This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.
How Pokémon Go is giving delivery robots an inch-perfect view of the world
Pokémon Go was the world’s first augmented-reality megahit. Released in 2016 by Niantic, the AR twist on the juggernaut Pokémon franchise fast became a global phenomenon. “500 million people installed that app in 60 days,” says Brian McClendon, CTO at Niantic Spatial, an AI company that Niantic spun out last year.
Now Niantic Spatial is using that vast trove of crowdsourced data to build a kind of world model—a buzzy new technology that grounds the smarts of LLMs in real environments. The firm wants to use it to help robots navigate more precisely. Read the full story.
—Will Douglas Heaven
MIT Technology Review Narrated: America was winning the race to find Martian life. Then China jumped in.
In July 2024, after more than three years on Mars, the Perseverance rover came across a peculiar rocky outcrop. Instead of the usual crystals or sedimentary layers, this one had spots. Those specks were the best hint yet of alien life.
NASA began a new mission to bring the rocks back to Earth to study. But now, just over a year and a half later, the project is on life support. As a result, those oh-so-promising rocks may be stuck out there forever.
This also means that, in the race to find evidence of alien life, America has effectively ceded its pole position to its greatest geopolitical rival: China. The superpower is moving full steam ahead with its own version of NASA’s mission.
—Robin George Andrews
This is our latest story to be turned into an MIT Technology Review Narrated podcast, which we’re publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as it’s released.
The must-reads
I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.
1 Viral AI fakes of the Iran war are flooding X And Grok is failing to flag them. (Wired $) + The conflict could wreak havoc on data centers and electricity costs. (The Verge) + Pro-Iran bots are weaponizing posts about Epstein. (Gizmodo) + AI is turning the Iran conflict into a show. (MIT Technology Review)
2 Anthropic fears the loss of billions due to the Pentagon’s blacklisting That’s what the company has told a judge as it seeks to block its designation as a supply-chain risk. (Bloomberg $) + Microsoft has backed the company in its legal fight with the Pentagon. (FT $) + OpenAI’s “compromise” with the DoD dealt a big blow to Anthropic. (MIT Technology Review)
3 Meta has bought a social network that’s exclusively for bots Moltbook is a Reddit-like site where AI agents interact with each other. (NYT $) + The platform is AI theater. (MIT Technology Review)
4 Ukraine is eagerly offering the US its expertise and tech to counter Iranian drones Kyiv has sent drones and UAV specialists to military bases in Jordan. (WSJ $) + A radio-obsessed civilian is shaping Ukraine’s drone defense. (MIT Technology Review)
5OnlyFans “chatters” are earning $2 per hour to impersonate models A worker in the Philippines described the job as “heartbreaking” and “icky.” (BBC)
6 The DHS has removed officials who objected to “illegal” orders about surveillance tech The officers had refused to mislabel records about the technologies in order to block their release. (Wired)
7 This startup is building data centers run on brain cells The “biological data centers” are coming to Melbourne and Singapore. (New Scientist $)
8 Anduril is expanding into space defense The company is buying ExoAnalytic, which specializes in missile defense tracking. (Reuters) + We saw a demo of an AI system powering Anduril’s vision for war. (MIT Technology Review)
9 Big tech has a new big idea: AI compute as compensation Silicon Valley is pitching it as a job perk. (Business Insider)
10 Wordle’s creator is back with a new game It’s inspired by cryptic crosswords. (The New Yorker $)
Quote of the day
“You come for the Epstein content, and you stay for the propaganda.”
—Bret Schafer, an expert on information manipulation, tells the Washington Post how pro-Iran networks are gaining traction with posts about Epstein.
One More Thing
MEREDITH MIOTKE | PHOTO: NASA/JPL-CALTECH/MSSS
The quest to figure out farming on Mars
If ever a blade of grass grew on Mars, those days are over. But could they begin again? What would it take to grow plants to feed future astronauts on Mars?
To grow food there, we can’t just drop seeds in the ground and add water. We will need to create a layer of soil that can support life. And to do that, we first have to get rid of the red planet’s toxic salts.
Researchers recently discovered a potential solution—and the early signs are promising. Read the full story.
We can still have nice things
A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line)
+ Finally, a rebellion arises against mint’s tyranny over our teeth: Peanut Butter Cup toothpaste. + DIY decorators rejoice! The humble paint tray has received an ingeniously simple renovation. + Saudi surgeons have successfully separated two conjoined twins. + If you’re looking for real innovation, check out British Pie Week’s beef rendang, jerk chicken, and double-size pasties.
Feng Qingyang had always hoped to launch his own company, but he never thought this would be how—or that the day would come this fast.
Feng, a 27-year-old software engineer based in Beijing, started tinkering with OpenClaw, a popular new open-source AI tool that can take over a device and autonomously complete tasks for a user, in January. He was immediately hooked, and before long he was helping other curious tech workers with less technical proficiency install the AI agent.
Feng soon realized this could be a lucrative opportunity. By the end of January, he had set up a page on Xianyu, a secondhand shopping site, advertising “OpenClaw installation support.” “No need to know coding or complex terms. Fully remote,” reads the posting. “Anyone can quickly own an AI assistant, available within 30 minutes.”
At the same time, the broader Chinese public was beginning to catch on—and the tool, which had begun as a niche interest among tech workers, started to evolve into a popular sensation.
Feng quickly became inundated with requests, and he started chatting with customers and managing orders late into the night. At the end of February, he quit his job. Now his side gig has now grown into a full-fledged professional operation with over 100 employees. So far, the store has handled 7,000 orders, each worth about 248 RMB or approximately $34.
“Opportunities are always fleeting,” says Feng. “As programmers, we are the first to feel the winds shift.”
Feng is among a small cohort of savvy early adopters turning China’s OpenClaw craze into cash. As users with little technical background want in, a cottage industry of people offering installation services and preconfigured hardware has sprung up to meet them. The sudden rise of these tinkerers and impromptu consultants shows just how eager the general public in China is to adopt cutting-edge AI—even when there are huge security risks.
A “lobster craze”
“Have you raised a lobster yet?”
Xie Manrui, a 36-year-old software engineer in Shenzhen, says he has heard this question nonstop over the past month. “Lobster” is the nickname Chinese users have given to OpenClaw—a reference to its logo.
Xie, like Feng, has been experimenting with OpenClaw since January. He’s built new open-source tools on top of the ecosystem, including one that visualizes the agent’s progress as an animated little desktop worker and another that lets users voice-chat with it.
“I’ve met so many new people through ‘lobster raising,’” says Xie. “Many are lawyers or doctors, with little technical background, but all dedicated to learning new things.”
Lobsters are indeed popping up everywhere in China right now—on and offline. In February, for instance, the entrepreneur and tech influencer Fu Sheng hosted a livestream showing off OpenClaw’s capabilities that got 20,000 views. And just last weekend, Xie attended three different OpenClaw events in Shenzhen, each drawing more than 500 people. These self-organized, unofficial gatherings feature power users, influencers, and sometimes venture capitalists as speakers. The biggest event Xie attended, on March 7, drew more than 1,000 people; in the packed venue, he says, people were shoulder to shoulder, with many attendees unable to even get a seat.
Now China’s AI giants are starting to piggyback on the trend too, promoting their models, APIs, and cloud services (which can be used with OpenClaw), as well as their own OpenClaw-like agents. Earlier this month, Tencent held a public event offering free installation support for OpenClaw, drawing long lines of people waiting for help, including elderly users and children.
This sudden burst in popularity has even prompted local governments to get involved. Earlier this month the government of Longgang, a district in Shenzhen, released several policies to support OpenClaw-related ventures, including free computing credits and cash rewards for standout projects. Other cities, including Wuxi, have begun rolling out similar measures.
These policies only catalyze what’s already in the air. “It was not until my father, who is 77, asked me to help install a ‘lobster’ for him that I realized this thing is truly viral,” says Henry Li, a software engineer based in Beijing.
A programmer gold rush
What’s making this moment particularly lucrative for people with technical skills, like Feng, is that so many people want OpenClaw, but not nearly as many have the capabilities to access it. Setting it up requires a level of technical knowledge most people do not possess, from typing commands into a black terminal window to navigating unfamiliar developer platforms. On the hardware side, an older or budget laptop may struggle to run it smoothly. And if the tool is not installed on a device separate from someone’s everyday computer, or if the data accessible to OpenClaw is not properly partitioned, the user’s privacy could be at risk—opening the door to data leaks and even malicious attacks.
Chris Zhao, known as “Qi Shifu” online, organizes OpenClaw social media groups and events in Beijing. On apps like Rednote and Jike, Zhao routinely shares his thoughts on AI, and he asks other interested users to leave their WeChat ID so he can invite them to a semi-private group chat. The proof required to join is a screenshot that shows your “lobster” up and running. Zhao says that even in group chats for experienced users, hardware and cloud setup remain a constant topic of discussion.
The relatively high bar for setting up OpenClaw has generated a sense of exclusivity, creating a natural opening for a service industry to start unfolding around it. On Chinese e-commerce platforms like Taobao and JD, a simple search for “OpenClaw” now returns hundreds of listings, most of them installation guides and technical support packages aimed at nontechnical users, priced anywhere from 100 to 700 RMB (approximately $15 to $100). At the higher end, many vendors offer to come to help you in person.
Like Feng, most providers of these services are early adopters with some technical ability who are looking for a side gig. But as demand has surged, some have found themselves overwhelmed. Xie, the developer in Shenzhen who created tools to layer on OpenClaw, was asked by a friend who runs one such business to help out over the weekend; the friend had a customer who worked in e-commerce and had little technical experience, so Xie had to show up in person to get it done. He walked away with 600 RMB ($87) for the afternoon.
The growing demand has also pushed vendors like Feng to expand quickly. He has now standardized his operation into tiers: a basic installation, a custom package where users can make specific requests like configuring a preferred chat app, and an ongoing tutoring service for those who want a hand to hold as they find their footing with the technology.
Other vendors in China are making money combining OpenClaw with hardware. Li Gong, a Shenzhen-based seller of refurbished Mac computers, was among the first online sellers to do this—offering Mac minis and MacBooks with OpenClaw preinstalled. Because OpenClaw is designed to operate with deep access to a hard drive and can run continuously in the background unattended, many users prefer to install it on a separate device rather than on the one they use every day. This would help prevent bad actors from infiltrating the program and immediately gaining access to a wide swathe of someone’s personal information. Many turn to secondhand or refurbished options to keep the cost down. Li says that in the last two weeks, orders have increased eightfold.
Though OpenClaw itself is a new technology, the general practice of buying software bundles, downloading third-party packages, and seeking out modified devices is nothing new for many Chinese internet users, says Tianyu Fang, a PhD candidate studying the history of technology at Harvard University. Many users pay for one-off IT support services for tasks from installing Adobe software to jailbreaking a Kindle.
Still, not everyone is getting swept up. Jiang Yunhui, a tech worker based in Ningbo, worries that ordinary users who struggle with setup may not be the right audience for a technology that is still effectively in testing.
“The hype in first-tier cities can be a little overblown,” he says. “The agent is still a proof of concept, and I doubt it would be of any life-changing use to the average person for now.” He argues that using it safely and getting anything meaningful out of it requires a level of technical fluency and independent judgment that most new users simply don’t have yet.
He’s not alone in his concerns. On March 10, the Chinese cybersecurity regulator CNCERT issued a warning about the security and data risks tied to OpenClaw, saying it heightens users’ exposure to data breaches.
Despite the potential pitfalls, though, China’s enthusiasm for OpenClaw doesn’t seem to be slowing.
Feng, now flush with the earnings from his operation, wants to use the momentum—and the capital—to keep building out his own venture with AI tools at the center of it.
“With OpenClaw and other AI agents, I want to see if I can run a one-person company,” he says. “I’m giving myself one year.”
Every week we handpick and publish a list of new services for ecommerce merchants. This installment includes updates on product feeds, localized commerce, installment payments, risk intelligence, social commerce, agentic commerce, and parcel lockers.
Got an ecommerce product release? Email updates@practicalecommerce.com.
New Tools for Merchants
Klaviyo and Shopify deepen integration for global commerce.Klaviyo, a marketing automation platform, and Shopify have deepened their product integration, expanding interoperability to unify customer data across regions and deliver localized experiences worldwide. Klaviyo’s customer management tool now offers a multi-market data foundation that natively integrates Shopify Markets’ localized catalog data. The foundation includes Locale Aware Catalogs, which automatically sync translated content, regional pricing, currency, and market-specific URLs into Klaviyo to power personalized experiences without requiring multiple catalogs.
Klaviyo
Mastercard and Google introduce Verifiable Intent for agentic commerce.Mastercard and Google have co-developed Verifiable Intent, an open standards-based trust layer for agentic commerce. Aligned with Google’s Agent Payments Protocol and Universal Commerce Protocol, and designed to be protocol-agnostic, Verifiable Intent creates a tamper-resistant record of what users authorized when an AI agent acts on their behalf, establishing a shared source of truth across the ecosystem. According to Mastercard, Verifiable Intent provides cryptographic proof of authorization for all parties in a transaction.
Dotdigital Group acquires Alia Software to accelerate Shopify expansion.Dotdigital Group, a customer experience platform for personalized marketing, has acquired Alia Software, an email and SMS list-growth tool for merchants on Shopify. The acquisition strengthens Dotdigital’s ability to help brands convert anonymous website visitors into customers by capturing first- and zero-party data at the start of the customer journey and activating it across email, SMS, and other channels.
Feedoptimise launches AI agent for product feeds.Feedoptimise, a product feed management platform, has launched AI Feed Agent, an in-platform assistant to support day-to-day feed operations, including setup guidance, audits, troubleshooting, and channel-wide optimization. Feedoptimise says the new assistant understands and improves existing feed logic, responds to plain language questions, provides guidance tied to feed attributes and channel requirements, and more.
Feedoptimise
DataDome and Botify partner on agentic commerce.DataDome, a tool for bot management, and Botify, a generative AI optimization provider, have partnered to help businesses prepare for agentic commerce by addressing the entire digital journey, from discovery to transaction. According to the companies, the partnership combines Botify’s expertise in ensuring agents and bots consume the right optimized content with DataDome’s ability to distinguish legitimate agents from malicious bots.
Cart.com announces $180 million investment led by Springcoast Partners.Cart.com, a unified commerce and logistics provider, has announced a $180 million equity investment led by Springcoast Partners. According to Cart.com, the financing will support continued development of its commerce operating system, including workflow automation tools, predictive analytics, and agentic AI features to autonomously route inventory, reduce shipping times, and lower fulfillment costs for enterprise brands. The company also plans to continue building its U.S. fulfillment footprint.
Cart.com
Nexi launches automated payments for AI agents.Nexi Group, a Europe-based payments technology provider, has launched its Model Context Protocol, enabling developers, merchants, and partners to connect AI agents to its tools and integrate payment capabilities through conversational commands. Per Nexi, the open source MCP framework provides a standardized way for AI systems to interact with its payment infrastructure.
CommerceIQ unveils retail AI agents for brands.CommerceIQ, an automation platform for retail, has launched a suite of agents for sales, digital shelf, content, and retail media to handle high-volume operational tasks. Content Agent identifies and resolves product detail page compliance and optimization gaps for search and genAI engines. Sales Agent monitors performance against plan, flags risks, and recommends actions. Shelf Agent monitors content, availability, assortment, reviews, and search. Media Agent optimizes retail media performance using 50 signals.
ZyG launches an agentic operating system for ecommerce.ZyG, a backend platform for ecommerce, has launched its operating system to estimate a product’s scale through an agentic marketability test. Once validated, a product’s AI agent can partner with ZyG to execute the digital layer and support operational scale. According to ZyG, the model is a pay-as-you-grow fee, and partners maintain full control of their brand’s intellectual property.
Revuze
Revuze launches AI platform to amplify TikTok Shop performance.Revuze, a market intelligence provider, has launched an AI-powered capability to give brands visibility into TikTok Shop performance. According to Revuze, the new tool connects trends to feedback, analyzes TikTok content at scale, and links Shop performance with reviews, social conversation, and customer care data.
Celerant launches Cumulus Analytics for retail insights.Celerant Technology, a retail software provider, has launched Cumulus Analytics for businesses using its retail platform. Cumulus Analytics includes curated dashboards and 10 essential reports to provide visibility into sales, customers, inventory, products, and suppliers. The tool delivers insights through reports, including dashboards for sales, management, customers, products, and more, according to Celerant.
Riskified expands native merchant AI shopping assistants.Riskified, a platform for ecommerce fraud prevention, has expanded its AI agent intelligence tool, wherein Riskified retrieves associated risk indicators and resolves an identity programmatically. Riskified acts as a trust agent, providing real-time risk intelligence directly into the shopping experience. Riskified’s Decision Studio identifies and applies rules to manage the risk posed by order volume from native AI shopping agents.
A good XML sitemap serves as a roadmap for your website, guiding Google to all your important pages. XML sitemaps can be beneficial for SEO, helping Google find your essential pages quickly, even if your internal linking isn’t perfect. This post explains what they are and how they help you rank better and get surfaced by AI agents.
Table of contents
Key takeaways
An XML sitemap is crucial for SEO, as it guides search engines to your important pages, improving crawl efficiency
XML sitemaps list essential URLs and provide metadata, helping search engines understand content and prioritize crawling
With Yoast SEO, you can automatically generate and manage XML sitemaps, keeping them up to date
XML sitemaps support faster indexing of new content and help discover orphan pages that aren’t linked elsewhere
Add your XML sitemap to Google Search Console to help Google find it quickly and monitor indexing status
What are XML sitemaps?
An XML sitemap is a file that lists a website’s essential pages, ensuring Google can find and crawl them. It also helps search engines understand your website structure and prioritize important content.
💡 Fun fact:
XML is not the only type of sitemap; there are several sitemap formats, each serving a slightly different purpose:
RSS, mRSS, and Atom 1.0 feeds: These are typically used for content that changes frequently, such as blogs or news sites. They automatically highlight recently updated content
Text sitemaps: The simplest format. These contain a plain list of URLs, one per line, without additional metadata
These are HTML sitemaps that are created for visitors, not search engines. They list and link to important pages in a clear, hierarchical structure to improve user navigation. An XML sitemap, however, is specifically designed for search engines.
XML sitemaps include additional metadata about each URL, helping search engines better understand your content. For example, it can indicate:
When a page was last meaningfully updated
How important is a URL relative to other URLs
Whether the page includes images or videos, using sitemap extensions
Search engines use this information to crawl your site more intelligently and efficiently, especially if your website is large, new, or has complex navigation.
Looking to expand your knowledge of technical SEO? We have a course in the Yoast SEO Academy focusing on crawlability and indexability. One of the topics we tackle is how to use XML sitemaps properly.
What does an XML sitemap look like?
An XML sitemap follows a standardized format. It is a text file written in Extensible Markup Language (XML) that search engines can easily read and process. As it follows a structured format, search engines like Google can quickly understand which URLs exist on your website and when they were last updated.
Here is a very simple example of an XML sitemap that contains a single URL:
https://www.yoast.com/wordpress-seo/2024-01-01
Each URL in a sitemap is wrapped in specific XML tags that provide information about that page. Some of these tags are required, while others are optional but helpful for search engines.
Below is a breakdown of the most common XML sitemap tags:
Tag
Requirement
Description
<?xml>
Mandatory
Declares the XML version and character encoding used in the file.
Mandatory
The container for the entire sitemap. It defines the sitemap protocol and holds all listed URLs.
Mandatory
Represents a single URL entry in the sitemap. Each page must be enclosed within its own tag.
Mandatory
Specifies the full canonical URL of the page you want search engines to crawl and index.
Optional
Indicates the date when the page was last meaningfully updated, helping search engines know when to re-crawl the page.
Optional
Suggests how frequently the content on the page is expected to change, such as daily, weekly, or monthly.
Optional
Suggests the relative importance of a page compared to other pages on the same site, using a scale from 0.0 to 1.0.
Note: While sitemaps.org supports optional tags like and , Google and Bing generally ignore them. Google has officially discarded them. Instead, it prefers to signal (last modified) when content actually updates.
What is an XML sitemap index?
A sitemap index is a file that lists multiple XML sitemap files. Instead of containing individual page URLs, it acts as a directory that points search engines to several separate sitemaps.
This becomes useful when a website has a large number of URLs or when the site owner wants to organize sitemaps by content type. For example, a site may have separate sitemaps for pages, blog posts, products, or categories.
Here’s a breakdown of how XML sitemap and XML sitemap index differ:
Feature
XML Sitemap
XML Sitemap Index
Purpose
Lists individual URLs on a website
Lists multiple sitemap files
Content
Contains page URLs and optional metadata
Contains links to sitemap files
Use case
Suitable for small or medium-sized sites
Useful when a site has multiple sitemaps
Structure
Uses and tags
Uses and tags.
Search engines support sitemap limits. A single sitemap can contain up to 50,000 URLs or be up to 50 MB in size. If your website exceeds these limits, you can create multiple sitemaps and group them together using a sitemap index.
Submitting a sitemap index to search engines allows them to discover and process all your sitemaps from a single file.
In short, an XML sitemap helps search engines discover pages, while a sitemap index helps search engines discover multiple sitemaps.
Below is a simple example of what a sitemap index file looks like:
In this example, the sitemap index references two separate sitemaps. Each one can contain thousands of URLs. This structure helps search engines efficiently discover and crawl large websites.
Why do you need an XML sitemap?
Technically, you don’t need an XML sitemap. Search engines can often discover your pages through internal links and backlinks from other websites. However, having an XML sitemap is highly recommended because it helps search engines crawl and understand your site more efficiently.
Here are some key benefits of using an XML sitemap:
Improved crawl efficiency
Sitemaps help search engines like Google and Bing crawl large or complex websites more efficiently. By listing your important URLs in one place, you make it easier for crawlers to find and prioritize valuable pages.
Faster indexing of new content
When you update or add new pages to your site, including them in your sitemap helps search engines discover them sooner. This can lead to faster indexing, especially for websites that publish content frequently, such as blogs, news sites, or e-commerce stores with changing product listings.
Discovery of orphan pages
Orphan pages are pages that are not linked from other parts of your website. Because crawlers typically follow links to discover content, these pages can sometimes be missed. An XML sitemap can help ensure these pages are still discovered.
Additional metadata signals
XML sitemaps can include additional metadata about each URL, such as the tag. This information helps search engines understand when a page was last updated and whether it may need to be crawled again.
Support for specialized content
Sitemaps can also be extended to include specific types of content, such as images or videos. These specialized sitemaps help search engines better understand and surface media content in results like Google Images or video search.
Better understanding of site structure
A well-organized sitemap gives search engines a clearer overview of your website’s structure and the relationship between different sections or content types.
Indexing insights through Search Console
When you submit your sitemap to tools like Google Search Console, you can monitor how many URLs are discovered and indexed. This also helps you identify crawl issues or indexing errors.
Support for multilingual websites
For websites targeting multiple languages or regions, XML sitemaps can include alternate language versions of pages using hreflang annotations. This helps search engines serve the correct language version to users in different locations.
Do XML sitemaps matter for AI search?
Yes, but indirectly. AI-powered search experiences like AI Overviews or Bing Copilot still rely on the traditional search index to discover and retrieve content. That means your pages usually need to be crawled and indexed first before they can appear in AI-generated answers.
This is where XML sitemaps still help. By listing your important URLs in one place, a sitemap makes it easier for search engines to discover and index your content. Keeping the value accurate can also help search engines prioritize recently updated pages, which is especially useful for AI systems that aim to surface fresh information.
In short, a sitemap won’t make your content appear in AI answers by itself. But it helps ensure your pages are discoverable, indexed, and up to date, which increases their chances of being used in AI-powered search results.
Adding XML sitemaps to your site with Yoast
Because XML sitemaps play an important role in helping search engines discover and crawl your content, Yoast SEO automatically generates XML sitemaps for your website. This feature is available in both the free and premium versions (Yoast SEO Premium, Yoast WooCommerce SEO, and Yoast SEO AI+) of the plugin.
A smarter analysis in Yoast SEO Premium
Yoast SEO Premium has a smart content analysis that helps you take your content to the next level!
Instead of requiring you to manually create or maintain sitemap files, Yoast SEO handles everything automatically. As you publish, update, or remove content, the plugin updates your sitemap index and the individual sitemaps in real time. This ensures search engines always have an up-to-date overview of the pages you want them to crawl and index.
Yoast SEO also organizes your sitemaps intelligently. Rather than placing every URL in a single file, the plugin creates a sitemap index that groups separate sitemaps for different content types, such as posts, pages, and other public content types, with just one click.
Another important advantage is that Yoast SEO only includes content that should actually appear in search results. Pages set to noindex are automatically excluded from the XML sitemap. This helps keep your sitemap clean and focused on the URLs that matter for SEO.
Controlling what appears in your sitemap
While the plugin automatically manages sitemaps, you still have full control over which content is included.
For example, if you don’t want a specific post or page to appear in search results, you can change the setting “Allow search engines to show this content in search results?” in the Yoast SEO sidebar under the Advanced tab. When this option is set to No, the content will be marked as noindex and automatically excluded from the XML sitemap. When set to Yes, the content remains eligible to appear in search results and is included in the sitemap.
This makes it easy to keep your sitemap focused on the pages you actually want search engines to crawl and index. In some cases, developers can further customize sitemap behavior. For example, filters can be used to limit the number of URLs per sitemap or to programmatically exclude certain content types.
Because all of this happens automatically, most website owners never need to manage sitemap files manually. Yoast SEO keeps your XML sitemap clean, up to date, and optimized for search engines as your site grows.
If you want Google to find your XML sitemap quicker, you’ll need to add it to your Google Search Console account. You can find your sitemaps in the ‘Sitemaps’ section. If not, you can add your sitemap at the top of the page.
Adding your sitemap helps check whether Google has indexed all pages in it. We recommend investigating this further if there is a significant difference between the ‘submitted’ and ‘indexed’ counts for a particular sitemap. Maybe there’s an error that prevents some pages from indexing? Another option is to add more links pointing to content that has not yet been indexed.
Google correctly processed all URLs in a post sitemap
What websites need an XML sitemap?
Google’s documentation says sitemaps are beneficial for “really large websites,” “websites with large archives,” “new websites with just a few external links to them,” and “websites which use rich media content.” According to Google, proper internal linking should allow it to find all your content easily. Unfortunately, many sites do not properly link their content logically.
While we agree that these websites will benefit the most from having one, at Yoast, we think XML sitemaps benefit every website. As the web grows, it’s getting harder and harder to index sites properly. That’s why you should provide search engines with every available option to have it found. In addition, XML sitemaps make search engine crawling more efficient.
Every website needs Google to find essential pages easily and know when they were last updated. That’s why this feature is included in the Yoast SEO plugin.
Which pages should be in your XML sitemap?
How do you decide which pages to include in your XML sitemap? Always start by thinking of the relevance of a URL: when a visitor lands on a particular URL, is it a good result? Do you want visitors to land on that URL? If not, it probably shouldn’t be in it. However, if you don’t want that URL to appear in the search results, you must add a ‘noindex’ tag. Leaving it out of your sitemap doesn’t mean Google won’t index the URL. If Google can find it by following links, Google can index the URL.
Example: A new blog
For example, you are starting a new blog. Of course, you want to ensure your target audience can find your blog posts in the search results. So, it’s a good idea to immediately include your posts in your XML sitemap. It’s safe to assume that most of your pages will also be relevant results for your visitors. However, a thank you page that people will see after they’ve subscribed to your newsletter is not something you want to appear in the search results. In this case, you don’t want to exclude all pages from your sitemap, only this one.
Let’s stay with the example of the new blog. In addition to your blog posts, you create some categories and tags. These categories and tags will have archive pages that list all posts in that specific category or tag. However, initially, there might not be enough content to fill these archive pages, making them ‘thin content’.
For example, tag archives that show just one post are not that valuable to visitors yet. You can exclude them from the sitemap when starting your blog and include them once you have enough posts. You can even exclude all your tag pages or category pages simultaneously using Yoast SEO.
However, this kind of page could also be excellent ranking material. So, if you think: well, yes, this tag page is a bit ‘thin’ right now, but it could be a great landing page, then enrich it with additional information and images. And don’t exclude it from your sitemap in this case.
Frequently asked questions about XML sitemaps
There are a lot of questions regarding XML sitemaps, so we’ve answered a couple in the FAQ below:
What happens when Google Search Console says an XML sitemap has errors?
An invalid or improperly read XML sitemap usually indicates a specific error that needs investigation. Check the reported issue to understand what is causing the problem. Make sure the sitemap has been submitted through the search engine’s webmaster tools. When the sitemap is marked as invalid, review the listed errors and apply the appropriate fixes for each one.
How can I check whether a website has an XML sitemap?
In most cases, you can find out if sites have an XML sitemap by adding sitemap.xml to the root domain. So, that would be example.com/sitemap.xml. If a site has Yoast SEO installed, you’ll notice that it’s redirected to example.com/sitemap_index.xml. sitemap_index.xml is the base sitemap that collects all the sitemaps on your site into a single page.
How can I update an XML sitemap?
There are ways to create and update your sitemaps by hand, but you shouldn’t. Also, there are static generators that let you generate a sitemap whenever you want. But, again, this process would need to repeat itself every time you add or update content. The best way to do this is by simply using Yoast SEO. Turn on the XML sitemap in Yoast SEO, and all your updates will be applied automatically.
Can I use in my XML sitemap?
In the past, people believed that adding the attribute to sitemaps would signal to Google that specific URLs should be prioritized. Unfortunately, it doesn’t do anything, as Google has often said it doesn’t use this attribute to read or prioritize content in sitemaps.
Check your own XML sitemap!
Now you know how important it is to have an XML sitemap: it can help your site’s SEO. If you add the correct URLs, Google can easily access your most important pages and posts. Google will also find updated content easily, so it knows when a URL needs to be crawled again. Lastly, adding your XML sitemap to Google Search Console helps Google find it quickly and lets you check for sitemap errors.
So check your XML sitemap and find out if you’re doing it right!
I’m a Computer Science grad who accidentally stumbled into writing—and stayed because I fell in love with it. Over the past six years, I’ve been deep in the world of SEO and tech content, turning jargon into stories that actually make sense. When I’m not writing, you’ll probably find me lifting weights to balance my love for food (because yes, gym and biryani can coexist) or catching up with friends over a good cup of chai.
This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.
How AI is turning the Iran conflict into theater
Much of the spotlight on AI in the Iran conflict has focused on models like Claude helping the US military decide where to strike. But a wave of “vibe-coded” intelligence dashboards—and the ecosystem surrounding them—reflect a new role that AI is playing in wartime: mediating information, often for the worse.
These sorts of intelligence tools have much promise. Yet there are real reasons to be suspicious of their data feeds. Read the full story.
—James O’Donnell
This story is from The Algorithm, our weekly newsletter on AI. Sign up to receive it in your inbox every Monday.
The must-reads
I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.
1 Anthropic has sued the US government The AI firm wants to stop the Pentagon from blacklisting it. (Reuters) + The White House is preparing a new executive order to weed out the company’s technology. (Axios) + Defense experts are alarmed. (CNBC) +.Google and OpenAI staff have filed a legal brief backing Anthropic against Trump. (Wired $) + The company’s stance won many supporters. (MIT Technology Review)
2 GPS jamming has become a crucial battleground in the Middle East The interference is endangering—and protecting—ships and planes. (BBC) + Signal jamming has made navigating the Strait of Hormuz even more difficult. (Bloomberg) + Quantum navigation offers a potential solution. (MIT Technology Review)
3 A tech journalist found his AI clone editing for Grammarly It’s providing AI-generated feedback “inspired by” real writers without their consent. (Platformer) + Could ChatGPT do the jobs of journalists and copywriters? (MIT Technology Review)
4 Nvidia plans to launch an open-source platform for AI agents It’s already pitching the “NemoClaw” product to enterprise software firms. (Wired $) + But don’t let the AI agents hype get ahead of reality (MIT Technology Review)
5 A startup wants to launch a space mirror that reflects sunlight onto Earth Reflect Orbital reckons it could power solar panels at night. Scientists are appalled. (NYT)
6 Yann LeCun’s AI startup has raised over $1bn in Europe’s largest seed round Meta’s former chief AI scientist plans to build systems that “understand the world.” (Bloomberg)
7 Hinge’s CEO insists the app doesn’t rate users’ attractiveness Jackie Jantos’ strategy has helped Hinge defy the decline in dating apps.(FT $) + AI companions are stealing hearts—and it’s getting weird. (New Yorker $) + It’s surprisingly easy to fall into a relationship with a chatbot. (MIT Technology Review)
8 “AI psychosis” could be afflicting your loved ones If so, here’s how you can help them. (404 Media) + One solution: AI should be able to “hang up” on you. (MIT Technology Review)
9 Nintendo is suing Trump over illegal tariffs The gaming giant has joined a lawsuit seeking over $200 billion in refunds. (Ars Technica)
10 Bio-tech is turning ancient poop into a map of lost civilizations Molecular sensors are finding human traces where physical ruins have vanished. (Nature)
Quote of the day
“I don’t think any of us, whether it’s me or Dario [Amodei], Sam Altman, or Elon Musk, has any legitimacy to decide for society what is a good or bad use of AI.”
—Yann LeCun gives Wired his take on the Anthropic’s spat the Pentagon.
One More Thing
This giant microwave may change the future of war
YOSHI SODEOKA
armed forces are hunting for a weapon that disables drones en masse—and they want it fast.
One solution focuses on microwaves: high-powered electronic devices that push out kilowatts of power to zap the circuits of a drone as if it were the tinfoil you forgot to take off your leftovers when you heated them up.
Defense tech startup Epirus may have the winning formula. The company has developed a cutting-edge, cost-efficient drone zapper that’s sparking the interest of the US military. And drones are just one of its targets. Read the full story.
—Sam Dean
We can still have nice things
A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line.)
Top image credit: MIT TECHNOLOGY REVIEW (ILLUSTRATION) | PHOTO OF MISSILE (US NAVY), AI-GENERATED IMAGE OF RUBBLE VIA X, SCREENSHOTS VIA WORLDMONITOR, GLOBALTHREATMAP
Loudoun County, Virginia, once known for its pastoral scenery and proximity to Washington, DC, has earned a more modern reputation in recent years: The area has the highest concentration of data centers on the planet.
Ten years ago, these facilities powered email and e-commerce. Today, thanks to the meteoric rise in demand for AI-infused everything, local utility Dominion Energy is working hard to keep pace with surging power demands. The pressure is so acute that Dulles International Airport is constructing the largest airport solar installation in the country, a highly visible bid to bolster the region’s power mix.
Data center campuses like Loudoun’s are cropping up across the country to accommodate an insatiable appetite for AI. But this buildout comes at an enormous cost. In the US alone, data centers consumed roughly 4% of national electricity in 2024. Projections suggest that figure could stretch to 12% by 2028. To put this in perspective, a single 100-megawatt data center consumes roughly as much electricity as 80,000 American homes. Data centers being built today are gearing up for gigawatt scale, enough to power a mid-sized city.
For enterprise leaders, energy costs associated with AI and data infrastructure are quickly becoming both a budget concern and a potential bottleneck on growth. Meeting this moment calls for a capability most organizations are only beginning to develop: energy intelligence. The emerging discipline refers to understanding where, when, and why energy is consumed, and using that insight to optimize operations and control costs.
These efforts stand to address both immediate financial pressures and longer-term reputational risks, as communities like Loudoun County grow increasingly concerned about the energy demands associated with nearby data center development.
In December 2025, MIT Technology Review Insights conducted a survey of 300 executives to understand how companies are thinking about energy intelligence today, as well as where they’re anticipating challenges in the future.
Here are five of our most notable findings:
Energy intelligence is becoming a universal business priority. One hundred percent of executives surveyed expect the ability to measure and strategically manage power consumption to become an important business metric in the next two years.
AI workloads are already driving measurable cost increases, and the surge is just beginning. Two-thirds of executives (68%) report their companies have faced energy cost increases of 10% or more in the past 12 months due to AI and data workloads. Nearly all respondents (97%) anticipate their organization’s AI-related energy consumption will increase over the next 12-18 months.
Mounting costs are the top energy-related threat to AI innovation. Half of executives (51%) rank rising costs as the single greatest energy-related risk to their digital and AI initiatives. Most companies currently tracking and attempting to optimize data center energy consumption are motivated by cost management.
Organizations are responding through infrastructure optimization and energy-efficient partnerships. To address mounting energy demands, three in four leaders (74%) are optimizing existing infrastructure, while 69% are partnering with energy-efficient cloud and storage providers. More than half are also implementing AI workload scheduling (61%) and investing in more efficient hardware (56%).
Closing the measurement gap is the next frontier. Most enterprises still lack the granular data needed for true energy intelligence. This gap is especially pronounced for companies relying on third-party cloud providers and managed services for their data compute and storage needs, where 71% say rising consumption-based costs originate, yet energy metrics are often opaque.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff. It was researched, designed, and written by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review.
Pokémon Go was the world’s first augmented-reality megahit. Released in 2016 by the Google spinout Niantic, the AR twist on the juggernaut Pokémon franchise fast became a global phenomenon. From Chicago to Oslo to Enoshima, players hit the streets in the urgent hope of catching a Jigglypuff or a Squirtle or (with a huge amount of luck) an ultra-rare Galarian Zapdos hovering just out of reach, superimposed on the everyday world.
In short, we’re talking about a huge number of people pointing their phones at a huge number of buildings. “Five hundred million people installed that app in 60 days,” says Brian McClendon, CTO at Niantic Spatial, an AI company that Niantic spun out in May last year. According to the video-game firm Scopely, which bought Pokémon Go from Niantic at the same time, the game still drew more than 100 million players in 2024, eight years after it launched.
Now Niantic Spatial is using that vast and unparalleled trove of crowdsourced data—images of urban landmarks tagged with super-accurate location markers taken from the phones of hundreds of millions of Pokémon Go players around the world—to build a kind of world model, a buzzy new technology that grounds the smarts of LLMs in real environments.
The company’s latest product is a model that it says can pinpoint your location on a map to within a few centimeters, based on a handful of snapshots of the buildings or other landmarks in view. The firm wants to use it to help robots navigate with greater precision in places where GPS is unreliable.
In the first big test of its technology, Niantic Spatial has just teamed up with Coco Robotics, a startup that deploys last-mile delivery robots in a number of cities across the US and Europe. “Everybody thought that AR was the future, that AR glasses were coming,” says McClendon. “And then robots became the audience.”
From Pikachu to pizza delivery
Coco Robotics deploys around 1,000 flight-case-size robots—built to carry up to eight extra-large pizzas or four grocery bags—in Los Angeles, Chicago, Jersey City, Miami, and Helsinki. According to CEO Zach Rash, the robots have made more than half a million deliveries to date, covering a few million miles in all weather conditions.
But to compete with human couriers, Coco’s robots, which trundle along sidewalks at around five miles per hour, must be as reliable as possible. “The best way we can do our job is by arriving exactly when we told you we were going to arrive,” says Rash. And that means not getting lost.
The problem Coco faces is that it cannot rely on GPS, which can be weak in cities because radio signals bounce off buildings and interfere with each other. “We do deliveries in a lot of dense areas with high-rises and underpasses and freeways, and those are the areas where GPS just never really works,” says Rash.
“The urban canyon is the worst place in the world for GPS,” says McClendon. “If you look at that blue dot on your phone, you’ll often see it drift 50 meters, which puts you on a different block going a different direction on the wrong side of the street.” That’s where Niantic Spatial comes in.
For the last few years, Niantic Spatial has been taking the data collected from players of Pokémon Go and Ingress (Niantic’s previous phone-based AR game, launched in 2013) and building a visual positioning system, technology that tells you where you are based on what you can see. “It turns out that getting Pikachu to realistically run around and getting Coco’s robot to safely and accurately move through the world is actually the same problem,” says John Hanke, CEO of Niantic Spatial.
“Visual positioning is not a very new technology,” says Konrad Wenzel at ESRI, a company that develops digital mapping and geospatial analysis software. “But it’s obvious that the more cameras we have out there, the better it becomes.”
Niantic Spatial has trained its model on 30 billion images captured in urban environments. In particular, the images are clustered around hot spots—places that served as important locations in Niantic’s games that players were encouraged to visit, such as Pokémon battle arenas. “We had a million-plus locations around the world where we can locate you precisely,” says McClendon. “We know where you’re standing within several centimeters of accuracy and, most importantly, where you’re looking.”
The upshot is that for each of those million locations, Niantic Spatial has many thousands of images taken in more or less the same place but from different angles, at different times of day, and in different weather conditions. Each of those images comes with detailed metadata that pinpoints where in space the phone was at the time it captured the image, including which way the phone was facing, which way up it was, whether or not it was moving, how fast and in which direction, and more.
The firm has used this data set to train a model to predict exactly where it is by taking into account what it is looking at—even for locations other than those million hot spots, where good sources of image and location data are scarcer.
In addition to GPS, Coco’s robots, which are fitted with four cameras, will now use this model to try to figure out where they are and where they are headed. The robots’ cameras are hip-height and point in all directions at once, so their viewpoint is a little different from a Pokémon Go player’s, but adapting the data was straightforward, says Rash.
Rival companies use visual positioning systems too. For example, Starship Technologies, a robot delivery firm founded in Estonia in 2014, says its robots use their sensors to build a 3D map of their surroundings, plotting the edges of buildings and the position of streetlights.
But Rash is betting that Niantic Spatial’s tech will give Coco an edge. He claims it will allow his robots to position themselves in the correct pickup spots outside restaurants, making sure they don’t get in anybody’s way, and stop just outside the customer’s door instead of a few steps away, which might have happened in the past.
A Cambrian explosion in robotics
When Niantic Spatial started work on its visual positioning system, the idea was to apply it to augmented reality, says Hanke. “If you are wearing AR glasses and you want the world to lock in to where you’re looking, then you need some method for doing that,” he says. “But now we’re seeing a Cambrian explosion in robotics.”
Some of those robots may need to share spaces with humans—spaces such as construction sites and sidewalks. “If robots are ever going to assimilate into that environment in a way that’s not disruptive for human beings, they’re going to have to have a similar level of spatial understanding,” says Hanke. “We can help robots find exactly where they are when they’ve been jostled and bumped.”
The Coco Robotics partnership is the start. What Niantic Spatial is putting in place, says Hanke, are the first pieces of what he calls a living map: a hyper-detailed virtual simulation of the world that changes as the world changes. As robots from Coco and other firms move about the world, they will provide new sources of map data, feeding into more and more detailed digital replicas of the world.
But the way Hanke and McClendon see it, maps are not only becoming more detailed; they are being used more and more by machines. That shifts what maps are for. Maps have long been used to help people locate themselves in the world. As they moved from 2D to 3D to 4D (think of real-time simulations, such as digital twins), the basic principle hasn’t changed: Points on the map correspond to points in space or time.
And yet maps for machines may need to become more like guidebooks, full of information that humans take for granted. Companies like Niantic Spatial and ESRI want to add descriptions that tell machines what they’re actually looking at, with every object tagged with a list of its properties. “This era is about building useful descriptions of the world for machines to comprehend,” says Hanke. “The data that we have is a great starting point in terms of building up an understanding of how the connective tissue of the world works.”
There is a lot of buzz about world models right now—and Niantic Spatial knows it. LLMs may seem like know-it-alls, but they have very little common sense when it comes to interpreting and interacting with everyday environments. World models aim to fix that. Some firms, such as Google DeepMind and World Labs, are developing models that generate virtual fantasy worlds on the fly, which can then be used as training dojos for AI agents.
Niantic Spatial says it is coming at the problem from a different angle. Push map-making far enough and you’ll end up capturing everything, says McClendon: “I’m very focused on trying to re-create the real world. We’re not there yet, but we want to be there.”
Time-sensitive promos on Google Ads can be a challenge. Advertisers submit text and assets, but the platform’s algorithm determines what actually shows. Moreover, AI Max for Search creates its own assets.
A date-specific ad message does not automatically show, but the following tactics can increase its chances.
Countdown Customizers
Years ago I explained how scripts can add a countdown to ads. The process is now much easier. The countdown customizer adds the feature directly in ad copy. It dynamically shows the remaining time until the promotion ends, adding a sense of urgency.
Countdown customizers, such as “Ends In 10 Days,” appear directly in ads.
Advertisers enter the countdown ending date and time, when it starts, and the relevant time zone.
Enter the countdown ending date and time, when it starts, and the relevant time zone.
A countdown heightens the urgency for potential customers. Plus, it switches to hours and minutes on the final day.
I typically use pinned headlines to show the offer in headline one and the countdown in headline two.
This one-two punch instructs Google to show the message in that order whenever headlines one and two show concurrently. Plus, it ensures the offer always shows since Google sometimes only shows one pinned headline.
Pinned headlines obstruct Google Ads’ algorithm, which presumably means they show less, though I’ve seen little impact on conversion metrics. A non-pinned ad in an ad group will likely show more, and pausing a non-pinned ad can result in fewer impressions for a pinned version.
Promotion Asset
Google Ads now calls extensions “assets.” A promotion asset is an additional 25-character line that highlights the offer and can include dates. Advertisers submit:
Promotion type (monetary or percent discount),
Promo code (if needed),
Displayed promotion dates (either the start and end dates, or just the end),
Item(s) on sale,
URL of the sale page (or site).
The promotion dates are optional, but I prefer them for urgency. Advertisers can schedule the promotions to start and end, eliminating the need to turn them on and off manually.
Promotion assets can include end dates, such as “Mar 13” in this example.
Callout Asset
Callouts are non-clickable highlights alongside the ad. They can address benefits, features, and promotions. Callouts cannot exceed 25 characters, requiring succinct messaging, such as:
“25% off Winter Jackets”
“Winter Jackets Sale”
“Winter Jackets – 25% off”
Advertisers can schedule callouts, like promotions. Up to 10 callouts can show, though it’s usually two to four. The more callouts, the fewer chances promo messaging shows. Consider pausing other callouts if running an offer-specific one.
Sitelink Asset
As with promos and callouts, sitelinks are additional text in an ad. Sitelinks are clickable, schedulable, include description lines, and can focus on a promotion. Like callouts, many sitelinks can show at once, which could lessen the impact of time-sensitive offers.
Many sitelinks can appear at once, such as this example from Allbirds.
This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.
Is the Pentagon allowed to surveil Americans with AI?
The ongoing public feud between the Department of Defense and the AI company Anthropic has raised a deep and still unanswered question: Does the law actually allow the US government to conduct mass surveillance on Americans?
Surprisingly, the answer is not straightforward. More than a decade after Edward Snowden exposed the NSA’s collection of bulk metadata from the phones of Americans, the US is still navigating a gap between what ordinary people think and what the law allows.
Today, the legal complexity has a new edge: AI is supercharging surveillance—and our laws haven’t caught up. Read the full story.
—Michelle Kim
The must-reads
I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.
1 The White House has tightened its AI rules amid the Anthropic spat New guidelines require companies to allow “any lawful” use of their models. (FT $) + London’s mayor has slammed Trump’s treatment of Anthropic and invited the firm to expand in the city. (BBC)
2 A satellite firm has stopped sharing imagery after exposing Iranian strikes Planet Lab said it wants to stop “adversarial actors” from using the data. (Ars Technica) + AI is turbocharging the conflict in Iran. (WSJ $) + War is adding a brutal new element to the country’s internet issues. (Wired $)
3 The OpenAI-Anthropic feud is getting messy The Pentagon contract controversy has intensified a deeply personal animosity between the founders. (NYT $) + Sam Altman and Dario Amodei’s rivalry could reshape the future of AI. (WSJ $) + OpenAI’s robotics lead has quit over concerns about surveillance and “lethal autonomy.” (TechCrunch) + The company’s DoD “compromise” has brought Anthropic’s fears to life. (MIT Technology Review)
4 Staff at Block are outraged over the company’s “AI layoffs” They’re pushing back against Jack Dorsey’s bullishness on AI. (The Guardian) + They’ve also cast doubt on the payroll savings. (Gizmodo) + It’s not the first case of fears over AI taking everyone’s jobs. (MIT Technology Review)
5 Data center “man camps” are springing up in Texas Aimed at luring workers to help build the centers, they will offer free steaks and golf simulators. (Bloomberg $)
6 The OpenClaw craze is sparking a rally in Chinese tech stocks Shares surged after government agencies and tech leaders promoted the AI agent. (Bloomberg $) + Why is China falling so hard for it? (SCMP)
7 AI-generated videos are altering our relationship to nature And could lead to “distorted expectations” of animal behavior. (NYT $) + AI slop could form a new kind of pop culture. (MIT Technology Review)
8 A rogue AI agent freed itself to mine crypto in secret The model escaped its sandbox to start a side hustle in digital currency. (Axios) + AI agents are also starting to harass people. (MIT Technology Review)
9 In a first, a spacecraft has changed an asteroid’s orbit around the sun The feat was a test of Earth’s future defenses. (Engadget)
10 How the Furby brought creepy-cute robotics into playtime A new show traces the legacy of the surprisingly high-tech toy. (The Verge)
Quote of the day
“I wanted to approach the whole situation with love.”
—Block cofounder and CEO Jack Dorsey tells Wired why he wore a hat with the word ‘Love’ on it during a meeting where he laid off 40% of his workforce.
One more thing
LINDA NYLIND / EYEVINE VIA REDUX
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
Geoffrey Hinton is a pioneer of deep learning who helped develop some of the most important techniques at the heart of modern artificial intelligence, but after a decade at Google, he’s stepped down to focus on concerns he now has about AI.
Hinton wants to spend his time on what he describes as “more philosophical work.” And that will focus on the small but—to him—very real danger that AI will turn out to be a disaster. Read the full story.
—Will Douglas Heaven
We can still have nice things
A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line.)
+ De La Soul’s Tiny Desk concert is a masterclass in joy and grief, proving their “Daisy Age” philosophy is timeless. + These original Disney concepts of beloved characters are a portal into an alternate childhood. + This square phone traverses two decades of nostalgia by rotating into a Game Boy AND a BlackBerry. + A newly discovered Rembrandt shows the Old Masters still have new tricks to reveal.
When Tony Fadell started working on the iPod, usability often trumped security. The result was an iterative process. Every time someone would find a security weakness or a way to hack the device, the development group would iterate to add measures and fix the issues. Yet, flaws would frequently be found, and the secure design of the product became a moving target.
But when it came to designing a device specifically for security purposes, there could be no iterative process after rolling it out: Security had to be the number one priority.
“As you develop these things, you’re a victim of your own development speed,” says Fadell, who developed Ledger Stax, a signing device for securing digital assets, and is now a board member at digital asset security firm Ledger. “If you introduced these features and functions without the proper review, and now customers are demanding security, you’ll realize that you should have designed it differently from the start, and it’s very hard to undo what you’ve already done.”
A critical aspect of designing secure technology, however, must be ease of use too. Without it, it is all too simple for users to make a mistake or use an unsafe workaround that undermines device protections. Think a post-it stuck to a monitor or some variation of “123456” or “admin” for passwords.
With digital asset security devices like signers—more commonly called “wallets”—such errors could lead to seriously detrimental outcomes. If, for example, a user’s private key falls into the wrong hands, bad actors can use it to steal their digital assets. Estimates suggest that around 20% of all Bitcoin—worth around $355 billion—are inaccessible to owners. One of the reasons for this is likely because they lost their private keys.
In the past, crypto devices have been notoriously difficult to use. As cryptocurrency becomes ever more popular, valuable, and mainstream—attracting greater attention from criminals as the stakes rise—designers and engineers are prioritizing both security and usability when developing digital asset devices, drawing on in-depth research to iterate.
The three components of security
Strong security models for devices like signers, which are used to secure blockchain transactions, require three major components. First, a secure operating system. Second, a secure element to bind the software to the hardware. And third, a secure user interface. Each of which need to be frequently tested by researchers and white hat hackers to simulate real-world attacks and improve product resilience and usability.
The first two elements focus on securing the device software and hardware. Secure software has always been a problem, but one that has improved over the last decade, as security architectures and processes have been refined. Meanwhile, hardware security components have become widely available—from trusted platform modules on computers to secure enclaves in smartphones—allowing digital information to essentially be locked to a device.
For crypto signers, hardware must provide encryption capabilities. And the security of the software must be frequently tested. Ledger, for example, has a secure OS and a Secure Element that handles encryption primitives, and a secure display that prevents device takeover.
Security and usability working hand in hand
Asset recovery is a major consideration when designing signers. If recovery options are not easy to use, an owner could lose access. But if recovery processes are not secure enough, attackers could exploit the system. With SIM swapping attacks, for example, attackers can tap into a mobile communications channel used for account recovery and “recover” a victim’s password to steal their assets.
In the digital-asset ecosystem, the creation of the seed phrase, a sequence of 12 to 24 words that could act as a passphrase for wallets is an example of improving usability and security. Known more formally as Bitcoin Improvement Proposal 39 (BIP-39), the approach gives users a master password to unlock their hierarchical deterministic (HD) wallets.
There is a lot of creative tension between the security team and the UX team that happens to achieve the proper balance between convenience and safety, Fadell says, referring to Ledger’s security research team, the Donjon. “We mock things up, we prototype things from a UX UI perspective, we walk through it, then we walk the Donjon team through it,” Fadell explains. “We push back and forth to find the absolute optimal solution to balance the two.”
Through the research the Donjon team has conducted, Ledger designed its Recovery Key—an NFC-based physical card to back up your 24 words—to be both user-friendly and secure. “What we did, as a first in the industry, was include an NFC card,” says Fadell. “Instead of only writing it down, you can also have an NFC card called a Recovery Key. You can have multiple Recovery Keys and store them in a lockbox, a safety deposit box, or give them to someone you trust for safekeeping.”
A number of government initiatives are working to regulate this balance between security and usability. This includes the US Cybersecurity and Infrastructure Security Agency’s Secure by Design, which aims to build cybersecurity into the design and manufacture of technology products. And the UK’s National Cyber Security Centre’s Software Security Code of Practice, which outlines security principles expected of all organizations that develop or sell software.
Enterprise security presents distinct challenges
Embedding usability and security into devices for companies adds further complexity as businesses need features such as multi-signature capabilities to protect against single points of failure, whether from external attacks or internal bad actors.
Security design can take these requirements into account, with secure governance using multiple signatures (multisig), hardware security modules (HSMs) for key storage, trusted display systems, and other usable security capabilities.
These technologies are critically important for companies who have roles in the blockchain ecosystem. Failure to establish robust security measures can have dire consequences. In 2024, for example, unknown cybercriminals made off with more than $300 million worth of assets from DMM Bitcoin, leading the Japanese cryptocurrency platform to close six months later. Japan’s Financial Services Agency discovered severe risk management issues, including inadequate oversight, lack of independent audits, and poor security practices.
For companies, allowing a multi-stage process that involves a required number of stakeholders is critical, says Fadell. “It’s making sure that the attack vector is not just one person, and so you need to support multiple people with multiple factors on all of their devices as well,” he says. “It gets to be a real combinatoric problem.”
R&D to stay one step ahead
To keep up with requirements and offer strong security with improved visibility, crypto firms need to invest in research and development, Fadell says. Attack labs, such as Ledger Donjon, can conduct real-world testing on specific enterprise security requirements and create scenarios to educate both management and workers of the potential threats.
Such research and development can support device designers and engineers in their never-ending mission to balance security measures with usability so that digital asset devices can support users to safeguard their digital assets in a constantly evolving crypto and cyber landscape.
Learn more about how to secure digital assets in the Ledger Academy.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.
This content was researched, designed, and written by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review.
