Many companies use private APIs to manage their A/B tests of experimental products and approaches; by grabbing the calls that mobile apps make to these APIs, Jon Luca was able to figure out all kinds of sensitive information about companies' future plans, from the way Lyft steers customers towards credit cards that are cheaper to process and its use of "Tactical Price Adjustments" to fight customers who price-compare with Uber; to Airbnb's future China plans; to Pintrest's gendered content differentiation and so on. Read the rest

Kansas Secretary of State and noted xenophobe Kris Kobach, who is in line to run Trump's DHS, was photographed by the AP yesterday at the Trump National Golf Club Bedminster clubhouse holding the secret 100-day plan for the Trump DHS. By blowing the photo up, we're able to learn an awful lot about what's in the cards. Read the rest

After the DNC hack, security experts began playing close attention to the security of servers associated with the Trump campaign, on the assumption that if the Democrats had been targeted, the Republicans would be, too. Read the rest

Lots of cloud services use URL shorteners to allow their users to share access to networked folders, but with only six characters to brute force, it's possible to scan all the URLs associated with a cloud service, locate the open shared folders, and poison them with malware while you plunder them for secrets. Read the rest

One of the perks of being insanely wealthy is you can hide your money, so when you rip people off or hide your taxes or divorce your spouse, your victims can't figure out how to get their due. Read the rest

If you spend enough time looking at Flightradar24's data about fly-overs of American cities, you can figure out where and when the feds are flying domestic spy-aircraft, watching for the tell-tale circling patterns and mapping the planes' owners to companies that investigative journalists have revealed to be fake cut-outs for the FBI. Read the rest