This week, we revealed the first-ever footage recorded in a US meatpacking plant of a CO2 “stunning chamber” used in the butchering of pigs. The footage was captured at a facility in California by an activist with the group Direct Action Everywhere using infrared pinhole spy cameras that are smaller than a coin. The goal of the covert surveillance mission was to prove that this supposedly “painless” form of killing is illegal and inhumane. In less upsetting news, Apple has worked hard to brand itself as the privacy-friendly giant of Big Tech—and in many ways, that’s true. But that doesn’t mean it won’t collect your data for advertising purposes if given the opportunity. We combed through some 70,000 words of Apple’s various policies to figure out exactly what it’s collecting about you—and how to keep it under control. Speaking of online ads, new research this week from Human Security uncovered a massive ad-fraud scheme dubbed Vastflux. The operation used weaknesses in the advertising ecosystem to target some 1,700 apps and 11 million phones, resulting in around 12 billion requests for ads each day at Vastflux’s peak. The fraud has since been largely shut down, but those behind it have yet to be named. Fraud aside, it’s increasingly lucky to be able to get online at all. Internet infrastructure company Cloudflare this week published its first annual report into the state of online connectivity disruptions around the world and found a startling uptick. From outages in North Carolina caused by an attack on the power grid to Iran’s authoritarian internet shutdowns meant to stifle anti-government protests, 2022 is looking like the first year in a new era of online blackouts. We also dove into the lingering threat of online echo chambers, which continue to have an outsize impact on US politics, and explored the ongoing mess at T-Mobile, which this week revealed yet another major data breach that the company says impacted some 37 million customers. But that’s not all. Each week we dive into the stories we weren’t able to cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there. Hundreds of law enforcement agencies in the United States have access to a little-known database of 150 million money transfers sent between the US, Mexico, and 22 other regions, according to a report this week by The Wall Street Journal. The database, maintained by the nonprofit Transaction Record Analysis Center (TRAC), provides over 600 local and federal law enforcement agencies with warrantless access to the “full names of the sender and recipient” and the amounts of money transfers made through services like Western Union, MoneyGram, and Viamericas. According to the report, the program was created to assist government agencies in gathering evidence of financial crimes such as fraud and money laundering. However, it has raised concerns among privacy advocates as it allows bulk access to data on money transfers, which are not as heavily regulated as traditional banking transactions. A security researcher discovered a version of the United States’ controversial “no fly list” on an unsecured server run by CommuteAir, a regional airline based out of Ohio. The list, which contains more than 1.5 million entries, is far larger than previously reported and includes the names of individuals who are barred from flying to the United States. CommuteAir confirmed the authenticity of the document to the Daily Dot, which was first to report about the leaked list. According to the Daily Dot, the list contains the names of several notable figures, including the convicted Russian arms dealer Viktor Bout. The Biden administration sent Bout back to Russia in a prisoner exchange for WNBA star Brittney Griner, who returned to the US in December. The data, details of which WIRED reviewed on Thursday, contains nearly 30 entries for individuals who were born after 2010. According to CNN, the US Transportation Security Administration is investigating the incident. After an eight-month investigation, the US Supreme Court has failed to discover who leaked the draft decision overturning Roe v. Wade, according to a report released by the court on Thursday. The unprecedented leak to Politico last spring came more than a month before the final opinion was released and sparked nationwide protests. Over the course of the leak investigation, the court interviewed 97 court employees and brought in forensic experts to examine call logs, printer logs, and fingerprints. According to the report, 80 people besides the nine justices had access to the draft opinion. “No one confessed to publicly disclosing the document, and none of the available forensic and other evidence provided a basis for identifying any individual as the source of the document,” the report states. “It is not possible to determine the identity of any individual who may have disclosed the document or how the draft opinion ended up with Politico.” The report did not say whether the justices were interviewed. According to a PayPal notice of security incident, attackers gained unauthorized access to the accounts of thousands of users between December 6 and December 8, 2022, using a credential-stuffing attack. Credential stuffing is when hackers, typically using a bot, attempt to access accounts using lists of leaked password and username pairs. Over two days, hackers had access to account holders’ full names, dates of birth, postal addresses, Social Security numbers, and individual tax identification numbers. According to PayPal, 34,942 of its users have been impacted by the incident. The affected users will get a free two-year identity monitoring service from Equifax.