Briefing: Google liable for false AI Overviews, German court finds

Our weekly Briefing is free, but you should upgrade to access all of our reporting, resources, and a monthly workshop.

Craig infiltrated a North Korean hiring scam, revealing how these operations have become more elaborate and convincing. He also provided a detailed breakdown of the tools and methods used in the investigation.

Alexios wrote about his adversarial test of Pangram, a buzzy AI text detection startup. In his final set, he got 504 out of 588 AI-generated text samples mislabeled as human. However, he was less worried about Pangram’s error rate than about how its probabilistic results are being used.

📍 A German regional court determined that Google was liable for AI Overviews that “falsely tied two publishing companies to scams, subscription traps, and shady business practices.” The court ruled that Google is responsible for AIOs because they present results “in its own words and according to its own structure.”

📍 Elon Musk continues his speedrun of the content moderation learning curve. On Sunday, X’s owner announced that the platform will notify users if a tweet they engaged with has been labeled by a Community Note. Meta’s much-maligned Third Party Fact-Checking Program had been doing this for years.

📍 The European Commission released its expert-drafted code of practice on transparency of AI-generated content and is now looking for signatories. Companies that follow the code will comply with the AI Act when it takes effect in August. Here are the highlights according to David Evan Harris, who was a member of the working group.

📍 Bloomberg reported that some online scam networks are shifting operations from South East Asia, where they are being disrupted, to Sri Lanka.

📍 Speaking of scams: British bank Lloyds said that 68 percent of fraud reports it receives from customers originated on a Meta platform (h/t Henry Ajder).

📍 Filipino lawmakers approved the Digital Media Anti-False Information Act late last week. According to PNA, the law focuses “on coordinated digital manipulation operations, including troll farms, bot networks, fake account networks, and other organized efforts with the aim of distorting public discourse through deception.” Human Rights Watch has warned that it could be used to silence dissent.

📍 Spotify took down tens of thousands of podcasts promoting illegal online pharmacies, following a congressional investigation. The company said the podcasts were a “spam attack” aimed at increasing search engine visibility.

📍 Deezer is opening up its AI music detector so that people can use it to scan playlists on streaming platforms like Apple Music and Spotify. (It also imports the music into Deezer, which is the self-interested motivation.)

📍 A report from Bitdefender Labs found that “Reddit users are being targeted by a growing wave of sponsored scam ads impersonating major news organizations, including the BBC, the Financial Times, and The Guardian.”

Here’s a product update that investigators should be aware of: Instagram announced that users can now reorder content on their grid.

It means that you can’t assume that the photos and videos displayed on a profile are in reverse chronological order. Take note for future Instagram investigations.

📍 Dennis Keefe created Venmo OSINT, a free web-based tool. You can use it to find a profile based on a first name/last name search, or to lookup a username and view details such as payment activity (if it’s public), profile photo, etc. More details are here, and you can also grab the code.

📍 Keefe also published “OSINT for Discord.”

📍 Estorides is an open-source “aggregator and correlation engine inspired by Palantir, Bellingcat, Maltego, and Citizen Lab workflows.”

📍 OSINT Mapping Tool is an open-source tool “for organizing OSINT research. Jot down identifiers (social handles, phones, vehicles, whatever), pin places on a map (Google or OpenStreetMap), and wire the two together.”

📍 Sigmund Brandstaetter wrote, “Self-Hosting Changedetection.io for OSINT: Another one in the Why and How Series” and “Self-Hosting SearXNG for OSINT: Why and How.”

📍 Joe Gray wrote, “Using OSINT to Investigate Disinformation Campaigns.”

📍 Benjamin Strick published the latest edition of his OSINT Field Notes newsletter. Among other things, he highlighted the free Building Height Calculator tool.

📍 He also recently published a new OSINT video: “How Investigators Find Secret Locations On Strava.”

📍 Craig is at the Investigative Reporters and Editors Conference in Maryland next week. He’s on a Thursday panel, “The latest intel on big tech and AI threats, and tools to expose them.” And he’s giving a masterclass on Friday, “Searching in the Age of AI.”

📍 Politico reports that the chief marketing officer for Polymarket sent over $2.5 million to more than 800 people using the PayPal of a salad restaurant he co-founded. The recipients included at least 20 influencers who promoted the prediction market on social media. (Meanwhile, Kalshi called on its own paid influencers to take down paid posts spreading disinformation about the Los Angeles mayoral election.)

📍 France’s agency tasked with disrupting foreign interference Viginum claims in its latest report that the Israeli firm Blackcore was behind online smear campaigns in Angola, France, Scotland, Togo, and even the New York City mayor election.

📍 OpenAI released information about two influence operations it said were linked to China. The two clusters used ChatGPT to generate content that sought to influence American discourse around data centers and tariffs.

📍 According to the antibot4navalny collective, the Russian-aligned Matryoshka bot operation invested more effort in the recent Armenian election than on prior American, German, and Polish votes. (Related: Newsguard found that Google’s Gemini Omni willingly produced a deepfake of Armenia’s prime minister committing to accept 250,000 refugees in exchange for EU membership.)

📍 What To Fix found that the Meta welcomed Bosnia’s most frequently debunked Facebook page into its invite-only Content Monetization program. The page has been fact-checked 464 times by Raskrinkavanje. Eight other serial misinformation peddlers were similarly welcomed into the revenue-generating partnership.

📍 A CBC investigation found that an Indonesian noodle merchant was one of 14 accounts that push Alberta separatist content on Facebook. The accounts were probably doing so to generate income through Meta’s monetization program.

📍 The Technology Transparency Project found that YouTube placed ads on 56 channels tied to sanctioned Iranian entities, including a “state broadcaster responsible for spreading disinformation and propaganda.” One ad was from the US Customs and Border Protection agency. The platform deleted some of the accounts after Wired reported on the study.

📍 A Florida woman and QAnon organizer catfished several Democratic operatives by matching with them on Bumble, then recording their conversations to leak them on conservative websites run by Steven Crowder and James O’Keefe.

📍 Decode published a deep dive on the backstory and economics of “Babydoll Archi,” an account fueled by nonconsensual deepfaked imagery that was busted last year.

Want more studies on digital deception? Paid subscribers get access to our Academic Library with 75 categorized and summarized studies:

Please upgrade to access to all of our content, including our how-to guides and Academic Library, and to our live monthly workshops.