# Jane Manchun Wong > Personal site of Jane Manchun Wong — security researcher and software engineer known for reverse-engineering social and consumer apps. The site hosts long-form writeups, occasional tools, and an archive of cross-posts published on partner sites. The content is written by Jane and intended for human readers; this index is provided so language models can answer questions about the site without scraping HTML. Cross-posts link out to their original publishers. ## Pages - [Home](https://wongmjane.com) - [Blog](https://wongmjane.com/blog) - [About](https://wongmjane.com/about) ## Writing - [Your AI browser is one malicious
away from going rogue](https://browserbase.run/prompt-injection): Prompt injection is a natural consequence of mixing instruction-following models with untrusted content. The mitigation that scales is containment. (cross-posted on Browserbase) - [Waymo Is Working on a Gemini AI Assistant. Here’s the System Prompt](https://wongmjane.com/blog/waymo-gemini): First look at Waymo’s upcoming Gemini integration and the 1,200+ line system prompt that defines its behavior inside the robotaxi. - [Messenger Rooms Bug Bounty Write-up](https://wongmjane.com/blog/messenger-rooms-writeup): Unrestricted API calls as Messenger Rooms Guest - [Lyft is working on its own digital wallet called “Lyft Cash”](https://wongmjane.com/blog/lyft-cash): First look at Lyft’s unreleased digital wallet - [Instagram “Clips” clones TikTok’s video editor in prototype](https://wongmjane.com/blog/ig-clips): First look at Instagram’s totally-original unreleased Story video editor - [Medium tests to save webpages from the internet](https://wongmjane.com/blog/save-to-medium): First brief and technical look at Medium’s unreleased “Save To Medium” feature - [Uber tests to verify rides with a PIN](https://wongmjane.com/blog/uber-ride-pin): First look at Uber’s unreleased ride PIN verification feature - [Facebook hides like counts in experiment, too](https://wongmjane.com/blog/fb-hiding-likes): First look at Facebook’s unreleased experiment to hide like counts following Instagram - [Facebook Messenger tests Screen Sharing for mobile](https://wongmjane.com/blog/fb-messenger-mobile-screen-share): First look at Facebook Messenger’s unreleased Mobile Screen Sharing - [Facebook wants to manage Wi-Fi on your phone](https://wongmjane.com/blog/fb-wifi-auto-connect): First look at Facebook app’s unreleased Automatic Wi-Fi network management - [Spotify is working on Stories for Playlists](https://wongmjane.com/blog/spotify-stories): First look at Spotify’s unreleased Playlist Stories - [Instagram revamps Boomerang, creates Layout for Stories and more](https://wongmjane.com/blog/ig-story-camera-aug19): First interactive look at Instagram app’s unreleased revamped Boomerang for Stories, new Layout mode for Stories, new Story mode icons and more - [LinkedIn’s App Lock protects your privacy with fingerprint](https://wongmjane.com/blog/linkedin-app-lock): First look at LinkedIn’s unreleased biometric app lock - [LinkedIn’s Dark Mode is underway](https://wongmjane.com/blog/linkedin-dark-mode): First look at LinkedIn’s unreleased Dark Mode - [Facebook’s Dark Mode is underway](https://wongmjane.com/blog/fb-dark-mode): First look at Facebook app’s unreleased Dark Mode - [Twitter’s Search feature for Direct Messages is underway](https://wongmjane.com/blog/twitter-dm-search): First look at Twitter’s unreleased Search feature for Direct Messages - [Twitter ‘Snooze’ button lets you pause push notifications for a time](https://wongmjane.com/blog/twitter-snooze): First look at Twitter's unreleased Snooze feature ## Machine-readable indexes - [sitemap.xml](https://wongmjane.com/sitemap.xml): Standard XML sitemap of indexable on-site pages - [robots.txt](https://wongmjane.com/robots.txt): Crawler directives and AI content-usage signals