Privacy may be dead, but civilians are turning conventional wisdom on its head by surveilling the cops as much as the cops surveil them.

Privacy isn’t dead. Just ask Kristi Noem.

The Department of Homeland Security secretary has spent 2025 trying to convince the American public that identifying roving bands of masked federal agents is “doxing”—and that revealing these public servants’ identities is “violence.” Noem is wrong on both fronts, legal experts say, but her claims of doxing highlight a central conflict in the current era: Surveillance now goes both ways.

Over the nearly 12 months since President Donald Trump took office for a second time, life in the United States has been torn asunder by relentless arrests and raids by officers from Immigration and Customs Enforcement, Customs and Border Protection, and federal, state, and local authorities deputized to carry out immigration actions. Many of these agents are hiding their identities on the administration-approved basis that they are the ones at risk. US residents, in response, have ramped up their documentation of law enforcement activity to seemingly unprecedented levels.

“ICE watch” groups have appeared across the country. Apps for tracking immigration enforcement activity have popped up on (then disappeared from) Apple and Google app stores. Social media feeds are awash in videos of unidentified agents tackling men in parking lots, throwing women to the ground, and ripping families apart. From Los Angeles to Chicago to Raleigh, North Carolina, neighbors and passersby have pulled out their phones to document members of their communities being arrested and vanishing into the Trump administration’s machinery.

That’s not to say it’s new, of course. Documenting law enforcement activity to counter the _he said, he said_ imbalance of power between police and civilians is practically an American tradition, says Adam Schwartz, privacy litigation director at the Electronic Frontier Foundation, a civil liberties nonprofit. “This goes back at least as far as the 1968 Democratic Convention when journalists documented police officers rioting and beating up protesters—and lying about who was responsible for this,” he says.

Jennifer Granick, an attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project, says the practice likely goes back “centuries.” Indeed, documenting police activity is likely as old as policing itself. “The difference \[today\] is that technology has made it so everybody has a video recorder with them at all times,” Granick says. “And then it's very easy to get that recording out to the public.”

Non-journalists recording police activity entered the mainstream after a bystander, George Holliday, videotaped Los Angeles Police Department officers brutally beating Rodney King, a Black man, in March 1991 and shared the footage with local media. The video would set off a national reckoning over race and policing in modern America.

National unrest sparked again in 2020 after a teenager recorded a white Minnesota police officer, Derek Chauvin, kneeling on the neck of 46-year-old George Floyd. (Chauvin was later convicted of Floyd’s murder.) The Black Lives Matter movement that followed the death of Floyd and other Black Americans at the hands of police grew hot and fast that summer thanks to social media and the easy recording and sharing of video footage. In 2025, the practice of recording police on a systematic scale turned from an activity largely carried out by protesters and activists into a populist practice carried out by anyone who happens to be around.

“What we are seeing in the last year is an escalation by law enforcement of what they are doing in our communities, including sending armed, masked thugs onto our streets to detain people for no reason other than that they look like they are Mexican and subjecting them to humiliating, dangerous encounters,” says Schwartz. “And so, many Americans—as they have been doing for decades when they see the police officers on their streets acting like lawless rogue thugs—have pulled out their cameras and documented them.”

The Trump administration’s response has been swift and punitive, and it has met with mixed results. In September, a federal grand jury indicted three people for allegedly following an ICE agent home while “livestreaming his home address on Instagram.” The same month, DHS subpoenaed Instagram owner Meta in an attempt to unmask six Instagram accounts “pursuant to an official, criminal investigation regarding officer safety.” (In early December, the subpoena was withdrawn.) Escalating matters further, the FBI has reportedly launched “criminal and domestic terrorism investigations” into “threats against immigration enforcement activity” in at least 23 areas around the US, according to a bureau document obtained by The Guardian.

Doxing is not a legal term nor a formal criminal offense. But even that could change if Trump administration allies have their way. In June, Republican senator Marsha Blackburn introduced the Protecting Law Enforcement From Doxing Act. It has yet to receive any movement in Congress from Blackburn’s fellow lawmakers.

Outside legal avenues, Schwartz says, supporters of the Trump administration have been “jawboning” people on social media in an attempt to pressure them to remove the content that they’ve put up, or to get information about the people uploading that content from their social media profiles.

To be clear, the public generally has the right to record police in public, provided they’re not interfering with official business. As Schwartz put it, this kind of government accountability is “a basic paradigm under our Constitution.” Furthermore, Schwartz emphasizes that calling public accountability “surveillance” is the wrong way to think about it. “What the government owes to people is that the people get to be private,” Schwartz says. “What the government owes the public is transparency. The public gets to know what the government is doing.”

Granick agrees. “I don't think that police or ICE agents have an expectation of privacy when they are out in public as government officials claiming to be doing the public's business,” Granick says. “In those situations, the public has a right to know what they're doing.”

The notion of privacy in America is ever-changing—an evolution supercharged by social media, data collection, and the post-9/11 surveillance state. Some may see the increase in populist accountability of ICE and other law enforcement as a further erosion of privacy overall. Granick, however, says it’s nothing compared to the government surveillance everyone is up against.

“The police have license plate readers, and camera networks, and warrants to get the content of our communications, and other legal means to get information about our communications,” Granick says. “The government so far outstrips the ability of regular people to find out what they're doing. And when we're talking about a distributed network of observers, it doesn’t compare to the level of privacy intrusion that the government not just is capable of, but takes advantage of all the time.”

The New Surveillance State Is You

From Donald Trump to DOGE to Chinese hackers, this year the internet’s chaos caused outsize real-world harm.

In 2025, people who built their careers by being some form of Very Online are now some of the most powerful people in the world.

Topping the list—as we predicted he would last year—is Donald Trump. The 79-year-old president of the United States quite literally rules by decrees posted to his social network, Truth Social. The US government, meanwhile, is run by a ramshackle crew of former conspiracy theory podcasters, TV hosts, vaccine skeptics, and entertainment moguls. A decade ago, the prevailing advice was to never read the YouTube comments. Today, the human embodiment of YouTube comments are setting federal policy.

Beyond members of the Trump administration (fair warning, there are quite a few on this year’s list), you’ll find some of the usual suspects: China’s state-backed hackers, chaos-making members of “the com” internet underworld, prolific online scammers, and of course, Elon Musk.

Each year, we round up the people who have an outsize role in making the internet era feel like life itself is a relentless, unavoidable comments section—and who cause real-world harm from their digital perch. Here is our list for 2025.

**Donald Trump**

Donald Trump in 2025 reached what may well be his final form. Unleashed from the shackles of norms, decorum, and checks and balances, Trump's second administration is defined by a relentless pursuit of whatever it is Stephen Miller and Russell Vought think will Make America Great Again. But Trump is still the Poster-in-Chief, spewing an endless stream of attacks, insults, conspiracy theories, and AI slop on Truth Social.

During one particularly prolific night in early December, the president of the United States posted 169 times between roughly 7 pm and midnight at the White House. They included calls for Congress to "TERMINATE THE FILIBUSTER" and missives about Honduras' presidential election. Weeks prior, he’d posted that a video reminding US troops that they have a duty to disobey illegal orders was "SEDITIOUS BEHAVIOR, punishable by DEATH." When the president posts, it’s news—which means virtually everyone in the US must absorb the chaos Trump creates online.

Every day under Trump is like this, just as it has been for the better part of a decade. Cracks in Trump's social media armor have begun to show; Republicans notably pushed back on his callous comments after filmmaker Rob Reiner after he and his wife were found stabbed to death in mid-December. Still, Trump dominates nearly every news cycle and wields ever-expanding power to shape and ruin the lives of people in the US and abroad with a single Truth Social missive. If there's one principle Trump reliably holds, it's this: Never. Stop. Posting.

**The Border Czars**

The Trump administration's brutal, indiscriminate assault on people not born in the US (and even some who were) defined 2025 life in America: masked agents in riot gear lurking the streets, racially profiling pedestrians, and disappearing friends and loved ones into the bureaucratic tar pit of Immigration and Customs Enforcement and Customs and Border Protection custody. At the center of this profound remaking of America are White House adviser Stephen Miller and Department of Homeland Security secretary Kristi Noem.

As deputy chief of staff for policy, Miller is widely considered the "architect" of Trump's anti-immigrant enforcement actions. He's the person who said on television that federal agents would arrest 3,000 people a day—an alleged "quota" that the administration denied existed, at least when forced to confront it in court. Without Miller, it's feasible your social networks—online and off—would be far less saturated with news and videos of lives being torn apart.

Noem, meanwhile, has become the face of the administration's anti-immigrant enforcement policies. The DHS head oversees both ICE and CBP and is thus directly responsible for how the crackdown on immigrants is conducted. This includes greater social media surveillance, a face recognition app that runs people through government databases, and casting public accountability of federal agents as illegal “doxing.” Under Noem, CBP has even proposed subjecting travelers to the US to a review of five years of social media posts.

**DOGE**

It sounds like the premise of a sleazy cyberpunk novel: A team of largely young, inexperienced operatives connected to some of the most powerful men alive bypass normal background checks to access some of the US government’s most sensitive systems. One of their apparent main goals? Wiring together datasets to create a master database that could be used for a surveillance tool of unprecedented scope.

This is, of course, what actually happened this year, as Elon Musk’s so-called Department of Government Efficiency (DOGE) seized control over much of the federal bureaucracy.

The Most Dangerous People on the Internet in 2025

The future of conflict is cheap, rapidly manufactured, and tough to defend against.

In 2026, we won’t see terrorism incidents similar to 9/11, when hijacked airplanes struck the World Trade Center, or the Oklahoma City bombing, when ammonium nitrate–packed trucks leveled federal buildings. Instead, the next act of terror will begin with the buzzing sound of the drone rotors spinning at 5,000 rpm, audible only seconds before the swarm will reach its target.

In recent years, drones have become an integral part of modern warfare. On the battlefield, we've undeniably entered the age of precise mass in conflict, where low-cost attributable drones, powered by widely available commercial technology, open software, and AI, are now the most effective weapons. They can be hidden in plain sight and then launched to destroy targets thousands of miles away from active battlefields. In June 2025, for instance, they were used by Ukraine to destroy 10 percent of Russia's bombers on the tarmac as part of Operation Spider Web. That same month, Israel also launched clandestine drone attacks from within Iran to destroy military and nuclear sites. In April, Houthi rebels used drones and cruise missiles to attack the USS _Harry Truman_—a Nimitz-class aircraft carrier—in the Red Sea. The carrier swerved so hard to avoid being struck, it tumbled a $56 million F-18 off its deck.

It is certain that in 2026 we will see a drone attack in the United States, against either civilian or military targets.

Like the attacks of 9/11, the surprise will turn out not to be a surprise. The offensive and defensive power of low-cost commercial drones was known by the US military as early as 2017. In that year, Defense Innovation Unit, the Pentagon’s Silicon Valley Office, established the military’s first commercial drone unit, with the support of the then–secretary of defense James Mattis. Named Rogue Squadron, it conducted mock drone fights in parking lots and created the first mass adoption program within the military for commercial drones, called Blue UAS (unmanned aerial system).

Yet today, because of bureaucratic inertia and the accelerating drone capability by foreign adversaries, the US stands defenseless. Currently, no US military installation can reliably repel a complex drone attack like Ukraine’s assault of Russian nuclear bombers. Our civilian infrastructure is even less protected.

Yet the 2025 DoD budget has just $350M for tactical level UAS systems. With this funding, DoD is only expecting to field about 4,000 UASs, bringing the average cost per system close to $100,000. The larger drone factories in Ukraine can produce thousands of “first person viewer” (FPV) drones per day, at a cost of a few hundred dollars a piece. The Ukrainian military delivers to the battlefield 200,000 FPV drones per month and plans to expand production to 4,500,000 FPV drones per year by the end this year.

Commanders badly want autonomous weapons now. “I want to turn the Taiwan Strait into an unmanned hellscape,” Pacific Commander Admiral Paparo told The Washington Post. New American defense companies, founded mostly in California, like Anduril, Neros, and Skydio, are producing drones approaching the cost and lethality of those made in Ukraine. But the Pentagon is still buying the vast majority of its weapons systems from traditional defense companies who build large, expensive systems slowly. Nimble, venture-backed defense startups account for less than 1 percent of the Defense Department spend.

The Pentagon is emerging from its hibernation. The Replicator initiative, begun in 2023, is now fielding autonomous systems and integrating them into battle plans for Europe and the Pacific. In July, 2025, Secretary of Defense (or Secretary of War) Pete Hegseth directed the department to speed the production of tactical UAVs. Congress increased the Defense Innovation Unit’s budget to nearly $2 billion. The Army, too, is seeking to equip its combat divisions with 1,000 drones each and surging resources into drone defense. "We don't want to continue to buy VCRs just because that's what people are producing," said Army chief of staff Randy George.

Still, we must accelerate this change as the historically slow pivot in strategy and resources toward drones has opened a gaping vulnerability in our defense. The barn door will be open for a year or more as security agencies rush to deploy robust drone defenses. The next year wil be one in which heightened domestic political tensions at home and geopolitical conflicts abroad give many with motives the opportunity to do harm. We will be lucky if a foreign adversary or domestic terrorist doesn’t seek to exploit it.

The US Must Stop Underestimating Drone Warfare

Big AI companies courted controversy by scraping wide swaths of the public internet. With the rise of AI agents, the next data grab is far more private.

For years, the cost of using “free” services from Google, Facebook, Microsoft, and other Big Tech firms has been handing over your data. Uploading your life into the cloud and using free tech brings conveniences, but it puts personal information in the hands of giant corporations that will often be looking to monetize it. Now, the next wave of generative AI systems are likely to want more access to your data than ever before.

Over the past two years, generative AI tools—such as OpenAI’s ChatGPT and Google’s Gemini—have moved beyond the relatively straightforward, text-only chatbots that the companies initially released. Instead, Big AI is increasingly building and pushing toward the adoption of agents and “assistants” that promise they can take actions and complete tasks on your behalf. The problem? To get the most out of them, you’ll need to grant them access to your systems and data. While much of the initial controversy over large language models (LLMs) was the flagrant copying of copyrighted data online, AI agents’ access to your personal data will likely cause a new host of problems.

“AI agents, in order to have their full functionality, in order to be able to access applications, often need to access the operating system or the OS level of the device on which you’re running them,” says Harry Farmer, a senior researcher at the Ada Lovelace Institute, whose work has included studying the impact of AI assistants and found that they may cause “profound threat” to cybersecurity and privacy. For personalization of chatbots or assistants, Farmer says, there can be data trade-offs. “All those things, in order to work, need quite a lot of information about you,” he says.

While there’s no strict definition of what an AI agent actually is, they’re often best thought of as a generative AI system or LLM that has been given some level of autonomy. At the moment, agents or assistants, including AI web browsers, can take control of your device and browse the web for you, booking flights, conducting research, or adding items to shopping carts. Some can complete tasks that include dozens of individual steps.

While current AI agents are glitchy and often can’t complete the tasks they’ve been set out to do, tech companies are betting the systems will fundamentally change millions of people’s jobs as they become more capable. A key part of their utility likely comes from access to data. So, if you want a system that can provide you with your schedule and tasks, it’ll need access to your calendar, messages, emails, and more.

Some more advanced AI products and features provide a glimpse into how much access agents and systems could be given. Certain agents being developed for businesses can read code, emails, databases, Slack messages, files stored in Google Drive, and more. Microsoft’s controversial Recall product takes screenshots of your desktop every few seconds, so that you can search everything you’ve done on your device. Tinder has created an AI feature that can search through photos on your phone “to better understand” users’ “interests and personality.”

Carissa Véliz, an author and associate professor at the University of Oxford, says most of the time consumers have no real way to check if AI or tech companies are handling their data in the ways they claim to. “These companies are very promiscuous with data,” Véliz says. “They have shown to not be very respectful of privacy.”

The modern AI industry has never really been respectful of data rights. After the machine-learning and deep-learning breakthroughs of the early 2010s showed that the systems could produce better results when they are trained on more data, the race to hoover up as much information as possible intensified. Face recognition firms, such as Clearview, scraped millions of photos of people from across the web. Google paid people just $5 for facial scans; official government agencies allegedly used images of exploited children, visa applicants, and dead people to test their systems.

Fast forward a few years, and data-hungry AI firms scraped huge swaths of the web and copied millions of books—often without permission or payment—to build the LLMs and generative AI systems they’re currently expanding into agents. Having exhausted much of the web, many companies made it their default position to train AI systems on user data, making people opt out instead of opt in.

While some privacy-focused AI systems are being developed, and some privacy protections are in place, much of the data processing by agents will take place in the cloud, and data moving from one system to another could cause problems. One study, commissioned by European data regulators, outlined a host of privacy risks linked to agents, including: how sensitive data could be leaked, misused, or intercepted; how systems could transmit sensitive information to external systems without safeguards in place; and how data handling could rub up against privacy regulations.

“Even if, let's say, you genuinely consent and you genuinely are informed about how your data is used, the people with whom you interact might not be consenting,” Véliz, the Oxford associate professor, says. “If the system has access to all of your contacts and your emails and your calendar and you’re calling me and you have my contact, they're accessing my data too, and I don't want them to.”

The behavior of agents can also threaten existing security practices. So-called prompt-injection attacks, where malicious instructions are fed to an LLM in text it reads or ingests, can lead to leaks. And if agents are given deep access to devices, they pose a threat to all data included on them.

“The future of total infiltration and privacy nullification via agents on the operating system is not here yet, but that is what is being pushed by these companies without the ability for developers to opt out,” Meredith Whittaker, the president of the Signal Foundation, which runs the encrypted Signal messaging app, told WIRED earlier this year. Agents that can access everything on your device or operating system pose an “existential threat” to Signal and application-level privacy, Whittaker said. “What we’re calling for is very clear developer-level opt-outs to say, ‘Do not fucking touch us if you’re an agent.’”

For individuals, Farmer from the Ada Lovelace Institute says many people have already built up intense relationships with existing chatbots and may have shared huge volumes of sensitive data with them during the process, making them different from other systems that have come before. “Be very careful about the quid pro quo when it comes to your personal data with these sorts of systems,” Farmer says. “The business model these systems are operating on currently may well not be the business model that they adopt in the future.”

The Age of the All-Access AI Agent Is Here

The New York Police Department's “mosque-raking” program targeted Muslim communities across NYC. Now, as the city's first Muslim mayor takes office, one man is fighting—again—to fully expose it.

A New Jersey man who previously sued the New York City Police Department in an unsuccessful quest to find out whether the NYPD’s Intelligence Division spied on him and fellow Muslims as part of its notorious and expansive “mosque-raking” program during the Michael Bloomberg era has filed a new open-records lawsuit against the city over spying claims, according to information exclusively provided to WIRED.

The lawsuit will pose a test for mayor-elect Zohran Mamdani’s law enforcement policies, as he spoke out vocally against the NYPD’s spying on Muslim New Yorkers during a successful election campaign that coaxed those very communities to turn out in record numbers.

Samir Hashmi, a New Jersey resident, was part of the Rutgers Muslim Student Association during the late 2000s. The Rutgers MSA was one of dozens of organizations infiltrated by the NYPD, according to an Associated Press investigation in 2011 that relied on leaked documents outlining the infiltration operations. Following rounds of negative publicity and a civil rights suit that was settled in 2018, the NYPD “demographics unit” was disbanded. Hashmi did not sign on to the settlement and lost his original open-records case in 2018, when a 4-3 Court of Appeals decision affirmed the NYPD’s ability to use a “Glomar” response to his request for documents about the mosque-raking program, neither confirming nor denying the existence of such records.

Hashmi filed a new set of record requests under the New York Freedom of Information Law in February asking for a narrower set of records than his previous request—weekly intelligence summaries, profiles of specific organizations targeted by the Intelligence Division, and reports on particular mosques—pertaining to community and religious organizations he participated in from 2006 through 2008. His petition, filed in December after the NYPD rejected his FOIL and subsequent appeal, cites specific intelligence reports from that period published 14 years ago by the Associated Press.

In an interview, Hashmi told WIRED he was motivated by the loss of his father as well as his co-plaintiff in his original suit, Harlem Imam Talib Abdur-Rashid (who passed away in November 2025), to take a second crack at uncovering the truth about the NYPD’s spying operations targeting Arab and Muslim organizations and communities in New York City, the surrounding states, and elsewhere in the United States.

A firm supporter of Mamdani, Hashmi said he restarted his research into the Intelligence Division’s activities in New York and the surrounding areas in 2023, prompted by the NYPD’s violent crackdown on a series of protests in the past three years that are now the subject of a pair of lawsuits alleging rampant First and Fourteenth Amendment violations. However, it was Mamdani’s decision to retain Jessica Tisch as police commissioner shortly after his election victory that pushed Hashmi into action.

“When I found out that Jessica Tisch’s background was in the NYPD Intelligence Division, that absolutely rang alarm bells in my mind,” Hashmi said. “I knew that was an immediate no for me.”

The NYPD’s blanket surveillance of local Muslim and Arab communities following the September 11, 2001, attacks is infamous in certain corners of the city, as the department’s Intelligence Division took on the operational posture and methodology of a national security directorate. The demographics unit mapped out New York City’s various ethnic enclaves of Muslim and Middle Eastern communities, while undercover cops and informants infiltrated mosques, cafés, soccer leagues, and student associations to catch alleged terrorist plots before they came to fruition. Despite the manpower and funding devoted to the spying program, the NYPD’s demographics unit failed to generate a single lead on potential terrorism plots, by the department's own admission.

Even though the mosque raking program was halted over a decade ago, and Mamdani, NYC’s first Muslim mayor, will be sworn in on January 1, Islamophobia is still prevalent among segments of the city. Just this month, the police commissioner’s brother called Mamdani an “enemy” of the Jewish people, and Queens councilwoman Vickie Paladino within the past month posted anti-Muslim screeds on social media, including a call for the “expulsion of Muslims from western nations.” While Paladino deleted the initial posts, she told reporters, “They can call me Islamophobic if they want—the word has no meaning whatsoever. This isn’t 2008.” The same week, Paladino published an op-ed in the Queens Jewish Link repeating her call for “massive sweeps of Muslim neighborhoods.”

“This conversation needs to happen now, at this moment. There needs to be a reckoning for what they did and what they’re still doing,” Hashmi said, noting that Mamdani appeared at his co-plaintiff’s funeral prayer and made a vow to continue the imam’s work. “One of Imam Talib’s many legacies is this lawsuit. So if he’s honest about continuing the work that Imam Talib was doing, then he’s not going to let the NYPD fight me on this,” he said.

The NYPD and mayor-elect Mamdani did not respond to requests for comment.

Hashmi’s allegations of ongoing surveillance echo comments in federal court in early 2025 by Muhammad Faridi, the civilian representative to the NYPD’s consent decree who oversees its political surveillance operations. Faridi said Muslim communities have continually reported being questioned by unidentified law enforcement agents. The report also points out that the local Joint Terrorism Task Force is not bound by the court strictures on NYPD surveillance.

“Muslims are still the overwhelming category of these investigations, and there’s a whole joint terrorism task force that gets to skirt these rules,” Hashmi said.

NYPD Intel’s Muslim spying program seems to be radioactive even among fellow law enforcement. A 2011 email allegedly from an unnamed FBI official to an intelligence firm executive unearthed in 2012 by Wikileaks and Truthout, still makes for astonishing reading 13 years later.

“I keep telling you, you and I are going to laugh and raise a beer one day, when everything Intel has been involved in during the last 10 years comes out—it always eventually comes out,” the FBI official wrote. They are going to make \[former FBI director J. Edgar\] Hoover, COINTEL, Red Squads, etc look like rank amatures \[sic\] compared to some of the damn right felonious activity, and violations of US citizen’s rights they have been engaged in.”

Almost two decades after he believes the NYPD began spying on him, Hashmi wants New York City’s newest mayor to pull back the veil on what he believes to be the NYPD’s post-9/11 abuses and fully account for the Intelligence Division’s alleged past activities.

“Why is NYPD still fighting a glorified Sunday school teacher so hard after 20 years?” Hashmi said. “What do they have to hide?”

NYPD Sued Over Possible Records Collected Through Muslim Spying Program

Online black markets once lurked in the shadows of the dark web. Today, they’ve moved onto public platforms like Telegram—and are racking up historic illicit fortunes.

When black markets for drugs, guns, and all manner of contraband first sprang up on the dark web more than a decade ago, it seemed that cryptocurrency and the technical sophistication of the anonymity software Tor were the keys to carrying out billions of dollars worth of untouchable, illicit transactions online.

Now, all of that looks a bit passé. In 2025, all it takes to get away with _tens_ of billions of dollars in black-market crypto deals is a messaging platform willing to host scammers and human traffickers, enough persistence to relaunch channels and accounts on that service when they’re occasionally banned, and fluency in Chinese.

The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief drop after Telegram banned two of the biggest such markets in early 2025, the two current top markets, known as Tudou Guarantee and Xinbi Guarantee, are together enabling close to $2 billion a month in money-laundering transactions, sales of scam tools like stolen data, fake investment websites, and AI deepfake tools, as well as other black market services as varied as pregnancy surrogacy and teen prostitution.

The crypto romance and investment scams regrettably known as “pig butchering”—carried out largely from compounds in Southeast Asia staffed with thousands of human trafficking victims—have grown to become the world’s most lucrative form of cybercrime. They pull in around $10 billion annually from US victims alone, according to the FBI. By selling money-laundering services and other scam-related offerings to those operations, markets like Tudou Guarantee and Xinbi Guarantee have grown in parallel to an immense scale.

“When you consider illicit use of crypto assets, there really isn’t anything larger right now,” says Tom Robinson, Elliptic’s cofounder and chief scientist.

In fact, these criminal trading zones aren’t simply the biggest online black markets of the moment, but the biggest in history. AlphaBay was once the biggest dark-web market for drugs, stolen data, and hacking tools. Described by the FBI as 10 times the size of the original Silk Road dark-web drug market at its peak, AlphaBay facilitated more than $1 billion in transactions over its two and a half years online. Hydra, a Russian dark-web market that also offered money-laundering services to cryptocurrency thieves and ransomware groups, did more than $5 billion in transactions over its seven years of operation.

By comparison, Huione Guarantee, the Chinese-language, Telegram-based market used largely by crypto scammers, facilitated a stunning $27 billion in transactions from 2021 to 2025, according to Elliptic, dwarfing every online black market before it, even as it operated in full public view on Telegram’s messaging platform. Elliptic has called it simply “the largest illicit online marketplace to have ever operated.”

WIRED reached out on Telegram to administrators of both Tudou Guarantee and Xinbi Guarantee for comment but didn’t receive a response.

In May, Telegram seemed to finally take action, banning Huione Guarantee—which had rebranded as Haowang Guarantee—after it was named as a money-laundering operation by the US Treasury’s Financial Crimes Enforcement Network. But since then, Tudou Guarantee, in which Haowang Guarantee owns a stake, has grown to fill that same position. Elliptic now measures its transactions at $1.1 billion a month, close to Haowang’s $1.4 billion a month. The second-biggest crypto scam market, Xinbi Guarantee, has meanwhile grown to $850 million a month—despite also being banned in May and relaunching—adding up to more total market volume than ever. And those two black markets are just two of around 30 that Elliptic tracks, together carrying out tens of billions of dollars in annual transactions.

When WIRED wrote to Telegram in June to point out how these markets had rebuilt their criminal empires in plain sight—in fact, a WIRED reporter had even been present in a Telegram channel where Elliptic shared its findings about Tudou Guarantee’s and Xinbi Guarantee’s rebound with Telegram corporate contacts—the company responded that it had decided not to ban the markets again, arguing that they offered an outlet for Chinese users looking for financial freedom from “capital controls” that “often leave citizens with little choice but to seek alternative avenues for moving funds internationally.” “We assess reports on a case-by-case basis and categorically reject blanket bans—particularly when users are attempting to circumvent oppressive restrictions imposed by authoritarian regimes,” Telegram’s June statement to WIRED continued. “We remain unwavering in our commitment to safeguarding user privacy and defending fundamental freedoms, including the right to financial autonomy.”

But Elliptic and other scam-industry analysts have rejected that argument, pointing out that the vast majority of activity in markets like Tudou Guarantee and Xinbi Guarantee is criminal. Aside from scam-related services, they also sell prostitution—posts on Xinbo include suggestions of sex trafficking of minors in posts advertising “lolita” or “young girl” sex workers. The scam operation customers they service, too, are widely documented to use forced laborers in often brutal, modern slavery compounds.

“They have the ability to shut down a scam economy and the trafficking of human beings. Instead, they’re hosting Craigslist for crypto scammers,” says Erin West, a former Santa Clara County, California, prosecutor who now leads the Operation Shamrock anti-scam organization. “These are bad guys enabling bad-guy business on their bad-guy platform.”

Aside from Telegram, the cryptocurrency Tether also plays a key role in scam markets—the popular “stablecoin” is the preferred tool for all of the markets’ money-laundering transactions. Unlike most crypto, Tether has a centralized structure that would allow the company—also called Tether—that backs that digital currency to seize or freeze funds at will, yet it has rarely interfered with the vast money flows it enables.

Neither Telegram nor Tether responded to WIRED’s requests for comment on their roles in enabling Tudou Guarantee and Xinbi Guarantee’s black market transactions.

Tether and Telegram’s efforts to combat the ballooning scam industry’s use of their tools is comparable to Southeast Asian law enforcement’s minimal, often performative shows of raiding scam compounds, only to allow them to rebuild and resume operation, argues Jacob Sims, a visiting fellow at Harvard’s Asia Center who focuses on transnational crime. “There is impunity on all levels that prevents any meaningful disruption,” says Sims.

Sims argues that only focused and cooperative international government and law enforcement pressure, comparable to the global effort to combat terrorism or drug trafficking, will change that lax approach, including from companies that are facilitating the scam epidemic.

The response to this ballooning scam industry “hasn’t risen to that level of coordination and urgency yet,” Sims says. “And it needs to before we see this thing prioritized at the level that is actually commensurate with the damage it’s causing.”

Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever

Here’s how a fake clip from 2019 wound up in the latest Justice Department Epstein files dump.

An unlabeled video from the most recent release of Jeffrey Epstein files from the Department of Justice is circulating on social media. While the 12-second video purports to show Epstein’s suicide in his prison cell, the preceding document in the production makes clear that it did not originate from the DOJ itself.

“Came across a purported video of Epstein's suicide (leaked by anonymous source),” the email reads, referencing an attachment and linking to a Google Drive file. “Is this real???”

WIRED spoke with the owner of the phone number listed on the website included in the email’s signature. Ali Kabbaj, who identified himself as an independent journalist, said that he found the video on the dark web and sent it to federal investigators in 2021 for confirmation. He says he never got a reply.

“I’m shocked I’m in these files,” he told WIRED.

The video first surfaced when Drop Site News shared it on X as “a 12 second video from 4:29 am on the day Jeffrey Epstein died.” While this latest round of Epstein files aren’t yet on the DOJ’s website, they had apparently guessed the link by following the URL formatting of previous releases. WIRED identified the email associated with the video by following that same formatting to view the preceding file.

The link to the video file on the DOJ’s website now seems to be broken, but the footage appears to match a video that appeared on YouTube in 2019. The person who uploaded the video describes its contents as “rendering 3D graphics.” DOJ did not return an immediate request for comment on why the link was no longer working, but over the weekend the department removed several other files from its website for additional review and redaction.

In a June 2023 report on Jeffrey Epstein’s time in prison, the DOJ’s Office of the Inspector General concluded that there was no video camera in Epstein’s cell. Indeed, on the night Epstein died, “​​recorded video evidence … for the SHU area where Epstein was housed was only available from one prison security camera due to a malfunction of MCC New York’s Digital Video Recorder system that occurred on July 29, 2019.” New York City’s chief medical examiner ruled Epstein’s death a suicide in August 2019.

Still, conspiracy theories have followed Epstein’s death, fueled in part by the circumstances of what video evidence is available. In July, the DOJ released what it described as “full raw” surveillance footage from the prison camera that was operational. As WIRED first reported, metadata indicated that the footage had instead been modified. Further WIRED analysis revealed that the video was in fact two clips that had been stitched together, cutting out nearly three minutes of footage in the process.

The Epstein Files Transparency Act requires that the DOJ publish all unclassified records in its possession related to the investigation and prosecution of Epstein. So far, the files the DOJ has released include photos of Epstein’s island home and Manhattan townhouse, Epstein associates including Ghislaine Maxwell and former US president Bill Clinton, and various travel records and grand jury materials.

The ‘Epstein’s Suicide’ Video in the Latest DOJ Release Isn’t What It Seems

The DOJ says it still has “hundreds of thousands” of pages to review, as the latest Epstein files release spurred more pushback from Democratic lawmakers and other critics of the administration.

Over the weekend, the Justice Department released three new data sets comprising files related to Jeffrey Epstein. The DOJ had previously released nearly 4,000 documents prior to the Friday midnight deadline required by the Epstein Files Transparency Act.

As with Friday's release, the new tranche appears to contain hundreds of photographs, along with various court records pertaining to Epstein and his associates. The first of the additional datasets, Data Set 5, is photos of hard drives and physical folders, as well as chain-of-custody forms. Data Set 6 appears to mostly be grand jury materials from cases out of the Southern District of New York against Epstein and his coconspirator, Ghislaine Maxwell. Data Set 7 includes more grand jury materials from those cases, as well as materials from a separate 2007 Florida grand jury.

Data Set 7 also includes an out-of-order transcript between R. Alexander Acosta and the DOJ’s Office of Professional Responsibility from 2019. According to the transcript, the OPR was investigating whether attorneys in the Southern District of Florida US Attorney’s Office committed professional misconduct by entering into a non-prosecution agreement with Epstein, who was being investigated by state law enforcement on sexual battery charges. Acosta was the head of the office when the agreement was signed.

Leading up to the deadline to release materials, the DOJ made three separate requests to unseal grand jury materials. Those requests were granted earlier this month.

The initial release of the Epstein files was met with protest, particularly by Epstein victims and Democratic lawmakers. “The public received a fraction of the files, and what we received was riddled with abnormal and extreme redactions with no explanation,” wrote a group of 19 women who had survived abuse from Epstein and Maxwell in a statement posted on social media. Senator Chuck Schumer said Monday that he would force a vote that would allow the Senate to sue the Trump administration for a full release of the Epstein files.

Along with the release of the new batch of files over the weekend, the Justice Department also removed at least 16 files from its initial offering, including a photograph that depicted Donald Trump. The DOJ later restored that photograph, saying in a statement on X that it had initially been flagged “for potential further action to protect victims.” The post went on to say that “after the review, it was determined there is no evidence that any Epstein victims are depicted in the photograph, and it has been reposted without any alteration or redaction.”

The Justice Department acknowledged in a fact sheet on Sunday that it has “hundreds of thousands of pages of material to release,” claiming that it has more than 200 lawyers reviewing files prior to release.

The Justice Department Released More Epstein Files—but Not the Ones Survivors Want

Plus: Cisco discloses a zero-day with no available patch, Venezuela accuses the US of a cyberattack, and more.

Federal contracting records reviewed by WIRED this week show that United States Customs and Border Protection is transitioning from testing small drones to using them as standard surveillance tools, a move that will further expand CBP’s already extensive dragnet that in some cases extends far beyond US land borders.

Meanwhile, US Immigration and Customs Enforcement is planning to incorporate a broad cybersecurity contract that will include expanding employee surveillance and monitoring. The move comes as the US government is escalating leak investigations and condemning internal dissent.

The Chinese-language artificial intelligence app Haotian can be used to create “nearly perfect” face swaps during live video chats, and it is a favorite tool of Southeast Asian scammers. A WIRED investigation along with independent research indicates that the company has actively marketed its tools to scammers, often via Telegram. Haotian’s main Telegram channel vanished after WIRED contacted Telegram for comment.

Fraudsters in China are using AI-generated images of supposedly defective products and services gone awry—from dead crabs to shredded bed sheets—to convince ecommerce sites to give them refunds.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The hacker collective known as the Com has rampaged across the internet for years, breaching hundreds of companies for nihilistic fun and profit. Now they’ve hit a particularly large and sensitive trove of highly personal data: user records for PornHub, the world’s biggest porn site.

ShinyHunters, a subgroup within the Com, appears to have stolen more than 200 million records for PornHub premium users, a total of 94 gigabytes of data detailing users’ histories on the site linked to their account information, including email addresses. According to a public statement from PornHub, the data appears to have been taken from MixPanel, a data analytics firm the porn site used until 2021, suggesting the breached data may be four years old or older. BleepingComputer, the media outlet that broke the news of the breach, reports that PornHub has received extortion emails from the hackers over the last week. No doubt quite a few of the site’s users are hoping PornHub will pay—and that ShinyHunters will keep their personal browsing private.

**Venezuela Blames the US for a Cyberattack on Its State Oil Firm**

Venezuela's state oil company, Petróleos de Venezuela (PDVSA), says a cyberattack disrupted its administrative systems shortly after the US military seized a tanker carrying nearly 2 million barrels of Venezuelan crude. In a public statement, PDVSA said operations continued, but it accused the US of orchestrating the intrusion as part of a broader campaign against the country's energy sector. Reporting by Reuters suggests the attack may have been more damaging than PDVSA acknowledged, temporarily halting oil cargo deliveries and taking internal systems entirely offline.

The episode followed an unusual escalation by Washington in its ongoing standoff with Caracas, which has been marked by dueling claims over sovereignty and security, and by maritime strikes and seizures targeting vessels that US officials have linked to criminal networks operating under the protection of Venezuelan president Nicolás Maduro—an allegation for which the Trump administration has presented no public evidence.

**Hackers Have Exploited a Cisco Zero-Day Since November—And Still No Patch**

Network “edge” devices like routers, VPNs, and firewalls have become a prime target for hackers hunting for inroads to breach their targets. So the news of an unpatched, critical security vulnerability in a range of Cisco products represents a feeding frenzy—and one that network intruders have quietly enjoyed for weeks. Cisco’s Talos research team this week revealed a zero-day in Cisco’s Secure Email Gateway and Secure Email and Web Manager products that use its AsyncOS software, noting that it had been exploited since late November by hackers who appear to be a Chinese state-sponsored group. Worse still, Cisco doesn’t appear to have a patch ready to fix the vulnerability even now.

A Cisco advisory notes, however, that the vulnerability lies in the devices “spam quarantine” feature, which isn’t exposed on the internet by default and can be taken offline as a mitigation measure until a patch is available. “We strongly urge customers to follow guidance in the advisory to assess any exposure and mitigate risk,” reads a statement from Cisco. “Cisco is actively investigating the issue and developing a permanent remediation.”

**Two Cybersecurity Firm Staffers Plead Guilty to Ransomware Attacks**

Plenty of cybersecurity professionals must have entertained the thought that it’s more lucrative on the dark side. But two men who worked at the cybersecurity companies Sygnia Consulting and DigitalMint actually decided to try it. After launching their own ransomware campaign that went as far as extracting a million dollars from a Florida medical device company, they’ve now pleaded guilty to hacking charges. Ryan Clifford Goldberg worked for Israeli firm Sygnia as an incident responder, while Kevin Tyler Martin worked for US cybersecurity company DigitalMint as, ironically, a ransomware negotiator, while also allegedly acting as an affiliate of the notorious ALPHV ransomware gang. A third alleged co-conspirator is mentioned in court filings but wasn’t charged in the case.

Hackers Stole Millions of PornHub Users’ Data for Extortion

From photos of former president Bill Clinton to images of strange scrapbooks, the Justice Department’s release is curious but far from revelatory.

The United States Department of Justice on Friday published the first of an unknown number of releases of documents related to infamous sex offender Jeffrey Epstein. The nearly 4,000 files contain a hodgepodge of photos, handwritten notes, and more. What they do not contain are any clear revelations about who else may be criminally implicated in Epstein’s abuse network.

Released in four volumes, the 3,951 documents the DOJ included in Friday’s release represent only a fraction of the files the department is required to release under the Epstein Files Transparency Act. Democratic lawmakers scolded the DOJ for withholding large portions of its archive, accusing the department of failing to comply with the law’s disclosure mandate.

The documents the Justice Department did release contain hundreds of images of Epstein and Ghislaine Maxwell, his onetime girlfriend and convicted accomplice in a yearslong sex trafficking operation, along with other associates, celebrities, and politicians. Despite long-standing scrutiny of Donald Trump’s social ties to Epstein, the president appears only sporadically in the initial release of material—for instance, in a framed photo on top of a dresser showing him and Melania Trump with Epstein.

It is currently unclear when the DOJ will release additional documents or what will be included in any subsequent releases. CNN has reported on frustrations within the DOJ over the allegedly vague guidance lawyers responsible for redacting the material were given, while Fox News has reported that the same standards used to protect victims were applied to “politically exposed individuals and government officials.” For now, here’s a rundown of what you’ll find in the DOJ’s December 19 trove.

**Volume 1**

The first batch of documents the DOJ released contains 3,158 images of the inside of Epstein’s Manhattan townhouse and Virgin Islands compound. These include several photographs of a painting of Bill Clinton wearing a blue dress and red high heels mounted next to a framed, handwritten letter, the author of which can’t be made out. There are also dozens of photos of Epstein with women and, in at least two cases, what appear to be babies; their faces are redacted.

One photo is of a binder marked Black Family Trustee Meeting November 21, 2014; another appears to be of a Bank of America statement from 2011 for an account purportedly bearing the names of financier Leon Black as well as his wife Debra Black and a former employee. (Another set of images shows a note signed by a person with the same first name as the former employee along with a ledger of expenses from late 2011 into early 2012.) Other noteworthy documentation relates to Epstein’s placement on a sex offenders registry and a 2019 note from the acting US attorney for the US Virgin Islands informing him that he would need to comply with certain travel restrictions despite previous “provisions.”

The redactions are inconsistent. In a handwritten note to Epstein, a signature is redacted, while in another image of that same note, the name “Kathe” is visible. A calligraphed note, seemingly written by a young woman and thanking Epstein for taking her and her sister on several “adventures,” has the signature redacted, but an envelope in a similar hand bears the name of the sender.

Much of the imagery is familiar from previous releases, and includes things like a photo of a stuffed tiger, a photo of a framed Times of London cover of Princess Diana placed at the back of a closet, photos of the many paintings of nude women in Epstein’s townhouse, and framed photos of Epstein associates like Trump and Woody Allen.

**Volume 2**

The second volume contains 574 photos and one four-second video. Many of the photos feature Epstein and Maxwell in various locations. Several celebrities and politicians also appear in the photos, including actors Chris Tucker and Kevin Spacey, singer Michael Jackson, and Rolling Stones guitarist Keith Richards—none of whom appear in suspicious or compromising positions.

However, Bill Clinton appears multiple times in the second batch of images. In one photo, he is shirtless in a pool with a woman whose identity has been redacted; a photo that appears to have been taken at the same location shows Clinton and Maxwell in the pool. Clinton also appears in multiple photos with women whose identities have been redacted.

Clinton took four trips with Epstein in 2002 and 2003, including a humanitarian trip to Africa and London. During a portion of that trip, he was accompanied by Tucker and Spacey, according to The New York Times.

(Clinton spokesperson Angel Ureña released a statement reading, in part, “They can release as many grainy 20-plus-year-old photos as they want, but this isn't about Bill Clinton.”)

Dozens of photos feature Jean-Luc Brunel, a modeling agent and close friend of Epstein’s. The photos show Brunel with Epstein and Maxwell in multiple locations, as well as aboard what appears to be Epstein’s infamous private jet. In several images, Maxwell is seen massaging Brunel’s feet and sticking one foot between her breasts.

Brunel was arrested by French authorities in 2020 as part of a sex trafficking and sexual assault investigation into Epstein, and charged with rape of minors over 15 and sexual harassment. Brunel denied any wrongdoing. In 2022, Brunel was found dead, hanged in his jail cell.

**Volume 3**

The third volume contains several hundred photos. One of those, which appears to have been framed, shows a man who appears to be Prince Andrew posing on his side on the laps of at least four women, whose faces are all redacted. A smiling Maxwell, and a woman whose face is redacted, stand in the background.

Many of the photos, however, may have been printed out as they appeared in digital storage, since the individual photo names, the file extensions, and album names are all visible. Many images with those markers include Clinton, and several were seemingly taken on a group vacation to Thailand that Clinton is alleged to have taken with Epstein and Maxwell. Clinton also joined the couple for at least one leg of a multiple-destination vacation that stopped in China, Paris, and Stockholm, another that stopped in New York, Los Angeles, and London, another trip to Africa and London, and another trip to Morocco. In one photo, Clinton is shown with a woman, whose face is redacted, sitting on Clinton’s lap.

Many photos show the faces of individuals that are unredacted but not clearly discernible, and several appear to have been taken on one of Epstein's group vacations with Clinton.

Several of the photos were attached to written notes from an interview with a woman who described being assaulted by Epstein several times when she was a minor, and who seemingly provided those photos to investigators. One photo shows a middle-aged man, whose face is redacted in some but not all photos, on a trip to what a woman told investigators was Disney World with Epstein and a young child. In one of the photos, the two men pose with the young child and an actor dressed as Piglet. The woman told investigators that she didn’t know who the man was, but that she had taken the photos.

One PDF shows what appears to be a scrapbook commemorating an anniversary of some kind in September 2007. The scrapbook features Epstein posing in several photos with a woman whose face is redacted. The first page includes several photos of a girl or young woman and handwritten text reading, “Once upon a time… …there was a clueless little girl…” The second page shows cut-out photos arranged so that it looks as if Epstein is ogling the young woman adjusting her athletic wear. Consequent pages seem to convey that the girl eventually began traveling around the world with Epstein to at least four countries and territories, and spent at least one Christmas with him. A few pages show Epstein smiling with a clay or mud mask on his face, alongside jokes about fighting and later making amends.

Throughout the files, law enforcement included blue papers claiming that one or several photos were not scanned because they contained what investigators labeled as child sexual abuse material (CSAM). However, several of the photos that were ultimately scanned include individuals who are either nude or slightly clothed, with certain portions of the images redacted. Other photos appear to show physical objects that were cataloged by investigators, including sex toys and the DVD cases of commercial pornographic videos.

**Volume 4**

A fourth batch of records contains a mix of evidence inventories, retail records, and heavily redacted notes detailing what authorities collected during the investigation. They show that police logged and photographed numerous physical items from Epstein's Palm Beach residence, including a green massage table, framed photographs, and multiple adult novelty products such as vibrators and “sexy” soaps. Retail receipts document purchases from adult video stores, while Amazon order confirmations show shipments of BDSM-themed books, with titles focused on sexual dominance, submission, and erotic “training.”

The same batch also underscores the scope of evidence that exists but remains unreleased. Numerous entries are marked “ITEM WAS NOT SCANNED,” covering VHS tapes, microcassettes, MiniDV tapes, CDs, and DVDs, with some labeled as interviews, statements, voicemail messages, and other digital recordings. Other documents explicitly note the existence of what investigators say is CSAM within the case files, flagged but withheld from release.

Another document contains an early complaint alleging that Epstein possessed photographs of nude minors taken by a woman—who described them as artistic works—after she reported that he obtained the images and their negatives without her consent. The allegation, an apparent reference to a 1996 complaint famously ignored by the FBI, is presented as an unadjudicated claim documented during the initial stages of the investigation.

The batch also includes travel-related records ranging from commercial itineraries and hotel bookings to logs of repeated private-jet movements between hubs such as Teterboro, Palm Beach, and the US Virgin Islands, with recorded stops in France, Morocco, and Canada. Separate entries document international crossings through New York airports to destinations including Istanbul, Rome, Sao Paulo, Lisbon, Tel Aviv, Copenhagen, and Cancun, without identifying companions or purpose. The travel records in the documents appear to span September 2005 through 2018.

WIRED is continuing to review the newly released records and will report further findings as additional material is examined and verified.

_Additional reporting by Tim Marchman, Andrew Couts, and Matt Giles._

Source

Wired