Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

At this point, it’s difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. And it just got even harder. On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012.

Organizations can store account passwords securely by scrambling them with a cryptographic process known as hashing before saving them to their servers. This way, even if someone compromises those passwords, they won’t be able to read them, and a computer would find it difficult—even functionally impossible—to unscramble them. As a prominent company with billions of users, Facebook knows that it would be a jackpot for hackers, and invests heavily to avoid the liability and embarrassment of security mishaps. Unfortunately, though, one open window negates all the padlocks, bolts, and booby traps money can buy.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy wrote in a statement. “Our login systems are designed to mask passwords using techniques that make them unreadable. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

Canahuati says that Facebook has now corrected the password logging bug, and that the company will notify hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users that their passwords may have been exposed. Facebook does not plan to reset those users’ passwords.

“In some ways that’s the most sensitive data they hold, because it’s raw and unmanaged.”

Kenn White, Open Crypto Audit Project

For such a prominent target, Facebook has had relatively few technical security failures, and in this case appears not to have been compromised. But the company’s track record was severely marred by a breach in September in which attackers stole extensive data from 30 million users by compromising their account access tokens—authentication markers generated when a user logs in.

That breach indirectly helped Facebook discover the trove of plaintext passwords and the bugs that caused them to be there; the incident motivated a security review that caught the lapse. “In the course of our review, we have been looking at the ways we store certain other categories of information—like access tokens—and have fixed problems as we’ve discovered them,” Canahuati wrote.

“It’s good that they’re being proactive,” says Lukasz Olejnik, an independent cybersecurity adviser and research associate at the Center for Technology and Global Affairs at Oxford University. “But this is a big deal. It seems like they found the issue during an audit so maybe their past mistakes plus new privacy regulations are making these checks more standard.”

Facebook told WIRED that the exposed passwords weren’t all stored in one place, and that the issue didn’t result from a single bug in the platform’s password management system. Instead, the company had unintentionally and incidentally captured plaintext passwords across a variety of internal mechanisms and storage systems, like crash logs. Facebook says that the scattered nature of the problem made it more complicated both to understand and to fix, which the company says explains the nearly two months it took to complete the investigation and disclose the findings.

A company operating at Facebook’s enormous scale needs to keep network traffic logs to better understand and trace bugs, outages, and other incidents that may crop up. Those logs will inevitably pull in whatever network data happens to be flowing by. That Facebook caught passwords in that process makes sense; the question is why Facebook retained logs that included sensitive data for so long, and why the company was apparently unaware of its contents.

“The data that’s captured incidentally as part of debugging and operating at the network scales they do is not uncommon,” says Kenn White, a security engineer and director of the Open Crypto Audit Project. “But if Facebook retains that for years it raises a lot of questions about their architecture. They have an obligation to protect these debug logs and audit and understand what they’re retaining. In some ways that’s the most sensitive data they hold, because it’s raw and unmanaged.”

Twitter dealt with a very similar plaintext password-logging bug last May; it, too, didn’t require users to reset their passwords, saying it had no reason to believe that the passwords were actually breached. Similarly, Facebook says its investigation hasn’t revealed any signs that anyone intentionally accessed its hundreds of millions of errant passwords to steal them. But whether you get a password notification from Facebook or not, you might as well go ahead and change it just in case.

To do so on Facebook desktop, go to Settings → Security and Login → Change Password. On Facebook for iOS and Android, go to Settings & Privacy → Settings → Security and Login → Change Password. On Facebook Lite for Android, go to Settings → Security and Login → Change Password. Changing your account password on either main Facebook or Facebook Lite changes it for both.

On Instagram, go to Settings → Privacy and Security → Password to change your password. Instagram and Facebook do not use the same password, but can be linked to log into one with the other.

And while you’re at it, the easiest way to keep track of and manage your passwords so you can easily change them after incidents like this is to set up a password manager. Go get one now.

Facebook says that the plaintext password issue is now fixed, and that it doesn’t think there will be long term impacts from the incident, because the passwords were never actually stolen. But given the company’s apparently endless stream of gaffes, it’s difficult to know what will come next.

“I get that they are working at mind-boggling scale,” White says. “But these are the crown jewels right there.”

More Great WIRED Stories

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

At this time, it’s difficult to summarize all Facebook’s privacy, abuse, and safety missteps in one neat description. Plus it simply got also harder. On Thursday, adhering to a report by Krebs on protection, Facebook acknowledged a bug in its password management systems that caused vast sums of individual passwords for Twitter, Twitter Lite, and Instagram become stored as plaintext within an interior platform. Which means countless Facebook workers may have looked for and discovered them. Krebs reports that the passwords stretched back to those created in 2012.

Organizations can store account passwords firmly by scrambling these with a cryptographic process referred to as hashing before saving them to their servers. In this way, no matter if some one compromises those passwords, they won’t manage to read them, and a computer would find it difficult—even functionally impossible—to unscramble them. As a prominent business with billions of users, Twitter understands that it will be a jackpot for hackers, and invests greatly to avoid the obligation and embarrassment of safety mishaps. Unfortunately, however, one available window negates all the padlocks, bolts, and booby traps cash can find.

“As element of a routine protection review in January, we unearthed that some individual passwords had been being kept in a readable structure inside our interior information storage systems,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy penned in a declaration. “Our login systems are created to mask passwords making use of techniques which make them unreadable. Become clear, these passwords were never noticeable to anyone beyond Facebook so we have discovered no evidence up to now that anyone internally abused or improperly accessed them.”

Canahuati claims that Twitter has now corrected the password logging bug, which the organization will alert hundreds of millions of Twitter Lite users, tens of countless Facebook users, and thousands of Instagram users that their passwords may have been exposed. Facebook doesn’t want to reset those users’ passwords.

“in certain ways that’s many painful and sensitive information they hold, as it’s raw and unmanaged.”

Kenn White, Open Crypto Audit Venture

For that prominent target, Twitter has already established reasonably couple of technical protection failures, as well as in this situation appears not to have been compromised. But the company’s track record ended up being seriously marred by a breach in September in which attackers took considerable data from 30 million users by compromising their account access tokens—authentication markers produced when a user logs in.

That breach indirectly aided Facebook uncover the trove of plaintext passwords and also the insects that caused them become here; the incident motivated a safety review that caught the lapse. “for the duration of our review, we have been looking at the ways we store certain other kinds of information—like access tokens—and have fixed issues as we’ve discovered them,” Canahuati wrote.

“It’s good that they’re being proactive,” claims Lukasz Olejnik, an independent cybersecurity adviser and research associate within Center for tech and Global Affairs at Oxford University. “But this will be a big deal. It looks like they discovered the matter during an audit therefore possibly their previous errors plus new privacy laws are making these checks more standard.”

Facebook told WIRED your exposed passwords weren’t all kept in one single spot, and that the issue didn’t be a consequence of a single bug inside platform’s password administration system. Instead, the organization had inadvertently and incidentally captured plaintext passwords across a variety of interior mechanisms and storage space systems, like crash logs. Facebook claims your scattered nature of problem managed to get harder both to know and to fix, that your company claims describes the nearly 8 weeks it took to complete the investigation and reveal the findings.

A company running at Twitter’s enormous scale has to keep system traffic logs to raised comprehend and trace insects, outages, along with other incidents that may crop up. Those logs will inevitably pull in whatever community data happens to be flowing by. That Facebook caught passwords because process is reasonable; the question is the reason why Facebook retained logs that included sensitive and painful data for such a long time, and exactly why the business had been apparently unaware of its articles.

“The information that’s captured incidentally within debugging and working at the system scales they are doing is not uncommon,” states Kenn White, a protection engineer and manager of this Open Crypto Audit venture. “however if Twitter retains that consistently it raises plenty of questions regarding their architecture. They have an responsibility to guard these debug logs and review and know very well what they’re retaining. In certain ways that’s the most painful and sensitive information they hold, because it’s raw and unmanaged.”

Twitter managed an extremely similar plaintext password-logging bug last might; it, too, don’t require users to reset their passwords, saying it had no explanation to trust that the passwords were really breached. Likewise, Twitter states its research hasn’t revealed any indications that anyone deliberately accessed its vast sums of errant passwords to steal them. But whether you get a password notification from Facebook or perhaps not, you might aswell go ahead and change it out in the event.

To do this on Twitter desktop, head to Settings → safety and Login → Change Password. On Facebook for iOS and Android os, go to Settings & Privacy → Settings → safety and Login → Change Password. On Facebook Lite for Android, head to Settings → safety and Login → Change Password. Changing your account password on either primary Facebook or Facebook Lite modifications it for both.

On Instagram, visit Settings → Privacy and Security → Password to improve your password. Instagram and Facebook do not use equivalent password, but is linked to log into one with all the other.

Even though you’re at it, the easiest way to help keep tabs on and handle your passwords in order to easily alter them after incidents such as this is always to setup a password supervisor. Get get one now.

Facebook claims your plaintext password problem is currently fixed, and that it doesn’t think there will be long term effects from event, because the passwords were never ever in fact taken. But provided the organization’s evidently endless stream of gaffes, it is difficult to know what will come next.

“we have that they’re working at mind-boggling scale,” White states. “however these will be the crown jewels right there.”

More Great WIRED Stories

The Genderless Digital Voice the World Needs Right Now

Boot up the options for your digital voice assistant of choice and you’re likely to find two options for the gender you prefer interacting with: male or female. The problem is, that binary choice isn’t an accurate representation of the complexities of gender. Some folks don’t identify as either male or female, and they may want their voice assistant to mirror that identity. As of now, they’re out of luck.

But a group of linguists, technologists, and sound designers—led by Copenhagen Pride and Vice’s creative agency Virtue—are on a quest to change that with a new, genderless digital voice, made from real voices, called Q. Q isn’t going to show up in your smartphone tomorrow, but the idea is to pressure the tech industry into acknowledging that gender isn’t necessarily binary, a matter of man or woman, masculine or feminine.

The project is confronting a new digital universe fraught with problems. It’s no accident that Siri and Cortana and Alexa all have female voices—research shows that users react more positively to them than they would to a male voice. But as designers make that choice, they run the risk of reinforcing gender stereotypes, that female AI assistants should be helpful and caring, while machines like security robots should have a male voice to telegraph authority. While this isn’t the first attempt to craft a gender-neutral voice, with Q, the thinking goes, we can not only make technology more inclusive but also use that technology to spark conversation on social issues.

The team began by recording the voices of two dozen people who identify as male, female, transgender, or nonbinary. Each person read a predetermined list of sentences. “At that point, we didn’t know if we were going to layer the voices, so we needed the same sentence in the same tempo as close as we could get it,” says sound designer Nis Nørgaard. By merging the voices together, they might be able to create some kind of average. “But that was too difficult,” he says.

Instead, Nørgaard zeroed in on one person’s voice, which registered somewhere between what we’d consider masculine or feminine. That comes down largely to frequency, or pitch: Men tend to have a larger vocal tract, which produces a lower-sounding timbre. But there’s a sweet spot between 145 and 175 hertz, a range that research shows we perceive as more gender-neutral. Go higher and you’ll perceive the voice as typically female; go lower and it becomes more masculine. You can try it out for yourself in this interactive by dragging the bubble up and down to change the frequency of the voice.

Nørgaard started to tweak that one sweet-spot voice. “It was really tricky, because your brain can tell if the voice has been pitched up and down,” he says. “It was difficult to work with these voices without destroying them.”

Nørgaard created four variants, which the team then sent to 4,500 people in Europe. One voice stuck out to the survey participants. “People were saying, ‘This is a neutral voice. I can’t tell the gender of this voice,’” Nørgaard says. “In the beginning, I was like, this is going to be difficult. But when we got feedback from these 4,500 people, I think we nailed it, actually.” That voice became the basis for Q.

Q, then, can now literally give a voice to the voiceless in modern technology. “I think it’s really important to have representation for trans people when it comes to not only AI, but voices in general,” says Ask Stig Kistvad, a trans man who lent his voice to the project. “It’s a new thing in the last three to five years, that trans people are actually represented in popular culture.” It’s only natural, Kistvad says, that some developers eventually embrace them, too.

This is particularly important when it comes to voice assistants, a market that’s projected to grow by 35 percent a year until at least 2023. “It’s going to become an increasingly commonplace way for us to communicate with tech,” says Project Q collaborator Julie Carpenter, a research fellow with the Ethics and Emerging Sciences Group, which explores the social issues around technology. “Naming a home assistant Alexa, which sounds female, can be problematic for some people, because it reinforces this stereotype that females assist and support people in tasks.”

To be fair, tech companies aren’t necessarily in the business of maliciously excluding voices that don’t neatly align with the male-female binary. But they most certainly have the power to develop something like a genderless voice, and at the very least, they can start thinking harder about the voices their products default to using. Maybe they think anything outside the “norm” would be too distracting for a product that’s utilitarian in nature (ask question, get answer). “But one thing we can do is push what the norm is,” says Anna Jørgensen, a linguist who worked on Project Q. “And we should do that.”

Now’s a good time, because things are about to get a whole lot more complicated as sophisticated social robots proliferate. Research has shown, for example, that people judge security robots to be more masculine, while those same robots seem more feminine when they are programmed to serve a less authoritative guidance role. What if we start confronting those biases, both by toying with the physical form of robots as well as their voices?

It won’t be easy, because our brains are culturally programmed for a world that sees gender as strictly male or female. “It is because Q is likely to play with our minds that it is important,” says Kristina Hultgren, a linguist who wasn’t involved in the research. “It plays with our urge to put people into boxes and therefore has the potential to push people’s boundaries and broaden their horizons.”

Whether tech companies embrace the idea is to be seen. Even if they do, don’t expect them to fully embrace Q. “As much as I like the idea of a gender-neutral AI, I find it really hard to imagine it being a default thing in five years,” says Kistvad. “It would be great, but for me it would be like a utopia—I don’t know if it’s even realistic.”

The danger of AI and robotics is that human designers infuse their technologies with their own biases. But the beauty of AI and robotics is that if we start having honest conversations about those biases and stereotypes, we can shape a rapidly changing technological future to be not only more inclusive but thought-provoking. And the vanguard leading us there sounds a lot like Q.

More Great WIRED Stories

The Genderless Digital Voice the planet requirements Right Now

Boot up the choices for your digital voice associate of preference and you’re more likely to find two alternatives for the sex you prefer getting together with: man or woman. The problem is, that binary option is not an accurate representation of complexities of gender. Some folks don’t determine as either man or woman, and so they might want their sound assistant to mirror that identity. Currently, they’re out of fortune.

However a group of linguists, technologists, and noise designers—led by Copenhagen Pride and Vice’s creative agency Virtue—are for a quest to improve that having brand new, genderless digital voice, made from genuine voices, called Q. Q is not likely to show up within smartphone tomorrow, but the idea would be to pressure the tech industry into acknowledging that sex is not fundamentally binary, a matter of guy or girl, masculine or womanly.

The task is confronting a brand new electronic world fraught with dilemmas. It’s no accident that Siri and Cortana and Alexa all have feminine voices—research suggests that users respond more definitely to them than they would up to a male vocals. But as developers make that option, they operate the risk of reinforcing sex stereotypes, that female AI assistants should be helpful and caring, while machines like protection robots needs a male voice to telegraph authority. While this is certainlyn’t the very first make an effort to create a gender-neutral sound, with Q, the thinking goes, we can’t only make technology more comprehensive and utilize that technology to spark conversation on social issues.

The group began by recording the voices of two dozen those who identify as male, feminine, transgender, or nonbinary. Every person read a predetermined listing of sentences. “At the period, we did not understand whenever we were planning to layer the sounds, so we needed similar phrase in identical tempo because close once we could get it,” says noise designer Nis Nørgaard. By merging the voices together, they might be able to create some kind of average. “But which was too difficult,” he states.

Instead, Nørgaard zeroed in on a single person’s sound, which registered approximately just what we’d give consideration to masculine or feminine. That comes down mostly to frequency, or pitch: Men are apt to have a larger vocal tract, which creates a lower-sounding timbre. But there’s a sweet spot between 145 and 175 hertz, an assortment that studies have shown we perceive as more gender-neutral. Increase and you’ll perceive the vocals as typically female; get smaller and it becomes more masculine. You can test it away for yourself within interactive by dragging the bubble down and up to improve the frequency regarding the vocals.

Nørgaard started initially to tweak that one sweet-spot vocals. “It was really tricky, because your brain can inform in the event that voice is pitched up and down,” he claims. “It was difficult to make use of these voices without destroying them.”

Nørgaard created four variants, that the group then delivered to 4,500 people in European countries. One sound stuck out to the study participants. “People were saying, ‘This actually neutral sound. I can not inform the sex of this voice,’” Nørgaard says. “initially, I became like, this really is likely to be difficult. Nevertheless When we got feedback from these 4,500 individuals, I Believe we nailed it, really.” That sound became the cornerstone for Q.

Q, then, can now literally give a voice toward voiceless in modern technology. “I think it’s really important to have representation for trans individuals about not just AI, but voices as a whole,” says Ask Stig Kistvad, a trans guy whom lent his voice towards task. “It’s a new part of the last three to five years, that trans folks are actually represented in popular tradition.” it is just normal, Kistvad states, that some designers sooner or later embrace them, too.

That is especially important with regards to sound assistants, a market that’s projected to grow by 35 percent per year until at least 2023. “Itwill be an increasingly prevalent method for us to communicate with tech,” states venture Q collaborator Julie Carpenter, a study other with the Ethics and Emerging Sciences Group, which explores the social problems around technology. “Naming a house assistant Alexa, which sounds female, could be problematic for some people, since it reinforces this label that females help and support people in tasks.”

Become fair, tech organizations aren’t fundamentally available of maliciously excluding sounds that don’t neatly align using the male-female binary. But they most certainly have the ability to build up something similar to a genderless voice, and at minimum, they are able to begin thinking harder concerning the sounds their products or services default to making use of. Maybe they think anything outside of the “norm” could be too distracting for item that is utilitarian in nature (ask question, get answer). “But one thing we are able to do is push what typical is,” claims Anna Jørgensen, a linguist whom labored on venture Q. “and now we must do that.”

Now’s a very good time, because things are about to obtain a great deal more difficult as advanced social robots proliferate. Research indicates, like, that folks judge security robots to be more masculine, while those exact same robots appear more feminine when they are programmed to provide a less respected guidance part. What if we start confronting those biases, both by toying utilizing the real as a type of robots and their voices?

It won’t be effortless, because our brains are culturally programmed for a globe that views sex as strictly male or female. “It is really because Q will probably play with this minds that it’s crucial,” says Kristina Hultgren, a linguist who wasn’t involved in the research. “It plays with this urge to place people into bins therefore gets the possible to push people’s boundaries and broaden their perspectives.”

Whether tech organizations embrace the theory will be seen. Regardless if they do, don’t expect them to fully embrace Q. “As a great deal when I such as the idea of a gender-neutral AI, we believe it is really hard to assume it being truly a default thing in five years,” says Kistvad. “It is great, however for me personally it might be such as a utopia—I do not understand if it is even realistic.”

The danger of AI and robotics usually individual designers infuse their technologies along with their very own biases. However the beauty of AI and robotics usually whenever we start having honest conversations about those biases and stereotypes, we could contour a rapidly changing technical future to be not just more comprehensive but thought-provoking. And also the vanguard leading us there sounds nearly the same as Q.

More Great WIRED Stories

Trump-Era Congressional Hearings Have Succumbed to Conspiracy Politics

Stanley Kubrick aided the federal government fake the Moon landing. Beyoncé and Jay-Z are in the Illuminati. These stories are so well-worn people know them by heart. By now, conspiracy theories are a definite section of everyday US life—so much in order that they also result from the mouths of besuited people of Congress on live television.

Give consideration to President Trump’s previous lawyer Michael Cohen’s Congressional hearing. If you are a Trump backer, you almost certainly didn’t enjoy Democratic Reps. Jamie Raskin and Jackie Speier questioning Cohen towards often-alleged-but-never-confirmed pee and elevator tapes, however you weren’t surprised. In the event that you lean kept, Republican Rep. Jim Jordan’s allegations that Cohen’s (Jewish, Clinton-connected) attorney, Lanny Daavis, had been the hearing’s puppeteer ended up being most likely frustrating, yet not shocking.

Related Tales

Yet, all this should make you flabbergasted. People of Congress should come armed with evidence—any evidence—before they air out a concept in such a formal setting. But these things get largely unchecked, because more and more often no-one is surprised, they are inoculated to it. For many committee people, demonstrating that they’re hep with their constituents’ on the web musings generally seems to supersede Congressional hearings’ purpose: fact-finding. We have now entered the age of conspiracy politics.

Also before they truly became a Trump-era norm, conspiracy-minded Congressional hearings had been one thing of a United states political tradition. In 1954, as the Red Scare reached its panic point while the McCarthy hearings began, the stakes for just what was dry and wonkish inquiries changed forever: the very first time, hearings will be televised, real time and in their entirety. Scholars during the time argued the broadcasts had been making a spectacle of governance, that supplying politicians possibilities for televised grandstanding would keep the general public (and Congressional investigators) short on facts and long on partisan rhetoric.

They were right. By the mid-1970s Congressional hearings had been no further pretty much information gathering—they had become what cultural anthropologist Phyllis Pease Chock calls “ritual performance” of participants’ ideologies. Whether there’s genuine truth to discover is unimportant: Watergate (while the Iran-Contra event and President George W. Bush’s Iraq exaggerations) were as rife with conspiratorial partisan snipery as Benghazi. “A party away from energy will frequently push far-fetched claims about the president and their celebration. Often it’s really a necessary counterweight,” claims Joseph Uscinski, author of American Conspiracy Theories. This is the argument Democrats might create for their own conspiracy-driven windmill tilting. “what is changed within the Trump period is Donald Trump.”

Also before they truly became a Trump-era norm, conspiracy-minded Congressional hearings were one thing of a United states governmental tradition.

Typically, the celebration of the president (while the president himself) eschew conspiracy narratives. Breaking that guideline used to come with quick penalty. As very first Lady, Hillary Clinton had been mocked for claiming she and President Clinton had been the victims of a “vast right-wing conspiracy,” and thus was President Obama whenever a 2012 campaign ad insinuated “secretive oil billionaires” had been away to get him. Not with President Trump. “Conspiracy theorists brought him to the prom, therefore now he has to dance using them,” Uscinski claims. Politicians who wish to escape the president’s Twitter-amplified ire (and please Trump-voting constituents) need certainly to help time. The echoes of “deep state” anxieties and other right-wing conspiracy theories that echoed through hearings of James Comey, William Barr, Peter Strzok, Justice Brett Kavanaugh, Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, Michael Cohen, and simply about anybody who’s sat before Congress within the last few two years, weren’t produced by disconnected Congresspeople left into the sunlight a long time. These people were made by canny politicians toeing a fresh celebration line more confidently with each hearing.

The result is really a constant hail of conspiracy theories beating down from governmental elites on both edges of the aisle. That concerns Katherine Einstein, an American general public policy and misinformation researcher at Boston University. “what is frightening usually there is spill over,” Einstein says. “contact with conspiracy theories about any part of government cuts back your rely upon its organizations in general. These hearings are going to reduce rely upon the home and Senate.” The other reasonable effect could there be up to a fact-finding squad with people doing their finest to deflect attention from facts?

You might say, the online world dumped butane on the fire started by televising the Red Scare. It is now possible to consume just curated snippets associated with the news that suit your own mores and biases, and conspiracy theorists have not been therefore capable effortlessly rally together or had access to a wider swathe of humanity to sway. That is whenever objective truth begins to slip. “We’re unable to decide when something is a conspiracy any longer,” states Adam Klein, who shows a course on propaganda at Pace University. “The stigma of believing in a conspiracy theory might begin going away because individuals disagree about basic truth, and possess very partisan a few ideas about who the conspirators are.”

This, naturally, could be the risk. If everybody else can occupy a universe of data of their own selecting, it’s not simply politicians who’re apt to fall victim to bias-confirming conspiracies—we each is. But that is merely a concept.

More Great WIRED Stories