AGI will be embedded into humanoid robots, which makes white-collar and blue-collar jobs a target ... More for walking/talking automation.getty In today’s column, I examine the highly worrisome qualms expressed that the advent of artificial general intelligence (AGI) is likely to usurp white-collar jobs. The stated concern is that since AGI will be on par with human intellect, any job that relies principally on intellectual pursuits such as typical white-collar work will be taken over via the use of AGI. Employers will realize that rather than dealing with human white-collar workers, they can more readily get the job done via AGI. This, in turn, has led to a rising call that people should aim toward blue-collar jobs, doing so because (presumably) those forms of employment will not be undercut via AGI. Sorry to say, that misses the bigger picture, namely that AGI when combined with humanoid robots is coming not only for white-collar jobs but also blue-collar jobs too. It is a proverbial double-whammy when it comes to the attainment of AGI. Let’s talk about it. This analysis of an innovative AI breakthrough is part of my ongoing Forbes column coverage on the latest in AI, including identifying and explaining various impactful AI complexities (see the link here). Heading Toward AGI And ASI First, some fundamentals are required to set the stage for this weighty discussion. There is a great deal of research going on to further advance AI. The general goal is to either reach artificial general intelligence (AGI) or maybe even the outstretched possibility of achieving artificial superintelligence (ASI). AGI is AI that is considered on par with human intellect and can seemingly match our intelligence. ASI is AI that has gone beyond human intellect and would be superior in many if not all feasible ways. The idea is that ASI would be able to run circles around humans by outthinking us at every turn. For more details on the nature of conventional AI versus AGI and ASI, see my analysis at the link here. We have not yet attained AGI. In fact, it is unknown as to whether we will reach AGI, or that maybe AGI will be achievable in decades or perhaps centuries from now. The AGI attainment dates that are floating around are wildly varying and wildly unsubstantiated by any credible evidence or ironclad logic. ASI is even more beyond the pale when it comes to where we are currently with conventional AI. AGI Problem Only Half Seen Before launching into the primary matter at hand in this discussion, let’s contemplate a famous quote attributed to Charles Kettering, a legendary inventor, who said, “A problem well-stated is a problem half-solved.” I bring this up because those loud clamors right now about the assumption that AGI will replace white-collar workers are only seeing half of the problem. The problem as they see it is that since AGI is intellectually on par with humans, and since white-collar workers mainly use intellect in their work endeavors, AGI is going to be used in place of humans for white-collar work. I will in a moment explain why that’s only half of the problem and there is a demonstrative need to more carefully and fully articulate the nature of the problem. Will AGI Axiomatically Take White-Collar Jobs On a related facet, the belief that AGI will axiomatically replace white-collar labor makes a number of other related key assumptions. I shall briefly explore those and then come back to why the problem itself is only half-baked. The cost of using AGI for doing white-collar work will need to be presumably a better ROI choice over human workers. If not, then an employer would be wiser to stick with humans rather than employing AGI. There seems to often be an unstated belief that AGI is necessarily going to be a less costly route than employing humans. We don’t know yet what the cost of using AGI will be. It could be highly expensive. Indeed, some are worried that the world will divide into the AGI haves and AGI have-nots, partially due to the exorbitant cost that AGI might involve. If AGI is free to use, well, that would seem to be the nail in the coffin related to using human workers for the same capacity. Another angle is that AGI is relatively inexpensive in comparison to human labor. In that case, the use of AGI is likely to win over human labor usage. But if the cost of AGI is nearer to the cost of human labor (all in), or more so, then employers would rationally need to weigh the use of one versus the other. Note that when referring to the cost of human labor, there is more to that calculation than simply the dollar-hour labor rate per se. There are lots of other less apparent costs, such as the cost to manage human labor, the cost of dealing with HR-related issues, and many other factors that come into the weighty matter. Thus, an AGI versus human labor ROI will be more complex than it might seem at an initial glance. In addition, keep in mind that AGI would seemingly be readily switched on and off, and have other capacities that human labor would not equally tend to allow. The Other Half Is Coming Too Assume that by and large the advent of AGI will decimate the need for white-collar human labor. The refrain right now is that people should begin tilting toward blue-collar jobs as an alternative to white-collar jobs. This is a logical form of thinking in the sense that AGI as an intellectual mechanism would be unable to compete in jobs that involve hands-on work. A plumber needs to come to your house and do hands-on work to fix your plumbing. This is a physicality that entails arriving at your physical home, physically bringing and using tools, and physically repairing your faulty home plumbing. A truck driver likewise needs to sit in the cab of a truck and drive the vehicle. These are physically based tasks. There is no getting around the fact that these are hands-on activities. Aha, yes, those are physical tasks, but that doesn’t necessarily mean that only human hands can perform them. The gradual emergence of humanoid robots will provide an alternative to human hands. A humanoid robot is a type of robot that is built to resemble a human in form and function. You’ve undoubtedly seen those types of robots in the many online video recordings showing them walking, jumping, grasping at objects, and so on. A tremendous amount of active research and development is taking place to devise humanoid robots. They look comical right now. You watch those videos and laugh when the robot trips over a mere stick lying on the ground, something that a human would seldom trip over. You scoff when a robot tries to grasp a coffee cup and inadvertently spills most of the coffee. It all seems humorous and a silly pursuit. Keep in mind that we are all observing the development process while it is still taking place. At some point, those guffaws of the humanoid robots will lessen. Humanoid robots will be as smooth and graceful as humans. This will continue to be honed. Eventually, humanoid robots will be less prone to physical errors that humans make. In a sense, the physicality of a humanoid robot will be on par with humans, if not better, due to its mechanical properties. Do not discount the coming era of quite physically capable humanoid robots. AGI And Humanoid Robots Pair Up You might remember that in The Wonderful Wizard of Oz, the fictional character known as The Strawman lacked a brain. Without seeming to anthropomorphize humanoid robots, the current situation is that those robots typically use a form of AI that is below the sophistication level of modern generative AI. That’s fine for now due to the need to first ensure that the physical movements of the robots get refined. I have discussed that a said-to-be realm of Physical AI is going to be a huge breakthrough with incredible ramifications, see my analysis at the link here. The idea underlying Physical AI is that the AI of today is being uplifted by doing data training on the physical world. This also tends to include the use of World Models, consisting of broad constructions about how the physical world works, such as that we are bound to operate under conditions of gravity, and other physical laws of nature, see the link here. The bottom line here is that there will be a close pairing of robust AI with humanoid robots. Imagine what a humanoid robot can accomplish if it is paired with AGI. I’ll break the suspense and point out that AGI paired with humanoid robots means that those robots readily enter the blue-collar worker realm. Suppose your plumbing needs fixing. No worries, a humanoid robot that encompasses AGI will be sent to your home. The AGI is astute enough to carry on conversations with you, and the AGI also fully operates the robot to undertake the plumbing tasks. How did the AGI-paired humanoid robot get to your home? Easy-peasy, it drove a car or truck to get there. I’ve previously predicted that all the work on devising autonomous vehicles and self-driving cars will get shaken up once we have suitable humanoid robots devised. There won’t be a need for a vehicle to contain self-driving capabilities. A humanoid robot will simply sit in the driver’s seat and drive the vehicle. This is a much more open-ended solution than having to craft components that go into and onto a vehicle to enable self-driving. See my coverage at the link here. Timing Is Notable One of the reasons that many do not give much thought to the pairing of AGI with humanoid robots is that today’s humanoid robots seem extraordinarily rudimentary and incapable of performing physical dexterity tasks on par with human capabilities. Meanwhile, there is brazen talk that AGI is just around the corner. AGI is said to be within our grasp. Let’s give the timing considerations a bit of scrutiny. There are three primary timing angles: Option 1: AGI first, then humanoid robots. AGI is attained before humanoid robots are sufficiently devised. Option 2: Humanoid robots first, then AGI. Humanoid robots are physically fluently adept before AGI is attained. Option 3: AGI and humanoid robots arrive about at the same time. AGI is attained and at the same time, it turns out that humanoid robots are fluently adept too, mainly by coincidence and not due to any cross-mixing. A skeptic would insist that there is a fourth possibility, consisting of the possibility that we never achieve AGI and/or we fail to achieve sufficiently physically capable humanoid robots. I am going to reject that possibility. Perhaps I am overly optimistic, but it seems to me that we will eventually attain AGI, and we will eventually attain physically capable humanoid robots. I shall next respectively consider each of the three genuinely reasonable possibilities. Option 1: AGI First, Then Humanoid Robots What if we manage to attain AGI before we manage to achieve physically fluent humanoid robots? That’s just fine. We would indubitably put AGI to work as a partner with humans in figuring out how we can push along the budding humanoid robot development process. It seems nearly obvious that with AGI’s capable assistance, we would overcome any bottlenecks and soon enough arrive at top-notch physically adept humanoid robots. At that juncture, we would then toss AGI into the humanoid robots and have ourselves quite an amazing combination. Option 2: Humanoid Robots First, Then AGI Suppose that we devise very physically adept humanoid robots but have not yet arrived at AGI. Are we in a pickle? Nope. We could use conventional advanced AI inside those humanoid robots. The combination would certainly be good enough for a wide variety of tasks. The odds are that we would need to be cautious about where such robots are utilized. Nonetheless, we would have essentially walking, talking, and productive humanoid robots. If AGI never happens, oh well, we end up with pretty good humanoid robots. On the other hand, once we arrive at AGI, those humanoid robots will be stellar. It’s just a matter of time. Option 3: AGI And Humanoid Robots At The Same Time Let’s consider the potential of AGI and humanoid robots perchance being attained around the same time. Assume that this timing isn’t due to an outright cross-mixing with each other. They just so happen to advance on a similar timeline. I tend to believe that’s the most likely of the three scenarios. Here’s why. First, despite all the hubris about AGI being within earshot, perhaps in the next year or two, which is a popular pronouncement by many AI luminaries, I tend to side with recent surveys of AI developers that put the date around the year 2040 (see my coverage at the link here). Some AI luminaires sneakily play with the definition of AGI in hopes of making their predictions come true sooner, akin to moving the goalposts to easily score points. For my coverage on Sam Altman’s efforts of moving the cheese regarding AGI attainment, see the link here. Second, if you are willing to entertain the year 2040 as a potential date for achieving AGI, that’s about 15 years from now. In my estimation, the advancements being made in humanoid robots will readily progress such that by 2040 they will be very physically adept. Probably be sooner, but let’s go with the year 2040 for ease of contemplation. In my view, we will likely have humanoid robots doing well enough that they will be put into use prior to arriving at AGI. The pinnacle of robust humanoid robots and the attainment of AGI will roughly coincide with each other. Two peas in a pod.Impact Of Enormous Consequences In an upcoming column posting, I will examine the enormous consequences of having AGI paired with fully physically capable humanoid robots. As noted above, this will have a humongous impact on white-collar work and blue-collar work. There will be gargantuan economic impacts, societal impacts, cultural impacts, and so on. Some final thoughts for now. A single whammy is already being hotly debated. The debates currently tend to be preoccupied with the loss of white-collar jobs due to the attainment of AGI. A saving grace seems to be that at least blue-collar jobs are going to be around and thriving, even once AGI is attained. The world doesn’t seem overly gloomy if you can cling to the upbeat posture that blue-collar tasks remain intact. The double whammy is a lot more to take in. But the double whammy is the truth. The truth needs to be faced. If you are having doubts as a human about the future, just remember the famous words of Vince Lombardi: “Winners never quit, and quitters never win.” Humankind can handle the double whammy. Stay tuned for my upcoming coverage of what this entails.

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response team, said. "By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext." The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. The list of identified extensions are below - SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl), which call the URL "rank.trellian[.]com" over plain HTTP Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh), which uses HTTP to call an uninstall URL at "browsec-uninstall.s3-website.eu-central-1.amazonaws[.]com" when a user attempts to uninstall the extension MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl) and MSN Homepage, Bing Search & News (ID: midiombanaceofjhodpdibeppmnamfcj), which transmit a unique machine identifier and other details over HTTP to "g.ceipmsn[.]com" DualSafe Password Manager & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc), which constructs an HTTP-based URL request to "stats.itopupdate[.]com" along with information about the extension version, user's browser language, and usage "type" "Although credentials or passwords do not appear to be leaked, the fact that a password manager uses unencrypted requests for telemetry erodes trust in its overall security posture," Guo said. Symantec said it also identified another set of extensions with API keys, secrets, and tokens directly embedded in the JavaScript code, which an attacker could weaponize to craft malicious requests and carry out various malicious actions - Online Security & Privacy extension (ID: gomekmidlodglbbmalcneegieacbdmki), AVG Online Security (ID: nbmoafcmbajniiapeidgficgifbfmjfo), Speed Dial [FVD] - New Tab Page, 3D, Sync (ID: llaficoajjainaijghjlofdfmbjpebpa), and SellerSprite - Amazon Research Tool (ID: lnbmbgocenenhhhdojdielgnmeflbnfb), which expose a hard-coded Google Analytics 4 (GA4) API secret that an attacker could use to bombard the GA4 endpoint and corrupt metrics Equatio – Math Made Digital (ID: hjngolefdpdnooamgdldlkjgmdcmcjnc), which embeds a Microsoft Azure API key used for speech recognition that an attacker could use to inflate the developer's costs or exhaust their usage limits Awesome Screen Recorder & Screenshot (ID: nlipoenfbbikpbjkfpfillcgkoblgpmj) and Scrolling Screenshot Tool & Screen Capture (ID: mfpiaehgjbbfednooihadalhehabhcjo), which expose the developer's Amazon Web Services (AWS) access key used to upload screenshots to the developer's S3 bucket Microsoft Editor – Spelling & Grammar Checker (ID: gpaiobkfhnonedkhhfjpmhdalgeoebfa), which exposes a telemetry key named "StatsApiKey" to log user data for analytics Antidote Connector (ID: lmbopdiikkamfphhgcckcjhojnokgfeo), which incorporates a third-party library called InboxSDK that contains hard-coded credentials, including API keys. Watch2Gether (ID: cimpffimgeipdhnhjohpbehjkcdpjolg), which exposes a Tenor GIF search API key Trust Wallet (ID: egjidjbpglichdcondbcbdnbeeppgdph), which exposes an API key associated with the Ramp Network, a Web3 platform that offers wallet developers a way to let users buy or sell crypto directly from the app TravelArrow – Your Virtual Travel Agent (ID: coplmfnphahpcknbchcehdikbdieognn), which exposes a geolocation API key when making queries to "ip-api[.]com" Attackers who end up finding these keys could weaponize them to drive up API costs, host illegal content, send spoofed telemetry data, and mimic cryptocurrency transaction orders, some of which could see the developer's ban getting banned. Adding to the concern, Antidote Connector is just one of over 90 extensions that use InboxSDK, meaning the other extensions are susceptible to the same problem. The names of the other extensions were not disclosed by Symantec. "From GA4 analytics secrets to Azure speech keys, and from AWS S3 credentials to Google-specific tokens, each of these snippets demonstrates how a few lines of code can jeopardize an entire service," Guo said. "The solution: never store sensitive credentials on the client side." Developers are recommended to switch to HTTPS whenever they send or receive data, store credentials securely in a backend server using a credentials management service, and regularly rotate secrets to further minimize risk. The findings show how even popular extensions with hundreds of thousands of installations can suffer from trivial misconfigurations and security blunders like hard-coded credentials, leaving users' data at risk. "Users of these extensions should consider removing them until the developers address the insecure [HTTP] calls," the company said. "The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks." "The overarching lesson is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share, to ensure users' information remains truly safe." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

How Deepfakes Are Created Generative AI models enable the creation of highly realistic fake media. Most deepfakes today are produced by training deep neural networks on real images, video or audio of a target person. The two predominant AI architectures are generative adversarial networks (GANs) and autoencoders. A GAN consists of a generator network that produces synthetic images and a discriminator network that tries to distinguish fakes from real data. Through iterative training, the generator learns to produce outputs that increasingly fool the discriminator¹. Autoencoder-based tools similarly learn to encode a target face and then decode it onto a source video. In practice, deepfake creators use accessible software: open-source tools like DeepFaceLab and FaceSwap dominate video face-swapping (one estimate suggests DeepFaceLab was used for over 95% of known deepfake videos)². Voice-cloning tools (often built on similar AI principles) can mimic a person’s speech from minutes of audio. Commercial platforms like Synthesia allow text-to-video avatars (turning typed scripts into lifelike “spokespeople”), which have already been misused in disinformation campaigns³. Even mobile apps (e.g. FaceApp, Zao) let users do basic face swaps in minutes⁴. In short, advances in GANs and related models make deepfakes cheaper and easier to generate than ever. Diagram of a generative adversarial network (GAN): A generator network creates fake images from random input and a discriminator network distinguishes fakes from real examples. Over time the generator improves until its outputs “fool” the discriminator⁵ During creation, a deepfake algorithm is typically trained on a large dataset of real images or audio from the target. The more varied and high-quality the training data, the more realistic the deepfake. The output often then undergoes post-processing (color adjustments, lip-syncing refinements) to enhance believability¹. Technical defenses focus on two fronts: detection and authentication. Detection uses AI models to spot inconsistencies (blinking irregularities, audio artifacts or metadata mismatches) that betray a synthetic origin⁵. Authentication embeds markers before dissemination – for example, invisible watermarks or cryptographically signed metadata indicating authenticity⁶. The EU AI Act will soon mandate that major AI content providers embed machine-readable “watermark” signals in synthetic media⁷. However, as GAO notes, detection is an arms race – even a marked deepfake can sometimes evade notice – and labels alone don’t stop false narratives from spreading⁸⁹. Deepfakes in Recent Elections: Examples Deepfakes and AI-generated imagery already have made headlines in election cycles around the world. In the 2024 U.S. primary season, a digitally-altered audio robocall mimicked President Biden’s voice urging Democrats not to vote in the New Hampshire primary. The caller (“Susan Anderson”) was later fined $6 million by the FCC and indicted under existing telemarketing laws¹⁰¹¹. (Importantly, FCC rules on robocalls applied regardless of AI: the perpetrator could have used a voice actor or recording instead.) Also in 2024, former President Trump posted on social media a collage implying that pop singer Taylor Swift endorsed his campaign, using AI-generated images of Swift in “Swifties for Trump” shirts¹². The posts sparked media uproar, though analysts noted the same effect could have been achieved without AI (e.g., by photoshopping text on real images)¹². Similarly, Elon Musk’s X platform carried AI-generated clips, including a parody “Ad” depicting Vice-President Harris’s voice via an AI clone¹³. Beyond the U.S., deepfake-like content has appeared globally. In Indonesia’s 2024 presidential election, a video surfaced on social media in which a convincingly generated image of the late President Suharto appeared to endorse the candidate of the Golkar Party. Days later, the endorsed candidate (who is Suharto’s son-in-law) won the presidency¹⁴. In Bangladesh, a viral deepfake video superimposed the face of opposition leader Rumeen Farhana onto a bikini-clad body – an incendiary fabrication designed to discredit her in the conservative Muslim-majority society¹⁵. Moldova’s pro-Western President Maia Sandu has been repeatedly targeted by AI-driven disinformation; one deepfake video falsely showed her resigning and endorsing a Russian-friendly party, apparently to sow distrust in the electoral process¹⁶. Even in Taiwan (amidst tensions with China), a TikTok clip circulated that synthetically portrayed a U.S. politician making foreign-policy statements – stoking confusion ahead of Taiwanese elections¹⁷. In Slovakia’s recent campaign, AI-generated audio mimicking the liberal party leader suggested he plotted vote-rigging and beer-price hikes – instantly spreading on social media just days before the election¹⁸. These examples show that deepfakes have touched diverse polities (from Bangladesh and Indonesia to Moldova, Slovakia, India and beyond), often aiming to undermine candidates or confuse voters¹⁵¹⁸. Notably, many of the most viral “deepfakes” in 2024 were actually circulated as obvious memes or claims, rather than subtle deceptions. Experts observed that outright undetectable AI deepfakes were relatively rare; more common were AI-generated memes plainly shared by partisans, or cheaply doctored “cheapfakes” made with basic editing tools¹³¹⁹. For instance, social media was awash with memes of Kamala Harris in Soviet garb or of Black Americans holding Trump signs¹³, but these were typically used satirically, not meant to be secretly believed. Nonetheless, even unsophisticated fakes can sway opinion: a U.S. study found that false presidential ads (not necessarily AI-made) did change voter attitudes in swing states. In sum, deepfakes are a real and growing phenomenon in election campaigns²⁰²¹ worldwide – a trend taken seriously by voters and regulators alike. U.S. Legal Framework and Accountability In the U.S., deepfake creators and distributors of election misinformation face a patchwork of tools, but no single comprehensive federal “deepfake law.” Existing laws relevant to disinformation include statutes against impersonating government officials, electioneering (such as the Bipartisan Campaign Reform Act, which requires disclaimers on political ads), and targeted statutes like criminal electioneering communications. In some cases ordinary laws have been stretched: the NH robocall used the Telephone Consumer Protection Act and mail/telemarketing fraud provisions, resulting in the $6M fine and a criminal charge. Similarly, voice impostors can potentially violate laws against “false advertising” or “unlawful corporate communications.” However, these laws were enacted before AI, and litigators have warned they often do not fit neatly. For example, deceptive deepfake claims not tied to a specific victim do not easily fit into defamation or privacy torts. Voter intimidation laws (prohibiting threats or coercion) also leave a gap for non-threatening falsehoods about voting logistics or endorsements. Recognizing these gaps, some courts and agencies are invoking other theories. The U.S. Department of Justice has recently charged individuals under broad fraud statutes (e.g. for a plot to impersonate an aide to swing votes in 2020), and state attorneys general have considered deepfake misinformation as interference with voting rights. Notably, the Federal Election Commission (FEC) is preparing to enforce new rules: in April 2024 it issued an advisory opinion limiting “non-candidate electioneering communications” that use falsified media, effectively requiring that political ads use only real images of the candidate. If finalized, that would make it unlawful for campaigns to pay for ads depicting a candidate saying things they never did. Similarly, the Federal Trade Commission (FTC) and Department of Justice (DOJ) have signaled that purely commercial deepfakes could violate consumer protection or election laws (for example, liability for mass false impersonation or for foreign-funded electioneering). U.S. Legislation and Proposals Federal lawmakers have proposed new statutes. The DEEPFAKES Accountability Act (H.R.5586 in the 118th Congress) would, among other things, impose a disclosure requirement: political ads featuring a manipulated media likeness would need clear disclaimers identifying the content as synthetic. It also increases penalties for producing false election videos or audio intended to influence the vote. While not yet enacted, supporters argue it would provide a uniform rule for all federal and state campaigns. The Brennan Center supports transparency requirements over outright bans, suggesting laws should narrowly target deceptive deepfakes in paid ads or certain categories (e.g. false claims about time/place/manner of voting) while carving out parody and news coverage. At the state level, over 20 states have passed deepfake laws specifically for elections. For example, Florida and California forbid distributing falsified audio/visual media of candidates with intent to deceive voters (though Florida’s law exempts parody). Some states (like Texas) define “deepfake” in statutes and allow candidates to sue or revoke candidacies of violators. These measures have had mixed success: courts have struck down overly broad provisions that acted as prior restraints (e.g. Minnesota’s 2023 law was challenged for threatening injunctions against anyone “reasonably believed” to violate it). Critically, these state laws raise First Amendment issues: political speech is highly protected, so any restriction must be tightly tailored. Already, Texas and Virginia statutes are under legal review, and Elon Musk’s company has sued under California’s law (which requires platforms to label or block deepfakes) as unconstitutional. In practice, most lawsuits have so far centered on defamation or intellectual property (for instance, a celebrity suing over a botched celebrity-deepfake video), rather than election-focused statutes. Policy Recommendations: Balancing Integrity and Speech Given the rapidly evolving technology, experts recommend a multi-pronged approach. Most stress transparency and disclosure as core principles. For example, the Brennan Center urges requiring any political communication that uses AI-synthesized images or voice to include a clear label. This could be a digital watermark or a visible disclaimer. Transparency has two advantages: it forces campaigns and platforms to “own” the use of AI, and it alerts audiences to treat the content with skepticism. Outright bans on all deepfakes would likely violate free speech, but targeted bans on specific harms (e.g. automated phone calls impersonating voters, or videos claiming false polling information) may be defensible. Indeed, Florida already penalizes misuse of recordings in voter suppression. Another recommendation is limited liability: tying penalties to demonstrable intent to mislead, not to the mere act of content creation. Both U.S. federal proposals and EU law generally condition fines on the “appearance of fraud” or deception. Technical solutions can complement laws. Watermarking original media (as encouraged by the EU AI Act) could deter the reuse of authentic images in doctored fakes. Open tools for deepfake detection – some supported by government research grants – should be deployed by fact-checkers and social platforms. Making detection datasets publicly available (e.g. the MIT OpenDATATEST) helps improve AI models to spot fakes. International cooperation is also urged: cross-border agreements on information-sharing could help trace and halt disinformation campaigns. The G7 and APEC have all recently committed to fighting election interference via AI, which may lead to joint norms or rapid response teams. Ultimately, many analysts believe the strongest “cure” is a well-informed public: education campaigns to teach voters to question sensational media, and a robust independent press to debunk falsehoods swiftly. While the law can penalize the worst offenders, awareness and resilience in the electorate are crucial buffers against influence operations. As Georgia Tech’s Sean Parker quipped in 2019, “the real question is not if deepfakes will influence elections, but who will be empowered by the first effective one.” Thus policies should aim to deter malicious use without unduly chilling innovation or satire. References: https://www.security.org/resources/deepfake-statistics/. https://www.wired.com/story/synthesia-ai-deepfakes-it-control-riparbelli/. https://www.gao.gov/products/gao-24-107292. https://technologyquotient.freshfields.com/post/102jb19/eu-ai-act-unpacked-8-new-rules-on-deepfakes. https://knightcolumbia.org/blog/we-looked-at-78-election-deepfakes-political-misinformation-is-not-an-ai-problem. https://www.npr.org/2024/12/21/nx-s1-5220301/deepfakes-memes-artificial-intelligence-elections. https://apnews.com/article/artificial-intelligence-elections-disinformation-chatgpt-bc283e7426402f0b4baa7df280a4c3fd. https://www.lawfaremedia.org/article/new-and-old-tools-to-tackle-deepfakes-and-election-lies-in-2024. https://www.brennancenter.org/our-work/research-reports/regulating-ai-deepfakes-and-synthetic-media-political-arena. https://firstamendment.mtsu.edu/article/political-deepfakes-and-elections/. https://www.ncsl.org/technology-and-communication/deceptive-audio-or-visual-media-deepfakes-2024-legislation. https://law.unh.edu/sites/default/files/media/2022/06/nagumotu_pp113-157.pdf. https://dfrlab.org/2024/10/02/brazil-election-ai-research/. https://dfrlab.org/2024/11/26/brazil-election-ai-deepfakes/. https://freedomhouse.org/article/eu-digital-services-act-win-transparency. The post The Legal Accountability of AI-Generated Deepfakes in Election Misinformation appeared first on MarkTechPost.

New York City’s Brooklyn-Queens Expressway is falling apart. Built between 1946 and 1964, the urban highway runs 12.1 miles through the heart of the two boroughs to connect on either end with the interstate highway system—a relic of midcentury car-oriented infrastructure, and a prime example of the dwindling lifespan of roads built during that time.  The degradation is most visible—and most pressing—in a section running alongside Brooklyn Heights known as the triple cantilever. This 0.4-mile section, completed in 1954, is unique among U.S. highways in that it juts out from the side of a hill and stacks the two directions of traffic on balcony-like decks, one slightly overhanging the other. A third level holds a well-loved park, the Brooklyn Heights Promenade.  This unusual layer cake of a freeway was a marvel of engineering in its day, though not without controversy. Masterminded by Robert Moses, the city’s all-powerful, often ruthless city planner for more than four decades, the roadway bisects working-class and immigrant neighborhoods that grapple with the health and environmental fallout to this day. Like the reputation of the man who built it, the triple cantilever has aged poorly. Its narrow width, (33.5 feet for the roadway in either direction) has made all but the most basic maintenance incredibly difficult, and its 71-year-old structure is constantly battered by the ever heavier automobiles and trucks. Designed to accommodate around 47,000 vehicles per day, it now carries more than three times that amount. Deteriorating deck joints and failing steel-reinforced concrete have led many to worry the triple cantilever is on the verge of collapse. An expert panel warned in 2020 that the triple cantilever could be unusable by 2026, and only then did interim repairs get made to keep it standing. [Photo: Alex Potemkin/Getty Images] The mounting concern comes amid a 50-year decline in direct government spending on infrastructure in the U.S., according to a recent analysis by Citigroup. Simply maintaining existing infrastructure is a challenge, the report notes. Meanwhile, the American Society of Civil Engineers’ grade for the country’s infrastructure has improved, from a D+ in 2017 to a C in 2025. Now even private credit firms are circling: As reported in Bloomberg, Apollo Global Management estimates that a boom in infrastructure deals help could grow the private debt market up to a staggering $40 trillion.   Independent urban designer Marc Wouters has an idea on how to fix BQE’s cantilever. He’s been working on it for years. “My process is that I always interview people in the community before I do any drawings,” he says. “So I really have listened to pretty much everybody over the past few years.” Unsolicited and developed in his own spare time, Wouters has designed an alternative for the triple cantilever that he named the BQE Streamline Plan. BQE Streamline Plan [Image: courtesy Marc Wouters | Studios/©2025] His concept, based on decades of experience in urban planning, infrastructure, and resilience projects in communities across the country, is relatively simple: extend the width of the two traffic-bearing cantilevers and add support beams to their outside edge, move both directions of traffic onto four lanes on the first level, and turn the second level into a large freeway cap park. Instead of major rebuilding efforts, Wouters’s proposal is more of a reinforcement and expansion, with a High Line-style park plopped on top. Though he’s not an engineer, Wouters is confident that his design would shift enough strain off the existing structure to allow it to continue functioning for the foreseeable future. (What actual engineers think remains to be seen.) “What I’ve done is come up with a plan that happens to be much less invasive, faster to build, a lot cheaper, and it encompasses a lot of what the community wants,” he says. “Yet it still handles the same capacity as the highway does right now.” So what will it take for this outsider’s idea to be considered a viable design alternative? This idea had been brewing in his mind for years. Wouters, who lives near the triple cantilever section of the BQE in Brooklyn Heights, has followed the highway’s planning process for more than a decade.  As complex infrastructure projects go, this one is particularly convoluted. The BQE is overseen by both the state of New York and New York City, among others, with the city in charge of the 1.5-mile section that includes the triple cantilever. This dual ownership has complicated the management of the highway and its funding. The city and the state have launched several efforts over the years to reimagine the highway’s entire length. In winter 2018, the city’s Department of Transportation (NYC DOT) released two proposals to address the ailing cantilever. Not seeing what they wanted from either one, Brooklyn Heights Association, a nonprofit neighborhood group, retained Wouters and his studio to develop an alternative design. He suggested building a temporary parallel bypass that would allow a full closure and repair of the triple cantilever. That proposal, along with competing ideas developed under the previous mayoral administration, went by the wayside in 2022, when the latest BQE redesign process commenced. Wouters found himself following yet another community feedback and planning process for the triple cantilever. The ideas being proposed by the city’s DOT this time around included a plan that would chew into the hillside that currently supports the triple cantilever to move the first tier of traffic directly underneath the second, and add a large girding structure on its open end to hold it all up. Other options included reshaping the retaining wall that currently holds up the triple cantilever, moving traffic below grade into a wide tunnel, or tearing the whole thing down and rebuilding from scratch. Each would be time-consuming and disruptive, and many of them cut into another well-loved public space immediately adjacent to the triple cantilever, Brooklyn Bridge Park. None of these options has anything close to unanimous support. And any of them will cost more than $1 billion—a price tag that hits much harder after the Federal Highway Administration rejected an $800 million grant proposal for fixing the BQE back in early 2024. BQE Streamline Plan [Image: courtesy Marc Wouters | Studios/©2025] Wouters is no highway zealot. In fact, he’s worked on a project heading into construction in Syracuse that will replace an underutilized inner-city highway with a more appropriately sized boulevard and developable land. But he felt sure there was a better way forward—a concept that would work as well in practice as on paper. “I just kept going to meetings and waiting to see what I thought was a progressive solution,” Wouters says. Unimpressed and frustrated, he set out to design it himself. Wouters released the Streamline Plan in March. The concept quickly gathered interest, receiving a flurry of local news coverage. He has since met with various elected officials to discuss it. But as elegant as Wouters’s concept may be, some stakeholders remain unconvinced that the city should be going all in on a reinterpretation of the triple cantilever. What might be more appropriate, critics say, is to make necessary fixes now to keep the triple cantilever safe and functional, and to spend more time thinking about whether this section of highway is even what the city needs in the long term. A group of local organizations is calling for a more comprehensive reconsideration of the BQE under the premise that its harms may be outnumbering its benefits. Launched last spring, the Brooklyn-Queens Expressway Environmental Justice Coalition wants any planning for the future of the BQE to include efforts to address its health and environmental impacts on neighboring communities and to seek an alternative that reconnects communities that have been divided by the corridor. One member of this coalition is the Riders Alliance, a nonprofit focused on improving public transit in New York. Danny Pearlstein, the group’s policy and communications director, says implementing a major redesign of the triple cantilever would just reinforce car dependency in a place that’s actually well served by public transit. The environmental justice coalition’s worry is that rebuilding this one section in a long-term fashion could make it harder for change across the length of the entire BQE and could increase the environmental impact the highway has on the communities that surround it. “This is not just one neighborhood. This is communities up and down the corridor that don’t resemble each other very much in income or background who are united and are standing together for something that’s transformative, rather than doubling down on the old ways,” Pearlstein says. [Photo: ©NYC DOT] Lara Birnback is executive director of the Brooklyn Heights Association, representing a neighborhood of roughly 20,000 people. Her organization, which worked directly with Wouters in the past, is circumspect about his latest concept. “It’s certainly more interesting and responsive to the kinds of things that the community has been asking for when thinking about the BQE. It’s more of those things than we’ve seen from any of the designs that New York City DOT has presented to us through their engagement process,” she says. “But at the end of the day, it’s still a way of preserving more or less the status quo of the BQE as a major interstate highway running through the borough.” She argues it makes more sense to patch up the triple cantilever and use the extra years of service that buys to do a more radical rethinking of the BQE’s future. (For example, one 2020 proposal by the Brooklyn-based architecture studio Light and Air proposed a simple intervention of installing buttresses on the open-air side of the triple cantilever, propping it up with a relatively small addition of material.) “We really strongly encourage the city to move forward immediately with a more short-term stabilization plan for the cantilever, with repairs that would last, for example, 20 to 25 years rather than spending billions and billions of dollars rebuilding it for the next 100 years,” Birnback says. Birnback says a major rebuilding plan like the one Wouters is proposing—for all its community benefits—could end up doing more harm to the city. “I think going forward now with a plan that both embeds the status quo and most likely forecloses on the possibility of real transformation across the corridor is a mistake,” she says. NYC DOT expects to begin its formal environmental review process this year, laying the necessary groundwork for deciding on a plan for what to do with the triple cantilever, either for the short term or the long term. The environmental process will evaluate all concepts equally, according to DOT spokesperson Vincent Barone, who notes that the department is required to review and respond to all feedback that comes in through that process. There is technically nothing holding back Wouters’s proposal from being one of the alternatives considered. And he may have some important political support to help make that happen. Earlier this month, Brooklyn’s Community District 2 board formally supported the plan. They are calling for the city’s transportation department to include it in the BQE’s formal environmental review process when it starts later this year. [Photo: Sinisa Kukic/Getty Images] Wouters argues that his proposal solves the pressing structural problems of the triple cantilever while also opening resources to deal with the highway’s big picture challenges. “The several hundred million dollars of savings is now funding that could go to other parts of the BQE. And there are other parts that are really struggling,” he says. “I’m always thinking about the whole length and about all these other communities, not just this one.” With a new presidential administration and a mayoral primary election in June, what happens with the triple cantilever is very much up in the air. But if the environmental review process begins as planned this year, it only makes sense for every option to fall under consideration. What gets built—or torn down, or reconstructed, or reinterpreted—could reshape part of New York City for generations.

Lian Li Lancool 4 Has Fans in Glass, 217 Infinity, DAN B4, and $45 Case, ft. CEOMay 29, 2025Last Updated: 2025-05-29During Computex 2025, Lian Li showed off several new cases that include the Lancool 4, Lancool 217 Infinity, Lian Li O11 Mini V2, and moreThe HighlightsLian Li's Lancool 4 case has gigantic holes cut into the glass for intake fans, coupling airflow with glassThe company’s Shifting Block PSU has a rotating plug that is geared for back-connect motherboardsThe company’s Vector 100 cases are very cheap, starting at $45 without fansTable of ContentsAutoTOC Buy a GN 4-Pack of PC-themed 3D Coasters! These high-quality, durable, flexible coasters ship in a pack of 4, each with a fully custom design made by GN's team. You'll get a motherboard-themed coaster with debug display & reset buttons, a SATA SSD with to-scale connectors, RAM sticks, and a GN logo. These fund our web work! Buy here.IntroWe visited Lian Li during Computex, where the company showed off several of its upcoming products. We think the most interesting one is the Lancool 4, which has fans built into its glass front panel. It’s supposed to be a $130 case that will come with 6 fans.Editor's note: This was originally published on May 19, 2025 as a video. This content has been adapted to written format for this article and is unchanged from the original publication.CreditsHostSteve BurkeCamera, Video EditingMike GaglioneVitalii MakhnovetsWriting, Web EditingJimmy ThangLancool 4The big thing about the Lancool 4 is that it embeds its fans into the front glass panel. This kind of takes us back to about 20 years ago, but instead of glass, the fans were integrated into acrylic and people would take a hole saw and would mount their own fans into it. One of the challenges with this design pertains to potentially reducing the yields with glass breaking being a concern. This wasn’t something that case companies did before, but Lian Li CEO Jameson Chen tells us the glass manufacturing process has improved dramatically lately. The CEO says that the failure rate used to be abysmal but has gotten down to about 5% to accommodate for the curve of the glass. Drilling holes into the glass brings the failure rate down at least another 5%. To mitigate failure rates, Lian Li found that there needs to be at least a 3cm gap between the holes. Chen revealed that the glass is 4mm thick, which is to bolster its quality.  In between the fans are plastic pieces which are used to hide the cables. The fans also use Pogo pins, which are integrated into the bottom of the front panel. When we asked Chen what happens if one of the fans dies, the CEO stated that Lian Li would provide a 5-year warranty. He elaborated that the fans are a new design and that they are 10% fiberglass PBT. Chen also revealed that the fans use fluid dynamic bearings (FDB). Considering Lian Li is still prototyping the case, the company is still thinking about whether to put RGB LEDs on the fan blades or to put the RGB LEDs around the fan’s frames. The Lancool 4 has an aluminum top and the rest of the chassis is made of steel, which is 1mm thick.The back glass panel releases via a button. Chen says this was done so that people could open up the glass panel without opening up the bottom side panel. Looking at the design of the rest of the case, it has a lot of similar panels as seen in the Lancool series. It’s got 4 doors and the 2 on the bottom sides are ventilated mesh and there are fan-mount options on the side. While we were there, Chen told us that Lian Li is considering shortening the case from the front to the back a little bit. This would bring the fans in closer to the components. This will benefit an air cooler and GPU. In our experience, performance in shorter cases, in a like-for-like scenario, is better. Chen also thinks the aesthetics of the case would improve as well with a tighter design. The downside is that the case would no longer support 420mm radiators and would support 360mm radiators max. The back panel of the Lancool 4 uses glass, which would normally expose the cable management but the case will come with a cable cover. There would be 2 screws to remove it. A downside here is that there’s less cable-management space to work with.The Lancool 4’s PSU mount is towards the back and bottom of the case. The bottom front has a cut out, which provides some space to route cables. Shifting Block PSU Visit our Patreon page to contribute a few dollars toward this website's operation (or consider a direct donation or buying something from our GN Store!) Additionally, when you purchase through links to retailers on our site, we may earn a small affiliate commission.The company also showed off a new interesting power supply, which has a rotating plug. This creates a shifting layout for the cable connections and allows users to re-orient the PSU. Chen tells us it's designed for top and bottom chamber cases and it’s also geared for back-connect motherboards.  Looking at the PSU, it has its 24-pin connectors off on one side. It also has an optional fan and USB 2.0 hub.Lian Li O11 Mini V2Moving on to the Lian Li O11 Mini V2, it has mesh on one of the side panels that’s popped-out about 3mm, which is to accommodate for ATX PSUs that protrude past the frame of the case. The company designed it this way because it had a very specific width it wanted to tackle to avoid the case looking too chunky. Currently, the volume of the case is 45 liters, which includes the feet, but does not include the protruding mesh side panel. The case we saw used bottom intake fans, which are slanted at 25 degrees and the only place for air access is underneath the back panel side. This is coupled with a tiny dust filter on the bottom, which slides out through the back. In terms of other fan mounts, the case has 2 on the side, 1 on the back, and 3 fans can fit in the top. The Lian Li O11 Mini V2 is targeting $89 without fans and $99 with five 120mm fans (2 on the side and 3 on the bottom). Dan Case B4Moving on to Lian Li’s Dan Case B4, we’ve reviewed Dan cases before. The unit we saw at Computex isn’t done yet. We’re told it’s about 60% completed. The case can rotate and has feet and an extension that allows the case to support up to a 360mm radiator. The downside is that about 30% of one of the radiator’s fans would be obstructed by a metal wall. It’s possible that they may perforate this wall to help with cooling. Lian Li is planning to put some mesh or covering on the front panel of the case. The unit we saw was fully exposed and open. What’s interesting about this layout is that the GPU fans are right up against the case’s front intake fans, which is going to be about as cool as you can get for the video card. Most GPUs these days have vertically-oriented fins where the air is going to come out the sides. In this case, air should come out through the punctured side panel but may re-circulate into the back radiator, especially if its fans are intake. If the fans are oriented to be exhaust, that might work better in this case. Lian Li is planning to provide 2x120mm fans along with the case. The case can also be rotated to look like the image above. 217 Infinity CaseLian Li also showed off its 217 Infinity case, which is the 217 case with an updated front and leans on some of the changes that the Lancool 4 has made to get its fans into its front glass panel. The tooling is mostly the same. The things in the back of the case are all basically identical. The changes pertain to the front panel, which have some giant holes in them to accommodate 170mm fans that are 30mm deep. The glass panel has the infinity mirror styling. The only other major change pertains to the IO. Some people complained that the original 217 had its IO on the bottom side, so now the company has moved it to the top with an option to have it on the bottom side. The case comes with 2x170mm front fans and a rear fan. The black version of the case is targeting $120 with a white version targeting $125. Lian Li Vector SeriesAnother Lian Li case we looked at had some “functional gimmicks.” On the back side, it has a cut-out area that looks like a handle, but definitely isn’t. Instead, there’s a very fine mesh filter that’s an area that’s meant to help with intake. This should also help with GPU cooling. The case is targeted at the system integrator market, but will still be sold at retail. Lian Li is targeting $110 for it without any fans, but includes an 8.8-inch IPS screen that carries a 1720x4080 resolution. Pricing may change in the US based on tariffs. Vector 100 and Vector 100 MiniThe main reason we’re bringing these 2 cases up is price. The Vector 100 is targeting $60 (without fans) and the Vector 100 Mini, which is geared for MicroATX, is targeting $45 (without fans). Lian Li Wireless FansLian Li also showed off its new wireless fans, which comes with a battery pack. There’s currently no price on it, but it’s designed to allow its users to “flex,” as Chen put it. It comes with a built-in receiver. The fans and RGB LEDs use up to 12 volts. In terms of battery life, the CEO says that 3 fans with their LEDs on will last for about 20 minutes. Hydroshift 2 Liquid Cooler Grab a GN15 Large Anti-Static Modmat to celebrate our 15th Anniversary and for a high-quality PC building work surface. The Modmat features useful PC building diagrams and is anti-static conductive. Purchases directly fund our work! (or consider a direct donation or a Patreon contribution!)The Hydroshift 2 Liquid Cooler has a click actuation ring around the cooler, which can be used as a software-less switch for the display and all of that is pre-written to the device. This means that toggling it doesn’t require software, though you could use software. Compared to Lian Li’s previous Hydroshift 1, the radiator size has been reduced to offer more compatibility but Lian Li says it’s tried to improve flow within the cooler. The company also pushed the micro fins closer to the heat source.

The web is beginning to part ways with third-party cookies, a technology it once heavily relied on. Introduced in 1994 by Netscape to support features like virtual shopping carts, cookies have long been a staple of web functionality. However, concerns over privacy and security have led to a concerted effort to eliminate them. The World Wide Web Consortium Technical Architecture Group (W3C TAG) has been vocal in advocating for the complete removal of third-party cookies from the web platform. Major browsers (Chrome, Safari, Firefox, and Edge) are responding by phasing them out, though the transition is gradual. While this shift enhances user privacy, it also disrupts legitimate functionalities that rely on third-party cookies, such as single sign-on (SSO), fraud prevention, and embedded services. And because there is still no universal ban in place and many essential web features continue to depend on these cookies, developers must detect when third-party cookies are blocked so that applications can respond gracefully. Don’t Let Silent Failures Win: Why Cookie Detection Still Matters Yes, the ideal solution is to move away from third-party cookies altogether and redesign our integrations using privacy-first, purpose-built alternatives as soon as possible. But in reality, that migration can take months or even years, especially for legacy systems or third-party vendors. Meanwhile, users are already browsing with third-party cookies disabled and often have no idea that anything is missing. Imagine a travel booking platform that embeds an iframe from a third-party partner to display live train or flight schedules. This embedded service uses a cookie on its own domain to authenticate the user and personalize content, like showing saved trips or loyalty rewards. But when the browser blocks third-party cookies, the iframe cannot access that data. Instead of a seamless experience, the user sees an error, a blank screen, or a login prompt that doesn’t work. And while your team is still planning a long-term integration overhaul, this is already happening to real users. They don’t see a cookie policy; they just see a broken booking flow. Detecting third-party cookie blocking isn’t just good technical hygiene but a frontline defense for user experience. Why It’s Hard To Tell If Third-Party Cookies Are Blocked Detecting whether third-party cookies are supported isn’t as simple as calling navigator.cookieEnabled. Even a well-intentioned check like this one may look safe, but it still won’t tell you what you actually need to know: // DOES NOT detect third-party cookie blocking function areCookiesEnabled() { if (navigator.cookieEnabled === false) { return false; } try { document.cookie = "test_cookie=1; SameSite=None; Secure"; const hasCookie = document.cookie.includes("test_cookie=1"); document.cookie = "test_cookie=; Max-Age=0; SameSite=None; Secure"; return hasCookie; } catch (e) { return false; } } This function only confirms that cookies work in the current (first-party) context. It says nothing about third-party scenarios, like an iframe on another domain. Worse, it’s misleading: in some browsers, navigator.cookieEnabled may still return true inside a third-party iframe even when cookies are blocked. Others might behave differently, leading to inconsistent and unreliable detection. These cross-browser inconsistencies — combined with the limitations of document.cookie — make it clear that there is no shortcut for detection. To truly detect third-party cookie blocking, we need to understand how different browsers actually behave in embedded third-party contexts. How Modern Browsers Handle Third-Party Cookies The behavior of modern browsers directly affects which detection methods will work and which ones silently fail. Safari: Full Third-Party Cookie Blocking Since version 13.1, Safari blocks all third-party cookies by default, with no exceptions, even if the user previously interacted with the embedded domain. This policy is part of Intelligent Tracking Prevention (ITP). For embedded content (such as an SSO iframe) that requires cookie access, Safari exposes the Storage Access API, which requires a user gesture to grant storage permission. As a result, a test for third-party cookie support will nearly always fail in Safari unless the iframe explicitly requests access via this API. Firefox: Cookie Partitioning By Design Firefox’s Total Cookie Protection isolates cookies on a per-site basis. Third-party cookies can still be set and read, but they are partitioned by the top-level site, meaning a cookie set by the same third-party on siteA.com and siteB.com is stored separately and cannot be shared. As of Firefox 102, this behavior is enabled by default in the Standard (default) mode of Enhanced Tracking Protection. Unlike the Strict mode — which blocks third-party cookies entirely, similar to Safari — the Standard mode does not block them outright. Instead, it neutralizes their tracking capability by isolating them per site. As a result, even if a test shows that a third-party cookie was successfully set, it may be useless for cross-site logins or shared sessions due to this partitioning. Detection logic needs to account for that. Chrome: From Deprecation Plans To Privacy Sandbox (And Industry Pushback) Chromium-based browsers still allow third-party cookies by default — but the story is changing. Starting with Chrome 80, third-party cookies must be explicitly marked with SameSite=None; Secure, or they will be rejected. In January 2020, Google announced their intention to phase out third-party cookies by 2022. However, the timeline was updated multiple times, first in June 2021 when the company pushed the rollout to begin in mid-2023 and conclude by the end of that year. Additional postponements followed in July 2022, December 2023, and April 2024. In July 2024, Google has clarified that there is no plan to unilaterally deprecate third-party cookies or force users into a new model without consent. Instead, Chrome is shifting to a user-choice interface that will allow individuals to decide whether to block or allow third-party cookies globally. This change was influenced in part by substantial pushback from the advertising industry, as well as ongoing regulatory oversight, including scrutiny by the UK Competition and Markets Authority (CMA) into Google’s Privacy Sandbox initiative. The CMA confirmed in a 2025 update that there is no intention to force a deprecation or trigger automatic prompts for cookie blocking. As for now, third-party cookies remain enabled by default in Chrome. The new user-facing controls and the broader Privacy Sandbox ecosystem are still in various stages of experimentation and limited rollout. Edge (Chromium-Based): Tracker-Focused Blocking With User Configurability Edge (which is a Chromium-based browser) shares Chrome’s handling of third-party cookies, including the SameSite=None; Secure requirement. Additionally, Edge introduces Tracking Prevention modes: Basic, Balanced (default), and Strict. In Balanced mode, it blocks known third-party trackers using Microsoft’s maintained list but allows many third-party cookies that are not classified as trackers. Strict mode blocks more resource loads than Balanced, which may result in some websites not behaving as expected. Other Browsers: What About Them? Privacy-focused browsers, like Brave, block third-party cookies by default as part of their strong anti-tracking stance. Internet Explorer (IE) 11 allowed third-party cookies depending on user privacy settings and the presence of Platform for Privacy Preferences (P3P) headers. However, IE usage is now negligible. Notably, the default “Medium” privacy setting in IE could block third-party cookies unless a valid P3P policy was present. Older versions of Safari had partial third-party cookie restrictions (such as “Allow from websites I visit”), but, as mentioned before, this was replaced with full blocking via ITP. As of 2025, all major browsers either block or isolate third-party cookies by default, with the exception of Chrome, which still allows them in standard browsing mode pending the rollout of its new user-choice model. To account for these variations, your detection strategy must be grounded in real-world testing — specifically by reproducing a genuine third-party context such as loading your script within an iframe on a cross-origin domain — rather than relying on browser names or versions. Overview Of Detection Techniques Over the years, many techniques have been used to detect third-party cookie blocking. Most are unreliable or obsolete. Here’s a quick walkthrough of what doesn’t work (and why) and what does. Basic JavaScript API Checks (Misleading) As mentioned earlier, the navigator.cookieEnabled or setting document.cookie on the main page doesn’t reflect cross-site cookie status: In third-party iframes, navigator.cookieEnabled often returns true even when cookies are blocked. Setting document.cookie in the parent doesn’t test the third-party context. These checks are first-party only. Avoid using them for detection. Storage Hacks Via localStorage (Obsolete) Previously, some developers inferred cookie support by checking if window.localStorage worked inside a third-party iframe — which is especially useful against older Safari versions that blocked all third-party storage. Modern browsers often allow localStorage even when cookies are blocked. This leads to false positives and is no longer reliable. Server-Assisted Cookie Probe (Heavyweight) One classic method involves setting a cookie from a third-party domain via HTTP and then checking if it comes back: Load a script/image from a third-party server that sets a cookie. Immediately load another resource, and the server checks whether the cookie was sent. This works, but it: Requires custom server-side logic, Depends on HTTP caching, response headers, and cookie attributes (SameSite=None; Secure), and Adds development and infrastructure complexity. While this is technically valid, it is not suitable for a front-end-only approach, which is our focus here. Storage Access API (Supplemental Signal) The document.hasStorageAccess() method allows embedded third-party content to check if it has access to unpartitioned cookies: ChromeSupports hasStorageAccess() and requestStorageAccess() starting from version 119. Additionally, hasUnpartitionedCookieAccess() is available as an alias for hasStorageAccess() from version 125 onwards. FirefoxSupports both hasStorageAccess() and requestStorageAccess() methods. SafariSupports the Storage Access API. However, access must always be triggered by a user interaction. For example, even calling requestStorageAccess() without a direct user gesture (like a click) is ignored. Chrome and Firefox also support the API, and in those browsers, it may work automatically or based on browser heuristics or site engagement. This API is particularly useful for detecting scenarios where cookies are present but partitioned (e.g., Firefox’s Total Cookie Protection), as it helps determine if the iframe has unrestricted cookie access. But for now, it’s still best used as a supplemental signal, rather than a standalone check. iFrame + postMessage (Best Practice) Despite the existence of the Storage Access API, at the time of writing, this remains the most reliable and browser-compatible method: Embed a hidden iframe from a third-party domain. Inside the iframe, attempt to set a test cookie. Use window.postMessage to report success or failure to the parent. This approach works across all major browsers (when properly configured), requires no server (kind of, more on that next), and simulates a real-world third-party scenario. We’ll implement this step-by-step next. Bonus: Sec-Fetch-Storage-Access Chrome (starting in version 133) is introducing Sec-Fetch-Storage-Access, an HTTP request header sent with cross-site requests to indicate whether the iframe has access to unpartitioned cookies. This header is only visible to servers and cannot be accessed via JavaScript. It’s useful for back-end analytics but not applicable for client-side cookie detection. As of May 2025, this feature is only implemented in Chrome and is not supported by other browsers. However, it’s still good to know that it’s part of the evolving ecosystem. Step-by-Step: Detecting Third-Party Cookies Via iFrame So, what did I mean when I said that the last method we looked at “requires no server”? While this method doesn’t require any back-end logic (like server-set cookies or response inspection), it does require access to a separate domain — or at least a cross-site subdomain — to simulate a third-party environment. This means the following: You must serve the test page from a different domain or public subdomain, e.g., example.com and cookietest.example.com, The domain needs HTTPS (for SameSite=None; Secure cookies to work), and You’ll need to host a simple static file (the test page), even if no server code is involved. Once that’s set up, the rest of the logic is fully client-side. Step 1: Create A Cookie Test Page (On A Third-Party Domain) Minimal version (e.g., https://cookietest.example.com/cookie-check.html): <!DOCTYPE html> <html> <body> <script> document.cookie = "thirdparty_test=1; SameSite=None; Secure; Path=/;"; const cookieFound = document.cookie.includes("thirdparty_test=1"); const sendResult = (status) => window.parent?.postMessage(status, "*"); if (cookieFound && document.hasStorageAccess instanceof Function) { document.hasStorageAccess().then((hasAccess) => { sendResult(hasAccess ? "TP_COOKIE_SUPPORTED" : "TP_COOKIE_BLOCKED"); }).catch(() => sendResult("TP_COOKIE_BLOCKED")); } else { sendResult(cookieFound ? "TP_COOKIE_SUPPORTED" : "TP_COOKIE_BLOCKED"); } </script> </body> </html> Make sure the page is served over HTTPS, and the cookie uses SameSite=None; Secure. Without these attributes, modern browsers will silently reject it. Step 2: Embed The iFrame And Listen For The Result On your main page: function checkThirdPartyCookies() { return new Promise((resolve) => { const iframe = document.createElement('iframe'); iframe.style.display = 'none'; iframe.src = "https://cookietest.example.com/cookie-check.html"; // your subdomain document.body.appendChild(iframe); let resolved = false; const cleanup = (result, timedOut = false) => { if (resolved) return; resolved = true; window.removeEventListener('message', onMessage); iframe.remove(); resolve({ thirdPartyCookiesEnabled: result, timedOut }); }; const onMessage = (event) => { if (["TP_COOKIE_SUPPORTED", "TP_COOKIE_BLOCKED"].includes(event.data)) { cleanup(event.data === "TP_COOKIE_SUPPORTED", false); } }; window.addEventListener('message', onMessage); setTimeout(() => cleanup(false, true), 1000); }); } Example usage: checkThirdPartyCookies().then(({ thirdPartyCookiesEnabled, timedOut }) => { if (!thirdPartyCookiesEnabled) { someCookiesBlockedCallback(); // Third-party cookies are blocked. if (timedOut) { // No response received (iframe possibly blocked). // Optional fallback UX goes here. someCookiesBlockedTimeoutCallback(); }; } }); Step 3: Enhance Detection With The Storage Access API In Safari, even when third-party cookies are blocked, users can manually grant access through the Storage Access API — but only in response to a user gesture. Here’s how you could implement that in your iframe test page: <button id="enable-cookies">This embedded content requires cookie access. Click below to continue.</button> <script> document.getElementById('enable-cookies')?.addEventListener('click', async () => { if (document.requestStorageAccess && typeof document.requestStorageAccess === 'function') { try { const granted = await document.requestStorageAccess(); if (granted !== false) { window.parent.postMessage("TP_STORAGE_ACCESS_GRANTED", "*"); } else { window.parent.postMessage("TP_STORAGE_ACCESS_DENIED", "*"); } } catch (e) { window.parent.postMessage("TP_STORAGE_ACCESS_FAILED", "*"); } } }); </script> Then, on the parent page, you can listen for this message and retry detection if needed: // Inside the same onMessage listener from before: if (event.data === "TP_STORAGE_ACCESS_GRANTED") { // Optionally: retry the cookie test, or reload iframe logic checkThirdPartyCookies().then(handleResultAgain); } (Bonus) A Purely Client-Side Fallback (Not Perfect, But Sometimes Necessary) In some situations, you might not have access to a second domain or can’t host third-party content under your control. That makes the iframe method unfeasible. When that’s the case, your best option is to combine multiple signals — basic cookie checks, hasStorageAccess(), localStorage fallbacks, and maybe even passive indicators like load failures or timeouts — to infer whether third-party cookies are likely blocked. The important caveat: This will never be 100% accurate. But, in constrained environments, “better something than nothing” may still improve the UX. Here’s a basic example: async function inferCookieSupportFallback() { let hasCookieAPI = navigator.cookieEnabled; let canSetCookie = false; let hasStorageAccess = false; try { document.cookie = "testfallback=1; SameSite=None; Secure; Path=/;"; canSetCookie = document.cookie.includes("test_fallback=1"); document.cookie = "test_fallback=; Max-Age=0; Path=/;"; } catch (_) { canSetCookie = false; } if (typeof document.hasStorageAccess === "function") { try { hasStorageAccess = await document.hasStorageAccess(); } catch (_) {} } return { inferredThirdPartyCookies: hasCookieAPI && canSetCookie && hasStorageAccess, raw: { hasCookieAPI, canSetCookie, hasStorageAccess } }; } Example usage: inferCookieSupportFallback().then(({ inferredThirdPartyCookies }) => { if (inferredThirdPartyCookies) { console.log("Cookies likely supported. Likely, yes."); } else { console.warn("Cookies may be blocked or partitioned."); // You could inform the user or adjust behavior accordingly } }); Use this fallback when: You’re building a JavaScript-only widget embedded on unknown sites, You don’t control a second domain (or the team refuses to add one), or You just need some visibility into user-side behavior (e.g., debugging UX issues). Don’t rely on it for security-critical logic (e.g., auth gating)! But it may help tailor the user experience, surface warnings, or decide whether to attempt a fallback SSO flow. Again, it’s better to have something rather than nothing. Fallback Strategies When Third-Party Cookies Are Blocked Detecting blocked cookies is only half the battle. Once you know they’re unavailable, what can you do? Here are some practical options that might be useful for you: Redirect-Based Flows For auth-related flows, switch from embedded iframes to top-level redirects. Let the user authenticate directly on the identity provider's site, then redirect back. It works in all browsers, but the UX might be less seamless. Request Storage Access Prompt the user using requestStorageAccess() after a clear UI gesture (Safari requires this). Use this to re-enable cookies without leaving the page. Token-Based Communication Pass session info directly from parent to iframe via: postMessage (with required origin); Query params (e.g., signed JWT in iframe URL). This avoids reliance on cookies entirely but requires coordination between both sides: // Parent const iframe = document.getElementById('my-iframe'); iframe.onload = () => { const token = getAccessTokenSomehow(); // JWT or anything else iframe.contentWindow.postMessage( { type: 'AUTH_TOKEN', token }, 'https://iframe.example.com' // Set the correct origin! ); }; // iframe window.addEventListener('message', (event) => { if (event.origin !== 'https://parent.example.com') return; const { type, token } = event.data; if (type === 'AUTH_TOKEN') { validateAndUseToken(token); // process JWT, init session, etc } }); Partitioned Cookies (CHIPS) Chrome (since version 114) and other Chromium-based browsers now support cookies with the Partitioned attribute (known as CHIPS), allowing per-top-site cookie isolation. This is useful for widgets like chat or embedded forms where cross-site identity isn’t needed. Note: Firefox and Safari don’t support the Partitioned cookie attribute. Firefox enforces cookie partitioning by default using a different mechanism (Total Cookie Protection), while Safari blocks third-party cookies entirely. But be careful, as they are treated as “blocked” by basic detection. Refine your logic if needed. Final Thought: Transparency, Transition, And The Path Forward Third-party cookies are disappearing, albeit gradually and unevenly. Until the transition is complete, your job as a developer is to bridge the gap between technical limitations and real-world user experience. That means: Keep an eye on the standards.APIs like FedCM and Privacy Sandbox features (Topics, Attribution Reporting, Fenced Frames) are reshaping how we handle identity and analytics without relying on cross-site cookies. Combine detection with graceful fallback.Whether it’s offering a redirect flow, using requestStorageAccess(), or falling back to token-based messaging — every small UX improvement adds up. Inform your users.Users shouldn't be left wondering why something worked in one browser but silently broke in another. Don’t let them feel like they did something wrong — just help them move forward. A clear, friendly message can prevent this confusion. The good news? You don’t need a perfect solution today, just a resilient one. By detecting issues early and handling them thoughtfully, you protect both your users and your future architecture, one cookie-less browser at a time. And as seen with Chrome’s pivot away from automatic deprecation, the transition is not always linear. Industry feedback, regulatory oversight, and evolving technical realities continue to shape the time and the solutions. And don’t forget: having something is better than nothing.

This article contains full spoilers for every Final Destination movie, INCLUDING Bloodlines. For more than a decade, we thought we’d finally made it. It’s been 14 years since the last Final Destination film, the last time Death started killing off those who escaped its plan in exceedingly gruesome fashion. We thought we were free to go to theaters in safety once more. But as the mortician William Bludworth, played by the late great Tony Todd, has taught us, there’s no escaping Death. The franchise is back with one of its best entries: Final Destination Bloodlines, written and directed by newcomers to the franchise Zach Lipovsky and Adam Stein. Bloodlines has a shinier look and a different approach, focusing on a family instead a group of random teens. But it follows the well-established principles of a Final Destination movie, especially in its incredible kills. In celebration of Bloodlines bringing Final Destination back to screens, we’re ranking all of Death’s achievements across the franchise. Because Final Destination movies are ultimately about good, gory fun, we’re ranking them from the most boring to the most enjoyably incredible. Like Death itself, we do have a few rules here. We aren’t counting any deaths in the premonitions that open each movie, nor the mass casualties that occur in the actual events, which means that you won’t see the infamous pile-up from Final Destination 2 or the incredible tower sequence that opens Bloodlines. Also we’re focusing on Death’s kills, so kills done by human beings don’t count. Even with those restrictions, Final Destination gives us plenty of memorable kills, as Death always makes a show of getting even. 40. Alex Browning’s Off-Screen Demise (Final Destination 2) Is it a mark of respect that the first movie’s protagonist Alex Browning (Devon Sawa) doesn’t die on screen? Or is it the ultimate insult that we learn via newspaper clipping in Final Destination 2 that he was knocked in the head with a brick? Interpretations may vary, but no one can disagree that Alex’s death deserves the bottom spot. Played by comedy great David Koechner, paper plant boss Dennis Lapman of Final Destination 5 has one of the gnarliest premonition deaths. Dangling off a collapsing bridge, Dennis almost pulls himself back up when he’s doused with hot tar, burning alive as he lets go and drops to the water. That incredible end makes his actual expiration all the worse, as he goes out when a loose wrench on a shop floor gets hurled into his head, no real setup involved. 38. Wendy Cristensen, Julie Cristensen, and Kevin Fischer Crash Off-Screen (Final Destination 3) With the exception of the original Final Destination, the protagonists end their films thinking they’ve beaten Death only to realize that the Grim Reaper has one more trick up his sleeve, and the movies end with shocking cuts. The worst of them comes in Final Destination 3, one of the weaker entries overall, in which Wendy Cristensen (Mary Elizabeth Winstead), her sister Julie (Amanda Crew), and pal Kevin Fischer (Ryan Merriman) all perish in a train crash. Technically we see them meet their end in impressive carnage, but that all happens in a premonition, which this list rules out. So we have to go with the death that happens onscreen—well, on soundtrack, as the movie cuts to black with the sound of the crash. 37. Janet Cunningham, Lori Milligan, Nick O’Bannon Death By X-Ray Truck (The Final Destination) Easily the worst of the series, the fourth entry The Final Destination also ends with a sudden attack on the protagonists. In this case, Nick O’Bannon (Bobby Campo), his love interest Lori Milligan (Shantel VanSanten), and her friend Janet Cunningham (Haley Webb) meet in a coffee shop to celebrate life, only for a truck to crash into the building. It’s a lot like the third movie’s ending, but at least this movie gives us neat x-rays to look at and imagine what horrible things happened to our heroes. 36. George Lanter and the Very Quiet Ambulance (The Final Destination) Played by the great Mykelti Williamson, George Lantner is the only character who acts like a human being in The Final Destination. So it’s a bit lame that the movie kills him off with a gag when he steps onto the road and gets flattened by an oncoming ambulance. He mentions “deja vu” right before it happens because his end is a callback to a similar one from the first film, which will be talked about shortly. It’s an unimaginative death and a mean joke at the expense of a likable character, which lands it toward the bottom of the list. Join our mailing list Get the best of Den of Geek delivered right to your inbox! 35. Nadia Monroy Makes Nick’s Dream a Reality (The Final Destination) For the most part, this list is ignoring both the premonitions and the mass casualties that occur after a premonition. The one exception comes with Nadia Monroy (Stephanie Honoré) of The Final Destination, who dies in the immediate aftermath of a premonition. After Nick has a vision of a massive Nascar wreck, he panics, which gets a group of people kicked out of the race just as the accident begins. As the survivors try to make sense of what happened, a tire flies out of the stadium and through Nadia’s head, replicating her death from the vision. 34. Perry Malinowski Salutes the Flag (Final Destination 3) Final Destination loves its out-of-nowhere surprise kills. A character thinks they’re safe, they make some ironic statement and, bam, they’re immediately dead. Usually, these kills aren’t nearly as funny or clever as the movies think they are, especially compared to the elaborate sequences that have become the franchise’s calling card. One of the worst comes when Perry Malinowski (Maggie Ma) gets unceremoniously offed when a loose horse breaks of a flagpole that goes through her chest, a forgettable death for a forgettable character. Horse looks cool though. 33. Darlene Campbell Stays at the Cabin (Final Destination Bloodlines) Although not as meta as, say, a Scream movie, the characters in Final Destination: Bloodlines know how Final Destination movies work. To the filmamkers’ credit, the knowledge adds tension to the movie, underscoring how knowledge doesn’t give them power to evade Death. Nowhere is that more clear than at the climax of Bloodlines when Darlene Campbell (Rya Kihlstedt)—a mother who has estranged herself from her children—decides to hide in her own mother’s bunker, thereby stalling Death’s hit list and saving her children. Noble though the sentiment may be, Darlene’s proclamation of love for her children distracts her, and she gets smashed by a falling pole, rendering her heroism moot. 32. Carter Horton Finally Sees the Sign (Final Destination) Played by Kerr Smith, Carter Horton is the onscreen antagonist of the first film, an annoying preppie who bullies Alex and the others and somehow gets to survive. So while we don’t actually see Carter get killed before the screen cuts to closing credits, his demise does rank above those from the third and fourth movies just because we wanted to see this guy get it for so long. 31. Samantha Lane Has Her Eye on a Stone (The Final Destination) The overwhelming majority of Final Destination victims are obnoxious, good-looking teens who mostly deserve to die. Wife and mother Samantha Lane (Krista Lane) certainly isn’t a saint but she doesn’t irritate us like every other jerk in The Final Destination. So we’re a bit annoyed that she gets such a cruel death when a lawn mower kicks up a rock that flies through her eyes while her young kids watch in horror. The kill does get a few extra points, however, for all of the playfulness before it actually happens, as Death sets up a few options to off Sarah before finally picking the rock. 30. Ian McKinley Splits the Fair (Final Destination 3) The franchise has never done great with its human antagonists, the regular guys who get tired of all the dying and take things into their own hands by killing the other characters. Ian McKinley (Kris Lemche) stands out a little bit more than the others. Instead of showing all the things that could off him, the camera simply follows Ian through a crowd while he rants about his immortality. That’s a bit dull, but it pays off when a firework shoots by him, apparently sparing him, only for the explosion to knock over a cherry picker that splits him in half. That extra beat is enough to make his sudden surprise kill a bit more satisfying. 29. Stefani and Charlie Reyes in a Logjam (Final Destination Bloodlines) Although a bit glossier and a bit kinder with its characters, Final Destination Bloodlines follows the beats of most entries in the franchise. In fact, its final moment, in which protagonists Stefani (Kaitlyn Santa Juana) and Charlie Reyes (Teo Briones) realize that they did not, in fact, stop Death and are about to die, feels like a callback to the infamous log premonition in Final Destination 2. However, Bloodlines ups the stakes with a lucky penny leading to a train derailment. The amazing shot of Stefani and Charlie goes bigger than any of the other movies’ shock ending, undone some by the cheap effects when two logs from the train car come loose and flatten our heroes. 28. Sam Lawton and Emma Bell Die in a Callback (Final Destination 5) Final Destination 5 has the best ending of the series, in which protagonists Sam Lawton (Nicholas D’Agosto) and Emma Bell (Molly Harper) survive the ordeal and board a plane to celebrate. It’s only then that we realize that the movie has taken place in 2000 and that they’re boarding Flight 180, the one that explodes at the start of the first movie. Thus we have to watch as the characters who have gone through so much die, but we also get to see the original disaster that started it all. Emily splatters when she gets sucked out of the plane and sliced by the wing, but Sam’s death isn’t that spectacular outside of the fact that he burns up in the same manner as Alex did in his vision. 27. Tod Waggner Hung Out to Dry (Final Destination) The first “real” death of the series, Tod Waggner’s (Chad E. Donella) end feels like a first draft to the spectacular kills to come. When water leaks from a toilet, Todd slips into the tub and gets a laundry cord wrapped around his neck. Todd’s desperate attempts to stand up and save himself, frustrated by the slick tub floor, give the death a level of pathos rarely seen in the series, but outside of that, it’s a fairly rote kill for the overall franchise. 26. Iris Campbell Gets to the Point (Final Destination Bloodlines) Bloodlines gives Tony Todd a glorious final scene as Bloodworth, but it’s the elderly Iris Campbell (Gabrielle Rose) who tells her granddaughter Stefani the rules of Death’s design. Throughout the exposition dump, the camera points to various classic setups, but Iris catches them all. So when Death does finally take her, using a flying fire extinguisher to send a weathervane point through her face, it’s because Iris wants to show Stefani how Death operates. That intentionality makes Iris’ end stand out, even if it isn’t the most elaborate on this list. 25. Rory Peters Goes Fencing (Final Destination 2) Final Destination 2 has the best premonition in the series, an incredible accident and pile-up filled with ghastly incidents. Toward the climax of the movie, that road destruction gets sort of recreated when a series of events launched by a car crash suddenly kill off other characters. It’s mostly fun, and wide shots let us see Death’s composition, but it’s hard to get too excited when stoner Rory Peters (Jonathan Cherry) gets split into thirds by flying fencing. 24. Clear Rivers and Eugene Dix Go Up in Flames (Final Destination 2) It was a nice reveal to show Clear Rivers (Ali Larter) had survived even the post-credit carnage of the first Final Destination to provide information to the victims of the second film. But that surprise was completely undercut by the film then killing Clear in a sudden hospital explosion, taking teacher Eugene (T.C. Carson), one of the more compelling characters in the movie, out along with her. Multi-victim kills always feel like a bit of a cheat, but at least this one had a nice build-up. 23. Carter Daniels’ Hate Crime Backfires (The Final Destination) The Final Destination‘s unlikable cast goes to the extreme when white supremacist Carter (Justin Welborn) singles out George Latner as the cause of his wife’s demise. So it’s especially satisfying when Carter, in the midst of burning a cross on George’s lawn, gets dragged behind his truck and burned alive. Carter may not get the most creative of kills, but rarely do we see such an awful person get their full and just reward like that. 22. Isaac Palmer Meets the Buddha (Final Destination 5) Unlike most entries, Final Destination 5 limited its nastiness to one character, and even then, actor P. J. Byrne knows how to find light notes in his depiction of smarmy exec Isaac Palmer. Byrne sleezes it up as Isaac steals a spa coupon from recently-deceased co-worker, leers at spa workers, and then condescend to the worker who performs upon him. From then on, it’s a classic Final Destination sequence, as a fallen candle ignites spilled oil to send Isaac pin-first onto the ground, crawling away until he inadvertently pulls a Buddha statue on his head, his karma fully earned. 21. Kat Jennings and the Jaws of Death (Final Destination 2) Nervous wreck Kat Jennings (Keegan Connor Tracy) gets one of the better sudden deaths in the series, largely because Death puts all the pieces in place for a symphony of chaos and then sets it off suddenly. Kat initially survives the car crash, avoiding the pointy pipe that ran through her back window and continues to stick out behind her head. When firefighters use the jaws of life to pry open her car door, however, the impact is enough to set off the airbags, slamming Kat’s head into the spike and setting off more carnage. 20. Lewis Romero Loses Weight in the Gym (Final Destination 3) A lot of the kills on this list are preceded by a character declaring their immortality, but few do it with as much apblomb as Final Destination 3‘s aggro jock Lewis Romero (Texas Battle). Like many Lewis responds to Death’s machinations by asserting his own free will… loudly. At the end, he does it while pumping iron in the gym, and his protestations shake the walls, knocking free swords used as part of his team’s decor. The swords cut the bands of his machine as they fall, freeing the weights to smash his head. Given that it was his actions that made the swords drop, Lewis did kind of control his own fate. 19. Nora Carpenter and the Creepy Hook Hand (Final Destination 2) Of all the kills on this list, the death of nervous mom Nora Carpenter (Lynda Boyd) seems the easiest to avoid. Well, at first anyway, when she rushes into an elevator and gets her hair caught on a hook, part of the prosthetic limbs that a creepy guy holds in a box. If Nora just settled down for a moment, or if the creepy guy would put as much effort into untangling her as he does smelling her hair, then she probably could have wrestled free before the elevator decapitated her. All that aside, it’s a pretty amazing and gory kill, one that has enough shock value to overcome any logistical leaps. The Final Destination movies are big on dying, but not so big on suffering, which is a good thing. We don’t want to think of these people as human beings, because that would ruin the fun of watching them go out. Erin Ulmer’s (Alexz Johnson) end in Final Destination 3 veers a bit too much toward suffering, as the camera holds on her as she moans in her last moments. Up until that point, though, the scene has fun with misdirection, making us think that we’re about to see Ian McKinley get crushed by boards until Erin gets knocked into a nail gun, which perforates the back of her head. 17. Jonathan Groves Takes a Bath (The Final Destination) On one hand, Jonathan Groves (Jackson Walker) feels like he was added to The Final Destination late in production because the producers found out the movie’s running a bit too short. Groves does show up in the opening crash scene, but we lose track of him and assume he’s dead until Nick sees him on the news. But we can forgive the shoehorning for the purely absurd way that Groves goes out, with an overfilled bathtub from the hospital floor above crashing down onto his bed. 16. Nathan Sears and Flight 180’s Landing (Final Destination 5) In addition to its fantastic kills Final Destination 5 also has the most well-rounded characters in the series, characters like junior executive Nathan Sears (Arlen Escarpeta). Nathan is fundamentally a nice guy but he gets caught up in a dispute with an older union leader, a dispute that ends when the leader accidentally dies during a fight. Thinking that was Death coming for him, Nathan comes to the leader’s wake to pay respects, secure in the belief that Death has skipped him. That assumption adds some pathos to the moment with gear from Flight 180 falls from the sky and crushes him, taking both good people and bad people. 15. Frankie Cheeks Trapped in the Drive Thru (Final Destination 3) Frankie Cheeks (Sam Easton) is one of the most unlikable characters in the franchise (which is saying something) and we don’t even know that he’s dead until after it happens. So why does it rank relatively high on this list? Because of the way it’s set up, looking very much like protagonists Wendy and Kevin are going to get killed in an unbelievable but well-orchestrated drive-through accident. While our heroes escape in time, a collision still occurs, sending a huge engine fan into the back of Frankie’s head. At first it seems like the duo passed their death onto an innocent bystander until we see a bloody necklace in the shape of a naked lady, and we all breathe a sigh of relief that Frankie Cheeks walks the Earth no more. 14. Tim Carpenter Gets Squished By Glass (Final Destination 2) Tim Carpenter may be the weirdest character in the entire series. The script says he’s 15, and actor James Kirk sometimes plays him as a teen and sometimes as an eight-year-old, which ends up feeling like he’s the MadTV character Stuart. That childlike nature leads to Tim’s end when, like a dumb kid, he just decides to chase after some pigeons because… they were there? The pigeons take flight, knocking a giant pane of glass off of a crane and sending the glass on top of Tim, smooshing the little weirdo. 13. Andy Kewzer Goes Through a Chain Link Fence… in Tiny Pieces (The Final Destination) The biggest problem with The Final Destination is its reliance on CG blood, a scourge of 2000s horror. Still, sometimes the kills are so outrageous that we can forgive the poor effects. Such is the case when mechanic Andy Kewzer (Andrew Fiscella) gets blown into a chain link fence. It looks silly when his body collapses into goopy chunks, but the setup is satisfying, as is the sight of him getting blasted out of his garage into the instrument of his doom. 12. Terry Chaney Hit By a Silent Bus (Final Destination) For the first viewers of Final Destination, Terry Chaney (Amanda Detmer) had the standout death. Freaked out by Alex’s talk of Death coming for them all, Terry tells her friends to drop dead, steps into the street and gets splattered by a bus. It’s a funny moment, as long as you don’t think about it for a second (none of her friends have peripheral vision? The bus driver doesn’t see the gesticulating lady backing into the street?), and it got cheers in the theater. Over time, however, the sudden shock death has become a series trope, dulling the impact (pun intended) of Terry’s end. 11. Howard Campbell Gets a Trim (Final Destination Bloodlines) Patriarch Howard Campbell (Alex Zahara) gets the first classic-style death in Bloodlines, and what a glorious one it is. Occurring after the film has clearly laid out Death’s rules and process, the filmmakers luxuriate in the setup, taking time to highlight all of the things that could kill someone in Campbell’s well-appointed suburban backyard: a rake under a ripping trampoline, a shard of glass in an iced drink, a hose about to explode. After several minutes of anticipation, all of those things come together to set-off something we never saw coming, an electric self-propelled lawnmower, which runs over the face of the prone Howard. Iconic as it may be, Terry’s isn’t the best sudden shock death in the first Final Destination movie. That honor belongs to New York Rangers superfan Billy Hitchcock (Seann William Scott), who also dies without much obvious setup from Death. Billy goes after he and Alex confront the ever-jerky Carter, who decides to defy Death by parking on train tracks. Carter survives, but Billy can’t take it and starts having an angry meltdown, a meltdown cut short when the train kicks up a piece of shrapnel and sends it flying through Billy’s neck. Tod may be the first death in the Final Destination series, but Valerie Lewton (Kristen Cloke) gets the first great death of the franchise. Still shaken up over the explosion of Flight 180, teacher Mrs. Lewton spills some alcohol on the ground while making dinner. When her cooking goes awry, the alcohol ignites, setting her house ablaze. But it’s not the fire that kills her. Rather she dies when she accidentally pulls a knife down from the counter, which embeds itself in her chest. 8. Evan Lewis Slips on Spaghetti (Final Destination 2) Sometimes Death orchestrates events in such an improbable manner that we can almost see a physical hand onscreen, manipulating events. Sometimes dumb people do dumb things and pay for it. It’s the latter event that brings down lottery-winning bro Evan Lewis (David Paetkau) in Final Destination 2, who just tosses a pot of spaghetti out the window. That decision proves disastrous when Death’s meddling leads to a fire in Evan’s apartment. Evan climbs out to make an escape, but he slips on his own spaghetti, which leaves him vulnerable to the falling ladder that pierces his eye. 7. Brian Gibbons BBQ Bomb (Final Destination 2) Although it’s a sudden kill with little setup, the death of Brian Gibbons (Noel Fisher) ranks so high because of how funny it is. At the end of the movie, survivors Kimberly Corman (A.J. Cook) and Thomas Burke (Michael Landes) join the Gibbons family at a BBQ where they all let off a bit of steam. No sooner does Brian joke about his and his father’s near-death experience than the grill he’s using explodes, sending his severed arm flying through the air. The arm lands on his mother’s plate, a darkly funny beat that makes it one step better than the average out-of-nowhere kills in the series. 6. Erik and Bobby Campbell Bond in the Hospital (Final Destination Bloodlines) Erik Campbell (Richard Harmon) is truly a unique character in the Final Destination franchise. First of all, he seems to survive his own elaborate death, a hilarious incident in a tattoo parlor (featured heavily in teasers). Secondly he and his brother Bobby (Owen Patrick Joyner) actually like each other, which makes their end so poignant. Off of Bludworth’s information, Erik decides to send the highly allergic Bobby into anaphylaxis so he can revive him, thus satisfying Death. But Erik gets too cute with his plan, and his action accidentally turns on and revs up an MRI machine in the room where the brothers are working. The intensified magnification first pulls in and crushes Erik, with his piercings in front and a wheelchair in back, and then snags a coil from a vending machine, sending it through Bobby’s head. 5. Olivia Castle’s Laser-Guided Fall (Final Destination 5) Okay, technically Olivia Castle (Jacqueline MacInnes Wood) dies when she falls out of a window. But that’s not the part that sticks out in our mind. Instead we remember everything before that moment when Olivia gets laser eye surgery. As if torn from the worst thoughts of anyone about to get the surgery, we watch as Death shorts out the laser while the tech is out of the room and starts burning out Kimberly’s eye. No sooner does she escape than she slips on her beloved teddy bear and falls through the window, a somehow merciful end to the suffering. 3. Ashley Freund & Ashlyn Halperin’s Tanning Session Gone Wrong (Final Destination 3) As this list shows, great Final Destination deaths fall into one of three categories: memorably mean, patently absurd, or impeccably designed. Ashley Fruend (Chelan Simmons) and Ashlyn Halperin (Crystal Lowe) are the prime examples of the first category. A pair of stock mean mall girls, Ashley and Ashlyn go to their favorite tanning spa, giant-size sodas in hand. Death ups the condensation on the drinks, which creates enough water to short out the beds, which turns up the heat, while a fallen shelf keeps them trapped inside. The sight of them burning alive is nasty enough, but the real kicker is the match cut at the end, which replaces two tanning beds with two coffins. 3. Julia Campbell Takes Out the Trash (Final Destination Bloodlines) Final Destination movies love a good fake-out and Bloodlines has the best one yet. Armed with knowledge from Iris, Stefani walks down a suburban street with a skeptical Erik, Death’s next probable victim. As the two walk, Stefani points out all of the things that could kill him: leaves from a blower, a soccer ball kicked by kids, a trash compactor. But to Erik’s mocking glee, nothing happens. Nothing, that is, until Erik’s sister Julia (Anna Lore) goes for a run. In the background. And out of focus, all of those things come together to knock Julia into a roadside dumpster, which is then emptied into the garbage truck where Julia is compacted while Stefani watches. 2. Hunt Wynorski’s Guts in a Pool Pump (The Final Destination) The best patently absurd kill in the entire franchise occurs to obnoxious bro Hunt Wynorski (Nick Zano). After getting into an altercation with a little kid at a public pool, Hunt sits down to catch some rays when he hears his lucky coin fall into the water. Hunt dives in after it, just as Death starts messing with the equipment, causing the pump to malfunction and raise the pressure. The pump traps Hunt at the bottom and he gestures wildly for help, but no one sees him. Instead of drowning, Hunt gets his guts sucked out through his butt, a kill so wonderful that we don’t even care about the CGI viscera that caps off the scene. 1. Candace Hooper Doesn’t Stick the Landing (Final Destination 5) Easily the most glorious and well-composed kill of the entire franchise occurs early in Final Destination 5, when a standard routine for gymnast Candice Hooper (Ellen Wroe) goes horribly wrong. Director Steven Quale takes the time to show viewers the tools and space in which Death works, highlighting dripping water, a shaking girder, spilled dust, and other elements, before bringing them together as Candice goes through her flips. As a result, we understand every step in the system of catastrophes that leads to a ghastly end, with Candice’s crumpled body shuttering on the gym floor.

May 16, 2025Ravie LakshmananMalware / Cyber Attack Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for proxy execution during the initial stage." The latest wave of attacks, as detailed by Qualys, employs tax-related lures to entice users into opening a malicious ZIP archive containing a Windows shortcut (LNK) file, which, in turn, makes use of mshta.exe, a legitimate Microsoft tool used to run HTML Applications (HTA). The binary is used to execute an obfuscated HTA file named "xlab22.hta" hosted on a remote server, which incorporates Visual Basic Script code to download a PowerShell script, a decoy PDF, and another HTA file similar to xlab22.hta called "311.hta." The HTA file is also configured to make Windows Registry modifications to ensure that "311.hta" is automatically launched upon system startup. Once the PowerShell script is executed, it decodes and reconstructs a shellcode loader that ultimately proceeds to launch the Remcos RAT payload entirely in memory. Remcos RAT is a well-known malware that offers threat actors full control over compromised systems, making it an ideal tool for cyber espionage and data theft. A 32-bit binary compiled using Visual Studio C++ 8, it features a modular structure and can gather system metadata, log keystrokes, capture screenshots, monitor clipboard data, and retrieve a list of all installed programs and running processes. In addition, it establishes a TLS connection to a command-and-control (C2) server at "readysteaurants[.]com," maintaining a persistent channel for data exfiltration and control. This is not the first time fileless versions of Remcos RAT have been spotted in the wild. In November 2024, Fortinet FortiGuard Labs detailed a phishing campaign that filelessly deployed the malware by making use of order-themed lures. What makes the attack method attractive to threat actors is that it allows them to operate undetected by many traditional security solutions as the malicious code runs directly in the computer's memory, leaving very few traces on the disk. "The rise of PowerShell-based attacks like the new Remcos RAT variant demonstrates how threat actors are evolving to evade traditional security measures," J Stephen Kowski, Field CTO at SlashNext, said. "This fileless malware operates directly in memory, using LNK files and MSHTA.exe to execute obfuscated PowerShell scripts that can bypass conventional defenses. Advanced email security that can detect and block malicious LNK attachments before they reach users is crucial, as is real-time scanning of PowerShell commands for suspicious behaviors." The disclosure comes as Palo Alto Networks Unit 42 and Threatray detailed a new .NET loader that's used to detonate a wide range of commodity information stealers and RATS like Agent Tesla, NovaStealer, Remcos RAT, VIPKeylogger, XLoader, and XWorm. The loader features three stages that work in tandem to deploy the final-stage payload: A .NET executable that embeds the second and third stages in encrypted form, a .NET DLL that decrypts and loads the next stage, and a .NET DLL that manages the deployment of the main malware. "While earlier versions embedded the second stage as a hardcoded string, more recent versions use a bitmap resource," Threatray said. "The first stage extracts and decrypts this data, then executes it in memory to launch the second stage." Unit 42 described the use of bitmap resources to conceal malicious payloads a a steganography technique that can bypass traditional security mechanisms and evade detection. The findings also coincide with the emergence of several phishing and social engineering campaigns that are engineered for credential theft and malware delivery - Use of trojanized versions of the KeePass password management software – codenamed KeeLoader – to drop a Cobalt Strike beacon and steal sensitive KeePass database data, including administrative credentials. The malicious installers are hosted on KeePass typosquat domains that are served via Bing ads. Use of ClickFix lures and URLs embedded within PDF documents and a series of intermediary dropper URLs to deploy Lumma Stealer. Use of booby-trapped Microsoft Office documents that are used to deploy the Formbook information stealer protected using a malware distribution service referred to as Horus Protector. Use of blob URIs to locally loads a credential phishing page via phishing emails, with the blob URIs served using allow-listed pages (e.g., onedrive.live[.]com) that are abused to redirect victims to a malicious site that contains a link to a threat actor-controlled HTML page. Use of RAR archives masquerading as setup files to distribute NetSupport RAT in attacks targeting Ukraine and Poland. Use of phishing emails to distribute HTML attachments that contain malicious code to capture victims' Outlook, Hotmail, and Gmail credentials and exfiltrate them to a Telegram bot named "Blessed logs" that has been active since February 2025 The developments have also been complemented by the rise in artificial intelligence (AI)-powered campaigns that leverage polymorphic tricks that mutate in real-time to sidestep detection efforts. These include modifying email subject lines, sender names, and body content to slip past signature-based detection. "AI gave threat actors the power to automate malware development, scale attacks across industries, and personalize phishing messages with surgical precision," Cofense said. "These evolving threats are increasingly able to bypass traditional email filters, highlighting the failure of perimeter-only defenses and the need for post-delivery detection. It also enabled them to outmaneuver traditional defenses through polymorphic phishing campaigns that shift content on the fly. The result: deceptive messages that are increasingly difficult to detect and even harder to stop." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    