While Android beta testers were exploring the newly-launched Android 16 QPR3 Beta 2.1, Google decided to surprise everyone. The official Android Beta Program handle on Reddit has confirmed the arrival of Android 17 Beta 1, and it’s coming sooner than you’d think.

“We are looking forward to our next Beta program cycle that covers our Android 17 Platform Release (26Q2),” says Google. It says the upcoming update will build on the Android 16 QPR platform release and include the “latest bug fixes and improvements.”

A surprise at the end of the cycle

The timing isn’t exactly shocking, as Android 16 QPR3 Beta 2.1 is the last update in the cycle. What’s unique, however, is Google’s route. Instead of pushing Android 17 via the Developer Preview stage, the company is jumping straight into the first beta.

Current beta testers (those enrolled in the Android Beta Program with an eligible Pixel smartphone) will automatically receive the Android 17 update once it goes live (which could be sometime in the coming weeks).

On the one hand, it’s good that Google is seeding the Android 17 update promptly to beta testers, making the initial build available for a wider testing audience.

The fine print beta testers shouldn’t ignore

However, once testers upgrade to Android 17 Beta 1, they won’t be able to roll back to the previous stable version until the cycle ends (which would be around June 2026) without wiping their device.

Anyways, that also implies that Google is planning to release the stable Android 17 version around the same time. Regular users should expect the major Android update to hit their Pixel devices in or around June 2026.

As for what’s new in Android 17 Beta 1? Google hasn’t spilled the beans yet. Even so, we expect to see the usual early-beta performance improvements and software refinements, sprinkled with a couple of visual adjustments.

This year, Americans are celebrating the 250th anniversary of the Declaration of Independence. That statement of foundational political principles and national identity in the summer of 1776 capped off a year of armed conflict marked by the first shots at Lexington and Concord, the shocking British casualties at Bunker’s Hill, and the ensuing siege of Boston in the spring and summer of 1775. Those conflicts saw the ascent of George Washington to the office of Commander in Chief of the Continental Army — the first national office held by the man who would earn the right to be called the father of our country. Like the greatest of statesmen, Washington proved equally capable of defending his country in war and of governing it in peace.

On Sept. 10, 2025, tragedy struck Utah Valley University, where I teach. At the time, my colleagues and I were hosting Junior ROTC cadets from around the state for the first of a series of Constitution Day events on the theme of George Washington’s constitutional legacy. Washington’s example of courage, moderation, wisdom and civic charity are always relevant models for American students. But that day, the importance of virtuous civic leadership in the face of threats to American prosperity and freedom was visceral and poignant.

For teachers, navigating Americans’ deep disagreements in the classroom feels risky. Early survey evidence suggests that the assassination of Charlie Kirk has only increased the tension. Rather than sparking a renewed commitment to open dialogue, Kirk’s killing has intensified the silence.

According to an October 2025 survey of college students from the Foundation for Individual Rights in Education (FIRE), a notable portion of students have become less comfortable expressing their views on controversial topics in class (45 percent), in common campus spaces (43 percent), and on social media (48 percent), after what happened to Kirk.

A general might seem like an odd model for civil discourse following such a tragic event, but in the American experience, our greatest military leaders furnish helpful examples. With Washington, this is not difficult to see.

At the most basic level, Washington’s steady devotion to the rule of law and constitutional self-government is foundational to Americans’ ability to navigate our political differences. We all operate under the same framework — the Constitution — and must adhere to it as our common bond, even as we seek to improve it and navigate our differences and disagreements about the common good.

Washington lived out this commitment in his conduct at Newburgh in 1783 when he put down a budding coup by his own disgruntled officers and later when he twice laid aside unparalleled executive power, first as commander in chief and later as president of the United States.

In his farewell address at the end of his long public service he pressed home the importance of constitutional fidelity as the bedrock of American citizenship.

“The basis of our political systems is the right of the people to make and to alter their constitutions of government,” he wrote. “But the Constitution which at any time exists, till changed by an explicit and authentic act of the whole people, is sacredly obligatory upon all.”

Navigating Disagreement With Respect

At a more practical level, Washington navigated constant opposition to his command of the Continental army with grace. As president, he presided over a cabinet riven by political division, and even personal animosity. He spoke to his fellow citizens across important differences in a way that reminded them of their common American citizenship and their common humanity. His letter to the Hebrew Congregation at Newport is a model.

But even more important than Washington’s ability to communicate what he held in common with his fellow citizens was his ability to do that while disagreeing with them fundamentally. While famously skeptical of political parties, Washington was not one to dodge controversy. He would not sacrifice his view of the common good for the sake of avoiding an argument.

Washington’s willingness to contend for his principles serves as an important lesson to students and teachers of civic education: civil discourse does not mean avoiding disagreement. It does not mean giving up or surrendering our convictions. It does not mean hiding or concealing our objections to laws or policies or ideas simply for the sake of maintaining the appearance of agreement and civility.

It’s easy to lament our fractured discourse. But as teachers and educators, we must work to repair it. School leaders and administrators should actively support civil discourse and defend the educators who teach it, as well as provide a forum for students who want to express their views. Fostering this courage isn’t about asking students to be martyrs for their beliefs. It’s about creating a positive environment for productive disagreement.

For robust civil discourse, it is important to cultivate courage, humility and civic charity. To foster courage, teachers can scaffold robust debate by starting with discussion topics that lower the social risk of speaking and then building up to more challenging questions, so that each student has a chance to be heard. To instill humility, the first object of discourse should be on understanding a problem from all sides rather than settling a debate. Humility requires a recognition that we may be wrong, or at the very least that we certainly have something more to learn. Human beings are finite and rarely have a complete understanding of the question at hand.

Nurturing Humility and Reasoning Skills

Teachers can nurture civic charity by framing classroom debates as a collaborative, not confrontational, approach to a solution. The parliamentary model of addressing the chair rather than individuals in a debate can help students to see their peers not as enemies but as partners working towards a common goal.

Students should always be pressed to “steel man” arguments, even for positions they don’t hold. This builds intellectual humility, sharpens reasoning skills, and detaches contentious ideas from the people who hold them. Intellectually serious and fact-based comparisons between our present and the past are indispensable. Flippant dismissals of opposing views as fascist and communist will not advance the truth-seeking enterprise.

In other words, we can teach them to be like Washington, who used civil disagreement among his cabinet members to formulate compromises where possible and to proceed with decisions on controversial matters having treated all sides with due respect where compromise is not possible.

I have so far suggested means of supporting civil discourse in the midst of our present divisions and about those issues that divide Americans. But perhaps the most important thing we do for students as civic educators is to help them step outside our current political divisions. Our founding principles and institutions form a pre-partisan constitutional inheritance that was crafted long before the left-right ideological frameworks and red-blue partisan divides we ham-handedly use to put ourselves in political tribes came into fashion.

Examining our country’s historical debates over how best to live up to our constitutional principles engages students with scenarios and questions for which their current partisan frameworks do not provide a clear answer. It reminds them, as Washington sought to do in his farewell address, of the inheritance they hold in common with each other as Americans.

Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features.

Today’s updates are mandatory as they contain the February 2026 Patch Tuesday security patches for vulnerabilities discovered in previous months.

You can install today’s update by going to Start > Settings > Windows Update and clicking on ‘Check for Updates.’

You can also manually download and install the update from the Microsoft Update Catalog.

This is the third ‘Patch Tuesday’ release for version 25H2, but as it’s based on version 24H2, there are no exclusive or special changes. You’ll get the same fixes across the two versions of Windows 11.

What’s new in the February 2026 Patch Tuesday update

After installing today’s security updates, Windows 11 25H2 (KB5077181) will have its build number changed to Build 26200.7840 (or 26100.7840 in case of 24H2), and 23H2 (KB5073455) will be changed to 226×1.6050.

This update mostly contains bug fixes, and here’s everything you need to know:

• [Gaming] Fixed: This update addresses an issue that determines device eligibility for the full-screen gaming experience.

• [Networking] Fixed: This update addresses an issue that prevented some devices from connecting to certain WPA3‑Personal Wi‑Fi networks. The issue might occur after you install KB5074105.

Advertisement

• [Secure Boot] With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates. Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensures a safe and phased rollout.

• [Cross Device Resume] New! This update expands the functionality of Cross‑Device Resume, which Microsoft first introduced in the May 2025 Windows non-security update (KB5058499). You can continue activities from your Android phone on your PC based on the apps and services you use, including resuming Spotify playback, working in Word, Excel, or PowerPoint, or continuing a browsing session.

  
  

  • Vivo Android phone users can continue browsing from Vivo Browser on their PC.

  • If you use an Android phone from HONOR, OPPO, Samsung, vivo, or Xiaomi, you can resume online files that you opened in the Microsoft Copilot app on your phone and continue working on them on your PC. Files open in the corresponding Microsoft 365 app on your PC if it is installed. If the app is not installed, the files open in your default web browser. This feature does not support offline files stored only on your phone.

Advertisement

• [Windows MIDI Services] New! This update improves MIDI on Windows with enhanced support for MIDI 1.0 and MIDI 2.0, including full WinMM and WinRT MIDI 1.0 support with built-in translation, shared MIDI ports across apps, custom port names, loopback and app-to-app MIDI, plus performance improvements and bug fixes—delivering a better experience for musicians. 

  
  

  The App SDK and Tools package is a separate download that enables inbox MIDI 2.0 features and includes tools like MIDI Console and the MIDI Settings app. Releases are available on the Windows MIDI Services landing page and GitHub and are currently unsigned, which might display a security warning during download or installation. 

• [Narrator] New! Narrator now gives you more control over how it announces on‑screen controls. You can choose which details are spoken and adjust their order to match how you navigate apps. These settings apply throughout the app to help reduce extra speech and make Narrator easier to follow. 

Advertisement

• [Settings] New!¹ You can view the Device card on the Settings home page. It shows key specifications and usage details for your PC. From the card, you can go directly to Settings > System > About for more detailed information about your device. This card appears when you sign in with your Microsoft account. This feature rollout has resumed after being paused during the August 2025 release. 

• [Smart App Control] New! You can turn Smart App Control (SAC) on or off without any clean install requirement. To make changes, go to Windows Security > App & Browser Control > Smart App Control settings. When turned on, SAC helps block untrusted or potentially harmful apps. To learn more, see App & Browser Control in the Windows Security App – Microsoft Support. 

• [Voice Access] New! A streamlined setup makes it easier to get started with Voice Access. The redesigned experience helps you download a speech model for your chosen language, select your preferred input microphone, and learn what Voice Access can help you do on your Windows PC.  

• [Voice Typing] New! The Wait time before acting setting in Voice Typing enables you to adjust the delay before a voice command runs. This setting gives you flexibility for different speech patterns and improves recognition accuracy whether you speak slowly or quickly. 

Advertisement

• [Windows Hello] New! Windows Hello Enhanced Sign-in Security (ESS) now supports peripheral fingerprint sensors. This update extends this more secure sign in option beyond devices with built in fingerprint sensors to include desktops and other Windows 11 PCs, including Copilot+ PCs. To get started, plug in a supported ESS fingerprint reader, go to Settings > Accounts > Sign in options, and follow the prompts to enroll.  

Microsoft is not aware of new issues with this month’s Patch Tuesday.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

On Tuesday night, Elon Musk gathered the employees of xAI for an all-hands meeting. Evidently, he wanted to talk about the future of his AI company, and specifically, how it relates to the moon.

According to The New York Times, which reports that it heard the meeting, Musk told employees that xAI needs a lunar manufacturing facility, a factory on the moon that will build AI satellites and fling them into space via a giant catapult. “You have to go to the moon,” he said, per the Times. The move, he explained, will help xAI harness more computing power than any rival. “It’s difficult to imagine what an intelligence of that scale would think about,” he added, “but it’s going to be incredibly exciting to see it happen.”

What Musk didn’t appear to address clearly was how any of this would be built, or how he plans to reorganize the newly merged xAI-SpaceX entity that is simultaneously careening toward a potentially historic IPO. He did acknowledge, proudly, that the company is in flux. “If you’re moving faster than anyone else in any given technology arena, you will be the leader,” he told employees, per the Times, “and xAI is moving faster than any other company — no one’s even close.” He added that “when this happens, there’s some people who are better suited for the early stages of a company and less suited for the later stages.”

It isn’t clear what prompted the all-hands, but the timing, whatever its cause, is at least curious. On Monday night, xAI co-founder Tony Wu announced he was leaving. Less than a day later, another xAI co-founder, Jimmy Ba, who reported directly to Musk, said he was bouncing, too. That brings the total to six of xAI’s 12 founding members who have now left the young company. The splits have all been described as copacetic, and with a SpaceX IPO reportedly targeting a $1.5 trillion valuation coming as soon as this summer, everyone involved stands to do very well financially on their way out the door.

The moon itself is a more recent preoccupation. For most of SpaceX’s 24-year existence, Mars was the end game. This past Sunday, just before the Super Bowl, Musk surprised many, posting that SpaceX had “shifted focus to building a self-growing city on the Moon,” arguing that a Mars colony would take “20+ years.” The moon, he said, could get there in half the time.

It’s a pretty big change in direction for a company that has never sent a mission to the moon.

Rationally or otherwise, investors do seem considerably more excited about data centers in orbit than about colonies on other planets. (Even for the most patient money in the room, that’s a long timeline.) But to at least one venture backer in xAI who talked with this editor last year, the lunar ambitions have nothing to do with Wall Street and aren’t a distraction from xAI’s core mission; they’re inseparable from it.

The theory, laid out by the VC at the time, is that Musk has been building toward a single goal from the beginning: the world’s most powerful world model, an AI trained not just on text and images but on proprietary real-world data that no competitor can replicate. Tesla contributes energy systems and road topology. Neuralink offers a window into the brain. SpaceX provides physics and orbital mechanics. The Boring Company adds some subsurface data. Add a moon factory to the mix and you start to see the outline of something very powerful.

Whether that vision is achievable is a very big question. Another is whether it is legal. Under the 1967 Outer Space Treaty, no nation — and by extension, no company — can claim sovereignty over the moon. But a 2015 U.S. law opened a significant loophole — while you can’t own the moon, you can own whatever you extract from it.

As Mary-Jane Rubenstein, a professor of science and technology studies at Wesleyan University, explained to TechCrunch last month, the distinction is somewhat illusory. “It’s more like saying you can’t own the house, but you can have the floorboards and the beams,” she said. “Because the stuff that is in the moon is the moon.”

That legal framework is the scaffolding on which Musk’s moon ambitions apparently rest, even as not everyone has agreed to play by those rules (China and Russia certainly have not). Meanwhile, for now at least, the team to help him get there keeps getting smaller.

Luke Maximo Bell was able to keep a drone airborne for more than 3 hours on a single battery charge, a remarkable feat of endurance engineering. Bell has a reputation for pushing the limits, and in 2022 he set a global speed record with his Peregrine quadcopters, so it’s no surprise to see him take on this new task.

Bell designed this drone with sheer staying power as his goal from the start, wanting it to survive as long as possible on a single charge, so he made every single decision with that in mind. He used massive 40-inch carbon fiber propellers from T-Motor that turn slowly on low-KV motors, requiring less power than smaller, faster-spinning propellers. These G40 propellers were combined with MN105 V2 Antigravity motors with a 90 KV rating, the lightest unit capable of handling the prop size without adding excessive weight.

DJI Neo 2 (Drone Only), Lightweight & Foldable 4K Drone With Camera, Palm Takeoff & Landing, Gesture…

• Lightweight & Portable Design – Weighing just 151g [9] and C0 certified, this compact drone features full-coverage propeller guards for safer…
• Palm Takeoff & Landing [1], Gesture Control [2] – Enjoy easy palm takeoff and landing, plus intuitive gesture controls for hands-free operation and…
• Smooth & Reliable Tracking – ActiveTrack [3] keeps your subject in focus, while Apple Watch lets you view live feed, check flight status, or use voice…

The drone is powered by Tattu’s semi-solid state NMC LiPo packs, which provide approximately 320 watt-hours per kilogram of battery, which is roughly double the energy density of normal lithium-polymer cells and a significant advantage for anyone trying to build a long-lasting drone. To make things even more efficient, Bell removed 180 grams of packaging from each battery and replaced hefty connectors with lighter ones, saving a total of 360 grams, which is approximately equal to the weight of the complete carbon fiber frame. Depending on the air flow, it hovers around 400 watts, but drops to 250 watts during gradual forward motion as the air flow increases lift.

Bell paid special attention to the length of the drone’s arms, which is not something you think about all the time but is quite important. He used computational fluid dynamics simulations in AirShaper to test various arm length combinations before deciding on an 800mm length that appeared to produce the best results. Going too short can result in wake interference between propellers, while going too long adds unnecessary weight. The wires received the same level of attention; he chose 18 AWG gauge wire and utilized it for all 11m or so of wire per engine, weighing the resistance losses against the energy cost of utilizing additional copper.

To keep things simple and reliable, he limited the electronics to a minimum: a Holybro Nano Drive 4-in-1 ESC handles power distribution, a TBS Lucid H7 flight controller runs INAV firmware, a Matek GPS device gives position data, and a DJI O4 Air device feeds video feed back to base. Early versions of lighter components failed, so he replaced them with tested parts to avoid similar problems. The frame is comprised of carbon fiber tubes, with 3D printed arms, mounts, and legs.

Bell conducted numerous studies to build the drone, including bench tests that examined the thrust to power ratio under various loads, and he was pleased to discover that efficiency decreases as thrust increases, which is a good thing because he was then able to keep the weight down while keeping the thrust up. The first few flights were problematic, with a few oscillations and broken parts, but he learned from each failure to improve the next iteration.

In the end, the drone flew for more than 3 hours and 30 minutes without incident, even when pounded by winds; at 2 hours and 14 minutes, it had already surpassed SiFly’s hover time with plenty of juice remaining. Forward flight testing revealed a clear efficiency boost, and the drone landed successfully with the battery at 2.95 volts to avoid damage, an unofficial record that puts it far ahead of the current benchmark.

Microsoft has announced Windows 11 26H1, but it’s not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips.

Microsoft insists Windows 11 is still following an annual update cadence, which means Windows 11 26H2 is likely on track.

According to Microsoft, Windows 11 26H1 is based on a new platform release to support the upcoming ARM chips.

In a press release, Microsoft says it worked with OEMs and IHVs to support new device innovations and development via a new Windows Update.

“That means that this release is not being made available through broad channels but is only intended for those who purchase these new devices. At this time, devices with Qualcomm Snapdragon® X2 Series processors will come with Windows 11, version 26H1,” Microsoft noted.

“Organizations should continue to purchase, deploy, and manage devices running broadly released versions of Windows 11 (e.g. versions 24H2 and 25H2) with confidence.”

Microsoft also has an FAQ that clarifies version 26H1 is not a feature update for version 25H2, and that “there is no need to pause device purchases or OS deployments, and no changes are required to existing enterprise rollout plans.”

Devices running Windows 11 26H1 won’t get specific new features, as changes will be shared across platform releases, but version 26H1 should offer better performance or battery life on new ARM PCs.

All other PCs should get Windows 11 26H2 later this year, but Microsoft hasn’t confirmed the fall release yet.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

RAG isn’t always fast enough or intelligent enough for modern agentic AI workflows. As teams move from short-lived chatbots to long-running, tool-heavy agents embedded in production systems, those limitations are becoming harder to work around.

In response, teams are experimenting with alternative memory architectures — sometimes called contextual memory or agentic memory — that prioritize persistence and stability over dynamic retrieval.

One of the more recent implementations of this approach is “observational memory,” an open-source technology developed by Mastra, which was founded by the engineers who previously built and sold the Gatsby framework to Netlify.

Unlike RAG systems that retrieve context dynamically, observational memory uses two background agents (Observer and Reflector) to compress conversation history into a dated observation log. The compressed observations stay in context, eliminating retrieval entirely. For text content, the system achieves 3-6x compression. For tool-heavy agent workloads generating large outputs, compression ratios hit 5-40x.

The tradeoff is that observational memory prioritizes what the agent has already seen and decided over searching a broader external corpus, making it less suitable for open-ended knowledge discovery or compliance-heavy recall use cases.

The system scored 94.87% on LongMemEval using GPT-5-mini, while maintaining a completely stable, cacheable context window. On the standard GPT-4o model, observational memory scored 84.23% compared to Mastra’s own RAG implementation at 80.05%.

“It has this great characteristic of being both simpler and it is more powerful, like it scores better on the benchmarks,” Sam Bhagwat, co-founder and CEO of Mastra, told VentureBeat.

How it works: Two agents compress history into observations

The architecture is simpler than traditional memory systems but delivers better results. 

Observational memory divides the context window into two blocks. The first contains observations — compressed, dated notes extracted from previous conversations. The second holds raw message history from the current session.

Two background agents manage the compression process. When unobserved messages hit 30,000 tokens (configurable), the Observer agent compresses them into new observations and appends them to the first block. The original messages get dropped. When observations reach 40,000 tokens (also configurable), the Reflector agent restructures and condenses the observation log, combining related items and removing superseded information.

“The way that you’re sort of compressing these messages over time is you’re actually just sort of getting messages, and then you have an agent sort of say, ‘OK, so what are the key things to remember from this set of messages?’” Bhagwat said. “You kind of compress it, and then you get in another 30,000 tokens, and you compress that.”

The format is text-based, not structured objects. No vector databases or graph databases required.

Stable context windows cut token costs up to 10x

The economics of observational memory come from prompt caching. Anthropic, OpenAI, and other providers reduce token costs by 4-10x for cached prompts versus those that are uncached. Most memory systems can’t take advantage of this because they change the prompt every turn by injecting dynamically retrieved context, which invalidates the cache. For production teams, that instability translates directly into unpredictable cost curves and harder-to-budget agent workloads.

Observational memory keeps the context stable. The observation block is append-only until reflection runs, which means the system prompt and existing observations form a consistent prefix that can be cached across many turns. Messages keep getting appended to the raw history block until the 30,000 token threshold hits. Every turn before that is a full cache hit.

When observation runs, messages are replaced with new observations appended to the existing observation block. The observation prefix stays consistent, so the system still gets a partial cache hit. Only during reflection (which runs infrequently) is the entire cache invalidated.

The average context window size for Mastra’s LongMemEval benchmark run was around 30,000 tokens, far smaller than the full conversation history would require.

Why this differs from traditional compaction

Most coding agents use compaction to manage long context. Compaction lets the context window fill all the way up, then compresses the entire history into a summary when it’s about to overflow. The agent continues, the window fills again, and the process repeats.

Compaction produces documentation-style summaries. It captures the gist of what happened but loses specific events, decisions and details. The compression happens in large batches, which makes each pass computationally expensive. That works for human readability, but it often strips out the specific decisions and tool interactions agents need to act consistently over time.

The Observer, on the other hand, runs more frequently, processing smaller chunks. Instead of summarizing the conversation, it produces an event-based decision log — a structured list of dated, prioritized observations about what specifically happened. Each observation cycle handles less context and compresses it more efficiently.

The log never gets summarized into a blob. Even during reflection, the Reflector reorganizes and condenses the observations to find connections and drop redundant data. But the event-based structure persists. The result reads like a log of decisions and actions, not documentation.

Enterprise use cases: Long-running agent conversations

Mastra’s customers span several categories. Some build in-app chatbots for CMS platforms like Sanity or Contentful. Others create AI SRE systems that help engineering teams triage alerts. Document processing agents handle paperwork for traditional businesses moving toward automation.

What these use cases share is the need for long-running conversations that maintain context across weeks or months. An agent embedded in a content management system needs to remember that three weeks ago the user asked for a specific report format. An SRE agent needs to track which alerts were investigated and what decisions were made.

“One of the big goals for 2025 and 2026 has been building an agent inside their web app,” Bhagwat said about B2B SaaS companies. “That agent needs to be able to remember that, like, three weeks ago, you asked me about this thing, or you said you wanted a report on this kind of content type, or views segmented by this metric.”

In those scenarios, memory stops being an optimization and becomes a product requirement — users notice immediately when agents forget prior decisions or preferences.

Observational memory keeps months of conversation history present and accessible. The agent can respond while remembering the full context, without requiring the user to re-explain preferences or previous decisions.

The system shipped as part of Mastra 1.0 and is available now. The team released plug-ins this week for LangChain, Vercel’s AI SDK, and other frameworks, enabling developers to use observational memory outside the Mastra ecosystem.

What it means for production AI systems

Observational memory offers a different architectural approach than the vector database and RAG pipelines that dominate current implementations. The simpler architecture (text-based, no specialized databases) makes it easier to debug and maintain. The stable context window enables aggressive caching that cuts costs. The benchmark performance suggests that the approach can work at scale.

For enterprise teams evaluating memory approaches, the key questions are:

• How much context do your agents need to maintain across sessions?

• What’s your tolerance for lossy compression versus full-corpus search?

• Do you need the dynamic retrieval that RAG provides, or would stable context work better?

• Are your agents tool-heavy, generating large amounts of output that needs compression?

The answers determine whether observational memory fits your use case. Bhagwat positions memory as one of the top primitives needed for high-performing agents, alongside tool use, workflow orchestration, observability, and guardrails. For enterprise agents embedded in products, forgetting context between sessions is unacceptable. Users expect agents to remember their preferences, previous decisions and ongoing work.

“The hardest thing for teams building agents is the production, which can take time,” Bhagwat said. “Memory is a really important bit in that, because it’s just jarring if you use any sort of agentic tool and you sort of told it something and then it just kind of forgot it.”

As agents move from experiments to embedded systems of record, how teams design memory may matter as much as which model they choose.

from the getting-around-the-age-gate dept

EFF is against age gating and age verification mandates, and we hope we’ll win in getting existing ones overturned and new ones prevented. But mandates are already in effect, and every day many people are asked to verify their age across the web, despite prominent cases of sensitive data getting leaked in the process.

At some point, you may have been faced with the decision yourself: should I continue to use this service if I have to verify my age? And if so, how can I do that with the least risk to my personal information? This is our guide to navigating those decisions, with information on what questions to ask about the age verification options you’re presented with, and answers to those questions for some of the top most popular social media sites. Even though there’s no way to implement mandated age gates in a way that fully protects speech and privacy rights, our goal here is to help you minimize the infringement of your rights as you manage this awful situation.

Follow the Data

Since we know that leaks happen despite the best efforts of software engineers, we generally recommend submitting the absolute least amount of data possible. Unfortunately, that’s not going to be possible for everyone. Even facial age estimation solutions where pictures of your face never leave your device, offering some protection against data leakage, are not a good option for all users: facial age estimation works less well for people of color, trans and nonbinary people, and people with disabilities. There are some systems that use fancy cryptography so that a digital ID saved to your device won’t tell the website anything more than if you meet the age requirement, but access to that digital ID isn’t available to everyone or for all platforms. You may also not want to register for a digital ID and save it to your phone, if you don’t want to take the chance of all the information on it being exposed upon request of an over-zealous verifier, or you simply don’t want to be a part of a digital ID system

If you’re given the option of selecting a verification method and are deciding which to use, we recommend considering the following questions for each process allowed by each vendor:

• Data: What info does each method require?
• Access: Who can see the data during the course of the verification process?
• Retention: Who will hold onto that data after the verification process, and for how long?
• Audits: How sure are we that the stated claims will happen in practice? For example, are there external audits confirming that data is not accidentally leaked to another site along the way? Ideally these will be in-depth, security-focused audits by specialized auditors like NCC Group or Trail of Bits, instead of audits that merely certify adherence to standards. 
• Visibility: Who will be aware that you’re attempting to verify your age, and will they know which platform you’re trying to verify for?

We attempt to provide answers to these questions below. To begin, there are two major factors to consider when answering these questions: the tools each platform uses, and the overall system those tools are part of.

In general, most platforms offer age estimation options like face scans as a first line of age assurance. These vary in intrusiveness, but their main problem is inaccuracy, particularly for marginalized users. Third-party age verification vendors Private ID and k-ID offer on-device facial age estimation, but another common vendor, Yoti, sends the image to their servers during age checks by some of the biggest platforms. This risks leaking the images themselves, and also the fact that you’re using that particular website, to the third party. 

Then, there’s the document-based verification services, which require you to submit a hard identifier like a government-issued ID. This method thus requires you to prove both your age and your identity. A platform can do this in-house through a designated dataflow, or by sending that data to a third party. We’ve already seen examples of how this can fail. For example, Discord routed users’ ID data through its general customer service workflow so that a third-party vendor could perform manual review of verification appeals. No one involved ever deleted users’ data, so when the system was breached, Discord had to apologize for the catastrophic disclosure of nearly 70,000 photos of users’ ID documents. Overly long retention periods expose documents to risk of breaches and historical data requests. Some document verifiers have retention periods that are needlessly long. This is the case with Incode, which provides ID verification for Tiktok. Incode holds onto images forever by default, though TikTok should automatically start the deletion process on your behalf.

Some platforms offer alternatives, like proving that you own a credit card, or asking for your email to check if it appears in databases associated with adulthood (like home mortgage databases). These tend to involve less risk when it comes to the sensitivity of the data itself, especially since credit cards can be replaced, but in general still undermine anonymity and pseudonymity and pose a risk of tracking your online activity. We’d prefer to see more assurances across the board about how information is handled.

Each site offers users a menu of age assurance options to choose from. We’ve chosen to present these options in the rough order that we expect most people to prefer. Jump directly to a platform to learn more about its age checks:

Meta – Facebook, Instagram, WhatsApp, Messenger, Threads

If Meta can guess your age, you may never even see an age verification screen. Meta, which runs Facebook, Threads, Instagram, Messenger, and WhatsApp, first tries to use information you’ve posted to guess your age, like looking at “Happy birthday!” messages. It’s a creepy reminder that they already have quite a lot of information about you.

If Meta cannot guess your age, or if Meta infers you’re too young, it will next ask you to verify your age using either facial age estimation, or by uploading your photo ID. 

Face Scan

If you choose to use facial age estimation, you’ll be sent to Yoti, a third-party verification service. Your photo will be uploaded to their servers during this process. Yoti claims that “as soon as an age has been estimated, the facial image is immediately and permanently deleted.” Though it’s not as good as not having that data in the first place, Yoti’s security measures include a bug bounty program and annual penetration testing. Researchers from Mint Secure found that Yoti’s app and website are filled with trackers, so the fact that you’re verifying your age could be not only shared to Yoti, but leaked to third-party data brokers as well. 

You may not want to use this option if you’re worried about third parties potentially being able to know you’re trying to verify your age with Meta. You also might not want to use this if you’re worried about a current picture of your face accidentally leaking—for example, if elements in the background of your selfie might reveal your current location. On the other hand, if you consider a selfie to be less sensitive than a photograph of your ID, this option might be better. If you do choose (or are forced to) use the face check system, be sure to snap your selfie without anything you’d be concerned with identifying your location or embarrassing you in the background in case the image leaks.

Upload ID

If Yoti’s age estimation decides your face looks too young, or if you opt out of facial age estimation, your next recourse is to send Meta a photo of your ID. Meta sends that photo to Yoti to verify the ID. Meta says it will hold onto that ID image for 30 days, then delete it. Meanwhile, Yoti claims it will delete the image immediately after verification. Of course, bugs and process oversights exist, such as accidentally replicating information in logs or support queues, but at least they have stated processes. Your ID contains sensitive information such as your full legal name and home address. Using this option not only runs the (hopefully small, but never nonexistent) risk of that data getting leaked through errors or hacking, but it also lets Meta see the information needed to tie your profile to your identity—which you may not want. If you don’t want Meta to know your name and where you live, or rely on both Meta and Yoti to keep to their deletion promises, this option may not be right for you.

Google – Gmail, YouTube 

If Google can guess your age, you may never even see an age verification screen. Your Google account is typically connected to your YouTube account, so if (like mine) your YouTube account is old enough to vote, you may not need to verify your Google account at all. Google first uses information it already knows to try to guess your age, like how long you’ve had the account and your YouTube viewing habits. It’s yet another creepy reminder of how much information these corporations have on you, but at least in this case they aren’t likely to ask for even more identifying data.

If Google cannot guess your age, or decides you’re too young, Google will next ask you to verify your age. You’ll be given a variety of options for how to do so, with availability that will depend on your location and your age.

Google’s methods to assure your age include ID verification, facial age estimation, verification by proxy, and digital ID. To prove you’re over 18, you may be able to use facial age estimation, give Google your credit card information, or tell a third-party provider your email address.

Face Scan

If you choose to use facial age estimation, you’ll be sent to a website run by Private ID, a third-party verification service. The website will load Private ID’s verifier within the page—this means that your selfie will be checked without any images leaving your device. If the system decides you’re over 18, it will let Google know that, and only that. Of course, no technology is perfect—should Private ID be mandated to target you specifically, there’s nothing to stop it from sending down code that does in fact upload your image, and you probably won’t notice. But unless your threat model includes being specifically targeted by a state actor or Private ID, that’s unlikely to be something you need to worry about. For most people, no one else will see your image during this process. Private ID will, however, be told that your device is trying to verify your age with Google and Google will still find out if Private ID thinks that you’re under 18.

If Private ID’s age estimation decides your face looks too young, you may next be able to decide if you’d rather let Google verify your age by giving it your credit card information, photo ID, or digital ID, or by letting Google send your email address to a third-party verifier.

Email Usage

If you choose to provide your email address, Google sends it on to a company called VerifyMy. VerifyMy will use your email address to see if you’ve done things like get a mortgage or paid for utilities using that email address. If you use Gmail as your email provider, this may be a privacy-protective option with respect to Google, as Google will then already know the email address associated with the account. But it does tell VerifyMy and its third-party partners that the person behind this email address is looking to verify their age, which you may not want them to know. VerifyMy uses “proprietary algorithms and external data sources” that involve sending your email address to “trusted third parties, such as data aggregators.” It claims to “ensure that such third parties are contractually bound to meet these requirements,” but you’ll have to trust it on that one—we haven’t seen any mention of who those parties are, so you’ll have no way to check up on their practices and security. On the bright side, VerifyMy and its partners do claim to delete your information as soon as the check is completed.

Credit Card Verification

If you choose to let Google use your credit card information, you’ll be asked to set up a Google Payments account. Note that debit cards won’t be accepted, since it’s much easier for many debit cards to be issued to people under 18. Google will then charge a small amount to the card, and refund it once it goes through. If you choose this method, you’ll have to tell Google your credit card info, but the fact that it’s done through Google Payments (their regular card-processing system) means that at least your credit card information won’t be sitting around in some unsecured system. Even if your credit card information happens to accidentally be leaked, this is a relatively low-risk option, since credit cards come with solid fraud protection. If your credit card info gets leaked, you should easily be able to dispute fraudulent charges and replace the card.

Digital ID

If the option is available to you, you may be able to use your digital ID to verify your age with Google. In some regions, you’ll be given the option to use your digital ID. In some cases, it’s possible to only reveal your age information when you use a digital ID. If you’re given that choice, it can be a good privacy-preserving option. Depending on the implementation, there’s a chance that the verification step will “phone home” to the ID provider (usually a government) to let them know the service asked for your age. It’s a complicated and varied topic that you can learn more about by visiting EFF’s page on digital identity.

Upload ID

Should none of these options work for you, your final recourse is to send Google a photo of your ID. Here, you’ll be asked to take a photo of an acceptable ID and send it to Google. Though the help page only states that your ID “will be stored securely,” the verification process page says ID “will be deleted after your date of birth is successfully verified.” Acceptable IDs vary by country, but are generally government-issued photo IDs. We like that it’s deleted immediately, though we have questions about what Google means when it says your ID will be used to “improve [its] verification services for Google products and protect against fraud and abuse.” No system is perfect, and we can only hope that Google schedules outside audits regularly.

TikTok

If TikTok can guess your age, you may never even see an age verification notification. TikTok first tries to use information you’ve posted to estimate your age, looking through your videos and photos to analyze your face and listen to your voice. By uploading any videos, TikTok believes you’ve given it consent to try to guess how old you look and sound.

If TikTok decides you’re too young, appeal to revoke their age decision before the deadline passes. If TikTok cannot guess your age, or decides you’re too young, it will automatically revoke your access based on age—including either restricting features or deleting your account. To get your access and account back, you’ll have a limited amount of time to verify your age. As soon as you see the notification that your account is restricted, you’ll want to act fast because in some places you’ll have as little as 23 days before the deadline passes.

When you get that notification, you’re given various options to verify your age based on your location.

Face Scan

If you’re given the option to use facial age estimation, you’ll be sent to Yoti, a third-party verification service. Your photo will be uploaded to their servers during this process. Yoti claims that “as soon as an age has been estimated, the facial image is immediately and permanently deleted.” Though it’s not as good as not having that data in the first place, Yoti’s security measures include a bug bounty program and annual penetration testing. However, researchers from Mint Secure found that Yoti’s app and website are filled with trackers, so the fact that you’re verifying your age could be leaked not only to Yoti, but to third-party data brokers as well.

You may not want to use this option if you’re worried about third parties potentially being able to know you’re trying to verify your age with TikTok. You also might not want to use this if you’re worried about a current picture of your face accidentally leaking—for example, if elements in the background of your selfie might reveal your current location. On the other hand, if you consider a selfie to be less sensitive than a photograph of your ID or your credit card information, this option might be better. If you do choose (or are forced to) use the face check system, be sure to snap your selfie without anything you’d be concerned with identifying your location or embarrassing you in the background in case the image leaks.

Credit Card Verification

If you have a credit card in your name, TikTok will accept that as proof that you’re over 18. Note that debit cards won’t be accepted, since it’s much easier for many debit cards to be issued to people under 18. TikTok will charge a small amount to the credit card, and refund it once it goes through. It’s unclear if this goes through their regular payment process, or if your credit card information will be sent through and stored in a separate, less secure system. Luckily, these days credit cards come with solid fraud protection, so if your credit card gets leaked, you should easily be able to dispute fraudulent charges and replace the card. That said, we’d rather TikTok provide assurances that the information will be processed securely.

Credit Card Verification of a Parent or Guardian

Sometimes, if you’re between 13 and 17, you’ll be given the option to let your parent or guardian confirm your age. You’ll tell TikTok their email address, and TikTok will send your parent or guardian an email asking them (a) to confirm your date of birth, and (b) to verify their own age by proving that they own a valid credit card. This option doesn’t always seem to be offered, and in the one case we could find, it’s possible that TikTok never followed up with the parent. So it’s unclear how or if TikTok verifies that the adult whose email you provide is your parent or guardian. If you want to use credit card verification but you’re not old enough to have a credit card, and you’re ok with letting an adult know you use TikTok, this option may be reasonable to try.

Photo with a Random Adult?

Bizarrely, if you’re between 13 and 17, TikTok claims to offer the option to take a photo with literally any random adult to confirm your age. Its help page says that any trusted adult over 25 can be chosen, as long as they’re holding a piece of paper with the code on it that TikTok provides. It also mentions that a third-party provider is used here, but doesn’t say which one. We haven’t found any evidence of this verification method being offered. Please do let us know if you’ve used this method to verify your age on TikTok!

Photo ID and Face Comparison

If you aren’t offered or have failed the other options, you’ll have to verify your age by submitting a copy of your ID and matching photo of your face. You’ll be sent to Incode, a third-party verification service. In a disappointing failure to meet the industry standard, Incode itself doesn’t automatically delete the data you give it once the process is complete, but TikTok does claim to “start the process to delete the information you submitted,” which should include telling Incode to delete your data once the process is done. If you want to be sure, you can ask Incode to delete that data yourself. Incode tells TikTok that you met the age threshold without providing your exact date of birth, but then TikTok wants to know the exact date anyway, so it’ll ask for your date of birth even after your age has been verified.

TikTok itself might not see your actual ID depending on its implementation choices, but Incode will. Your ID contains sensitive information such as your full legal name and home address. Using this option not only runs the (hopefully small, but never nonexistent) risk of that data getting accidentally leaked through errors or hacking. If you don’t want TikTok or Incode to know your name, what you look like, and where you live—or if you don’t want to rely on both TikTok and Incode to keep to their deletion promises—then this option may not be right for you.

Everywhere Else

We’ve covered the major providers here, but age verification is unfortunately being required of many other services that you might use as well. While the providers and processes may vary, the same general principles will apply. If you’re trying to choose what information to provide to continue to use a service, consider the “follow the data” questions mentioned above, and try to find out how the company will store and process the data you give it. The less sensitive information, the fewer people have access to it, and the more quickly it will be deleted, the better. You may even come to recognize popular names in the age verification industry: Spotify and OnlyFans use Yoti (just like Meta and Tiktok), Quora and Discord use k-ID, and so on. 

Unfortunately, it should be clear by now that none of the age verification options are perfect in terms of protecting information, providing access to everyone, and safely handling sensitive data. That’s just one of the reasons that EFF is against age-gating mandates, and is working to stop and overturn them across the United States and around the world.

Republished from the EFF’s Deeplinks blog.

Filed Under: age gating, age verification, credit cards, face scans, id, privacy

Companies: facebook, google, instagram, meta, tiktok, whatsapp, youtube