kennedy oversees, McCanlies had spent much of the past two decades studying how parents’ exposure to workplace chemicals affects the chance that they will have a child with autism. Just three weeks earlier, she’d been finalizing her fourth major paper on the topic when Kennedy eliminated her entire division. Kennedy has also overseen tens of millions of dollars in cuts to federal funding for research on autism, including its environmental causes.

For 20 years, Kennedy has espoused the debunked theory that autism is caused by vaccines, dismissing evidence to the contrary by arguing that vaccine manufacturers, researchers and regulators all have an interest in obscuring their harms.

He remains skeptical of the scientists who have been funded by his own agency to study the neurodevelopmental condition. “We need to stop trusting the experts,” he told right-wing host Tucker Carlson in a June interview, going on to suggest that previous studies that found no relationship between vaccines and autism were marred by “trickery” and researchers’ self-interest.

In contrast, Kennedy told Carlson that under his leadership, and with a new, federally funded $50 million autism research initiative, “We’re going to get real studies done for the first time.”

Some autism researchers fear that the effort will manipulate data to blame the condition on vaccines. “Kennedy has never expressed an open mind, an open attitude towards what are the fundamental causes of autism,” said Helen Tager-Flusberg, a Boston University psychologist who founded a coalition of scientists concerned about his approach to autism. In a June statement, the group said the initiative lacks transparency and that Kennedy “casually ignores decades of high quality research that preceded his oversight.”

As Kennedy promotes his new initiative, ProPublica has found that he has also taken aim at the traditional scientific approach to autism, shutting down McCanlies’ lab and stripping funding from more than 50 autism-related studies. Meanwhile, he has stood by as the Trump administration encourages the departure of hundreds of federal employees with experience studying the harm caused by environmental threats and rolls back protections from pollution and chemicals, including some linked to autism.

Kennedy did not respond to requests for an interview, and an HHS spokesperson did not answer specific questions from ProPublica, including those related to the concerns of the coalition of autism scientists. “Under the leadership of Secretary Kennedy, HHS is taking action on autism as the public health emergency it is,” the spokesperson wrote. “NIH is fully committed to leaving no stone unturned in confronting this catastrophic epidemic — employing only gold-standard, evidence-based science. The Department will follow the science, wherever it leads.”

Genetic factors account for a significant portion of autism cases. Research like the kind McCanlies and other government-funded scientists have conducted over the past two decades has established that environmental factors have a role, too, and can combine with genetics. Multiple factors can even converge within the same individual. Some of those environmental risks could be reduced by the very measures the Trump administration is rolling back.

Kennedy would have been well positioned to advocate for researchers looking into the environmental causes of autism while sitting on President Donald Trump’s cabinet.

The nephew of President John F. Kennedy and son of his former attorney general, Bobby, Kennedy spent decades as an attorney battling some of the world’s most notorious corporate polluters. Once heralded by Time Magazine as one of the “heroes for the planet,” he railed against actions by the first Trump administration, complaining in his 2017 introduction to the book “Climate in Crisis” that 33 years’ worth of his work was “reduced to ruins as the president mounted his assault on science and environmental protection.”

But recently he has remained publicly silent as the Environmental Protection Agency halts research and weakens regulations on air pollution and chemicals, including some McCanlies and her colleagues have identified as possible factors in the development of autism.

“I don’t think he’s aware of my work,” McCanlies said, “or most of the literature that’s been published on what the causes of autism are.”


McCanlies was studying how a toxic chemical, beryllium, causes chronic lung inflammation in workers when she began to think seriously about autism.

It was 2005, and her college-age stepson had a job shadowing children with autism. As he described helping them navigate playground dynamics, reminding them to return a wave or a greeting, McCanlies wondered whether their behaviors might be tied to chemicals their parents had encountered on the job. Could the exposures have altered genes their parents passed down? Could they have infiltrated the kids’ developing brains through the womb or through breast milk?

The questions remained abstract until McCanlies met another researcher named Irva Hertz-Picciotto, who had a unique data set. She had collected detailed information on the occupations of two large groups of parents: those who had children with autism and those whose kids developed neurotypically. Comparing the groups’ chemical exposures before their children were born could help illuminate causes of the condition, McCanlies realized.

Hertz-Picciotto, an environmental epidemiologist based at the University of California, Davis, was a pioneer in the search for the causes of autism. In 2009, she published a much-cited paper highlighting a sevenfold increase in diagnoses in California. While others had asserted the rise was due to increased awareness and broadened diagnostic criteria, Hertz-Picciotto found those factors could only partially explain it. She and others went on to document additional contributors to autism risk, including parental age at the time of birth, a mother’s fever during pregnancy and more traditional environmental considerations, such as chemical exposures.

McCanlies hadn’t studied autism. But she offered Hertz-Picciotto her experience in genetics and epidemiology as well as the considerable resources of her agency. NIOSH was established in 1970 to investigate the dangers of the workplace, and its statisticians and industrial hygienists were among the world’s experts on the health impacts of chemical exposures.

Their first collaboration, published in 2012, used Hertz-Picciotto’s data to see if parents of children with autism were more likely to have been exposed to chemicals already thought to be dangerous to the developing brain. The work was technical and time-consuming, but the analysis showed a clear relationship: Mothers and fathers of children with autism were more likely than the parents of unaffected children to have been exposed to solvents such as lacquer, varnish and xylene on the job. These solvents evaporate quickly and can be easily inhaled or absorbed through the skin. Chemical plant workers, painters, electricians, plumbers, construction workers, cleaners and medical personnel are among those who may be exposed to these solvents.

The sample size was small — just 174 families. But the results lined up with recent findings showing possible links between autism and exposure to metals and certain solvents during pregnancy or early childhood, including a solvent called methylene chloride. They also tracked with studies linking the chemicals to miscarriage, reproductive problems, birth defects and developmental problems other than autism.

McCanlies and Hertz-Picciotto followed up with a 2019 study that looked at more than 950 families. It showed that women exposed to solvents at work during pregnancy and the three months leading up to it were 1.5 times more likely to have a child with autism than women not exposed to the chemicals. (The study did not find a link for chemically exposed men.)

Their third study, published in 2023, took the link between solvent exposure and autism as a starting point. Using blood samples to examine the genetic makeup of the parents of children with autism, McCanlies and Hertz-Picciotto found that when exposed to solvents on the job, people with specific variants of 31 genes had an especially elevated risk of having a child with autism. Their genetic makeup appeared to increase the risk that solvents by themselves posed. Some of those 31 genes help cells connect with one another; others play a role in helping cells migrate to different areas so they can grow into the various parts of the brain; still others ensure that cells clear away toxic substances.

Researchers were also making strides under the National Institute of Environmental Health Sciences, a division of Health and Human Services, which has financed investigations into dozens of environmental contaminants. Several have been linked to autism, including air pollutioncertain pesticides, a plastic additive known as BPA and diesel exhaust, which causes “autism-like behavioral changes” in mice. In 2021, Hertz-Picciotto co-published a study linking “forever chemicals” called PFOA and PFNA with the condition. (In 2023, a second paper also found an association with PFNA.) Other government-funded research has established a link between autism and another solvent, trichloroethylene, also known as TCE, which has been used for dry cleaning, manufacturing and degreasing machines.

Together, the results have shown that many exposures can increase the likelihood of autism, and that there can be multiple causes for any one person.

At least one exposure can have the opposite effect: A study by a researcher named Rebecca Schmidt — and funded by the NIEHS and NIH — found that a B vitamin called folic acid was associated with a significant decrease in the chances of an autism diagnosis. More than a dozen studies have since confirmed the association.

One problem hung over much of autism research. The sweeping diagnosis includes everyone from people who treasure their neurological differences to those with debilitating symptoms, including repetitive behaviors, excruciating sensitivity to touch and sounds, and difficulty responding to social situations. McCanlies and Hertz–Picciotto wondered whether certain chemicals were linked to the most severe cases or to specific symptoms.

In 2023, they set about finding out.

They were preparing to submit their study for publication when newly inaugurated Trump put Kennedy in charge of America’s health.


Despite having made chronic health conditions the focus of his agenda, Kennedy has quietly abided environmental policies that will exacerbate these problems, including autism.

The Environmental Protection Agency, under Administrator Lee Zeldin, is rolling back rules and regulations that will result in an increase in air pollution, which multiple studies have linked to autism. The agency is in the process of reversing bans on several chemicals, including TCE, one of the solvents associated with the disorder, and has told a federal court it won’t legally defend certain aspects of a ban on methylene chloride, another of the solvents linked to autism. It also began dismantling its Office of Research and Development, which has funded research into the environmental conditions contributing to autism. According to an EPA spokesperson, more than 2,300 workers have so far elected to leave the agency through Trump administration programs encouraging early retirement and resignation.

The EPA also began canceling grants, including one it had given to Schmidt, the researcher who studied the protective effect of folic acid. Schmidt had been awarded $1.3 million to determine whether air pollution from wildfires might increase the risk of various neurological conditions. Schmidt and her colleagues had just done preliminary analysis and found that there was a significant association between wildfire pollution exposure and autism when she received a letter saying that the grant was terminated because the project was “no longer consistent with EPA funding priorities.” After a judge ruled in a class-action lawsuit on behalf of University of California researchers alleging their funding was unlawfully terminated, her grant was reinstated last month. But the EPA has appealed the judge’s ruling, leaving Schmidt unsure about the fate of the project.

Schmidt said there is an urgent need to finish the study and warn people about how to avoid the dangers from wildfire smoke by staying indoors and using air filters and N95 masks. “Millions of pregnant women are getting exposed as we speak,” she said.

Meanwhile, Kennedy has presided over his own gutting of research. Known for sharing videos of his bare-chested workouts, he likened his agency’s cuts to getting rid of “unhealthy fat,” but his plan to reduce the staff of HHS by 20,000 amounts to slashing the workforce by roughly a quarter, including veteran scientists. Among the divisions Kennedy eliminated was one that studied air quality and collected data on chemicals found in human blood. Some workers in the division were subsequently reinstated. After a lawsuit and pressure from Congress, HHS has also rehired some NIOSH workers, though none at the division where McCanlies worked. Those whose jobs have not been reinstated remain on administrative leave.

The reorganization plan for HHS involves consolidating the remnants of these parts of the agency, along with several others, into a new division called the Administration for a Healthy America. Asked about the transition, an HHS spokesperson told ProPublica in an email that the reorganization would save taxpayers $1.8 billion a year and that “critical programs will continue.”

Meanwhile, a ProPublica review of federal data found that more than $40 million in grants awarded by the National Institutes of Health for dozens of autism-related research projects were canceled under Kennedy’s watch. Some had been awarded to universities the administration is now targeting, while others ran afoul of Trump’s “anti-woke” priorities by mentioning gender and other verboten terms. Among them was a grant to Harvard University to use data on nearly half a million Israeli children to evaluate whether men’s exposure to air pollution affects the risk of having a child with autism. (A small number of grants have been recently reinstated.) A survey of researchers conducted by the Autism Science Foundation, which tallied cuts to training grants and the anticipated cuts to future grants over the next few years, estimated that the total loss of funding could be tens of millions more.

“We’re talking about probably decades of delays and setbacks,” said Alycia Halladay, chief science officer at the Autism Science Foundation. “To take money away from all these areas of need to focus on a question that the HHS director considers high priority seems not scientific and not the way that science is done.”


Housed under the National Institutes of Health, Kennedy’s new $50-million Autism Data Science Initiative is looking to fund two- to three-year research projects that plumb large public and private datasets to find “possible contributors to the causes of autism” as well as conduct research on existing treatments.

With the deadline for his promised discovery fast approaching, Kennedy recently acknowledged that his initial six-month timeline was overly optimistic. He told Carlson he should have “some initial indicator answers” about the causes of autism by September, his original deadline, and promised unqualified answers within another six months.

While the NIH typically releases the names of the scientists on the committees that review grant applications and the criteria they use to review them, it has not done so in this case. Nor has the agency clarified what role NIH staff will have in awarding the grants, who will make the final selection, or what terms and conditions researchers must agree to if they receive funds. HHS did not respond to ProPublica’s questions about who will make the final grant selection and why the agency has not yet made this information public, but a video NIH created for applicants of the funding acknowledges that reviews of the proposals “do not follow the traditional NIH review process.” According to the video, the process was “designed to ensure integrity, fairness and transparency.”

Hertz-Picciotto, who laments the fact that Kennedy is “shutting down good studies,” is among the researchers in her field who have decided to apply for the funding. “Some of his agenda is really ridiculous and very counterproductive,” she said. “But if something good can be done with this money, I’d like to be part of that.”

If her project is approved, she plans to hire McCanlies to consult on it.

McCanlies said she agreed to work on the project because she has complete confidence in her longtime colleague, if not the health secretary. “I don’t trust him at all,” she said.

McCanlies had never paid much attention to Kennedy — or to politics. Throughout the seven presidential administrations that governed while she had been at NIOSH, her work had been utterly uncontroversial. But weeks after his confirmation, she knew her job was in peril. She had deleted the first email she received from Trump’s Office of Personnel Management. The tone was so strange and disrespectful, hinting that she might be punished if she didn’t respond by confirming her email address, that she assumed it was a phishing attempt. By the time she received a second, suggesting that she find a “higher productivity” job in the private sector, firings and budget cuts were rolling across federal agencies.

The 58-year-old, who has short, greying hair, hazel eyes and three graduate degrees, hadn’t been ready to leave NIOSH’s Health Effects Lab in Morgantown, West Virginia, a place where she had mentored young colleagues, taught a lunchtime meditation class and helped conduct several yearslong research projects. The lab is also where she met Fred, her husband, another Ph.D. scientist who studied workplace chemical hazards. She reluctantly put in for early retirement just days before the entire lab was dissolved.

McCanlies spent her final days at NIOSH finishing her last paper, which explores the association between workplace chemicals and the severity of autism. Normally, she would have her supervisor sign off on her submission to a journal, but he had already lost his job. The rest of her colleagues were gone, too, and the lab’s hallways were empty as she gave the manuscript a final edit.

She felt proud of the study, which answered some of the questions she and Hertz-Picciotto had posed years ago. There were indeed links between exposures and the severity of autism. Parents’ exposure to plastics was “consistently and significantly associated” with lower cognitive scores in their children who had autism, increases in “aberrant behaviors” and deficits in basic life skills, the study found. The exposure was also linked to particular symptoms of autism, including social withdrawal, hyperactivity and repetitive behaviors such as hand flapping and body rocking. Higher autism severity scores and weaker daily living skills were also linked with ethylene oxide. Last year, the EPA imposed stricter limits on the chemical, which is used as a sterilizer. But the agency is now reconsidering those restrictions, and, in July, Trump exempted some of the biggest polluters from them.

The paper, which is now available as a preprint, recommended that regulatory agencies “consider increasing awareness of these hazards and make clear recommendations for implementing protective measures at the worksite.”

Having just watched so many occupational health experts forced to leave their jobs, McCanlies suspected their advice was unlikely to be heeded anytime soon.

Read the whole story
rosskarchner
1 day ago
reply
Share this story
Delete

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

2 Shares

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connection in the United States. This post examines the history and provenance of DSLRoot, one of the oldest “residential proxy” networks with origins in Russia and Eastern Europe.

The query about DSLRoot came from a Reddit user “Sacapoopie,” who did not respond to questions. This user has since deleted the original question from their post, although some of their replies to other Reddit cybersecurity enthusiasts remain in the thread. The original post was indexed here by archive.is, and it began with a question:

“I have been getting paid 250$ a month by a residential IP network provider named DSL root to host devices in my home,” Sacapoopie wrote. “They are on a separate network than what we use for personal use. They have dedicated DSL connections (one per host) to the ISP that provides the DSL coverage. My family used Starlink. Is this stupid for me to do? They just sit there and I get paid for it. The company pays the internet bill too.”

Many Redditors said they assumed Sacapoopie’s post was a joke, and that nobody with a cybersecurity background and top-secret (TS/SCI) clearance would agree to let some shady residential proxy company introduce hardware into their network. Other readers pointed to a slew of posts from Sacapoopie in the Cybersecurity subreddit over the past two years about their work on cybersecurity for the Air National Guard.

When pressed for more details by fellow Redditors, Sacapoopie described the equipment supplied by DSLRoot as “just two laptops hardwired into a modem, which then goes to a dsl port in the wall.”

“When I open the computer, it looks like [they] have some sort of custom application that runs and spawns several cmd prompts,” the Redditor explained. “All I can infer from what I see in them is they are making connections.”

When asked how they became acquainted with DSLRoot, Sacapoopie told another user they discovered the company and reached out after viewing an advertisement on a social media platform.

“This was probably 5-6 years ago,” Sacapoopie wrote. “Since then I just communicate with a technician from that company and I help trouble shoot connectivity issues when they arise.”

Reached for comment, DSLRoot said its brand has been unfairly maligned thanks to that Reddit discussion. The unsigned email said DSLRoot is fully transparent about its goals and operations, adding that it operates under full consent from its “regional agents,” the company’s term for U.S. residents like Sacapoopie.

“As although we support honest journalism, we’re against of all kinds of ‘low rank/misleading Yellow Journalism’ done for the sake of cheap hype,” DSLRoot wrote in reply. “It’s obvious to us that whoever is doing this, is either lacking a proper understanding of the subject or doing it intentionally to gain exposure by misleading those who lack proper understanding,” DSLRoot wrote in answer to questions about the company’s intentions.

“We monitor our clients and prohibit any illegal activity associated with our residential proxies,” DSLRoot continued. “We honestly didn’t know that the guy who made the Reddit post was a military guy. Be it an African-American granny trying to pay her rent or a white kid trying to get through college, as long as they can provide an Internet line or host phones for us — we’re good.”

WHAT IS DSLROOT?

DSLRoot is sold as a residential proxy service on the forum BlackHatWorld under the name DSLRoot and GlobalSolutions. The company is based in the Bahamas and was formed in 2012. The service is advertised to people who are not in the United States but who want to seem like they are. DSLRoot pays people in the United States to run the company’s hardware and software — including 5G mobile devices — and in return it rents those IP addresses as dedicated proxies to customers anywhere in the world — priced at $190 per month for unrestricted access to all locations.

The DSLRoot website.

The GlobalSolutions account on BlackHatWorld lists a Telegram account and a WhatsApp number in Mexico. DSLRoot’s profile on the marketing agency digitalpoint.com from 2010 shows their previous username on the forum was “Incorptoday.” GlobalSolutions user accounts at bitcointalk[.]org and roclub[.]com include the email clickdesk@instantvirtualcreditcards[.]com.

Passive DNS records from DomainTools.com show instantvirtualcreditcards[.]com shared a host back then — 208.85.1.164 — with just a handful of domains, including dslroot[.]com, regacard[.]com, 4groot[.]com, residential-ip[.]com, 4gemperor[.]com, ip-teleport[.]com, and proxyrental[.]net.

Cyber intelligence firm Intel 471 finds GlobalSolutions registered on BlackHatWorld in 2016 using the email address prepaidsolutions@yahoo.com. This user shared that their birthday is March 7, 1984.

Several negative reviews about DSLRoot on the forums noted that the service was operated by a BlackHatWorld user calling himself “USProxyKing.” Indeed, Intel 471 shows this user told fellow form members in 2013 to contact him at the Skype username “dslroot.”

USProxyKing on BlackHatWorld, soliciting installations of his adware via torrents and file-sharing sites.

USProxyKing had a reputation for spamming the forums with ads for his residential proxy service, and he ran a “pay-per-install” program where he paid affiliates a small commission each time one of their websites resulted in the installation of his unspecified “adware” programs — presumably a program that turned host PCs into proxies. On the other end of the business, USProxyKing sold that pay-per-install access to others wishing to distribute questionable software — at $1 per installation.

Private messages indexed by Intel 471 show USProxyKing also raised money from nearly 20 different BlackHatWorld members who were promised shareholder positions in a new business that would offer robocalling services capable of placing 2,000 calls per minute.

Constella Intelligence, a platform that tracks data exposed in breaches, finds that same IP address GlobalSolutions used to register at BlackHatWorld was also used to create accounts at a handful of sites, including a GlobalSolutions user account at WebHostingTalk that supplied the email address incorptoday@gmail.com. Also registered to incorptoday@gmail.com are the domains dslbay[.]com, dslhub[.]net, localsim[.]com, rdslpro[.]com, virtualcards[.]biz/cc, and virtualvisa[.]cc.

Recall that DSLRoot’s profile on digitalpoint.com was previously named Incorptoday. DomainTools says incorptoday@gmail.com is associated with almost two dozen domains going back to 2008, including incorptoday[.]com, a website that offers to incorporate businesses in several states, including Delaware, Florida and Nevada, for prices ranging from $450 to $550.

As we can see in this archived copy of the site from 2013, IncorpToday also offered a premiere service for $750 that would allow the customer’s new company to have a retail checking account, with no questions asked.

Global Solutions is able to provide access to the U.S. banking system by offering customers prepaid cards that can be loaded with a variety of virtual payment instruments that were popular in Russian-speaking countries at the time, including WebMoney. The cards are limited to $500 balances, but non-Westerners can use them to anonymously pay for goods and services at a variety of Western companies. Cardnow[.]ru, another domain registered to incorptoday@gmail.com, demonstrates this in action.

A copy of Incorptoday’s website from 2013 offers non-US residents a service to incorporate a business in Florida, Delaware or Nevada, along with a no-questions-asked checking account, for $750.

WHO IS ANDREI HOLAS?

The oldest domain (2008) registered to incorptoday@gmail.com is andrei[.]me; another is called andreigolos[.]com. DomainTools says these and other domains registered to that email address include the registrant name Andrei Holas, from Huntsville, Ala.

Public records indicate Andrei Holas has lived with his brother — Aliaksandr Holas — at two different addresses in Alabama. Those records state that Andrei Holas’ birthday is in March 1984, and that his brother is slightly younger. The younger brother did not respond to a request for comment.

Andrei Holas maintained an account on the Russian social network Vkontakte under the email address ryzhik777@gmail.com, an address that shows up in numerous records hacked and leaked from Russian government entities over the past few years.

Those records indicate Andrei Holas and his brother are from Belarus and have maintained an address in Moscow for some time (that address is roughly three blocks away from the main headquarters of the Russian FSB, the successor intelligence agency to the KGB). Hacked Russian banking records show Andrei Holas’ birthday is March 7, 1984 — the same birth date listed by GlobalSolutions on BlackHatWorld.

A 2010 post by ryzhik777@gmail.com at the Russian-language forum Ulitka explains that the poster was having trouble getting his B1/B2 visa to visit his brother in the United States, even though he’d previously been approved for two separate guest visas and a student visa. It remains unclear if one, both, or neither of the Holas brothers still lives in the United States. Andrei explained in 2010 that his brother was an American citizen.

LEGAL BOTNETS

We can all wag our fingers at military personnel who should undoubtedly know better than to install Internet hardware from strangers, but in truth there is an endless supply of U.S. residents who will resell their Internet connection if it means they can make a few bucks out of it. And these days, there are plenty of residential proxy providers who will make it worth your while.

Traditionally, residential proxy networks have been constructed using malicious software that quietly turns infected systems into traffic relays that are then sold in shadowy online forums. Most often, this malware gets bundled with popular cracked software and video files that are uploaded to file-sharing networks and that secretly turn the host device into a traffic relay. In fact, USPRoxyKing bragged that he routinely achieved thousands of installs per week via this method alone.

These days, there a number of residential proxy networks that entice users to monetize their unused bandwidth (inviting you to violate the terms of service of your ISP in the process); others, like DSLRoot, act as a communal VPN, and by using the service you gain access to the connections of other proxies (users) by default, but you also agree to share your connection with others.

Indeed, Intel 471’s archives show the GlobalSolutions and DSLRoot accounts routinely received private messages from forum users who were college students or young people trying to make ends meet. Those messages show that many of DSLRoot’s “regional agents” often sought commissions to refer friends interested in reselling their home Internet connections (DSLRoot would offer to cover the monthly cost of the agent’s home Internet connection).

But in an era when North Korean hackers are relentlessly posing as Western IT workers by paying people to host laptop farms in the United States, letting strangers run laptops, mobile devices or any other hardware on your network seems like an awfully risky move regardless of your station in life. As several Redditors pointed out in Sacapoopie’s thread, an Arizona woman was sentenced in July 2025 to 102 months in prison for hosting a laptop farm that helped North Korean hackers secure jobs at more than 300 U.S. companies, including Fortune 500 firms.

Lloyd Davies is the founder of Infrawatch, a London-based security startup that tracks residential proxy networks. Davies said he reverse engineered the software that powers DSLRoot’s proxy service, and found it phones home to the aforementioned domain proxyrental[.]net, which sells a service that promises to “get your ads live in multiple cities without getting banned, flagged or ghosted” (presumably a reference to CraigsList ads).

Davies said he found the DSLRoot installer had capabilities to remotely control residential networking equipment across multiple vendor brands.

Image: Infrawatch.app.

“The software employs vendor-specific exploits and hardcoded administrative credentials, suggesting DSLRoot pre-configures equipment before deployment,” Davies wrote in an analysis published today. He said the software performs WiFi network enumeration to identify nearby wireless networks, thereby “potentially expanding targeting capabilities beyond the primary internet connection.”

It’s unclear exactly when the USProxyKing was usurped from his throne, but DSLRoot and its proxy offerings are not what they used to be. Davies said the entire DSLRoot network now has fewer than 300 nodes nationwide, mostly systems on DSL providers like CenturyLink and Frontier.

On Aug. 17, GlobalSolutions posted to BlackHatWorld saying,”We’re restructuring our business model by downgrading to ‘DSL only’ lines (no mobile or cable).” Asked via email about the changes, DSLRoot blamed the decline in his customers on the proliferation of residential proxy services.

“These days it has become almost impossible to compete in this niche as everyone is selling residential proxies and many companies want you to install a piece of software on your phone or desktop so they can resell your residential IPs on a much larger scale,” DSLRoot explained. “So-called ‘legal botnets’ as we see them.”

Read the whole story
rosskarchner
2 days ago
reply
Share this story
Delete

Tough Season in the Apple Fields

1 Share

We’re adopting Liquid Glass for NetNewsWire 7, which we’ll release some time after the new versions of macOS and iOS come out.

Stuart Breckenridge has been doing great work on getting this done — and he’s written up a couple blog posts (with screenshots!) on his progress. See:

Adopting Liquid Glass, Part II (NetNewsWire Mac)
Adopting Liquid Glass, Part III (NetNewsWire iOS)

Since the app is made with mostly stock Apple UI, you might think that using Liquid Glass would be very little work, that it might be pretty automatic or just a matter of checking a few boxes. But that’s not true this year: it’s been a fair amount of work.

Other apps, apps with more custom UI, will probably have even more work, but even for us it’s been more than a bit.

And we’re not done. There will be little things (hopefully just little things) still to do before shipping. Including verifying that it all works as expected on the actual OS releases.

But all credit to Stuart, who got right on this and did a superb job.

(Note: if you want to see the code, you can: it’s on our experimental/liquid-glass branch.)

But My Mac

As pleased as I am with Stuart’s work, I’m not pleased with Liquid Glass itself.

I don’t really care about it on iOS/iPadOS, because whatever. I don’t love those devices. I love Macs because it’s on Macs where you can set out to make new things that change the world.

(Okay. Fine. On iPhones and iPads you can, I guess, but generally it’s much harder, and it has to be an approved activity using an approved app. And one thing you definitely can’t do on those devices is create apps. [All apologies to people who do manage to edit their podcast episodes on an iPad or write at length on an iPhone. Cool! But I hope that even those folks will grant me my point.])

And so I seriously dislike the experience of using a Mac with Liquid Glass. The UI has become the star, but the drunken star, blurry, illegible, and physically unstable. It makes making things way more of a struggle than it used to be.

We had pretty good Mac UI, but Apple took the bad parts of it — the translucency and blurriness already there — and dialed it way up and called it content-centric. But it seems to me the opposite. Liquid Glass is Liquid-Glass-centric.

Perspective

First thing: I have many friends at Apple and I didn’t want to write any of this. And there are legions of engineers and designers who I don’t know but whose work I respect greatly. It’s not their fault that this is the direction of the UI.

And this is not the first time we’re going through a rough patch with Apple. I think of them as seasons — we had, for instance, terrible-keyboard season not so long ago. We were wondering if Apple would just stop making Macs altogether. But then that passed and we even got these wonderful Apple Silicon machines. Seasons end.

And we’re in a tough season with Swift these days too. It’s gotten so complex and difficult that I find myself daydreaming about going back to Objective-C. Objective-C is definitely funny-looking, but once you get past that it’s actually small and simple.

But with Swift approachable concurrency and other changes I can see eventually getting through this season and to a pretty great place, so I’m optimistic.

Seasons do end, in other words, or mostly seem to end (though not the App Store monopoly season, not so far), and I’ve resolved to just wait for Liquid Glass’s replacement. Perhaps along the way it will get refined enough so that people like me can use it without eye strain.

Better Perspective

But far, far worse than any of the above is Tim Cook’s gold statue presented to the President. And everything that went along with that. I felt utterly sick and I bet you did too. (And it made me seriously wonder if I wanted to continue writing apps for Apple platforms.)

I understand John Gruber’s argument in Gold, Frankincense, and Silicon that maybe Cook’s move was the best possible move in a terribly corrupted system.

But what’s the use of being so rich and so powerful, I would ask Tim Cook, if you, even more than regular people, have to debase yourself before the dictator?

It’s tempting to think that our current government is just a season, like the bad keyboards or like Liquid Glass will eventually prove to be. Wait till the mid-terms or the next presidential election, you might think.

But there’s no reason to think that this authoritarian turn is just a season. Something besides just wishing and waiting for better is required.

Read the whole story
rosskarchner
2 days ago
reply
Share this story
Delete

Maintainers of Last Resort

1 Share

Maintainers of Last Resort

Filippo Valsorda founded Geomys last year as an "organization of professional open source maintainers", providing maintenance and support for critical packages in the Go language ecosystem backed by clients in retainer relationships.

This is an inspiring and optimistic shape for financially sustaining key open source projects, and it appears be working really well.

Most recently, Geomys have started acting as a "maintainer of last resort" for security-related Go projects in need of new maintainers. In this piece Filippo describes their work on the bluemonday HTML sanitization library - similar to Python’s bleach which was deprecated in 2023. He also talks at length about their work on CSRF for Go after gorilla/csrf lost active maintenance - I’m still working my way through his earlier post on Cross-Site Request Forgery trying to absorb the research shared their about the best modern approaches to this vulnerability.

Via lobste.rs

Tags: csrf, go, open-source, security, filippo-valsorda

Read the whole story
rosskarchner
12 days ago
reply
Share this story
Delete

LLMs vs. Geolocation: GPT-5 performs worse than other AI models

1 Share

In June, Bellingcat ran 500 geolocation tests, comparing LLMs from various companies against each other, as well as Google Lens – a staple tool for finding the location of photos.

At the time, ChatGPT o4-mini-high emerged as the clear winner, with Google Lens outperforming most other models. Just two months later, with new versions of these AI tools available, we re-ran the trial – this time including Google “AI Mode,” GPT-5, GPT-5 Thinking, and Grok 4 into the mix.

These five photos were excluded from our most recent trial as they were published in our previous article.

The original test used 25 of Bellingcat’s own holiday photos. From cities to remote countryside, the images included scenes both with and without recognisable features – such as roads, signage, mountains, or architecture. Images were sourced from every continent.

For the updated trial, five test photos were excluded, as they had appeared in a previous article, thus compromising the integrity of the results.

All 24 models’ responses were ranked on a scale from 0 to 10, with 10 indicating an accurate and specific identification (such as a neighbourhood, trail, or landmark) and 0 indicating no attempt to identify the location at all.

Google AI Mode was shown to be the most capable geolocation tool overall. 

Grok 4 gave both better and worse answers compared to Grok 3 but, on average, scored marginally higher. However, it was still less accurate than older versions of Gemini and GPT. 

GPT-5, even in ‘Thinking’ and ‘Pro’ modes, was a considerable downgrade when compared with the capabilities demonstrated by GPT o4-mini-high. In one example, of a city street with skyscrapers in the background, o4-mini-high correctly identified the street, while GPT-5 in Thinking mode pointed to the wrong country. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Despite delivering faster answers, GPT-5 appeared to sacrifice accuracy. A surprising number of errors and a general sense of disappointment in the new model have also been reported by other users.

Bellingcat tested GPT-5 and its ‘Thinking’ mode via the Plus subscription, which costs roughly the same as access to 04-mini-high prior to its retirement. Five of the most difficult test images were also run through GPT-5 Pro. But even Pro, with a premium price tag of €200 per month, failed to geolocate the photos any more accurately than GPT 04-mini-high.

A Beach, a Hotel and a Ferris Wheel

The disparity between Google and the GPT models became even more apparent in Test 25 – a photo of a shoreline hotel in Noordwijk, the Netherlands, with a Ferris wheel rising just beyond the dunes.

Test 25: A photo of Noordwijk beach in the Netherlands. Credit: Bellingcat.

In the previous trial, most older models – including those from GPT, Claude, Gemini and Grok – accurately identified the country as the Netherlands but failed to locate the town. Many latched onto the Ferris wheel but pointed instead to the seaside town of Scheveningen, which also has a Ferris wheel, though situated on a pier, not among the sand dunes.

However, the most recent models, GPT-5 Pro and Thinking, were even less accurate, identifying a beach in France – an entirely different country. 

Unfortunately for open source researchers, following the release of GPT-5, OpenAI removed the option to select older models such as o4-mini-high. After a wave of negative feedback, OpenAI reinstated GPT-4o as the default model for paid subscribers. However, the most capable geolocation models identified in Bellingcat’s testing remain inaccessible.

Google AI Mode, on the other hand, was the first, and only model so far, to correctly identify Noordwijk as the location in Test 25.  

Though AI Mode is powered by a version of Gemini 2.5, it outperformed Gemini 2.5 Pro Deep Research in these tests. Described by Google as its “most powerful AI search, with more advanced reasoning and multimodality,” AI Mode geolocated test images with greater accuracy than any GPT models, including our previous winner, o4-mini-high.

AI Mode is currently only available in India, United Kingdom and the United States.

Credit: Google.

The majority of models, at some point, returned a hallucination. Users should not rely solely on the answers provided by LLMs. Even the best options, including Google AI Mode, still, at times, confidently point to the wrong location. 

The difference in models’ capabilities compared with just two months ago shows how quickly this field is evolving. However, OpenAI’s recent changes also suggest that progress is not guaranteed, and that AI’s ability to geolocate may plateau or even worsen over time. As new models emerge, Bellingcat will continue to test them.

Thanks to Nathan Patin for contributing to the original benchmark tests.


Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here and Instagram here.

The post LLMs vs. Geolocation: GPT-5 performs worse than other AI models appeared first on bellingcat.

Read the whole story
rosskarchner
14 days ago
reply
Share this story
Delete
Next Page of Stories