B (3:32)

Yeah, just like a little bit of FOIA nerdery before we get into the specifics here. As Joseph said, federal agencies have, I believe it is 30 days to respond to a FOIA request. Like you said, they almost never actually give you the documents in that time, you know, that in that time period they will send like, oh, we're working on it, blah, blah, blah. But unfortunately it seems like the only way to get documents in a timely manner sometimes is to file a lawsuit. And so as Joseph mentioned, it's like we have filed many, many, many FOIAs over the years, some of which do get ignored like this. And you know, we probably would have ideally wanted to file more lawsuits over the years, but they are expensive, they're logistically complicated. We're not lawyers, so we needed to find a lawyer to do this for us. And I think often you have to do a cost benefit analysis of like, do we really want these documents enough to like go to court over them? Because as Joseph mentioned, a lot of journalists and organizations that sue for this sort of stuff are successful doing it because it's a pretty open and shut case. It's like we're requesting this, like how taxpayer money is being spent. And the specific document that Joseph asked for this contract is very simple to provide. It's not something that is going to take the FOIA officer, which is the, you know, the people in the, in the Freedom of Information Office that long to like pull a contract. It should take a few seconds. We're not asking for like tons and tons and tons of documents and deliberations and things like that. And so, I mean, our hope is that the system still works. Now we'll be able to get these documents hopefully relatively quickly. But anyways, let's, let's dive deeper into what Paragon is. So Paragon is a spyware company. Where are they based? Who do they sell to? What do they do?

A (5:42)

Yeah, so some listeners may be familiar with the government spyware industry. These are companies that, that sell remote phone and computer hacking tools to law enforcement and intelligence agencies. Some of those names you may have heard of include HackingTeam, from Italy, FinFisher, I think from Germany. It's been a Long time since I've covered FinFisher. Then you have the infamous NSO group from Israel and Paragon is also from Israel and it has a U.S. subsidiary. And that's the context in which Paragon sits. It's. It develops this spyware and it sells it to government agencies. Listeners may also be very much aware that the government spyware industry is full of scandal and abuse. HackingTeam was used to target activists. Fin Fisher as well. I remember way back, basically when they started writing about this sort of thing in 2014, 2015, that sort of timeframe, it was being used to target activists in the Middle east and North Africa. The FinFisher spyware and an NSO group has been used notoriously around the world to target activists and journalists as well, with even some indirect connections to Jamal Kasogi as well. Paragon positions itself differently. It says it is almost like the ethical equivalent to those companies. So while some of those companies will sell to a lot of different governments, including authoritarian states, Paragon says it doesn't. It really works with democracies. And one of those clients, and maybe we'll talk about in a minute, is Italy. Even with that being said, the last scandal going on in Italy with Paragon, and it's not just sort of the customers that separate it, it's also the product. And we'll go into more detail in a second, but it's still exceptionally powerful. But it focuses more on getting messages from encrypted chat apps like Signal or WhatsApp, rather than taking control of the entire device.

B (8:05)

Right, so it essentially is spyware that compromises the phone for the purpose of reading encrypted messages that are on the device.

A (8:15)

Yeah, and the product specifically is called graphite, and it will use, you know, presumably various exploits. One that was previously discovered by researchers and fixed was one in WhatsApp, where the user of Paragon would send a PDF file to the target in WhatsApp, and without the target even clicking a link, WhatsApp would render or load the PDF that would trigger an exploit which would then be used and that would break into the phone. And that is of course, what's especially notable about Paragon and other related spyware is that this stuff can infect a phone, broadly speaking, without the target really doing anything. Of course, it has a massively powerful capability, which is more often than not outside of the realm. And the budgets and the reach of even top tier cybercriminals, we are talking nation state and nation state contractor sort of spyware. Whereas NSO group, they'll break into the phone and it will get the location data, the text messages, the phone calls, Graphite and paragon position it as doing a more limited ethical collection here. That being said, we don't know exactly what ICE is buying, which is why we're trying to get the contract in the first place, because we don't actually know if it's for graphite or not. It could be for a different piece of software. All it says in the public procurement records is something like it's a proprietary developed solution and they'll give us training, blah blah blah. We don't know what ICE has exactly, but it cost $2 million, so presumably it's it's capable of doing something.

D (10:22)

For years I thought buying glasses was a nightmare. I'd sit at my optometrist office and try on glasses I didn't like, which took forever to make and were riddled.

B (10:31)

With hidden fees when I went to check out.

D (10:33)

Then I found Warby Parker, realized it didn't have to be this way and I haven't looked back since. Warby Parker uses nothing but premium materials in each frame. Warby Parker designs every frame in house and their collection includes silhouettes, colors and fits made to suit every face. I have a super wide face, but Warby Parker has me covered. Warby Parker offers everything you need for happier eyeglasses, sunglasses, contact lenses and eye exams. You can shop with them online, at home and in stores. Warby Parker has over 300 retail locations across the US and Canada where you can get styled by one of their friendly expert advisors. Warby Parker glasses start at $95 and include prescription lenses with anti reflective scratch resistant coatings. Many Warby Parker locations offer comprehensive eye exams starting at $85. Add a pair and save 15% when you purchase two or more prescription pairs of glasses or sunglasses. This offer is available both at home and in stores. Free shipping and free 30 day returns. My favorite thing about Warby Parker is that I can get stylish modern glasses and sunglasses at a price point that feels super premium but doesn't hurt my wallet. I recently picked up a pair of black walnut Elio shades framed with wide of course, which protect my eyes and elevate my outfits. Warby Parker has over 300 locations to help you find your next pair of glasses. You can also head over to warbyparker.com 404media right now to try on any pair virtually. That's warbyparker.com 404Media warbyparker.com 404 Media what's softer than cashmere and warmer than wool. It's not a riddle, it's an alpaca hoodie, and I had to check it out after hearing some of my favorite podcasters talking about Pakka. Pakka makes performance apparel from alpaca fiber, one of the world's most sustainable natural fibers. Their best selling hoodie is softer than cashmere, warmer than wool, and breathable. It's lightweight but still cozy, doesn't stretch out, doesn't pill, and somehow keeps me warm when it's cold and cool when it's hot. Basically, it adapts to wherever life takes you. This hoodie is built for real life. Thermal regulating, odor resistant, durable and made to last. Each one is handcrafted in Peru by artisans who stitch their name into the tag, a personal signature of quality and care. Over 100,000 people have already picked up the Pakka hoodie. What makes it even better? Knowing it's made sustainably and ethically from traceable alpaca fiber while supporting the communities and artisans in Peru who bring it to life. I've been into alpaca hoodies ever since I studied abroad in South America 15 years ago. But Paca is by far the best hoodie I've had. It's soft, stylish, and has become my everyday go to hoodie as the weather.

B (13:26)

Cools off this fall.

D (13:28)

Right now, when you order your Pakka hoodie, they'll throw in a free pair of their alpaca crew socks. These are seriously next level. They keep your feet dry, never smell, and on top of that, they're just insanely cozy. If you've been thinking about leveling up your hoodie game, this is your sign to do it now to grab your packa hoodie and free pair of alpaca crew socks. Head to go.pakaapparel.com 404media and use my code 404media that's go P A K A apparel.com 404media and enter code 404media.

B (14:14)

So what do we know about who graphite has been used against before? Like what countries have used it? Like what is the the history of it? Because as you said, like there is a history of this spyware being used elsewhere at least.

A (14:33)

Yeah. So again, Paragon positions itself as we're just going to work with democracies were going to be very, very above board that sort of thing. Which is why presumably they sold to Italy and eventually the Italian government was open about this, but only really after it was discovered they have been used by presumably Italian Authorities to target journalists, to target activists who were trying to save migrants, obviously who are crossing oceans and seas and are at great risk of harming them. Paragon's technology was used against them. Eventually, Paragon even stopped selling the technology to Italy. Like, of course, we don't hear about it this much. If listeners want to read more about that, definitely go check out our colleague at TechCrunch, Lorenzo Franceschi Bicarai, who has been covering spyware for years, and he did it with me for a very, very long time as well. But he's been following Paragon closely. And of course, people being Italian as well, he has some pretty good insight into that sort of stuff. But it's not just Italy. Researchers at Citizen Lab, which is this academic security research body, they, as they often do, found fingerprints of this malware and this system online. And they identified deployments in Australia, Canada, Cyprus, Denmark, Israel and Singapore. That's not to say that Those countries are 100% using paragon or graphite. Pretty strong indication, though. And the research itself is very well caveated, very well hedged. But that's always an interesting sign when Citizen Lab starts to find, oh, there are deployments of NSO in this country or Paragon in this country or whatever. And then I didn't actually know this until I started to write up our article about the lawsuit, but the New York Times, in one sentence, in one paragraph, in an older story about the spyware industry, they mentioned that the US DEA has used graphite and there's no contract, at least not one under the Paragon Solutions US subsidiary name. I have four years out with DEA as well. They haven't been particularly cooperative, but maybe it's already being used in the. In the US as well.

B (17:12)

Yeah. And I think the context of, you know, ICE having this $2 million contract, I know that the contract was paused for a while. I guess it was paused due to outrage, Right?

A (17:25)

Yeah, it's a bit. Yeah, it's a bit of both. So the contract is signed in September 2024. Wired finds it fairly soon after and covers it. And then it seems that this took the Biden administration by surprise. It seems that the White House did not know about it. Presumably ICE just went and bought it. And to be fair, why would the White House know about every single purchase by every single law enforcement agency? Right, but the White House put a stop work order on this, basically saying, hey, you can't do this until we review it. Because weirdly, around the same sort of time, Biden had just signed an executive order that was designed to limit the use of spyware by government agencies. And that came after all of these abuses by companies such as NSO Group, you know, which presumably parts of the US and the White House did not want really to be anywhere near. You don't want to be near a company that is going around and being used to hack into the phones of activists and dissidents and that sort of thing, you know, and there's also potentially a national, national security risk in that I don't know if a US Law enforcement agency is using a tool developed by Israel, what's to say that that Israeli company may not be getting some sort of intelligence from it? Of course, that's more speculative, hypothetical, but there's a concern there as well. So Biden puts this pause on it, the Biden White House. It's for a year, time passes. Obviously, Trump comes into power, obviously ICE starts his mass deportation campaign and effort, and now the contract's back, and then we filed a lawsuit. Because, as you allude to, Jason, it feels even more urgent now to think, well, to find out, well, what is ICE using this incredibly powerful tool for? Probably the most powerful surveillance capability ICE has ever bought. Really?

B (19:26)

Yeah.

D (19:26)

And, I mean, we could get into.

B (19:28)

It, but I feel like we've talked so much about the surveillance technology that ICE uses that we know that they have, and this is just something that is even more powerful if it is indeed graphite, and, you know, who knows who it could be turned against and in what contexts. But I think it's important that we do know the specifics of the contract and how they're doing it. So that's why we're suing. Do you want to talk a little bit more about that and just, like, what people can do if they want to support this?

A (20:04)

Yeah. And I'll just say, more specifically, the documents we're seeking are kind of what I nearly already always request from agencies when I'm submitting a FOIA about a, a particular contract. And it's like unsolicited bids, procurement contracts, documents, blah, blah, blah. The main one for me is something called a statement of work. And this is a short document, one page, maybe two or three, and it lays out. And they have to create one of these because it explains sort of what the contract's for, and it shows an explicit detail. This is the use case for this technology. This is why we have to buy it from this provider, and this is what we're going to use it for. And, of course, I think that's really, really important. It would still be important to know this even during the previous Biden administration. That's why I filed a Freedom of Information request immediately, because I want to know what ice, or really any US Government agency, is using very powerful spyware for. The only other real case we know a little bit about is when DEA bought hacking team more than 10 years ago at this point. And I think they were trying to do it for targets in Colombia, at least overseas and in South America, that sort of thing. So it'd be very useful to know what I plan to do with it. That said, if we get the statement of work back and it says, oh, we bought it to deal with child abuse or money laundering or something like that, the context and sort of the ground underneath ISIS feet has shifted so much now that even if the spyware was sold to HSI Homeland Security Investigations that deals with all of that serious organized crime or child abuse stuff, they now are working closely with the immigration part of ICE that who's to say that that tool may not be used for them as well? And after the contract was reactivated, you had people like Senator Ron Wyden say that, quote, ice is already shredding due process and ruining lives and it's rushed to lock up kids, cooks and firefighters who pose no threat to anyone. I'm extremely concerned about how ICE will use Paragon's spyware to further trample on the rights of Americans and anyone who Donald Trump labels as an enemy, end quote. And then, yeah, just last thing. Obviously we are only able to do this because of the generous support of our paying subscribers. So the best way to support us, to allow us to do this, is to become a paying, recurring subscriber. It's not just about the money, although of course that is one of the main things. It's about the. Oh, when we have recurring revenue, we can attempt to forecast, okay, we're going to have this money and we can allocate it for this purpose, in this case a lawsuit, then maybe in the future we can allocate it for, I don't know, trying to get these other documents or something like that. So that is the main way you can help us. And if you are interested in making a larger donation, tax deductible donation to help this work, you can email me at donate. But that's the pitch over. Don't want to go too long about trying to get people to subscribe, but yeah, that is the main way that we're going to be able to do this. You think that summed it up fairly, Jason?

B (23:44)

I think so. I think so. We'll obviously keep people updated as this goes through the legal process. It was filed on Monday, so we have not won yet. Fingers crossed.

A (23:57)

No, not yet. And as far as I know, the process is now there's court formalities and then maybe ICE responds and then we go from there. I mean, I would like to join the hearings as much as I can. I'm sure many of them will be very boilerplate and procedural, but I'd definitely be interested to see some of the arguments. All right, we'll leave that there. When we come back, we're going to talk about a couple of stories that Jason Emmanuel have been doing. We'll be right back after this.

D (24:44)

Over half of IT pros say securing SaaS apps is their biggest Challenge with the growing problem of SaaS sprawl and shadow it, it's not hard to see why. Thankfully, Trelika by1Password can discover and secure access to all your apps, managed or not. Trelica by 1Password inventories every app in use at your company, then pre populated app profiles assess SaaS risks, letting you manage, access, optimize, spend and enforce security best practices across every app your employees use. I've been using 1Password for about a year now and I can't believe I wasn't using it sooner than it's made. Logging into every website and account I have a breeze and I feel safe.

B (25:27)

When I use it.

D (25:28)

1Password'S award winning password manager is trusted by millions of users and over 150,000 businesses from IBM to Slack. And now they're securing more than just passwords with 1Password. Extended access management plus 1Password is ISO 27001 certified with regular third party audits and the industry's largest bug bounty. 1Password exceeds the standards set by various authorities and is a leader in security. Take the first step to better security for your team by securing credentials and protecting every application, even unmanaged. Shadow it. Learn more@1Password.com 404 that's the number 1Password.com 404 all lowercase 1Password.com 404 hiring the right people is one of the most crucial aspects of running a successful business. But the hiring process is rarely straightforward. From crafting compelling job posts and attracting qualified candidates, each step requires significant time, attention and effort. It's a demanding process that can quickly divert focus from other critical areas of your business. Fortunately, the future of hiring looks brighter thanks to ZipRecruiter's latest tools and features, which help you find the right talent faster. Saving you valuable time. And now you can try ZipRecruiter for free at ZipRecruiter.com 404Media see a candidate you're really interested in. You can unlock their contact info instantly. Over 320,000 new resumes are added to ZipRecruiter monthly, which means expediting the hiring process and finding the right person for the job faster than ever. Use ZipRecruiter and save time hiring. Four out of five employers who post on ZipRecruiter get a quality candidate within the first day. And if you go to ZipRecruiter.com 404Media right now, you can try it for free again that ziprecruiter.com 404media ziprecruiter the smartest way to hire.

A (27:40)

All right, we are back. So these two stories weirdly happened close together within weeks of each other. But I think that's kind of indicative of what's going on at the moment. The first one from Jason, AI Workslop is killing productivity and making workers miserable. I mean, I've never heard that term before. Jason Workslop. I don't know if it was made up for this study or for this piece exactly, but. So what is AI Workslop exactly?

B (28:12)

Yeah, new word. Just dropped new word. So I mean, it's obviously playing off of the idea of AI slop, but it's AI slop at work basically. But we're talking about very standard, like white collar work. Things like, I don't know, accounting firms, marketing firms, like people who prepare presentations and reports and do emails and things like that at a big company in the office. So this was a study done by Stanford University researchers and people at a company called BetterUp, which is a workplace productivity consulting firm. It's a survey of a little over a thousand white collar workers across various industries in the United States. And it was published in Harvard Business Review, which Harvard Business Review is not a traditional academic journal, but it is a highly influential publication that talks about business goings on. Um, and I saw it this morning and thought it was very interesting because it, it. I don't know if in a vacuum I would have written specifically about this study and this study alone, because I think any single study that's like a survey of different workers experiences and things like that is like, I don't know, you have to be not necessarily skeptical, but you need to, to think like, was this peer reviewed? What journal was this in? How was the research done? That sort of thing.

A (29:50)

Very easy to get selection bias in.

B (29:52)

That, yeah, I think the findings in this make sense to me, but they align very closely with like five other pieces of research and reports that have come out over the last couple months. And so basically they define workslop as AI generated content that, quote, masquerades as good work but lacks the substance to meaningfully advance a given task.

D (30:18)

Damn.

B (30:19)

Yeah. And so, I mean, they don't have like specific examples of like, this is AI work slot. But it's funny that they asked, you know, 1,150 workers about this and I don't have the exact number in front of me, but it was something like 40% of workers said that they had encountered this phenomenon.

D (30:42)

And it's basically like you ask your.

B (30:45)

Colleague or your direct report to do a presentation, to summarize a meeting to do something like that, and they basically outsource it to AI. And the thing that they turn in looks good, but it's useless. And it turns out that this is having a really big problem for productivity because AI is supposed to make companies more product productive, employees more productive. At least that's the promise. That's why, you know, there's billions and billions of dollars going into it. And it turns out that like, these workers are one spending a lot of time correcting the garbage that their colleagues are turning into them. Then they're having to like, you know, redo the work. And then very interestingly, they said, they basically said so here's a direct quote from the report. Workslop uniquely uses machines to offload cognitive work to another human being. When coworkers receive workslop, they are often required to take on the burden of decoding the content, inferring missed or false context. A cascade of effortful and complex decision making processes may follow, including rework and uncomfortable exchanges with colleagues. And then they say, that's so good. Yeah, they say the most alarming cost may have been interpersonal. And so it was very interesting because it's like not only are people having to like redo the shoddy work of their colleagues, that their colleagues outsourced AI, they're also having to figure out like how to deal with this and how to deal with their colleagues. Because if you're a manager and you know your worker is like, someone who's working for you is just doing a bunch of AI bullshit and they're not supposed to be, or they weren't told that they could, or maybe they were told that they could, but then the work that they're turning in is like really low quality. You're Having to, like, navigate, like, hey, get better. Get better at, like, at doing your AI work or don't use AI, or this is not how we do things around here. And so it's resulting in a lot more, like, disciplinary conversations. And very interestingly, it says that after, like, a. A regular worker research received work slop, they saw the person who turned in that AI generated work as being less intelligent, less creative, less capable, and less reliable. So basically, I mean, it's pretty bad. It's pretty bad.

A (33:23)

Yeah. It's fascinating because I imagine, and obviously I'm going to speak for the AI companies, maybe this is wrong, but I'm pretty sure they didn't anticipate that they're going to introduce these tools, they're going to be used to workplaces, and they're going to be focused much more on the accuracy and the efficiency of the tool itself. I really doubt the AI companies are thinking about we're making people in offices, like, look down on each other because the other person is using AI basically. Like, I seriously doubt that came up. Was that sort of, like, the human element? Was that, like, the biggest takeaway for you and why you. Why you covered this? Because I haven't seen that before.

B (34:03)

Yeah, I mean, that. That is why it was very interesting to me. I'm curious what the others think, because it is, like, it's this interesting moment where companies are telling their workers to use AI and a lot of them are, like, reticent to do so because their colleagues will look down upon them. And that's like, it's not just this study. There's one other study that found, like, the exact same thing. And, like, you know, Emmanuel can speak more of this. But I'm curious what both Emmanuel and Sam think, because I think part of, like, working in any team, it's like, I don't know, if y' all were, like, sending me a bunch of AI generated, I'd probably be pretty mad.

C (34:45)

I wanted to say that another reason we cover this study is that we have been circling this issue a little bit. Jason, you and I have been talking about this just anecdotally. We have heard at various companies, and there's been some reporting about this. Maybe it was at Business Insider. I apologize if I'm wrong about that. But basically, there's a bunch of instances of managers coming to their teams and saying the mandate is use AI. For what purpose doesn't matter. We have heard from upper management that AI is the future, so you have to use it, use it first and figure out why later. And obviously that seems like that would lead to bad results and the bad results that this study has found. So I don't find it surprising at all. I guess I did want to say, to play devil's advocate. To play AI advocate. I wonder if, like, the correct and useful application of AI is kind of invisible and will not turn up in a study like this. Because if somebody asked us if we use AI, I guess we would note how we do use AI because we report on it and we try to be very transparent, but it is not immediately apparent that we use transcription tools or, I don't know, spell check and various forms of search. I don't know. The way that it works is probably kind of integrated into your workflow and it's kind of invisible. And Jason, you've written about this as it relates to journalism, but do you think that's possible? Do you think there's more productive generative AI use happening that is not turning up in a study?

B (36:56)

Yeah, I do. I mean, I think probably, except for that. That's why I said, like, I don't know if I would have covered this study specifically in a vacuum if this was like, the only thing that we had heard about this. But there's been a bunch of studies that have come out over the last couple months and they all find, like, different things. But I think it, they, they create like a, a narrative that is like, this isn't actually leading to that, like the transcendent productivity gains that were promised. So there was a Financial Times analysis yesterday that was like, really good of just like shareholder meeting transcripts filed by S&P 500 companies and earnings reports and things like that. And they found basically that, like, every company is like, oh, we're using AI, we're going to use AI, we're going to lean into AI. But then they're very, very vague about, like, what they're actually using it for and like, what the actual benefits of, of using it are.

D (38:02)

Like, they're really vague.

B (38:03)

And so they say, quote, most of the anticipated benefits, such as increased productivity, were vaguely stated and harder to categorize than the risks. There was an MIT report in July that said, despite 30 to 40 billion dollars in enterprise investment into generative AI, this report uncovers a surprising result in that 95% of organizations are getting zero return. And that one's super interesting because they're saying, actually a lot of companies are getting really specific productivity gains from AI and very specific things like, I don't know, customer service or something like that. But then Aggregated out across, like, the entire. An entire company or an entire industry is like, AI is making something slightly more efficient. But then this issue of, like, hallucinations and, like, problem stuff coming up is hindering productivity even more than. Than, like, any sort of productivity gain. And then another one is a Gallup poll from June where it's like, 40% of all workers say that they've used AI, but almost all of them say that they're, quote, using AI at work without guardrails or guidance. And so. And they also said the benefits of using AI in the workplace are not always obvious. And so I think that's how you get to this work slop question, because, as you said, it's like the companies might, say, use AI, or maybe a worker just, like, tried ChatGPT one time at home, and they're like, oh, I could just, like, have this do my job for me. And so they're using it. And then, like, that's how you end up with a bunch of, like, really shitty uses of AI, because they are maybe not integrating it into their workflow. They're just, like, outsourcing their brain to this technology.

A (40:09)

Yeah. Speaking of outsourcing, I think that brings us to the next story from Emmanuel. And you published this a few weeks ago, as I said, but it's amazing how these two lined up. The headline of this one is, the Software Engineers Paid to Fix Vibe Coded Messes. I'm sure people know, but Vibe coding is basically using an AI assistant to develop code. And maybe you're not the most familiar with code, or maybe you have no knowledge of code whatsoever, but you want to build a video game where you want to build an app or something else, and you can do that through Vibe coding, essentially. But it looks like that sometimes makes a mess. And, you know, maybe even people are. Well, people are being paid to fix it as well. Just a step back a little bit, Emmanuel, what's this meme you saw going around LinkedIn? Like, people were joking about, oh, my God, I'm just paid to fix people's messes or something. Like, what was the meme?

C (41:08)

Yeah, there was this screenshot going around on LinkedIn that showed a bunch of LinkedIn profiles where the person's job description was Vibe Coding cleanup specialist. And I don't know if you know this, but LinkedIn is definitely the most corny social media platform.

A (41:28)

Fully, fully aware of that. Yeah.

C (41:31)

So a bunch of people who thought they were really funny were kind of, like, screenshotting it and making the same joke about, like, haha Vibe coding is supposed to make coding easier, but then you've created like this whole new industry of people who fix Vibe coding projects because actually the end product is shoddy and somebody else has to come in and fix it. And really you haven't saved time or energy or money or nothing. You've just like created a new problem for an actual human programmer to solve. And I saw that and I was kind of clicking around LinkedIn and looking up those profiles and it wasn't clear to me that it was real. If you are one of Those people on LinkedIn, please reach out to me. I'd like to talk to you. But it seemed like some people change their job description as a joke maybe, but I thought that the premise, like, felt true. And that's why jokes are funny usually, is that they speak to some truth. And I did some looking around and it's definitely a thing. Like, it is 100% a real job and increasingly a line of business for existing companies or an entirely new business for entirely new companies.

A (42:43)

Yeah. So you spoke to a couple of these people who are fixing these Vibe coded messes, basically. I think one was an individual and one was a entirely new company. Is that right? And like, what were they telling you about this process? They're making real money doing this.

C (43:02)

Yeah. So there's like two categories of people in this line of business now. One is like the freelance engineer, freelance computer programmer on platforms like Fiverr. And I think Upwork has some people that are doing this, but there's definitely a ton of them on Fiverr where it's basically like a gig, a gig working platform that we've covered before. And if you just search for Vibe coding, there are a bunch of people who will Vibe code stuff for you, and there is a bunch of people who will fix your Vibe coded project and are essentially Vibe coding cleanup specialists. And that's how they advertise their, their skill set. They're like, you try to make an app, you got what you wanted, but now it's kind of buggy. I'll come in and I'll fix it for you. That's what I do. And Fiverr, I would say, in order to make money there, which is, I think, very hard to make a lot of money. But there's a lot of programmers in India and other parts of the world where even though it just like not a lot of money for a gig, it's that the money goes farther there and there's a lot of people competing for the work. So they seem to kind of shift with the trends, right? It's like you offer in your skills whatever people are searching for. So a bunch of them have just shifted to this like, like I'll fix your Vibe code mess project. So there's those people. I talked to one guy, he says he has worked with like 15 to 20 clients. He said that a lot of what he fixes is UI stuff, right? So it's like somebody will Vibe code an app, it will do what they want it to do, but it doesn't look like the thing they want it to look like. And he does all of that probably.

A (45:13)

Security stuff as well. Like I can't remember the specific examples, but there's been Vibe coding and you can't imagine that, you know, the AWS keys and their permissions are handled in necessarily the best way when it's cobbled together with AI. But like that's scary, the amount of apps are going out there without security.

C (45:34)

Probably that's a very good point that hasn't come up. And I think it's not a coincidence that I hasn't come up. I think that nobody really wants to commit to like making your app super secure because the stakes around that are very high and real. So I think our people are intentionally not talking about it, they're talking about more superficial things. But that's totally true. Like I would be very concerned about giving my information to a Vibe coded app. I a few months ago reported about a Vibe coded game that had a security issue that didn't compromise users information but like was abused to like deface the game that the person makes. So it's definitely a real issue if you were to do something like that. If you wanted somebody to like fix your Vibe coded projects for security issues, I would recommend probably reaching out to one of these companies like ULAM Labs, which are based in Poland I think and are a software engineering firm that has existed for a long time, but they just open a new line of business where they advertise their skills to fix vibe coding projects. And it's funny, I wish I had these people reach out before I published the story. But since I published the story, a bunch of other software engineering firms of that level got back to me and they were like, yep, this is our business now. We totally do this. It's like if you want to talk next time. So it's like there's definitely a lot of people in that space. And then one person I talked to who was very interesting, his name was Swatanatra Sani and he's a Vibe Coder himself. And when he saw that Vibe coding was catching on as a thing, he just went out and bought a bunch of domains that had Vibe coding in the name. And one of those was Vibe code fixers. And when he realized that this was a problem because he started he himself as a Vibe coder and other Vibe coders who reached out for help and him helping other people, he realized that there's like a real business here. He used that domain name of vibecode fixers.com to create a platform where like you sign up as an engineer to offer your skills and other people can come in with their projects and like connect with those engineers to fix those problems. So it's basically a fiverr, like but the entire purpose of it is just to fix Vibe coded projects.

A (48:16)

Yeah, it is admittedly smart where inserted himself as the middleman, which is the perfect software business, Uber, whatever. And yeah, ride this wave of everybody making kind of shit apps. And if I could be the middleman that injects myself and connects them, I mean, did he give any indication how much money he's making or not yet. I'm looking at the site right now and I don't know. It's a real ass website.

C (48:45)

I don't think he is doing probably what what other tech startups would say is a smart thing to do, which is he doesn't care about monetization now. He just wants to be like the established place for this kind of thing. So I don't think he's charging anything. He's just getting as many engineers as possible to sign up. So it's like a viable solution for this thing. He did have a lot of like really great insight, I thought, not just as a person who operates this platform, but as somebody who is into Vibe coding and has fixed other people's Vibe coded projects. And he said that often the biggest problem with clients is psychological in that you get someone who's not a software engineer who has an idea for an app and they start Vibe coding the app and they get something semi functional and they fall in love with it. They become very enamored with the fact that they made a thing, but then it's very shoddy and they come to him and they're like, please fix this thing. And he looks into it and he's like, well, as an engineer, the smartest thing for me now to do is like put all of this in the garbage and start over and build it again without Vibe coding, because that will be a much better, much faster solution. But the client is like, no, no, no, my baby. Like, you can't possibly do this. You know, this is my app, this is my dream. So I thought that was like a very interesting psychological aspect. And I could definitely see that being the case where, you know. And this is, this is what the promise of vibe coding is, right? Where it's like you get a bunch of people who don't necessarily have the technical skills to build something. You suddenly let them build things and that's great, but, you know, once you get to a real engineer, that dream can kind of fall apart. But he'll do it. Like, he'll fix your shitty app and charge you for it, even though it's like, probably not the best move.

A (50:46)

Maybe we leave that there and you can put that quote on his website. He'll fix your shitty app and charge you for it. We'll leave it there. If you're listening to the free version of the podcast on our Play us out. But if you are a paying 404 media subscriber, we're going to be joined by our regular contributor Matthew Galt and we're going to talk about a couple of other things. One is a malicious game on Steam that he covers which targeted a cancer patient rather outrageously. Then, keeping with the video game theme, we're going to talk about a game that some people are finding very hard, including Jason called Silksong. He's shaking his head. You can subscribe and gain access to that content at 404 Media co. As a reminder, 404 Media is journalist founded and supported by subscribers. If you do wish to subscribe, subscribe to 404 Media and directly support our work. Please go to 404 Media co. You'll get unlimited access to our articles and an ad free version of this podcast. You also get to listen to the subscribers only section where we talk about a bonus story each week. This podcast is made in partnership with Kaleidoscope. Another way to support us is by leaving a five star rating and review for the podcast. That stuff really helps us out. Here is one of those reviews from BMW White Walt. Great source of technology news. Very approachable. Five stars and two thumbs up as well. This has been for a full media. We'll see you again next week.