Never put off the work till tomorrow what you can put off today.

As Travel Rebounds, Airlines Are Figuring It Out on the Fly — 07/15/2021

As Travel Rebounds, Airlines Are Figuring It Out on the Fly

Before, air travel had certain rhythms. Business travelers flew out on Monday mornings and back on Thursday evenings, filling pricier seats. Come summer, price conscious leisure travelers took to the skies. Crowds flew for Thanksgiving, Labor Day, and Christmas, and to specific destinations for events—sports championships, music festivals, fashion weeks. Decades of historical data plugged into complex mathematical models helped airlines determine schedules and prices.

Then came the pandemic. “All of the history, all of the old practices that airlines used to follow to decide what was scheduled to fly and what prices to charge, had to be thrown out the window,” says Jim Barlow, vice president of strategic consulting at Amadeus, which builds software for airlines.

Now, as more passengers are vaccinated and willing to travel, the airline industry is seeing green shoots. More than 2.1 million people traveled through US airport security checkpoints on July 5, nearly twice as many as last year; but that was still 20 percent fewer than in 2019.

That doesn’t mean that the pictures created by airlines’ algorithms have gotten any clearer. Airlines are operating with less data, and more uncertainty, than usual, creating a complicated math problem. It’s not just figuring out where people want to go, and how much they’ll pay. It’s also making sure that the right-sized aircraft and full, rested crew are in the right place for takeoff. The number crunchers who run their systems have found other ways to cope.

For about six months at the outset of the pandemic, many airlines leaned less on their algorithms and more on their human scheduling and pricing teams who used hunches about where people wanted to go, says Barlow. They froze hiring and laid off thousands of workers. Some put aircraft in storage, and photos of Delta and Southwest planes parked in the California desert became a creepy, pandemic-era sign of the times.

Part of the problem was that their customers had changed—and continue to change. The airfare-setting process is one of the most complicated in the business world. Passengers on the same flight, and even in very similar seats, often pay different prices, depending on where they bought their tickets and when. In-house teams create pricing structures and schedules based on when passengers are likely to buy tickets. Vacationers, seeking deals, tend to buy early, which is why airlines tend to offer the lowest prices on tickets bought far in advance. Business travelers, meanwhile, buy closer to flight time, and are willing to pay more.

Since the pandemic hit in early 2020, most people flying tend to be leisurers. And they were booking closer than usual to their travel times, probably because they weren’t sure how the coronavirus would affect their plans.

The influx of vacation flyers has changed airlines’ schedules—and made them more willing to experiment with routes less traveled. In the past year, JetBlue added routes to the Carribean. United premiered nonstop flights to Florida, and its popular domestic vacation spots. As business travel continued to sag, airlines subtly pivoted away from the big, traditional hubs to quainter routes: Milwaukee to Las Vegas; Boise, Idaho, to New York; Des Moines to Portland, Oregon.

As the routing experiments continue, airlines and the people that build their pricing systems are testing other data sources to make better operational decisions. They’re using customers’ web searches and requests for online notifications to suss out what’s in demand. Did a bunch of people sign up for notifications for cheap flights to Vegas in November? Maybe airlines should schedule a few extra flights that month. In the future, Barlow says, airlines are hoping to integrate other sources of information into their operations, like cellphone data that tells them how full competitors’ flights are, in real time.

“Dynamic pricing”—targeting specific fares to specific people, based on their flight history and real-time market conditions—has also picked up during the pandemic, with airlines imitating e-commerce companies in changing prices based on live demand. Since the 1980’s, airlines have varied seat prices according to tightly prescribed schemes, selling blocks of tickets at predetermined prices. But dynamically priced tickets can be changed all the time. For airlines, it’s a holy grail because it promises to near-perfectly predict the prices customers are willing to pay. Research suggests that more accurate pricing, not just of seats but also goodies like meals and extra legroom, could boost revenue anywhere from from 5 to 15 percent.

United, Delta, and Spirit Airlines did not respond to requests for comment, and Southwest and American Airlines declined to discuss future pricing. But in a recent call with investors, American’s chief revenue officer said that the airline had become “materially more efficient through the pandemic,” noting that the airline was flying 150 fewer planes than normal, but operating as if it were 80 to 85 airplanes down.

Of course, other industry-related dysfunction has complicated the picture. Bad weather, the occasional IT-related meltdown (Southwest Airlines delayed 1,400 flights in mid-June because of problems at a weather data provider), and now, a shortage of pilots and flight attendants add to the airlines’ headaches. After the big layoffs, airlines laid off large numbers of employees are finding that some employees are retiring and others are reluctant to come back to work.

Airlines didn’t use to work this quickly, says Bryan Terry, who leads the global aviation practice at the consulting firm Deloitte. Before, they would have worked out schedules months in advance; this spring, many quickly added new flights to what would have once been thought of as middle-of-nowhere destinations like Kalispell, Montana—the gateway to Glacier National Park. As a result, industry-watchers say, a pandemic that broke airlines’ internal systems might end up making them more dynamic and nimble. “Data analysts and data scientists are going to be in high demand and working overtime in most airlines,” Terry says. 

More Great WIRED Stories
No, Facebook and Google Are Not Public Utilities —

No, Facebook and Google Are Not Public Utilities

Should Google get treated like your local telephone company? The idea that dominant, front-facing internet platforms should be regulated as common carriers or public utilities has been kicking around for a while. But it got a fresh jolt in April, when Supreme Court justice Clarence Thomas issued an opinion suggesting that common-carriage law could allow Congress to regulate social media providers. Ohio attorney general Dave Yost filed a lawsuit in June asking a state court to rule that “Google’s provision of internet search is properly classified as a common carrier and/or public utility under Ohio common law.” Last weekend, Yost published an op-ed in The New York Times touting the strategy as a way to stop Google from favoring its own business over competitors who rely on it to reach customers. “As legal touches go, it’s a lot lighter than what antitrust law would demand,” he wrote. 

Unfortunately, it’s also a bit light on logic. 

“This guy has made such a mess,” said Barbara Cherry, a professor of at the Indiana University Media School who studies common carriage and public utility law. “For a lawyer, it’s particularly sloppy.” 

The first red flag in the Ohio lawsuit is that it doesn’t even try to define what a common carrier or public utility is. The second red flag is that Yost suggests that the two concepts are interchangeable. All he’s seeking, he wrote in the Times op-ed, is “a simple declaration that, under the law, Google is a public utility, or more generally, a common carrier.” In fact, common carriage is not a more general species of public utility.

“There’s a lot of misunderstanding of what common carriage is, what public utility is,” said Cherry, who practiced telecommunications law before going into academia. “They’re totally separate bodies of law, and why an entity would achieve a legal status under either one is for different reasons. It just so happens that some entities can be both common carriers and public utilities, but the reason is because they satisfy both.” 

The concept of a public utility, Cherry explained, refers to a business that has signed an agreement with some level of government to provide a service to the public at large. In exchange, it typically receives some benefit or delegation of power from the state. Think of an electric company that has the power to invoke eminent domain but is subject to price controls. 

“Public utility comes from a contractual relationship between the government and that entity that is supposed to be the public utility,” Cherry said. But Google, to state the very obvious, has no contract with the government to provide a search engine.

OK, but what about calling Google a common carrier? Here, too, Cherry said that Yost is misinterpreting the law. Common carriage, she explained, is a legal concept that dates all the way back to the feudal economy of medieval England. A common carrier was someone who offered to carry something to any member of the public. Anyone who chose to do business that way was subject to certain legal duties, including nondiscrimination. 

Originally “carriage” was meant literally—ferry operators, for instance. Today, it can encompass more metaphorical carrying, as with phone companies. The key overlap is neutrality. “Common carriers, by definition, they’re just a conduit,” explained Cherry. “They’re not controlling the content.” That was the principle underlying the net neutrality rule issued by the Federal Communication Commission in 2015 (and rescinded under the Trump administration), which imposed common carrier status on internet service providers like Comcast and AT&T. Because ISPs are mere conduits for data, it makes sense to prevent them from treating data differently depending on its source or content. 

Here is where the application of the concept to Google search starts to break down. According to Yost’s lawsuit, Google’s customers aren’t users, who get the product for free; rather, its customers are the businesses who pay to advertise on it and rely on its search algorithm to reach consumers. The problem is that Google does not promise to act as a neutral conduit for those businesses. Quite the contrary. The whole value proposition for Google is that it discriminates between different possible results in order to return what it thinks will be most relevant to the person doing the search. To ask the court to force Google “to carry search result information reliably, neutrally,” as the Ohio lawsuit does, is sort of nonsensical.

“If you’re being nondiscriminatory in an absolute sense, so there’s no prioritization, there’s no special insight—it just goes back to how many times the words appear on a web page, like the early search engines—that’s not what Google offers you,” said Scott Jordan, a professor of electrical engineering and computer science at UC Irvine and former chief technologist at the Federal Communications Commission. A search engine that didn’t try to bring the best, most relevant results to the top would be basically worthless. “If you mean nondiscriminatory in a much narrower sense, like does Google’s algorithm include whether the webpage has a conservative or a liberal tint, or is based on anything else—gender, race, what have you—then, yeah, Google might say that they’re nondiscriminatory in these narrower senses. But this doesn’t easily map onto the question of common carriage.” 

This doesn’t mean that the objectives of Yost’s lawsuit are totally illegitimate. His main objection to how Google operates is a familiar one: the suit criticizes the company for favoring its own products and services above competitors’, with the result that an ever-growing share of Google searches end without clicking away to another website. But antitrust law already provides ways to punish self-dealing. Indeed, one of the multiple lawsuits filed against the company specifically takes aim at how it allegedly discriminates against specialized search engines like Kayak and Yelp. (In Yost’s defense, he is one of the more than 30 state attorneys general who joined that suit.) And one of the bills recently introduced by the House antitrust subcommittee would prohibit dominant companies from favoring themselves over other companies that use their platforms.

Now, there’s a difference between asking a judge to declare that Google is already a common carrier, as the Ohio lawsuit does, and asking Congress to pass a new law forcing Google to be a common carrier. It’s that second idea that Clarence Thomas seemed to have in mind in his April opinion, in a case that concerned Twitter, not Google. “The similarities between some digital platforms and com­mon carriers or places of public accommodation may give legislators strong arguments for similarly regulating digi­tal platforms,” he wrote, suggesting that government could pass laws limiting the ability of a social media platform to kick off users (cough, Donald Trump, cough).   

According to Thomas, the common carrier principle could help Congress get around the First Amendment problem that arises when you force a private actor, like Twitter or Facebook, to carry speech that they don’t want to carry. But even apart from constitutional questions, the notion of imposing common carriage status on social media platforms raises the same logistical problems as it would with Google’s search engine. 

“These are the places where I’ve heard it raised the most, and these are the places where it makes the least sense,” said Jon Peha, a professor of engineering and public policy at Carnegie Mellon and another former chief technologist at the FCC. “Part of the core function of Facebook is ranking information that is deemed to be important to the user. Discrimination is what it does. When I hear some politicians complaining about not allowing discrimination in ranking algorithms, when that is what the ranking algorithms do at their core, I get very confused.”

To judge by the Ohio lawsuit, some of the people complaining are confused, too.

More Great WIRED Stories
These Headphones Translate Foreign Languages on the Fly —

These Headphones Translate Foreign Languages on the Fly

A few years ago, I spent a day at Suntory’s Yamazaki Distillery outside of Kyoto, Japan. There’s a bar at the end of the tour, and (pro tip) it’s one of the only places in the world you can get Suntory’s whiskeys at cost. When I purchased my first glass of whiskey, a pair of Japanese men who’d taken the Shinkansen in from Tokyo waved me over to their table. Through pantomime, one of them offered me a taste of the whisky in his glass, and we ended up spending hours sampling spirits and talking about Japanese whiskey through the magic of Google Translate on our phones. It was a halting, awkward way to have a conversation, but it was glorious, and it still stands as one of the best experiences of my life.

But what if we could have actually conversed by voice? You know, the old-fashioned way? Such is the promise of the Ambassador Interpreter, a $179 device that aims at long last to bring the mythical Babel fish as close to life as it’s ever gotten.

Speak Easy

The Interpreter arrives as a pair of over-the-ear headphones, one for your right ear and one for your friend’s. You download the Ambassador mobile app—where all the translation work gets done—and pair both headphones to your phone using Bluetooth.

Multiple earpieces connect to one instance of the app, where each user selects the language they want to hear.

Photograph: Waverly Labs

Ambassador has three operational modes. Converse mode is a two-way system: You both pick one of the 20 languages and 42 dialects available, and the app translates your language to his and his to yours. (Up to four people at once can talk this way through the app, if you have enough earphones.) Lecture mode is a one-way system that translates your speech and streams it through your smartphone’s speaker in another tongue. Listen mode goes the other way, listening for the language of your choice, translating it into your own language, and piping it into your earpiece.

The good news is that both Converse and Lecture work surprisingly well. While the Ambassador app can be a little awkward to use—especially since you have to manually reconnect to the headphones every time you turn them off—it’s intuitive enough to get things going without a lot of hand-holding. It’s not an app to use if you’re in a hurry, as you have to manually select the languages to listen for and translate to, which can take a bit of time. (You can also configure whether you want to listen to a male or female voice translation.)

Once everything’s set—and, presumably, once you’ve convinced the other party in Converse mode that you’re not a lunatic for wanting them to put on a single earphone—you can get down to conversing. This can be a little halting, as the Ambassador isn’t always-on by default. You have to tap the side of the device to tell it to translate, which makes using two of them a bit of a walkie-talkie operation. In other modes, pressing the button once will leave it on until you press it again. Volume buttons are also available on the side of each earpiece.

We Chat

As you can imagine, translations are far from perfect, but if you speak clearly and reasonably slowly, the system works very well. It struggles with some proper names, but it can handle slang and informal speech (like “gonna get ’em”) fairly handily. The app also keeps a running log of everything in text, so if it mishears something you’ve said, you’ll have a chance to correct things. Note that in a two-way conversation, you need to be pretty up close and personal for things to work, which can be a bit challenging in our pandemic situation, but I’ve found that Ambassador works just fine under masks.

I had high hopes that with Listen mode I’d be able to watch foreign-language movies in their native tongue, but this didn’t pan out. While I was able to get a reasonable translation of things like News in Slow Spanish, the speech on mainstream programming and movies was always much too rapid-fire for Ambassador to keep up with. Most of the time the system just didn’t catch any dialog at all, or if it did, it was only a random word here or there. And if there’s background music or special effects to contend with, forget it. (I also had to crank the volume up on my TV and sit a few feet away from it for even slow, uncluttered speech to work.)

Three users pair their earpieces to the app so they can participate in a translated conversation.

Photograph: Waverly Labs

I’m also not in love with the hardware. The egg-shaped device is awkward to hold, and I found it constantly slipping out of my hand when trying to put it on. Once over your ear, it kind of flaps there loosely, and it didn’t feel secure enough for use while in motion. The headphones recharge via Micro-USB cable, and while a six-hour battery life is promised, on more than one occasion I came back to the Ambassadors to find they had both been drained down to zero even when they hadn’t been in use for a while. Some work on battery management appears to be in order.

Ultimately the concept is a winner; if some of the practical kinks can be worked out, it’ll be a terrific product. For now, if all parties are willing to take their time, it’s arguably the most effective method around for hurdling the language barrier, short of having a human translator on hand to do the work. And to that, I say kanpai!

The Next Covid-19 Battle Will Be About Vaccinating Kids —

The Next Covid-19 Battle Will Be About Vaccinating Kids

On Monday, the Tennessee Department of Health fired its top vaccine official, Michelle Fiscus. Her transgression: In May, she had sent a memo to pharmacies and physicians in the state, relaying a Tennessee Supreme Court decision that allows teens to seek medical care, including vaccinations, without their parents’ consent. At the time, the Food and Drug Administration had just authorized the Pfizer vaccine for 12- to 17-year-olds, and one for the Moderna vaccine was soon to follow.

Fiscus’ memo was approved by the governor’s staff, and it contained no policy changes. The legal ruling it discussed was handed down in 1987. State legislators, though, accused her of “prodding” children to seek the vaccine. She was summoned to two hearings; at one, a legislator proposed dissolving the entire state health department in retaliation.

In a statement she gave to The Tennessean Monday evening, Fiscus said that, to protect itself, the department has shut down all its communication campaigns about vaccination. “Not just Covid-19 vaccine outreach for teens, but ALL communications around vaccines of any kind,” she wrote. “No back-to-school messaging to the more than 30,000 parents who did not get their children measles vaccines last year due to the pandemic. No messaging around human papillomavirus vaccine to the residents of the state with one of the highest HPV cancer rates in the country.” (On Tuesday, The Tennessean confirmed that vaccine promotion, and vaccination clinics held at schools, had been shut down.)

Fiscus’ firing came two days after a crowd at the Conservative Political Action Conference in Dallas cheered an announcement that the Biden administration hasn’t achieved its goal of getting one dose of vaccine into 70 percent of Americans by July 4th. It also came three days after the Centers for Disease Control and Prevention relaxed the agency’s previous guidelines about wearing masks inside school buildings. Add those events together, and they’re a storm siren for the next Covid battle, this time over vaccinating children—which will arrive as the virus’s Delta variant advances and the school year is about to begin.

Clinical trials underway now are testing the safety, efficacy, dosing, and timing of mRNA vaccines for kids between the ages of 11 years and 6 months; about 4,500 children are in Pfizer’s trial, and about 7,000 in Moderna’s. A Pfizer official said in June that the first request for emergency authorization should be sent to the FDA in September or October. (Johnson & Johnson is only now beginning trials in teens and has not yet included younger kids.)

Those trials are scattered across medical centers in the US and several European countries—more sites than were initially planned for, according to several principal investigators, because the companies feel it’s urgent to gather data and move toward approval as rapidly as possible. That’s because, now that adults can get vaccinated, children make up a larger proportion of those getting sick from Covid.

Kids represented 14.2 percent of all US cases in July, compared to 2 percent in April 2020, according to the American Academy of Pediatrics. Just in the US, more than 4 million children have fallen ill from Covid. And though most experience only mild illness, 16,623 had been hospitalized as of July 8, and 344 had died. As of the end of June, 4,196 children and teens had developed MIS-C, the perplexing and sometimes fatal inflammation that occurs after Covid infection and affects the heart, lungs, kidneys, and brain.

“Covid is a risk for children,” says Mark Sawyer, a professor of pediatrics at the UC San Diego School of Medicine and temporary voting member of the FDA’s Vaccines and Related Biological Products Advisory Committee (VRBPAC), which reviewed evidence submitted on behalf of the Covid vaccines. “The reported deaths are at least as bad as the worst influenza season in terms of pediatric deaths, and probably a little worse than that. That doesn’t even get us into what long-term consequences could occur, either from MIS-C or so-called long-haul Covid. And that doesn’t even touch the public health argument, which is that we need children not to be bringing Covid to their grandparents and others who are at extremely high risk.”

As many researchers have pointed out over the years, children aren’t just small adults. Once past the teen years, adults have mostly achieved their final height and size—barring big gains or losses in fat and muscle—and, crucially, a settled immune balance with the world. But children are changing all the time, not just in size and muscle mass, but in how their immune systems defend them against the world.

“The spectrum and the strength of the immune response changes over years,” Inci Yildirim, a vaccinologist and associate professor of pediatrics and global health at the Yale School of Medicine, told WIRED by email. “For example, a healthy 13-month-old child usually has a higher number of lymphocytes, which is one of many components of the immune system playing a role in how we respond to the vaccines, compared with a healthy 15-year-old teenager.”

Even though we have data on how adults respond to the Covid vaccines—from the clinical trials that got the vaccines their emergency authorizations, and also from real-world observations—we can’t assume that children’s reactions will be the same. Weirdly, they might be better. For instance, after the introduction of the HPV vaccine (which prevents cancers of the cervix, neck, and throat), federal authorities decided that 9- to 14-year-olds need only two doses, not three as older teens and adults do, because the younger kids’ response to the vaccine was so strong.

But because Covid is still a new and under-researched disease, we have to do clinical trials to explore what those reactions might be. As the World Health Organization highlighted in a meeting in May, we still have not identified the “correlates of protection” that define immunity. Those would be agreed-upon metrics for immune response—a minimum number of antibodies, for instance, or measurements of the presence of T cells— that would indicate when someone who has received a vaccine is protected against infection. If we could define those correlates, we could skip placebo-controlled trials for head-to-head studies comparing different vaccines, or even use blood tests. Since we don’t, full trials in kids, patterned on the adult ones, are necessary.

“We should not simply recommend the vaccine for children because it’s available for older age groups,” says Walter A. Orenstein, a physician and director of vaccine policy and development at Emory University, who previously led immunization programs at the Bill & Melinda Gates Foundation and the CDC. “We need to determine what the optimal doses are and look at what the safety factors are, so that the FDA has a reasonable data set upon which to make a judgment.”

And some safety issues have shown up. In June, the CDC disclosed that 226 people under 30, including 79 16- and 17-year-olds, had developed inflammation in or around their hearts after receiving the vaccine. The agency and its advisers examined the problem in a meeting of the Advisory Committee on Immunization Practices, but did not support any change in vaccine recommendations for teens.

Despite Covid vaccines being subjected to politicized controversy, the trials in younger children haven’t had any difficulty recruiting kids. “We had far more people interested than we have spaces,” says Kawsar Rasmy Talaat, a physician and associate professor of international health at the Johns Hopkins Bloomberg School of Public Health, where she leads a trial of the Pfizer vaccine for kids 12 and under. “Before we even knew we were a site, we had names on a list, parents who said, ‘If you do this, I want my kid to be in the study’—hundreds and hundreds of names.”

(Talaat and other principal investigators said many of the parents enrolling their kids turned out to be faculty from medical schools and other parts of universities conducting the trials, who happened to hear about the trials early because of their jobs. That could turn out to be a problem, because it may have accidentally created trial populations that are low on diversity—not necessarily of race or national origin, but of economic status and living conditions, both of which affected who was vulnerable during Covid’s first wave.)

Within the trials, child entrants are stratified—separated into groups—according to age ranges. The Stanford University School of Medicine, for instance, joined the Pfizer Phase I safety trial for infants and toddlers, who were divided into groups of kids between the ages of 6 months and 2 years, and then kids who were at least 2 but younger than 5. Stanford now is one of the sites hosting Phase II efficacy trials for the under-5 group, and also is running part of the Phase II and III trials for the 5- to 11-year-olds. (A Phase III trial also tests efficacy, but in a larger group, because some rare effects are only observable when more participants are added.)

The Pfizer trial those studies are part of is already returning information showing that the vaccines may create stronger immunity in kids than in adults, according to Yvonne Maldonado, a pediatrician and professor of epidemiology and population health and principal investigator of the Stanford trial site. “The first data that was put out in May, that was submitted to FDA, showed that the Pfizer vaccine had elicited much higher antibody titers in children than it did in adults,” Maldonado says. Those findings could well lead, in the final authorizations, to vaccines containing much smaller doses of active ingredients than are present in the adult vaccines.

Overall, it seems there have been no major setbacks. But there’s a difficult challenge approaching. Once trial data determining children’s doses and shot schedule passes the FDA—as either an emergency use authorization or a full new drug approval—the campaigns that distribute the shots will be run by the individual states, in the same way that the adult vaccines were. This spring, that was chaotic.

What might save the child vaccine, and the health of vulnerable elderly and immunocompromised people in contact with children, is that the system to distribute the shots won’t have to be built from scratch. American public health agencies already recommend that children and teens receive 16 different vaccines by the time they turn 18—against measles, mumps, rubella, diphtheria, pertussis, two types of hepatitis, rotavirus, chicken pox, flu, and so on—and many of those vaccines require multiple doses. A massive infrastructure delivers, tracks, and pays for those shots: physician practices, commercial pharmacies, health department clinics, and county health fairs; health department registries and state school-entry standards; private insurers and an array of federal buying programs. (Outside the US, the mix of funding comes from national governments and international philanthropies, and the vaccinators may be doctors’ offices, public health clinics, or volunteer-run sites.) Adding a Covid vaccine into that distribution would not be trivial, but it should not be impossibly hard.

“If you want to get vaccines out to a population, the most practical way to do that is through pediatric immunization,” says Ofer Levy, a pediatric infectious disease clinician and director of the Precision Vaccines Program at Boston Children’s Hospital, and also a temporary voting member of VRBPAC. “The majority of the world’s infrastructure for delivering vaccines is directed at children, and vaccines that are given to children around the globe get a population penetration of 80 percent to 90 percent.”

Yet any legislation that makes Covid vaccines available to children—or mandates them—is also a matter for every individual state government to decide. And in the seven months since the adult versions were released, openness to vaccination has split into a red-blue divide. That could lead to more of the politicization that exploded in Tennessee this week, and fewer kids able to access the shots. And that means ongoing vulnerability, the emergence of more variants, and a longer pandemic in the end.

More Great WIRED Stories
Amazon bought Facebook’s satellite team to help build Starlink competitor — 07/14/2021

Amazon bought Facebook’s satellite team to help build Starlink competitor

Illustration of a rocket in space with an Amazon logo.
Enlarge / Image released by Amazon when it announced a deal with United Launch Alliance to use launch vehicles for Project Kuiper.

Facebook has sold its small-satellite Internet division to Amazon and said it has no plans to become an Internet service provider. Amazon and Facebook both confirmed the sale to Ars today.

The Information first reported that “Amazon has acquired a team of more than a dozen wireless Internet experts from Facebook in an effort to boost its multibillion-dollar effort to launch thousands of satellites… The workers are in the Los Angeles area and included physicists as well as optical, prototyping, mechanical, and software engineers who had previously worked on aeronautical systems and wireless networks, according to their LinkedIn pages.” One of those is Jin Bains, who is now a director at Amazon’s Project Kuiper. The employees reportedly moved to Amazon in April.

Facebook asked the FCC for permission to launch a low-Earth-orbit satellite in 2018, but the company called it a small research and development experiment and did not publicly commit to offering Internet service. Today, Facebook said that “it has not been our plan to launch a constellation of satellites, become an ISP, mobile operator, or tech vendor. We’ve long held the belief that satellite technology will enable the next generation of broadband infrastructure, and as part of our ongoing connectivity efforts, this team was focused on designing and testing new ways to advance satellite connectivity using optical communications and radio frequency systems and solutions. We are really proud of the work this team has accomplished and are excited to see what they will continue to build [at Amazon].”

Amazon to launch satellites in 2023 or later

Amazon plans a constellation of low-Earth-orbit satellites to compete against SpaceX’s Starlink service, but Amazon’s “Project Kuiper” is far behind the SpaceX venture. Amazon confirmed to Ars that it “did acquire a small number of employees from the Facebook Connectivity team and that the team moved over to Amazon earlier this year to work on Project Kuiper.” Amazon declined to say more about what the employees will work on within Kuiper.

SpaceX is already providing service to over 10,000 beta users with over 1,500 satellites, and the company says it will have near-global coverage in August. Amazon has US approval to launch 3,236 low-Earth-orbit satellites and says it plans to invest more than $10 billion in the project. But the company hasn’t said exactly when it will launch satellites or offer service. Amazon has said it has over 500 employees working on the Kuiper project, and its website lists over 200 open jobs in the division.

Amazon told Ars last month that 2023 is the earliest it expects to launch satellites. FCC rules give Amazon six years to launch and operate 50 percent of its licensed satellites, which means that the company needs to launch 1,618 satellites by July 30, 2026. Amazon would have to launch the rest of the licensed satellites by July 30, 2029. Amazon told the FCC it plans to offer broadband to customers after it launches the first 578 satellites.

Having sold off its satellite team, Facebook today said it will keep “working with our satellite operator partners to expand connectivity through Wi-Fi” and noted its partnership with Eutelsat on a project in sub-Saharan Africa. Facebook said it is involved in other collaborations such as the Telecom Infra Project and that “we believe these infrastructure investments will have a positive impact for the satellite industry, particularly as they work to expand connectivity to rural, hard-to-reach-areas.”

iOS zero-day let SolarWinds hackers compromise fully updated iPhones —

iOS zero-day let SolarWinds hackers compromise fully updated iPhones

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.

In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a “likely Russian government-backed actor” exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn.

Moscow, Western Europe, and USAID

Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.

The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium—the name the company uses to identify the hackers behind the SolarWinds supply chain attack—first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency’s account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency.

The federal government has attributed last year’s supply chain attack to hackers working for Russia’s Foreign Intelligence Service (abbreviated as SVR). For more than a decade, the SVR has conducted malware campaigns targeting governments, political think tanks, and other organizations in countries like Germany, Uzbekistan, South Korea, and the US. Targets have included the US State Department and the White House in 2014. Other names used to identify the group include APT29, the Dukes, and Cozy Bear.

In an email, Shane Huntley, the head of Google’s Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine.

“These are two different campaigns, but based on our visibility, we consider the actors behind the WebKit 0-day and the USAID campaign to be the same group of actors,” Huntley wrote. “It is important to note that everyone draws actor boundaries differently. In this particular case, we are aligned with the US and UK governments’ assessment of APT 29.”

Forget the sandbox

Throughout the campaign, Microsoft said, Nobelium experimented with multiple attack variations. In one wave, a Nobelium-controlled web server profiled devices that visited it to determine what OS and hardware the devices ran on. If the targeted device was an iPhone or iPad, a server used an exploit for CVE-2021-1879, which allowed hackers to deliver a universal cross-site scripting attack. Apple patched the zero-day in late March.

In Wednesday’s post, Stone and Lecigne wrote:

After several validation checks to ensure the device being exploited was a real device, the final payload would be served to exploit CVE-​2021-1879. This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo and send them via WebSocket to an attacker-controlled IP. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated. There was no sandbox escape or implant delivered via this exploit. The exploit targeted iOS versions 12.4 through 13.7. This type of attack, described by Amy Burnett in Forget the Sandbox Escape: Abusing Browsers from Code Execution, is mitigated in browsers with Site Isolation enabled, such as Chrome or Firefox.

It’s raining zero-days

The iOS attacks are part of a recent explosion in the use of zero-days. In the first half of this year, Google’s Project Zero vulnerability research group has recorded 33 zero-day exploits used in attacks—11 more than the total number from 2020. The growth has several causes, including better detection by defenders and better software defenses that require multiple exploits to break through.

The other big driver is the increased supply of zero-days from private companies selling exploits.

“0-day capabilities used to be only the tools of select nation-states who had the technical expertise to find 0-day vulnerabilities, develop them into exploits, and then strategically operationalize their use,” the Google researchers wrote. “In the mid-to-late 2010s, more private companies have joined the marketplace selling these 0-day capabilities. No longer do groups need to have the technical expertise; now they just need resources.”

The iOS vulnerability was one of four in-the-wild zero-days Google detailed on Wednesday. The other three were:

The four exploits were used in three different campaigns. Based on their analysis, the researchers assess that three of the exploits were developed by the same commercial surveillance company, which sold them to two different government-backed actors. The researchers didn’t identify the surveillance company, the governments, or the specific three zero-days they were referring to.

Representatives from Apple didn’t immediately respond to a request for comment.

WhatsApp Has a Secure Fix for One of Its Biggest Drawbacks —

WhatsApp Has a Secure Fix for One of Its Biggest Drawbacks

The ubiquitous end-to-end encrypted messaging service WhatsApp melds security and convenience for 2 billion people around the world. But there’s always been a big limitation: The service relies entirely on your smartphone. You can use your account on desktops or through the web, but you’re really just interacting with a mirror of what’s on your phone. If its battery dies, or you want to use two secondary devices at once, you’re out of luck. But WhatsApp says it has finally, finally figured out a solution.

Today WhatsApp is launching a limited beta to start real-world testing on a multi-device scheme. With the new feature, you’ll be able to use WhatsApp on your phone and up to four other devices all at once. The only caveat is that those other four need to be “non-phone” devices. Your smartphone will still be the first device where you set up WhatsApp; you’ll add the other devices by scanning QR codes from your phone. 

Using WhatsApp across devices wouldn’t be any trouble if your data lived on WhatsApp’s servers. But the company’s end-to-end encryption scheme keeps it from ever seeing the contents of your messages, and they’re not stored by WhatsApp at all after delivery. This is why mirroring your phone to your desktop, as WhatsApp and many other secure messaging apps have historically done, is an appealing option. All the security protections extend from your phone, and there’s nothing actually happening independently on the other device. It takes complicated cryptographic wrangling to actually anoint other devices and keep everything in sync.

“As we enter the multi-device era, guaranteeing that the security of WhatsApp remains bulletproof is the team’s largest concern,” says Scott Ryder, director of WhatsApp consumer engineering. “Really, it’s the core of why the project took over two years to complete. When both internal and external security reviews agreed we’d achieved that goal—that was an exciting moment.”

The foundational idea of end-to-end encrypted communication is that data is unreadable at all times except to the sender and receiver. That means, for example, that a message is only decrypted and accessible on the phone you sent it from and the phone of the person you sent it to. Group messaging or calling makes this a little more complicated, but as long as everyone is using the same device all the time, it’s doable.

You can see how it gets more complicated, though, for a service to keep track of who’s who if everyone suddenly has three devices and wants real-time syncing between them. Without full end-to-end encryption, a central server can take little peeks at the data to figure out what needs to go where. But when you’re really trying to keep things locked down, you need a special system to make it work. 

As Facebook CEO Mark Zuckerberg put it to WABetaInfo at the beginning of June, “It’s been a big technical challenge to get all your messages and content to sync properly across devices.”

Making it all work involves two main components. One is that, instead of having a single identity key for each user—in other words, the smartphone associated with the account—each device you use for WhatsApp now has its own identity key. WhatsApp’s server keeps a sort of family tree of all the device identities on a person’s account; when someone goes to send a message to that account, the server provides the whole list of keys so that message goes to all the right devices.

WhatsApp says it has carefully added checks on this system to make sure a bad actor can’t add extra devices to your account and receive your messages. Users can check the list of devices linked to their account to ensure there aren’t lurkers, and they can also do a “security code” comparison with someone they’re communicating with to ensure the two codes match. If something has gone awry and one user has an extra, unverified device registered to their account, the codes won’t match.

The second component necessary for all of this to work relates to the security of your actual messages and app settings. When you set up a new WhatsApp device, the system will deliver your entire message history from your smartphone to the new computer in one bulk delivery. This initial archive transfer allows you to securely move everything into place. You obviously still need real-time syncing after that, though, so if you mute a chat or add a new contact, it shows up everywhere. To deal with this, WhatsApp stores an encrypted version of this information on its server. WhatsApp can never access the information, only your devices have the keys to read it, but it essentially provides a water cooler where your different devices can meet and swap updates.

The benefits of having full-fledged WhatsApp on multiple devices are obvious. It makes the service easier and more fun to use, and it mitigates the catastrophe if you lose your phone and want to keep using WhatsApp in the interim. But features like this have a lot of moving parts, and that creates opportunities for mistakes and potential vulnerability. 

“We’ve reviewed and received feedback on all of our technical designs from both in-house and external security researchers,” Alfonso Gómez-Jordana, a WhatsApp product manager, told WIRED. “And we’ve reviewed our implementation with internal security teams as well.”

All of this outside vetting and input is important to checking the WhatsApp team’s work. The company has also updated its WhatsApp white paper to go into greater detail on the technical and cryptographic concepts underlying this multi-device scheme. The feature will roll out slowly to users for the next few months. The next test will be whether real-world attackers find any weaknesses on their own.

More Great WIRED Stories
Volcanoes Might Explain That Phosphine on Venus —

Volcanoes Might Explain That Phosphine on Venus

Venus is often called Earth’s sister planet, a neighboring twin of similar density and size. But the resemblance stops there. As the hottest planet in our solar system, the choking Venusian atmosphere is full of heat-trapping carbon dioxide and clouds thick with sulfuric acid that shroud its dry, volcanic terrain.

So it’s one of the last places anyone might think to look for life beyond our planet.

That’s why it came as such a shock last September when a group of scientists, led by Jane Greaves of Cardiff University, announced that they’d found a possible sign of alien life in the Venusian atmosphere. In the study, published in Nature Astronomy, they reported the detection of a colorless, toxic gas called phosphine in the planet’s clouds and concluded that no known chemical or geological processes could explain its presence. Phosphine could indicate life, they argued, noting recent work by astrophysicist Clara Sousa-Silva of MIT who suggests the gas could be a biosignature. On Earth, phosphine is often found in places that host anaerobic life, including lakes, marshes, paddy fields, and in the sludge of landfills.

But when the news reached Jonathan Lunine, an astronomer at Cornell University, he and graduate student Ngoc Truong were immediately skeptical. “It’s problematic to invoke phosphine as a biosignature on Venus, simply because the environment on Venus is totally different from the environment on Earth,” says Truong. Even on our own planet, he says, there is some confusion as to whether phosphine is associated with life, and he believes that this should be confirmed before extrapolating these observations to environments so unlike our own. 

Truong and Lunine weren’t alone in their doubts. After the phosphine announcement, the internet exploded with discussions about the discovery. Scientists weighed in on Twitter threads, argued on Facebook posts, and flocked to, a preprint server for scientific research, to lay out other theories for what nonbiological processes might be producing the phosphine.

Truong, who until that point had been studying the oceans on Saturn’s moons, convinced Lunine that they needed to further explore one potential source of phosphine in particular: volcanoes. Their research culminated in a new study published Monday in the journal Proceedings of the National Academy of Sciences. In it, Truong and Lunine paint a picture of how phosphine might make it into Venus’ atmosphere. Trace amounts of phosphides (negatively charged phosphorus ions attached to metals like iron) found deep in the mantle of Venus could be pulled up to the surface by volcanic activity. When the volcanoes erupt, these phosphides could be thrust into the atmosphere and chemically react with sulfuric acid in the clouds to form phosphine.

“Our study only suggests a road map to assessing the level of volcanic eruptions” on Venus, Truong says. Two conditions are needed for this to be a viable explanation. First, the planet must be volcanically active. (While thousands of volcanoes have been spotted in radar images of Venus, scientists lack the data to confirm recent eruptions, since so far, landers can only withstand the raging heat and crushing pressure of the Venusian surface for about an hour.) “And not just active in the sense of ‘Hawaiian-style’ volcanism,” Lunine says, which typically produces lava flows without much explosivity. Explosive volcanism is key, because there needs to be a mechanism for the phosphides to be ejected into the atmosphere.

Second, scientists would need to verify that the phosphine is actually there—and that’s currently a huge point of contention. Without this proof, Lunine says, the volcano theory “becomes an empty postulate rather than a hypothesis.”

The original paper by Greaves’ team used data collected by the James Clerk Maxwell Telescope and the Atacama Large Millimetre/Submillimetre Array (ALMA), and it reported that they’d detected about 20 parts per billion of excess phosphine in the Venusian air. But in subsequent months, the discovery of a calibration error in ALMA’s data led the authors to decrease that value to a range of one to five parts per billion. (Other researchers not involved in the work, who did their own analysis of the ALMA data, failed to find evidence of phosphine at all.) By mid-November, a note was added to the original study: “The authors have informed the editors of Nature Astronomy about an error in the original processing of the ALMA Observatory data underlying the work in this article, and that recalibration of the data has had an impact on the conclusions that can be drawn.”

(Greaves and Sousa-Silva did not respond to requests for comment for this story.)

But the volcano hypothesis, too, has its critics. On the same day in 2020 when Greaves’ team published their paper, MIT astrobiologist Janusz Petkowski uploaded a hefty preprint to arXiv, coauthored by a subset of the researchers who had also contributed to the Greaves report, arguing that the phosphine’s source could be biological. In 103 pages, via an extensive analysis of known gas, geochemical, and photochemical reactions, they ruled out the genesis of phosphine by conventional methods—including volcanic activity. Their conclusion: The phosphine must come from some new and unknown process or from microbial life in Venus’ clouds.

Since then, the authors have refined their arguments and addressed concerns like the recalibrated ALMA data; on Monday, a peer-reviewed version of the paper was accepted to Astrobiology, Special Collection: Venus. Late on Tuesday night, following the publication of the Cornell volcano study, Petkowski and his team decided to publicly post the new version of the paper on arXiv (with a corresponding note that explicitly calls Truong and Lunine’s volcano hypothesis unlikely). Notably, the updated version of the document includes even more detailed calculations—it’s now 126 pages long—using a conservative value of one part per billion of phosphine in Venus’ atmosphere. But even with the smaller amount, Petkowski and his team still don’t rule out the possibility of life, because they failed to find any known abiotic process that would accurately describe their observation of phosphine.

“We just do not think that deep-mantle volcanism is a reasonable source for phosphine on Venus,” Petkowski says. In the paper, they argue that it isn’t clear how phosphides could make it from the interior of Venus to the surface unchanged, and that the scale and frequency of volcanic eruptions needed to spew enough of these phosphides into the air, where they can react with sulfuric acid to produce phosphine, is unlikely. Petkowski’s team also wrote that the atmospheric concentration of sulfuric acid likely wouldn’t produce phosphine at all. Instead, it would cause a different chemical reaction with the phosphide called oxidation. (Truong and Lunine disagree; in their paper, they say that oxidation would be limited by the lack of water in Venus’ clouds.)

Sukrit Ranjan, a planetary photochemist at Northwestern University who worked on the original phosphine discovery as well as the follow-up study helmed by Petkowski, says that while his team agrees with “the guts of the calculation” described in Truong and Lunine’s paper, the disagreement lies in which assumptions can be realistically made when modeling volcanic processes on Venus that could produce phosphine in the atmosphere. “When there was ambiguity, we tried to make it as easy as possible for an abiotic explanation of phosphine,” he says of his team’s latest paper, but their analysis kept falling short.

Ranjan stresses, however, that in the 2020 preprint, as well as the latest peer-reviewed version, his team doesn’t exactly rule out volcanic activity as a possibility—they only claim that it cannot be explained with known geochemical processes. “Even life is not a natural explanation for phosphine in the atmosphere,” he says, because life as we know it could not possibly survive in the acidic environment of Venus’ clouds. But evolution could have developed tricks elsewhere that it hasn’t on Earth, so the universe may surprise us: “Habitability is a frontier to be explored,” he says.

Petkowski welcomes the hearty debate between scientists. “We are not afraid to be wrong,” he says. And even if further scrutiny of the data rules out the presence of any phosphine at all, Petkowski says it wouldn’t completely rule out the possibility of life for him. “The story is not over,” he says.

Upcoming NASA missions, planned long before scientists saw possible hints of life, will help solve the mystery of phosphine in the atmosphere. VERITAS, set to launch in 2028, is a spacecraft that will map out the surface and look for the presence of deep underground water spewed out as vapor by active volcanoes. Around the same time, a spherical probe named DAVINCI+ will plunge through the toxic atmosphere and measure the composition of the Venusian clouds, which could confirm or rule out the existence of phosphine.

Suzanne Smrekar, the NASA geophysicist leading the VERITAS mission, says that the possibility of life on Venus is exciting—and a wake-up call. “It’s going to take a very long time to say we believe there is life,” she says. “But it’s a rallying cry to investigate this area of science much more definitively.”

Truong and Lunine, who began working on the volcano hypothesis before NASA selected the discovery missions, are standing by their assertion that it can plausibly explain the presence of phosphine, and they are eager to see what comes next. “I hope this increases interest in Venus as a planet,” Lunine says. But he feels that it shouldn’t have taken a debate about life to spark so much curiosity about Venus. Even without life, we should want to get to know our planetary sibling, which is so similar to our home in many ways, “and yet it seems so different geologically,” he says. “This is just another reason to think of Venus as an interesting target for exploration.”

More Great WIRED Stories
Why Do Some Crimes Increase When Airbnbs Come to Town? —

Why Do Some Crimes Increase When Airbnbs Come to Town?

The presence of more Airbnbs in a neighborhood may be linked to more crime—but not in the way you might think.

Researchers from Northeastern University reviewed data in Boston from 2011 to 2018, a period of both sustained growth in Airbnb listings and growing concerns about crime. They found that certain violent crimes—fights, robberies, reports of someone wielding a knife—tended to increase in a neighborhood a year or more after the number of Airbnbs increased—a sign, the researchers said, of a fraying social order.

“You’re essentially eroding a neighborhood’s natural capacity to manage crime,” says Dan O’Brien, one of the authors. The study was published Wednesday in PLOS One, a peer-reviewed open-access scientific journal published by the Public Library of Science.

Curiously, the researchers found that reports of crime did not increase at the same time that Airbnbs in a neighborhood increased, suggesting that the tourists staying in those rentals were neither committing crimes nor attracting crimes.

“It’s not the visitors themselves that’s the problem, it’s the fact that you took a bunch of units that normally would have functioning, contributing members of a community off of the social network,” O’Brien says.

In addition, the researchers found that other types of crime, including noise complaints, public intoxication, domestic violence, and landlord-tenant disputes, did not increase as more units in a neighborhood were listed on Airbnb.

Airbnb took issue with the study’s methodology and conclusions. In a statement, a spokesperson said the researchers reached “inaccurate conclusions not supported by the evidence.”

The spokesperson questioned whether the researchers controlled for other factors, such as new housing construction and overall economic conditions. The spokesperson raised concerns about generalizing the findings from a single city to a larger nationwide trend.

Additionally, the spokesperson said the researchers’ method of tracking new Airbnb listings was flawed because it relied on when a user “joined” the platform. The spokesperson said someone can sign up for the site as a guest, but not become a host for years, which makes it difficult to track changes in listings over time.

To measure Airbnb’s impact, the researchers looked at the overall number of listings in neighborhoods as the degree to which they were clustered on specific blocks. They divided “crime” into three categories: social disorder, private conflict, and public violence.

Social disorder refers to noise complaints, public intoxication, and a general rowdiness often associated with tourists. O’Brien hypothesized that the minor impact Airbnb has on this definition of crime could be because social disorder often occurs near bars and restaurants, which are generally in the downtown area, not in the more suburban or residential areas where Airbnb listings are concentrated.

Private conflict refers to domestic violence or landlord-tenant disputes, anything that points to disturbances inside the home. This didn’t spike either during the period studied. But the third type of crime, public violence, did. These are fights, robberies, 911 reports of someone wielding a knife, and so on.

The paper builds on existing sociological theories of social organization: the idea that a community of close-knit neighbors who know and trust each other establishes and enforces its own social norms, reducing crime. Essentially, the researchers found that what’s behind the increase in violence is not the presence of tourists or visitors, but the absence of long-term residents who are integrated in the community.

Importantly, this dynamic takes time to appear. If the issue was simply the presence of rowdy tourists, crime would increase simultaneously with a spike in the number of visitors. Instead, the researchers found a lag—violence tended to spike a year or two after an increase in listings.

“Every time we look at the lag further back, it’s actually more impactful,” O’Brien says.

This “erosion” also eventually spreads from public to private: The researchers noted an increase in private violence that appears two years after an increase in listings.

The researchers said they relied on when a user “joined” Airbnb because the platform does not make more specific data available. 

“Airbnb is correct that the data on listings could be stronger,” says Babak Heydari, one of the authors. “The scraped data are not guaranteed to be perfect. But this weakness serves only to highlight their own lack of transparency.”

The researchers hope to replicate their results in other cities and use the results for a constructive conversation on regulation and one which considers how the platform affects social norms. “The current regulations are not designed with this mechanism in mind, O’Brien says.

More Great WIRED Stories
Loki’s Season 2 Renewal Is a Clue to Marvel’s Multiverse —

Loki’s Season 2 Renewal Is a Clue to Marvel’s Multiverse

Heretofore, Marvel’s Disney+ shows have been snacks. Amuse-bouches to keep fans in the cinematic universe in between their trips to the cinema. These shows are also usually ways to tie up loose ends and let beloved characters go on side quests. In WandaVision, Wanda Maximoff got to imagine a life with Vision following his death in Avengers: Infinity War. The Falcon and the Winter Soldier is about Sam Wilson taking on the mantle of Captain America, after Steve Rogers gave him the shield in Endgame. Loki was meant to show what happened when the God of Mischief took off with the Tesseract in Endgame. It didn’t—instead, it turned all of those loose ends into a frayed knot.

But wait, that’s jumping too far ahead. First, the good news: During a mid-credits scene in Wednesday’s Loki season finale, Marvel announced that, yes, “Loki will return in Season 2.” To date, this is unprecedented. Disney+ has yet to renew any other Marvel series. It also leaves a lot of open and compelling questions, including, but not limited to, which Loki or Lokis will be returning in the second season—and/or in other MCU films. Considering that the renewal news was delivered via a message written in the Time Variance Authority (TVA) file of Loki Laufeyson, Hiddleston’s Loki, presumably he’ll be back. The fates of others, including Sophia Di Martino’s Sylvie and the internet’s favorite alligator, remain to be seen. Loki just blew up the timeline of the Marvel multiverse.

This, presumably, is all part of Kevin Feige’s master plan. Like Loki’s Time-Keepers, the Marvel honcho makes sure the MCU keeps ticking, and makes sure all the movies and shows work in concert. But as Wednesday’s finale showed, sometimes even the puppetmaster needs to be swapped out. (Spoiler alert: Details from the Loki season finale follow.) Toward the end of the episode, Sylvie has a somewhat heartbreaking duel with Loki, and then kills He Who Remains (Lovecraft Country’s Jonathan Majors), the supposed mastermind of the TVA that she’s been seeking all season—and the person known to comic-book fans as Kang the Conqueror. Like Se7en’s John Doe, He Who Remains has manipulated Sylvie into mistrusting Loki and stabbing him, thereby unleashing multiple timelines in which a much more evil, warlord-like Kang exists, ready to wreak havoc.

My colleague Adam Rogers likes to warn that “this will end in tears.” All this timey-wimey multiverse stuff can only conclude with a “cataclysmic pendulum-swing of epic violence.” He’s right, of course. (I have to say that; Adam outranks me. Not that he would do something drastic to stop me from speaking my mind … I’m fine …  ::blink::  ::blink::) For me, multiverses are a hoot. Yes, they cause nerds to wring their metacarpi over which one is real or true, but I trust Doctor Strange. Remember that whole bit where he gave Thanos the Time Stone because he said it was the only chance the Avengers had? That turned out (mostly) OK, and it’s my instinct to go with the guy who looked at every timeline and chose this one. If Feige says “multiverse,” sure why not?

Also, multiverses allow for a lot more of the side quests and quirky character explorations Loki played like a fiddle. Technically, WandaVision happened on the main MCU timeline, but if Wanda hadn’t used her sorcery to create an alternate world, fans wouldn’t have had hours of more time with Vision—and they never would’ve even met the now beloved Agatha Harkness. Loki gave us more Loki—a couple dozen of them, in fact, revealing all of the character’s wonderfully queer forms. Wrapped up in that is the Marvel that exists on this timeline: Earth in 2021. Opening up the multiverse allows characters to be alternates of who they were in the comics—they can be gender-swapped, or of a different race or sexuality. Yes, all of this script-flipping can induce chaos, and it will leave more split ends than a bad perm, but what I’m saying is: Don’t say “multiversal war” like it’s a bad thing. It sounds like a gas.

Multiversal war is, of course, where all this is going. There’s literally a movie slated for next year called Doctor Strange and the Multiverse of Madness, a movie in which Hiddleston is rumored to appear. Cool! Fans had presumed for a while now that Kang would be a big foe in Marvel’s Phase 4, and after Majors’ epic bit of exposition in this week’s Loki finale, in which he laid out exactly what would happen if Kang died and all of his variants came looking for a fight, fisticuffs are certainly nigh. Prepare the popcorn.

When I spoke to Loki director Kate Herron a few weeks ago, one of the things she stressed was that her show was, at the core, about identity: who is good, who is evil, who can change, who can be trusted. The other strand of that helix is nature vs. nurture: Will someone turn out differently under alternate circumstances? Roll your eyes at the multiversal mumbo jumbo if you like, but it might provide the best way to find out.

More Great WIRED Stories