Tag: internet

Wired for war: The Israeli spy-tech machine strikes again

French authorities are investigating an alleged election meddling plot by an Israeli “information warfare” company targeting candidates critical of the Jewish state. The scheme – involving fake profiles and AI nudes – follows a familiar pattern.

Multiple intelligence agencies in France are investigating the work of BlackCore, an Israeli firm that allegedly carried out an interference campaign against three left-wing mayoral candidates in Marseille, Toulouse, and Roubaix in March, Reuters reported last on May 13.

All three candidates are members of France Unbowed (LFI), the party of left-wing presidential candidate Jean-Luc Melenchon. In Marseille, Sebastien Delogu was accused of rape by a pseudonymous blogger named ‘Sophie’, while bogus Facebook profiles and QR code stickers plastered around the city boosted the story. AI-generated ‘nudes’ of Delogu were also circulated online, along with captions mocking his support for Palestine.

Bot-boosted profiles posted disparaging stories about Francois Piquemal in Toulouse and David Guiraud in Roubaix. One page accused Piquemal of pedophilia, while another site portrayed LFI as the party of “Sharia law” and “a more Muslim France.” Presented as a “voting guide” for Muslims compiled by an Islamist group, the site was aimed at turning non-Muslim voters against the party, Le Monde reported.

An investigation by France’s Liberation newspaper and Israel’s Haaretz revealed on May 18 that BlackCore was behind the influence operation. According to Reuters, French authorities are now trying to establish who hired the company to intervene in the elections.

Keep reading

OnlyFans “Hack” Hoax Likely Used To Push Malware-Laced Leak Checkers

A cyber threat actor advertised a purported database of 340 million OnlyFans-linked user records on a well-known cybercrime forum, asking for 0.313 BTC, or roughly $76,000, according to U.K.-based cybersecurity news site HackRead.

The alleged “340 million OnlyFans user mega leak” narrative ran rampant on X this past holiday weekend, garnering millions of views from several accounts, which were described as nothing more than an engagement trap.

HackRead pointed out that “conversations with the seller and a review of sample data suggest that the collection did not result from a direct breach or scraping of OnlyFans systems.”

HackRead noted that:

The seller advertised the database as containing usernames, names, email addresses, phone numbers, follower counts, likes, uploaded content statistics, account types, and linked social media profiles. The claims initially gave the impression of a direct platform breach or scraping incident.

However, the story changed after Hackread.com contacted the threat actor directly on Telegram. In private messages, the seller clarified they did not hack or breach OnlyFans. Instead, they claimed the database was built using information collected from previous data leaks and public sources, including breached records from platforms such as TwitterInstagram, and Spotify.

We didn’t breach or hack OnlyFans,” the seller said in a message shared with Hackread.com. “We used existing breaches and leaks databases and matched with users of the OnlyFans platform.”

But that didn’t stop some X users from pushing the “OnlyFans is hacked” narrative.

As one X user pointed out, the hack story is “100% fake news,” and the “manufactured hoax is a masterclass in clickbait.”

The person said the “real trap” is that “hackers spreading these fake leaks are trying to panic you into downloading ‘leak checkers.’ The second you run those tools, they install infostealer malware, like Lumma Stealer, to steal your actual passwords.”

Keep reading

Hawaii To Pay Up After Trying to Criminalize Political Memes

Hawaii has agreed to pay $118,237.47 in attorney’s fees and costs to The Babylon Bee and local activist Dawn O’Brien, closing the books on a failed attempt to make some political satire a criminal act.

The state chose not to appeal a January ruling that struck down its so-called deepfake law, Act 191, as facially unconstitutional. It tried to ban speech. It lost. Now, taxpayers are covering the bill.

The settlement comes with an unusual wrinkle. Hawaii can’t actually pay yet. The agreement is contingent on the state legislature appropriating the funds during its next session, which runs from January to May 2027. If the legislature doesn’t approve the money by September 1, 2027, the Bee and O’Brien retain the right to file a formal motion for attorney’s fees, meaning the case would reopen and the final number could climb.

Act 191, signed by Governor Josh Green in July 2024, banned the distribution of “materially deceptive media” during election seasons if it risked “harming the reputation or electoral prospects of a candidate” or “changing the voting behavior of voters.”

The only escape for satirists was to slap joke-killing disclaimers on their content, disclaimers that had to appear throughout the entirety of a video and be printed in letters as large as any other text on screen. Violations carried fines, civil lawsuits, and jail time.

The law didn’t require anyone to actually be harmed or deceived. It punished speech based on a speculative “risk” of harm, a standard so vague that the person posting had no reliable way to know whether they were complying. US District Judge Shanlyn Park found that the law “muddies the line between compliance and noncompliance by forcing speakers to base their conduct on their own risk assessment, rather than on clear, objective standards.”

She noted the law created an “inherently subjective assessment for enforcement agencies” that “could conceivably lead to discretionary and targeted enforcement that discriminates based on viewpoint.”

Hawaii argued the law was needed to protect election integrity. Park acknowledged that interest but found the state couldn’t show it had chosen the least restrictive means.

Hawaii’s own expert agreed that digital literacy education would work, objecting only that it “would require a larger investment of resources” compared to a ban. Park cited the Supreme Court: “The First Amendment does not permit the State to sacrifice speech for efficiency.”

ADF legal counsel Mathew Hoffmann said: “Hawaii’s war against political memes and satire has come to an end, thankfully. The First Amendment doesn’t allow any state to choose what political speech is acceptable and censor speech in the name of ‘misinformation.’ That censorship is both undemocratic and unnecessary.”

Hawaii follows California, which lost a similar fight against the Bee. Minnesota’s version is still being litigated before the full 8th Circuit.

Keep reading

Incoming Chief of UK Speech Regulator Takes Aim at VPNs

Ian Cheshire, the government’s pick to run the UK’s speech regulator, appeared before the Science, Innovation and Technology Committee on Wednesday and laid out what amounts to an acceleration plan for online censorship.

He pledged to take on the “big tech bros,” branded VPNs as a “technical problem,” identified YouTube as needing a whole new set of regulatory powers, and hinted that Ofcom will ask the Treasury for more funding.

Before the hearing, Cheshire had “reached out to the Molly Rose Foundation because I wanted to understand its perspective.”

He had “quite deliberately” not met any mainstream tech companies. The Foundation has called Ofcom “slow, defensive and risk-averse” and demanded a new, broader censorship law within the first two years of this Parliament. The companies that might have raised concerns about overreach? Cheshire chose not to hear from them.

On VPNs, he told MPs: “Parliament has chosen to legislate on online safety; therefore, we should be acting on it. That is subject to the joys of VPNs and the other technical problems we have, but there is no reason not to go after the key harms that are there. As soon as they are visible, there is no reason why we cannot to do something about them.”

VPNs are legal privacy tools used by millions of people. Calling them “technical problems” tells you how the incoming chair views individual privacy relative to the state’s power to police speech. To a growing number of bureaucrats, privacy tools aren’t part of rights to be protected. They’re obstacles.

Ofcom already monitors UK VPN usage using an unnamed third-party tool and a group of peers has proposed banning under-18s from using VPNs entirely.

Cheshire told the committee that Ofcom will “need to deal with” the perception that “Ofcom is too timid and not moving fast enough.”

The Online Safety Act already lets Ofcom compel platforms to censor content under vague categories of “harm” that the regulator defines. It can fine companies up to 10 percent of global revenue and hold executives personally liable.

He singled out YouTube as “the biggest single challenge” and suggested Ofcom may need a “different toolkit” to “regulate effectively something like YouTube.”

The OSA’s codes of practice are still being rolled out. Ofcom hasn’t finished writing the existing rules and the incoming chair is already signaling they won’t be enough.

Keep reading

South Carolina’s New Social Media Law Puts Every User Under Age Surveillance

South Carolina Governor Henry McMaster signed H.B. 4591 on May 19, turning the Stop Harm from Addictive Social Media Act into a law that will reshape how every resident of the state uses major social media platforms.

The bill passed with almost no opposition, clearing the House 115-0 and the Senate 42-1. It takes effect January 1, 2027, and it brings with it a surveillance apparatus aimed at all users.

We obtained a copy of the bill for you here.

The law, sponsored by Rep. Brandon Guffey (R-York), requires covered platforms to repeatedly estimate and verify the age of every South Carolina account holder.

The stated goal is child protection. The way it claims to do that is continuous behavioral analysis of anyone who spends enough time on a platform, combined with escalating confidence thresholds and penalties of ten thousand dollars per violation if platforms get it wrong.

Here’s how the age estimation system works. Once an account holder hits 25 cumulative hours on a platform within six months (the “first trigger date”), the platform has 14 days to estimate whether that person is over 15, with 80% confidence.

At 50 hours (the “second trigger date”), the confidence requirement jumps to 90%. After that, the platform must update its estimate every 100 hours of use, or whenever it runs data analytics on the user for any other reason, whichever comes sooner.

That last clause is easy to miss and it means any time a platform runs its profiling algorithms on you for ad targeting, content recommendations, or anything else, it also has to re-evaluate your estimated age. The law essentially piggybacks mandatory age surveillance onto whatever commercial surveillance platforms already conduct, expanding the scope of both.

Because platforms face significant liability if they can’t meet these confidence thresholds, the law creates powerful incentives to harvest far more sensitive data about users than they do today, including about minors.

A platform that guesses wrong faces $10,000 per violation. A platform that overinvests in behavioral profiling to avoid those fines faces no penalty at all. The incentive structure points in one direction.

The bill claims it “does not create any duty on the part of a covered social media platform to request, collect, or retain any information from or about any account holder” and that age estimates must be “derived based on information collected and retained by the covered social media platform in the ordinary course of operation.”

This is the bill’s central fiction. Platforms that can’t achieve 80% or 90% confidence from existing data will need to collect more data, or face financial ruin from accumulated violations. The law doesn’t mandate new data collection in the same way that holding a knife to your wallet doesn’t mandate you hand over cash.

For users classified as children (under 16), the restrictions are extensive. Accounts require verifiable parental consent, with privacy settings locked to the most restrictive levels by default.

Platforms cannot show children profile-based feeds, profile-based advertising, or any “addictive interface features,” a category that includes infinite scrolling, auto-play video, push notifications, and display of personal metrics like reaction counts.

Keep reading

You can now legally request revenge and deepfake porn to be taken down. Here’s how

Online platforms are now required by law to remove non-consensual intimate images within 48 hours of reporting, as a federal law criminalizing the sharing of such content goes into full effect Tuesday.

President Donald Trump signed the Take It Down Act into law last year, which makes it illegal to publish online nonconsensual intimate visual depictions, real or artificially generated. But the act gave online platforms one year to create a process for removing such imagery within 48 hours of notification from users. If online platforms fail to do so, they could face civil penalties of $53,088 per violation. That one year deadline expired on Tuesday.

The provisions now going into effect ensure that tech companies “can no longer turn a blind eye to these horrifying abuses on social media,” Democratic Sen. Amy Klobuchar of Minnesota, who co-wrote the bill with Texas Republican Sen. Ted Cruz, said in a statement.

The Federal Trade Commission, which will enforce the law, sent letters to major online platforms last week warning them about compliance. That includes popular social platforms such as Meta, Snapchat, TikTok and X, along with gaming platforms and dating apps Bumble and Match Group, Reddit, Discord, Pinterest and tech giants Amazon, Alphabet and Microsoft.

Any business that “primarily provides a forum for user-generated content or regularly publishes, curates, hosts, or furnishes intimate content shared without consent,” is subject to the law, according to the FTC.

The other provision of the law applying to individuals who post non-consensual intimate imagery is already in effect. Violators can face fines and up to two years in prison.

Keep reading

Ottawa says use VPNs but kindly leave a backdoor for us

Public Safety Canada recently posted advice encouraging Canadians to use VPNs online to better protect their privacy.

It was sensible advice when taken out of political context.

I use a VPN and you should too. But it ultimately didn’t play well with the general public and backfired.

That’s because Ottawa is simultaneously telling Canadians to shield themselves online while major VPN and other encryption-based platforms are threatening to pull out of the country, all because of Bill C-22.

This contradiction has become typical of Ottawa. One arm of the federal government reminds citizens to lock their doors, while another is drafting legislation designed to make it easier to kick those doors down. The attitude extends beyond tech and into the real world, where lax bail laws are emboldening criminals.

Bill C-22, the Lawful Access Act, introduces sweeping powers that would compel digital service providers to retain highly sensitive user data and location history for up to 365 days without any evidence of a crime. More alarming still, it aims to force companies to build technical “backdoors”, so state agencies can easily extract user data.

Signal, NordVPN and Canadian-headquartered Windscribe have already issued an ultimatum threatening to pull out of Canada entirely rather than play a role in spying on Canadians.

Tech companies understand something politicians refuse to acknowledge: there is no such thing as a secure backdoor.

Keep reading

Ofcom and the Fantasy of Global Speech Control

Ofcom appears to believe that a website is a kind of television channel. This would explain a lot about what happened on Wednesday, when Britain’s speech regulator fined an American mental health and suicide discussion forum £950,000 ($1.3 million) for hosting speech that is legal in America, on servers in America, operated by Americans.

The site had already blocked British visitors from accessing it, voluntarily, as a gesture of goodwill, despite having no legal obligation to do so and despite Ofcom having no jurisdiction to demand it. Ofcom fined it anyway. The fine is unenforceable.

The site owes Ofcom nothing under American law. And even if the site had never blocked a single British visitor, Ofcom’s case would still make no sense, because a British regulator cannot fine an American citizen for legal American speech on an American server any more than the French postal service can fine you for what you write in your own diary.

Ofcom is the Office of Communications, the British government’s speech regulator. Americans don’t really have an equivalent because most Americans would never stand for one. The closest thing is the FCC, except imagine the FCC could also decide what you’re allowed to say on the internet and fine you if it disapproves.

Under the notorious Online Safety Act, passed in 2023, Ofcom gained the power to decide what speech is permissible online and to fine platforms that host speech the UK government doesn’t like.

That includes speech that is perfectly legal everywhere else on earth. It is, when you think about it for more than four seconds, absolutely mad.

Ofcom launched on December 29, 2003, stitched together from five separate regulators: the Broadcasting Standards Commission, the Independent Television Commission, the Office of Telecommunications, the Radio Authority, and the Radiocommunications Agency.

They all dealt with broadcasting, telecoms, or spectrum. They regulated transmitters, phone lines, and radio frequencies, all of which used publicly owned spectrum and publicly funded infrastructure to push content into British living rooms.

The airwaves belonged to the public. The transmitters were built with public money. If you were using national resources to broadcast to a national audience, it made sense that a national regulator got to set some terms. None of these five organizations were designed to have opinions about what a foreigner writes on a computer in Virginia.

The confusion starts with Ofcom not understanding what a website actually is.

A website does not push anything. Content sits on a server. A visitor actively goes to it and requests it. The data crosses borders only because someone on the other end typed in the URL. Website users are called “visitors” and not “viewers” for exactly this reason. They go to the site. The site does not come to them.

This is not a complicated distinction. A reasonably bright nine-year-old could grasp it over breakfast. Ofcom, apparently, cannot.

The regulator is treating a website in Virginia as though it were a transmitter on a hill in Surrey and claiming jurisdiction over the server rather than the person visiting it. It’s like fining an American for not stopping British citizens from mailing letters to them.

Keep reading

Days Away: The TAKE IT DOWN Act Creates a Censorship Mechanism With No Safeguards

The Federal Trade Commission sent letters to 17 major tech companies this week, warning them to comply with the Take It Down Act by May 19 or face fines of $53,088 per violation.

Amazon, Alphabet, Apple, Meta, Microsoft, TikTok, X, Reddit, Discord, Snapchat, Pinterest, Bumble, Match Group, Automattic, and SmugMug all got the same message from Chairman Andrew Ferguson.

We obtained a copy of the letter for you here.

“We stand ready to monitor compliance, investigate violations, and enforce the Take It Down Act,” Ferguson wrote.

“Protecting the vulnerable, especially children, from this harmful abuse is a top priority for this agency and this administration.”

The law, signed by President Trump in May 2025 with strong backing from First Lady Melania Trump, requires platforms to delete non-consensual intimate imagery (NCII), including AI-generated deepfakes, within 48 hours of receiving a removal request.

Platforms must also find and remove identical copies, provide clear notice about the removal process and let people track their requests. The FTC published a business guidance page alongside the letter spelling all of this out. The definition of “covered platform” is broad enough to capture social media, messaging apps, video sharing, gaming platforms, and essentially any site hosting user-generated content.

Nobody wants revenge porn circulating online. But the law Congress passed is far broader than the problem it claims to solve.

The TAKE IT DOWN Act borrows its structure from the DMCA’s already-controversial notice-and-takedown system, then strips out the safeguards.

Under the DMCA, a takedown request must include a statement under penalty of perjury. False claims can result in liability. There’s a counter-notice process so the person whose content was deleted can push back. TIDA has none of this. There’s no penalty for false claims, no counter-notice, no requirement that the filer prove anything before content disappears. A platform gets a complaint, has 48 hours, and deletes. That’s the entire process and exactly why the Take it Down Act introduces a new censorship mechanism.

The law defines a violation as involving an “identifiable individual” engaged in “sexually explicit conduct,” without defining that conduct narrowly.

Keep reading

Watching Porn on California’s Death Row

Under Governor Gavin Newsom, California has sought to transform its massive prison system into a Nordic-style rehabilitation program. Newsom has placed a moratorium on all executions, transferred condemned prisoners to facilities across the state, dismantled San Quentin State Prison’s death row, and turned the notorious prison into a therapeutic center, with artclassrooms, a café, and podcast studios.

As part of this transformation, the Newsom administration approved a $189 million contract to provide new digital tablets—generic, flat-screen devices in a plastic shell—to every inmate in the state prison system, at “no cost” to offenders. The administration heralded the effort to replace inmates’ old tablets—which were piloted in 2018 and given to nearly all prisoners by 2023—as a step toward “digital equity” for “justice impacted” individuals, who could, in theory, use the devices to contact their families, consume “educational” content, and “learn new technology.”

In reality, taxpayer-funded tablets have also been used for more lurid endeavors. In this exclusive City Journal investigation, we contacted dozens of death-row inmates, who told us that prisoners in the state system use such devices to watch pornography and have explicit sexual conversations. Some prisoners, according to a former high-ranking California corrections official, use their tablets to groom minors. Though the state has claimed to regulate explicit content, the inmates told us that users can easily evade detection.

When reached for comment, the California Department of Corrections and Rehabilitation said the tablets were “tightly controlled education tools” that provided inmates with “access to the Bible, education, and reentry resources that actually reduce crime.”

But inmates told us a different story. For some, the devices have become personal sex machines. In the words of one inmate, California’s death row is populated with desperately “horny” criminals who see the tablets as a way to satisfy their basest fantasies and desires—all thanks to the California taxpayer.

Keep reading