Hacked - Stalking Stalkerware + FTX Spending Sprees + the Uncertain Future of AI Game Dev
Episode Date: July 16, 2023On this chat episode we talk about recent public disclosures revealing all the wild stuff FTX bought, the hacking of LetMeSpy and the world of stalkerware, and a Reddit post that revealed a major shif...t in the use of AI generated assets in video games. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
What does a crypto and weed bank, an inappropriately named yacht,
and a $600,000 unpaid bill to Jimmy Buffett's Margaritaville Paradise Island, all have in common?
Let's just assume it's what crypto billionaires buy when they have nothing else to buy.
Due to a recent public filing, we know there's some of the crazy stuff that Sam Bankman-Fried and FTCS bought during their reign of
crypto supremacy.
I love it.
On this episode of Hacked, we are discussing all the wild stuff FtX bought before it all came
crashing down.
We're going to talk about let me spy and the uncomfortable question of what happens when
software designed to let folks spy on people gets infiltrated by a spy.
I think the big news story, maybe not as cybersecurity related, but just worth discussion,
is Facebook's founding of threads.
Twitter's new competitor.
The enlightening speed.
They sure did whip it up quick.
And then I want to talk about a Reddit post
in a subreddit about AI game development
that blew up and the response to which suggests
we've entered this interesting new act
in the story of AI and copyright.
All that and more on this chatty episode of Hacked.
Scribledy, bit, boon.
Someone on Twitter loves our theme music.
I saw that.
Yep.
They love the, specifically the outro music.
That's a big, big shout out.
It just means you made it to the end.
I will say, it's the same as the intro music, but I'm not, I'm not, I'm not correcting anybody.
If you're vibing to it, you know, maybe put it on Spotify.
Live away.
And we make $4.
Like, you know, get those royalties.
Make seven cents a year.
It's so ruthless.
Before we get to that, you know who I,
want to who I want to thank Scott.
Who would you like to thank, Jordan?
Well, I think you can guess.
I'm assuming you are talking about our new patron Spawning Grounds.
That is correct.
Big old shout out to all of our new patrons on Patreon.
You can go to hackedpodcast.com at redirects to our Patreon.
It's the best way to support the show.
In every other episode, we thank all the new folks since the last one, including Spawning
Grounds.
Thank you so much.
And Merlin?
Could never forget about Merlin.
Who we owe a response to on Patreon, sent us a message.
That's true.
We do.
We do.
I'm going to totally destroy this person's last name.
So I feel like this is where I awkwardly just hand you the mic and say, why don't you give it a go?
Why don't I take a running jump?
Thank you so much for your support, Mark Schlossarek.
There you go.
That's pretty good.
I feel good about that.
See, the next one, the next one I feel very confident.
and I think I could do Benjamin.
Yeah, you know what?
I think you might stick the landing on Benjamin.
Benjamin.
Benjamin.
Thank you so much for your support.
It really does mean the world to us.
Again, that's hackedpodcast.com to jump over to our Patreon and show us a little love.
Do we want to talk about lavish toys purchased by what I would say is artificial billionaires,
but they're not artificial, they're actual billionaires?
They are real billionaires.
We're real billionaires.
They were real billionaire.
Mm.
Maybe.
Sam Bankman Fried, for anyone that doesn't know,
is the former CEO of FTX,
currently awaiting trial in October
following his extradition from the Bahamas.
Mr. Bankman Fried was arrested in December
after the collapse of FTX.
They were one of the largest crypto exchanges in the world.
He agreed to be extradited on these charges
that he had orchestrated this sweeping fraud
in which he used billions of dollars
in customer deposits.
to pay for crypto trading, charitable donations, and lavish, very, very lavish real estate purchases.
Gets to the United States, he's granted bail.
He's currently under house arrest in his childhood home in California.
Very, very briefly, there have been some recent developments in that case.
Additional charges were pursued.
They were then withdrawn with this big caveat that there will be a second trial in 2024 regarding these new charges.
none of which is why we bring him up.
For the last five months, we've been getting this flood of bankruptcy filings and public disclosures relating to this case.
Which means, during that whole time when they were allegedly defrauding people of billions of dollars,
we know what they spent their money on, Scott.
It's a great list, honestly.
It's a really top drawer list.
During this multi-year stretch when SBF and FTX were the darlings of, you know, the darlings
of the emerging crypto world.
They went on this spending spree,
and we know what they paid for.
You can't buy taste,
but you can buy a guy on Twitter,
a Tesla for the law of Scott.
Bloomberg recently published a select list of stuff
that SBF and FTX bought
during their time in the sun.
We'd be fools not to talk about it ever so briefly.
There's some real doozies on here.
It's really, really great.
They did a really good job
because I'm sure they had to come through
a lot of not funny stuff,
but they did.
And they found the funny stuff.
stuff. In no particular order, for $11.5 million for an equity stake, they purchased
Moonstone Bank, a community bank in Washington that at some point decided to rebrand as a
crypto and cannabis bank, which drew the interest of SBF and FTX. Since the collapse of this,
they have changed their name back to Farmington State Bank, saying it was a quote,
returning to its original mission, presumably of being a normal bank.
So they started up by buying a bank.
That's a reasonable one.
You can look at that and go like...
That's honestly the best.
That's a business expense.
You buy a bank, you become a bank.
Banks make money.
They also bought some generic real estate.
And by generic, I mean, grotesquely expensive, fancy real estate.
Lavishly expensive.
Totally.
They bought a penthouse for $30 million just as like a hangout
inside of some fancy private resort area in the Bahamas?
Like, you know, the reasonable things.
Well, reasonable and also kind of funny.
Yeah.
Because it showed that they wanted to go to this super exclusive resort in the Bahamas,
but that they didn't really seem to want to hang out with the other people at the resort.
So they used the crypto money to buy the penthouse of the resort for $30 million.
So they could go to the cool place, but then not have to hang out with other people,
which is a really crypto billionaire to do in my personal.
It's like, hey, we're all a bunch of serious introverts and, you know,
I could make reference to a bunch of other news regarding the in crowd at FDX,
but I won't.
But I'm assuming they needed some private spaces for some of their private going on.
Google it, if you're curious what we're talking about.
Anywho, they also went on a naming rights buying spree.
There's one here I'm really.
want to talk about because it's, it
please breaks my mind.
Yeah, so they bought
an e-sports, they bought the naming rights to an
e-sports organization and like,
I don't know how many of you follow
esports or Jordan even if you follow
esports, but it's like, I follow
esports a bit and
I've been trying to figure out how that industry
survives because
I don't think they really make any money.
These organizations like spin up and
go away in a five-year cycle.
And if this is any indication,
esports teams are wildly successful
because FTEX bought naming rights
to an LA-based e-sports team,
most notable for their Super Smash Bros team,
for $210 million.
Get that bag, Team Solo Mid-FTX.
Like that is, like for 200, like let's just contrast that with the other crazy naming rights they bought.
So they bought the naming rights to like Miami's premier NBA facility where the heat play for 20 years or 19 years.
They only paid $135 million for that.
In contrast, a deal.
They got a real deal on that.
So it's like some esoteric super smash Bros. Esports team for $210 million,
versus naming one of the most premier sports facilities in North America for 20 years for 130 million.
Yep.
Wild. Wild to me.
Yeah. They didn't, a minor correction. They didn't buy an e-sports naming rights thing.
They bought a bunch of them. They bought the branding to the League of Legends championship series.
The important thing about all of these naming rights things is like when the person who bought the naming rights to your
thing becomes the poster child for a whole new genre of fraud, do you have to keep the name on your
thing? The answer to which will be figured out in court, because all of these things are
currently suing FTX. I think the League of Legends Championship Series is suing FtX. I believe
formerly FTX arena, now the Kasea Center, I think they're in a lawsuit. I'm not totally sure
about that. I would assume as much. Like the contractual value. It's the contractual value.
for their sponsorship deal is massive.
Also, the Mercedes F1 team was a big FTX partner.
Right.
It's not on this list, but I know it because I watch F1.
But the, yeah, like the amount of money that they threw,
it's reminiscent of a, I'm not going to say it was a Ponzi scheme,
but, like, you know, that's a lot of money to spend on marketing.
Well, we'll wait for the next couple of years' worth of court cases to decide that one.
And Team Solo mid-FTX, the Super Smash team has dropped FDX from their name.
So in addition to a bunch of naming rights stuff, in addition to a penthouse inside of a clubhouse,
so you don't have to talk to the people in the clubhouse, they also bought a yacht.
A pretty modest.
A pretty conservative yacht.
Pretty modest yacht.
Alameda Research, the hedge fund that was sort of embroiled in this whole drama,
bought a 52-foot yacht for its chief, co-chief executive officer Sam Trebuko for $2.5 million.
That's not really the interesting part.
The name of the vessel, this fine seafaring vessel,
Soak My Deck.
Soak my deck.
Is what they named their boat.
What happens when you give a bunch of...
I'm not going to finish that statement.
I don't need to say anything else.
There's nothing to say about that.
But anyway, they bought a $2.5 million boat and then named it that.
Pretty like in the world of billion dollar boats,
spending only spending $2.5 million on a boat seems like a reasonable expense
among this list of insanity.
given that they bought $24.4 million in board eight yacht club non-fundibles, I would tend to agree.
They played it real conservative when they bought Sam, the other Sam, Sam, too, a boat.
Oh my God. We have to do an episode on NFTs one of these days. I know we talked about it. We talked to, like we've touched on it. Yeah. But like $24.4 million for a bunch of eight photos that were digitally generated. Like it just, you know.
I do want to talk about this one because we were talking about marketing promos and getting sued.
Yes.
The Larry David commercial, don't be like Larry.
I'm sure if you haven't seen it, you need to see it.
It's essentially Larry David saying that like crypto is a scam.
That's literally the commercial and that he's not going to buy into it.
That's the whole ad.
And then Larry was consequently sued for promoting FTX, you know, as many of these people that sharden their commercials and use their channels to promote FTX are.
have found themselves pulled into lawsuits.
And Larry's like,
Larry's like, no, the whole commercial,
I was telling you not to do it.
It's like,
they paid me $20 million to tell you not to do it,
which is very funny.
Yeah, very funny.
A very funny thing to say.
Like, not unintentionally funny.
Like, credit where it is due,
that's a pretty funny way to respond to this whole situation.
Yeah, but I honestly think,
because he also, apparently,
I don't know if this is true,
but I'd heard that a lot of,
lot of other, the people that did promotions for them and were offered major gigs. They were offered
to be paid like exorbitantly more in crypto. And Larry was like, absolutely not. I want real money.
So like, true to his words, he was like, no, that's fake money. Give me real money.
See, the thing is, it's like, I think he's got to, I'm not sure what's happened with these
lawsuits. We should pull it out. But I think he have a decent legal leg to stand on because like,
FDX, the company is like, don't be like Larry, but Larry at least consistently is like, no, I don't believe in crypto.
Like, I don't want to get paid in it.
I went on television.
I went on television.
Yeah, like, it's not like I'm, and then FDX, like, paid me to be me and then said don't be me.
Like, I think that's a, I think you could build a pretty strong legal argument there to get out of it.
And I'm sure some of the best lawyers in the world will.
Yes, absolutely.
And I think last on this list that we should talk about before we move on.
And for $59,409, there is a unpaid bill to Jimmy Buffett's Margaritaville Paradise Island.
This whole drama, quite a remarkable story.
I would forget all of it if I could just know what that bill was for.
what did they spend $59,000 at Jimmy Buffett's Margaritaville Paradise Island on?
Presumably there's very fancy hotelers.
I just want to be a fly on the wall for that whole weekend.
Because out of all of these, like these are pretty garish purchases.
I'm not really that mad at that.
There's something about spending over a half a million bucks of Jimmy Buffett's,
that's pretty punk rock.
I'm pretty okay with that's actually the least punk rock thing I've ever heard.
But it's pretty dumb.
I can tell you what they spent it on.
I almost bet money on it.
You know?
No, I don't know, but I'll tell you what it was.
Sure.
I just know what it's from.
You're a big parrot head.
I feel you.
Oh, man, yeah.
So you got to assume, like, FTX was what, like 200-some people at its peak?
Oh, I see.
Sure, sure.
And, you know, most of them parachuted into the Bahamas and were living this, like, dreamy, 24-year-old post-graduating university.
lifestyle making probably exorbitant money.
Unfathomable.
For this company that literally didn't care about the expense break down in their income
statements.
Obviously, they didn't put the brakes on any buying pressure.
I would assume FTCS had tabs open at most major places in the region.
And if you work for FTX, you could just wander in, blow a grand on lunch expense it to the company.
And it goes on a tab.
And I bet this tab is unpaid.
I bet they, you know, they didn't have the credit card to process before it all blew up and got frozen.
Sure.
Now, James is stuck with the bill.
That's my thoughts.
No, I think that's really, I really, really buy that.
600 grand at Margaritaville.
Here's the scary part.
Most of those tabs are probably like monthly.
So you've got to assume that in like the year preceding this,
they might have dropped $7 million at Jimmy Buffett's Margaritaville Paradise Island.
Maybe that's where they like to have afterwork drinks.
Honestly, not mad about it.
Yeah.
Yeah.
Yeah.
Get that money, Jimmy.
like get yours.
If you work for a company that will literally
spends money on anything and takes care of the staff,
like that's pretty amazing.
Sure, fair enough.
Granted, they were spending other people's money
when they were buying you those drinks and food.
Yeah, no, for sure.
Yacht trips and first class flights and whatever else you want.
I'm mad about it in a much larger sense,
but I'm not mad about Jimmy Buffett getting paid.
never have been never will be i'm going to get a message after this about um some war crime jimmy
buffett committed or something but uh just going by his beachy breezy attitude and reputation i feel
pretty good about it nice so that's just some of the crazy stuff that sbf and ftx bought
to hard pivot let's do the hardest pivot that will occur in this episode okay from that
fun, light, breezy story, that Margaritaville Paradise Island-esque story set in the Bahamas.
Let's take a turn towards a little story about something called Let Me Spy.
Let's talk about Let Me Spy and what happens when the bad thing that your product has empowered
other people to do happens to you.
In case it was not totally clear from the name, Let Me Spy is a phone monitoring app for Android.
You install it on someone's Android device locally,
and Let Me Spy kind of quietly uploads text messages, call logs,
and precise location data from the phone to their servers,
which is then accessible to the installer.
The app is importantly designed to remain concealed on the phone's home screen,
making it challenging to detect and remove for the person who's had it installed on their phone.
This type of app is part of a larger product category,
kind of known in the industry as stalkerware or spouseware.
This is because of its remarkable utility to untrustworthy spouses who often have physical access to their partner's devices, and because if you use it, you're acting like a big old stalker.
Not a great product category. Suffice it to say.
Not a great look. Not a good thing to do. Don't use these apps. The big irony of these things, the irony here is that despite their deep access to a person's phone, these surveillance apps are notorious for bugs.
and basic security errors.
Over the years,
a bunch of these spyware,
stalkerware, spouseware apps
have been hacked, leaked, and exposed,
resulting in the theft of private phone data
from the actual victims here.
These breaches have included M-SPI, Mobus stealth,
flex-a-spy, all had breaches.
The FTC is currently pursuing
legal action against Retina-X
who had two data breaches
involving sensitive victim data last year.
These things get hacked a lot,
and now it is Let Me Spy.
turn. Last month, the company disclosed this big security incident on its login page,
stating that unauthorized access took place on June 21st. The hackers managed to access
email addresses, phone numbers, and the content of messages collected on the accounts.
A Polish security research blog called Nibus Peaksnik. Wow. Well done.
I feel pretty good about that. Yeah. Yeah, well done.
Reached out to the Spiro manufacturer for comment. Instead of the manufacturer,
responding to that email, the hacker response,
claiming to have gotten extensive access
to the spyware maker's domain.
The identity of the hacker behind the Let Me Spy Breach
and their motives is currently unclear.
They suggested that they had deleted
the database stored on the server,
but copies of that database have appeared online
later that same day.
Had they just hacked and destroyed this data,
I think that would have been much more.
Robin Hooded it instead of raided it.
They were on the edge of Robin Hooding it.
Yeah.
So then DDoS secrets, who we've talked about before, a very interesting nonprofit transparency
collective.
They get a copy of the hacked Let Me Spy Data.
They verify it with TechCrunch.
To both of their credits, there's a ton of personally identifiable information in this cache
of data, and they lock down and limit distribution of it to data journalists and researchers.
The leaked data included years of victims, call logs, text messages, all this very private stuff
dating back to 2013.
13,000 compromised devices.
In January, Let Me Spy's website stated that their software had been used to track just shy of a
quarter of a million devices.
Tens of millions of call logs, location data, texts.
As of right now, the counter on the site reads zero, and much of the site's basic
functionality, including the app itself, seems to be broken by this hack, which I think is good.
The data suggests that the majority of victims were located in the U.S., Indiore.
and Western Africa.
Interesting.
Yeah.
So let's dig into the customers here a little bit.
The data also contained the spyware, kind of what they refer to as their master database,
which was information on the 26,000 customers who used this spyware against other people.
It also revealed who makes this thing.
Link database reveals that LightMe Spy is built and maintained by a Polish developer
named Rafael Lidwin based in Krakow.
Kind of went combing around a little bit, a bunch of different.
different press outlets reached out for comment, doesn't seem Lidwin has responded to any of them.
Shocker.
Shocker.
It remains unclear whether Let Me Spy is going to be notifying victims whose phones were compromised
if they even have the ability to do so.
But this is the tough part about all this.
And making software in this terrible stockerware, spouseware type category is that if you notify
the victims of a device compromise, there's a non-zero chance at scale that you're actually
going to put some of those people in danger.
By providing a product for a fundamentally unsafe situation,
alerting people that they're the victims of this compromise,
is alerting them that they've been compromised
and some bad stuff can happen.
So it's a pretty rough situation all around.
As I mentioned earlier, this is not the first time
these things have been hacked or breached.
As many of them as you can name,
they've probably all been hacked at some point.
Ex-N spy, Kidsguard, Truth Spy, Support King,
have all had breaches.
These are not trustworthy apps,
ignoring the fact that you need to be a generally not trustworthy person to even think about using them.
Yeah.
And as always with these things, the tragic irony is that when these things get breached,
the people that were being victimized tend to be the first people to be victimized by that hacked.
Because it's not always the customer's data that gets leaked.
It's the victims.
Their calls, their texts, their movements.
Interesting.
Bad.
Yeah.
Bad.
Bad.
Bad.
Interesting bad
Interesting bad
A few things
One
I feel like if you're in a situation
Where you're even considering
Using Spouseware
That
You should probably just
Become an unspouse at that point
And save both
Parties
The headache
As I'm sure
Nobody wants to be a spouse
Of somebody who's going to install
spouse were on their phone. Let me tell you that.
No.
You're about to...
100%.
You might... If somebody's crossed the line, the other person's about to cross the line.
And I just think that that's a, you know, exit with your head high.
Yeah.
I think if you need to install something on someone's phone without their knowledge,
you're not off to a great star.
You're not a great partner.
No.
Exactly.
I think on the flip side of that coin, the place where like...
having the ability to just throw a hacking tool or like a spying tool
onto someone's phone without them knowing.
You know, that has a lot of corporate security aspects.
Yeah.
Because, like, you don't need to be, you don't need to be stalking the person.
You don't need to be spying on your spouse.
Like, the software is good for everything.
If you've got to made reference to it a few times,
but you've got a mergers and acquisitions lawyer who works in Wall Street
and you have this on their phone
and you get to read their messages
and other going ons,
that's a ton of valuable data.
Heaps.
Heaps of valuable, very financially valuable data.
It's like, I just feel like this,
what I'm roundabout getting to
is that I'm shocked that the app stores
even let this stuff exist.
Is it delivered via the app store
or is it like a back ground in stuff?
all. I believe Let Me Spy was available through the Google Play Store, but I don't know that
definitively. I mean, here's the thing. If Let Me Spy wasn't available, I think I named eight of
these things that have been compromised in the last few years. A bunch of them were available in the
app stores. I think the story that a lot of them tell on their websites is that this can be
useful for parental control. Of course. And that's exceptionally frustrating because, like,
iOS and stock Android both have parental control features.
And the important thing about parental control is you don't have to hide to your child
that you have parental control on device because you're the parent.
You're allowed to do that.
They can bump into a thing saying you're not allowed to do this.
This is being looked at.
Like that's okay in that dynamic to have to make a version of those exact same
surveillance and control programs that don't alert the person they're being used.
used against should tell you that you're going down the road to doing something not okay.
That consent and awareness angle is sort of what all of this turns on.
And I do completely agree that like when it does come to parental oversight, you know,
seeing as we're giving these devices to children now, they should really just be balking and
strengthening up the parental controls on them. That would be much better, I don't know, much
better for me than kind of letting these things exist outside of their own controlled ecosystem.
I think iOS makes it harder to do some of these things and it makes it easier to figure out if it's on your device.
I think that's something that they're doing right.
But at the end of the day, as long as certain software has access to some of these permissions, people are going to do dodgy stuff with it, apparently.
Shocker.
Shocker.
People will do dodgy stuff if given the opportunity to do so.
Famously, people love doing dodgy stuff.
Let's talk about AI game development,
threads, and whether a thumbs-up emoji
is legally binding right after the break.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere, saw something too late,
an alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for
a world where attackers are already using AI.
They created the Aurora superintelligence platform, a fully agentic system powered by the swarm of
experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents
that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything
trustworthy and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every
week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally
buries human analysts. Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the
model entirely. What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven decision
reflects your environment instead of generic assumptions. The automation frees your concierge security
team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected,
and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving into the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights into how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead of the next big breach.
It's not fear mongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
Just a quick hit on this one because it's funny and it's local to us, ish.
Yes, yes.
Ish.
So a Canadian court has just ruled that a thumbs up emoji is a legal agreement.
Mm-hmm.
So a farmer, this is in the province next to me,
A farmer was in some discussion with another grain cooperative or something,
and they signed an agreement for something.
$82,000 Canadian dollars, about 60K U.S.
And the farmer replied to essentially a contract via text,
he sent a thumbs up emoji.
And the court has now agreed that that is legally binding.
He essentially had a verbal commitment, and it is a contract.
So we have evolved.
Beyond language.
We have evolved technologically, a thumbs up.
Now, anytime you're like, hey, are we meeting at five for drinks and somebody sends you a thumbs up emoji and then go.
I will see you in court.
They have legally broken.
They've broken a legal contract.
Yeah, it's a pretty amazing story.
My favorite part was the sort of, so you have this farmer and you have this grain buyer and you have this, essentially,
essentially like puts this thing up to tender, sends out a contract,
guy responds with a thumbs up, and this all ends up in court,
which means that this justice, Timothy Keen,
in the court of King's bench in the province of Saskatchewan,
has to go, I'm just going to read the quote.
This case, quote, led the parties to a far-flung search for the equivalent of a Rosetta
stone in cases from Israel to New York State and tribunals in Canada
to unearth what a thumbs-up emoji means.
This whole thing sparked this like national treasure global journey to like figure out what is it that a thumbs up emoji means.
The best part though is that in all of the court documents for this, they do not refer to it as a thumbs up emoji.
They use the thumbs up emoji, which means that you have like legal documentation.
It's full.
It is just it reads like an I message thread.
It's just pampered with emojis the entire way through of them trying to figure out really what does it mean.
Is it a confirmation?
Does it rise to the level of a signature?
This weird legal, like, digital etymology thing
that this justice had to figure out
because of a bushel of grain.
Could you imagine if...
Because, like, you know, they had to do this for the thumbs-up emoji.
But, like, if we're now considering emojis
as part of legal language,
could you imagine if they had to make, like,
essentially a terms of reference?
for every single emoji and what it legally means.
That's fantastic. Sure.
Are we talking gifts?
Does a reaction mean count?
Like the Pandora's box that this opens.
Extraordinary.
Extraordinary.
It would be, I would love to see a legal definition for each emoji.
Well, interestingly, that, yeah, I would love to read that.
So that Justice Keen, and they talk about this a little bit,
stated that while a thumbs up emoji is a non-traditional means to, quote, sign a document,
that it was a valid way to convey the two purposes of a signature under these circumstances.
Importantly, for our discussion, he dismissed concerns that allowing a thumbs-up emoji to signify acceptance,
quote, would open up the floodgates to new interpretations of other emojis, including the fist bump and the handshake.
What I want to start doing, you know how people will do something just to take it all the way to the Supreme Court?
that idea of I'm going to get into a situation so I can pursue it legally to sort of set some kind of a precedent.
Totally.
I think this opens the floodgates for that.
What's a poop emoji mean?
There's so much we don't know about these symbols we use every day now that they've entered the legal sphere.
And I intend to find out.
Not only that.
Like, imagine being somebody later in their career who maybe doesn't speak emoji.
as well.
And all of a sudden, you're like, you know, maybe you use them occasionally in text messages
and in conversations, you know, you use the ones you know, maybe you like, you know.
Yeah, sure.
Like, you didn't grow up with the palette, so you're not familiar with all the colors.
And then all of a sudden you're being legally held to these things.
Like, good.
I think that's explicitly what happened here.
I don't get the sense Kent Mickleboro knew when he was texting with Farmer Chris
actor that that's what like i i i have to assume the thumbs up moji didn't mean to be a
signature but maybe i'm making maybe that's the wrong assumption maybe that's exactly what he
meant to do and then when the price of that crop went up he tried to renege maybe this is exactly
how this should have gone but like that i don't know like you know in more contemporary uses of the
thumbs up emoji it's essentially used to kill a conversation like you're it's essentially like a okay
with a wave goodbye.
So maybe somebody's like, hey, here's that contract.
And he's like, got it.
Yep.
Like, thumbs up.
Like, I got the contract.
I'll take a look at it.
Not like thumbs up.
Yes, it's agreed to.
I signed it digitally with my thumb.
That is what I believe actors, lawyers argued,
was that it was a confirmation of receipt,
not a signature of the contract.
Yeah, which to me makes, like, that's hard to,
That's a valid argument.
It's a valid argument.
It's a valid argument.
And then Justice Timothy Keene goes on this like
Da Vinci Code research quest about what an emoji means.
The response to which is, well, my client did not.
Exactly.
They weren't using it.
It's valid that that is sort of it's, you found the Rosetta Stone, you translated it,
you used the codex, that's what it means.
Great.
The client didn't know that.
Yeah.
Does it matter if you don't know what a signature means when you sign something?
I have no idea.
You're applying a definition to something that everybody uses differently.
And nobody really has a dictionary for this language.
You've created the first entry of it.
And you're now holding somebody legally.
I can't wait for this one to go.
Like this is going to go up in courts for sure.
It's going to get appealed up.
And I say this earnestly.
Not because I agree or disagree one way or the other.
I really want to interview Justice Timothy Keane.
I just want to understand what this person learned about the thumbs up emoji.
Because it's got to be more than has ever been studied or read or assembled about the thumbs up emoji.
They might have become the foremost expert in that symbol over the course of this case.
I have great news for you, Jordan.
when the decision is launched public
and is released via the court services,
you'll be able to download it and read it.
It might even be up now.
It was pretty recently,
so it might not quite be up,
but you'll be able to read
the entire justices decision
and all of their substantiation,
which would be, I think, actually,
a pretty fascinating read.
I will nuke our audience.
I will eliminate how,
Half of people will unsubscribe when we release our three-part.
Deep dive.
Oh, it is out.
Is it?
I'm looking at it.
Sick.
Yeah.
Oh, man.
Maybe you should just do a Patreon episode where you just read this entire thing.
Okay.
It's all coming together.
That's what a thumbs up emoji means.
Before we get to the future of AI and copyright,
let's chat about a little development in the social media and consumer tech world.
this past month, the dawn of threads.
Interestingly, five days of launch, it's 100 million signups.
That's the sort of big headline this last week is that it grew.
I think it beat chat GPT as the fastest growing online platform to hit that milestone.
Quite impressive.
Makes a lot of sense.
You have this massive social graph from Instagram that just gets cleanly ported over to your new thing.
It's like two clicks to jump over to this.
And there's a great deal of chatter amongst,
Twitter users as to whether or not they like the platform and where it's going and it's
current ownership.
So it sort of opens up this big old fun conversation about which social media owning tech
billionaire are you currently aligned with?
I just want to talk about the growth really quick because I'll tell you that the main
reason why I popped into the app, downloaded it and popped into it because it's not
online, very Instagram
1.0e,
is
like name squatting.
I went on there just to make sure that I got
a handle that wasn't
user 38669,
4723.
A classic.
New platform exists.
People jump on it just to make sure
that they get whatever username
they want or try and get great
usernames to hold them and sell
them later. It's just a classic.
But it does, I was disappointed.
I'm disappointed to see that it was just, well, I guess I'm not disappointed to see.
I'm probably happy to see that it just uses Instagram's username stuff.
So you just instantly get your Instagram handle.
So I count on one and it is an account on both.
Sure.
This last two weeks, we kind of watched the trough of disillusionment start for chat GPT.
Anyone doesn't know that there's this idea that as we get new types of technology,
we all go, oh my God, this is incredible, it can do everything.
And then we realize what it can't do.
and we get disillusioned and think it can't do anything,
and then we inevitably end up somewhere in the middle,
where we have a more accurate understanding of what the thing really is.
And we're talking about how ChatGPT's user base started shrinking for the first time
since it came out seven months ago.
Interestingly, about threads,
by pegging it to a Instagram account
and making it so that you can't delete the threads account
individually from the Instagram account,
at least for now, you have essentially made sure
that you're probably never going to have
user base shrinkage.
It's super clever. I'm sure
they'll pull that back at some point
but it is a... They'll have to.
It's a very considered
choice from a very considered
company. I think the
it probably comes down to the fact
that the usernames are linked. Of course.
So your username on Instagram becomes your username.
So essentially your account is already
threads enabled. You just need to
turn the binary flag from
do I use threads to
yes from no?
So they'll just make a flip to flip it back.
But I don't think you'll ever get to the situation where like, like on Twitter,
if you delete your account, you know, Jordan, I'm not actually familiar with what your account is Jordan Bloom and I assume.
If you were to delete that, somebody else could grab it and then boom, they would be.
And I just don't think, I think that thread has a bit of protection against that as long as you keep your Instagram account,
which I don't think is a bad thing.
Sure.
Because, you know, that's a classic misinformation kind of hack.
No, I think building some kind of security against name squatting and all that stuff from the outset makes total sense.
It is fascinating to imagine what kind of security issues they're dealing with as you have 100 million people flood into a thing.
It's obviously built on the back end of Instagram.
So pretty robust security infrastructure as applications go.
But it's got to be a lot, which is my transition to you talking about exploiting redirection.
Well, apparently, after that great transition, there's been a rush, like a frantic rush of criminal syndicates buying similar domains to try and do ural obfuscation and things like that.
Yeah, I got you.
Make things look like they're threads links and threads short-year-old redirections, but they're actually not.
So apparently there was a massive rush into that.
So I'm sure that, you know, when we talk about what?
billionaire you want to align with, I guess the one beauty of aligning with a billionaire as big as Facebook,
is that their teams have dealt with probably every type of social media hack ever at this point.
They are the proving ground for them. So they're probably well used to it and ready to combat all
of these things out of the gate, I would assume, rather than have to learn on the go, which I guess is the perk
of jumping in bed with Mark Zuckerberg.
But I did, let's just, that's a good transition to talking about which billionaire you want to align with.
I saw this funny.
Align with.
Hey, you use that term.
I'm just, I'm just repeating.
I did.
I did.
I really did.
I'm just using your words.
I think I don't know where I saw it.
I want to think it was like Reddit Wall Street bets or something like somewhere like that.
And it was like, two years ago, we were all, we love Elon Musk.
Tesla is the greatest thing.
He's saving the world.
Let's buy it.
Invest in Tesla.
Invest in Elon's the genius savior of the planet.
Two years later.
Totally start we need.
Yeah.
And also like, you know, meta and Facebook are terrible and we need to be against them and blah, blah, blah.
And then, exactly.
Two years later, we're all, we don't like Elon.
Rie Ra Ra, Mark Zuckerberg, he's saving us again.
Anyway, it's just the current internet, the cyclicalness of the internet is its own comedic thing.
Yeah, sure.
I don't know.
It's a, like I'm a fundamental rights person.
I've said that before and I've talked about it in other episodes and it's like, I believe in free speech.
And I don't agree with strong moderation.
as it limits dialogue and can limit discussion on things.
So I don't think, whether you like the current state of Twitter or not,
I think it's better than having speech and thought policed.
That's me.
I've always been one for free speech on the Internet, so is what it is.
I think Twitter needs to figure out their exact standards of what is free speech and what is it,
because there's some ways where they've totally opened things up.
And then there's other ways where they've closed it down.
Yeah.
And I think that ultimately, if you're looking to tech billionaires for your morality,
if you're trying to impose a like rebels versus empire,
there's a good guy and a bad guy type dynamic on top of it,
you have lost the thread, not to make a pun there.
Like, it's empire v. Empire.
Yeah.
Neither of these are the scrappy underdog.
Totally.
They're both multi-billion-dollar corporations fighting in a turf war, essentially,
for your little snippets of content that they can monetize with ads.
It is not a good guy versus bad guy situation.
It's a business fight that we're all a little too emotionally invested in.
The other thing is too is that I feel like Elon is,
I feel like Elon's always been a unique social media personality.
He's always been a little off the cuff.
The least.
I feel
I feel like
since he bought Twitter
he's embraced
I don't know what he's embraced
but he's
he's turned it up
Yes
like his posts in the last few weeks
his tweets
are
not something you would expect
from the richest man in the world
like he called Mark Zuckerberg
a cuck the other day
I was about to quote the cuck thing
yeah
that's not
that's like
No
You know
You're both
Multi-billionaire successful people
You run in similar circles
Yeah
Even if you have a beef
And somebody's trying to steal your business
It's like guess why
You tried to steal other people's businesses
This is just the way this works
And this is what free competition is
You're a market capitalist
Deal with it
The writing
Zuck is a cuck in the tweet
Is a strong play
For somebody
with so much social power and fiscal power.
With great power comes great responsibility.
And I just, I don't know if he's just embraced the bad boy image
or what's up with him, but he's definitely...
Such a bad boy.
Well, he's definitely...
Got his leather jackets and his little motorcycle.
He's just like...
It seems like he's embracing a bit of the dark side of the discussions lately.
And it's like, you know, being a...
promoter of free speech and stuff is great, but it's like, at the same time, you don't need to,
I don't know. I'm going to end it there. I don't know. I don't know how to say it nicely.
I don't want to, I don't want to have beef with Elon Musk. He's definitely going to win.
But it's like, you would definitely win.
It's like going from somebody who like three years ago, four years ago could have run for president
and probably one handedly to now being somebody who, I don't know.
And it's an interesting twist to watch.
From Tony Stark to shit posting on a social media app you bought for the lulls.
Exactly.
It's a pretty weird turn.
Yeah, exactly.
So, anyway, threads.
Threads.
That's threads.
Let's wrap it up by talking about a little development in the world of Steam and Valve and AI and copyright.
So about a month ago, a Reddit user named Potter Harry 97, posted in R-slash-A-A-A-A-A-E.
AI game dev, a post that has been very widely reported on and circulated.
It got a response from Steam and their parent company Valve on an issue that they're typically
quite tight-lipped about, which is their approval process and content moderation.
Title of the post, I'm just going to read in its entirety.
Title, Valve is not willing to publish games with AI-generated content anymore.
Body.
Hey, all, I tried to release a game about a month ago with a few assets that were fairly obviously
AI-generated.
My plan was to submit a rough version of the game with two-to-three assets slash sprites that
were admittedly, obviously AI-generated from the hands,
like nine fingers, I'm guessing,
and to improve them prior to actually release in the game
as I wasn't aware Steam had any issue with AI-generated art,
I received this message.
Hello, while we strive to ship most titles submitted to us,
we cannot ship games for which the developer does not have all the necessary rights.
After reviewing, we have identified intellectual property in Game Name Here,
which appears to belong to one or more third parties.
In particular, game name here, contains art assets generated by artificial intelligence
that appear to be relying on copyrighted material owned by third parties.
As the legal ownership of such AI-generated art is unclear,
we cannot ship your game while it contains these assets,
unless you can affirmatively confirm that you own the rights to all of the IP used in the dataset
that trained the AI to create the assets in your game.
Yikes.
The post blows up, gets widely covered,
and Valve Response.
And they confirm.
They will no longer accept products that have been created
using AI content than infringes on copyright.
Given that that policy applies to almost all current
AI generated content, it is being, I think, rightly interpreted
by many as like a de facto ban on AI on the platform.
Just for art, I'd say there's probably still
a lot of AI copy generation going on these days.
That distinction is more to do with that it's harder to prove.
Exactly.
Exactly.
Was generated by an AI, though there are some lawsuits we'll talk about that are getting
into the text side of things.
Valve spokesperson Casey Boyle clarified that the company is not trying to discourage the use
of AI in general, like as a broad category.
But they're really focused on existing copyright laws, saying that it makes it really
difficult to demonstrate that a developer has sufficient rights to use AI assets in a game.
For anyone who is unfamiliar, we've both worked on game projects before.
When you make a game, there are multiple stages during that process where you essentially make a promise to someone up the line saying you own all the stuff in the game.
If you're a developer, when you sign on with the publisher, you say to them, I'm signing this contract saying I made or have rights to everything in this game.
Any vendors that provided you assets sign a similar thing.
When the publisher then goes to distribute the game, they sign something similar.
It's everyone just saying, yes, we have the rights to this.
There isn't like a Beatles song hanging out in this game that we didn't.
paid the money for. Yeah, there's not a lawsuit waiting over the, over the next.
There's not a lawsuit. Over the next horizon. Exactly. So the question here,
and it's super interesting, is that if you make content using an AI tool like Dali or MidJourney,
can you say that you own the copyright when the models were trained on content
without consent of the copyright holder? That question is at the heart of like nine court cases
going on in the U.S. right now.
That is the question that Valve is waiting to be answered.
ChatGPT, Dali, Mid-Journey, Dreamfusion are all trained on these big bodies of data
scraped off the internet.
You've got Getty Images versus Stability AI, a bunch of novelists against OpenAI, the maker
of ChatGPT.
And these are all kind of arguing that AI companies like OpenA.
Are essentially repackaging and selling products based on millions of people's copyrighted
work, which is both, I think, true and a way of using the word repackage that has never really been
done before. It's not repackaging in the way that you would understand that term. The companies
defend themselves by arguing that training an AI generator to produce new text or images
based on ingested data is more akin to a human writing a novel after being inspired by other
books, a painter painting a painting, having been inspired by paintings. But data is different than a
memory. And so that answer also isn't immediately clear. It's going to be a fascinating outcome,
see what they decide on that one. Yeah. The results of those cases are going to entrench into law
the answer to that fundamental question. Is this infringement or interpretation? And also,
interestingly, as different legal jurisdictions, as different places reach different answers to
that question, the future of generative AI is probably going to fork and start evolving in
some very interesting ways.
The one with Getty Images, I think, is interesting because I remember seeing art assets generated by the AI that had literally the Getty tag in it.
If you've ever seen Getty Stock, there's a little bar that sticks across.
It's like property of Getty Images.
I don't know exactly remember what it says, but it essentially has like a little bar that demarks.
Well, Getty Images, watermark.
Exactly.
Yeah, it's a watermark.
And it was generating things with essentially an AI version of the Getty Images watermark.
And people were like, well, this is strange.
So, yeah.
So, yeah.
It's hard to argue that your content wasn't scraped in that process.
But can you argue that then you have to argue whether it is an interpretation of that content
or just repackaging and infringement of it?
Yeah.
It's really interesting.
I think that what will, I don't know, I'm intrigued because I think at some point you're going
to get a situation where like maybe Getty will release their own generative AI and train
it using their...
I think that's exactly.
Yeah.
Yeah, they're tagged photo set because what better way to train something than to give it a massive pool of images like Getty owns that are completely tagged with what they are.
It's just a real easy way to train an AI is to have a data set that large for a training set.
So I think you're going to start seeing massive licensing agreements, which I think is reasonable.
Like if somebody wants to, yeah, like it's like if you, I don't know, it'll be, I agree.
I think it'll be, I think it'll come to an end.
But this is a fascinating little twist in the story.
I can imagine a world where there's some sort of like central, maybe someone makes a product where you can basically check a box to pay a certain licensee.
Do you want the Getty Images plugin?
Do you want that data set into the model when you generate this next batch of images?
That's a $3.99 a month subscription.
Do you want the Flickr one?
Do you want the DVAdard one?
Do you want the this, this, or this one?
Those are all essentially little boxes you check that pay a small stipend to the original rights holders.
I think that will quickly reveal that people that have uploaded content to those sites aren't actually entitled to compensation for the...
But that's a separate thing.
And it kind of has to do with how we economically treat artists on the internet.
But I can't imagine a world where there is money exchanged.
And I can't really imagine a world where there isn't.
Exactly.
Because at a certain point, really well-funded IP holders are going to realize that, like,
yo, Mickey Mouse is in that.
Like, at what point does that become the discussion of, no,
you can't generate new Pokemon, and I know you're infringing on Pokemon because I can make Pokemon with this.
Yeah.
That's going to come up at some point.
Yep.
Getty Images is a big fish, but they're not as big as Disney.
Well, and the thing is, well, I don't know.
Yeah, they're not as big as Disney, but they are very big fish.
They're big.
They are big.
They're bigger than stability AI.
But your comment about people creating intellectual property and realizing that they don't actually own it
or that they don't have complete moral writer.
That they've given it away.
Exactly.
I think Instagram is, this is, you know, to go full circle,
this is going to become a piece of that puzzle too.
There's so many, I don't even know how many posts there are on Instagram.
It's going to be millions, billions, trillions,
and that's another massive trading data set.
They essentially know what's in every one of those images too.
That's how they're like discovery algorithm works.
It's like, oh, Jordan's recently been looking at Zelda posts.
It's like, here's a bunch of Zelda posts.
None of those are tagged with Zelda.
It just knows that there's Zelda posts.
They just know.
They know what a Zelda post looks like.
Exactly.
They don't, but some black box algorithm has a vague digital sense memory
of what a Zelda post looks like and can make that connection.
Exactly.
So, yeah, I don't know.
It's going to be, I think this one's going to be pretty cut and dry, honestly.
I think this one's going to come back as saying that the models don't have license
to the data sets that they were trained on,
even though the dataset is somewhat publicly accessible.
it doesn't mean that they have their rights to use it commercially.
I think that that's pretty...
To re-monetize it, I think that's probably going to be where it goes.
Yeah, I think this one's going to be pretty easy.
I do think it's going to be the little mini-indy game developer,
you know, solo project style.
I know people were really getting into, you know,
it's a really easy way to generate some basic art assets.
And, you know, if you're a developer, non-designer,
who's building yourself a small test game in Unreal,
and you just need some assets and sprites.
Totally.
You have to imagine that the game submitted by Potter Harry 97
had some very prominent assets in it
if you were able to tell, hey, this person has nine fingers
and 58 teeth in their mouth.
This is clearly an AI generation.
But it kind of reminds me of samples.
If I can clearly identify that that Stevie Wonder
singing on your beat,
it's very easy for me to say,
hey, you can't use, as the rights holder to Stevie Wonder,
you can't use that sample in your song.
Yep.
But I think we all kind of intuitively know
that there's probably some uncleared samples buried in song somewhere
because they've been broken and chopped and reversed
and turned into something fundamentally new.
So a lot of this is going to depend on,
can you identify that there's AI content in your thing,
which then hinges on either some sort of like unremovable watermark
or AI not going past.
past the point where the hands are bad and the teeth are weird.
You have to be able to identify that it was AI
to be able to say, hey, get this AI out of your thing.
You don't own the rights to it.
Because AI gets better, that's just going to get harder to do.
So at what point does AI become adversarial to the copyright holders
and saying, we don't really care whether you like this or not?
It's going to be a really interesting, for as interesting as the last seven months have been,
And since this all really kicked off, I think it's going to be a very interesting couple years ahead.
And we're going to have to answer some questions about copyright that I don't think any of us thought we were going to have to answer.
But I feel like this is the thing for me is, like, I feel like there's so much precedent in these cases.
That's a very legal episode of Hacked.
It is. Yeah, I didn't realize it.
Yeah.
But the, like, what was the song that came out?
It was like the three male vocalists.
And it, I think it was like very controversial and kind of like,
You know.
Oh, blurred lines?
Blurred lines.
Thank you.
Wow.
Yeah.
You took nothing from me there and turned that into blurred lines.
That is commendable.
It had three guys in it, and it did.
It had T.I. Farrell and Robin Thick, and it was controversial.
And it was at the heart of a copyright case.
Yes.
It was not a sample.
It was a rhythm.
If I'm remembering right, it was the drum and bass combo that was at the heart of that.
It was essentially found to be inspired.
to the point that the
original copyright holder
required payment.
So they had to give
I think $5 million to
Marvin Gay's family.
As it wasn't a sample, it wasn't
a reproduction, like it
wasn't exactly the same.
It was just similar
enough that they had to be awarded
money. And I think that
that's
steams fear, really.
right there.
Yeah.
It's like this isn't a reproduction.
It's been modified.
Like a lot of copyright law has the ability of like if you modify X percentage of it,
it's no longer the original work, et cetera, et cetera.
I think this is their fear is it's like, yes, you generated assets.
They are definitely not the same thing.
But there's enough of, you know, a style borrowing or whatever you want to call it,
that it infringes the original copyright holders thing.
It's derivative.
And therefore, yeah.
And Steam doesn't, like, Steam's just making sure that they're not named in lawsuits.
And I completely respect that.
Because they'll get, if just as a distribution platform, when, what was it, Potter Harry 73?
97.
97.
When Potter Harry 97 gets sued, Steam will get named in that lawsuit.
Steam gets sued along the way, essentially.
They will drive by sued on their way to Potter-Henry, 97, completely.
The way lawsuits work is the more people you can name in the suit,
the higher amount of people need to settle and you'll make more money.
So everybody will get named and Steam will get named.
I think that that's wise by Steam to sit on the backseat
and wait for this stuff to all flush out because they'd just be putting themselves into,
especially with how many games get published on Steam
and how easy it is to publish a game on Steam.
If they allowed anybody
to put any kind of game out there
with any kind of AI assets in it,
they'd just be opening the door to the lawyer bill of the century.
I think it is the shrewd move,
and it is juxtaposed against Disney's choice
to publish a TV series
with an intro sequence that features AI-generated assets in it.
Totally.
One of those companies has decided to sort of step back
and wait for the legal circumstances to get resolved, and the other is in a small way,
forged ahead in using these tools.
And it's going to be really interesting to see how that all shakes out.
Totally.
Thanks for all.
Stockerware hacked, steam rejecting games, Margarita Villbills, and thumbs up emojis legally binding.
This has been a fun one.
Thanks for listening, everybody.
We'll catch you in the next one.
Take care.