The DNA of 15 Million People Is For Sale - The 404 Media Podcast

Summary5 min read

Summary of "The DNA of 15 Million People Is For Sale" – The 404 Media Podcast

Release Date: March 26, 2025
Host: 404 Media (Joseph, Sam Cole, Emmanuel Mayberg, and Jason Kebler)

1. Introduction to 23andMe and Its Bankruptcy

The episode delves into the alarming news that 23andMe, a leading consumer genetic sequencing company, has filed for bankruptcy. Jason Kebler introduces the topic by explaining 23andMe's role in popularizing DNA testing as a Christmas gift, allowing users to discover their ancestry and genetic predispositions.

Jason Kebler [01:04]: "It's a direct consumer genetic sequencing company. Still is. It's still operational."

2. Genetic Data Privacy Concerns

The hosts discuss the long-standing concerns over genetic data privacy. Jason reminisces about a 2016 panel at South by Southwest where the potential misuse of genetic databases by law enforcement was a hot topic. He references the Golden State Killer case, where law enforcement used GEDmatch (a genetic database) to identify the perpetrator through his family's DNA.

Jason Kebler [03:15]: "They were able to identify him. And I think that it's one of those things where we often talk about really extreme cases when we talk about privacy."

3. Law Enforcement's Access to Genetic Databases

The conversation shifts to how law enforcement agencies are leveraging genetic databases like 23andMe and Ancestry. Jason highlights that these databases are valuable for solving serious crimes but raises concerns about potential misuse.

Sam Cole [05:29]: "It's like Google collects all of this data, and then the FBI or whoever are like, we're going to give you a court order... it's just for genetic information, basically."

4. Bankruptcy Due to a Credential Stuffing Hack

A critical revelation is that 23andMe's bankruptcy stems from a severe security breach. In late 2023, a credential stuffing attack compromised 7 million users' genetic information, primarily targeting Ashkenazi Jewish and Chinese DNA profiles. This breach led to over 50 class-action lawsuits and 35,000 arbitration demands, overwhelming the company's financial standing.

Jason Kebler [12:03]: "23andMe got hacked in at the end of 2023... 7 million people had their information leaked."

5. Implications of 23andMe's Bankruptcy

With 23andMe bankrupt, its vast genetic database is up for sale. The uncertainty surrounding potential buyers raises significant privacy concerns. Possibilities range from multinational conglomerates to surveillance-focused entities, leaving users apprehensive about the future of their genetic data.

Jason Kebler [11:45]: "It's something that we'll keep an eye on for sure."

6. Personal Reflections and Broader Impacts

Emmanuel Mayberg shares personal experiences related to genetic databases, including a story where the FBI seized his personal genetic data during investigative reporting. Both Jason and Emmanuel express deep concerns about the permanence and vulnerability of genetic information once submitted to such companies.

Emmanuel Mayberg [21:07]: "I feel like Jason and I have had... I'm already in it. I'm already in it."

7. Preventive Measures and Recommendations

The hosts advise listeners on protective steps, such as deleting their genetic information from 23andMe, especially residents of California who are covered under stringent privacy laws. They emphasize the importance of using unique passwords and password managers to mitigate the risks of credential stuffing attacks.

Sam Cole [16:29]: "There's absolutely ways to protect against credential stuffing even if your users have made the unfortunate mistake of reusing a password."

8. Introduction to the DogeQuest Doxxing Incident

Transitioning to a second major topic, the podcast addresses the emergence of DogeQuest, a website allegedly doxxing Tesla owners across the U.S. Sam Cole describes discovering the site, which maps Tesla superchargers and dealerships, displaying personal information of Tesla drivers alongside Doge (the meme dog) imagery.

Sam Cole [31:02]: "There's names, there's email addresses, there's phone numbers... it's a very tongue in cheek way of doxing these people."

9. Verification and Public Reaction

Jason and Sam investigate the authenticity of the DogeQuest data, finding that while some information was accurate, the origins of the data remain unclear. They highlight the broader context of heightened anti-Tesla sentiments and protests, raising concerns about targeted intimidation and surveillance.

Jason Kebler [37:20]: "It clearly was created to like intimidate Tesla, Tesla owners, et cetera."

10. Law Enforcement Techniques in Protesting Incidents

Further discussion reveals how law enforcement has been employing technologies like Automatic License Plate Readers (ALPRs) to track and apprehend individuals involved in anti-Tesla vandalism and protests. The classification of such acts as domestic terrorism allows for more invasive surveillance and harsher sentencing.

Jason Kebler [43:01]: "They were very, very interesting because it combined a lot of technologies and surveillance strategies."

11. Conclusion and Future Coverage

The episode concludes by promising continued coverage of both the 23andMe bankruptcy and the DogeQuest situation. The hosts urge listeners to stay informed and consider the profound implications of data privacy in the age of genetic sequencing and digital surveillance.

Sam Cole [47:20]: "This has been 404 Media. We will see you again next week."

Notable Quotes:

Jason Kebler [01:04]: "It's a direct consumer genetic sequencing company. Still is. It's still operational."
Sam Cole [05:29]: "It's like Google collects all of this data, and then the FBI or whoever are like, we're going to give you a court order... it's just for genetic information, basically."
Emmanuel Mayberg [21:07]: "I'm already in it. I'm already in it."

Key Takeaways:

Privacy Risks: The sale of 23andMe's genetic database poses significant privacy risks, as genetic information is immutable and deeply personal.
Law Enforcement Utilization: Genetic databases are increasingly used by law enforcement to solve serious crimes, raising ethical and privacy concerns.
Security Vulnerabilities: The credential stuffing attack on 23andMe underscores the vulnerability of genetic databases to cyberattacks, necessitating robust security measures.
Surveillance Technologies: Tools like ALPRs are being actively used to monitor and apprehend individuals involved in targeted protests and vandalism, blurring the lines between security and privacy.
User Responsibility: Individuals are encouraged to take proactive steps to protect their genetic data, including deleting information from compromised databases and using unique passwords.

This comprehensive summary encapsulates the critical discussions from the episode, providing listeners—both existing and new—with a clear understanding of the pivotal issues surrounding genetic data privacy, law enforcement practices, and the implications of emerging surveillance technologies.

Loading summary

Transcript48 lines

[00:01]
Joseph
This episode is brought to you by Lifelock. It's tax season and we're all a bit tired of numbers, but here's one you need to $16.5 billion. That's how much the IRS flagged for possible identity fraud last year. Now here's a good number. 100 million. That's how many data points Lifelock monitors every second. If your identity is stolen, they'll fix it, guaranteed. Save up to 40% your first year@lifelock.com podcast terms apply.
[00:34]
Sam Cole
Hello and welcome to the 404 Media Podcast, where we bring you unparalleled access to hidden worlds, both online and IRL. 404 Media is a journalist acting company and needs your support. To subscribe, go to 404 Media Co as well as bonus content every single week. Subscribers also get access to additional episodes where we respond to their best comments. Gain access to that content at 404 Media co. I'm your host, Joseph, and with me are 404 Media co founders Sam Cole.
[01:05]
Emmanuel Mayberg
Hello.
[01:06]
Sam Cole
Emmanuel Mayberg.
[01:07]
Joseph
Hello.
[01:09]
Sam Cole
And Jason Kebler.
[01:10]
Jason Kebler
Happy baseball season, everyone. Opening day tomorrow.
[01:15]
Sam Cole
Are we going to become a sports podcast? I think literally the least qualified person on the entire planet. Well, Jason, we're going to start with you. This is one you wrote. The headline is DNA 15 million people for sale in 23andMe bankruptcy. I mean, that is a nightmare headline. I want to step back first a little bit, and I'm sure many people have heard of 20freeandMe, some of these similar companies, but for those who don't know what is, or I guess, guess was 23andMe.
[01:59]
Jason Kebler
I mean, it was a direct consumer genetic sequencing company. Still is. It's still operational. I think probably most people know what it is right now because it's become such a popular Christmas gift for people to do a DNA test and see what percentage of, like, North Ireland you're from. Like, a lot of that. There was, like, a period where it was a very hot Christmas gift. And this is something that I have been railing about for years because I actually went on a panel at south by southwest in, like, 2016, possibly about genetic data privacy. And on that panel, someone from 23andMe was there, someone from the FBI was there, and then a genetic artist was there. And we're sort of talking about, like, what can happen if your genetic data is in one of these really massive databases. You know, there's been some, like, interesting art projects over the years where, like, people would make portraits of people based on their art on DNA that they had harvested from them. Like they would take a strand of hair, sequence the DNA and then make like a portrait of it. And that started off as like a. An art project, but over the years, there have been companies that have made tools for cops, for example, that would make genetic profiles of people, like. Like genetic mug shots, I guess you'd call them. And then very famously, there was this case where the golden state killer, who's a serial killer, was identified based on a genetic database, I believe it's called GD match, like GEDmatch. And it wasn't his DNA that was in the database, it was his family's DNA that was in the database, and they were able to identify him. And I think that it's one of those things where we often talk about really extreme cases when we talk about privacy. It's like when you talk about Apple and iPhone encryption, the cases where the FBI says, like, hey, we want access to this encrypted data. It's like a terrorism case or like a child abuse case, something like that. And there have been a series of cases that have been solved using data from genetic databases, broadly speaking. And these are often like serial rapists, serial killers, really like awful situations. And that is like quite an interesting development for law enforcement. And it's like, it's pretty like an interesting thing, like an interesting technology, but it's based on you and your loved ones and people, you know, submitting genetic data to these gigantic databases. And 23andMe is one of the biggest ones. Ancestry is obviously another huge one. And basically, you know, there's now 15 million people in the 23andMe database, and the company is bankrupt. And so all of that is. Is up for sale right now in, in like a bankruptcy auction, more or less.
[05:29]
Sam Cole
Yeah. And it's basically the cops are turning to either these tools have been developed, as you say, for law enforcement or ancestry or whatever. They're basically commercial databases that they can then send a legal demand to to be like, hey, turn over this information. And I mean, it's almost in the same sort of way. It's just like Google collects all of this data, and then the FBI or whoever are like, we're going to give you a court order, a search warrant, or whatever legal mechanism is appropriate or that we like, and we're going to demand that data. It's like that, but for genetic information, basically. And you can't change your genetic information, really. It's kind of one and done. So you can see why it would be so valuable to law enforcement. I'M just curious. And maybe you could. I can't remember. But, like, what did the FBI person say on that panel? Like, the benefits of it to them or.
[06:28]
Jason Kebler
Yeah, I mean, so that. That's a really interesting thing, is one. Yes. Law enforcement can subpoena this data from a company like 23andMe or from Ancestry, which is now owned by BlackRock, by the way, which is like this massive private equity firm. But other genetic database companies have started sort of like proactively offering tools to law enforcement where they don't need to substitute subpoena it, they don't need to get a warrant, they don't need to go, like, make a specific legal demand. They're just making law enforcement tools, meaning search features. But also these genetic mugshot things that I mentioned earlier, where they will take a DNA sequence and then they'll run it through essentially like an AI that generates what they believe a person to look like based on their genetic information. And then they'll be like, oh, we can run this through a facial recognition database or something like that and try to identify someone. And there's all sorts of problems with this one. It's like your genetics don't fully make up what you might look like. And so there's been cases where, like, people are misidentified. Like, there's just like all sorts of potential problems here. You know, the f. I think that still to this day, even though we've been talking about the potential for this for a long time, it's still pretty early. Like, there's not widespread use of genetic databases to research crimes. I have filed a bunch of public records requests with a few different states because Florida, for example, has spun up like a genetic database law enforcement division and trying to get documents from them. Virginia has a very similar thing, but it's like, it's pretty early on for police to be like, actively trying to get this information, except for in the highest profile of cases. But we know that there's some companies that have begun to develop tools. And so, you know, I've written a few articles over the years where I'm like, don't submit your genetic information to these companies because you don't know the chain of command or, like, what is going to happen to these companies. And I think that's what this bankruptcy shows. It's like there was a company called, I believe, GD Match. I think it was them. There's. There's a few different ones, but yeah, so gd GD Match was formed as a nonprofit, like this one dude, Started it, and it was a nonprofit. And they're like, oh, you know, submit your information. We'll do some, like, genealogy, we'll do some ancestry. Maybe you can learn a little bit about your potential proclivities for, like, specific genetic diseases and things like that. Well, one day, the person who founded that was like, oh, I don't want to be a nonprofit anymore. So he sold the company. Yeah, he sold the company to this other company called Verogen, which had these contracts with the FBI. And then Verogen itself sold to a Dutch multinational conglomerate that was like a pharmaceutical company surveillance company, like, a bunch of different things. And so, like you said, you can't change your genetic information. And so if you submitted this to this, like, oh, small little nonprofit project, like, 10 years ago, well, now it's owned by, like, a Dutch multinational with both pharmaceutical contracts and also law enforcement contracts. And so that's the thing about 23andMe is that it's this project that, like, start out as, oh, like, fun. You can learn what percent from what country you are. You can. And then it sort of expanded into, we. We'll be able to tell you if you have markers for specific genetic diseases. They started offering some personalized medicine stuff. And then 23andMe launched these partnerships with pharmaceutical companies to do research on their databases and then to develop drugs. And it's like, that is also kind of interesting. If you put the privacy stuff aside, like personalized medicine, there's a lot of potential there. But this is not necessarily why people initially submitted their DNA to the company. And then it's like the company goes through some financial hardships, and suddenly now it's bankrupt, and it's like, oh, shit, we're like, out of money. We need a different revenue source. We need to figure out, like, a different mechanism for. For making money. And now it's for sale, and who knows who is going to buy it? Like, it could be an international company. It could be a company that works with law enforcement. It could be the. You know that it's bought out of bankruptcy by, you know, the. The founder of the company who is annual. How do you say this? I don't know. She's the sister of Susan Wojcicki, who was the CEO of YouTube. But as part of this, she said she stepped down as the CEO and has said that she's going to try to buy back the company. But there's, like, any number of potential outcomes here, and they're all kind of like, well, if you have your DNA in this database, it's like it's all up in the air. You don't know what's going to happen.
[12:04]
Sam Cole
Yeah. Or even as we saw with the recent selling of the Pokemon Go company to a company funded basically by the Saudi state. Right. I'm not saying that's going to happen here, but I don't know. There's a chance that could happen. Right, so you went through the bankruptcy documents. I'm not sure how detailed they were. We have some experience going through bankruptcy documents coming from Vice. They can be very, very interesting. Was there anything noteworthy in them at this time or is it more? More is going to come out. Like, what did you learn looking those actual documents?
[12:43]
Jason Kebler
Yeah. So we actually haven't Talked about why 23andMe filed for bankruptcy, which is really important and goes back to privacy. Well, and is all throughout the bankruptcy documents, which is 23andMe got hacked in at the end of 2023. And it was basically like a credential stuffing hack where 23andMe itself, like its database wasn't compromised, but there was basically like millions of customers whose passwords were reused. And essentially they like, like hackers logged into those, downloaded their information, sold it on breach forums, I believe, which is. Is breach forums dark web or is it just.
[13:28]
Sam Cole
It's clear web now? They don't even care about the dark web anymore. You just Google it and you find it. That's what it's like nowadays.
[13:34]
Jason Kebler
Yeah, yeah. So it was basically they were selling people's genetic information and sort of like different connections that were made by 23andMe on this hacker forum. And specifically they were selling information about Ashkenazi Jew users, people who had like that sort of DNA in their profiles and then also Chinese DNA. So it was like a kind of fucked up targeted sale of information. And this was during the early days of like Israel bombing Palestine. And so there was like this. That was like part of the sort of undercurrent of what was happening there. And as a result of this, 7 million people had their information leaked. And now there's been more than 50 class action lawsuits all over the country. There's also been 35,000 different like arbitration demands from people who had their information leaked. And so basically 23andMe is dealing with the legal and potential financial fallout of this hack where they have like all of these court cases about how they should have kept their customers data safe. And essentially the bankruptcy documents say like, we don't have the money to cover the potential damages from all of this litigation that we're facing. So we're going to file for bank bankruptcy to just like try to start over. Like we fucked up, we're in dire straits and like we're going to try to start over. You're right. We have looked at a lot of bankruptcy documents over the years and they're usually super, super interesting. There's also like a lot of filings as part of a bankruptcy case. And by that I mean there's usually like thousands and thousands of pages of documents and they don't all come out at once. And so right now there's like a lot of information about who they owe money to, which is like a lot of pharmaceutical companies, there's some AI companies, which is kind of interest. There's a lot of like marketing companies. But it doesn't say why they owe money to those companies. Like it doesn't say how they got into this situation. But as part of this they will have to submit some like various narratives about what went wrong and why they were doing all of this sort of thing. So it's something that we'll keep an eye on for sure.
[16:01]
Sam Cole
It is pretty wild that a credential stuffing attack, which is basically the lowest of the low hanging fruit you can get, generally speaking, it's wild that that sort of attack has basically killed a company, you know, and I understand why. And I understand why people are mad. But to go from basically a shit poster on this hacker forum to killing 23andMe is wild.
[16:30]
Jason Kebler
Yeah. I mean, theoretically, isn't this something that should have been stopped by like a rate limit sort of thing? One would think.
[16:38]
Sam Cole
Yeah. Back at Motherboard, where we all used to work, we did a story about ring cameras when they were getting hijacked, essentially, and hackers were doing the same sort of attack. They would break in with a reused password that maybe the victim had somewhere else or something, and then they just use it to log into ring. And we found that, you know, there was no rate limiting. I can't remember the status of 2fa exactly. But it also didn't block connections from Tor, the anonymity network that a lot of ordinary people use, but a lot of criminals use. And if you are 23andMe, presumably you should be putting rate limiting in place to stop multiple logins from IPs and multiple attempts, all that sort of thing. And you should probably block Tor connections as well. I don't know whether the attackers in this case use that or not, but there are absolutely ways to protect against credential stuffing even if your users have made the unfortunate mistake of reusing a password and just for the user advice as well. That is why you use a password manager, which generates a unique password for every site, so you don't have to remember them all and you don't end up using the same password everywhere. And then you're one of the 7 million people who has their genetic information pushed online, published online. So what happens now, Jason? Do we just follow?
[18:01]
Jason Kebler
So a couple things. One, you can apparently delete your information from 23andMe. So you can like log in and delete it. And that's actually what the attorney general of California recommended people do. They sent like an urgent warning to people in California saying, like, hey, go delete your information if you do live happen to live in California. California has a privacy law that makes like, they have to delete your information if you live elsewhere. You can request that is deleted and hopefully it is deleted. But like, who can say for sure? And then the other thing I'll say is like, just, I personally, it's like, I wouldn't submit my information to a company like 23andMe, and I would hope that my family wouldn't either. But I do think that this is like, a pretty tricky thing because the uses of genetic databases thus far have been to like, catch the worst of the worst criminals. And I think that that is something where it's like, okay, that's like, kind of interesting. I think that, you know, personalized medicine where that you can create pharmaceuticals that are targeted directly to people with specific genetic diseases. Like, that is a potential very like, good thing for society. But what I worry about is that the. They're not privacy laws that protect from mission creep here. And so I just don't think that like, Congress has protected people. They haven't really thought about the potential implications of this. I think that, you know, right now we're catching serial killers, but there are literally have been apartment complexes that have sequenced like, dog shit DNA to identify the owners of dogs who are not picking up like, dog poop in their apartment complexes, which is like, pick up, pick it up. But that is like, weird surveillance stuff that you can easily imagine this being used for nonviolent offenders. You can easily imagine it being used to try to detect like, undocumented immigrants, things like that. Especially kind of like with this current administration. And so I think it's something that we need to just like, be very, very thoughtful and cautious about as we roll out this sort of technology more widely. What happens next is they go through a bankruptcy proceeding. Usually these are pretty quick so it could be only like, a couple months before we know who buys 23andMe. I don't think that the company is going to go fully out of business because this genetic database is very valuable. So someone will buy it and do something with it. It's like, can just kind of hope that the person that buys it or the company that buys it is not like a weird surveillance company or. I don't know. It's like, it could be anyone at this point. So we'll continue to cover it, but that's sort of like what's. What's going on at the moment.
[21:08]
Sam Cole
Yeah. And it sounds like you're probably not in this data, Jason. Sam, do you know if anyone in your family signed up to this or.
[21:19]
E
I feel like Jason and I have had, like, it's not really an argument, but, like, everyone's fine. I'll be like, should I do 23 of me? And he's like, no, dumbass. And then I'm like, okay, I guess. But my. I know, like, I have not immediate family, but extended family who's done it. So I'm kind of like, am I Anyway, you know, I'm already in it. I'm already in it.
[21:41]
Sam Cole
Probably kind of.
[21:41]
E
Yeah.
[21:42]
Sam Cole
Kind of. Yeah.
[21:42]
E
This also makes me. This whole thing. This is a little bit of an aside. This makes me think of. There was a. It was a couple years. It was many years ago. It's not a couple years ago. It was 2019. I did a story for Vice about. It was. The headline was, did my. Did the FBI seize my vagina Cultures? And I had, like. I was, like, doing some stunt blog about, like, this culture company, and they were gonna, like, sequence some thing based on that. I don't know. But in the process of doing that story, the FBI raided the office and took all of the data. So I was kind of like, okay, now does the FBI have this? And it's just like, you don't really know what's gonna happen to this stuff once it's out of your hands. Once you put it in the mailbox, who knows?
[22:24]
Jason Kebler
I forgot about that story. It's one of the best stories you've ever done. It's so wild. It's so wild that that happened.
[22:31]
E
Yeah. It's such a weird turn of events.
[22:35]
Sam Cole
Please dig it up, because I want to put that in the show notes, because I don't think I've ever read that. And I would love to read it as well.
[22:41]
E
I did get the results back from the microbiome test eventually, but did you get.
[22:47]
Sam Cole
Did you get anything from the FBI? Did they get back to you?
[22:50]
E
I don't even remember why the FBI was raiding. That's a bigger question is why was the FI raiding this office? But, yeah, I should look back into that and see what the progress is on that investigation for sure.
[23:02]
Jason Kebler
And so I actually am in one of these databases. I'm not in 23andMe. Like, hopefully, I think some of my cousins have done it. But also similarly, for a stunt blog. When I was a freelancer at Motherboard, many, many years ago, me and my ex girlfriend did a blog where you could send a spit sample to, like, some random DNA sequencing startup that would then print a report about how compatible you were. And that company existed for like six seconds. Like, we did it, they sent it back, said we weren't compatible. We then did break up, like several months later. So very accurate. And then the company went out of business immediately. And it's like, I have no idea what happened to that. Like, I have no clue where it is or. Or what happened to it. It's like my genetic data has not changed. And so it is somewhere. And that. That's like, that's kind of my point. It's like, scary that a lot of these companies are very, like, fly by night. Like 23andMe is huge. They've been around forever. But like, there were. There was a period where a lot of, like, random startups were doing stuff like this. And it's like, who knows if they were acquired? Who knows if they sold their data to some. Someone who knows if I'm. I've been getting targeted by advertisements based on my DNA for years. Like, I have no idea. And that's concerning.
[24:32]
Sam Cole
Yeah, for sure. All right, we'll keep an eye on the bankruptcy documents. And when we come back, we're going to talk about a website that has been doxing Tesla owners across the U.S. we'll be right back after this.
[24:59]
Jason Kebler
There are so many things in life that we just never get around to taking up that hobby, cleaning out the garage, you know, little things that don't really make a huge difference in our lives yet. There's one thing that most of us have probably been neglecting that can have a huge impact on our family's future. It's life insurance. And with Select Quote, getting covered with the right policy for you is easier and more affordable than you may think. Selectquote is one of America's leading insurance brokers with nearly 40 years of experience helping over 2 million customers find over $700 billion in coverage since 1985. Other life insurance brokers offer impersonal one size fits all policies that may cost you more and cover you less, while SelectQuote's licensed insurance agents work for you to tailor a life insurance policy for your individual needs in as little as 15min. And have you ever worried about getting coverage with a pre existing health condition? Select Quote partners of carriers that provide policies for a variety of health conditions. If you have high blood pressure, no problem. If you have diabetes, that's fine too. Even if you have heart disease, Select Quote partners with carriers that can cover those conditions and others or if you don't have any major health issues. They work with carriers that can get you same day coverage with no medical exam required. Head to selectquote.com and a licensed insurance agent will call you right away with the right policy for your life and your budget. Selectquote they shop, you save get the right life insurance for you for less@selectquote.com 404 go to selectquote.com 404 today to get started. That's selectquote.com 400404 let's talk numbers.
[26:49]
Emmanuel Mayberg
Traditional in person therapy can cost anywhere from $100 to $250 per session. You can get quality care with Better Help's online therapy and you'll save on average up to 50% per session. Navigating the healthcare system is complicated, especially if you want to work on your mental health. Therapy should feel accessible, not like a luxury because it can make a meaningful difference in your life. With online therapy you get quality care at a price that makes sense and can help you with anything from anxiety to everyday stress. Your mental health is worth it and now it's within reach. With better help you can learn how to set boundaries, how to work through anxiety, and how to reframe your everyday experiences to better cope with the stress of modern life. Lots of us take our mental health for granted, but it's important to keep working at it and therapy can Help. With over 30,000 therapists, BetterHelp is the world's largest online therapy platform, having served over 5 million people globally. With a simple to use platform platform that you can fit into your busy life. Your well being is worth it. Visit betterhelp.com 404 Media today to get 10% off your first month. That's better help. H E L p.com 404 Media.
[28:04]
Sam Cole
Hey, it's Joseph again. If you're a new listener to the 404 Media podcast or even a long time one. You might not be aware of all of the impact our journalism has had recently or how we even got here in the first place. In 2023, the four of us quit corporate media to go independent. We were sick of working for a VC backed company that put profits before journalism that gave birth to 404 Media. Since then, we've stopped the spread of AI books in public libraries, triggered class action lawsuits, lawsuits against AI companies, got Congress to pressure big tech in various ways, and we've even shut down surveillance companies. This real world impact is only possible because of our paying subscribers. As a journalist owned business, they are the engine that powers our journalism and where the vast, vast majority of our revenue comes from. So please consider signing up today for $10 a month or $100 a year at 404 Media and get bonus content every week and access to all of our articles. Thank you and enjoy the rest of the podcast. All right, and we are back. This is one Jason and myself wrote Doge Quest site claims to dox Tesla owners across the U.S. jason, we did discuss the Tesla protests in another recent episode, but can you give us a super quick summary to get us up to speed? These protests are still going on basically, right?
[29:49]
Jason Kebler
Yeah, I mean, the Tesla takedown protests have only gotten bigger over time. The Tesla takedown is like what they're being called and they're being organized online and primarily they're happening on weekends, like the organized ones at Tesla dealerships all over the country. You know, these have notably, I believe, had quite an impact on Tesla's stock price. It's like Tesla stock went down a huge amount, you know, for a variety of reasons. I, I would attribute some of it to the protests. It's since gone up, you know, due to Lord knows what. Stock market stuff, stock market stuff, but also like, I don't know, Trump advertising, Tesl Teslas at the White House, things like this. But basically there's been like concerted efforts to protest Tesla all over the country. So there's been that. But then there's also been like acts of vandalism and arson at Tesla dealerships which the Trump administration and Elon Musk and others have wanted to classify as domestic terrorism or hate crimes or like a level above your, like standard vandalism as a, you know, act of protecting Elon Musk.
[31:02]
Sam Cole
Yeah, and we'll talk about that briefly in a second because we're actually going to talk about two stories here, but very briefly on this Doge Quest website. One day I get this signal message saying, hey, check out this website which is doxxing Tesla owners and it links to this Doge Quest website. I say thank you, I'm taking a look to whoever this tipster was and I open it up and there's this interface, like a Google Maps style interface for the United States and it has all of these little icons. There's one for Tesla superchargers and it's a little image of a supercharger. There's ones of the Doge dog, the Shiba Inu, the Meme dog. And then when you click that and it has personal information of members of Doge. I'm even hesitant to say employees because who really knows what the technical term is. I'm just going to say members of Doge. And then there are little Tesla car symbols and you click on those and they include the alleged personal information belonging to actual Tesla drivers. And now it's not every single Tesla owner in the States or anything like that. But you know, there's names, there's email addresses, there's phone numbers. And it's funny because I've actually just opened the site and now I literally can't see any of the Teslas on here. So I actually don't know if they've removed those or not. There's the superchargers and the Tesla dealerships as well. But at least at the time there was Tesla owner data on there. I went about verifying it and initially this was for the ones who had social media accounts. I was going through those and seeing if there was any information that would indicate they're a Tesla owner. Eventually I did find some of those. There were a few that were like fans of Musk or Tesla seemingly. And we got to the point where I felt comfortable enough to publish, so we did that with that headline. Then shortly after people started responding to me, I obviously reached out to some of these people and one gets back to me and confirms, yes, they're a Tesla owner. They said they bought it a while ago and they say they're not a fan of Musk, they bought the vehicle before they knew what Musk would become, all of that sort of thing. But clearly this site sits. I mean, I think it would be unfair to say it sits with the Tesla takedown protests because those are non violent protests where people are gathering. I don't want to lump it in with that, but it is obviously that broader context of people are very, very mad at Tesla, the company, and seemingly some of the owners of the vehicles as well. At least based on what everybody says on social Media. And Jason, you're earlier reporting about cybertrucks and all of that sort of thing. I guess I'll just read out dogequest's own sort of definition on his website. It says that DogeQuest is the ultimate hub for enthusiasts of the Department of Government Efficiency. Doge, our innovative platform allows users to explore an interactive map of Doge landmarks. But that's not all. We also cater to Tesla Motors owners, providing a comprehensive resource to locate nearby service centers, showrooms and charging stations all at their fingertips. And it goes on. Obviously it is a very tongue in cheek way of doxing these people. And the cursor is, is a Molotov cocktail, which I think would, you know, indicate some of the intent here potentially. Jason, what did you think when I sent you the map? Because we ended up working on this together.
[35:02]
Jason Kebler
Yeah, I mean, I think the initial it was really interesting because it's not exactly subtle. It's like, yes, very tongue in cheek. But the intention here I believe is clear. And like you said, we tried to verify the information on it and a lot of the information was correct, but there were some like mapping issues with some of the Tesla dealerships. It wasn't super clear, you know, if all of the Tesla owner information was correct. And I think what was very interesting to me is like when there initially was Tesla owner information on there, there's probably only a couple thousand, if that, like a few hundred to like maybe a thousand like Tesla owners that they were claiming to docs. And it, it's like not clear where that information came from because there's, you know, hundreds of thousands, if not probably millions of Teslas sold in the US Maybe hundreds of thousands is more accurate. So it's clear that it wasn't taken from like a massive like database of Tesla owners. It was compiled in some way that we are unclear on. And so I mean, we weren't able to verify where the information came from. Like speculatively it could have come from people who have been posting positively about Tesla over the years or have like, you know, done social media posts about owning a Tesla, stuff like that. But then we started talking about it and it's like, even if not all of the information is correct, the fact that this website existed at all was very interesting and a newsworthy story because it clearly was created to like intimidate Tesla, Tesla owners, et cetera, during this like incredibly politically fraught time where people are protesting, people are, you know, vandalizing Teslas and Tesla dealerships and things like that. And so even if not every single data point was accurate, although it seems like a lot of them were. It was like notable.
[37:20]
Sam Cole
Yeah. Like we wouldn't have covered it if all of the data was wrong. Like that wouldn't have been correct. But to me, like, it was much more about the act or even sort of the gesture or the symbolism of this map at all, which was, as you say, most likely to intimidate Tesla owners. And the one I spoke to, she said that she was worried. She remembers Gamergate and people being doxed during that and she compared it to that. Obviously I don't think they're one and the same, but that was their personal opinion of being worried about what was going to happen next. Some people did write in with theories about where the data came from, which was like an earlier data breach, and I'm yet to honestly have the time to go and verify that. But I agree that it looks more like an aggregation of data rather than any sort of Tesla breach. And I should say that after we broke the news of the site, a couple of other outlets like NBC and Business Insider, they went and they spoke to more people in data as well, and they also verified it. But you did mention in the earlier segment terrorism, and that's how some of these acts are being framed by the administration. We wrote another piece how three alleged Tesla vandals got caught. There was this announcement from the Attorney general that, and it wasn't really new arrests, they were some through March, some throughout February, but there was kind of this big announcement putting three or four of them together. And that gave us the opportunity to look through the court documents and go, oh, these are the sorts of capabilities that law enforcement are using to catch these people. And I think there's a public interest in that. I think there's a public interest in knowing what protests are doing, what violent vandals are doing, and what law enforcement doing. I want to know what all of that are doing and then obviously communicate that. So what did we learn from those court documents, Jason, that we started going through?
[39:29]
Jason Kebler
Yeah, I found that they were very, very interesting because it combined a lot of technologies and surveillance like strategies that we've written a lot about over the last couple of years. One, there was a lot of like social media surveillance happening. So they would identify or potentially identify someone and then they would find their social media handles and see like what they had been posting and, and one of the suspects had posted like a anti fascist flag, things like that. And they use that in the court documents. They also used social media posts to identify like the fact that someone had recently moved to the town where an arson had taken place, which I thought to be interesting. But the. The most, like, fascinating thing is that all three of the people that we wrote about were identified using their vehicle in some way. All of them seemingly drove to the Tesla dealerships that they then vandalized, according to the court documents.
[40:43]
Sam Cole
And all the charging stations.
[40:45]
Jason Kebler
Yeah, yeah. Or a charging station. Yeah. And so, like, two. Two of the people, according to, you know, the court documents, but also there were screen grabs of surveillance footage in each of the court documents that we looked at. And two of the people were wearing, like, all black and masks. And, you know, you probably wouldn't be able to identify them based solely off of what they were wearing, because they. They were, you know, covering their faces and stuff like that. But their license, the cars that they drove there or nearby, they were able to grab their license plates, and then they were run through automatic license plate readers. In one case, it was a flock device, which we've written about Flock a lot, which is a company that makes these. And in another, the brand of license plate reader was not set in the core document, but basically, they were then able to track these suspects, like, all around the town that they were living in. And very interestingly, I believe in the Colorado case, there was. There was a, you know, Molotov cocktail situation in Colorado. They essentially set up an alert for the license plate, and when the suspect left their home, it triggered an alert in the Flock like system that then alerted the cops that. That, like, exactly where that car was traveling, and they were able to chase the person down and, you know, arrest them. So it really does show that these, like, automatic license plate readers that we've been writing about a lot are widely used in the United States now. Like, these are three random. Like, none of them were even big cities. They were, like, smaller towns in three different states. One was Oregon, one was South Carolina, and one was Colorado. You know, and license plate information was used in all of them. One of them was not. I believe the South Carolina case didn't have automatic license plate readers, but they did look up the person in a license plate database and helped identify him that way. But I found that to be quite interesting.
[43:01]
Sam Cole
Yeah. And I think that active Flock alert shows something that a lot of people may not consider, and honestly, sometimes I forget it as well, is that automatic license plate readers, which are these cameras, which are typically stationary, and they just sit there and they record which vehicles are going in or out. That is ordinarily a very Passive surveillance technology. It's creating a record of. Well, last week, on Tuesday, this white van with this license plate came in. But with that alert, it can turn much more into an active surveillance system as well. As you say where. Well, the vehicle's move now. So now we can go perform physical surveillance or we can physically trail them or something like that. And that's just something I'm not sure many people really think about when it comes to automatic license plate readers. And these cameras, they don't just look at the plates, they will look at the color of the vehicle. They might be able to figure out the brand or the model as well. So, you know, I don't know, a red Porsche or something like that or a red hatchback or van or whatever. So they are more detailed than just the license plate. And of course, there's those technologies and there was like normal police work as well, like comparing a receipt that was found in the search of one person's residence and finding that it was the same brand of beer that was then used in the Molotov cocktail. And they found the discarded box that was carrying the beer. Like very, very normal stuff. But then these more interesting technologies like automatic license plate readers, just to round it out. Jason, what do you think about, you know, President Trump and other officials like the Attorney General, saying that this sort of activity is going to be prosecuted potentially as domestic terrorism? What does that mean for maybe the tools that police are going to use and maybe, you know, the sentences that people like this may face as well?
[45:00]
Jason Kebler
Yeah, I'm not an expert in this, but I know that if you classify something as domestic terrorism, it. I believe it means that perhaps, like, the CIA can get involved. It means like, that they are allowed to use, like, more intense surveillance mechanisms to potentially catch people. It means that the sentencing is harsher. It means that they can request certain data from tech companies, like, more easily. I think that's correct, yeah.
[45:38]
Sam Cole
The way I would see it is that they could. And when I say they, I mean more like the FBI or somebody like that, and the agencies involved in at least some of these cases was atf. But if something's marked as domestic terrorism, that kind of gives permission to use more invasive technologies. And maybe that's something like a stingray or an IMSI catcher, which has often been used to track down murderers, it's been used at protests, all of that sort of thing. You can easily see that if some sort of behaviour is marked as domestic terrorism, they may feel that they can use more invasive technologies. That doesn't mean they necessarily have to. In this case, it was just normal police work and then sort of the automatic license plate readers.
[46:30]
Joseph
I wouldn't say it's normal police work because regardless of the terrorism designation, what is what we're clearly seeing is that law enforcement is motivated and is being motivated to chase these people down, which is not the case for every crime. You can try to daisy chain security cameras and license plate readers for many types of crime that take place every day. And that doesn't happen because there's a question of resources and motivation to solve particular crimes, other forms of vandalism. But clearly law enforcement is very motivated to catch these people. And that is the entire point of the designation and of these cases is to make an example and scare people into not doing this.
[47:20]
Sam Cole
Yeah, totally fair. All right, let's leave that there. If you are listening to the free version of the podcast, I'll now play us out. But if you are a paying 404 media subscriber, we're going to talk about a fake piece of J.D. vance audio and of course the massive Signal Group chat fiasco. I feel like we have to talk about that. You can subscribe and gain access to that content at 404 Media co. As a reminder, 404 Media is journalist founded and supported by subscribers. If you do wish to subscribe to 404 Media and directly support our work, please go to 404 Media co. You'll get unlimited access to our articles and an ad free version of this podcast. You'll also get to listen to the Subscribers only section where we talk about the bonus stories each week. This podcast is made in partnership with Kaleidoscope. Another way to support us is by leaving a five star rating and review for the podcast. That stuff really helps us out. Or just tell your friends of course as well. This has been 404 Media. We will see you again next week.