I finally got my hands on a Flipper Zero. If you haven’t heard of it, it’s a noob-friendly version of the kind of penetration testing tools that security experts use to test the safety of systems. It packs a wide range of antennas, including RFID, sub-GHz radios, and NFC, which allows it to scan, analyze, and speak to everyday wireless devices that most of us don’t think much about.
While others have used their Flipper Zeros to test their car or hotel’s security or to make ATMs spit out cash, I had much loftier goals in mind. I got mine a few weeks before Tears of the Kingdom came out. As most Nintendo fans know, the collectible Amiibos figurines aren’t just toys. They can be used to get special rewards in games—like Link’s legendary horse Epona—and you can’t earn those rewards any other way. That’s fun for fans who can buy the figurines, but a bummer for anyone who doesn’t want to chase down collectibles just to get a special horse.
This is where my Flipper Zero comes in. I’ve been using it to score as many legendary horses as I can.
Whitehat Hacking?
Photograph: Flipper Zero
Amiibos have NFC tags in their base—specifically, NTAG215 tags that allow someone to write around 500 bytes of data. While that data is write-only, it’s not really under lock and key. Unlike, say, the NFC chip in your credit card, which has more robust security, an Amiibo can easily be read and copied.
This has led to community-driven projects around exchanging Amiibo codes. Since it’s easy to scan Amiibos, and the data they store is so small, a single 4-GB SD card could store millions of Amiibo codes. That’s a little overkill, considering there are only a couple hundred Amiibo figures in total, plus a few hundred Amiibo card codes. A complete collection of every Amiibo in existence fits into just a couple of megabytes.
Most of them aren’t very relevant to Tears of the Kingdom, but every single one will spawn at least a few generic consumable items, like meal ingredients. Zelda-themed Amiibos, of which there are 26, have better rewards, including weapons, shields, paraglider fabrics, and unique armor sets that are either exclusive to the Amiibos that spawn them or are relatively difficult to earn in game.
Each Amiibo can only be used once per day, but this limit also applies to each unique Amiibo. If you happened to have two of the same Amiibo—say, the Link figurine from Super Smash Bros. that can sometimes spawn Epona—you can use each one every day. Of course, buying multiple figures just to double your chances of spawning a horse costs a lot more than simply waiting a day. Community code collections, however, make it much easier—and cheaper—to try multiple times.
The confusion and disappointment surrounding most “metaverse” projects are so pervasive that when a video from 2017 of a Walmart VR shopping demo started trending again in January 2022, people immediately thought it was yet another metaverse demo. It also helped demonstrate how much of the current metaverse discussion is built on hype alone. Walmart’s VR shopping demo obviously never went anywhere (and for good reason). So why should anyone believe that it’s the future when Chipotle does it?
This kind of wishful-thinking-as-tech-demo leaves us in a place where it’s hard to pinpoint which aspects of the various visions of the metaverse (if any) will actually be real one day. If VR and AR headsets become comfortable and cheap enough for people to wear on a daily basis—a substantial “if”—then perhaps a virtual poker game with your friends as robots and holograms and floating in space could be somewhat close to reality. If not, well you could always play Tabletop Simulator on a Discord video call.
The flashiness of VR and AR also obscure the more mundane ways that our existing, interconnected digital world could be improved right now. It would be trivial for tech companies to invent, say, an open digital avatar standard, a type of file that includes characteristics you might enter into a character creator—like eye color, hairstyle, or clothing options—and let you take that data everywhere, to be interpreted by a game engine however it chooses. There’s no need to build a more comfortable VR headset for that.
But that’s not as fun to imagine.
What’s the Metaverse Like Right Now?
The paradox of defining the metaverse is that in order for it to be the future, you have to define away the present. We already have MMOs that are essentially entire virtual worlds, digital concerts, video calls with people from all over the world, online avatars, and commerce platforms. So in order to sell these things as a new vision of the world, there has to be some element of it that’s new.
Spend enough time having discussions about the metaverse and someone will inevitably (and exhaustingly) reference fictional stories like Snow Crash—the 1992 novel that coined the term “metaverse”—or Ready Player One, which depicts a VR world where everyone works, plays, and shops. Combined with the general pop culture idea of holograms and heads-up displays (basically anything Iron Man has used in his last 10 movies) these stories serve as an imaginative reference point for what the metaverse—a metaverse that tech companies might actually sell as something new—could look like.
That kind of hype is arguably more vital to the idea of the metaverse than any specific technology. It’s no wonder, then, that people promoting things like NFTs—cryptographic tokens that can serve as certificates of ownership of a digital item, sort of—are also latching onto the idea of the metaverse. Sure, NFTs are bad for the environment and the public blockchains most are built on come with massive privacy and security problems, but if a tech company can argue that they’ll be the digital key to your virtual mansion in Roblox, then boom. You’ve just transformed your hobby of buying memes into a crucial piece of infrastructure for the future of the internet (and possibly raised the value of all that cryptocurrency you’re holding.)
It’s important to keep all this context in mind because while it’s tempting to compare the proto-metaverse ideas we have today to the early internet and assume everything will get better and progress in a linear fashion, that’s not a given. There’s no guarantee people will even want to hang out sans legs in a virtual office or play poker with Dreamworks Mark Zuckerberg, much less that VR and AR tech will ever become seamless enough to be as common as smartphones and computers are today.
Match Group, which operates one of the world’s largest portfolios of dating apps, will soon add a new profile verification feature to its popular dating app Hinge. The feature is part of a larger effort to crack down on scammers who use fake photos and purport to be people they’re not on the app, often with the intent of eventually scheming romantic conquests out of money.
Jarryd Boyd, director of brand communications for Hinge, said in a written statement that Hinge will begin rolling out the feature, named Selfie Verification, next month. Hinge will ask users to take a video selfie within the app in order to confirm they’re a real person and not a digital fake. Match Group then plans to use a combination of machine learning technology and human moderators to “compare facial geometries from the video selfie to photos on the user’s profile,” Boyd said. Once the video is confirmed as authentic, a user gets a “Verified” badge on their Hinge profile.
The move comes after a recent WIRED story highlighting the proliferation of fake accounts on the Hinge dating app. These fake profiles are often peppered with glossy photos of attractive people, though there’s something off-putting about their perfection. The person has often “just joined” the dating app. Their descriptions of themselves or responses to prompts are nonsensical, a sign that a person may be using a translation app to try to connect with someone in their native language. And in many instances, the person on the other end of the fraudulent profile will urge their match to move the conversation off of the app—a strategy that allows them to maintain a dialogue even if the fraudster is booted off of Hinge.
By December, Selfie Verification should be available to all Hinge users worldwide, which includes people in the US, UK, Canada, India, Australia, Germany, France, and more than a dozen other countries.
“As romance scammers find new ways to defraud people, we are committed to investing in new updates and technologies that prevent harm to our daters,” Boyd said.
Hinge is one of many dating apps owned by Match Group, and it’s not the first to use a face recognition tool to try to spot fakes. Prior to this, Tinder and Plenty of Fish had photo verification tools. In August a spokeswoman from Match Group told WIRED that photographic verification would be coming to Hinge, OKCupid, and Match.com “in the coming months.”
Match Group says Hinge users will have the option to verify their profiles with a video selfie when the feature launches, and that it won’t be a requirement.
The company has also emphasized that it has a Trust & Safety team consisting of more than 450 employees who work across the company’s many dating apps, and that last year Match Group invested more than $125 million to build new technology “to help make dating safe.” Four years ago, it created an advisory council to come up with policies to prevent harassment, sexual assault, and sex trafficking.
It’s Really Me
The company’s rollout of video verification tools on Hinge are long overdue—and may not be foolproof. Maggie Oates, an independent privacy and security researcher who has also programmed a game about sex work and privacy called OnlyBans, says in an email that she strongly believes biometric authentication should be optional and incentivized in dating apps, but not required. A multi-pronged verification approach might be more effective, Oates says, with the added benefit of giving users options. “Not everyone is comfortable with biometrics. Not everyone has a driver’s license. Online identity verification is a really hard problem.”
And she believes that relying solely on facial recognition technology for profile verification will only last for so long.
In the beginning, there was AOL Instant Messenger. That wasn’t actually the beginning. Talkomatic, Compuserve’s CB Simulator, and Internet Relay Chat (IRC) all preceded it. But AIM was the beginning of something, a gateway to real-time, all-the-time internet communication for the normies.
You didn’t need to be a computer nerd to ride the AIM train. Your parents got the compact disc in the mail, you plugged your clear plastic corded phone into a modem connected to your Gateway 2000, and you were off. Rather, you were on. Very online, and unaware at the time that the portal would disappear behind you once you crossed through, that you would never again live a wholly offline life.
AIM, which launched 25 years ago this month, represented that moment for me. It propelled me into a universe of limitless pixels, endless distractions, and a penchant for bland screen names (my only embellishment was my basketball jersey number, tacked onto my initials). It was also a live social network. A digital door creaked open, and millions of us scrambled to our seats to see who had just signed on, who was down to chat.
Sometimes you had to step away. So you threw up an Away Message: I’m not here. I’m in class/at the game/my dad needs to use the comp. I’ve left you with an emo quote that demonstrates how deep I am. Or, here’s a song lyric that signals I am so over you. Never mind that my Away Message is aimed at you.
I miss Away Messages. This nostalgia is layered in abstraction; I probably miss the newness of the internet of the 1990s, and I also miss just being … away. But this is about Away Messages themselves—the bits of code that constructed Maginot Lines around our availability. An Away Message was a text box full of possibilities, a mini-MySpace profile or a Facebook status update years before either existed. It was also a boundary: An Away Message not only popped up as a response after someone IM’d you, it was wholly visible to that person before they IM’d you.
Nothing like this exists in our modern messaging apps. Oh fine, you’re going to insist I mention some of the messaging guardrails tech companies have rolled out in recent years. On iPhone and iPad, there’s “Do Not Disturb” and “Focus” mode, while Android OS supports “Do Not Disturb” as well as “Schedule Send,” which, as a Google spokesperson put it, “is great when you’re texting across time zones, such as when you want to send an early morning Happy Birthday to your friend in London.” And yes, you can “Mute Notifications” on WhatsApp.
The always-on workplace chat app Slack offers “Update Your Status,” the closest thing we have to Away Messages today. You can give fair warning that you’re Out of Office or slap a “sick” emoji on your profile. You can write “Writing, please DND,” because you’re once again behind on a deadline. This, it turns out, is an invitation to be disturbed anyway.
These are not guardrails. These are squishy orange cones that we all plow through, like 15-year-olds in driver’s ed. Even the names of these features—Focus, Schedule Send—are phrases born of a work-obsessed culture. Bring back the ennui, the poetry, the pink fonts, the tildes and asterisks.
What I’m reminiscing about is, of course, an entirely different technology protocol. There’s instant messaging, and there’s text messaging. Today the two are practically indistinguishable, but 25 years ago these experiences were disparate. AIM was a desktop client that sent bits of information to an internet server when you logged on, blasting your arrival to the folks on your Buddy List and displaying the same information to you when your friends logged on. It used a proprietary protocol called OSCAR, which stood for Open System for Communication in Realtime. Realtime meant live chat. Text messaging, on the other hand, referred to SMS, or Short Message Service. And this mostly happened on mobile devices connected to cellular networks.
Facebook may be mired in scandals at present, but today it attempted to shift the public’s attention towards the future—specifically, a future built around an even more ever-present Facebook.
At the company’s annual developer’s conference today, chief executive Mark Zuckerberg and Andrew Bosworth, the head of the company’s Reality Labs unit, laid out a broader vision for the “metaverse.” To fuel its next chapter, Facebook announced a series of updates to its Oculus VR and Spark AR platforms, part of an effort to entice developers to build more applications and features for Facebook’s metaverse. Zuckerberg also revealed that the company would be renamed Meta, emphasizing his virtual reality vision for the future.
“The next [internet] platform and medium will be even more immersive, an embodied internet where you’re in the experience, not just looking at it,” Zuckerberg said during the virtual presentation. He went on to say that in the metaverse, people will get together with friends and family to work, learn, shop, and play—things that people can obviously do today using 2D, flat screens like our laptops and smartphones, but that Facebook’s (Meta’s) vision of the metaverse goes beyond the way we’re experiencing things today.
For Facebook, building out the metaverse is just the next move in a years-long land grab for our online attention. For critics of the company, though, there might not be anything more alarming than the idea of Facebook becoming synonymous with the next big phase of the internet, particularly as it grapples with both privacy and content moderation problems around the globe.
And Facebook staking its claim in the metaverse also raises questions about how open this next iteration of the internet may be; even as Facebook calls out other tech companies like Apple for their closed ecosystems, the social media company continues to show off experiences that are exclusive to its own Oculus virtual reality devices.
The Meta Deets
Scrolling through the metaverse.
Courtesy of Meta
Zuckerberg, Bosworth, and a virtual parade of Facebook Reality Labs executives constructed a loose vision of the metaverse today, highlighting different elements—from app platforms to hand-gesture technology to prototypes of VR headsets and AR glasses—that will, they say, all eventually come together to create a new form of digital presence. This included an expansion of the Horizon Workrooms app, a kind of VR version of Zoom that Facebook demoed in August; a more social version of “Home” in the Oculus Quest VR headset, for interactions with friends in VR; some enhanced fitness features for the Oculus Quest; and support for some non-3D apps in Facebook’s virtual environments. The 2D app support is particularly noteworthy, though it’s hard to say how useful these apps will be until they’re widely available. But the idea is that even if you’re wearing a VR headset to collaborate with remote coworkers, you won’t have to take it off to check Slack (or Instagram, if you’re slacking off). These apps will run as flat panels within the virtual environment.
