Kaveh Waddell

On March 19, an IT employee at the Hillary Clinton campaign gave John Podesta, the campaign chairman, some computer-security advice. “John needs to change his password immediately,” he wrote in an e-mail, “and ensure that two-factor authentication is turned on his account.” The helpdesk staffer was responding to a Google alert with a bright red banner that had been sent to Podesta’s personal Gmail account. An aide to Podesta had forwarded the warning when she saw it in his inbox. The warning, it turned out, was fake. It was designed to look authentic by Russian hackers, who also created a fake password-reset page that would capture Podesta’s password when he entered it.

But the Clinton IT employee, Charles Delavan, made a crucial error when he responded to the aide who forwarded the warning. “This is a legitimate email,” he wrote back. Somebody on the campaign clicked on the fake link, entered Podesta’s password, and the hackers gained access to tens of thousands of his e-mails. In a detailed new report from The New York Times, Delavan said he didn’t intend to legitimize the phishing email back in March: "He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” e-mail, an error that he said has plagued him ever since"

If the public is to stay informed about foreign hacking that the executive branch wanted to keep quiet, whistleblowers in the intelligence community would have to come forward to leak important findings. But under President Barack Obama, leakers have faced steep penalties for sharing classified information with the press or the public—and President-elect Donald Trump seems far more hostile toward transparency, as evidenced by his stances on journalism and free speech. In the absence of official reports about hacking, the private sector would have a bigger role to play, too.

Nearly half of American Internet users have been harassed or abused online, according to a new study published by Data & Society, a technology-focused think tank. Some groups are more often targeted than others. Lesbian, gay, and bisexual users are more than twice as likely than straight users to experience abuse online, the study found, and although men and women are subject to similar levels of abuse, the attacks on women were often of a more serious nature. Of the 20 categories of harassment the researchers looked at, men were more likely to report being called names and being embarrassed online, while women were more likely to be stalked, sexually harassed, or have false rumors spread about them.

But a person doesn’t have to be the target of abuse for it to color their experience online. More than 70 percent of Americans say they’ve seen others harassed on the Internet. For black users, that percentage rose to 78; among younger users and lesbian, gay, and bisexual Americans, the proportion is close 90 percent. Groups that were more likely to come into contact with online abuse were also more likely to say that people on the Internet are mostly unkind.

Rep Mike Pompeo (R-KS), the man that President-elect Donald Trump chose to lead the CIA when he becomes president, has long been a vocal supporter of expanding the government’s surveillance powers. As Congress worked to wind down the National Security Agency’s bulk data-collection program in the summer of 2016, rolling back one of the secret measures first authorized under President George W. Bush, Rep Pompeo, who sits on the House Intelligence Committee, was pushing back.

In an op-ed published in The Wall Street Journal this January, Rep Pompeo argued forcefully against “blunting” the government’s surveillance powers and called for “a fundamental upgrade to America’s surveillance capabilities.” In the piece, he laid out a road map for expanding surveillance. "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed. That includes Presidential Policy Directive-28, which bestows privacy rights on foreigners and imposes burdensome requirements to justify data collection,"he wrote. In a break with other national-security hawks, however, Rep Pompeo wrote that mandating backdoors that would allow the government to access encrypted communications would “do little good.” He argued, as most technologists who promote encryption do, that weakening digital security in the United States would just push bad actors to switch to foreign-made or homegrown software.

A Q&A with Joseph Turow, a professor of communication at the University of Pennsylvania.

You just wanted to shop for a birthday gift in peace—instead, you got ads that follow you around the Internet, and coupons in your email that remember exactly which products you clicked on. So you shut down your computer, stick your hands into your pockets, and walk to the store. Here, among the throngs of shoppers, you may feel more anonymous than you do behind a screen unburdened by cookies and tracking pixels, and you can browse in peace. Except not really. If you brought your smartphone, its GPS probably tattled on you before you even walked through the doors. Take your phone out and it might start picking up inaudible sounds broadcast throughout the store to pinpoint your location and send you targeted ads. Surveillance cameras hidden in light fixtures track your movement through the aisles, and could even be using facial-recognition software to understand your preferences and habits and attach them to your personal profile. For the past five years or so, brick-and-mortar retail stores have been trying to catch up with their online counterparts in tracking and personalization. Joseph Turow, a professor of communication at the University of Pennsylvania, has been studying the marketing and advertising industries for decades. I spoke to Turow about these transformations, the technologies that we might one day soon carry on or even inside our bodies that will make it easier to track us, and the retail industry’s predictions and pipe dreams for the future.

In a city or town, a quick look around will tell you the racial makeup of the community you're in. But on a webpage, there’s no easy way of telling who else is visiting. Some sites make it clear that they’re geared toward members of a certain race: The Root, for example, describes itself as a destination for “black news, opinions, politics, and culture.” Elsewhere, visitors have to guess a site’s target audience based on its content—or they may conclude that race doesn’t matter on most of the Internet. But that latter idea is one that a group of academic researchers who study race and the Internet have been pushing back against for decades. With training in different backgrounds—sociology, media studies, Unternet culture—they contend that the Internet is far from raceless; in fact, they say, most of the Internet is targeted at one demographic in particular.

Because of its history as a product of technology companies that are staffed overwhelmingly by white employees, the Internet is largely made by, and for, white people, the researchers argue. “Those with the most access and capital are more likely to control the culture of the Internet and reproduce it in their interests,” said Safiya Noble, a professor of information studies at UCLA who has published research about examining the role of race in social media and search engines. “The web is a white space and its sensibility otherizes non-whites.” Internet scholars have been kicking around this idea since the early days of the World Wide Web, but it’s a particularly difficult one to test experimentally. Unlike studies that catalog how discrimination leads to generations of segregation in physical spaces—redlining in major American cities, for example—it’s not as easy to detect similar patterns on the web.

Cheap smartphones with cameras have brought the power take documentary evidence to just about anyone, and the credibility of phone-shot video has held up in court and in the news. But a patent awarded to Apple in June hints at a future where invisible signals could alter the images that smartphone cameras capture—or even disable smartphone cameras entirely.

Apple filed for the patent in 2011, proposing a smartphone camera that could respond to data streams encoded in invisible infrared signals. The signals could display additional information on the phone’s screen: If a user points his or her camera at a museum exhibit, for example, a transmitter placed nearby could tell the phone to show information about the object in the viewfinder. A different type of data stream, however, could prevent the phone from recording at all. Apple’s patent also proposes using infrared rays to force iPhone cameras to shut off at concerts, where video, photo, and audio recording is often prohibited. Yes, smartphones are the scourge of the modern concert, but using remote camera-blocking technology to curb their use opens up a dangerous potential for abuse. What happens if someone else can use technology to enforce limits on how you use your smartphone camera, or to alter the images that you capture without your consent? In public spaces in the US, that would be illegal: Courts have generally ruled that the First Amendment protects people’s right to take pictures when they’re in a public area like a park, plaza, or street. Private spaces are a different story entirely.

Since 2012, Google has been notifying Gmail customers when they come under attack from hackers who may be working for foreign governments. The company has long remained vague about the the way it detects and identifies these hackers—“we can’t reveal the tip-off,” the company tells users—and about the number of notifications it routinely sends. Until now.

When these warnings were introduced, they appeared as thin red bars tacked to the top of users’ inboxes. But just a few months ago, Google redesigned the notifications to be considerably more in-your-face: Now, they take up the entire screen, announcing themselves with an angry red flag. “Government-backed hackers may be trying to steal your password,” the alert reads, advising users to enable two-factor authentication. The new alert says that fewer than one in a thousand Gmail users are targeted by foreign hackers—but for a product with more than a billion active users, that could still be a really big number. (0.1 percent of 1 billion is 1 million.) On July 11, Google provided its most precise estimate ever of the number of cyberattacks it detects that target Gmail users. Google Senior Vice President Diane Greene said the company notifies 4,000 users each month of state-sponsored cyberattacks.