By working together, the companies say they’re better able to find security flaws in Google Cloud’s Confidential Computing infrastructure.

An unusual partnership between Google and AMD may offer a blueprint for how the tech industry can better tackle processor security risks before they spiral out of control. The only problem? The setup requires an equally rare level of trust, which may be hard for other companies to replicate.

On Tuesday, Google Cloud is releasing a detailed audit of AMD's confidential computing tech, the result of a collaboration between Google's Project Zero bug-hunting group, two teams within Google Cloud Security, and AMD's firmware group. The audit follows years of Google Cloud putting increasing emphasis on its offerings for Confidential Computing—a suite of capabilities that keep customers' data encrypted at all times, even during processing. The stakes are high, as customers increasingly depend on the privacy and security protections conferred by these services and the physical infrastructure underlying them, which is built on special secure processors from AMD. An exploitable vulnerability in Confidential Computing could be disastrous.

Flaws in how processors are designed and implemented pose massive risks, turning widely used chips into single points of failure in the computers, servers, and other devices in which they're installed. Vulnerabilities in specialized security chips have particularly dire potential ramifications because these processors are designed to be immutable and provide a “root of trust” that all the other components of a system can rely on. If hackers can exploit a flaw in security chips, they can poison a system at that root and potentially gain undetectable control. So AMD and Google Cloud have developed an unusually close-knit partnership over more than five years to collaborate on auditing the Epyc processors used in Google Cloud's sensitive infrastructure and attempting to plug as many holes as possible. 

“When we find something and know that the safety is getting better, that's the best,” says Nelly Porter, group product manager of Google Cloud. “It’s not pointing fingers, it’s combined effort to fix things. Adversaries have unbelievable capability, and their innovation is growing, so we need not only to catch up but to get ahead of them.”

Porter says the partnership with AMD is unusual because the two companies have been able to build up enough trust that the chipmaker is willing to let Google's teams analyze closely guarded source code. Brent Hollingsworth, AMD's director of the Epyc software ecosystem, points out that the relationship also creates space for pushing the boundaries on what types of attacks researchers are able to test. For example, in this audit, Google security researchers used specialized hardware to mount physical attacks against AMD technology, an important and valuable exercise that other chipmakers are increasingly focusing on as well, but one that goes beyond the traditional security guarantees chipmakers offer.

PCIe hardware pentesting using an IO screamerPhotograph: Google

“Anybody who’s written software, anybody who’s created hardware, knows that it’s impossible to be perfect,” Hollingsworth says. “Over the years that we’ve been working together with Google, we’ve been providing them as much access as we possibly can and thinking about the problem from two different sides. And somewhere in the middle of that push and pull, we end up finding things that benefit everyone.”

The audit specifically delved into the defenses of the AMD Secure Processor (ASP) and the firmware of the AMD technology known as “SEV-SNP,” or Secure Encrypted Virtualization-Secure Nested Paging. SEV-SNP underlies Google Cloud's Confidential Virtual Machines, a premium offering within Google Cloud's general product that segments and encrypts a customer's systems and manages the encryption keys to box out Google Cloud such that the company can't access the customer's data. 

The two companies haven't said specifically how many vulnerabilities were found and addressed through the recent audit, but the report outlines multiple specific findings, attack scenarios, and general areas for improvement. AMD says it has released firmware fixes for all the issues discovered through the audit, and Google Cloud says it has applied all of these patches and mitigations.

Both Google Cloud's Porter and AMD's Hollingsworth emphasize, though, that the true value of the partnership is in the repeated collaboration and review over time. The goal is that the findings will safeguard Google Cloud, but also improve security across the industry, and that the partnership can perhaps be a model for increased transparency between chipmakers and customers in general. As organizations increasingly rely on cloud providers to deliver most or all of their infrastructure, there are major security gains, but always the lurking fear that something could go wrong.

“You need to assume breach; you need to assume that things might happen,” Porter says. “And that’s why I think it’s so critical to have all the bugs fixed, but also to be talking very openly about this continuously. It's not something we’re doing once and it's finished. It’s ongoing.”

AMD Gave Google Cloud Rare Access to Its Tech to Hunt Chip Flaws

Locked outside your calendar or Gmail? Here's how to get un-stuck—and prevent it from happening in the first place.

It’s Friday morning and you think you can meet an important end-of-week work deadline if you just focus and plow through for the next eight hours. Skip lunch? Check. Turn off social media? Check. Now to login in to Gmail and Google Sheets and Google Docs to get moving on this … Wait … What the heck?

If you’re like many of us who rely on Google’s suite of business, academic, and personal productivity tools, it’s the moment that can bring your day to a screeching halt. Whether it’s due a changed password, hacking of your account, or some other reason, you can’t log in to your Google account and the many services connected to that account.

What now?

The web is filled with advice and shortcuts on what to do in this situation, from tapping your password manager to turning off two-factor authentication (not recommended!).

Rather than use Google’s most popular tool, Search, for the answer, we decided to ask the company directly what happens when users can’t get in and what steps they should take to recover their account. Guemmy Kim, director of account safety and security at Google, guided us through our questions.

How Do Google Accounts Get Disabled?

First, let’s try to understand why you might be in this situation at all.

Kim says there are three main scenarios where a user can find themselves unable to get into their account. The first is the user losing their credentials. That could mean you forgot your password, you changed your Google password on one device and forgot to reenter it on another device, or any other number of credential snafus.

The second scenario is when a user’s Google account is disabled due to suspected hacking. “If Google suspects that an account has been hijacked, we disable it as a proactive measure,” Kim says. “This is similar to how a bank would suspend a credit card if they identify suspicious transactions on the account.”

The third scenario is that Google suspends an account that is in violation of its policies. If a user has posted abusive content, or their email address is involved in phishing hacks, those would be a few of the possible reasons for an account to get disabled over a policy issue.

So I Know Why I’m Locked Out. What Can I Do?

For a password or credentials issue, you would go through the “Forgot email?” link below the login prompt or start Google’s Automated Account Recovery process, which walks you through a series of questions to either access the account through a secondary method (a phone number or other email address, for instance) or, if these methods don’t work, to create a replacement account.

The same goes for accounts that are suspected of being hijacked; you should use the Account Recovery tool. Kim says that an important part of ensuring a smooth recovery is that you have recovery phone numbers or email addresses set up in advance. “We strongly encourage everyone to add a recovery phone number to their account.” Kim added that any phone numbers added for two-factor authentication are not used for anything else, so you don’t have to worry about it being used by marketers.

Accounts flagged for policy violations, however, have the option to have that action reviewed upon their next login. In this case, users are still in control of their account identity.

Kim says that anyone who runs into this situation should first review Google’s policies to make sure they understand why the account was disabled before clicking. In some cases, the next login attempt will display details of why the account was disabled, such as suspicion of phishing. “However, there are some circumstances where we cannot provide additional details due to safety concerns,” Kim says.

In appealing this decision, “Users can provide additional context to help our reviewers decide whether to restore access to their account,” Kim says.

That process of review can take about two days.

Can I Speak to a Human At All?

The short answer in most cases is no. You’re probably not going to get a person on the phone via some kind of Google hotline. But there are cases where some users may get extra help depending on the nature of the account. Kim says that those who have a Google account through their work, school, or other group are encouraged to reach out to their administrator, who may be able to manage users via their Admin Console. If their administrator is stumped, they have their own support options as well.

Other Google users, like people in the YouTube Partner Program or subscribers to Google Fi or Google One may have dedicated support teams to help through those products. They might be able to offer guidance or provide general help, but Kim says you shouldn’t expect them to have a magic account reset wand. “For security reasons, these agents cannot restore access to the account,” Kim says.

How Does Google Decide to Suspend an Account?

Kim says that different types of signals and patterns can factor into the decision to disable or flag an account, which isn’t terribly clear, but also shows how broadly the company looks at potentially damaging activity. Some of those patterns include signing in on a computer or new phone for the first time, changing passwords, or other events that users can also review on their account security page.

Alerts sent out in these cases allow the account owner to check first to see if something fishy is going on “and if our detection logic has not picked up on it yet,” Kim says.

When behavior points more toward an account hijacking or something nefarious, Google can force the account holder to go through the Account Recovery tool to verify their identity and change their password.

Kim says, “The idea is to let the real user back into their Google account while blocking the hijacker.”

Of course, this all only works if you’ve set up the appropriate measures before your account gets hacked. If you’ve already lost it, there may be cases where if you don’t have advanced security measures set up already—like using your phone as a two-factor login tool or keeping your recovery phone numbers updated—there may be no way to get it back. Kim suggests “ounce of prevention” measures here, as in, take time now to walk through Google’s Security Checkup tool before anything bad happens to your account in the first place.

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

What to Do If You Can't Log In to Your Google Account

Plus: Russia rerouted internet in occupied Ukraine, Grindr sold its users' location data to ad networks, and more.

If the war in Ukraine and Russia's still-unfolding atrocities there didn't offer enough fodder for doomscrolling, this week supplied a new dose of domestic crisis: A leaked Supreme Court draft decision that would overturn _Roe v. Wade_, demolishing a ruling that has served as a cornerstone of reproductive rights for nearly five decades. And this crisis, too, will play out in the digital realm as much as the physical and legal ones.

WIRED's Lily Hay Newman responded to the news with a guide to protecting your privacy if you're seeking an abortion in a near-future world in which _Roe_ has in fact been overturned. As right-wing pundits demand the Supreme Court leaker's prosecution, meanwhile, we analyzed the laws concerning leaks of unclassified government information like a draft court ruling and found that there's no clear statute criminalizing that sort of information sharing. And law professor Amy Gajda walked us through the history of Supreme Court information leaks, which stretches back hundreds of years.

As Russia's war in Ukraine grinds on, we looked at how small, consumer-grade drones are offering a defensive tool to Ukrainians that they're exploiting as in no other war in history. And further abroad in India, a battle is taking shape between VPN firms and the Indian government, which is demanding they hand over users' data. Meanwhile, the country's new “super app,” Tata Neu, has sparked user privacy concerns.

And there's more. As we do every week, we’ve rounded up all the news that we didn’t break or cover in-depth. Click on the headlines to read the full stories. And stay safe out there.

If _Roe_'s precedent ceases to protect people seeking abortions across the United States, the question of who can digitally surveil those seeking abortions and abortion providers—and how to evade that surveillance—will become a civil liberties battle of the highest urgency. This week, Motherboard's Joseph Cox fired the opening salvos of that battle with a series of stories about data brokers who offer to sell location data that include individuals' visits to abortion clinics and Planned Parenthood offices, an egregious form of surveillance capitalism with immediate human consequences. Anti-abortion protest groups have already used abortion clinic data to target ads at women inside the clinics, and the same data could soon be used to identify women who seek out-of-state abortions in violation of local laws.

Cox pointed to two companies, SafeGraph and Placer.ai, both of which sold location data of those apparently visiting abortion clinics. Placer.ai has gone so far as to offer "heat maps" of where abortion clinic visitors live to anyone who creates a free account on its site. Cox's reporting had quick results: SafeGraph, which was banned from the Google Play store in June, responded to Motherboard's story by committing to stop selling the abortion-related location data. One of its investors, Are Traasdahl, says he's selling his stake in the company and donating the money to Planned Parenthood.

Your move, Placer.ai.

While we're shaming firms that leak or sell their users' location data, Grindr has long represented a uniquely dangerous combination: a company that courts at-risk users, and then egregiously fails to protect their privacy. This week, _The Wall Street Journal_ revealed that Grindr users' location data was sold for years—beginning in 2017 until at least two years ago—via ad networks, potentially exposing the movements, work locations, and home addresses of millions of gay men. The revelation follows years of Grindr data abuses and inattention to privacy and security, such as allowing anyone to pinpoint users with a triangulation technique, and even turning a blind eye as one man's life was ruined by spoofed Grindr accounts.

In 2022 a Russian military occupation doesn't merely mean physical devastation from shelling, unspeakable war crimes, and mass deportations of Ukrainian civilians to Russian hinterlands. In the Russian-occupied region of Kherson in southern Ukraine, it now means that Ukrainians have been disconnected from the global internet and rerouted through Russia's tightly controlled, surveilled, and censored “Runet.” The move, confirmed Monday by the internet monitoring firm Netblocks, represents a grim advancement of the “splinternet” notion of repressive regimes increasingly walling off their own regional slice of the internet to exert greater control over their populations. Russia now appears to be experimenting with extending its internet repression to the victims of its unprovoked military conquests in a bid to better control and influence digital information there too.

Last month, _The New Yorker_ published an in-depth investigation of how the Israeli hacking firm NSO Group's highly sophisticated smartphone spyware known as Pegasus was used to target members of Spain's Catalan independence movement. Now, Spain's government may be getting a taste of its own medicine: Both the prime minister, Pedro Sánchez, and the country's defense minister, Margarita Robles, have said that their phones, too, were hacked with Pegasus in May and June of 2021. Spain's criminal court is investigating the hacking, which was revealed by security researchers at Citizen Lab. While the Spanish government has claimed that the hacking must have been carried out by a foreign culprit, the Catalan targets of Pegasus have long pointed the finger—for their own targeting at least—at Spain's National Intelligence Center.

The US Treasury announced Friday that it's issuing sanctions against Blender.io, a “mixing” service that's used to obscure the origins and destinations of cryptocurrency. Mixers, including Bitcoin Fog and Helix, have been criminally prosecuted by the US Department of Justice for helping to obscure the criminal origins of cryptocurrency. But the sanctions against Blender.io represent the first time that the Treasury has taken measures to financially ostracize a mixer, making it a crime for any American to transact with the service. In this case, Blender is accused of helping to launder $20.5 million of the $620 million worth of cryptocurrency that North Korea's Lazarus hackers allegedly stole from the cryptocurrency firm Ronin Networks in March. That hack alone suggests that North Korean thieves have already topped the estimated $400 million in crypto—largely in the Ethereum currency—that they stole last year.

Data Brokers Track Abortion Clinic Visits for Anyone to Buy

If you don’t like marketers (or anyone else) knowing when and where you read your email, Apple’s feature will help you reclaim some privacy.

Nothing makes you more paranoid about privacy than working in a marketing department. Trust me on this. For example, did you know that marketers track every time you open an email newsletter—and where you were when you did it?

Apple caused a small panic among marketers in September 2021 by effectively making this tracking impossible in the default Mail app on iPhone, iPad, and Mac. I, personally, switched to Apple Mail as soon as the feature was announced. You might feel the same way, but marketers feel as though they've lost a useful tool.

"If I start a conversation with somebody and they're not responding to me, I'm going to stop talking to them at some point," says Simon Poulton, vice president of digital intelligence at marketing agency Wpromote. "But if someone is nodding along, I'm going to keep talking."

Tracking email opens, to Poulton, is a way for marketers to see who is, and isn't, listening—and adjust their strategy accordingly.

Privacy advocates feel differently. Bill Budington, senior staff technologist at the Electronic Frontier Foundation, says tracking is bad for privacy, and he's pleased that “Apple Mail now provides tools to take your privacy back.”

Let’s talk more about what, exactly, this feature does—and what it means for you.

How Email Tracking Works (and How Apple Blocks It)

If you're really freaking old—36, say—you might recall some ’90s email clients couldn't open certain emails with formatting. You'd instead be prompted to open the email in your web browser. There's a reason for this.

Email dates back to the ’70s, when computers couldn't display much in the way of graphics. Because of this, email protocols are more or less designed for simple text messages with attachments—which works until you want to add things like colors and images. By the ’90s, a workaround showed up: adding HTML code to an email message that points to images hosted on servers.

I bring this history up only because it's what makes modern email tracking possible. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

So, how does Apple Mail stop this? By caching. Apple Mail downloads all images for all emails before you open them. Practically speaking, that means every message downloaded to Apple Mail is marked “read,” regardless of whether you open it. Apples also routes the download through two different proxies, meaning your precise location also can't be tracked.

Apple’s Been Adding Features Like This for a While

So did this catch marketers off guard? Kind of.

“The Apple Mail thing specifically kind of came out of left field,” Poulton tells me, “but the whole idea of the de-identification of users is something we've been planning on for a while. This is a multipronged attack from Apple.”

Apple Mail Now Blocks Email Tracking. Here’s What That Means

From surveillance to search-and-rescue, consumer drones are having an unprecedented impact on Ukraine’s defense against Russia.

In the snowy streets of the north Ukrainian town of Trostyanets, the Russian missile system fires rockets every second. Tanks and military vehicles are parked on either side of the blasting artillery system, positioned among houses and near the town’s railway system. The weapon is not working alone, though. Hovering tens of meters above it and recording the assault is a Ukrainian drone. The drone isn’t a sophisticated military system, but a small, commercial machine that anyone can buy.

Since Vladimir Putin invaded Ukraine at the end of February, drones of all shapes and sizes have been used by both sides in the conflict. At one end of the scale are large military drones that can be used for aerial surveillance and to attack targets on the ground. In contrast, small commercial drones can be flown by people without any specific training and carried around in a suitcase-sized box. While both types of drones have been used in previous conflicts, the current scale of small, commercial drone use in Ukraine is unprecedented.

Drone videos shared and posted to social media depict the brutality of the war and reveal what has happened during battles. Drones have captured fighting in the destroyed Ukrainian city of Bucha, with lines of tanks moving around streets and troops moving alongside them. Commercial drones have helped journalists document the sheer scale of destruction in Kyiv and Mariupol, flying over burnt-out buildings that have been reduced to rubble.

Russian troops have been caught on camera allegedly shooting at citizens holding their hands in the air. Drone videos show Ukrainian troops shelling Russian positions, monitoring their movements in real time, and ambushing Russian troops. In one video, a drone spots Russian military vehicles leaving troops behind—they run after the transport and fall in the snow. In another, the drone hovers in the air and records a helicopter being shot down as it flies past.

“Drones changed the way the war was supposed to be,” says Valerii Iakovenko, the founder of Ukrainian drone company DroneUA. “It is all about intelligence, collecting and transferring data about enemy troops' movements or positionings, correcting artillery fire. It is about counter-saboteurs' actions, and it is of course search-and-rescue operations.” Iakovenko estimates that Ukrainian forces are operating more than 6,000 drones for reconnaissance and says these can link up with Elon Musk’s Starlink satellite systems to upload footage. “In 2014, drones became the center of attention of intelligence units, but their scale cannot be compared to what we see today,” he says. (Russia first began its invasion of Ukraine in 2014 with its annexation of Crimea.)

Both Ukraine and Russia have used military drones during the war—and Ukraine received donations of drones from the US. These military drones can often fly at high altitudes for long periods of time and fire upon targets, including ships. However, the use of smaller commercial drones in such high numbers stands out, researchers say. These drones, which can sometimes be flimsy and can’t fly far from their operators or stay in the air for long periods, have provided tactical advantages in some cases. (Commercial drones have been used in previous conflicts, for instance in Syria, but not as extensively as in Ukraine.)

A Ukranian serviceman stands next to a downed Russian drone in the area of a research institute, part of Ukraine's National Academy of Science, after a strike, in northwestern Kyiv, on March 22, 2022.

Photograph: ARIS MESSINIS/Getty Images

Civilian drone researcher Faine Greenwood has tracked and logged almost 350 incidents in which consumer drones have been used in Ukraine, with the video footage shared on Twitter, Telegram, YouTube, and other social media. Many of the clips, which Greenwood has also mapped, are recorded by military forces, but others have been captured by civilians and journalists. The documented incidents are likely to be only a small fraction of the drone usage in Ukraine. Iakovenko says that in addition to collecting footage for possible war crimes, drones are being used to inspect buildings that have been hit and to help restore power supplies that have been damaged or knocked out.

“You get cheap airborne surveillance, or even strike capabilities, by using these,” says Ulrike Franke, a senior policy fellow at the European Council on Foreign Relations who has studied the use of drones in war. The drones allow troops on the ground to immediately surveil forces around them, retarget weapons, and take action that could stop enemy advances or save lives. “You have individuals or small militia groups that all of a sudden have their own airborne surveillance capability—that’s something you wouldn’t have had 10 years ago. There certainly have been tactical advances and tactical victories because of that.”

Beyond providing direct surveillance that can contribute to intelligence, the videos being captured by consumer drones could contribute to accountability after the war ends. “This is one of the first cases we have had where drones have collected so much really applicable information for war crimes investigations against civilians,” Greenwood says. Although there are questions about what kinds of footage will be admissible in trials, Greenwood and others are backing up and saving video from drones in Ukraine.

Chief among the commercial drones being used in Ukraine are those from Chinese firm DJI, particularly its Mavic line of devices. Its consumer drones are considered to be some of the easiest to purchase and fly. Both Ukrainian and Russian forces have been seen using the drones, Greenwood says. Early in the war, Ukrainian authorities accused DJI of allowing Russian forces to use its drone detection system to target troops, although the company strongly denies this and no strong evidence has been presented.

At the end of April, DJI announced it was temporarily suspending sales in both Russia and Ukraine. The company has consistently said it doesn’t market its products for military use, and it has refused to enable modifications that would allow such use. “DJI has taken this action not to make a statement about any country, but to make a statement about our principles,” DJI spokesperson Adam Lisberg says. “DJI abhors any use of our drones to cause harm, and we are temporarily suspending sales in these countries in order to help ensure no one uses our drones in combat.”

Despite DJI’s opposition to military uses of its products, the drones have been weaponized during the war. “I don't think people have expected commercial DJI drones to be used at such scale,” says Samuel Bendett, an advisor with nonprofit research organization CNA who focuses on Russia and unmanned and autonomous military systems. “This raises the question of whether drone proliferation can be stopped altogether in any conflict.” Charities, companies, and individuals have donated consumer drones from around the world to Ukrainian forces. (Greenwood says they have seen claims that the Russian military is being supplied with donated drones, too. They also point out Telegram messages that claim to show pro-Russian fighters discussing the use of commercial drones).

While the use of consumer drones in conflicts is not new, the machines are not designed for a hostile environment. “The downside of these drones is that they're not military-grade,” Bendett says, adding they can be targeted by anti-drone technology designed to take them out of the sky. All the drone specialists we spoke to for this article say they haven’t seen as many incidents of drones being shot out of the sky as they would have expected—particularly by Russian forces.

“Flying a simple commercial drone in conflict puts the operators in danger as well,” Bendett says. Civilians, journalists, and humanitarian workers using drones in Ukraine are being put at greater risk when they fly consumer drones, Greenwood adds. “The big problem with consumer drones and conflict zones, which humanitarian aid workers are very conscious of, is that you can't tell them apart; they look exactly the same.” A consumer drone being flown by a civilian appears no different from the same drone being flown by a soldier.

This means there are questions about what will happen under humanitarian laws if people flying drones are targeted, Greenwood says. “What happens if an aid worker is flying a drone and people assume it's a drone, it must be being flown by a combatant, and therefore this is a valid target and I'm going to kill it?”

Small Drones Are Giving Ukraine an Unprecedented Edge

Reproductive rights are still largely guaranteed in the United States. Here are some key privacy concepts to adopt in the event that they're not.

While it may be increasingly important for people in the US to consciously consider what they're posting when it comes to their own abortions or those of loved ones, Hayley McMahon, an independent public health researcher who studies abortion access, notes that the goal of this advice is not to chill speech, but to keep people safe.

“I don’t ever want to tell someone they shouldn’t talk about their experience or they can’t talk about their experience, because there’s tons of power in abortion storytelling,” McMahon says. “But I think people need to have all of the information and an understanding of the risks, and then they can make choices about what to say where.”

Know Your Rights

Researchers emphasize, too, that people in the US should know and feel secure in their rights when it comes to dealing with law enforcement. If you are being questioned by police, you can simply say, “I am exercising my right to remain silent and I want to speak with an attorney.” Resources like the Repro Legal Helpline can help connect you with specific legal advice. Additionally, lock your devices with a strong, unique PIN number, keep them locked, and simply ask for an attorney if a cop attempts to compel you to unlock your device. 

McMahon also adds that in the very rare case of a complication with a medication abortion, people should not feel pressure to disclose the treatment to clinicians in the emergency room or other health care settings. Simply saying, “I think I'm having a miscarriage” will suffice.

“People need to understand that it's impossible to tell the difference between spontaneous miscarriage and medication abortion,” McMahon says. “Medication abortion simply induces a miscarriage. And of course, we typically want everyone to disclose their health history to their clinician, but in this case, the treatment is the same, so nothing is lost by not disclosing that information.”

Deluge of Data

Using apps, browsing the web, and using search engines are all activities that can expose personal details, creating a major challenge in controlling the flow of personal information as people research or seek abortions. And often by the time someone is seeking an abortion, they have already generated data that could reveal their health status. Period-tracking apps, for example, gather data that may seem benign but is clearly sensitive in the context of potential abortion criminalization. In one recent case, the Federal Trade Commission investigated and sanctioned the fertility-tracking app Flo Health for sharing user health data with marketing and analytics firms, including Facebook and Google. And researchers have also found numerous examples of health websites sharing personal data with third parties or conducting targeted ad-tracking without adequately informing users and in violation of their privacy policies.

Using a search engine that doesn't track potentially sensitive user data, like DuckDuckGo, and browser extensions that block web trackers, like EFF's Privacy Badger, are all steps you can take to significantly cut down on how much of your browsing data ends up in tech companies' hands. And consider analog options, if possible, for recording and storing reproductive information, like a notebook or paper calendar where you log details of your menstrual cycle.

One of the most pernicious and complicated aspects of attempting to rein in your personal data as you research or seek an abortion is the question of how to mitigate the collection of your location data. Always turn off location services for as many apps as possible—iOS and Android both make this relatively easy now. And if you're traveling to receive an abortion, you might consider leaving your phone at home or keeping it in a faraday bag for as much of the trip as possible.

“A lot of those data-generating activities that you’ve already engaged in in the past are already out there,” says Andrea Downing, founder of the nonprofit Light Collective and a security and privacy researcher focused on patient populations and social media. “You can delete apps from here forward, turn off location services, stop using a fertility app, and those are all great steps. But it's also reasonable if people can't remember everything all the time. Patient populations are susceptible and vulnerable online, and we need to focus on protecting them.”

McMahon, the independent public health researcher, echoes this sentiment, noting that any small steps a person can take to defend their data are positive and should be celebrated.

“I want to emphasize, it is definitely not someone's fault if they forget to do any of these things and then get criminalized,” she says. “People may feel like they made a mistake if they reach out to others for help, but no! You did a normal human thing and the system is criminalizing you.”

While issues of digital privacy are extremely salient to people seeking abortions, they impact every marginalized and disenfranchised group. And as the Light Collective's Downing points out, they ultimately affect everyone.

_“Roe v. Wade_ is about privacy, it was always the core thing underlying that case,” she says. “So even if you are not a person seeking an abortion, you need to be thinking in terms of how your rights may be next.”

How to Protect Your Digital Privacy if Roe v. Wade Falls

The country has ordered companies operating VPNs to collect user data and hand it over to officials—but they’re refusing to do so.

VPN companies are squaring up for a fight with the Indian government over new rules designed to change how they operate in the country. On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data—and maintain it for five years or more—under a new national directive. VPN providers have two months to accede to the rules and start collecting data.

The justification from the country’s Computer Emergency Response Team (CERT-In) is that it needs to be able to investigate potential cybercrime. But that doesn’t wash with VPN providers, some of whom have said they may ignore the demands. “This latest move by the Indian government to require VPN companies to hand over user personal data represents a worrying attempt to infringe on the digital rights of its citizens,” says Harold Li, vice president of ExpressVPN. He adds that the company would never log user information or activity and that it will adjust its “operations and infrastructure to preserve this principle if and when necessary.”

Other VPN providers are also considering their options. Gytis Malinauskas, head of Surfshark’s legal department, says the VPN provider couldn’t currently comply with India’s logging requirements because it uses RAM-only servers, which automatically overwrite user-related data. “We are still investigating the new regulation and its implications for us, but the overall aim is to continue providing no-logs services to all of our users,” he says. ProtonVPN is similarly concerned, calling the move an erosion of civil liberties. “ProtonVPN is monitoring the situation, but ultimately we remain committed to our no-logs policy and preserving our users’ privacy,” says spokesperson Matt Fossen. “Our team is investigating the new directive and exploring the best course of action,” says Laura Tyrylyte, head of public relations at Nord Security, which develops Nord VPN. “We may remove our servers from India if no other options are left.”

The hardball response from VPN providers shows how much is at stake. India has rapidly shifted away from a free and open democracy and launched crackdowns on non-governmental organizations, journalists, and activists, many of whom use VPNs to communicate. Human Rights Watch recently warned that media freedom is under attack in the country, with a number of law and policy changes threatening the rights of minority citizens in the country. India dropped eight places in Reporters Without Borders’ Press Freedom Index in the past year and now sits 150th out of 180 countries worldwide. Authorities are alleged to have targeted journalists, stoking nationalist division and encouraging harassment of reporters who are critical of Indian prime minister Narendra Modi. By collecting and storing data on all VPN users in India, authorities may find it easier to see who VPN-using journalists are contacting and why.

Officials in India have claimed that the new rules for VPN providers aren't part of a data grab aimed at further stymying press freedoms, but rather an attempt to better police cybercrime. India has been hit by a number of significant data breaches in recent years and was the third-most affected country worldwide in 2021. “Data breaches have become so common in India that they no longer make front page news as they used to,” says Mishi Choudhary, a technology lawyer and founder of the Software Freedom Law Center, a technology legal support services provider in India. In May 2021, the names, email addresses, locations, and phone numbers of more than 1 million customers of Domino’s Pizza were stolen and posted online; in the same year, the personal information of 110 million users of digital payment platform MobiKwik ended up on the dark web. Now, as the major incidents pile up, Indian officials are going after VPNs in an apparent attempt to reign in the cybercrime surge.

“CERT-In is duty-bound to respond to any cybersecurity incidents,” says Srinivas Kodali, a researcher focusing on digitalization in India from the Free Software Movement of India—though he disputes its efficacy in doing so. Having this information on hand should, in theory, allow CERT-In to investigate any incidents more speedily after the fact. But many don’t believe that’s the full story. “CERT-In doesn’t really have a clean past, and they’ve never really protected citizens’ privacy,” Kodali claims. “According to the rules, they are going to only demand these logs when they actually need them for part of an investigation. But in India, you never know how they will be abused.”

Such concerns of overreach are not unfounded. According to data published in April 2022 by Access Now, an advocacy group lobbying for internet freedoms, India was responsible for 106 of the 182 documented internet shutdowns in 2021. It was the fourth successive year the country held the unenviable title of the internet shutdown capital of the world. At the same time, India’s government has allegedly misled parliament about its use and deployment of the Israeli-produced spyware Pegasus against 160 politicians, lawyers, and activists within the country.

That ‘collect data first, ask questions later’ approach to law enforcement has others worried, too. “This is a blunderbuss way of remembering all data and keeping tabs on your users,” says Anupam Chander, professor of law at Georgetown University in Washington, DC. “That way, if \[India\] needs it for law enforcement, intelligence purposes, or other purposes, they can grab it later.” And the VPN data grab could, potentially, collect information on millions of Indians who rely on the technology. One in five Indians used a VPN in 2021, according to data gathered by service provider Atlas VPN—up from just 3 percent in 2020. The increased usage echoes a broader rise in the use of VPNs in countries such as Venezuela, Costa Rica, and Cambodia, which saw similar increases. It also shows how people in India are seeking out VPNs for information security purposes, as well as to avoid geoblocking of popular websites.

There’s another reason everyday Indians are pursuing VPNs: the rollout of a controversial nationwide identification database. The ID system known as Aadhaar—which first launched in 2009 and has evolved since then—assigns citizens a 12-digit identity code based on their biometric and demographic information. Its proponents say that Aadhaar is part of a plan to digitize the Indian economy and make it easier to access government services. Its opponents say Aadhaar’s ubiquity and required use—you can’t open a bank account, get an ambulance, or pay your taxes without one—is an attempt to shoehorn a surveillance state into existence under the auspices of making things easier for citizens. Choudhary worries that the new rules for VPN providers are part of a broader “mission creep” to control what is said and by whom across India. “This is not just bureaucracy,” Choudhary says. “It seems that the government of India is using every opportunity to make access to the internet much more controlled, as well as monitored.” CERT-In did not respond to a request for comment.

And India is not alone. “South Asian governments are basically competing with each other in this operational Olympics around violating the digital rights of their citizens,” says Pakistani lawyer and internet activist Nighat Dad. Pakistan’s government attempted to introduce a law in October 2021 that gave it the right to monitor and censor any content posted on social media in the country. Pakistan has previously blocked access to Facebook, Twitter, YouTube, WhatsApp, and Telegram “to maintain public order.” Dad is scared. “Not only in Pakistan but in India, there are marginalized communities who are at risk. This is a scary situation.” Similar concerns have been raised in Indonesia, where digital platforms have to register with the communications ministry and agree to provide access to their systems and data on request. So too in Bangladesh, where internet freedom has reached an “all-time low,” according to Freedom House, as the governing party uses laws to crack down on political dissent through social media.

VPNs that are developed within—or operate in—India will have to choose whether to accede to CERT-In’s request or withdraw their support from the country. Kodali says providers may adopt a halfway-house solution, barring new users from paying for VPNs with an Indian bank account, which would theoretically make it impossible for Indians to sign up while in practice quietly permitting them to find a workaround. But what starts in India likely won’t end there. “This does have global implications,” says Chander, who believes India is learning a lesson from China, with its stringent internet crackdowns. There’s a worry other, more liberal governments will follow the Indian-Chinese model, too. Attacks on end-to-end encryption are commonplace in the UK, while the US joined India, the UK, Japan, Australia, and New Zealand in signing an international statement asking for backdoor access that would subvert encryption standards. “I think it’s important that governments justify these actions,” says Chander, “and explain how they don’t threaten civil liberties.”

VPN Providers Threaten to Quit India Over New Data Law

The 96 internet service providers were told to enforce the orders “by any technological means available.”

A federal judge has ordered all internet service providers in the United States to block three pirate streaming services operated by Doe defendants who never showed up to court and hid behind false identities.

The blocking orders affect Israel.tv, Israeli-tv.com, and Sdarot.tv, as well as related domains listed in the rulings and any other domains where the copyright-infringing websites may resurface in the future. The orders came in three essentially identical rulings (see here, here, and here) issued on April 26 in the US District Court for the Southern District of New York.

Each ruling provides a list of 96 ISPs that are expected to block the websites, including Comcast, Charter, AT&T, Verizon, and T-Mobile. But the rulings say that all ISPs must comply even if they aren't on the list:

_It is further ordered that all ISPs (including without limitation those set forth in Exhibit B hereto) and any other ISPs providing services in the United States shall block access to the Website at any domain address known today (including but not limited to those set forth in Exhibit A hereto) or to be used in the future by the Defendants (“Newly Detected Websites”) by any technological means available on the ISPs' systems. The domain addresses and any Newly Detected Websites shall be channeled in such a way that users will be unable to connect and/or use the Website, and will be diverted by the ISPs' DNS servers to a landing page operated and controlled by Plaintiffs (the “Landing Page”)._

That landing page is available here and cites US District Judge Katherine Polk Failla's “order to block all access to this website/service due to copyright infringement.”

"If you were harmed in any way by the Court's decision you may file a motion to the Federal Court in the Southern District of New York in the above case," the landing page also says.

“Gone to Great Lengths to Conceal Themselves”

The three lawsuits were filed by Israeli TV and movie producers and providers against Doe defendants who operate the websites. Each of the three rulings awarded damages of $7.65 million. TorrentFreak pointed out the rulings in an article Monday.

The orders also contain permanent injunctions against the defendants themselves and other types of companies that provided services to the defendants or could do so in the future. That includes companies like Cloudflare, GoDaddy, Google, and Namecheap.

In all three cases, none of the defendants responded to the complaints or appeared in court, the judge's rulings said. “Defendants have gone to great lengths to conceal themselves and their ill-gotten proceeds from Plaintiffs' and this Court's detection, including by using multiple false identities and addresses associated with their operations and purposely deceptive contact information for the infringing Website,” the rulings say.

The defendants are liable for copyright infringement and violated the anti-circumvention provision of the Digital Millennium Copyright Act (DMCA), the judge wrote, describing the infringement as follows:

_Through the Website, Defendants have been re-broadcasting and streaming Plaintiffs' original content, broadcasting channels and TV services which are only authorized for broadcasting and/or viewing in the territory of the State of Israel and under a license. The Infringing Broadcasting includes original content produced and owned by Plaintiffs, mostly in Hebrew, and also from major studios in the United States and elsewhere, licensed to Plaintiffs for broadcasting exclusively in Israel (except as expressly licensed for broadcast in the United States)._

Rulings Further Target Web Hosts and Banks

The plaintiffs are United King Film Distribution, D.B.S. Satellite Services (1998), HOT Communication Systems, Reshet Media, and Keshet Broadcasting. While the plaintiffs “transmit their programming in an encrypted form,” the defendants' “various services and hardware permit end-user consumers to bypass the Plaintiffs' encryption to view Plaintiffs' content,” the rulings said.

The judge ordered domain registrars and registries to transfer the domain names to the plaintiffs. The rulings include injunctions against “third parties providing services used in connection with Defendants' operations,” including web hosts, content delivery networks, DNS providers, VPN providers, web designers, search-based online advertising services, and others.

Financial institutions face similar bans on doing business with the blocked websites. The rulings directly target the defendants' monetary accounts, saying that plaintiffs “shall have the ongoing authority to serve this Order on any party controlling or otherwise holding such accounts” until they have “recovered the full payment of monies owed to them by any Defendant under this Order.” This applies to PayPal, banks, and payment providers in general.

_This story originally appeared on_ _Ars Technica__._

Every ISP in the US Must Block These 3 Pirate Streaming Services

Tata Neu is the country’s latest do-everything app. When users signed up, their personal information was already there.

On April 7, Ranendra Ojha, a marketing professional in the eastern Indian city of Kolkata was looking forward to installing and using the new super app, Tata Neu. Super apps are umbrella mobile applications under which companies offer a bunch of services. But as soon as Ojha installed and signed up for Tata Neu on his phone number, he was appalled to see that this newly launched app already had three of his old addresses along with his full name—details he never shared with the app.

As he dug further, Ojha realized that the app seemed to have pulled data from the grocery app Big Basket, which Ojha uses frequently. Like Big Basket, Tata Neu is owned by the almost 155-year-old Tata Group. One of India’s largest conglomerates and a household name, the Tata Group sells everything from salt to software and recently forayed into the world of consumer tech through a slew of acquisitions.

“Frankly, I was quite shocked that Tata had picked up my personal details from one of the apps they owned and used it for this new app,” Ojha says. “In effect they have shared my personal details with the whole Tata Group companies without my permission.”

Another user based in the southern Indian city of Bangalore was equally shocked when he saw multiple addresses (including the address of his old home, where he doesn’t live anymore) and his date of birth already preloaded on Tata Neu when he signed up for it using his phone number and a one-time password. What he found more perplexing was that his wife’s Tata Neu also had her old office address, which he says they never used for any purpose. “Personally I am a very big fan of Tata Group, and there is trust when it comes to the Tata brand,” says Naren, who requested to be quoted under a pseudonym, fearing backlash from the company. “But that trust is lost when they do these sorts of sneaky things under the name of user experience.”

Tata Neu was launched in the first week of April and has had at least 2.2 million downloads. The app houses all of the company’s brands ranging across industries such as ecommerce, financial services, airline tickets, grocery, medicines, and hotels. But the inclusion of preloaded personal data in a new app means that the Tata Group has managed to save customer data across its online and offline companies and create their profiles. According to privacy advocates, this is problematic because it happened without users giving explicit consent and in the absence of a comprehensive data-protection law in India.

The Tatas, with a market cap of over $300 billion at current exchange rates, have had a strong offline presence across a wide range of sectors. But, until relatively recently, consumer tech remained an untapped market. So a few years ago, in a bid to compete with tech biggies like Amazon and Walmart-owned Flipkart, Tata started building its digital profile by acquiring startups like Alibaba-backed online grocery firm Big Basket and medicine delivery startup 1mg, along with an investment in health-and-fitness startup Cult.Fit.

Some customers of these startups acquired by Tata received an email with updated terms and conditions. Others, including the author of this piece, received no email and are unaware of any other form of notice. And while previous privacy policies of these apps vaguely said that they may share customer data with partner companies or other third parties in the event of an acquisition, experts say it’s the lack of explicit consumer consent coupled with the fact that this is data collected from acquired companies which, according to long-time privacy advocate Nikhil Pahwa, makes it “an ethical failure on the part of the Tata Group.”

“All super apps already do this \[data sharing\] but the difference for Tata Neu is the fact that they have acquired companies and then connected all of this data together,” says Pahwa, founder of digital media portal Medianama. “There is a different threshold of accountability for them, because customers who were using an app or service before acquisition naturally didn’t expect that the data would be linked to data from multiple different apps when an acquisition takes place.”

In response to queries sent by WIRED, a Tata spokesperson defended the company’s business practices and asserted that it is committed to user privacy and security.

“Respecting and safeguarding our customers' privacy is vital to our business at Tata Digital. We take great care to maintain the confidentiality of their information,” the spokesperson said. “Tata Digital complies with, and will continue to comply with, applicable data regulations, both in letter and spirit.”

Last year, WhatsApp—for which India is the largest market—updated its privacy policy to require users to accept sharing their data with its parent company, Facebook (now known as Meta). This led to an outrage among its users, many of whom abandoned WhatsApp (if only temporarily) and moved en masse to other messaging apps like Signal and Telegram.

The Competition Commission of India, India’s antitrust agency, soon initiated regulatory action against WhatsApp for the unilateral changes to its privacy policy on the grounds of abuse of dominance. But antitrust and privacy lawyers say it may be difficult to make the argument of unfair policy terms as a form of abuse of dominance in the case of a new entrant like Neu, because it has a relatively small market share so far. “However, if any of the Tata affiliates hold a clear dominance in the markets that they operate in, then any sort of coercive data sharing with Neu could potentially raise competition law issues for that entity,” says Smriti Parsheera, a tech policy researcher with the think tank National Institute of Public Finance and Policy.

Tata’s data sharing stands against the void of a lack of a comprehensive data protection law in India. The closest thing the country has is now a finalized Data Protection Bill, 2021. But the legislation hasn't been passed and relies on “informed” consent as one of the main grounds of data processing—meaning companies could still bury alerts about how their data could be used under a mountain of legalese while giving people no opt-out beyond not using the service.

“Merely having the new law would not completely solve the problem,” says Parsheera. “But it will create a framework of accountability where the new regulator can take actions, and consumers can seek redress.” The new regulator would also be expected to frame regulations around the tools that can be used to make privacy policies more understandable to users.

Ojha, for one, is not waiting for the Indian government to bring a legal framework for data protection. He decided to delete the app the same day it first resided on his phone’s home screen. “I found it very cumbersome and absolutely zero value addition to me,” he says. “Also, I was uncomfortable that they were using my personal information without my explicit permission.”

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   The race to rebuild the world's coral reefs
*   She was missing a chunk of her brain. It didn't matter
*   You should always question the default settings
*   _Battle Kitty_ stretches the limits of Netflix's tech
*   The rise of brand-new secondhand EVs
*   👁️ Explore AI like never before with our new database
*   🎧 Things not sounding right? Check out our favorite wireless headphones, soundbars, and Bluetooth speakers

India’s New Super App Has a Privacy Problem

The leak of a draft opinion overturning Roe v. Wade quickly sparked a court investigation. Which laws may have been violated, if any, remains uncertain.

The leak of a seismic draft opinion from the US Supreme Court that would overturn _Roe v. Wade_ has somehow managed overnight to elicit roughly equal outpourings of anger from the right and left: The left has rallied to decry a decision that would overturn a 50-year-old cornerstone of reproductive rights. Conservatives, despite the historic victory the ruling would represent for their side, have meanwhile targeted their political outrage at a far more specific individual: the leaker.

Just hours after Politico published a draft of the majority ruling written by Justice Samuel Alito calling the _Roe_ decision "egregiously wrong from the start" and overruling that five-decade-old precedent, figures across the right issued a chorus of calls for the investigation and prosecution of the anonymous source of the "illegal" leak. CBS News went so far as to report—somewhat vaguely—that it expects an investigation “involving the FBI” into the leak's source. And Chief Justice John Roberts has opened an investigation into the disclosure.

But all of that furor is undermined by an inconvenient legal truth: Leaking a Supreme Court decision doesn't actually seem to be a crime—at least not by any clear and undisputed definition. "Right now, it's unclear whether the leaker broke any law at all," says Trevor Timm, a First Amendment–focused lawyer and the executive director of the Freedom of the Press Foundation. "Even the people claiming this act is beyond the pale and the FBI must investigate haven't pointed to a definitive law this leaker allegedly broke."

Timm cites a lengthy Twitter thread published late Monday by the well-known UC Berkeley legal scholar Orin Kerr, who responded to the leak Monday night by pointing out that a Supreme Court draft doesn't meet any of the obvious criteria that would make it an illegal document to hand to a journalist: Most important, it's not classified, so leaking it doesn't open the leaker to prosecution under the Espionage Act. "As far as I can tell, there is no federal criminal law that directly prohibits disclosure of a draft legal opinion," Kerr concluded.

Of course, if the source is someone who hacked into a computer of, say, a Supreme Court justice or law clerk—or swiped the paper off their desk—the leaker could be prosecuted with computer fraud and abuse or theft, Kerr points out. But otherwise, despite the historical rarity of Supreme Court leaks and the politically radioactive nature of this one, Kerr argues there's no slam-dunk argument to federally prosecute the leaker.

Instead, Kerr suggests that any federal prosecutor seeking to make a case against Politico's leaker might have to resort to a far shakier statute, known as 18 U.S.C. § 641. That broad statute forbids the theft or misuse of government-owned "things of value"—a broadly written law seemingly designed at a surface level to prevent embezzlement or graft by those with access to the government's property. But whether it applies to information—and what kind of information, given to whom—remains an open question in federal law, with different circuit courts fundamentally disagreeing in their rulings.

"Legal scholarship provides little clarity regarding § 641’s interpretation; only a few scholars have even recognized § 641’s application to information," reads a _Columbia Law Review_ article about the statute's use for prosecuting leakers, written by Jessica Lutkenhaus, an attorney focused on criminal defense at the law firm Wilmer Hale. "The circuits disagree about whether § 641 applies to information, and, if it does, what its scope is: What information constitutes a 'thing of value'?"

Sharing information is arguably fundamentally different from stealing "a thing of value," Freedom of the Press Foundation's Timm points out. "You can't steal a government Jeep or take something tangible or physical from government offices," Timm says. "But copying something can be construed as different from stealing something. You copy it, and the original thing is still there, and you just leave with papers that didn't exist before."

That ambiguity has led different federal courts to come to contradictory conclusions. A Fourth Circuit court, for instance, found in 1991 that a Department of Defense employee who left the DOD for a job at a defense contractor and took information with him was guilty of violating § 641. But a Ninth Circuit court has come to an opposite conclusion, finding in a 1959 case that "intangible" goods are not covered by § 641. That ruling was later applied in 1988 by the same circuit to the case of an information leaker, a naval officer accused of stealing computer punch cards related to secret encryption information. The court confirmed that the information itself was not covered by § 641—though his appeal was thrown out anyway because he'd stolen the physical punch cards that stored it.

Other circuit courts have come to conclusions somewhere in between, with some finding, for instance, that the § 641 _does_ apply to information leaks but noting that this doesn't extend to those covered by the First Amendment's protections on free speech and freedom of the press—findings with direct relevance to Politico's Supreme Court leaker.

Several of the most notable leakers in history have been charged under 18 U.S.C. § 641, too, including Daniel Ellsberg, Chelsea Manning, and Edward Snowden. But the use of that law was overshadowed by their prosecution under the Espionage Act, since all three were accused of leaking classified secrets, and none set a clear precedent. Ellsberg's charges were dropped due to improper government conduct by the Nixon administration, and Snowden has yet to face trial. Manning was convicted on the 18 U.S.C. § 641 count she faced, but in a military court, not a civilian one.

All of that leaves the legal status of Politico's leaker—if they are identified—far from certain. But any confident argument that they committed a crime is on equally shaky terrain, argues Timm. And that's especially true in a case where the leaker appears to have leaked a document directly to the press, with a clear interest in making the information public.

"Even if prosecutors think 18 U.S.C. § 641 applies, I'd have serious First Amendment concerns with broadly applying it to anyone who leaks a government document to the press," Timm says. "Leaks to the press are as American as apple pie. And, in many cases throughout history, have furthered democracy rather than hindered it."

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

Source

Wired