Update to my prior post: Google Analytics shows lower numbers for February 5.
Why?
Google Gemini suggests bots may be to blame.
The internet is full of “bots” (automated scripts from search engines or malicious actors).
Google Analytics has an industry-leading database of known bots and filters them out very aggressively to give you “human” data.
Jetpack also filters bots, but its list is different. Jetpack often catches fewer bots than Google, which usually results in Jetpack showing higher traffic numbers than GA.
Still unanswered: why did the bots swarm on that particular day?
Looks like disregarding the traffic is the correct choice.
Even with thousands of pages of blog posts, the Bredemarket website doesn’t get a ton of traffic.
But once a month or so, traffic jumps up dramatically for a single day.
For example:
On February 4, the site had 36 visitors and 50 views of 24 posts/pages.
February 4 statistics for bredemarket.com.
The next day, February 5, site stats zoomed up to 436 visitors and 817 views of hundreds of posts/pages.
February 5 statistics for bredemarket.com.
No idea why. Unlike April-May 2025, it wasn’t any individual post/page. No individual page had more than 16 views. And no identified source (Facebook, search engines, etc.) accounts for the jump.
If I knew why these surges happened, I’d try to make it happen more than once a month.
This is definitely an experiment. When I started, I had no idea how it would turn out. In the end I’m fairly satisfied with how NotebookLM repurposed my blog post as a YouTube video, but there were definitely some lessons learned to apply in future repurposing.
Ahref’s best way to get your product listed on LLMs
As we all know, there has been a partial shift from search engine optimization to answer engine optimization. The short version is that content performs well when it answers a question that someone proposes to a large language model (LLM) such as Google Gemini or ChatGPT.
So how do we optimize our content for LLMs?
Yes, I know I could have asked an LLM that question, but I still do some old school things and attended a webinar instead.
I live-blogged Wednesday’s webinar, hosted by the Content Marketing Institute and sponsored by Ahrefs. The speaker was Ahref’s Ryan Law, the company’s Director of Content Marketing. As is usual with such affairs, the webinar provided some helpful information…which is even more helpful if you use Ahref’s tools. (Funny how that always happens. The same thing happens with Bredemarket’s white papers.)
One of the many topics Law addressed was the TYPE of content that resonates most with LLM inquirers. Law’s slide 20 answered this question.
“LLMs LOVE YOUTUBE”
Law then threw some statistics at us.
“YouTube has fast-become the most cited domain in AI search:
1 in AI Overviews
1 in AI Mode
2 in ChatGPT
2 in Gemini
2 in Copilot
2 in Perplexity”
So even if it isn’t number 1 on some of the engines themselves, it’s obviously high, and very attractive to inquirers.
But what of people like me who prefer the portability of text? It’s easier to quote from text than it is to take a short snippet of a video.
YouTube covers that also, since it automatically creates a transcript of every word spoken in a YouTube video.
But…
Bredemarket’s problem
…most of the videos that Bredemarket has created have zero or few spoken words, which kinda sorta makes it tough to create a transcript.
For example, the “Landscape (Biometric Product Marketing Expert)” video that I frequently share on the Bredemarket blog for some odd reason is not only on WordPress, but also on YouTube. However, it has zero spoken words, so therefore no transcript.
“Yo, I’m the outlaw of this country sound, dropping rhymes that shake the ground.”
But I do have some YouTube videos with more extensive transcripts. And one of them suggests a possible solution to my desire to provide YouTube videos to LLMs.
Using Google’s NotebookLM to create videos from non-copyrighted material
A still from Bredemarket’s movie “Inside the EBTS.” Are you jealous, Stefan Gladbach?
The material wasn’t authored by me, but by the U.S. Federal Bureau of Investigation. (Which meant that it wasn’t copyrighted.)
What was it?
Version 11.3 of the Electronic Biometric Transmission Specification (EBTS).
A few of you are already laughing.
For those who aren’t, the EBTS is a fairly detailed standard dictating how biometric and biographic data is exchanged between the FBI’s Next Generation Identification (NGI) system and other federal, state, and local automated biometric identification systems.
As a standard, it’s not as riveting as a Stephen King novel.
And once I uploaded the movie to YouTube, YouTube created a transcript.
First 21 seconds of the YouTube transcript of the video above.
So this potentially helps Bredemarket to be visible.
And if I want to follow Ryan Law’s advice and repurpose my content for YouTube, NoteBookLM provides a method to do it.
Using Google’s NotebookLM to create videos from MY copyrighted material
Time for an experiment, the goal of which is to convert a Bredemarket blog post into a video with a minimum amount of effort.
NotebookLM can use either files or web links as source material for videos, so the easiest method to create my video is as follows:
Paste the web link to the blog post into NotebookLM.
Instruct NotebookLM to create a “Video Overview” from this single piece of content.
My blog post of choice is my post from earlier today, “Government Anti-Fraud Efforts: They’re Still Siloed.” The post contains a Gemini AI image of silos on the National Mall in Washington DC (inaccurately displaying the U.S. Capitol as NORTH of the Washington Monument). It also includes my text as well as links to outside sources such as the initial draft of H.R. 7270.
So let’s see what NotebookLM gives us.
The first thing that we get is Google’s summary of the content at the link.
NotebookLM’s summary of the web link I provided.
“1 source
The provided text examines the fragmented nature of U.S. anti-fraud efforts, arguing that current strategies lack a unified, government-wide approach. While the Stop Identity Fraud and Identity Theft Bill seeks to modernize identity verification through Treasury Department grants to states, the author contends that the proposal is too narrow. The legislative focus on mobile driver’s licenses and digital infrastructure fails to consolidate the many overlapping responsibilities held by the FBI, Secret Service, and FTC. This bureaucratic separation creates siloed operations where different agencies and state governments often work independently rather than as a cohesive front. Ultimately, the source suggests that despite new legislative attempts, the American response to identity theft remains decentralized and inefficient.”
But that’s just text. Time to create the video overview.
After I cklicked the “Video Overview” button in the upper right.
A while later…
Even with relatively minimal content, video creation isn’t immediate. It has to shape the content into a narrative video, after all. Sadly I forgot to time the result, but I received this video, “A Tale of Two Threats,” within a half hour.
A Tale of Two Threats (WordPress version). Created by Google NotebookLM based upon “Government Anti-Fraud Efforts: They’re Still Siloed.”
As is par for the course with NotebookLM, the narration is self-generated in a viewer-friendly form (“let’s pop the hood”). And it used my source material as a basis to narrate the tale of the U.S. Government’s responses to the “two threats” of terrorism and fraud. As my original blog post noted, the two responses have been quite different.
The video then takes portions of the blog post, including the list of agencies that are NOT part of H.R. 7270, as well as my example of what could happen if the Secret Service’s mission is compromised because of what some other agency is doing.
But it DOESN’T take other portions of my blog post, such as the potential shuttering of the Consumer Financial Protection Bureau, my reference to “evil Commie Chinese facial recognition algorithms,” or my graphic of silos on the Mall. NotebookLM generated its own cartoon graphics instead.
This image didn’t make the video, even though Google created it.
The final step
The first place where I uploaded the video was WordPress, so I could include it in this blog post. I’ll probably upload it to other places, but the second target is YouTube.
A Tale of Two Threats (YouTube version). Created by Google NotebookLM based upon “Government Anti-Fraud Efforts: They’re Still Siloed.”
And yes, there is a transcript. Although it took a few minutes to generate. So now the bot’s text is out there for the LLMs to find.
First 24 seconds of the YouTube transcript of the video above.
Grading the experiment
I’ll give the experiment a B. It’s not really MY video, but it encapsulates some of my views.
NotebookLM users need to remember that when it creates audio and video content, it doesn’t simply parrot the source, but reshapes it. You may remember the NotebookLM 20-minute “Career Detective” podcast of my resume, in which a male and female bot talked about how great I am. My blog post was processed similarly.
If I want something that better promotes Bredemarket to LLM users, I need to shape the blog post to do the following:
Address some question that the LLM user asks.
Include text that promotes Bredemarket as the solution to the inquirer’s problems.
Anyway, I’ll keep these tips in mind when writing…and repurposing…future blog posts.
When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.
The email
How many of you received this email yesterday?
Hello,
I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.
I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.
What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.
What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.
What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.
This sucks. I’m sorry. We will work very hard to make sure it does not happen again.
– Chris Best, CEO of Substack
My reaction
My jaded reaction?
“Yeah, right.”
Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.
So last night I went to Substack’s own Substack account @substack to see what it said about the matter.
At the time…nothing.
As far as I was concerned, my email and phone number MAY have been breached, or maybe not. Perhaps some nefarious actor was trying to make Substack look bad.
So I forgot about it.
The article
This morning I revisited the issue to see if any reputable organizations had written about it. Not finding a Washington Post article, I turned to TechCrunch. (I’ve been reading TechCrunch since the Arrington days.)
Newsletter platform Substack has confirmed a data breach in an email to users.
So TechCrunch relied on the same information I had. There was no indication that TechCrunch had reached out to Substack directly to confirm the authenticity of the email.
Then again, TechCrunch printed its article at 6:55 am PST, and it was still up an hour later at 8 am. If the email had been a scam, Substack would have contacted TechCrunch immediately.
So I guess the story is legit.
Three ways to inform users of a breach
The story goes well beyond Substack, since sites are breached all the time. As far as I’m concerned, the issue isn’t “if,” but “when.”
(And yes I’m looking at you, all Workday-using sites that set the app to require account creation. How will you respond when a jobseeker asks you how you will protect their data WHEN your site is breached?)
There are three ways to inform your users of a breach.
[Bitdefender] surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.
Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it.
Minimally inform them. What I’m calling the Substack method, where a breach is publicized via one easily-spoofed channel, and not on the platform itself.
Powerfully inform them. The KnowBe4 method, in which KnowBe4 confirmed on multiple platforms that a North Korean had successfully secured employment with the firm.
I’ve previously noted that one possible sign of a scammer is when they don’t initiate a LinkedIn connection to you, but instead want you to initiate a LinkedIn connection to them. When a scammer is scamming, they can’t blow through a few thousand connection requests every day, so it’s better if the victims initiate the connection request themselves.
I immediately thought of this when I received an email from a Gmail account to one of my odd accounts entitled “Thinking of connecting.”
Um…why not just do it?
Here’s the text with the scammer’s alleged name changed:
“I saw your profile on LinkedIn and wanted to say hello. I’m Melania.
“I’ve always been interested in learning about different professional paths. This is just a friendly intro for the start of the week—no expectations on my end.”
Obviously I didn’t respond. Because I have no idea who the Gmail account holder REALLY is.
A day later, I received a second message that included the following:
“Things are actually pretty smooth and manageable on my end as the Operations Manager at Estée Lauder, so I’ve had some extra time to catch up with my network. I’d love to hear how your side of the world is treating you whenever you have a moment.”
Again, I didn’t respond. I didn’t even ask for “Melania’s” Estee Lauder email address (again, the emails are from a Gmail account).
Then we got to day three. Remember how Melania said she had viewed my LinkedIn profile? This was the next question she asked:
“Is it snowing where you are?”
Obviously she hadn’t read anything, and I was getting bored, so I blocked her from all email addresses.
When the United States was attacked on September 11, 2001—an attack that caused NATO to invoke Article 5, but I digress—Congress and the President decided that the proper response was to reorganize the government and place homeland security efforts under a single Cabinet secretary. While we may question the practical wisdom of that move, the intent was to ensure that the U.S. Government mounted a coordinated response to that specific threat.
Today Americans face the threat of fraud. Granted it isn’t as showy as burning buildings, but fraud clearly impacts many if not most of us. My financial identity has been compromised multiple times in the last several years, and yours probably has also.
But don’t expect Congress and the President to create a single Department of Anti-Fraud any time soon.
Because this is government-wide and necessarily complex, the bill will be referred to at least THREE House Committees:
“Referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Financial Services, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.”
“9 (9) The National Institute of Standards and 10 Technology (NIST) was directed in the CHIPS and 11 Science Act of 2022 to launch new work to develop 12 a framework of common definitions and voluntary 13 guidance for digital identity management systems, 14 including identity and attribute validation services 15 provided by Federal, State, and local governments, 16 and work is underway at NIST to create this guid 17 ance. However, State and local agencies lack re 18 sources to implement this new guidance, and if this 19 does not change, it will take decades to harden defi 20 ciencies in identity infrastructure.”
Even in the preamble the bill mentions NIST, part of the U.S. Department of Commerce, and the individual states, after mentioning the U.S. Department of the Treasury (FinCEN) earlier in the bill.
But let’s get to the meat of the bill:
“3 SEC. 3. IDENTITY FRAUD PREVENTION INNOVATION 4 GRANTS. 5 (a) IN GENERAL.—The Secretary of the Treasury 6 shall, not later than 1 year after the date of the enactment 7 of this section, establish a grant program to provide iden 8 tity fraud prevention innovation grants to States.”
The specifics:
The states can use the grants to develop mobile driver’s licenses “and other identity credentials.”
They can also use the grants to protect individuals from deepfake attacks.
Another purpose is to develop “interoperable solutions.”
A fourth is to replace vulnerable legacy systems.
The final uses are to make sure the federal government gets its money, because that’s the important thing to Congress.
But there are some limitations in how the funds are spent.
They can’t be used to require mDLs or eliminate physical driver’s licenses.
They can’t be used to “support the issuance of drivers licenses or identity credentials to unauthorized immigrants.” (I could go off on a complete tangent here, but for now I’ll just say that this prevents a STATE from issuing such an identity credential.)
The bill is completely silent on REAL ID, therefore not mandating that everyone HAS to get a REAL ID.
And everything else
So although the bill claims to implement a government-wide solution, the only legislative changes to the federal government involve a single department, Treasury.
But Treasury (FinCEN plus IRS) and the tangentially-mentioned Commerce (NIST) aren’t the only Cabinet departments and independent agencies involved in anti-fraud efforts. Others include:
The Department of Homeland Security, through the Secret Service and every enforcement agency that checks identities at U.S. borders and other locations.
The Federal Trade Commission (FTC).
The Social Security Admistration. Not that SSNs are a national ID…but they de facto are.
And that’s just one example of how anti-fraud efforts are siloed. Much of this is unavoidable in our governmental system (regardless of political parties), in which states and federal government agencies constantly war against each other.
What happens, for example, if the Secret Service decides that the states (funded by Treasury) or the FBI (part of Justice) are impeding its anti-fraud efforts?
Or if someone complains about NIST listing evil Commie Chinese facial recognition algorithms that COULD fight fraud?
Despite what Biometric Update and the Congresspeople say, we do NOT have a government-wide anti-fraud solution.
(And yes, I know that the Capitol is not north of the Washington Monument…yet.)
Here’s a quote from Runar Bjorhovde, senior analyst for smartphones and connected devices at Omdia.
“I think the biggest step many biometrics players can take to prove their importance is within marketing — in addition to maintaining their current innovation. Actually explaining why these sensors are so important and what they enable can massively help to simplify them to users, consequently making the value easier to understand.”
Of all the KYx acronyms (Know Your Customer, Know Your Business, etc.), two that interest LinkedIn users are Know Your Employer and Know Your Employee. How do you fight fraudulent employers and employees? And how do your prospects learn about your fraud fighting?
I haven’t talked about vein biometrics in a while, so it’s good to catch up on an old Biometric Update article about Saint Deem.
“China has its first factory dedicated to manufacturing vein biometrics hardware, which will produce up to 2 million vein modules and devices a year. The factory is built by biometric technology firm Saint Deem, which develops vein recognition algorithms, software and hardware.”
I’m surprised that we haven’t seen a vein biometrics factory before now. Vein identification has been around forever. And if Amazon isn’t getting its devices from China, who is supplying them?
Bredemarket 