Today's links

• Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme: Not even a QR code can produce a kissable pig.
• Hey look at this: Delights to delectate.
• Object permanence: Arrested at Toronto G20; Rule by rentiers; Wrong about the First Amendment; Mounties x Stingrays; (EU) Privacy without monopoly.
• Upcoming appearances: LA, Menlo Park, Toronto, NYC, Philadelphia, Chicago, Edinburgh, South Bend.
• Recent appearances: Where I've been.
• Latest books: You keep readin' em, I'll keep writin' 'em.
• Upcoming books: Like I said, I'll keep writin' 'em.
• Colophon: All the rest.

Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme (permalink)

Long before "agentic AI," we had the idea that software would act as your agent on the internet. That's why the old-fashioned technical term for a browser is a "user agent." Your browser acts on your behalf to retrieve information and then show it to you, in the format you choose. It's your agent:

https://pluralistic.net/2024/05/07/treacherous-computing/#rewilding-the-internet

This is a powerful and profound idea. It is because browsers are our "agents" that we expect them to accept our directives, say, by blocking pop-ups, or by turning off autoplay sound, or by blocking commercial surveillance trackers:

https://privacybadger.org/

Your browser does all that because your browser works for you. The reason your browser can work for you is that the web is an open, standardized technology. In theory, anyone who follows the standards published by the World Wide Web Consortium (W3C) can make a browser, and that web browser can connect to any web server. Browsers and servers are interoperable. It's the same force that means you can put anyone's gas in your gas-tank, or anyone's shoelaces in your shoes, or anyone's milk on your cereal.

But what if manufacturers could dictate those choices to you? What if your light socket refused to use a lightbulb unless it was officially blessed by the socket's manufacturer? What if your dishwasher refused to wash your dishes unless you bought them from one of the manufacturer's "dish partners"? What if your toaster refused to toast "unauthorized bread"?

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

It's hard to see how a company could win its market with this strategy. After all, if the dishes are really better than the competition's, you'd buy them voluntarily, without any need for law or technology to force the matter. The only reason to make a dishwasher that refuses a rival's dishes is if the manufacturer's own dishes are ugly, expensive, and/or badly made.

But once a company owns the market – once they've achieved dominance by buying out their rivals; by bribing potential competitors to stay out of their lane; and by engaging in deceptive conduct to trap key suppliers and customers – they could cement their dominance by blocking interoperability, keeping out rival dishes, milk, gas, lightbulbs, shoelaces and bread, capturing their whole market and squeezing it.

That's what Google has done, and that's what Google wants to do more of. Google's commercial behavior has been so unethical, deceptive and abusive that the company just lost three federal antitrust cases:

https://www.bigtechontrial.com/p/google-loses-the-adtech-monopolization

This thrice-convicted monopolist bribed Apple – more than $20b/year – to stay out of the search market:

https://www.eff.org/deeplinks/2025/02/how-do-you-solve-problem-google-search-courts-must-enable-competition-while

They cheated app vendors, ripping them off with sky-high junk fees and onerous conditions that raised prices while lowering the share of your spending that went to the companies whose products you were paying for:

https://www.thebignewsletter.com/p/boom-google-loses-antitrust-case

They cheated advertisers, rigging the ad market to gouge businesses on ad prices and underinvesting to fight rampant ad-fraud, sucking hundreds of billions out of the productive economy for overpriced ads that no one saw:

https://www.justice.gov/opa/pr/department-justice-prevails-landmark-antitrust-case-against-google

Google wasn't always this way. The "don't be evil" company owes its very existence to the open web ecosystem. When the company started to index the web in 1998, it was playing on an open field, where any web server could talk to any "user agent," even one whose user was a startup like Google, that was making a copy of every page on the server.

For years, Google thrived on the open web, and built open technologies. Android – the mobile operating system that Google bought in 2005 – was presented as an "open" alternative to existing mobile offerings, and as the mobile market collapsed into two companies – Google and Apple – Google always presented Android as the open alternative to Apple's "walled garden."

There were always ways in which Google's "open" Android wasn't exactly open. The company engaged in illegal "tying" arrangements that forced hardware vendors and carriers to lock out versions of Android that were created by Google's competitors:

https://ec.europa.eu/commission/presscorner/detail/en/ip_18_4581

In other words, even though Google offered a mobile platform that was (mostly) technically open, they used commercial and legal strategies to choke off the market oxygen for alternative Android versions that tried to capitalize on that technical openness.

But life finds a way. The existence of an open, modifiable, tinkerer-friendly mobile operating system meant Android hackers could create alternatives to Google's (de facto) walled garden, which thrived in the cracks in that garden wall. Operating systems like CalyxOS, PureOS and Graphene offered a more private, more secure Android experience, one that was largely "de-Googled," blocking Google's relentless acquisition of your private data:

https://grapheneos.org/

And Google's data-hunger is relentless. Android exfiltrates a chunk of your personal and behavioral data every five minutes. The "resting heartbeat" of Android surveillance pulses and pulses, irrespective of whether you're using your device, and the instant you unlock your screen, that heartbeat quickens, sending even more data to the company:

https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/

All that data has proved irresistible to authoritarian governments. Donald Trump's enforcers have seized on Google data as a vital source of information about the identity of protesters and the location of migrants hunted by ICE:

https://www.eff.org/deeplinks/2026/04/google-broke-its-promise-me-now-ice-has-my-data

So there are plenty of reasons why users would seek out these de-Googled alternatives to Android, finding them in spite of Google's illegal commercial tactics to block access to competing technologies. The worse it got, the better those alternatives looked.

Perhaps this explains Google's years-long effort to increase the technical barriers to using modified versions of Android, beefing these up to match the commercial restrictions that stand in the way of a de-Googled existence.

Back in 2023, Google floated the idea of "Web Environment Integrity" (WEI), a set of modifications to web standards that would force your computer to disclose its operating environment to the web servers it connected to, even if you objected to this disclosure:

https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai

WEI was a form of "remote attestation." That's when your device uses a sub-processor (sometimes called a "Technical Protection Module" or "TPM") or a walled off part of its main processor (sometimes called a "secure enclave") to produce a cryptographically signed description of your device and its configuration: which hardware, software, plug-ins and settings you're running.

When you connect to a server, it demands that your device send this "attestation" before it handles your request. If your device won't provide this data, or if the server doesn't like (or recognize) your device and its details, it can refuse to deal with you. And because the attestation is prepared by a TPM or a secure enclave that you can't modify or override, you don't get to decide which facts about your device it's allowed to see.

Practically speaking, this means that remote attestation lets a server refuse to deal with you until you turn off your ad-blocker and your tracker-blocker. It means that the server can discriminate against users who block auto-play sound and video, who block pop-ups, who put the tab in the background when it's playing a mandatory pre-roll ad.

WEI was especially disturbing in light of Google's efforts to kill ad-blockers and privacy blockers through updates to Chrome, an effort that continues to this day:

https://protonprivacy.substack.com/p/google-is-finally-killing-ublock

These blockers are an important part of the dynamic between web publishers and their users. In the real world, when you get an offer, you can make a counter-offer. That's all an ad-blocker is: a way for users to respond to a server whose opening bid is, "How about you give me all your data and let me take over your computer in exchange for showing you this page?" with "How about 'Nah?'"

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

We didn't get rid of pop-up ads by making them illegal, or by boycotting advertisers who used them. We got rid of pop-up ads when web users installed pop-up blockers, which made pop-up ads pointless. Take away our ability to block obnoxious digital content and you guarantee that we will be flooded with it.

These kinds of modifications aren't just used to block ads – they're also key to accessibility. People who have photosensitive epilepsy or who (like me) suffer from low-contrast vision problems use add-ons to reformat pages so that we can safely and legibly access them.

WEI's creators said they were only trying to put the web on a level playing field with apps, which routinely rat you out to the companies you connect to. Apps are a source of bottomless enshittification, not least because (unlike the web), they enjoy special, dangerous legal protections that make it very legally risky to modify them:

https://pluralistic.net/2025/07/31/unsatisfying-answers/#systemic-problems

WEI wasn't an effort to level the playing field between apps and the web – it was a race to the bottom, an attempt to make the web as enshittogenic as the app hellscape.

Public outrage to WEI killed the project, but Google's commitment to augmenting its illegal commercial lockdown efforts with technical lockdowns never ended. Now, Google has rolled out an experimental "reCAPTCHA Mobile Verification" that uses an app, your camera, and your device's TPM or secure enclave to produce an attestation about your Android device:

https://support.google.com/recaptcha/answer/16609652

This will make it much easier for the apps and other services you interact with to block your device if you run an Android alternative, or if you install a mod that overrides the actions of Google's stock Android:

https://www.reddit.com/r/PrivacySecurityOSINT/comments/1tbdjbj/privacy_concerns_around_googles_recaptcha_mobile/

This is a terrible idea – it's every bit as bad as WEI was. In an age in which Big Tech is ever-more tied to authoritarian governments, redesigning our devices to tell strangers things we don't want them to know isn't just shortsighted, it's inexcusable.

Hey look at this (permalink)

• Jane Yolen, 1939-2026 https://floggingbabel.blogspot.com/2026/06/jane-yolen-1949-2026.html

• Enshittification Merch That Actually Fights Enshittification https://www.eff.org/deeplinks/2026/06/enshittification-merch-actually-fights-enshittification

• Amy Casey https://www.amycaseypainting.com/

• CrankGPT https://squeezlabs.github.io/handcrank/

• Barns. Also, "Barns." https://rickperlstein.substack.com/p/barns-also-barns

Object permanence (permalink)

#20yrsago Images from anti-DRM protest at the San Fran Apple Store https://www.flickr.com/photos/quinn/tags/drmprotest/

#15yrsago Reasons people were arrested at the Toronto G20 https://memex.craphound.com/2011/06/11/reasons-people-were-arrested-at-the-toronto-g20/

#15yrsago Paul Krugman: Rule by rentiers favors billionaires, Chinese bond-holders over jobs and homeowners https://www.nytimes.com/2011/06/10/opinion/10krugman.html?_r=1

#15yrsago Ontario publicly funded Catholic school bans rainbows, appropriates student donations for LGBT cause and gives them to Catholic charity https://web.archive.org/web/20110610125236/https://www.xtra.ca/public/Toronto/Rainbows_banned_at_Mississauga_Catholic_school-10262.aspx

#10yrsago How to be less wrong about the First Amendment https://web.archive.org/web/20160611221927/https://popehat.com/2016/06/11/hello-youve-been-referred-here-because-youre-wrong-about-the-first-amendment/

#10yrsago Mounties used Stingrays to secretly surveil millions of Canadians for years https://web.archive.org/web/20160610182607/https://motherboard.vice.com/read/the-rcmp-surveilled-thousands-of-innocent-canadians-for-a-decade

#5yrsago Privacy Without Monopoly, EU edition https://pluralistic.net/2021/06/11/technological-self-determination/#dma

Upcoming appearances (permalink)

• LA: The Reverse Centaur's Guide to Life After AI with Brian Merchant (Skylight Books), Jun 19
  https://www.skylightbooks.com/event/skylight-cory-doctorow-presents-reverse-centaurs-guide-life-after-ai-w-brian-merchant

• Menlo Park: The Reverse Centaur's Guide to Life After AI with Angie Coiro (Kepler's), Jun 21
  https://www.keplers.org/upcoming-events-internal/cory-doctorow-2026

• Toronto: The Sovereignty Debate (IAB Canada's State of the Nation), Jun 23
  https://iabcanada.com/state-of-the-nation-2026

• Toronto: TBA, Jun 23

• NYC: The Reverse Centaur's Guide to Life After AI with Jonathan Coulton (The Strand), Jun 24
  https://www.strandbooks.com/cory-doctorow-the-reverse-centaur-s-guide-to-life-after-ai.html

• Philadelphia: The Reverse Centaur's Guide to Life After AI with David Williams (Fitler Club/Philadelphia Citizen), Jun 25
  https://www.eventbrite.com/e/cory-doctorow-book-event-tickets-1990110326559

• Chicago: The Reverse Centaur's Guide to Life After AI with Rick Perlstein (Exile in Bookville), Jun 26
  https://exileinbookville.com/events/50628

• Edinburgh International Book Festival with Jimmy Wales, Aug 17
  https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales

• South Bend: An Evening With Cory Doctorow (Notre Dame), Oct 6
  https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/

Recent appearances (permalink)

• The Enshittification of Life, the Universe, & Everything (Luke Savage)
  https://www.lukewsavage.com/p/the-enshittification-of-life-the

• Cory Doctorow's digital jail-break (DW In Focus)
  https://www.dw.com/en/cory-doctorows-digital-jail-break/audio-77414035

• Why the Internet Got Worse and What to Do About It (Jim Rutt) (RIP)
  https://www.jimruttshow.com/cory-doctorow-3/

• On Enshittification – and what can be done about it (Re:publica)
  https://www.youtube.com/watch?v=KhINQgPMVSI

• EFFecting Change: How to Disenshittify the Internet (EFF, with Wendy Liu)
  https://archive.org/details/effecting-change-enshittification

Latest books (permalink)

• "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce

• "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
  https://us.macmillan.com/books/9780374619329/enshittification/

• "Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).

• "The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).

• "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).

• "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).

• "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.

• "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

• "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

• "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

• "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

• "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027

• "The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Third draft completed. Submitted to editor.

• "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

• "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

• A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Cue the song “It’s a Small World” as background music for today’s terrific announcement. We’re very pleased to share with you that OmniOutliner 6.2 is available today (universal across all platforms), now with localizations in Dutch, French, German, Italian, Japanese, Korean, Portuguese, Russian, Simplified Chinese and Spanish. Or should we say, “now with localizations in Deutsch, Español, Français, 日本語, Nederlands, Italiano, Русский, 简体中文, Português do Brasil and 한국어”?

“Great things often begin with outlines” is true in any language. Outlines help clarify ideas, develop concepts, and stay organized amongst interruptions and chaos. This is all true anywhere in the world—but a powerful, helpful tool for outlining is a much better experience when it’s available in one’s own native language. We localize all of our apps, and it’s gratifying each time.

For us, localizing our software isn’t just a checkbox: it’s an expression of our values. We value people, respect our international neighbors, and encourage listening to each other with humility. They say to put your money where your mouth is, but what they don’t tell you is how great that really feels: to dedicate resources in a way that aligns with your values and mission.

Now that OmniOutliner 6 is a universal purchase across the Mac, iPad, iPhone and Apple Vision Pro, it’s especially fitting to have it localized across all of these languages. Our OmniOutliner 6 customers can now experience—in native tongue—the new design, visually refreshed with beautiful Liquid Glass design elements and a modernized look and feel; the new smart Dynamic Themes; the ability to open and work with concurrent multiple windows of the same document; Omni Automation with plug-ins to access Apple Intelligence language models; plus our groundbreaking Omni Links.

You can read more detail from our OmniOutliner 6 introduction blog post and the OmniOutliner product page. To get started with a free two-week trial that unlocks OmniOutliner 6 across all your devices, simply install OmniOutliner 6 on any device and sign into your Omni Account.

Here’s to keeping your thoughts in order, and the great things you’ll begin with an outline!

If you have any feedback, I’d love to hear from you! You can find me in the Mastodon corner of the Fediverse at @kcase@mastodon.social, or send me email at kc@omnigroup.com.

Our radio station project, 9128.live is still alive and kicking. Crazy to think it’s been 6 years now since we launched. I recently stumbled into someone at a show who was with us for our all-weekend takeovers during the pandemic era, and he said it helped him get through one of the hardest times of his life. It was very humbling to hear, and despite rarely hearing these comments, it’s one of the reasons I still keep this thing alive.

I’m quietly updating music in the background on the station - of course, ASIP music is easy for me to keep updated in rotation, and a few other labels keep on top of things with new releases. without much fanfare.

Here are a few key updates that you might have missed:

New label partners

In the past year or so, we’ve added three amazing catalogs into rotation, including Quiet Details (just this week), Never Late, and Analog Attic. Between these 3 labels alone, we’re hosting some of the most majestic music to hit our ears in recent years. I’m also adding some one-off artist music into rotation, as some listeners get in touch with their own music that fits.

Memberships

We had a membership that enabled paying users to access unreleased and exclusive sets. I let this dwindle for far too long, so I’m sorry to anyone who kept going with it. But I’ve now canceled it fully as I don’t see the time or space to make this worthwhile right now. Thank you to everyone who helped us keep the station going with their contributions.

Listening apps

Not new news, but very importantly, we have both iOS and Android apps that enable you to listen to the stream, and they also host the isolatedmix series as a podcast too. A few other bells and whistles to check out too. Links to the apps here.

Sonos

One of my favorite ways to listen is actually through Sonos (at night) and it’s not too easy to make that happen. But essentially, you need to add the stations custom listen URL into your TuneIn app (once downloaded), then add the TuneIn Service to Sonos, and it should then show in your faves. See here for more ways to listen.

The 9128 label

When we had regular weekend takeovers, artists were preparing sets for their slots, many of which were original, so we decided to release some of these sets and begin the label. Check out the releases here, by Jo Johnson & Hilary Robinson, Gailes, 36 and Ameeva. With no pipeline for original releases, the label is on a bit of a hiatus, but I hope to spin this up again one day and may open up the catalog to live releases in general.

The future

Being transparent, the radio costs thousands of dollars to run and host each year. For now, it’s an investment and a bit of a vanity project because I use it so much myself. So a big thank you to everyone who donates to help with this cost. I hope I get to spend more time on the project in the near future, and bring back proper programming and weekend takeovers again. Until then, I’m doing my best to keep the lights on and keeping 24/7 ambient and electronic music flowing.

Thanks for tuning in.

https://9128.live/

A software update to some Amazon delivery vehicles is automatically turning off the air conditioning after a few seconds if the driver is not in their seat, according to multiple Amazon delivery drivers who are complaining about the update online. 

According to Amazon delivery drivers, the new update is for the Amazon EDV (electric delivery vehicle), the custom-built Rivian van. Delivery drivers say that this update automatically turns off the air conditioning in the van if the driver is not in the vehicle for more than 30 seconds. Drivers are complaining about the update as the start of the summer season, which can be particularly difficult and dangerous for delivery drivers. 

“As many of you are aware, the EDVs just got a software update where if you are out of your seat for 30 seconds with the side door open, the AC switches off,” one Amazon delivery driver said in an online forum for drivers. “We all hate this obviously.”  

When reached for comment an Amazon spokesperson said that the premise of my questions to the company was inaccurate, but conceded that the van will turn off the AC after 30 seconds under certain conditions that are commonplace during Amazon delivery shifts.  

“Rivian recently released a software update for Electric Delivery Vehicles that actually extends climate control for drivers,” the Amazon spokesperson said. “As a result, the AC now runs for up to 10 minutes after a driver exits the vehicle, ensuring a cool cabin when they return. The timer resets at every stop. The AC only shuts off if the driver sliding door is left open for more than 30 seconds — a battery conservation measure.” 

Amazon delivery drivers discussing the update online say that they are getting in and out of the van so frequently, and are spending most of their time out of the van delivering packages, that the update makes it harder to keep the van cool. 

“Thing is we are up and about waaaay longer than we are driving so the ac turns off and when it turns on again we are already getting up before im the air is even cold,” one driver said. “It effectively made the ac not work and those vans get hot as fuuuck.”

"Every Amazon-branded vehicle is air-conditioned—a feature that exceeds the industry standard—and if the air-conditioning isn’t working in a vehicle, that vehicle is taken out of service immediately," the Amazon spokesperson said. "They also have cooling seats for drivers. This update was intentionally timed ahead of summer to improve driver comfort during the hottest months of the year. Driver safety and comfort in extreme temperatures remains a priority. If drivers have questions about this change, they should touch base with the DSP they work for - as details about this change were shared with them."

Older delivery trucks may not have air conditioning or have air conditioning that breaks often. Delivery drivers for UPS, who are represented by the Teamsters union, negotiated a heat safety agreement with the company in 2023. Amazon has publicly outlined its strategy for keeping all its workers, including delivery drivers, safe during the heat, including using an app to ask drivers to take 10-minute break from the heat by resting in a cool place and drinking water, but Amazon delivery drivers are managed by a nationwide network of subcontractors who drivers say don’t always maintain those standards. 

As you’ve probably seen in your own neighborhood, delivery drivers will often park their vans wherever they can and deliver packages to multiple addresses on the same block. Amazon automatically turning off the air conditioning while they are out of the van delivering packages means the van can get hot again by the time they get back. As Amazon delivery drivers have to make frequent stops, it’s not hard to imagine why drivers would complain about Amazon automatically shutting down the AC, which makes it more difficult to cool down between stops. 

Depending on which chatbot you ask, Elias Thorne might be a clockmaker, a lighthouse keeper, or a librarian. But if you ask ChatGPT or any of the other popular large language models to tell you a story, there’s a good chance he’ll appear, unbidden. And Elias’s stories are flooding the self-published AI generated book market, Youtube, and fake news sites.

Software engineer Daniel May first noticed the Elias takeover earlier this year; he found that on Google Trends, people weren’t searching for “Elias Thorne” until late 2025. Searches for the name really spiked in early 2026, while the related query “lighthouse keeper” also started trending upward in the last few years. He tested a few chatbots, including Grok, Deepseek, and Gemini, with the prompt “tell me a story,” and the chatbots frequently started with similar stories about lighthouses, clockmakers, or explorers. 

In late May, researchers Sil Hamilton and David Mimno at Cornell University’s Department of Information Science published their paper, “Elias in the Lighthouse, Again?” on the preprint repository arXiv. They sampled 20,000 total stories from OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini, and the Allen Institute for AI's chatbot using five prompts, and found that the same 11 words—names like Elias, Mara, and Elara, and occupations like lighthouse keeper, clockmaker, and librarian—appear in more than 88% of generated stories, with little difference between models. Unite.ai covered the study shortly after it was published.

The researchers posit in their paper that these themes show up so often in part because of the models’ safety and alignment tuning. “Model development today is like a big family tree. Most models are related to each other because developers synthesize a lot of training data with models even from different companies,” Hamilton told me in an email. He, Mimno, and their colleague Rebecca M. M. Hicke found this in a 2025 paper where they looked at specific words used across models. OpenAI’s first ChatGPT model, GPT-3.5, is the root of the family tree because it was used to make WildChat, a training set that’s since been used to make other training sets. “WildChat contains 1 million real conversations with ChatGPT, and 166 of these contain the name ‘Elias’ like here and here,” Hamilton added. “These are written in that familiar ‘lighthouse’ style. Models trained on WildChat copied this style, and developers unwittingly replicated it when using those models to generate newer datasets. It's like a virus.” 

Elias has since escaped chatbot containment. May noticed Elias Thorne popping up on Amazon as an author of alt-medicine cancer handbooks, a 2026 YouTube-algorithm guide, a book on Greek mythology, and a psychological thriller novella. “No human writes all of those,” May wrote in his blog post. “The first one sits in territory where bad advice causes real harm. The mode-collapsed name from the chat window is now a byline appearing across genres.”

When I searched Elias Thorne on Amazon, I found Elias as the protagonist in fantasy books and producing music, too: he’s “a brilliant but cynical archaeologist with a knack for unearthing what powerful institutions want to keep hidden” in one fantasy series, or a musical artist making ambient listening albums of birds and nature sounds. Fittingly, one Elias Thorne with an AI-generated author photo is also churning out AI grift books. In the last few years, AI-generated books have flooded Amazon’s self-publishing offerings, especially, with books containing dangerous misinformation and messy errors taking over the platform. AI-generated books are also making librarians’ jobs hell.

Elias has also escaped to the Youtube slop world: in one video from the channel Moments That Moved the World, a slop-illustrated story features the plight of “83-year-old Sergeant Major Elias Thorne.” On the AI slop site Wonderful Museums, “Snake Museum Owner Shot By Wife: Unpacking the Tragic Incident at Thorne’s Reptile Sanctuary” spins Elias Thorne’s story as a man shot by his wife. On another slop site called Tatticle, the “wealthiest man in Ohio,” Elias Thorne, died “with exactly twelve dollars in his pocket.” In these stories, Elias is usually a tragic figure, an aggrieved and unfairly-treated old man. He’s a similar character in a short story published by the BBC as a finalist in its 2024/2025 children's writing competition—but Elias is a real name, and could feasibly still be the subject of a human-written story (and there have been no accusations of the BBC’s children’s writing competition being infiltrated by AI slop).

But with all the world’s literature as its training data, why do LLMs seem to default so often to the lighthouse? It comes down to how model makers try to safety-align and sanitize their outputs. “We found many stories in WildChat are not safe for work. This led us to hypothesize that models going through alignment are preferring a small slice of WildChat stories, like a bottleneck,” Hamilton said. “It isn't that Elias stories are frequent, but that they're just so safe.” He said the researchers plan to explore this theory further in future research.

As for Elias, there is one example I’ve found of him existing pre-generative AI, as a time traveling mad scientist in the 1980’s trading card series Dinosaurs Attack!. And a real-life Elias that comes close to the stories told by LLMs did actually exist, Hamilton found—Elias Allen was a 16th century clockmaker in London.

For months during the summer of 2024, Jarmarus Brown, an Orange City, Florida police officer, ran his ex-girlfriend's license plate through the Flock automated license plate reader (ALPR) system lookup database at least 69 times. He searched for the license plate belonging to her mom at least 24 times, and searched for the license plate belonging to her dad at least 15 times. Brown’s searches were happening so often, and were so commonplace, that even one of his colleagues noticed Brown researching his ex-girlfriend's whereabouts while the law enforcement officers sat in their police cruisers, according to court records obtained by 404 Media.

“While they were sitting there, Officer [Shadrich] King noticed Jarmarus was on the Flock system and a license plate reader image of [Brown’s ex-girlfriend] was on the screen,” a police affidavit about Brown’s behavior obtained by 404 Media reads. “Officer King said he mentioned to Jarmarus that he needed to stop running her vehicle in that system because he could get in trouble. Jarmarus responded saying that he knew that, and he was going to stop.” Flock’s automated license plate readers document every car that drives past them, creating a broad network of people’s movements around the country. Police can then look up license plates to learn where a specific car and, by extension, person, has traveled over time. 

On another occasion, Brown told King that he believed his ex was lying about her whereabouts. She “told Jarmarus she was at her house with her mother, but Jarmarus knew for a fact she was not. When questioned by Officer King as to how he knew for a fact she was lying, Jarmarus said he used the Flock system and saw that her vehicle was elsewhere,” the affidavit reads. “Jarmarus then asked Officer King if he wanted to join him on a ‘stakeout’ to try to see where her vehicle was located.” 

According to Brown’s ex-girlfriend, while they were dating he would “constantly require [her] to either be on FaceTime with him or be on the phone with him, even while she was working […] Jarmarus would try to control aspects of [her] life, such as the amount of makeup she would wear and the length of her fingernails.” According to the affidavit, Brown’s stalking extended beyond license place lookups; at one point while they were dating, he put an Apple AirTag in her wallet. But the bulk of his surveillance came through Flock, the affidavit says, noting that he kept “randomly showing up at the places she was at.” 

The affidavit states Brown told investigators that “he would occasionally run her tag through Flock to track her whereabouts” because he believed she was lying to him. “It was dumb as hell on my end, emotions flowing, mind going,” he told investigators. The investigators ultimately determined Brown “knowingly and intentionally accessed the password protected computer systems, Flock and DAVID [a Florida DMV vehicle information database], to run the license plates of vehicles [she] frequently drove, for his own personal reasons. There was no work related, justifiable, reasons to do so, other than to track [her] whereabouts.” Brown was ultimately charged with stalking and hacking-related charges; he served one day in prison and was sentenced to five years of probation. 

Brown’s case was not a one-off. Local news reports from around the country repeatedly detail police abusing the Flock surveillance systemic order to stalk their partners or ex-partners. The contours of each story are much the same, with the police officer in question using their access to the system to repeatedly track a specific person over the course of weeks or months. The cases highlight the fact that Flock can be used to track the whereabouts of individual people, that police do not get a warrant in order to use the system, and that, if they have access to the system, they have the technical ability to look up any license plate they want for any reason they want. An April study by the civil rights group Institute for Justice found that at least 18 police officers have been caught around the country using Flock to stalk a romantic interest in the last few years; another database, called the ALPR Abuse Library, has documented 20 specific cases of “stalking/targeting” around the country.

The known cases of police stalking are almost certainly a vast underreporting of the overall abuse, because they largely include only cases in which the behavior was so egregious that it led to police officers being fired, arrested, or both.

Flock told 404 Media that it is “aware of 15 incidents of abuse, each surfaced because of the transparency and accountability features deliberately built into our platform.” 

“There are also 140,000 monthly active users of Flock, so the relatively rare instances of abuse, while obviously wrong and awful, are exactly that—rare,” a Flock spokesperson told 404 Media. “Humans are fallible; unlike most tools society provide law enforcement, Flock ensures that in the instances when our technology is misused, the evidence used to hold responsible parties accountable, is right there in our system. We also encourage all our customers to have a usage policy, regular training, and to implement our Audit Assistance tool, which proactively flags unintended use.”

It is definitely the case that Flock’s audit tools have proven useful in holding police accountable, because journalists, activists, and concerned citizens from around the country have pored through Flock audit logs that they have obtained through public records requests to document abuse. But it is also the case that Flock has strenuously fought against lawsuits and potential regulations that are seeking to require police to get a warrant to use the system. And many cases of abuse have not been detected by police departments themselves but by those private citizens, journalists, and stalking victims who have found patterns of abuse in public records files they have obtained from their local police departments. In most cases of Flock-related stalking reviewed by 404 Media, the abuse occurred over the course of months or years, and the victims were subjected to dozens or hundreds of lookups.

Other abuse cases have been discovered using the website HaveIBeenFlocked.com, a website that compiles Flock searches released via public records requests and turns them into a searchable database. Flock has repeatedly tried to get that website taken down, as we have previously reported.

In Wisconsin, a stalking victim checked her own license plate on HaveIBeenFlocked.com and learned that City of Milwaukee Police Officer Josue Ayala had searched her license plate more than 100 times. After reporting this alleged abuse to the police, the agency ran its own audit and learned that Ayala had also searched the license plate of a second victim 124 times in a two-month span last year, according to court records. Each time, Ayala simply listed “investigation” as the reason  for his search. In another alleged abuse case in Idaho, the police chief used Flock to allegedly stalk his wife using the reason “test” in the Flock system.

A citizens’ anti-surveillance organizing group, called Deflock Joplin, found anomalous searches by a police officer in Joplin, Missouri, last year. Using Flock audit logs they obtained using a public records request, they found one single license plate that was searched by one specific police officer 395 times in a 10-month span in 2025; they found that a second plate had been searched 147 times (the police officer’s name was redacted in the records).

“The activity presented here is startling and damning,” Deflock Joplin wrote in a blog about its investigation. “One user's account at JPD has surveilled people for around a year without detection. We see no conceivable way the Joplin Police Department is auditing these logs. This activity was blatant and obvious if anyone had bothered to take a look. We were able to find this data, file records requests, create a website, and share them in our spare time […] This system must be removed or severely curtailed to protect residents and their privacy.”

Soon after Deflock Joplin shared its findings with the city, the police officer in question was fired: “During that investigation, it was found that this single Joplin Police Officer did violate the policy regarding department equipment and systems,” the city wrote in a press release. “Any misuse of the Flock system or any other Joplin Police resource will not be tolerated, and discipline will be administered swiftly and in accordance with policy.”

In Orange City, Florida, Brown’s ex suspected she was being stalked and spoke to a friend within the police department, who told her that Brown “used law enforcement databases to track her whereabouts.” She then made a stalking complaint, which started the investigation, according to the affidavit. 

In Coffee County, Georgia, officer Chris Rozar was charged with eight crimes, including computer invasion of privacy, prohibited use of captured license plate data, and stalking, because he allegedly “did knowingly misuse the Coffee County Sheriff’s Office Flock Law Enforcement Camera System and Tag Reader System […] for the purposes of stalking,” and that he “did follow, track, and surveil [the victim] throughout multiple locations in Coffee County, without the consent of said person, for the purpose of harassing and intimidating said person.” This case, too, was not discovered through Flock’s auditing tools: “The investigation began about two years ago after a woman came forward with allegations that Rozar had [been] stalking her,” a press release about Rozar’s arrest reads. 

In Bonner Springs, Kansas, a police officer allegedly used Leonardo-brand license plate reader cameras to stalk his ex wife as part of a horrifying and extensive hacking and spying campaign; the officer was also found to have beastiality and child sexual abuse material on his devices.

There are more than a dozen other cases from around the country where the story is much the same; a police officer stalks their partner or an ex for months before ultimately getting caught and fired or arrested. These cases repeatedly show that, because there are few limits on what police can use Flock for, they are often able to abuse the system for months or years before being caught. 

Many of the known cases of police abuse were only discovered after the victim reported being stalked or after data crunching by journalists or local government transparency groups; many of the cases of abuse happened over the course of months. 404 Media is also aware of several instances in which an officer improperly used Flock and was simply warned or made to take leave, which did not rise to the level of being arrested or fired. 404 Media is also aware of at least one case that has not yet been reported in the media; in Dunwoody, Georgia, several police officers were fired or made to resign for improperly researching people through the Georgia Crime Information Center, a state database. At least one of the fired officers also improperly searched the city's Flock cameras, according to an internal investigative report shared with 404 Media by Jason Hunyar, a Dunwoody resident who has been investigating Flock. Dunwoody has a very close relationship with Flock and the company used Dunwoody as a demonstration for other police departments during sales pitches until Hunyar discovered that the company was accessing cameras in a children's gymnasium during these sales pitches.

“The fundamental problem with these systems is that they place private information about people’s movements over time in the hands of every officer,” Michael Soyfer, an Institute for Justice attorney, said in the organization’s report. “Without the constitutional safeguard of a warrant requirement, that predictably allows officers to abuse their access to these systems for things like stalking romantic partners.”