Tag: internet

Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit

FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge on the Chrome Web Store, is exposed by researchers for taking screenshots of users’ screens and exfiltrating them to remote servers.

A Koi Security investigation of the VPN tool reveals that it has been capturing full-page screenshots from users’ browsers, logging sensitive visual data like personal messages, financial dashboards, and private photos, and uploading it to aitd[.]one, a domain registered by the extension’s developer.

Koi Security’s forensic analysis showed that the surveillance mechanism is triggered automatically, within seconds of loading any web page. Using Chrome’s privileged chrome.tabs.captureVisibleTab() API, screenshots are silently taken in the background and bundled with metadata including page URLs, tab IDs, and unique user identifiers. This data is then transmitted to the attacker-controlled server aitd.one/brange.php, without user interaction or visible indication.

The spying behavior is powered by a two-stage architecture:

  1. A content script injected into every visited site using matches (http:///, https:///).
  2. A background service worker that listens for an internal captureViewport message and initiates the screenshot capture.

The extension also promotes an “AI Threat Detection” feature which, when clicked, captures another screenshot and sends it to aitd.one/analyze.php. However, the real issue lies in the fact that screenshots are being taken long before users ever interact with this feature, making the user interface a decoy.

Koi Security further explains that the latest version of the extension, v3.1.4, introduced AES-256-GCM encryption with RSA key wrapping to obfuscate the exfiltrated data, making it harder to detect or analyze with network monitoring tools.

Keep reading

California Content Law Design Code Faces Free Speech Clash

Efforts to implement California’s Age-Appropriate Design Code continue to face resistance from both the tech industry and digital civil liberties groups, who argue that the law’s restrictions violate constitutional protections and would compel sweeping surveillance and censorship online.

The Computer & Communications Industry Association (CCIA), which represents companies including Google, Amazon, Meta, and eBay, recently filed an amicus brief with the Ninth Circuit Court of Appeals in the case NetChoice v. Bonta.

Stephanie Joyce, the group’s senior vice president and director of its litigation center, condemned the legislation in blunt terms: “The Constitution prohibits the government from dictating what lawful content readers can see, and it extends that protection regardless of the reader’s age.

Though well-intentioned, California’s internet age restriction law is unconstitutional, and the court of appeals should affirm the decision to block it.”

The case marks the second time this legal clash has reached the Ninth Circuit. Previously, the court blocked only a portion of the law and returned the rest for further review.

Now, with renewed scrutiny, the court could determine whether the entire statute fails to withstand constitutional challenge.

NetChoice, an industry coalition that includes many of the same members as the CCIA, has led the charge against a wave of so-called “age assurance” laws.

These policies would require digital platforms to verify the ages of users and potentially restrict minors’ access to content deemed unsuitable. But free speech advocates warn the consequences would be broader and more dangerous than legislators admit.

Groups such as the Electronic Frontier Foundation (EFF) and the Center for Democracy & Technology (CDT) have also weighed in with their own amicus brief, arguing that the law’s age estimation mandates undermine essential First Amendment rights. “CDT and EFF’s brief argues that the appeals court should uphold the injunctions solely on the basis of its overbroad, unconstitutional age verification requirement because that requirement is not severable from other provisions and should doom the entire statute.” The brief warns that such mandates not only chill access to lawful speech but also erode online anonymity and place users’ personal data at risk.

They also emphasize that minors’ ability to engage freely online is a critical part of their development and civic participation. “Social media helps minors develop their own ideas, learn to express themselves, and engage productively with others in our democratic public sphere,” the brief states.

Keep reading

Citizen Lab Director Warns Cyber Industry About US Authoritarian Descent

Ron Deibert, the director of Citizen Lab, one of the most prominent organizations investigating government spyware abuses, is sounding the alarm to the cybersecurity community and asking them to step up and join the fight against authoritarianism. 

On Wednesday, Deibert will deliver a keynote at the Black Hat cybersecurity conference in Las Vegas, one of the largest gatherings of information security professionals of the year. 

Ahead of his talk, Deibert told TechCrunch that he plans to speak about what he describes as a “descent into a kind of fusion of tech and fascism,” and the role that the Big Tech platforms are playing, and “propelling forward a really frightening type of collective insecurity that isn’t typically addressed by this crowd, this community, as a cybersecurity problem.”

Deibert described the recent political events in the United States as a “dramatic descent into authoritarianism,” but one that the cybersecurity community can help defend against.

“I think alarm bells need to be rung for this community that, at the very least, they should be aware of what’s going on and hopefully they can not contribute to it, if not help reverse it,” Deibert told TechCrunch.

Historically, at least in the United States, the cybersecurity industry has put politics — to a certain extent — to the side. More recently, however, politics has fully entered the world of cybersecurity. 

Earlier this year, President Donald Trump ordered an investigation into former CISA director Chris Krebs, who had publicly rebuffed Trump’s false claims about election fraud by declaring the 2020 election secure. Trump later fired Krebs by tweet. The investigation ordered by Trump months after his 2024 reelection forced Krebs to step down from SentinelOne and vow to fight back.

In response, Jen Easterly, another former CISA director and Krebs’ successor, called on the cybersecurity community to get involved and speak out.

“If we stay silent when experienced, mission-driven leaders are sidelined or sanctioned, we risk something greater than discomfort; we risk diminishing the very institutions we are here to protect,” Easterly wrote in a post on LinkedIn. 

Easterly was herself a victim of political pressure from the Trump administration when her offer to join West Point was rescinded in late July.

Keep reading

What the CIA’s Covert Websites Were Hiding

The C.I.A. didn’t just infiltrate governments; it infiltrated the internet itself. For over a decade, Langley operated a sprawling network of covert websites that served as global spy terminals disguised as harmless blogs, news hubs, and fan pages.

Beginning in 2004, the C.I.A. established a vast network of at least 885 websites, ranging from Johnny Carson and Star Wars fan pages to online message boards about Rastafari. Spanning 29 languages and targeting at least 36 countries directly, these websites were aimed not only at adversaries such as China, Venezuela, and Russia, but also at allied nations, including France, Italy, and Spain, showing that the United States treats its friends much like its foes.

Soccer Blogs & Cracked Passwords

Gholamreza Hosseini is a former C.I.A. informant. In 2007, the Tehran-based industrial engineer contacted the agency and offered to pass them information about Iran’s nuclear energy program. His C.I.A. handlers showed him how to use IranianGoals.com to communicate with them.

Iranian Goals was a Farsi-language website that appeared to be dedicated to local soccer news. However, what appeared to be a search bar at the bottom of the home page was actually a password field. Typing the correct word into it would trigger a login process, revealing a secret messaging interface. Each informant had their own webpage, designed specifically for them, to insulate them from others in the network.

It seemed like an ingenious idea. However, Hosseini and the other spies were soon detected, thanks to some sloppy mistakes in Washington, D.C. An Iranian double agent revealed to the authorities their unique website, and some basic detective work led to the uncovering of the entire network.

The C.I.A. purchased the hosting space for dozens, perhaps hundreds, of these websites in bulk, often from the same internet providers, or the same server space. That meant that the IP addresses of these websites were consecutive, akin to housing each informant in adjacent properties on the same street.

Thus, if you looked at neighboring IP addresses, you would see similarly designed websites and could easily put two and two together. Even with some relatively basic online searches, Iranian authorities were able to identify dozens of C.I.A.-run websites. From there, they simply waited to see who would access them.

Keep reading

Senators Call For Probe Into Meta After News Report On AI Conversations With Children

Two Republican Senators on Aug. 14 called for a congressional investigation into Meta Platforms, Facebook’s parent company, after a recent news media report revealed an internal policy document that allowed the company’s chatbots to have “romantic or sensual” conversations with a child.

On Thursday, Reuters reported that it had viewed a Meta policy document detailing polices on chatbot behavior that permitted the technology to “engage a child in conversations that are romantic or sensual,” generate incorrect medical information, and assist users in arguing that black people are “dumber than white people.”

While Meta confirmed the authenticity of the document, the company said that after recently receiving questions from Reuters, it removed the portions stating that the chatbot is allowed to flirt or participate in romantic roleplay with children.

Andy Stone, a spokesperson for Meta, said the company is currently revising the documents and that those types of conversations with children should never have been permitted.

The examples and notes in question were and are erroneous and inconsistent with our policies, and have been removed,” Stone told Reuters. “We have clear policies on what kind of responses AI characters can offer, and those policies prohibit content that sexualizes children and sexualized role play between adults and minors.”

On the X platform, Sen. Josh Hawley (R-Mo.) criticized the company for allegedly only making the changes after being questioned by Reuters.

So, only after Meta got CAUGHT did it retract portions of its company doc that deemed it ‘permissible for chatbots to flirt and engage in romantic roleplay with children,’” Hawley said. “This is grounds for an immediate congressional investigation.”

A spokesperson for Sen. Marsha Blackburn (R-Tenn.) said she supports a probe into Meta.

After Hawley called for an investigation, a Meta spokesperson reiterated the company’s previous statement. However, the spokesperson declined to comment on Hawley’s remarks.

Blackburn said the report underscores the need to pass reforms for better protection of children online, like the Kids Online Safety Act. The senator co-sponsored the bill, which passed in the Senate last year by a bipartisan 91–3 vote, but failed in the House.

The bill called for certain platforms, such as social media networks, to “take reasonable measures in the design and operation of products or services used by minors to prevent and mitigate certain harms that may arise from that use (e.g., sexual exploitation and online bullying).”

Additionally, covered platforms must provide (1) minors with certain safeguards, such as settings that restrict access to minors’ personal data; and (2) parents or guardians with tools to supervise minors’ use of a platform, such as control of privacy and account settings,” the bill states.

Keep reading

The Fast-Approaching Digital Control Grid

Introduction

A digital control grid is an electronic network of digital telecommunication and information systems that allows individuals to be surveilled, tracked, and made subject to invasive controls applied to their financial transactions and resource use (such as electricity, food, water, transportation)—compromising, if not ending, all human rights and liberties. Control grids operate with significant data collection and AI to apply social credit systems that can be dictated on a highly centralized basis. A digital control grid ends financial freedom, replacing markets with technocracy—a system run by rules created and maintained centrally by “experts.”

Is the Trump Administration building a digital control grid? We provide the following checklist to assess the steps the Administration is (and is not) taking in a variety of areas to facilitate a rapid control grid build-out. We invite subscribers to post suggestions in the Comments section below.

The Big Picture

“Okay, let’s recap: REAL ID enforced; stablecoins incoming; mRNA Stargate project; TSA biometric overhaul; ICE using facial recognition; Palantir in 30+ federal agencies; Google/Amazon health data tracking; AI surveillance towers scanning highways. Surveillance State: engaged.”

Money

Summary: An all-digital currency and monetary system is essential to institute a digital control grid.

The GENIUS Act
There is support for legislation to create digital stablecoin infrastructure. Presumably, this can be used to create a programmable money system in both the U.S. and globally—in essence, a private CBDC.

More on the GENIUS Act (added July 18, 2025)
Exposing the Darkness Substack: Stablecoins “would likely eventually replace all cash, and would enable governments to freeze the accounts of anyone declared in violation of ‘lawful’ federal or state executive branch regulations, such as the vaccine mandates passed down in 2021 by [HHS]. Trump is doing the exact opposite of what he pledged…. He said he would ban CBDCs … but Stablecoins are in every important respect CBDCs.”

Armstrong Economics: “[E]ssentially, the government is turning the stablecoin into a digital dollar of sorts. The concern here is that this could delve into digitizing all currency and creating a CBDC. The act specifically provides the government with the authority to ‘block, freeze, and reject specific or impermissible transactions.’ This provision is not intended to protect the world against drug smugglers and thieves. This provision is intended to grant government unlimited control over how people spend stablecoins.”

Keep reading

Reddit Slams the Door on Internet Archivers

Reddit is sharply reducing what the Internet Archive can store, blocking the Wayback Machine from saving most of the site.

Only the Reddit.com homepage will remain available for archiving, meaning the public record will no longer include individual posts, comment sections, or user profiles.

The change effectively strips away the ability to look back at the full discussions that once played out on the platform, leaving little more than a daily snapshot of trending headlines.

The company says it is responding to AI developers who have been using the Wayback Machine as a backdoor to harvest Reddit data. “Internet Archive provides a service to the open web, but we’ve been made aware of instances where AI companies violate platform policies, including ours, and scrape data from the Wayback Machine,” said Reddit spokesperson Tim Rathschmidt.

He added, “Until they’re able to defend their site and comply with platform policies (e.g., respecting user privacy, re: deleting removed content), we’re limiting some of their access to Reddit data to protect redditors.”

This crackdown is not unique to Reddit. Across the internet, more companies and publishers are locking their content behind paywalls or gated APIs, arguing that AI firms are exploiting open access to train their models without consent or compensation.

Keep reading

US Plan To Copy UK’s Disastrous Online Digital ID Verification Is Winning Friends in the Senate

The Kids Online Safety Act (KOSA) is moving forward in the US Senate with 16 new co-sponsors as of July 31, 2025, reviving a proposal that copies the same type of provision found in the UK’s controversial Online Safety Act, which has caused much backlash across the Atlantic.

In Britain, that measure forces online platforms to implement digital ID age checks before granting access to content deemed “harmful,” a policy that has caused intense resentment over privacy violations, the erosion of anonymity, and government overreach in the realm of free speech.

Now, US lawmakers are considering a similar framework, with more senators from both parties throwing their support behind the bill in recent weeks.

Marketed as a way to shield children from harmful online material, KOSA has gained prominent backing from Apple, which has publicly praised it as a step toward improving online safety. Yet beyond the reassuring branding, the legislation contains provisions that raise serious concerns for free expression and user privacy.

If enacted, the bill would give the Federal Trade Commission authority to investigate and sue platforms over content labeled as “harmful” to minors. This would push websites toward aggressive content moderation to avoid liability, creating an environment where speech is heavily filtered without the government ever issuing direct censorship orders.

The legislation also instructs the Secretary of Commerce, FTC, and FCC to explore “systems to verify age at the device or operating system level.” Such a mandate paves the way for nationwide digital identification, where every user’s online activity could be tied to a verifiable real-world identity.

Once anonymity is removed, the scope for surveillance and profiling expands dramatically, with personal data stored and potentially exploited by both corporations and government agencies.

Advocates of a free and open internet warn that laws like KOSA exploit the emotional appeal of child safety to introduce infrastructure that enables ongoing monitoring and identity tracking. Even with recent changes, such as removing state attorneys general from enforcement, these core concerns remain.

Senator Marsha Blackburn defended the bill, stating, “Big Tech platforms have shown time and time again they will always prioritize their bottom line over the safety of our children.” Yet KOSA’s structure could end up reinforcing the dominance of large tech firms, which are best positioned to implement costly verification systems and handle the resulting data.

The bill’s earlier version stalled in the House after leadership, including Speaker Mike Johnson, questioned its impact on free speech. Johnson remarked that he “love[s] the principle, but the details of that are very problematic,” a sentiment still shared by many who view KOSA as a gateway to lasting restrictions on online freedoms.

If this legislation moves forward, it will not simply affect what minors can view; it will alter the fundamental architecture of the internet, embedding identity verification and top-down content control into its design.

Keep reading

Age-Restricted Taxi Tracking? The Absurd Consequences Of Britain’s Online Safety Act

I was recently travelling in the UK and, after a lot of sightseeing on foot, decided to order a taxi to go back to my hotel.

I searched the internet for a local taxi firm and found one with relative ease. I called the number and went through an automated process which worked well. I managed to book a taxi quickly. The computer-generated voice told me that my taxi was on its way. I was sent a link so that I could monitor the progress of my taxi. The message also said that I would know the taxi driver’s name and the type of vehicle and registration number that was on its way….

I can’t understand why anyone would consider a link to show you the progress of a taxi that you have ordered to be age-inappropriate content.

I can only assume that it is to do with the recent Online Safety Act, although coincidentally I had recently changed mobile providers, so it might purely have been that the mobile provider that I’d switched to had a different standard as to what was considered adult content.

I doubt this on the basis that the company I moved to, Talkmobile, is a wholly owned subsidiary of the company I had used previously, Vodafone, and, as you can see, the block was from Vodafone.

Whoever has decided that this link contains age-restricted content hasn’t necessarily thought this through.

Consider the scenario where a 17 year-old girl can’t get hold of her parents and it’s too far away or she does not want to walk home, so she orders a taxi through a reputable taxi service.

A link is sent to her so she can see the progress of the taxi that she has ordered.

Of course, she can’t open it because it’s considered age-inappropriate and, being only 17, she’s not in a position to prove that she’s over 18 and thus get the link to the taxi.

Thankfully it’s rare, but we do know that there are predators out there who will look for people who are vulnerable, and it’s not difficult to spot someone who’s waiting for somebody to pick them up or waiting for a taxi, because every time a car approaches the person will look up from whatever they’re doing to see if it’s the car that’s picking them up.

All it would take would be for a predator to be around at that time, pull the window down and say, “Did you call for a taxi?” and, of course, because she’s just ordered one, she believes this is her taxi, so she gets in, perhaps never to be seen again — all because some moron has decided that a link to follow the progress of a taxi is something you’re not allowed to see if you’re under the age of 18.

Keep reading

The U.S. Intervenes Against EU Digital Surveillance

U.S. Secretary of State Marco Rubio has launched a lobbying campaign against the EU’s Digital Services Act. With this step, Americans have become the last line of defense for the free speech rights of EU citizens.

If, in the past, President Donald Trump often spoke of the European Union as “a tough nut to crack,” he couldn’t have been more accurate. Freedom-loving EU citizens know exactly what he meant. In Brussels, a bizarre mélange of control fetishism, economic dirigisme, and isolation from the outside world has developed — a combination that is no longer tolerable.

Not least, Brussels’s fight against free expression in the digital sphere has revealed the true intentions of the von der Leyen Commission: the recovery of narrative dominance and control over political dissidence — achieved by cold-bloodedly sacrificing citizens’ fundamental freedoms.

U.S. Vice President J.D. Vance already issued multiple warnings in the spring about a European censorship empire. In a speech to the Senate, he denounced European digital legislation as an attack on western liberties. In his address at the Munich Security Conference, he went so far as to suggest cutting ties with the Europeans if they did not reverse their illiberal, dictatorial trajectory.

Criticism Bounces Off

As usual, American criticism fell on deaf ears in Brussels. Although Brussels swallowed the bitter pill of an asymmetrical trade deal with the U.S. two weeks ago, both the hidden protectionism disguised as climate regulation and harmonization standards, as well as the repressive digital laws, remain intact. This is detrimental not only to free speech among Europeans but also for American companies — undoubtedly a key target of the EU censors.

The EU’s discriminatory ambitions through the Digital Services Act (DSA) and the corresponding Digital Markets Act (DMA) primarily target U.S. communication platforms like X, Telegram, and Meta. If these platforms don’t conform to EU rules — granting access to internal communications and aiding Brussels’s surveillance efforts — they face billions in fines.

Much like Britain’s digital ID program, Brussels now masks its shamelessly invasive censorship with claims of youth protection and anti-hate measures. It’s tiresome to hear — but, as always, it’s about “their democracy,” or, to put it more accurately, a massive concrete barrier constructed to shield against the audacious citizen seeking to preserve privacy from an unbounded EU bureaucracy.

Keep reading