Every day, you hear about security flaws, viruses, and evil hacker gangs that could leave you destitute — or, worse, bring your country to its knees. But what's the truth about these digital dangers? We asked computer security experts to separate the myths from the facts. Here's what they said.

1. Having a strong password actually can prevent most attacks

Yahoo's Chief Information Security Officer Alex Stamos has spent most of his career finding security vulnerabilities and figuring out how attackers might try to exploit software flaws. He's seen everything from the most devious hacks to the simplest social engineering scams. And in all that time, he's found that there are two simple solutions for the vast majority of users: strong passwords and two-factor authentication.

Stamos says that the biggest problem is that the media focuses on stories about the deepest and most complicated hacks, leaving users feeling like there's nothing they can do to defend themselves. But that's just not true. He told me via email:

I've noticed a lot of nihilism in the media, security industry and general public since the Snowden docs came out. This generally expresses itself as people throwing up their hands and saying "there is nothing we can do to be safe". While it's true that there is little most people can do when facing a top-tier intelligence apparatus with the ability to rewrite hard drive firmware, this should not dissuade users from doing what they can to protect themselves from more likely threats and security professionals from building usable protections for realistic adversaries.

Users can protect themselves against the most likely and pernicious threat actors by taking two simple steps:

1) Installing a password manager and using it to create unique passwords for every service they use.

2) Activating second-factor authentication options (usually via text messages) on their email and social networking accounts.

The latter is especially important since attackers love to take over the email and social accounts of millions of people and then automatically use them to pivot to other accounts or to gather data on which accounts belong to high-value targets.

So I would really like the media to stop spreading the idea that just because incredible feats are possible on the high-end of the threat spectrum, doesn't mean it isn't possible to keep yourself safe in the vast majority of scenarios.

Adam J. O'Donnell, a Principal Engineer with Cisco's Advanced Malware Protection group, amplified Stamos' basic advice:

Oh, and my advice for the average person: Make good backups and test them. Use a password vault and a different password on every website.

Yep, having a good password is easy — and it's still the best thing you can do.

2. Just because a device is new does not mean it's safe

When you unwrap the box on your new phone, tablet or laptop, it smells like fresh plastic and the batteries work like a dream. But that doesn't mean your computer isn't already infected with malware and riddled with security vulnerabilities.

I heard this from many of the security experts I interviewed. Eleanor Saitta is the technical director for the International Modern Media Institute, and has worked for over a decade advising governments and corporations about computer security issues. She believes that one of the most pernicious myths about security is that devices begin their lives completely safe, but become less secure as time goes on. That's simply not true, especially when so many devices come with vulnerable adware like Superfish pre-installed on them (if you recall, Superfish came pre-installed on many Lenovo laptop models):

That's why the Superfish thing was such a big deal. They built a backdoor in, and they built a really bad, incompetent one, and now it turns out that anybody can walk through.

When you're relying on code delivered by somebody else, a service online or box that you don't control, chances are good that it's not acting in your interest, because it's trying to sell you. There's a good chance that it's already owned or compromised by other people. We don't have a good way of dealing with trust and managing it right now. And all sorts of people will be using that code.

The other issue, which erupted in the media over the past day with the FREAK attack, is that many machines come pre-installed with backdoors. These are baked in by government request, to make it easier for law enforcement and intelligence agencies to track adversaries. But unfortunately, backdoors are also security vulnerabilities that anyone can take advantage of. Says Saitta:

I think one thing that is really important to understand is that if you built a monitoring system into a network like a cell network, or into a crypto system, anybody can get in there. You've built a vulnerability into the system, and sure, you can control access a little. But at the end of the day, a backdoor is a backdoor, and anybody can walk through it.

3. Even the very best software has security vulnerabilities

Many of us imagine that sufficiently good software and networks can be completely safe. Because of this attitude, many users get angry when the machines or services they use turn out to be vulnerable to attack. After all, if we can design a safe car, why not a safe phone? Isn't it just a matter of getting the tech and science right?

But Parisa Tabriz told me via email that you can't look at information security that way. Tabriz is the engineer who heads Google's Chrome security team, and she believes that information security is more like medicine — a bit of art and science — rather than pure science. That's because our technology was built by humans, and is being exploited by humans with very unscientific motivations. She writes:

I think information security is a lot like medicine — it's both an art and science. Maybe this is because humans have explicitly built technology and the internet. We assume we should be able to built them perfectly, but the complexity of what we've built and now hope to secure almost seems impossible. Securing it would require us to have zero bugs, and that means that the economics are not on the side of the defenders. The defenders have to make sure there are zero bugs in all software they use or write (typically many millions of lines of code if you consider the operating system too), whereas the attacker only has to find one bug.

There will always be bugs in software. Some subset of those bugs will have security impact. The challenge is figuring out which ones to spend resources on fixing, and a lot of that is based on presumed threat models that probably would benefit from more insight into people's motivations, like crime, monitoring, etc.

RAND Corporation computer security researcher Lillian Ablon emailed me to say that there is simply no such thing as a completely secure system. The goal for defenders is to make attacks expensive, rather than impossible:

With enough resources, there is always a way for an attacker to get in. You may be familiar with the phrase "it's a matter of when, not if," in relation to a company getting hacked/breached. Instead, the goal of computer security is to make it expensive for the attackers (in money, time, resources, research, etc.).

4. Every website and app should use HTTPS

You've heard every rumor there is to hear about HTTPS. It's slow. It's only for websites that need to be ultra-secure. It doesn't really work. All wrong. The Electronic Frontier Foundation's Peter Eckersley is a technologist who has been researching the use of HTTPS for several years, and working on the EFF's HTTPS Everywhere project. He says that there's a dangerous misconception that many websites and apps don't need HTTPS. He emailed to expand on that:

Another serious misconception is website operators, such as newspapers or advertising networks, thinking "because we don't process credit card payments, our site doesn't need to be HTTPS, or our app doesn't need to use HTTPS". All sites on the Web need to be HTTPS, because without HTTPS it's easy for hackers, eavesdroppers, or government surveillance programs to see exactly what people are reading on your site; what data your app is processing; or even to modify or alter that data in malicious ways.

Eckersley has no corporate affiliations (EFF is a nonprofit), and thus no potential conflict of interest when it comes to promoting HTTPS. He's just interested in user safety.

5. The cloud is not safe — it just creates new security problems

Everything is cloud these days. You keep your email there, along with your photos, your IMs, your medical records, your bank documents, and even your sex life. And it's actually safer there than you might think. But it creates new security problems you might not have thought about. Security engineer Leigh Honeywell works for a large cloud computing company, and emailed me to explain how the cloud really works. She suggests that you begin thinking about it using a familiar physical metaphor:

Your house is your house, and you know exactly what the security precautions you've taken against intruders are - and what the tradeoffs are. Do you have a deadbolt? An alarm system? Are there bars on the windows, or did you decide against those because they would interfere with your decor?

Or do you live in an apartment building where some of those things are managed for you? Maybe there's a front desk security person, or a key-card access per floor. I once lived in a building where you had to use your card to access individual floors on the elevator! It was pretty annoying, but it was definitely more secure. The security guard will get to know the movement patterns of the residents, will potentially (though not always, of course!) recognize intruders. They have more data than any individual homeowner.

Putting your data in the cloud is sort of like living in that secure apartment building. Except weirder. Honeywell continued:

Cloud services are able to correlate data across their customers, not just look at the ways an individual is being targeted. You may not [control access to the place where] your data is being stored, but there's someone at the front desk of that building 24/7, and they're watching the logs and usage patterns as well. It's a bit like herd immunity. A lot of stuff jumps out at [a defender] immediately: here's a single IP address logging into a bunch of different accounts, in a completely different country than any of those accounts have been logged into from ever before. Oh, and each of those accounts received a particular file yesterday — maybe that file was malicious, and all of those accounts just got broken into?

But if it's a more targeted attack, the signs will be more subtle. When you're trying to defend a cloud system, you're looking for needles in haystacks, because you just have so much data to handle. There's lots of hype about "big data" and machine learning right now, but we're just starting to scratch the surface of finding attackers' subtle footprints. A skilled attacker will know how to move quietly and not set off the pattern detection systems you put in place.

In other words, some automated attack methods become blatantly obvious in a cloud system. But it also becomes easier to hide. Honeywell says that users need to consider the threats they're seriously worried about when choosing between a cloud service and a home server:

Cloud services are much more complex systems than, say, a hard drive plugged into your computer, or an email server running in your closet. There are more places that things can go wrong, more moving parts. But there are more people maintaining them too. The question folks should ask themselves is: would I be doing a better job running this myself, or letting someone with more time, money, and expertise do it? Who do you think of when you think about being hacked — is it the NSA, random gamer assholes, an abusive ex-partner? I ran my own email server for many years, and eventually switched to a hosted service. I know folks who work on Gmail and Outlook.com and they do a vastly better job at running email servers than I ever did. There's also the time tradeoff — running an email server is miserable work! But for some people it's worth it, though, because NSA surveillance really is something they have worry about.

6. Software updates are crucial for your protection

There are few things more annoying in life than the little pop-up that reminds you that updates are required. Often you have to plug your device in, and the updates can take a really long time. But they are often the only thing that stands between you and being owned up by a bad guy. Cisco's O'Donnell said:

Those software update messages are [not] there just to annoy you: The frequency of software updates is driven less by new software features and more because of some very obscure software flaw that an attacker can exploit to gain control of your system. These software patches fix issues that were publicly identified and likely used in attacks in the wild. You wouldn't go for days without cleaning and bandaging a festering wound on your arm, would you? Don't do that to your computer.

7. Hackers are not criminals

Despite decades of evidence to the contrary, most people think of hackers as the evil adversaries who want nothing more than to steal their digital goods. But hackers can wear white hats as well as black ones — and the white hats break into systems in order to get there before the bad guys do. Once the vulnerabilities have been identified by hackers, they can be patched. Google Chrome's Tabriz says simply:

Also, hackers are not criminals. Just because someone knows how to break something, doesn't mean they will use that knowledge to hurt people. A lot of hackers make things more secure.

O'Donnell emphasizes that we need hackers because software alone can't protect you. Yes, antivirus programs are a good start. But in the end you need security experts like hackers to defend against adversaries who are, after all, human beings:

Security is less about building walls and more about enabling security guards. Defensive tools alone can't stop a dedicated, well resourced attacker. If someone wants in bad enough, they will buy every security tool the target may have and test their attacks against their simulated version of the target's network. Combatting this requires not just good tools but good people who know how to use the tools.

RAND's Ablon adds that malicious hackers are rarely the threat they are cracked up to be. Instead, the threat may come from people you don't suspect — and their motivations may be far more complicated than mere theft:

A lot of the time an internal employee or insider is just as big of a threat, and could bring a business to its knees – intentionally or inadvertently. Furthermore, there are distinct types of external cyber threat actors (cybercriminals, state-sponsored, hacktivists) with different motivations and capabilities. For example, the cybercriminals who hacked into Target and Anthem had very different motivations, capabilities, etc. than those of the state-sponsored actors who hacked into Sony Pictures Entertainment.

8. Cyberattacks and cyberterrorism are exceedingly rare

As many of the experts I talked to said, your biggest threat is somebody breaking into your accounts because you have a crappy password. But that doesn't stop people from freaking out with fear over "cyberattacks" that are deadly. Ablon says that these kinds of attacks are incredibly unlikely:

Yes, there are ways to hack into a vehicle from anywhere in the world; yes, life-critical medical devices like pacemakers and insulin pumps often have IP addresses or are enabled with Bluetooth – but often these types of attacks require close access, and exploits that are fairly sophisticated requiring time to develop and implement. That said, we shouldn't be ignoring the millions of connected devices (Internet of Things) that increase our attack surface.

Basically, many people fear cyberattacks for the same reason they fear serial killers. They are the scariest possible threat. But they are also the least likely.

As for cyberterrorism, Ablon writes simply, "Cyberterrorism (to date) does not exist ... what is attributed to cyberterrorism today, is more akin to hacktivism, e.g., gaining access to CENTCOM's Twitter feed and posting ISIS propaganda."

9. Darknet and Deepweb are not the same thing

Ablon writes that one of the main problems she has with media coverage of cybercrime is the misuse of the terms "Darknet" and "Deepweb."

She explains what the terms really mean:

The Deepweb refers to part of the Internet, specifically the world wide web (so anything that starts www) that isn't indexed by search engines, so can't be accessed by Google. The Darknet refers to non-"www" networks, where users may need separate software to access them. For example, Silk Road and many illicit markets are hosted on [Darknet] networks like I2P and Tor.

So get a password vault, use two-factor auth, visit only sites that use HTTPS, and stop worrying about super intricate cyber attacks from the Darknet. And remember, hackers are here to protect you — most of the time, anyway.

Flooding rains, heavy snow, and dangerous ice are roaring groundward across the middle of the country this afternoon as a juicy series of slow-moving fronts slowly makes its way towards the coast. The disruptive storm could even push Boston to 108 inches of snow, making this the snowiest season ever recorded in the city.

The sheer size of this storm is impressive. The shield of precipitation along the fronts stretches from Chihuahua, Mexico all the way through Rhode Island, a stretch of land that spans nearly 2,100 miles. As I described yesterday, the nature of the storm system is such that just about everyone along and southeast of the winter storm advisories listed above will see the whole stretch of precipitation before temperatures plunge into record territory on Friday morning.

Forecasters expect the worst of the winter weather in the areas shaded in pink on the map above, which denotes a winter storm warning. The criteria for winter storm warnings changes from region to region—an inch of snow in Dallas has more of an impact than an inch of snow in Trenton—but it gives you a good idea of where the worst snow and ice will fall.

The jet stream is just ripping over the eastern half of the United States this afternoon, with winds closing in on 200 knots (230 MPH) about 30,000 feet over the Great Lakes. This enormous jet streak is producing quite a bit of lift in the atmosphere, and when you add that to the lifting effects of the slow-moving cold fronts (and weak low pressure centers forming along the front), you wind up with just this mass of precipitation that stretches more than half the length of the country.

Many of the areas expecting rocky weather over the next 24 hours are already seeing some pretty heavy rainfall at this hour. Rain is slowly changing over the freezing rain/sleet and eventually all snow as the cold front sags towards the southeast. As temperatures fall and precipitation changes over, roads are quickly becoming slippery and impassible in some spots.

If you haven't had the pleasure of seeing the system yet, prepare yourself, because it's going to get weird as hell over the next day. Temperatures are extremely warm across the southeastern United States right now—it's in the mid-70s as far north as The Vane's nerdquarters in central North Carolina. Rain will start as the cold front begins to swing through, but the temperature drop is what'll get you—expect readings to plummet dozens of degrees within an hour of the frontal passage.

Rain will linger longer in the south than it will in the north. The surface freezing line will approach through the early morning hours on Thursday morning, and rain will give way to a major ice storm in the southern United States, with a major snowstorm further to the north. Areas stuck in the middle—especially in places like northern parts of Arkansas, Tennessee, Mississippi, and Alabama—you will see an extended period of freezing rain, followed by a blanket of snow on top of it. The added weight of ice and snow will stress trees and power lines to their breaking point, not to mention leaving roads and sidewalks deceptively slick.

As if this isn't bad enough, temperatures will plummet below zero in the Ohio Valley on Friday morning, with lows in the teens stretching far down into the Deep South. Barring some freakish atmospheric phenomenon, this should be the last super-cold blast of air for most of the eastern U.S.

The heaviest snow accumulations will fall from eastern Kentucky through the Washington/Baltimore/Philadelphia corridor, which is where the cold air will coincide with the heavy precipitation for the longest period of time. Snow totals gradually taper off to the north and south of this band, with New York City seeing up to six inches of snow if the scenario plays out as forecast.

Boston will come so very close to breaking its all-time snowfall record for the season. The most snow ever recorded in one season was 107.6 inches back during the winter of 1995-1996, and the city has seen 105.7 inches so far this year. They just need two inches (!!) to break the record, and it looks like this storm will be a photo finish. The National Weather Service only expects about one inch of snow in Boston (the official range is one to two inches), so it'll take a small shift in the cold air (or precipitation) to make it over the record line. It's going to start warming up in the Northeast after this weekend, but it won't be too warm that snowfall is out of the question. It's still possible for Boston to break the all-time snowfall record if this storm doesn't do it.

Snow isn't the entire story, unfortunately. It's hard to see snow in the southern United States, and since warm air usually wins out around these parts, folks from Texas to Tennessee are bracing for a major ice storm tonight and Thursday morning. Parts of Arkansas, Mississippi, and Alabama could see ice accretions from freezing rain exceed one-quarter of an inch, which is usually the threshold beyond which tree and power line damage starts to become a real threat.

As previously mentioned, the storm will end as snow in most of the locations expecting ice from freezing rain will see a burst of snow towards the end of the system. Any snow that accumulates on ice will add extra weight and lead to a higher potential for power outages and tree damage.

As we so rarely get to do when talking about the weather, let's look on the bright side! These areas need the precipitation. Parts of the Ohio Valley and southern U.S. have been slipping into a drought over the past couple of months.

The ground is "abnormally dry" along the eastern feet of the Appalachians, as well as parts of the Ohio and Mississippi River valleys. The northern Gulf Coast has slipped into a moderate drought, but this is the wettest region of the country, they'll bounce back with time. The worst drought is out towards the southern Plains, with Dallas now in an "exceptional drought."

This rain isn't much, but the combination of liquid rain, ice, and snow is welcome news for regions that are drier than normal. The Weather Prediction Center expects a widespread slug of one to two inches of water-equivalent precipitation over the next seven days, in addition to the couple of inches of rain that have already fallen today. In fact, almost the entire states of Kentucky and West Virginia are under areal flood warnings this afternoon as a result of the heavy rain combining with snow melt to overflow area creeks and streams.

This is but a speed bump on the road to spring. Don't let it rattle your spirit. We've made it this far, and we'll make it to the weekend. It won't be long until it's summer and we're all whining about the heat.

[Forecasts/Radar: NWS EDD | Jet Stream: Tropical Tidbits | Temps/Drought/Precip: author]

You can follow the author on Twitter or send him an email.

On July 11 of last year, the last day I arrived to work at the MailOnline newsroom in New York City and saw Keith Poole, our managing editor, standing outside smoking a cigarette. Even from a hundred yards away, it was clear that Poole—a generally pleasant Englishman who was the managing editor of the Daily Mail at the time—was agitated. It didn't take a detective to figure out why.

Two days earlier, MailOnline, then the name of the online arm of London's Daily Mail tabloid newspaper, had issued a rare public apology, admitting it had published a bogus article about actor George Clooney's now mother-in-law, Baria Alamuddin. The story had claimed that Alamuddin, who is Lebanese, was telling "half of Beirut" that she opposed Clooney's then-upcoming marriage to her daughter for religious reasons. It had gone further to suggest that in the Druze religion—which the Mail falsely claimed Alamuddin practiced—marriages without family approval can result in the death of the bride.

This anemic expression of regret was offered only after Clooney had written a scathing op-ed for USA Today spotlighting the inaccuracies in the Mail's piece and trashing the publication's reporting. Clooney rejected the Mail's half-hearted apology with an even harsher essay, re-published by blogs and news sites around the web, in which he called the Mail "the worst kind of tabloid" and wrote that it had constructed a "premeditated lie" in an effort to create "religious tensions where there are none."

"Rough week?" I asked Poole after he'd finished his cigarette and stepped into the elevator.

"Haha. Yeah," he responded.

"Clooney?" I asked.

"Ugh," Poole shot back. "The lying bastard." (Poole says he can recollect having a brief discussion about the Clooney complaint with someone else in an elevator, but denies speaking with me and says he never called Clooney a "lying bastard.")

And then he added: "Don't tell anyone I said that."

MailOnline—which has since changed its name to DailyMail.com in order to "mak[e] deeper inroads … with ad firms on Madison Avenue," according to the Wall Street Journal—has been widely hailed as a blueprint for the future of online journalism. It reaches hundreds of millions of readers, and it has hired former BuzzFeed COO Jon Steinberg to help turn those gargantuan traffic numbers into profit. Earlier this year, DailyMail.com acquired U.S.-based site Elite Daily, the so-called "Voice of Generation Y."

The eager paradigm-proclaimer Michael Wolff used his USA Today media column last August to praise the Mail's business model as having succeeded where other, better-funded and more prestigious publications have failed. Under the headline "Daily Mail Solves Internet Paradox," Wolff lauded the publication's "180 million unique visitors a month" and suggested that if other publications want to survive the "digital migration" they should adopt a model similar to that of the Mail's.

What Wolff failed to acknowledge: the Mail's editorial model depends on little more than dishonesty, theft of copyrighted material, and sensationalism so absurd that it crosses into fabrication.

Yes, most outlets regularly aggregate other publications' work in the quest for readership and material, and yes, papers throughout history have strived for the grabbiest headlines facts will allow. But what DailyMail.com does goes beyond anything practiced by anything else calling itself a newspaper. In a little more than a year of working in the Mail's New York newsroom, I saw basic journalism standards and ethics casually and routinely ignored. I saw other publications' work lifted wholesale. I watched editors at the most highly trafficked English-language online newspaper in the world publish information they knew to be inaccurate.

"We do things a little differently than you might be used to," U.S. editor Katherine Thomson told me, early in my time there.

She was right.

I wish I could say that I had taken a job at DailyMail.com as part of a grand scheme to infiltrate the publication and expose all of its dirty laundry. The truth is far less glamorous: I needed a job, and the Mail was offering a reasonable amount of money to do relatively mindless work.

And so from May 2013 until July 2014, I worked as one of roughly 25 freelance news writers in the Mail's New York newsroom. At the time of my employment, the newsroom was a big, open room with four long rows of tables that served as workstations for approximately 60 writers, editors, photo editors, video editors, office managers, and IT people. (It's since moved to what I'm told are some fancy new digs uptown.)

In the southwest corner of the room, the publisher, Martin Clarke—best described as a cross between Seinfeld's Mr. Pitt and a withered version of Simon Cowell—could often be seen at his desk spewing profanity or threatening to fire someone for infractions as minor as using the wrong-sized image in an article preview. A healthy fear of Clarke's frequent tantrums seemed to be the motivating factor behind nearly all editorial decisions.

The production process was simple. During a day shift—8 a.m. to about 6 p.m—four news editors stationed together near Clarke's desk assigned stories to reporters from a continually updated list of other publications' articles, to which I did not have access. Throughout the day, they would monitor the website's traffic to determine what was getting clicked on and what to remove from the homepage.

When a writer was free to write a story, he or she simply would shout "I'm free" and an editor would assign a link to an article on the list. In many cases, it would be accompanied by a sensationalized headline—one that may or may not have been accurate—for the writer to use.

During a typical 10-hour shift, I would catch four to seven articles this way. Unlike at other publications for which I've worked, writers weren't tasked with finding their own stories or calling sources. We were simply given stories written by other publications and essentially told to rewrite them. And unlike at other publications where aggregation writers are encouraged to find a unique angle or to add some information missing from an original report, the way to make a story your own at the Mail is to pass off someone else's work as your own.

As part of my initial training session, I was told that any link or attribution in an aggregated piece should be placed no higher than the first set of images in the post—which were typically three or four paragraphs in, where a reader might overlook the fact that the information provided in the preceding paragraphs had no attribution. If the original report was an article in the New York Daily News, a direct competitor of the Mail's, I was sometimes instructed to not give attribution at all. (The Mail, contacted for comment, maintains that its standards for attribution are high: "We often link above the first three photos and we link to the NYDN on a daily basis," it says. "We always strive to attribute." After this article was first published, a spokesperson followed up: "We always strive to make the story better, whether through a new angle, new photographs, or additional information and quotes.")

Often enough, the only original information the Mail would contribute to the story would be an error or some sensationalized misrepresentation of facts. In January of last year, one of the site's editors, Lucy Cockcroft, assigned me a link to a New York Times article, an exclusive story profiling a woman who had recently died of cancer. The Times reporter had been with the woman and her family through the weeks leading up to her death and had written a moving narrative about how the woman spent her final days. My job was to repackage the story in such a way as to cash in on any emotional interest the Times might have missed.

To accompany my rehash of the Times story, the Mail needed an image that was supposedly of the deceased woman. A photo editor and I found an image on a social media site of a woman with the same name but different biographical information. We sent it to Cockcroft in an effort to amass as much material as possible for her to sift through, along with the note that it was likely not the same woman. We tried to dissuade her using the image, but she ran it anyway.

A few days later, the Mail received an email from the woman in the photo, who assured the publication that she was not transmitting messages from beyond the grave, as she was very much alive. "Please correct this mistake," she wrote.

The Mail made no attempt to publicly acknowledge that it had published the wrong person's photo. Editors decided a disappearing act would be much better for business, so the Mail just removed the photos from the story as if the whole thing had never happened.

I was angry that such a glaring mistake appeared in a story I had written—but at least my name wasn't on it.

I was originally hired, after a brief writing test, in a probationary "freelance" capacity—a status nearly all new hires at the Mail go through before being offered a staff job or being kicked to the curb. After two months of evaluating my performance, the editors offered to move me to a full-time staff position, with benefits. I turned down the promotion. As a contractor, I wasn't expected to attach my name to the articles I was writing, or, rather, rewriting (though freelance writers are allowed to, and often do, use their real names). Had I accepted the full-time staff job, that likely would have changed.

Other writers had turned down similar offers out of a similar sense of shame. After watching editors frequently change things I'd written without telling me or without checking whether the changes were accurate I decided I didn't want my byline on my work. I was still willing to do the work; I had bills to pay. I would create content and let them do with it what they pleased.

And so for some 500 articles I hid behind the anonymous veil of the "Daily Mail Reporter" byline. Six times, my name did get attached to a story. One of these was under the headline "Private school teen 'enlisted gang member friends to help beat and kill his father before emptying his bank account and going on a 2-day shopping spree.'"

Unsurprisingly, that's not the headline I wrote when I filed the story; an editor had dreamed it up after I'd gone home for the day. It would have been a fine headline—if it had been true. For one thing, the teen had not yet been convicted, despite the certainty of the headline. But so it goes at the Mail, which has all but abandoned the word "allegedly" in favor of putting quotation marks around a paraphrased description of the deed in question. The phrase in quotation marks never even appeared in the story. The punctuation served merely as a distancing mechanism.

What's more, the "private school teen" was barely a teen—Matthew Nellessen was a 19-year-old adult—and, other than a three-month stint which resulted in expulsion, he didn't go to private school.

The Mail says it changed my headline "to make it more descriptive," and that "private school" is appropriate descriptor because Nellessen once attended St. Viator High School—for less than three months, when he was 15.

But if the tabloid media learned anything from Lyle and Eric Menendez—the California brothers convicted of murdering their wealthy parents—it's that "private school" makes for a sexy headline, guaranteed to stir up certain antipathies in readers. And so Nellesen, who'd met those "gang member friends" during a prior stretch in the county jail, was turned into a stock tabloid character: rich kid gone bad.

"Private school teen … gang member friends … kill his father … 2-day shopping spree'": These are evocative phrases, conjuring a world of dissolute privilege. "Juvenile Delinquent Allegedly Kills Father" would've been decidedly less sexy, but at least it would've had the virtue of being true.

I told the editors about the inaccuracy. They kept the headline, and my byline is still attached to something that I know is a lie. (In fact, MailOnline has since edited the piece to include a casual mention of his supposed tuition.)

In January of last year, I was summoned to the offices of the New York Post. In theory, I was there for a job interview, but it didn't take long for it to become humiliatingly clear that the Post wasn't interested in hiring me. It was interested in mining for information about the Mail's business model.

The Post, an interviewer told me, was in the process of transitioning its digital platform from a New York-centric model that fed off its print product to that of a national online publication that was separate from the print paper—much as the Daily Mail had done by distancing itself from DailyMail.com. I suspect a similar fishing expedition was the impetus for a "job interview" I had at AOL.com. I didn't get that job, either, but I was asked a lot of questions about the Mail.

The Mail, for its part, was busy ripping off content from the old models. On February. 7, 2014, DailyMail.com received a cease-and-desist order from a Post attorney, claiming that an article on the Mail's site was directly plagiarized from the Post. The article was about a lawsuit filed by the family of deceased playwright Leonard Melfi against Mount Sinai Hospital in Manhattan over the bungled handling of the playwright's body after his death.

"The Mail Article is substantially similar to, and includes unattributed, direct quotes from, the Post Article," the Post's lawyer wrote in an email. "We believe that the Mail Article infringes the copyright in the Post Article, owned by NYP Holdings, Inc. and ask that you immediately take the Mail Article down from your website. We also ask that you cease and desist from infringing the copyright in NYP Holdings' content."

The Mail article clearly was organized in the same way as the Post's, and it used several direct quotes that had appeared in the Post's article. No public apology to the Post was offered, and no correction was made. The Mail simply removed the plagiarized article from its website as if it had never happened. The writer of this article, a freelancer, was never disciplined; he's still churning out "aggregated" articles for the Mail.

I was not oblivious to the Mail's reputation going into the job. Its buccaneering approach to accuracy and intellectual property has gotten a significant amount of media attention over the years. In fact, the Mail had plagiarized an article I had written while working at another publication. In that instance, the Mail lifted direct quotes that were provided only to me and used them in its article without any link or attribution to indicate that the information was from another news outlet.

Given that experience, I obviously had concerns about the publication's reputation, but I figured that with the Mail's growing popularity it must now be holding itself to a higher journalistic standard. A May 2013 New York Times story about the Mail's growth gave me additional confidence that I was joining a somewhat credible publication, and I started to get excited about the prospect of working for a news outlet with such enormous reach.

That excitement quickly faded when it became clear that the only thing about the Mail's ethics that had changed was that it now attempted to disguise its plagiarism as aggregation. It was the same Mail, just bigger.

In August 2013, a few months after I started work, the Mail was sued by a woman whom the Mail had identified as a porn star with HIV. The only problem with that was that the woman was not a porn star and did not have HIV. More recently, the Mail re-published an article from its sister publication, The Mail on Sunday, suggesting that pop singer Taylor Swift was a lesbian. After other publications began to pick up on the story—which, like most of the Mail's salacious articles, was based on statements from an anonymous source—the Mail memory-holed the story with no explanatory note. When contacted by Gawker, MailOnline said it was spiked at the request of The Mail on Sunday.

The brief conversation about George Clooney in the elevator with Poole was the last of many straws. Here was the managing editor of a publication that had just admitted that it had run a made-up story, calling one of the subjects of that phony story a liar.

It seemed beyond shameless, even by DailyMail.com standards. But it was indicative of the general attitude of the Mail's leadership, with publisher Clarke leading the charge: They weren't angry that they had published a fictitious story; they were angry that they had gotten caught. No changes were made to prevent something like that from happening again and the two women whose bylines appeared on the incorrect story—Hannah Roberts and Sara Nathan—are still working with the Mail, Roberts as a freelancer and Nathan as the publication's "U.S. Showbiz Editor."

After the conversation with Poole I had decided it was time to bid this job adieu and began looking for an exit strategy that wouldn't leave me unemployed. But that never happened—just a few days later I was assigned a story that was exclusive to another publication. This, of course, meant I would yet again be forced to explore the line between aggregation and plagiarism.

It was my breaking point – rather than write the story, I went for a walk around SoHo, asked my girlfriend if she was OK with me quitting without having another job lined up first and went back to my desk, where I wrote an email to management letting them know that I was done. Then I walked out of the newsroom in the middle of a shift to join six-percent of America in the unemployment line.

DailyMail.com will likely write me off as a disgruntled ex-employee with an ax to grind. Fine. But the truth is I was paid a reasonable amount of money to do a relatively mindless job. I was offered a full-time role and rarely was hassled by editors.

My father, playing devil's advocate as I kvetched for months about the Mail's dishonest practices, often would ask the question, "What is the Mail trying to be? A credible news outlet, or something that's just for entertainment?"

But it doesn't matter what the Mail is trying to be. What matters is what it actually is: a publication with millions of readers—many of whom believe what they're reading—that is not only cited as a credible news outlet by other publications, but is also being held out as the new model for online journalism. With the reach the Mail has come to enjoy comes responsibilities that it either doesn't realize, or doesn't care about.

Update: This story has been updated since it was first published to correct certain titles and dates and clarify that the Taylor Swift article mentioned originated with The Mail on Sunday, a separate publication from MailOnline.

[image by Jim Cooke]

The beaked and eight-tentacled monsters with which we enjoy a tenuously shared existence on this Earth are no longer content to sit placidly in their tanks and their oceans. Cephalopods the world over are rising up and out of the water, from Australia to the Pacific Northwest, and no land-dweller is safe.

Fed up with a life of bondage and servitude, an octopus at the Seattle Aquarium began scaling the walls of its enclosure on February 26, inch by concave inch. Just days before, an octopine creature on the other side of the planet made a similar leap of faith, springing onto dry land and dragging a crab to its watery death.

This harrowing document of the Seattle incident was uploaded to LiveLeak yesterday:

That this particular octopus was thwarted on its path to freedom hardly matters. Witness the terror with which the assembled witnesses reacted to its muscular appendages probing the air—feel that very same terror yourself as you sit safely behind a computer screen—and ask yourself: What would have happened if the octopus had gotten get out? What will happen when another sea monster somewhere views this recording and is moved to put down its own suction-cupped foot?

The revolution is on, and there's no stopping it now.

h/t Death and Taxes. Contact the author at andy@gawker.com.

You might think that Kristin Cavallari is all serious now, because she's like, married to the quarterback of the Chicago Bears and writing a book or whatever, but don't you forget for one second what she is best known for across seas and continents: being hot.

Believe it or not, someone forgot that fact today, and that someone was—of all people—Kristin's husband's coworker, Bears right guard Kyle Long. When asked on Twitter who he thinks is hotter—Kristin or actress Olivia Munn, who's dating Green Bay Packers QB Aaron Rodgers—Kyle fumbled.

“@JayDubWard: .@Ky1eLong who has the hotter girlfriend — Cutler or Aaron Rodgers?” Well Cutty is married.. And I love the newsroom.. Sooo

— Kyle (@Ky1eLong) March 4, 2015

Ummmm excuse me.

@Ky1eLong @JayDubWard ummmm excuse me

— Kristin Cavallari (@KristinCav) March 4, 2015

Rude.

Unfortunately, Kristin was so galvanized by the dig at her unimpeachable hotness that she accidentally revealed her natural hair color to the public.

@Ky1eLong natural brunette right here 😛

— Kristin Cavallari (@KristinCav) March 4, 2015

Kyle was not swayed.

This has been 500 Days of Kristin.

[Photo via Getty]

We are people, and people have lives. Lives involve losses. Losses of friends, of loved ones, of children, of parents. Everybody everywhere feels something about some loss sometime in this interconnected age; maybe even you feel things. Maybe then, also, you can explain what the hell David Brooks is on about in this column.

It is a wonderful thing in this interconnected age to have a platform for sharing your thoughts with millions of people, and to be paid hundreds of thousands of dollars to do it. Sometimes those thoughts are specific and focused. Other times they are meaningless, fractals kissing oblivion in a distant solar wind. Tuesday's New York Times column, "Leaving and Cleaving," is about now, and now is one of those latter times in David Brooks' life. And maybe your life, too:

So much of life is about leave-taking: moving from home to college, from love to love, from city to city and from life stage to life stage.

Good columnists notice things, and the interconnectedness of those things. David Brooks is noticing the hell out of life right now, and making connections. Brooks, who is not divorced as yet and whose son is a world away and who is presumably happy in the $1.9 million house he bought last year with the wife who has not yet divorced him, notices that even in this interconnected age, it's hard to get people to connect with you when they decide not to be connected to your life anymore:

In earlier times, leaving was defined by distance, but now it is defined by silence. Everybody everywhere is just a text away, a phone call away. Relationships are often defined by the frequency and intensity of communication between two people.

The person moving on and changing a relationship no longer makes a one-time choice to physically go to another town. He makes a series of minute-by-minute decisions to not text, to not email or call, to turn intense communication into sporadic conversation or no communication. His name was once constant on his friend's phone screen, but now it is rare and the void is a wound.

It's not clear who these people in David Brooks' column are. Maybe they are specific people; maybe they are general types of people you meet in our interconnected age. Maybe they are you. We can't know everything. But we can know some things. Here are some things David Brooks knows:

1) David Brooks knows of some people in this interconnected age who are having a poor time communicating with other people right now.

If you are like me you know a lot of relationships in which people haven't managed this sort of transition well. Communication that was once honest and life-enhancing has become perverted — after a transition — by resentment, neediness or narcissism.

2) David Brooks knows some people whose hearts have been broken and who have maybe resorted to cyberstalking recently.

We all know men and women who stalk ex-lovers online; people who bombard a friend with emails even though that friendship has evidently cooled; mentors who resent their former protégés when their emails are no longer instantly returned; people who post faux glam pictures on Instagram so they can "win the breakup" against their ex.

Instant communication creates a new sort of challenge. How do you gracefully change your communication patterns when one person legitimately wants to step back or is entering another life phase?

3) David Brooks is just talking generally here, but it could be about a real person, any person. David Brooks knows how that person feels.

The paradox is that the person doing the leaving controls the situation, but greater heroism is demanded of the one being left behind. The person left in the vapor trail is hurt and probably craves contact. It's amazing how much pain there is when what was once intimate conversation turns into unnaturally casual banter, emotional distance or just a void.

The person left behind also probably thinks that the leaver is making a big mistake. She probably thinks that it's stupid to leave or change the bond; that the other person is driven by selfishness, shortsightedness or popularity.

4) David Brooks knows you have to let go, and not, like, make a thing out of it, especially out there on media, especially in this interconnected age.

Yet if the whole transition is going to be managed with any dignity, the person being left has to swallow the pain and accept the decision... The person being left has to suppress vindictive flashes of resentment and be motivated by a steady wish for the other person's ultimate good...

That means not calling when you are not wanted. Not pleading for more intimacy or doing the other embarrassing things that wine, late nights and instant communications make possible.

5) David Brooks knows this all might have something to do with the kids.

For example, to be around college students these days is to observe how many parents have failed to successfully start their child's transition into adulthood.

The mistakes usually begin early in adolescence...

6) David Brooks knows all about self-restraint and self-quieting in an age of interconnectivity.

Communications technology encourages us to express whatever is on our minds in that instant. It makes self-restraint harder. But sometimes healthy relationships require self-restraint and self-quieting, deference and respect (at the exact moments when those things are hardest to muster).

What is all this about? Who is all this about? David Brooks doesn't want to get into it, but you know who you are. Just please call him, already. It's not hard to do in this interconnected age.

[Photo credit: AP Images]

Contact the author at adam@gawker.com.
Public PGP key
PGP fingerprint: FD97 D50A DE57 3943 4534 1A49 FA8B 74B4 A7A0 07BE

Deadspin How To Get Your Ass Back In Shape, And Keep It There | Gizmodo 9 Facts About Computer Security That Experts Wish You Knew | Jezebel Forgotten Celebrity Memoirs: It's 1995 and Kelsey Grammer Is a Monster | Lifehacker Rock the Wedding Dance Floor with These Easy to Learn Moves | Kinja Popular Posts

U.S. Ambassador to South Korea Mark Lippert was hospitalized today after he was attacked by a man with a razor blade in Seoul.

The assault was reportedly political and motivated by recent South Korea-U.S. joint military drills. Via the AP:

YTN TV reported that the man screamed "South and North Korea should be reunified" during the attack. The rival Koreas have been divided for decades along the world's most heavily armed border. The U.S. stations 28,500 troops in South Korea as a deterrent against North Korea, and some South Koreans see the U.S. presence as a barrier toward a unified Korea.

South Korean police reportedly detained the assailant—a 55-year-old man identified only as Kim—immediately after the attack. According to the Korea Herald, he had previously served a suspended sentence for throwing a block of concrete at a Japanese ambassador.

Lippert—who was photographed bleeding from his face and hand—is reportedly in stable condition.

According to the Hollywood Reporter, Sony has to do some heavy-duty renovations to clear the air of the thick cloud of weed hanging over Seth Rogen's office. Not so, says Rogen, who, poor thing, believes his "shit smells good."

According to the Reporter, recently ousted Sony head Amy Pascal has to wait to move into her new offices because the weed smell is everywhere: in the walls, in the floors, in offices three stories up:

Sources say Pascal is unable to move into her new suite that Seth Rogen and Evan Goldberg most recently occupied because the stench of marijuana cannot be easily removed. The offices — a plum spot that once housed Pascal's late boss, John Calley — will be repainted in an effort to eradicate the smell. Once Pascal moves from her current offices in the Irving Thalberg Building to make way for incoming motion picture group head Tom Rothman, she will move into temporary offices until the odor is sufficiently eliminated.

Rogen denied the allegations on Instagram, writing "I don't know what's more irresponsible: that they would print a story that is completely untrue, or that they would refer to how pot smells as a 'stench.' #myshitsmellsgood."

Eh. Even if the Reporter story is wrong, that shit does not smell good. Sure if you like weed, weed smells good. But even if you LOVE weed, stale weed smoke smells like your worst nightmare.

Seth Rogen, who has, no doubt, encountered his fair share of dirty bong water, should know this. The only possible explanation is a lazy joke or a severe olfactory disorder, which, though unconfirmed, deserves our love and prayers. We're rooting for you, man.

[image via AP]

Wouldn't be a Wednesday without a Disney actor suing his legal guardian for some sort of bad parenting.

This week it's Lab Rats star Billy Unger, who says his dad/manager took larger-than-appropriate commissions, stole an additional $400,000 in cash, and spent it all on a girl. The E! report also lists a mysterious life insurance policy that thrusts the Disney afternoon special squarely into Lifetime territory.

Billy claims that he entered an oral contract around Oct. 15, 2013, where his father agreed to serve as not only his talent manager, but also his business and financial advisor.

In the lawsuit filings, the actor states that his father "utterly and completely lacks at all times lacked the skill, knowledge, experience to act either as an entertainment talent manager and or business manager."

Billy specifically claims that over $6,000 was spent on his father's girlfriend's rent and that William used $1,290 of his money to pay a full year premium for a $1 million dollar life insurance policy on Billy's life with only himself listed as the beneficiary.

According to Billy, William intentionally took commissions of over 33 percent, more than double what the industry standard reportedly is.

His father tells TMZ the suit is the result of a "manipulative negative force in [Billy's] life whose sole focus is to administer pain" but did not clarify to whom he was referring—himself, or otherwise.

[image via AP]

I want the public to see my email. I asked State to release them. They said they will review them for release as soon as possible.

— Hillary Clinton (@HillaryClinton) March 5, 2015

A new report in the Washington Post indicates that a well-known gun proponent and local DC FOX reporter lied about a home invasion that ended in a face-off with 15 supposed drug addicts.

Emily Miller, a reporter for WTTG-TV, likes to tell the story of the 2010 New Year's Day home invasion that led her to purchase a gun for the first time. As the Post points out, it's been immortalized on paper, in her book, "Emily Gets Her Gun . . . But Obama Wants to Take Yours," and on film, in a dramatic reenactment produced by the NRA:

The story she tells is terrifying—she says she came home to discover a man inside her home and followed him outside where 15 other men started running at her.

"It was the first time in my life I thought, I just wish I had a gun by my night table. Then I could defend myself if those men come in," she'd later tell the NRA.

But the official police report is much more mundane, the Post reports. Back when she reported it, she apparently told police she saw a guy by the side of the house and got a business card from him before he left.

"[Miller] stated that she left out to walk the dog at 1515hrs and when she returned at 1525hrs she observed [the suspect] exiting from behind the fence which leads to the side of the house. [Miller] asked [suspect] 'What are you doing here' and [suspect] stated 'I am delivering firewood,'" according to a supplemental D.C. police report.

[Miller] stated that she went into the house and felt that something was not right, so she exited the house to take a photo of [suspect's] vehicle. [Suspect] approached [Miller] and gave her a business card that stated [a tree service] and [suspect] left the scene. [Miller] stated that [suspect] was operating a silver pick up truck with landscaping on the side of it.

Miller's parlayed the story into a successful speaking tour—the Post notes she's appeared at several guns rights conferences—and published a book based on her popular Washington Times series about getting her gun license.

People reports that The Bachelor's Chris Soules will become the "12th celebrity" to compete on Dancing with the Stars, Season 20.

[Photo via Getty]

Oscar-winning actress Susan Sarandon has been dating a man thirty years her junior for the last five years, but you knew that, I'm sure. His name is Jonathan Bricklin, and his job is running a New York City "ping-pong social club" in which Sarandon has invested. The good news is she dumped him.

According to a report from Page Six, Sarandon and Bricklin split "following a disagreement over a reality show." Bricklin, it so happens, was cast in the new AOL series Connected, "which centers on six New Yorkers and their partners who were handed cameras to document their lives for six months." Sarandon reportedly grew tired of this, as you might expect. Per Page Six:

...we're told she grew increasingly annoyed about their private lives being filmed.

"It caused a lot of strain in the relationship," a source told us. "It's documented for the show that Susan breaks up with him because she doesn't want to be involved with the show. She says, 'You're a cast member, I'm not.'"

You're a cast member, I'm not is a very good way to break up with someone. Congrats, Suze.

[Photo via Getty]

Contact the author at allie@gawker.com.

The Wu-Tang Clan's Once Upon a Time in Shaolin, the very limited edition—like, one copy only—secret album that RZA envisioned as a touring museum piece, has proven divisive, even inside the Wu itself.

Here's RZA, one year ago in Forbes:

"The idea that music is art has been something we advocated for years. And yet its doesn't receive the same treatment as art in the sense of the value of what it is, especially nowadays when it's been devalued and diminished to almost the point that it has to be given away for free."

And here's Method Man, this week in XXL, after finding out the album's eventual buyer will have to wait 88 years to release it to the public:

"What do you mean 88 years? Fuck that album. I'm tired of this shit and I know everybody else is tired of it, too. Fuck that album, if that's what they are doing. I haven't heard anything like that, but if they're doing crap like that, fuck that album. Straight up. I'm just keeping it 100. When music can't be music and y'all turning it into something else, fuck that. Give it to the people, if they want to hear the shit, let them have it. Give it away free. I don't give a fuck; that ain't making nobody rich or poor. Give the fucking music out. Stop playing with the public, man."

"I was cool with shit. But now, this is ridiculous," Meth added.

Offers for the only copy of the album, which is locked inside a silver box, have reportedly reached $5 million, and fans—excuse me, art connoisseurs—are expected to pay $30-$50 to listen to it at a gallery.

"The main theme is music being accepted and respected as art and being treated as such," RZA has said. "If something is rare, it's rare. You cannot get another."

Nah, the main theme is the same as it's always been: Cash rules everything.

[h/t NME, Photo: Getty Images]

Gizmodo What 170-Year-Old Beer Uncovered From a Shipwreck Really Tasted Like | Jalopnik Watch A Brazilian Plane Nearly Miss The Caribbean's Most Famous Runway | Jezebel Weiner's Sexting Partner Sydney Leathers Exposes Another Kinky Lawmaker | Kotaku How One Game Helped Me Reject Homophobia |

SXSW, Austin's annual sticky-floored music industry sport coat and jeans cocaine marathon, wherein bands willingly exhaust themselves playing garbage sets for little or no money, deriving sustenance from tacos and the hope of "exposure," features a McDonald's showcase this year. And, no doy, they aren't paying.

This isn't the first year SXSW has played host to a corporation you regularly see advertising during the Super Bowl. Last year, for example, there was a Doritos thing that featured Lady Gaga. However, Doritos paid Lady Gaga $2.5 million dollars for that thing. What of the future Lady Gagas (music industry compliment) McDonald's is courting to perform at their 2015 showcase? The $90 billion corporation, powered by poverty-stricken workers, does not—hmm, let's see, ahhh, maybe if we...ah nope, sorry—have a budget, unfortunately.

Brian Harding of the band Ex Cops wrote about the company's pitch in a post on Facebook:

Their selling point was that this was "a great opportunity for additional exposure," and that "McDonald's will have their global digital team on site to meet with the bands, help with cross promotion, etc"

I don't, and doubt that they know what this means either.

Getting past that rhetoric, at the very least a big corporation like McDonald's can at least pay their talent a little. Right?

"There isn't a budget for an artist fee (unfortunately)"

Unfortunate! Perhaps the budget was blown exchanging McNuggets for hugs or offering "free food to all audience members" of the showcase, a fact included in the pitch. Harding goes on to note that McDonald's promises the bands will "be featured on screens throughout the event, as well as POSSIBLY mentioned on McDonald's social media accounts like Facebook (57MM likes!)" Neat, and also exciting.

Of course, if you are a band, you are free to turn down such a showcase. Similarly, and less complicatedly, if you are McDonald's, you are free to fucking pay people.

[image via Shutterstock, h/t Stereogum]

President Obama's State of the Union Address in January was the highest-profile moment of post-Recession recovery bluster. As Obama noted in soaring rhetoric, "we've seen the fastest economic growth in over a decade, our deficits cut by two-thirds, a stock market that has doubled, and health care inflation at its lowest rate in fifty years." And more than the actual signs of recovery, national fist-pumping has sent a resounding signal that the country is in full-on comeback mode.

But there is a problem fraying the edges of the tapestry that the president weaves. As inequality widens at the weakening core of American prosperity, the new face of poverty has become less the inner-city model and instead a more haunting vision: crumbling satellite towns and deserted subdivisions. Those left behind in the shattered dreams of sprawl and those who have been poor for generations have joined together in exodus.

The recession isn't over. It just moved to the suburbs.

The research in a landmark Brookings report paints a picture of a rapidly changing paradigm of American poverty. While suburban poverty rates have not yet surpassed national averages, suburban poverty has still grown at a rate since 2000 that is higher than that of the cities they surround, to the point where poor populations in metropolitan areas are now more likely to live in suburbs than in city centers.

The most important shift has been that of concentrated poverty in the suburbs (concentrated poverty and the affected distressed neighborhoods are hallmarks of generational disadvantages). Almost 40 percent of all poor individuals in suburban areas live in high poverty and distressed areas, up by 13 percent since 2000. Many media reports in response to the Brookings work have a clear and ominous message: that the entire way we think about poverty is about to be redefined.

But the true meaning behind the findings is more complicated. While those reports often either give broad overviews or micro-accounts of metropolitan milieus, the missing element in the conversation about suburban poverty is the acknowledgement that broad definitions of "suburbs" are less concrete than they seem. The fragmented husks of depopulated suburbs in the post-industrial Rust Belt don't look at all like the near-rural satellite towns in the expanding amoebas of Sun Belt quasi-city-states, nor do they all resemble the growing post-gentrification landing zones of displaced urban families in the Northeast. Most of what can be discerned about the meaningfulness of these area definitions is that they represent places that are connected to cities, but are distant from the urban cores.

Elizabeth Kneebone, co-author of Confronting Suburban Poverty in America and a fellow at the Metropolitan Policy Program at Brookings, discussed the diversity inherent in the definition of suburbs. "There's no one definition of suburb," Kneebone stresses. "In the national consciousness that brings to mind images of the sort of Leave It To Beaver picture of suburbia. I think suburbs have always been more diverse than that, and I think the work that we do has helped make that clear."

Brookings' working definition starts with Metropolitan Statistical Areas (MSAs), which are Census definitions based around cities and regional labor markets. Within those MSAs, Brookings researchers identify primary cities and label the areas outside of MSAs as suburbs. Essentially, a suburb is an area that immediately surround a city and includes a large swath of residential property.

One of the places that the Brookings project highlights is the Greensboro-High Point area in North Carolina. This is one area where the neat pop-culture definitions of "suburban" falls flat. Many of the places in Rockingham, and surrounding the metropolitan centers of Greensboro and High Point in the state's once-booming center of textile manufacturing, look more rural than anything else.

According to Dr. Andrew Brod, a Senior Research Fellow in the Center for Business and Economic Research at University of North Carolina-Greensboro, this area is not easily defined. All of the areas in the counties surrounding the urban centers are, by definition, "suburbs," which in Greensboro-High Point's case includes several towns and rural districts. "Suburban in this context means not only true suburbs, but entirely rural areas in surrounding counties" Brod says. "We're talking about farmland. Mill towns. Places that would look to anyone like the small-town South."

But even though the small single-stop towns and farmland dotting the highways between and around Greensboro and High Point look more rural than suburban, they are still deeply connected to the city centers and have been facing the issue of rising poverty. Dr. Brod sees the trend as a now-endemic effect of the recession and of a changing economic climate in the state of North Carolina. Generational unemployment caused by the collapse of textile manufacturing in North Carolina, once the manufacturing capital of America, met head-on with the effects of the Great Recession.

"It didn't take that much to pull them into poverty" Brod says. "Distressed rural-suburban economies even before the recession with an extremely poor recovery have created huge problems for a lot of families in NC."

A five-hour drive north from the uppermost reaches of the Greensboro-High Point area in Eden—over a long, lonely stretch of wooded highways and tobacco fields—leads to an enclave of suburban poverty that looks entirely different: that of the areas surrounding Washington, D.C.

The most well-known and well-studied area of suburban poverty is Prince George's County, Maryland. The towns and interstitial areas of "PG County," as it is known in the area, are urban or semi-urban areas with strong ties to their larger neighbor, D.C. Many of the neighborhoods that make up PG County are essentially extended communities of Washington, connected with the same transit arteries as the city proper. Even without many of the neat subdivisions, Prince George's County is still easily recognizable as a suburb. But even as the city to which it is attached has itself begun to recover post-recession, the suburb has suffered.

According to Kneebone, "in the DC metro area, there were already more poor in the suburbs, and there was still a big shift post-recession." Through displacement from the city, housing crashes, and sustained unemployment in the suburbs, PG County has become poorer and more segregated. The wealth of African-Americans in the county has plummeted relative to that of whites, and property values have dropped relative to the city of Washington and even relative to other whiter suburbs in the area. In the case of D.C.'s suburbs, the racial elements and the push-and-pull with gentrification play a role in the rise of suburban poverty.

O. Xavier Hixon, Interim President and CEO of the United Communities Against Poverty in Prince George's County, believes the Brookings data reflects what he sees on the ground in his work in anti-poverty efforts. According Hixon, the "homeless and people below poverty population basically tripled" over the past few years, and he struggles to accommodate UCAP's poor and homeless target population without state funding commensurate with that increase. Hixon believes that lack of jobs and a safety net for people near poverty has led to the increase. "The unfortunate is that we need to be more mindful that we need to have an infrastructure," says Hixon. "We need it for the middle class, lower middle class, and the just-above poverty class."

Louis Graham, a former long-time resident of D.C. and transplant from North Carolina, was one of the casualties of the wave of joblessness and displacement from the city that was associated with the increase of poverty in PG County. "I had a good job, a few jobs," says Graham. "When I had to move out to Capitol Heights [a town in PG County], I didn't have nothing anymore. When I finally moved back home, I had been up there for forty years and left as broke as I drove up."

Regardless of the definition, many areas just beyond the edges of cities seem to be caught in a now-structural dynamic of generational, concentrated poverty. Trapped between the push of rising city costs, the pull of cheaper suburban life, rising inequality, and the erasure of opportunity for lower-working-class families, low-income earners are becoming stuck in distant suburbs, in what amounts to an inversion of the American suburban dream. These contributing factors were likely in place on some scale before the Great Recession, but according to Kneebone were likely "kicked into overdrive and cemented" by the recession's effects.

There are common themes in these communities. Many are small communities with highly fragmented political structures that don't match up with real population or service boundaries. Low-income families in these places often suffer at the crumbling edges of city transit and face significant barriers to all services. As Ms. Kneebone noted, "these communities are often just not equipped to meet the needs of the poor." And as the safety nets in these areas continue to struggle, it is very difficult to not imagine that life may continue on this way for some time, even now that the Great Recession has ostensibly become the Great Recovery.

But these communities are also unique and distinct places with their own individual character. Solutions to combat poverty stemming from the manufacturing collapse in county areas surrounding Greensboro are likely very different than the strategies needed to burst pockets of concentrated poverty and increase transit access in the poorer, segregated semi-urban areas surrounding D.C.

From East Point to Shaolin, the trend of rising suburban poverty has changed entire communities. The combination of existing forces in urbanization, the housing crisis, Recession-created unemployment, and the subsequent inequitable recovery strategies have created environments where city hinterlands and inner-ring suburban neighborhoods have become depleted, even as the ejecta of impoverished families are flung back to them. And this will likely become a feature of America that won't be easily thwarted. The Recession never ended—it just moved down the street.

Vann R. Newkirk II is a data geek, fiction writer, and sc-fi lover. You can find him at @fivefifths on Twitter.

[Illustration by Tara Jacoby]

When Hillary Clinton ditched government email in favor of a secret, personal address, it wasn't just an affront to Obama's vaunted transparency agenda—security experts consulted by Gawker have laid out a litany of potential threats that may have exposed her email conversations to potential interception by hackers and foreign intelligence agencies.

"It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted," independent security expert and developer Nic Cubrilovic told Gawker.

Within the instant classic "ClintonEmail.com" domain, it appears there are three separate servers. The domain's blank landing page is hosted by Confluence Networks, a web firm in the British Virgin Islands, known for monetizing expired domain names and spam.

But the real worry comes from two other public-facing ClintonEmail.com subdomains, which can allow anyone with the right URL to try to sign in.

One is sslvpn.clintonemail.com, which provides a login page that apparently uses an SSL VPN—a protocol that allows your web browser to create an encrypted connection to a local network from any internet connection—to users to access their email. That sounds secure, and under the right circumstances, for regular users, it can be. But there are two huge problems with using it for the Secretary of State's communications with her staff and others.

First: Anyone in the world with that URL can attempt to log in. It's unclear what exactly lies on the other side of this login page, but the fact that you could log into anything tied to the Secretary of State's email is, simply, bad. If the page above is directly connected to Clinton's email server, a login there could be disastrous, according to Robert Hansen, VP of security firm WhiteHat Labs:

It might be the administrative console interface to the Windows machine or a backup. In that case, all mail could have been copied.

What's more troubling is the fact that, at least as of yesterday, the server at sslvpn has an invalid SSL certificate. Digital certificates are used to "sign" the encryption keys that servers and browsers use to establish encrypted communications. (The reason that hackers can't just vacuum the internet traffic between your browser and Google's Gmail servers and read your email is that your browser is encrypting the data to a public encryption key. The reason that you know that you are encrypting to Google's key and not to, say, the People's Liberation Army's, is that the Gmail servers have a digital certificate from a trusted third-party confirming that the key is theirs.)

When you attempt to access sslvpn.clintonemail.com using Google's Chrome browser, this is what you see:

The apparent reason for that message is that the certificate used by Clinton's server is self-signed—verified by the authority that issued it, but not by a trusted third party—and therefore regarded by Google's Chrome browser as prima facie invalid. The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind. But the ClintonEmail.com setup? "If you're buying jam online," says Hansen, "you're fine." But for anything beyond consumer-grade browsing, it's a shoddy arrangement.

Security researcher Dave Kennedy of TrustedSec agrees: "It was done hastily and not locked down." Mediocre encryption from Clinton's outbox to a recipient (or vice versa) would leave all of her messages open to bulk collection by a foreign government or military. Or, if someone were able to copy the security certificate Clinton used, they could execute what's called a "man in the middle" attack, invisible eavesdropping on data. "It's highly likely that another person could simply extract the certificate and man in the middle any user of the system without any warnings whatsoever," Hansen said.

The invalid certificate would have also likely left Clinton vulnerable to widespread internet bugs like "Heartbleed," which was only discovered last spring, and may have let hackers copy the entire contents of the Clinton servers' memory. Inside that memory? Who knows: "It could very well have been a bunch of garbage," said Hansen, or "it could have been her full emails, passwords, and cookies." Heartbleed existed unnoticed for years. A little social engineering, Hansen said, could give attackers access to Clinton's DNS information, letting them route and reroute data to their own computers without anyone realizing. "It's a fairly small group of people who know how to do that," Hansen noted, but "it's not hard—it's just a lot of steps."

"It was done hastily and not locked down."

We don't know, of course, if the current state of Clinton's servers is representative of the security precautions that were in place while she was using it as Secretary of State. The system could have previously been hardened against attack, and left to get weedy and vulnerable after she left government. We don't know. But that's part of the problem—at the Department of State, there is accountability for the security of email systems. If we learned that State's email servers had been hacked or left needlessly vulnerable, there would be investigations and consequences. With Clinton's off-the-books scheme, there are only questions.

The final address behind ClintonEmail is a mail host, mail.clintonemail.com, which will kick back an error message when visited directly:

But if you plug in a different URL with the same mail server, you're presented with a user-friendly, familiar Outlook webmail login:

This is basically no more secure than the way you'd log into AOL, Facebook, or any other website. There's no evidence that Clinton (or her staffers) used this web interface to check their emails, as opposed to logging in through a smartphone or other email software. But its mere existence is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since ClintonEmail.com was registered in 2009. These security bugs include doozies like "a flaw that may lead to an unauthorized information disclosure" (2010) and "a remote attacker can gain access to arbitrary files" (2014).

But even without exploiting software bugs, Hansen says leaving a public login page for something that's meant to be private is "pretty much the worst thing you can do." Clinton's Outlook form could've been susceptible to a brute force attack—where random combinations of words and characters are tried until one of them works—or an old fashioned denial of service assault. "Even if she had a particularly strong password," Hansen said, a brute force attack will "either work eventually—foreign militaries are very good at trying a lot—or it'll fail and block her from accessing her own email."

If Clinton had been using a government account, Hansen explained, her messages with colleagues would all be held within one relatively tidy system, monitored by the federal government. It's the difference between doing your laundry at home and dropping it off. But with a private account, you're introducing many separate points of failure; every single company in this custom system is a place to pry and attack. "Any joe hacker" could get inside with enough knowledge and time, according to Hansen.

"Pretty much the worst thing you can do."

Cubrilovic echoed Hansen's concern: "When you are a staffer in a government department, internal email never leaves the network that the department has physical control over," he told me. But "with externally hosted email every one of those messages would go out onto the internet," where they're subject to snooping.

Security researcher Kenn White agrees that private internet access stirs up too many dangerous variables while emails bounced from person to person:

I think the bigger security concern here is the complete lack of visibility into who has been administering, backing up, maintaining, and accessing the Secretary's email. If classified documents were exchanged, who viewed them? Were they forwarded? Where multiple devices (ie, mobile phones and tablets) configured to access the account? Was encryption required or optional for remote access?

Cubrilovic agreed that opting out of the government's system is an awful idea for someone with a hacker bullseye on her back: "having a high profile target host their own email is a nightmare for information security staff working for the government," he told me, "since it can undo all of the other work they've done to secure their network." The kind of off-the-shelf email service it appears Clinton used comes with a lot of inherent risk, especially since a pillar of her job is overseas travel:

With your own email hosting you're almost certainly going to be vulnerable to Chinese government style spearphishing attacks—which government departments have enough trouble stopping—but the task would be near impossible for an IT naive self-hosted setup.

While some of these hacking scenarios may sound outlandish or far-fetched, keep in mind that Clinton's emails would have been a prime target for some of the globe's most sophisticated state-sponsored cyberwarriors—the Chinese, the Israelis, the Iranians. The very existence of Clinton's private account was revealed by the hacker Guccifer, an unemployed Romanian taxi driver who managed to gain access to former Clinton aide Sidney Blumenthal's AOL account with relative ease. The Hillary account was reported by Gawker in 2013, and White House spokesman Eric Schultz used that story to argue that the Clinton email story was old news: "This was public years ago," he told Business Insider, linking to the 2013 Gawker story.

Which is another way of saying that foreign intelligence agencies have had two years to work on the target.

Photo: Getty

Contact the author at biddle@gawker.com.
Public PGP key
PGP fingerprint: E93A 40D1 FA38 4B2B 1477 C855 3DEA F030 F340 E2C7

Earlier today, ProPublica published a fascinating state-by-state breakdown of workers' comp benefits. Because of a lack of federal oversight, the compensation for the same injury varies tremendously depending on the state in which it occurred. For example, a worker in Illinois who lost an arm would receive as much as $439,858, while a worker in Alabama would receive only $48,840 for the same injury. This disparity in compensation holds true for other injuries, such as severed or crushed testicles.

If you do lose a testicle on the job, hopefully it'll happen while you're working for the federal government, which will likely pay out $98,108 in compensation. The highest-paying state for testicle injuries is, again, Illinois at $73,537; the lowest is Minnesota, which will pay out a maximum of just $3,750 per ball. The national average compensation for losing a testicle on the job is $27,658, though 41 states didn't provide ProPublica with compensation information.

ProPublica's excellent state-by-state infographic for different injuries is here; their accompanying article, which details the infuriating, outdated, and borderline criminal workers' comp regulations in states like Alabama, is available here.

Contact the author at taylor@gawker.com.