Tag: internet

The KIDS Act: A Bipartisan Mass Surveillance Megabill

Just weeks after Americans criticized the United Kingdom for imposing intrusive and heavy-handed social media rules, Congress is now advancing legislation that raises strikingly similar concerns about government overreach, privacy erosion, and the expansion of online surveillance.

A bipartisan agreement on children’s online safety legislation unveiled by House Energy and Commerce Committee leaders would impose new obligations on social media platforms, while creating powerful incentives for companies to end online anonymity.

The proposal is part of the Kids Internet and Digital Safety Act (KIDS Act), an omnibus package that bundles together multiple bills, including the Kids Online Safety Act (KOSA), the SCREEN Act, the SAFE BOTs Act, COPPA 2.0, the SPY Kids Act, and more, as well as data broker provisions and research and education initiatives.

We obtained a copy of the bill for you here.

Committee Chairman Brett Guthrie and ranking Democrat Frank Pallone announced Monday that they had reached agreement on the legislation, which would require social media companies to provide additional safeguards and parental tools for minors. The lawmakers said it would “hold Big Tech accountable.”

“We worked across the aisle for many months and have now found common ground on policies to significantly improve the digital environment for kids,” Guthrie and Pallone said in a joint statement.

As always, under that framing lies a familiar and deeply controversial approach: imposing broad obligations on platforms that hinge on whether companies know a user is a minor, without clearly defining how that knowledge is supposed to be obtained.

Congress has tried for years to set national rules for social media and youth safety. Those efforts have repeatedly stalled, in part because of unresolved tensions between child protection goals and fundamental privacy rights. In the absence of federal action, states have moved ahead with their own laws, often pushing even more aggressive requirements.

One of the main disputes appears to have been resolved in favor of House Republicans. According to a committee spokesperson, the agreement does not include a “duty of care” provision, a requirement backed by many child-safety advocates and several Senate lawmakers.

The bill text states that nothing in it may be construed to “impose a duty of care on a provider of a covered platform.”

Keep reading

8 Frightening Forecasts For The Future Of Fraud

Fraud is entering a new era. Businesses across North America expect fraud trends like biometric fraud, deepfake scams, and synthetic identities to become more common in 2026 as criminals adopt faster and more sophisticated tools.

This visualization, created by Visual Capitalist’s Julia Wendling, in partnership with Inigo for the Fraud in Data campaign’s sixth post, uses data from the Sumsub Fraud Report 2025 to explore the fraud trends businesses believe will shape the future of digital risk.

Biometric Fraud Could Become the Biggest Threat

Surveyed businesses expect biometric fraud to rise the most, with 67% predicting an increase. As companies rely more on facial recognition, voice authentication, and remote onboarding, fraudsters are finding new ways to exploit those systems.

Deepfake technology is already making identity verification harder. In the future, AI-generated videos, cloned voices, and stolen biometric data could make fraud attempts more convincing and more scalable than ever before.

Businesses also expect synthetic identity fraud to grow, with 56% anticipating a rise. Criminals are increasingly combining real and fake information to create identities that can bypass traditional fraud checks.

AI and Deepfakes Are Changing Fraud Trends

Businesses expect fraud attacks to become more automated in 2026. Around 44% predict increases in advanced AI-driven attacks, deepfake scams, and forged identity documents.

Another 33% expect AI-generated fake profiles to rise as fraudsters use generative AI tools to impersonate real users online. These scams could become faster to produce and harder to detect across financial services, ecommerce, and digital platforms.

As fraud tactics evolve, businesses may need to shift from reactive fraud prevention toward real-time risk monitoring powered by machine learning and behavioral analysis.

Data Breaches Will Continue to Fuel Identity Fraud

Data breaches are expected to remain a major source of fraud risk. About 33% of businesses anticipate more identity theft linked to stolen personal data.

Organized fraud networks are also expanding, according to 22% of respondents. As cybercriminal groups become more coordinated, fraud operations could become increasingly global and industrialized.

The Future of Fraud Trends

Companies that invest in adaptive verification systems, stronger cybersecurity, and understand the data around fraud prevention may be better positioned to respond to the next generation of threats.

Keep reading

Apple’s New Subdomain Kills “Hide My Email” Cover

Apple is about to label every anonymous email address its paying customers generate, creating a new obstacle for privacy-conscious users.

Hide My Email, the iCloud+ feature that creates an alias “@icloud.com” address to shield your real inbox from apps and websites, has always worked because of one specific design choice.

The generated addresses were indistinguishable from any other iCloud account. An app receiving “randomword_terms_42@icloud.com” had no way to tell whether it belonged to someone generating anonymous aliases or to someone’s grandmother.

That forced services to treat all iCloud addresses equally because filtering out the anonymous ones meant filtering out millions of regular Apple customers too.

Starting later this summer, new Hide My Email addresses will use “@private.icloud.com” instead of plain “@icloud.com,” according to a developer notice the company posted Monday.

The “private” subdomain announces to any app or email provider on the receiving end that the person signing up doesn’t want to be identified and hands them a one-line domain filter to block those sign-ups entirely.

Apple presented the move as a domain unification, consolidating Sign in with Apple addresses (previously on “@privaterelay.appleid.com”) under the same new subdomain. The company told developers that existing addresses on legacy domains will keep forwarding mail and that app and email providers should update their filtering to accommodate the change.

The gap between “@icloud.com” and “@private.icloud.com” looks cosmetic but functions as a kill switch. Services can now ban all anonymous aliases without touching regular iCloud mailboxes, the same way they already block disposable email providers like Guerrilla Mail or Mailinator.

The plausible deniability that made Hide My Email useful, the inability for a service to prove an address was anonymous, disappears the moment Apple stamps it with a subdomain that says so.

Keep reading

Why Meta Suddenly Loves the Kids Online Safety Act

For years, Meta cast itself as the reluctant holdout against the Kids Online Safety Act, the one company that just could not bring itself to endorse a bill that was, at least on the face of it, written to protect children, but has an ulterior motive.

That resistance lasted right up until the Senate sweetened the pot. Once lawmakers bundled KOSA with a federal block on state AI laws and a national digital ID push, two measures Meta has spent millions lobbying to win, the company located its conscience and decided the bill was tolerable after all.

POLITICO reported that the conversion arrived the moment the Senate paired KOSA with the App Store Accountability Act, a digital ID bill aimed squarely at app stores. Meta now sits beside Microsoft, Apple, X, Snap, and Pinterest, all of them cheering for the legislation. It makes for an awkward look; a law sold to the public as a leash on the biggest platforms, when most of the biggest platforms turn out to be holding the leash.

As we’ve said many times before, and it seems we’re having to now say on a daily basis, verifying how old you are means proving who you are. The systems that estimate your age want a government ID, a face scan, or enough surveillance of your behavior to make an educated guess. None of them confirm your age and nothing else; they confirm your identity and keep a copy, so the platform that once let you be a username now wants your legal name on file.

So why would a company that lives off your data fight to make you surrender more of it? The App Store Accountability Act would order Apple and Google to verify ages at the store, which would load the cost and the legal risk onto the two companies that run the stores. Its own apps pick up no new obligation at all. Meta collects the identity-checked internet it has wanted for years and gets to look like a bystander while Apple and Google play the heavy.

The deeper payoff is older than this bill. Meta has dreamed of a real-name internet since Facebook’s early days, back when it enforced an authentic-identity rule until the public revolt made the policy too expensive to keep.

“Age verification” revives that dream by statute and applies it to everyone, with the invoice mailed to somebody else. A network of confirmed, identity-linked humans is also a network where the bots that annoy advertisers thin out, and ad space attached to real people fetches a premium. Protecting children is the version for the cameras; the version that moves the company sits on the balance sheet.

The less advertised half of the package lives in the preemption language. A handful of states have started writing their own AI rules, some governing how companies grab biometric data and let algorithms make decisions about residents. A federal block would bulldoze those efforts and erase one of the few places ordinary people can still object to how these systems treat their information.

Meta strolls away with a single, gentler national standard while residents lose the local protections they had started to build and the whole trade gets filed under everyone wins, as long as “everyone” means Meta.

The bundle also tucks in the NO FAKES Act and this is where the child-safety wrapping paper comes off completely. The bill would let anyone sue over an “unauthorized digital replica” and would hit platforms with heavy penalties for failing to obey its demands, among them fast removal of flagged content and policies to cut off repeat offenders.

A company staring down those fines for guessing wrong on a hard case will pull lawful speech first and worry about the details later. What the bill builds is a takedown machine, with the lever handed to whoever complains the loudest.

The actors’ union SAG-AFTRA has been pushing the bill hard from the other side, gathering more than 16,000 signatures on an open letter that frames it as a shield against deepfakes used in scams, fake endorsements, and the replacement of human performers. “Unchecked AI can ruin lives,” union president Sean Astin said and on that narrow point, he has a fair case. The trouble is what the rest of the bill does and how it curbs satire and parody.

The latest version came back last month from a bipartisan group that includes Senators Marsha Blackburn, Chris Coons, Thom Tillis, and Amy Klobuchar, with OpenAI, YouTube, and IBM applauding from the wings. The Senate Judiciary Committee takes it up Thursday.

Keep reading

Telegram Founder Warns UK Social Media Ban Is Digital Iceberg About To Sink The Free Internet

Telegram founder Pavel Durov told the Freedom Forum audience in Oslo that Western societies have already struck the iceberg and started sinking – yet most citizens remain in their cabins, convinced the ship of personal freedoms is unsinkable.

His remarks arrive precisely as Keir Starmer’s government rams through a social media ban for under-16s that functions as the perfect pretext for mandatory digital ID, device-level scanning on every phone, and the practical elimination of anonymous speech online.

The policy is dressed in the familiar language of child protection. In practice it requires every major platform to verify ages with facial scans, passports or credit card data. What starts as a restriction on minors rapidly becomes a national system of internet passports.

Encrypted messaging apps currently sit outside the ban, but the same Online Safety Act framework already contains the levers to demand backdoors later. Tech executives who refuse to turn every smartphone into a government scanner face up to five years in prison.

Durov drew on two decades running major platforms and direct experience with state pressure in Russia, the EU and France. The core message was unmistakable.

“Our ship has already hit the iceberg. We have already started to sink without even realizing it. And I’m talking about the ship of our personal freedoms.”

Keep reading

UK Tech Minister Hints at Potential VPN Ban to Enforce Social Media Restrictions

The British government has suggested it may ban VPN services as it seeks to enforce its upcoming social media ban for children under 16.

The censorious left-wing UK government said that it will announce plans for Virtual Private Networks (VPNs) next month amid growing questions about how it intends to ensure that children do not subvert the upcoming social media prohibition.

Critics have warned that the social media ban for under-16s will require the state to implement a digital ID system to verify internet users’ ages, potentially impacting the privacy of all citizens, including law-abiding adults.

Others have also questioned what the government intends to do about children who simply use VPNs to mask their IP addresses and access the internet from countries that don’t prohibit children from using social media sites.

While VPNs were once mostly used by people in authoritarian countries like Communist China, Islamist Iran, or Vladimir Putin’s Russia to unblock vast swathes of the internet, they have grown in popularity in Western countries in recent years amid rising state censorship.

Indeed, according to data collected by the IT Asset Management Group, Google searches for “VPN” rose by 165 per cent after Prime Minister Sir Keir Starmer formally announced plans to ban social media for those under 16 on Monday, City AM reported.

Technology Minister Liz Kendall told the BBC on Tuesday morning that the government will “make further statements in July about VPNs and further restrictions.”

Keep reading

France’s Own Hack Is the Best Argument Against Its War on Encryption

Brussels and a run of European governments, France loud among them, have spent the past few years treating strong encryption as a problem to be solved.

The argument behind proposals like Chat Control is that the state needs a way to scan private messages to keep people safe and that it can be trusted to hold that kind of access without abusing it or losing control of it.

But France just handed that argument an awkward rebuttal. Tchap, the messenger the French government built for its own civil servants, got breached.

France’s National Cybersecurity Agency, ANSSI, detected the compromise on June 7, and DINUM, the digital affairs directorate that runs the platform, blocked the account involved and published an incident notice.

The intrusion broke neither the encryption nor the servers. Someone hijacked a legitimate user account, which is all an attacker needs when any one credential is a key to the same building.

That detail is the part the backdoor crowd keeps refusing to absorb. The encryption on Tchap did its job. DINUM says private conversations stay end-to-end encrypted even when an account is impersonated and that the attacker could reach only the unencrypted public chat rooms any authenticated user is able to find.

Security researchers were quick to note what that reassurance skips over. An attacker wearing a real user’s identity can see whatever that account sees in the moment, private rooms included.

A government backdoor is exactly that, an access path bolted on beside working encryption and France just demonstrated it cannot keep one of those paths shut for a single weekend.

DINUM has notified CNIL, the French data protection regulator, because personal information may have surfaced in whatever the attacker viewed. The directorate described its handling of the intrusion in a press release.

“At this stage, the account originating the malicious requests has been identified. It was immediately blocked to remove the attacker’s persistent access and allow for a thorough analysis of the data they were able to access. The investigation continues, including the study of event logs, to identify the conversations that the attacker was able to access and the nature of the exfiltrated data,” DINUM said.

The directorate also pushed responsibility back toward its own users, reminding them where the safe lines were supposed to be.

“A message has been sent to all Tchap users reminding them that a public chat room can be found and joined by any user and that its content is not encrypted. In accordance with Tchap’s terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms: such exchanges should be reserved for private chat rooms.”

Keep reading

Britain Goes Full ‘Airstrip One’

In George Orwell’s 1984, Great Britain was just a province of Oceania named “Airstrip One” as a none-too-subtle nod to the U.K.’s role as host to the heavy bombers of U.S. Eighth Air Force during World War II.

Four decades past the real 1984, and there’s still no Oceania. But Britain looks more and more like Airstrip One as Parliament considers a bill opening up everyone’s smartphone to government supervision — and jail time for tech execs who don’t submit.

You had to figure this was probably coming, right?

Right.

Reclaim the Net reports that “Ministers are reportedly drafting a law that would force Apple, Google, and the rest to make it impossible for a child to send, receive, view, or share a single nude image, with the executives who refuse facing up to five years in prison.”

That might sound all well and good, but as usual, For the Children™ is little more than the government’s justification for total surveillance.

“You cannot block every naked picture someone might stumble across without inspecting every picture, every message, every video call, every streamed film, on every device, all the time,” Reclaim noted, with nudity serving as “the excuse and the unbroken view into your phone is the actual prize.”

The industry term is “client-side scanning,” which sounds much nicer than “a government mandated app that looks at everything on your phone all the time.”

And even that sounds better than “Big Brother is Watching You,” which is exactly what it is.

As already required by Britain’s Online Safety Act, Apple and Google forcibly install age verification on every iPhone and Android device in the UK via app store updates.

No, it can’t be uninstalled.

Keep reading

Satellite station takes shape on city rooftop for secret US broadband provider

The first of dozens of dome-shaped antennas for a controversial satellite earth station in Auckland have been installed on an inner-city rooftop. 

2degrees has been contracted by an undisclosed US satellite broadband company to build the ground station on the roof of a building at 43 College Hill, Freemans Bay, the telecommunications provider told the Herald. 

The facility will eventually house 30 of the mushroom-like structures, each about 2m tall, and be used to relay swathes of data to and from satellites. 

A 2degrees spokesperson said the telco’s unnamed US client would “operate and maintain the ground station” once construction was complete. 

2degrees announced a partnership with AST SpaceMobile, a US company building the first space-based cellular broadband network, in March 2025, with plans to launch a satellite-to-mobile service that they hoped to begin testing from the middle of this year. 

The Kiwi firm was granted non‑notified consent from Auckland Council to build the rooftop station on June 24 last year, but the project courted criticism from nearby residents and community groups after construction began in January. 

Opponents told the Herald in February they were concerned about the scale and appearance of the installation, potential side effects from the radiofrequency technology and, more broadly, the council’s decision to approve the project without public notification. 

The council’s head of resource consents James Hassall said its staff had since met with two of the concerned residents but were unable to address their concerns, given the project was approved in line with regulatory standards. 

“Once a consent is granted, the only avenue for challenge is through an application for judicial review in the High Court,” Hassall said. 

“The council will monitor the site to ensure that the consent holder meets the conditions of the consent.” 

Keep reading

Nobody needs AI to search the Internet, court says in ruling against Google

Potentially impacting all AI search engines and chatbots known to poorly paraphrase source links, a German court has ruled that Google is liable for false statements in AI Overviews.

The preliminary ruling came in a case flagged by The Decoder, where two publishers found that Google’s AI Overviews incorrectly linked them to scams and other sketchy business practices. After smearing publishers by making affirmative statements like “Yes, [it] is known for dubious business practices and is often perceived as a scam,” Google failed to correct the misleading output, even after the publishers sent a cease-and-desist letter earlier this year.

Google tried the usual arguments to shield itself from liability for false statements in AI Overviews, such as arguing that most users understand that AI outputs aren’t always accurate and must be verified.

But the court found that, unlike traditional search engines that merely present lists of links to third-party statements, Google’s tool made “independent, new, and substantive statements” based on its own misinterpretation of links on the Internet.

That’s a problem, the court said, because while publishers may have been able to sue to stop third parties from publishing defamatory statements appearing in Google search results, only Google can correct the underlying algorithm and outputs displayed in AI Overviews. And because, at least initially, the company did not, it therefore “must be held accountable,” the court ruled. Beyond that, Google’s argument was deemed particularly weak, since the AI overview in this case “contains statements that do not appear in the search results at all.”

The court’s order—requiring a temporary injunction barring Google from spreading the false claims in any further AI Overviews—may have global implications, as the court seems to be the first to hold an AI firm liable for AI speech.

In the past, AI firms have hoped that disclaimers warning about misinformation would protect them from lawsuits over untrustworthy outputs. Last year, one chatbot maker even argued that AI speech is its own category of “pure speech” and the First Amendment should protect it.

According to a Google translation of the German court ruling, however, the false outputs were “primarily an expression of the defendant’s commercial activity,” and the AI tool’s “opinions” and false statements were capable of impacting public opinion.

The court concluded that, in weighing the balance, publishers’ interest in removing the false information outweighed Google’s commercial speech rights.

Keep reading