Every time you unlock your smartphone or start your connected car, you are generating a trail of digital evidence that can be used to track your every move.

In Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance, just published by NYU Press, law professor Andrew Guthrie Ferguson exposes how the Internet of Things has quietly transformed into a vast surveillance network, turning our most personal devices into digital informants. The following excerpt explores the concept of “sensorveillance,” detailing the specific mechanisms—such as Google’s Sensorvault, geofence warrants, and vehicle telemetry—that allow law enforcement to repurpose consumer technology into powerful tools for investigation and control.

Apparently, Bernstein did do something “like that.” She was soon caught and cited for leaving the scene of the accident. Her own car provided evidence of her guilt.

The Rise of “Sensorveillance”

Once upon a time, our things were just things. A bike was a tool for biking. It got you from one location to another, but it didn’t “know” more about your travels than any other inanimate object did. It was dumb in a comforting way, and we used it as intended. Today, a top-of-the-line bike can track your route and calculate your average speed along the way. Hop on an e-bike from a commercial bike share, and it will collect data for your trip, plus the trips of everyone else who used it that month.

These “smart” objects belong to what technologist Kevin Ashton named the Internet of Things. Ashton proposed adding radio-frequency identification (RFID) tags and sensors to everyday objects, allowing them to collect data that could be fed into networked systems without human intervention. A sensor in a river could monitor the cleanliness of the water. A tag on a bottle of shampoo could trace its journey throughout the supply chain. Add enough sensors to enough objects and you can model the health of an entire ecosystem—or learn whether you’re sending too much of your inventory to Massachusetts and too little to Texas.

Ashton first theorized the Internet of Things (IoT) in the late 1990s. Today, the IoT goes well beyond his initial vision, including not only RFID tags but also sensors with Wi-Fi, Bluetooth, cellular, and GPS connections. These small, low-cost sensors record data about movement, heat, pressure, or location and can engage in two-way communication.

Of course, such a system is also, by necessity, a system of surveillance. “Sensorveillance”—a term I created to highlight the intersection of sensors and surveillance—is slowly becoming the default across the developed world.

Cellphone Surveillance Networks

Let’s start with phones. You’re probably not surprised that your cellphone company tracks your location; that’s how cellphones work. Both smartphones and “dumb” mobile phones use local cell towers, owned by cellphone companies, to connect you to your friends and family, which means those companies know which towers you are near at all times.

If you always carry your phone with you, your phone’s whereabouts—recorded as cell-site location information (CSLI)—reveal yours. One man, Timothy Carpenter, found this out the hard way after he and a group of associates set out to rob a series of electronics stores. Carpenter was the alleged ringleader, but he didn’t enter the stores himself. He served as the lookout, waiting in the car while his associates stuffed merchandise into bags.

It might have been hard for investigators to tie him to the crimes—if not for the fact that every minute he kept watch, his cellphone was pinging a local tower, logging his location. Using that information, the FBI was able to determine that he had been near each store during the exact moment of each robbery.

Cell signals are the tip of the proverbial data iceberg. If you have a smartphone, you’re almost certainly using something created by Google. Google makes money off advertising. The more Google knows about users, the better it can target ads to them. Google’s location services are on all Android phones, which use the company’s operating system, but they’re also on Google apps, including Google Maps and Gmail.

For years, all that location information ended up in what the company called the Sensorvault. The Sensorvault, as the name suggests, combined data from GPS, Bluetooth, cell towers, IP addresses, and Wi-Fi signals to create a powerful tracking system that could identify a phone’s location with great precision. As you might imagine, police saw it as a digital evidence miracle. In 2020, Google received more than 11,500 warrants from law enforcement seeking information from the Sensorvault.

“Sensorveillance”—a term I created to highlight the intersection of sensors and surveillance—is slowly becoming the default across the developed world.

In 2024, Google announced that it would no longer retain all of this data in the cloud. Instead, the geolocation information would be stored on individual devices, requiring police to get a warrant for a specific device. The demise of the Sensorvault came about through a change in corporate policy, which could be reversed. But at least for now, Google has made it significantly harder for police to access its data.

And while the Sensorvault was the biggest source of geolocational evidence, it is far from the only one. Even apps that have nothing to do with maps or navigation might nonetheless be collecting your location data. In one Pennsylvania case, prosecutors learned that a burglar used an iPhone flashlight app to search through a home, and they used the data from the app to prove he was in the home at the time of the break-in. These apps might be advertised as “free,” but they come with a hidden cost.

Cars, increasingly, collect almost as much information as phones. Mobile extraction devices can collect digital forensics about a car’s speed, when its airbags deployed, when its brakes were engaged, and where it was when all that happened. If you connect your phone to play Spotify or to read out your texts, then your call logs, contact lists, social media accounts, and entertainment selections can be downloaded directly from your vehicle. Because cars are involved in so many crimes (either as the instrument of the crime or as transportation), searches of this data are becoming more commonplace.

Even without physically extracting information from the car, police have other ways to get the data. After all, the car’s built-in telemetry system is sharing information with third parties. In addition to the usual personal information you give up when buying a car (name, address, phone number, email, Social Security number, driver’s license number), when you own a Stellantis-brand car, the company collects how often you use the car, your speed, and instances of acceleration or braking. Nissan asserts the right to collect information about “sexual activity, health diagnosis data, and genetic [data]” in addition to “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.” Nissan’s privacy policy specifically reserves the right to provide this information to both data brokers and law enforcement.

The Law of Smart Things

The fact that government agents can glean so much information from our things does not mean that they should be able to do so at any time or for any reason. The U.S. Fourth Amendment—drafted in an era without electricity—protects “persons, houses, papers, and effects” against unreasonable search and seizure, but is naturally silent on the question of location data.

The first question is whether the data from our smart things should be constitutionally protected from police. In the language of the constitutional text, the smart device itself is an “effect”—a movable piece of personal property. But what about the data collected by the effect? Is the location data collected by your smartwatch considered part of the watch, or part of the person wearing the watch? Neither? Both?

To its credit, the U.S. Supreme Court has addressed some of the hard questions around digital tracking. In two cases, the first involving GPS tracking of a car and the second involving the CSLI tracking of Timothy Carpenter’s cellphone, the court has placed limits on the government’s ability to collect location data over the long term.

United States v. Jones involved GPS tracking of a car. Antoine Jones owned a nightclub in Washington, D.C. He also sold cocaine and found himself under criminal investigation for a large-scale drug distribution scheme. To prove Jones’s connection to “the stash house,” police placed a GPS device on his wife’s Jeep Cherokee. This was before GPS came standard in cars, so the device was physically attached to the undercarriage of the vehicle.

Data about Jones’s travels was recorded for 28 days, during which he visited the stash house multiple times. The prosecutors introduced the GPS data at trial, and Jones was found guilty. Jones appealed his conviction, arguing that the warrantless use of a GPS device to track his car violated his Fourth Amendment rights.

“When the Government tracks the location of a cell phone it achieves near perfect surveillance.” — the Supreme Court

In 2012, the Supreme Court held that a warrant was required, based on the reasoning that the physical placement of the GPS device on the Jeep was itself a Fourth Amendment search requiring a warrant. Justice Sonia Sotomayor agreed regarding the physical search but went further, discussing the harms of long-term GPS tracking: “GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”

Timothy Carpenter’s ill-fated robbery spree gave the Supreme Court another chance to address the constitutional harms of long-term tracking. In their attempts to connect Carpenter to the six electronics stores that had been robbed, federal investigators requested 127 days of location data from two mobile phone carriers. The problem for the police, however, was that they had obtained the information on Carpenter without a judicial warrant.

Carpenter challenged the FBI’s acquisition of his CSLI, claiming that it violated his reasonable expectation of privacy. In a 5–4 opinion, the Supreme Court determined that the acquisition of long-term CSLI was a Fourth Amendment search, which required a warrant. As the Court stated in its 2018 ruling: “A cell phone faithfully follows its owner beyond public thoroughfares and into private residences, doctor’s offices, political headquarters, and other potentially revealing locales…. [W]hen the Government tracks the location of a cell phone it achieves near perfect surveillance.”

Jones and Carpenter are helpful for setting the boundaries of location-based searches. But, in truth, the cases generate a lot more questions than answers. What about surveillance that is not long-term? At what point does the aggregation of details about a person’s location violate their reasonable expectation of privacy?

The Warrant According to Google

Okelle Chatrie’s case, in which police used Google’s location data to identify him as the mystery bank robber, offers a stark warning about the limits of Fourth Amendment protections under these circumstances. It’s also a terrific example of why “geofence” warrants, which request information within a certain geographic boundary, are appealing to police. From surveillance footage, detectives could see that the suspect had a phone to his ear when he walked into the bank. A geofence could identify who the suspect was, and likely where he came from and where he went. Google held the answer in its virtual vault. A warrant gave investigators the key.

The police cast a broad net. The geofence warrant asked for data on all the cellphones within a 150-meter radius, an area, as the court described it, “about three and a half times the footprint of a New York city block.” After receiving the police’s initial request for information on all the phones in the area, Google returned 19 anonymized numbers. Over the course of a three-step warrant process, the company narrowed those 19 phones down to three and then to one, which it revealed as belonging to Okelle Chatrie.

If the police wish to buy the data, just like an insurer or marketing firm might, how can you object? It’s not your data.

The three-step warrant process is a unique innovation in the digital evidence space. Google’s lawyers developed a procedure whereby detectives seeking targeted geolocation data had to file three separate requests, first requesting identifying numbers in an area, then narrowing the request based on other information, and finally obtaining an order to unmask the anonymous number (or numbers) by providing a name.

To be clear, Google—a private company—required the government to jump through these hoops because Google considered it important to protect its customers’ data. It was the company’s lawyers—not the courts or the government—who demanded these warrants.

Buying Data

Warrants provide at least some procedural barrier to data collection by police. If government agencies want to avoid that minor hassle, they can simply buy the data instead. By contracting with data-location services, several federal agencies have already done so.

The logic for this Fourth Amendment loophole is straightforward: You gave your data to a third-party company, and the company can use it as it wishes. If you own a car that is smart enough to collect driving analytics, you clicked some agreement saying the car company could use the data—study it, analyze it, and, if it wants, sell it. If you don’t want to give them data in the first place, that is okay (although it will likely result in less optimal functionality), but you cannot rightly complain when they use the data you gave them in ways that benefit them. If the police wish to buy the data, just like an insurer or marketing firm might, how can you object? It’s not your data.

Who Is to Blame?

Fears about the amount of personal information that could be revealed with long-term GPS surveillance have become reality. Today, police don’t need to plant a device to track your movements—they can rely on your car or phone to do it for them.

This happened because companies sold convenience and consumers bought it. So it might be tempting to blame ourselves. We’re the ones buying this technology. If we don’t want to be tracked, we can always go back to using paper maps and writing down directions by hand. If few of us are willing to make that trade, that’s on us.

But it’s not that easy. You may still be able to choose a dumb bike over a smart one, but a car that tracks you will soon be the only type of car you can buy. And while cars and data can, in theory, be separated, that’s not true for all our smart things. Without cell-signal tracking capabilities, a cellphone is just a paperweight. And in today’s world, living without a phone or a car is simply not practical for many people.

There are technological steps we can take toward protecting privacy. Companies can localize the data the sensors generate within the devices themselves, rather than in a central location like the Sensorvault. Similarly, the information that allows you to unlock your Apple iPhone via facial recognition stays localized on the phone. These are technological fixes, and positive ones. But even localized data is available to police with a warrant.

This is the puzzle of the digital age. We can’t—or don’t want to—avoid creating data, but that data, once created, becomes available for legal ends. The power to track every person is the perfect tool for authoritarianism. For every wondrous story about catching a criminal, there will be a terrifying story of tracking a political enemy or suppressing dissent. Such immense power can and will be abused.

from the abject-cowards-making-loud-noises dept

Brendan Carr is once again doing Brendan Carr stuff.

Carr has threatened to revoke the broadcast licenses of broadcasters that tell the truth about Trump’s disastrous war in Iran. In a post over at Elon Musk’s right wing propaganda website, Carr insists that news outlets that are “running hoaxes and news distortions” (read: telling the truth) about the war will face potential headaches when their licenses come up for renewal:

If you can’t read that, it says:

Broadcasters that are running hoaxes and news distortions – also known as the fake news – have a chance now to correct course before their license renewals come up.

The law is clear. Broadcasters must operate in the public interest, and they will lose their licenses if they do not.

And frankly, changing course is in their own business interests since trust in legacy media has now fallen to an all time low of just 9% and are ratings disasters.

Advertisement

The American people have subsidized broadcasters to the tune of billions of dollars by providing free access to the nation’s airwaves.

It is very important to bring trust back into media, which has earned itself the label of fake news.

When a political candidate is able to win a landslide election victory after in the face of hoaxes and distortions, there is something very wrong. It means the public has lost faith and confidence in the media. And we can’t allow that to happen.

Time for change!

Advertisement

That’s certainly a lot of tough-talking bullshit.

Carr’s only authority comes over broadcast affiliates (not national media companies or cable TV outlets), most of which are already owned by Republicans and already kiss Trump’s ass (because they want to merge). The FCC hasn’t denied a license renewal in decades, and any attempt to do so would result in a massive, protracted First Amendment legal mess that the FCC would be extremely likely to lose.

Carr’s actual goal for this kind of stuff is three fold.

One, he’s putting on a show for our mad, idiot king that Carr is being a good boy. Two, he’s trolling the press so they’ll hyperventilate about his behaviors; those stories then advertise to the MAGA base the false impression that Carr is doing useful and bold culture war stuff (so he can potentially run for higher office). They’ll assume it all must be useful and important because he’s upsetting people of intellect, importance, and conscience, which they enjoy.

But most importantly it sends a message to media companies that they should get in line with the Trump administration or face costly and expensive (no matter how pointless) legal annoyances. Of course those threats haven’t really been needed, because most U.S. media companies (and big corporations) have been happy to bribe the president or kiss his ass anyway.

That sort of feckless journalistic failure in the face of power is why so much of the public has lost faith in U.S. news, not because they’ve historically been too critical of war or too tough on wealth and power.

While these sorts of threats certainly are dangerous, Carr is a monumental clown who is putting on a big show to try and pretend he’s a person of substance and power doing important things.

Meanwhile Trump is upset that some news outlets have been making it clear he was too stupid to understand the evolving nature of low cost, modern drone warfare (despite all the evidence in Ukraine). In his own post at his own right wing propaganda website, Trump went off on a local rambling tirade about Iran somehow misleading the entirety of U.S. media:

That one says:

Iran has long been known as a Master of Media Manipulation and Public Relations. They are Militarily ineffective and weak, but are really good at “feeding” the very appreciative Fake News Media false information. Now, A.I. has become another Disinformation weapon that Iran uses, quite well, considering they are being annihilated by the day. They showed phony “Kamikaze Boats,” shooting at various Ships at Sea, which looks wonderful, powerful, and vicious, but these Boats don’t exist — It’s all false information to show how “tough” their already defeated Military is! The five U.S. Refueling Planes that were supposedly struck down and badly damaged, according to The Wall Street Journal’s false reporting, and others, are all in service, with the exception of one, which will soon be flying the skies. Buildings and Ships that are shown to be on fire are not — It’s FAKE NEWS, generated by A.I. For instance, Iran, working in close coordination with the Fake News Media, shows our great USS Abraham Lincoln Aircraft Carrier, one of the largest and most prestigious Ships in the World, burning uncontrollably in the Ocean. Not only was it not burning, it was not even shot at — Iran knows better than to do that! The story was knowingly FAKE and, in a certain way, you can say that those Media Outlets that generated it should be brought up on Charges for TREASON for the dissemination of false information! The fact is, Iran is being decimated, and the only battles they “win” are those that they create through AI, and are distributed by Corrupt Media Outlets. The Radical Leftwing Press knows this full well, but continues to go forward with false stories and LIES. That’s why their Approval Rating is so low, and I can win a Presidential Election, IN A LANDSLIDE, getting only 5% positive Press — They have no credibility! I am so thrilled to see Brendan Carr, the Chairman of the Federal Communications Commission (FCC), looking at the licenses of some of these Corrupt and Highly Unpatriotic “News” Organizations. They get Billions of Dollars of FREE American Airwaves, and use it to perpetuate LIES, both in News and almost all of their Shows, including the Late Night Morons, who get gigantic Salaries for horrible Ratings, and never get, as I used to say in The Apprentice, “FIRED.” Thank you for your attention to this matter! President DONALD J. TRUMP

These are not the behaviors of competent, confidence people who believe things are going well. They’re the sad gyrations of pathetic men who know Trump is on historic trajectory to be the worst and least popular President in U.S. history (with ample room to fall). No amount of posturing can hide it.

Filed Under: brendan carr, broadcasters, censorship, donald trump, fcc, first amendment, journalism, licenses, media, news

By Itamar Apelblat, Co-Founder and CEO, Token Security

Agentic AI represents a once-in-a-generation shift in how organizations operate. AI agents are not copilots. They are not better chatbots.

They are autonomous actors that plan, decide, and act. Increasingly, they will write code, move data, execute transactions, provision infrastructure, and interact with customers often without a human in the loop. They will also operate continuously, across systems, at machine speed.

This transformation is already unlocking enormous business value. But, it will only succeed if it is secured properly. And today, most organizations are not prepared.

The prevailing approach to AI security focuses on guardrails such as prompt filtering, output controls, and behavior monitoring. That thinking is flawed. Guardrails attempt to constrain behavior after access has already been granted. But once an AI agent has credentials and connectivity, a single misstep can cause data exfiltration, destructive actions, or cascading failures across interconnected systems.

If you want to secure AI agents without slowing innovation, they need to rethink the control plane. Identity, not prompts, not networks, not vendor assurances, is the only scalable foundation for securing and governing autonomous systems.

For a deeper explanation of why identity is becoming the foundation for AI security, see Securing Agentic AI: Why Everything Starts with Identity.

Here are the five most important actions CISOs should take today to ensure AI agent security:

1. Treat AI Agents as First-Class Identities

The moment an AI agent connects to production systems, APIs, cloud roles, SaaS platforms, or infrastructure, it stops being an experiment and becomes an identity.

Every AI agent uses identities, often many of them: API tokens, OAuth grants, service accounts, cloud roles, secrets, and access keys. Yet in most organizations, these identities are invisible, unmanaged, and poorly governed.

You must mandate that every AI agent is treated as a first-class digital identity:

• It must have a clear owner
• It must be authenticated
• Its permissions must be explicitly defined
• Its activity must be logged and monitored

If you don’t know which identities your agents are using, you don’t control them.

2. Shift from Guardrails to Access Control

Guardrails assume that AI can be safely constrained by rules. But AI agents are non-deterministic and adaptive. With an unlimited number of possible prompts and interactions, bypass is not a question of if it will happen, but when.

Even if prompt controls worked 99% of the time, 1% of infinity is still infinity.

Security must move down the stack to where real control exists: access. You need to ask these questions:

• What systems can this agent reach?
• What data can it read?
• What actions can it execute?
• Under what conditions?
• For how long?

Once access is tightly scoped, behavior becomes far less dangerous. Identity-based access control is the containment layer for autonomous software. Network controls are too coarse. Prompt filters are too weak. AI platform assurances are not enough.

Identity is the only control plane that spans every system an agent touches.

3. Eliminate Shadow AI by Gaining Identity Visibility

Shadow AI is not primarily a tooling problem. It is an identity problem. Developers, IT admins, and business users are already creating AI agents that connect to business-critical systems, leverage APIs, retrieve data, and trigger workflows.

These agents don’t announce themselves. They simply start acting. When security teams lack visibility into these identities, Zero Trust collapses. Unknown agents become trusted by default because their credentials are valid.

You must prioritize:

• Continuous discovery of machine and non-human identities.
• Identification of agent-related tokens, service accounts, and OAuth grants.
• Mapping which agents have access to which systems.

If you can’t see it, you can’t secure it. And in the AI era, what you can’t see is often autonomous.

4. Secure Based on Intent, Not Just Static Permissions

AI agents are goal-oriented. Two identical agents with identical permissions can behave very differently depending on their objective. This introduces a missing dimension in traditional access models: intent.

To secure AI agents effectively, organizations must answer:

• What is this agent meant to accomplish?
• What actions are required to achieve that goal?
• Which actions are outside its purpose?

An agent created to summarize support tickets should not be able to export the full customer database. An infrastructure optimization agent should not be able to modify IAM policies. Intent defines acceptable behavior.

This breaks the dangerous assumption that agents can simply inherit human permissions. An agent acting “on behalf of” a highly privileged engineer should not automatically gain every permission that engineer has.

Security for AI agents is not about predicting behavior. It is about enforcing intent through tightly scoped identity and access controls.

5. Implement Full AI Agent Lifecycle Governance

Security failures rarely happen at the moment of creation. They happen over time. Access accumulates. Ownership becomes unclear. Credentials persist. Agents are modified, repurposed, and eventually abandoned, often silently. AI agents compress this lifecycle dramatically. What used to unfold over months can now happen in hours or even more rapidly.

You must ensure lifecycle governance for every agent:

• Who owns it today?
• What access does it currently have?
• Is that access still aligned to its intent?
• When should secrets be rotated, access reviewed, or the agent decommissioned?

Without continuous lifecycle control, risk compounds invisibly. If you cannot answer these questions at any given moment, you do not control your AI agents.

New frameworks for AI agent identity lifecycle governance are emerging to address exactly this challenge, download Token’s new AI Agent Identity Lifecycle Management ebook for more information.

Secure AI Is Scalable AI

Agentic AI is inevitable and it is overwhelmingly positive for business. The value lies in autonomous access that allows agents to act across systems at scale and machine speed. But, autonomy without identity control is chaos.

Organizations that bolt AI onto legacy, human-centric identity models will either overprivilege agents or slow innovation to a halt. Organizations that ignore identity will eventually lose control. The path forward is not to slow down AI. It is to secure it properly.

Identity is the only scalable control plane for agentic AI. Lifecycle governance is non-negotiable. And security must enable, not obstruct,  innovation.

The companies that win in the coming decade will be those that leverage AI to transform their business while remaining secure. The key to doing that is identity.

If you’d like to see how Token security is tackling agentic AI identity at scale, book a demo with our technical team.

Sponsored and written by Token Security.

Sony is rolling out a firmware update for its PlayStation Portal handheld that introduces a new quality option for both Remote Play and Cloud Streaming. Choosing the 1080p High Quality mode means that you’ll be able to stream games at a higher bitrate compared with the 1080p Standard option.

You can switch to this mode by going to Quick Menu > Max Resolution and picking 1080p High Quality while you’re playing a game. You’ll need to restart your game session for the change to take effect. Naturally, 1080p High Quality will use more data than the other resolution options.

Sony says that more than half of all Portal users are now PlayStation Plus Premium subscribers, meaning they can use the Cloud Streaming option on the device. With that in mind, the company is making some Cloud Streaming changes as part of this firmware update.

The company says it has refined the search screen — from now on, whenever you open this up, the on screen keyboard will pop up immediately. That’s a nice little quality-of-life update that streamlines things a bit. When you pick the “stream” option on pages for game bundles (i.e. for any title that includes multiple games), you’ll be able to select a specific game to jump into.

There are notification changes too. If you receive a game invite while playing a supported title, you’ll now see a clear notification on your screen. Trophy notifications should now display properly too, with the trophy name and image showing up. Unlocking a platinum trophy will cause an animated notification to appear.

There’s one more tweak to the system with this Portal update as Sony attempts to make the onboarding experience a bit smoother. Those who pick up a Portal but don’t already have a PlayStation account will be able to create one and then sign in on the handheld by scanning a QR code on their mobile device. Such folks will still need to have access to a PS5 or sign up for PS Plus Premium to actually get any use out of the Portal, of course.

• Handala hackers hit Stryker via compromised Intune admin
• Tens of thousands of devices wiped, but no data theft confirmed
• Medical products remain safe; order systems offline and manual only

When cybercriminals struck Stryker last week and wiped tens of thousands of electronic devices, they did so without using any malware. Instead, they used Intune, Microsoft’s cloud-based endpoint management service, sources are saying.

Last week, a hacking collective calling itself Handala (AKA HAtef, Hamsa) said they broke into Stryker, a Fortune 500 healthcare company with tens of billions in annual sales. They claimed to have stolen 50 terabytes of data and wiped “tens of thousands of systems and servers across the company’s network.”

Meal kits are a convenience product, full stop. While the price gap between meal kits and grocery store prices has shrunk since they first launched, what you’re paying for is premeasured ingredients curated into a single box and delivered to your door ready to be spun into dinner.

We’ve calculated how meal kit delivery services stack up against grocery prices, and the findings aren’t surprising, even amid rising food costs nationwide. It’s almost always cheaper to buy groceries at the store, and you prepare meals, especially when you shop in person rather than have them delivered.

Read more: I Test Meal Kits for a Living: 7 Mistakes That Cost You

Meal kit prices are easy to compare. What’s harder to answer is whether any of them actually deliver value relative to what the same groceries would cost at a supermarket — and whether some services are giving you meaningfully more than others for your money.

So I did the math. Considering seven of the most popular traditional-format meal kit delivery services, many of which appear on our Best Meal Kits of 2026 list, here’s how they stacked up, from highest to lowest, based on the value they offer for the price. (The lower the savings in the right-hand column in order to make the same meals yourself, the closer in price between the meal kit and the actual cost of groceries.) 

And while these represent the best value meal kits, we’ve also dug into them to find the absolute cheapest meal kits available in 2026.

Advertisement

• Cost: $11.49 per serving plus upcharges for premium items  
• Aggregate savings on this HelloFresh box to make it yourself: 35%
• Full review of HelloFresh

Note that Blue Apron recently changed its pricing structure and has moved away from a subscription model. Each dish now has a specific price per serving, and you can buy meal kits whenever you want without having to keep track of a recurring weekly delivery.

• Cost: $6.99 per serving plus upcharges for premium items
• Aggregate savings on this EveryPlate box to make it yourself: 40%
• Full review of EveryPlate

How I did the math

Using weekly menus available online for each of the seven meal kit services, I selected two standard offerings from each, making sure to mix up the protein type: a steak or premium red meat dish, a shrimp dish or a chicken or poultry option. (Sometimes the sandwich took the form of a burrito, wrap or tacos.)

Armed with in-store grocery prices from a Kroger in suburban Michigan (pretty much the median for current grocery prices in the US), I added up the prorated amounts for the specified quantities of each ingredient, then calculated the savings between the meal kit price and what you’d pay to make the same recipe by sourcing the ingredients yourself. 

To show my algebra, here’s an example from one of the kits:

• Meal kit cost: $11.99 per serving for two servings: $23.99
• Cost to make two servings via groceries: $12.14
• Savings to make this recipe yourself: 49%

Note that the only cost I was calculating here was food cost for a traditional meal kit model. I didn’t factor in delivery cost or promotional offers (which many meal kits offer on start-up, or for lapsed customers who return to the service)

I had to make some estimates for certain ingredients (e.g., approximately 6 teaspoons per fluid ounce or the weight of an average-sized potato), but those estimates were kept consistent across all meal kits. I chose the least expensive available brand for the ingredient, except when a particular brand or standard (such as organic) was specified. 

I indicated the percentage savings per item to do it yourself, but to come up with the aggregate savings per box, I added up the total value of all the ingredients in the box and divided it by the total price of the box, rather than taking the average of each of the three savings percentages. 

Some observations on value

“Value” can be difficult to quantify because your personal values shape how you perceive cost. Organic produce, more responsible packaging or a wider variety of recipes to choose from may play a greater role in your decision-making than the actual food costs calculated here. 

That said, the biggest disparity in value among the meals I calculated was indeed in the organic options: Green Chef and Sunbasket, because organic produce and the highest-quality proteins bought in-store were closer in price to their conventional items than the higher prices in those meal kit brands would have you believe. Sunbasket, curiously, has a pretty low cost per serving, but my calculations showed that you’re getting less in those boxes than in those with conventional ingredients.

I also calculated the cost of each ingredient, but your perception of cost may depend on whether you already have certain items in stock. For example, if you already have garlic powder on hand, you might not really count that as a cost, as you didn’t have to shell out for it in this week’s grocery purchase. (Those 11 cents’ worth of garlic powder aren’t probably making a huge difference in the bottom line anyway.)

On the other hand, a specialty ingredient that isn’t a staple — truffle dust, for example — will feel more expensive because you have to buy it outright to use only a portion of it, even though more remains for use in other recipes. (That particular specialty ingredient is going to hit you especially hard at the point of purchase, because it’s truffles.) 

Another consideration worth noting is that every recipe here calls for 10 ounces of shrimp. If your supermarket doesn’t have a seafood counter that allows you to buy in bulk, you might find that packaged frozen shrimp is only available in 12 ounces. I calculated the price for only the 10 ounces called for, but the actual outlay is higher, and chances are you’ll use all 12 ounces and not save 2 for the future.

Getting the most for your money with any meal kit

Given these calculations, I found that the best value, no matter which service you choose, is for premium-ish items that don’t come with a premium markup. Meat and seafood-based dishes will pretty much always incur higher DIY costs than vegetarian or pasta-based meals, which are cheaper for you to put together yourself, such that the difference between making those meals yourself versus getting them through a meal kit is far greater. 

The value really comes down to the availability of inexpensive proteins in your area. Shrimp availability in suburban Michigan in January inflated those DIY costs, which may not be the case on the coasts or in other seasons. To make the most of your meal kit money, no matter which brand’s menu you prefer, check local protein prices and choose your meals accordingly.

What more? Here are seven ways to maximize your meal kit service and the best meal kits for staying healthy in 2026.

from the blame-it-on-sassafras-patterdale dept

We’ve been covering the growing parade of lawyers submitting AI-hallucinated case citations to courts for a while now. It keeps happening, and courts keep having to deal with it. But the pattern is usually the same: a careless attorney uses ChatGPT to draft a brief, the fake citations get spotted by the opposing side or the judge, and sanctions follow. Embarrassing, but contained.

What happened in a California state appellate case decided this month is something far more insane (found via Bluesky). A hallucinated citation traveled through an entire legal proceeding — from a Reddit blog post to a client’s declaration to an attorney’s letter to the opposing attorney’s draft of the court order to the judge’s signature to appellate filings — and at no point along the way did anyone bother to check whether the case actually existed.

Oh, and the whole thing was about custody of a dog named Kyra.

The published opinion from California’s Fourth Appellate District lays out the chain of absurd failures. The court published the opinion specifically, it says, to emphasize a point that really shouldn’t need emphasizing:

We publish this opinion to emphasize that courts and attorneys alike have a responsibility to protect the legal system against distortion by fabricated law, particularly in this new era of hallucinated citations generated by artificial intelligence (AI) tools. In a system of precedents that is designed to achieve consistency, predictability, and adherence to the rule of law, the judiciary cannot function properly unless judges and lawyers confirm the authenticity of cited authorities and review them to evaluate their holdings and reasoning. When the participants fail to perform this basic function, it compromises these institutional values and diminishes faith in the judicial process.

Here’s how the case got there: Joan Pablo Torres Campos (Torres) and Leslie Ann Munoz dissolved their domestic partnership in 2022. Two years later, Torres wanted shared custody and visitation of Kyra (the dog). Munoz, represented pro bono by her cousin — attorney Roxanne Chung Bonar — opposed. In her opposition, Bonar cited two cases: Marriage of Twigg and Marriage of Teegarden.

Neither case exists. Or rather, the actual citations Bonar gave correspond to completely unrelated cases — one is a criminal case, and the other is a spousal support case from a different year with a different citation. But as cited by Bonar, with the holdings she described, these cases were pure fiction.

And where did the fake citations come from? Apparently a Reddit blog post. By someone named… Sassafras Patterdale. I am not joking:

Bonar did not submit any declaration of her own, but she submitted one from her client Munoz. Munoz explained that the Twigg case was discussed in a Reddit article a paralegal friend had sent her, and Munoz did not realize the case was fictitious. The Reddit article was attached as an exhibit to Munoz’s declaration. It was authored by “Sassafras Patterdale,” who was identified as “a blogger, podcaster, and animal rescuer, who writes about divorce, custody, and the messy, beautiful lives we weave.” The article was about pet custody battles. It cited “Marriage of Twigg (1984) 34 Cal.3d 926” as a “watershed” California Supreme Court case holding “that custody determinations must consider the emotional well, being [sic] and stability of the parties.”

The Reddit article did not include the parallel reporter citations and date of decision for Twigg that were included in Bonar’s opposition to the second motion to reinstate the appeal. Neither Bonar’s response to our order nor Munoz’s declaration explained where this additional fictitious information came from.

Advertisement

And then Torres’s own lawyer — a reminder: he’s the one who filed the lawsuit to get visitation with the dog — drafted the proposed court order and included the same fake citations the opposing party had used, without verifying them either.

And the court signed it. Because of course it did.

Torres’s counsel submitted a proposed Findings and Order After Hearing, which the court approved as conforming to its oral ruling. The order cited the fictional Twigg and Teegarden cases as follows:

“The Court notes the follow[ing] cases: Marriage of Twigg (1984) 34 Cal.3d 926 and Marriage of Teegarden (1995) 33 Cal.App.4th 1572 [(Teegarden)], in which the Court has to take the well-being and stability of the parties involved when deciding pet visitation and custody….”

So to recap: the fake citation originated on Reddit, traveled into the defendant client’s declaration, was used by the defendant client’s attorney, was then included by the opposing attorney in the draft order, and was signed by the judge. Nobody — not either attorney, not the judge — looked up the cases.

But that’s just the warm-up.

Torres appealed. His appeal was dismissed for failure to file an opening brief. He moved to reinstate it. In her opposition to that motion, Bonar — still representing Munoz — cited the fake cases again, this time telling the appellate court: “This isn’t new, courts decide these based on what’s best for everyone involved (Marriage of Twigg (1984) 34 Cal.3d 926; In re Marriage of Teegarden (1995) 33 Cal.App.4th 1572).”

Torres filed a second motion to reinstate, and this time finally pointed out that these were “invented case law.”

Now, a reasonable response to being told your citations are fabricated might be to quietly check, discover the problem, and apologize to the court — ideally with some groveling, in hopes of limited sanctions.

Bonar, however, chose a different path. She doubled down. Hard.

Bonar filed another opposition on behalf of Munoz. The opposition stated: “Appellant’s Claim of Fabricated Case Law is Baseless.” It asserted: “This is a grave accusation, but it is entirely unfounded and reflects Appellant’s own failure to conduct basic legal research. Both cases are valid, published precedents, and Appellant’s inability to locate them underscores the incompetence that led to his appeal’s dismissal.”

And then she went further, providing additional citation details for the fake Twigg case — parallel reporter citations, a specific date of decision — none of which appeared in the original Reddit article and all of which were also completely fabricated:

“Marriage of Twigg (1984) 34 Cal.3d 926: This is a legitimate California Supreme Court case, reported at 34 Cal.3d 926, 195 Cal.Rptr. 718, 670 P.2d 340, decided on July 5, 1984. The ruling addresses custody determinations in dissolution proceedings, emphasizing the importance of the emotional well-being and stability of the parties involved.”

None of those parallel citations correspond to a Twigg case. No California case by that name was decided on July 5, 1984. The additional details were just as fake as the original citation — almost certainly generated by an AI tool when Bonar went looking for backup. During oral arguments (i.e., well after the judge had already issued an order to show cause about the fictional citations) she finally admitted maybe she had used AI:

At oral argument, Bonar claimed she could not remember where this additional fictitious citation information came from. She acknowledged she did not have a paid subscription to a legal research service at the time, and she was using other online resources including AI for this purpose. She also conceded she may have obtained fictitious information about Twigg and Teegarden using AI tools.

But the cherry on top — the part where you have to put the ruling down and go for a walk just to remind yourself that some other part of the world is good — is that in this same filing where she doubled down on fabricated case law with additional fabricated details, Bonar accused opposing counsel of being the incompetent one and mocks them for being unable to search and find the non-existent cases.

Appellant’s assertion that no such case or parties exist is incorrect; a simple search for ‘Teegarden marriage California’ reveals the 1986 decision involving Anne and Byron Teegarden. This misrepresentation not only fails to prove misconduct but exposes Appellant’s counsel’s deficient preparation, which mirrors the neglect that caused the default.

Again: she called the lawyer who (eventually) correctly identified her fake citations incompetent for failing to find cases that don’t exist.

The court was not amused. It hit Bonar with $5,000 in sanctions — significantly more than the $1,500 that the same court imposed in a recent similar case — specifically because she “persisted in and aggravated the misconduct by providing additional fictitious citation information” and “still has not been completely forthcoming with this court.” The opinion is also being forwarded to the State Bar of California.

As for Torres, the appellant who did finally correctly identify the fake citations? He lost anyway. The court found that because his own lawyer drafted and submitted the order containing the fake citations without objecting or verifying them, he forfeited his right to challenge those citations on appeal. In other words: his lawyer helped propagate the hallucinated citations by including them in the draft order, and he can’t now complain about the very thing his lawyer failed to catch.

Torres forfeited his claim of error both by his affirmative conduct and his inaction. Although Munoz and Bonar were responsible for improperly citing these fictitious authorities in the first place, Torres’s own counsel affirmatively drafted and submitted the proposed order with these citations that was ultimately signed by the family court. And even though his own counsel drafted the order, Torres failed to object to the court’s reliance on these citations or call the court’s attention to the issue.

There’s a lesson here that goes well beyond “lawyers should verify their citations” — though they really, desperately should. This case shows how hallucinated AI output achieves a kind of credibility laundering as it passes through the system. The fake citation looked more legitimate in the client’s declaration because it had been in a blog post. More legitimate in the court order because it had been in the declaration. More legitimate in the appellate filing because it had been in the court order. At each step, someone assumed that someone earlier in the chain had already done the checking. Nobody had.

In a legal system built entirely on the idea that citations to precedent mean something — that every case cited in an order actually happened and actually stands for the proposition claimed — this kind of cascading failure is really, really bad. And as AI tools get better at generating plausible-sounding legal citations — complete with reporter volumes, page numbers, and dates — the obligation on every participant in the system to actually verify what they’re citing becomes that much more important.

The court itself apparently recognized that its “please just check your citations” message might need some institutional reinforcement. Its footnote at the end of the sanctions section quietly recommends that the Judicial Council consider adopting formal guidelines or rules requiring verification of citations — particularly in party-drafted orders submitted for a judge’s signature. Which is, in hindsight, an obvious hole in the system. But it took Sassafras Patterdale, a Reddit post, and a dog named Kyra to expose it.

Filed Under: ai, california, citations, dog custody, hallucinations, joan pablo torres, lawyers, leslie munoz, sassafras patterdale