After a federal agent shot and killed 37-year-old Renee Good in Minneapolis on Wednesday, WIRED surfaced December federal court testimony from the reported ICE shooter, Jonathan Ross. In it, he said he was a firearms trainer and that he has had “hundreds” of encounters with drivers in a professional capacity during enforcement actions. Separately, we looked at how the tactics behind protest policing are moving toward intentional antagonism. If you haven’t seen it, here’s our guide to protesting safely in the age of surveillance.
Meanwhile, the artificial-intelligence-powered chatbot Grok, developed by Elon Musk’s xAI, was everywhere this week because the platform has been expanding access to digital “undressing” capabilities that allow users to generate naked images of people and then post them to the social media platform X. A WIRED review found that Grok has been generating graphic content—including violent sexual images and videos, as well as media that depicts apparent minors—that has been available on Grok’s official website that’s even more explicit than content on X. All of this has led researchers and activists to ask why Grok and X are still available in Apple’s and Google’s app stores when the companies have removed other “nudify” apps for violating their terms. On Friday, X seemed to take steps to limit who can generate images with Grok to paid, “verified” users. In practice, though, the chatbot is still being used to create sexualized “undressing” images on the platform, even if the capability isn’t quite as accessible as it was before.
If you, like billions of other people globally, are a WhatsApp user, we’ve got tips about features in the end-to-end encrypted communication app that can boost its privacy and security even more. Plus, while invasive spyware is still relatively rare, it continues to proliferate around the world, so we have a guide to protecting your smartphone.
And there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Materials obtained by 404 Media shed new light on how the surveillance tools Tangles and Webloc from a company called Penlink can provide information to ICE agents after the agency contracted for the services in September. The social-media and phone-surveillance platforms can be used to monitor neighborhoods or city blocks for mobile phones and track the devices over time, potentially revealing where people live, work, and visit. Penlink purchases vast troves of commercial location data to augment and expand the dragnet.
“This is a very dangerous tool in the hands of an out-of-control agency. This granular location information paints a detailed picture of who we are, where we go, and who we spend time with,” Nathan Freed Wessler, deputy project director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, told 404 Media.
For the past two weeks, thousands of Iranians have been protesting against the country’s brutal regime and leadership, calling for reform after protests initially broke out over poor economic conditions. In response to the growing unrest, the country’s supreme leader has indicated harsh potential crackdowns may happen. As part of the country’s response, it has initiated a total internet blackout: As of January 9, Iranians had been without connectivity for more than 24 hours. Reports indicate that people have not been able to access social media, leaving them out of contact with family members, as well as preventing them from using ATMs and bank cards.
It is not the first time that Iran has shut down the internet for millions of people. The country, which has been building out the technical capability to digitally isolate itself from the global internet for years, previously shut down connections in 2025, 2022, and 2019. Often these internet shutdowns have been designed to stop protesters from communicating with one another and organizing, to limit the spread of news, and to stop video footage of law enforcement brutality from spreading around the world. They also cause huge self-inflicted economic damage to Iran.
In October, officials in the United States and United Kingdom sanctioned Cambodian national Chen Zhi and his company, Prince Holding Group, for allegedly running forced labor scam compounds across Cambodia—and a $15 billion fraudulent operation in the process. This week, Chen was extradited to China from Cambodia. He was shown on television wearing a hood and handcuffs as he was escorted off a plane in Beijing. The Guardian reports it is “not immediately clear” what charges Chen faces in China, although officials said his case is part of a wider crackdown on notorious scam compounds that have stolen billions from people around the world.
The notorious Chinese state-backed espionage hackers Salt Typhoon reportedly compromised the email accounts of a number of US congressional committee staffers as part of a campaign detected in December. Attackers targeted House China Committee staff communications as well as those from the Intelligence Committee, Armed Services Committee, and Foreign Affairs Committee. The incident is just the latest in a sprawling series of public and private sector breaches carried out by Salt Typhoon that have given Chinese intelligence extensive insight into US government communications.
