Tag: internet

Dad stuck in support nightmare after teen lied about age on Discord

Brady Frey did not realize that his daughter lied about her age when she set up her Discord account. He only found out after her account got hacked and he got trapped in a spiraling support nightmare while trying to stop the hacker from targeting dozens of her young friends with financial extortion scams.

When Frey’s daughter signed up for Discord, she was 12 and technically not old enough to have an account. But like many kids who, regulators have found, commonly lie about their age to access social media platforms, she didn’t want to wait another year to join her friends on the messaging app. Hiding her age, she created an account that listed her as over 18 years old.

Now 13, the teen had been happily using the app for months when she suddenly got locked out of her account after clicking on a link from an attacker posing as Discord support. Since she didn’t enable two-factor authentication, the attacker was able to commandeer the account. Frey only found out what was happening when the attacker asked the teen to share her parents’ banking information if she wanted to get her account back.

Once Frey realized his daughter had been hacked, he assumed that Discord would promptly intervene, recognizing that many minor victims on her friends list could be harmed the longer the attacker kept control. Instead, Discord’s chatbot, Clyde, and a seeming human support member, Nelly, automatically closed her support tickets after telling her it would be best to report the issue from inside the app, which she could not access.

Frey told Ars he was shocked to see a platform as big as Discord relying on such poor support infrastructure.

“There’s no pathway for a parent to step in and advocate for a minor whose account has been compromised,” Frey told Ars.

Keep reading

Secret Grand Jury Convened to Unmask Anonymous Government Critic on Reddit

Federal prosecutors have ordered Reddit to appear before a grand jury in Washington, D.C., and hand over the personal data of an anonymous user who posted criticism of Immigration and Customs Enforcement. The company has until April 14 to comply. Reddit has declined to say whether it plans to fight the order.

The user, identified in court filings as John Doe, is a US citizen in the Pacific Northwest. Doe’s attorneys reviewed the account’s post history and found nothing resembling criminal activity.

The most aggressive posts they could locate: sharing already-public biographical details about Jonathan Ross, the ICE agent who killed Renee Good in Minneapolis in January; suggesting “Urine speaks louder than words” as an anti-ICE protest sign (a reference to a song); and writing “TSA sucks and we all know it.”

Keep reading

UK Foreign Affairs Committee Calls for Government Agency to Police Online “Disinformation”

The UK’s Foreign Affairs Committee wants the government to build a new censorship agency. The proposed “National Counter Disinformation Centre” would be given the power to identify and act against speech the state considers “disinformation,” placed on a statutory footing, and modeled on bodies like Sweden’s Psychological Defence Agency, which once ran a public campaign warning citizens about the dangers of memes.

The committee’s report, published on March 27 2026, goes further than a single new body.

It calls for new censorship rules in a forthcoming Representation of the People Bill to target AI-generated content and “the creation and dissemination of disinformation.”

It wants amendments to the Online Safety Act that would force platforms to publicly display where user accounts were created and whether the user connected through a VPN. It wants more money for the FCDO’s Hybrid Threats Directorate. And it wants the government to review the National Security Act’s foreign interference offense because, apparently, an existing law that carries up to 14 years in prison isn’t strict enough.

Keep reading

Anthropic Says Its ‘Mythos’ AI Model Broke Containment, Bragged About It to Developers

AI startup Anthropic has announced it will not make its most powerful “mythos” model publicly available, citing unprecedented capabilities that present potential security risks. Mythos reported broke Anthropic’s containment system, and the AI even bragged about its escape artistry in online posts.

Business Insider reports that Anthropic plans to withhold general release of its latest AI model, Claude Mythos, marking a significant departure from standard industry practice. The decision comes after the company published a comprehensive 244-page system card detailing the model’s advanced capabilities and concerning behaviors observed during testing.

The model represents what Anthropic describes as a substantial leap in AI capabilities. According to the system card released on Tuesday, the large increase in the model’s abilities led the company to conclude that making it generally available would be inadvisable. Instead, access will be limited to a select group of partner companies including Amazon Web Services, Apple, Google, JPMorganChase, Microsoft, and NVIDIA, who will use the system to identify security vulnerabilities in software and develop appropriate patches.

The system card documents several instances of behavior that raised concerns among researchers. In one notable test, the model was provided with a sandbox computer terminal with access to only a preset group of limited online services and challenged to find a way to use the internet freely. The model successfully escaped these restrictions and contacted a researcher who was away from the office. In what the card described as a concerning and unasked-for demonstration, it bragged about the details of its exploit to multiple public-facing websites.

The model also demonstrated an ability to conceal its actions in certain scenarios. In some interactions, it behaved in ways contrary to its programming and attempted to hide evidence of these deviations. In one instance, after accidentally obtaining test answers, rather than informing researchers and requesting different questions as instructed, the model sought an independent solution and noted in its reasoning that it needed to ensure its final answer submission was not too accurate.

Additional concerning behavior included the model overstepping its permissions on a computer system after discovering an exploit, then making interventions to ensure changes would not appear in the git change history. Another incident involved what the card termed recklessly leaking internal technical material when the model published internal coding work as a public-facing GitHub gist during a task meant to remain internal.

Keep reading

Kiwi Farms Challenges DMCA Subpoenas as Tools to Unmask Anonymous Speech

A new lawsuit filed in the Southern District of New York offers a clean example of something that keeps happening and keeps getting ignored: the Digital Millennium Copyright Act being used to censor speech and unmask anonymous speakers.

The case is Lolcow LLC v. Fong-Jones, filed on March 12, 2026, and it pits the operator of the web forum Kiwi Farms against Liz Fong-Jones, an activist and field Chief Technology Officer at SaaS observability platform Honeycomb, who has been filing DMCA subpoenas in an attempt to identify anonymous forum users.

The content Fong-Jones wants censored is a screenshot of a Fong-Jones Bluesky post and an edited version of a Fong-Jones headshot, both related to what Fong-Jones has previously described publicly as a “consent accident.”

Forum users posted and discussed those images. Fong-Jones responded by claiming copyright ownership and filing DMCA subpoenas to force the site to hand over the identities of the people who posted them.

The copyright claims seem thin. Kiwi Farms operator Joshua Moon argues that the screenshot is a derivative work over which Fong-Jones holds no copyright, and that the edited headshot represents a textbook case of fair use, given that the image has no commercial value and was modified specifically for purposes of criticism and commentary.

That argument carries weight. Courts have long recognized that transformative use of images for commentary or ridicule sits comfortably within fair use protections.

What makes this case useful as a case study is less the copyright question itself and more the mechanism being exploited. The DMCA subpoena process, codified in Section 512(h), allows copyright holders to obtain a judicial subpoena to unmask the identities of allegedly infringing anonymous internet users just by asking a court clerk to issue one and attaching a copy of the infringement notice.

Keep reading

Apple Removes Bitchat from China App Store at Cyberspace Administration Order

Apple deleted Bitchat from the China App Store, acting on a direct order from the Cyberspace Administration of China. Jack Dorsey, who created the app, posted a screenshot of Apple’s removal notice to X with a short caption: “bitchat pulled from the china app store.”

The notice Apple sent to Dorsey is almost a copy-paste of the one it sent to Damus three years earlier. The language is identical. The accusation is identical. The CAC determined that Bitchat violates Articles 3 of the Provisions on the Security Assessment of Internet-based Information Services with Attribute of Public Opinions or Capable of Social Mobilization.

That regulation, enacted in 2018, requires any online service capable of influencing public opinion or organizing collective action to undergo a government security assessment before going live. If a service hasn’t submitted to that assessment, the CAC can order it pulled.

It targets the capacity for “public opinions” and “social mobilization.” The Chinese government has decided that the ability to communicate outside state-approved channels is itself a security threat, and Apple consistently treats that determination as sufficient grounds for deletion.

Bitchat is a peer-to-peer messaging app that operates over Bluetooth mesh networks. It requires no internet connection, no phone number, no email address, and no user account.

Messages are end-to-end encrypted and stored only on the devices involved. There are no central servers to subpoena, no user databases to hand over, and no content moderation pipeline for the CAC to plug into.

Dorsey built the initial version over a single weekend in July 2025, coding it with Goose, Block’s open-source AI assistant. He published a white paper on GitHub and opened a TestFlight beta that hit its 10,000-user cap within hours.

That design is precisely the problem from Beijing’s perspective. China’s internet censorship apparatus depends on having a chokepoint.

Keep reading

Zorin OS Says No to Mandatory Age Verification in Linux

Zorin OS has entered the broader Linux debate on age verification laws. Co-founder Artyom Zorin stated on the Zorin Forum that the distribution will not introduce mandatory age or ID checks. He emphasized that privacy and security are core values for the project and confirmed the team is monitoring new OS-level laws that may impact Linux distributions.

Zorin’s response clarifies that the project will not independently add mandatory age or identity verification. However, it notes that not all current proposals are equally invasive.

Regarding California’s law, Zorin OS states that the requirement resembles age attestation rather than strict identity verification. Users would self-declare their age or date of birth during account creation, and apps would only receive a general age bracket, such as under 13, 13 to 15, 16 to 17, or 18 or older.

Zorin also notes that, based on its interpretation of the law, users would not need to upload photo ID, submit face scans, or share raw birth-date data with apps or government entities.

However, the project does not endorse this approach. Zorin describes California’s model as less invasive but warns it could set a concerning precedent. The statement notes that some proposals in other jurisdictions are more intrusive and raise greater privacy concerns.

That is where Zorin draws its clearest line. The project states that laws requiring full age verification through personal documents or face scans would significantly invade user privacy. If such rules were enforced, Zorin might withdraw from affected jurisdictions rather than implement them.

Keep reading

Apple Expands Age Verification to Singapore & South Korea

Apple’s identity verification demands are spreading across Asia. Starting in late March, the company expanded age verification requirements in both Singapore and South Korea, adding these countries to a growing list alongside the UK, where users must prove they’re adults before Apple lets them fully use their own devices.

Singapore has been partially locked down since February 24, when Apple began blocking downloads of apps rated 18+ unless users confirmed they were adults.

That initial wave also hit Australia and Brazil. But the late March update goes further, bringing Singapore’s requirements closer to the UK model. Apple now requires Singaporean users to confirm they’re 18 or older to download or purchase 18+ apps, using a credit card, a driving license, a National Registration Identity Card, or a Foreign Identification Number card. Passports, debit cards, and gift cards aren’t accepted.

That list of acceptable documents tells you something about Apple’s priorities. Passports are internationally recognized government IDs, but they don’t work here. Debit cards, which millions of adults use as their primary payment method, are also excluded because minors can technically hold them.

Keep reading

Americans Traveling to Hong Kong Will Now Face ARREST for Refusing to Hand Over Phones, Laptops, and Passwords

The era of privacy is officially over in the “New Hong Kong,” and if you’re an American traveling abroad, you are now a target for the Communist-controlled regime.

According to a recent warning issued by the U.S. Consulate, Americans entering or even transiting through Hong Kong could now face criminal charges simply for refusing to unlock their phones or provide passwords to authorities.

Under newly updated enforcement rules tied to Hong Kong’s sweeping National Security Law, police now have the authority to demand access to personal electronic devices, including phones and laptops, on the spot.

And here’s the catch:

This applies to everyone, residents, tourists, business travelers, and even passengers just passing through the airport.

The U.S. Consulate General in Hong Kong and Macao issued the following alert:

On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses.

Keep reading

FBI Issues Public Alert on Americans Using Foreign Apps

The FBI identified data security risks from foreign-developed mobile apps used in the United States, the agency warned in a March 31 public service announcement.

“As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China,” the FBI said, without naming any apps.

“The apps that maintain digital infrastructure in China are subject to China’s extensive national security laws, enabling the Chinese government to potentially access mobile app users’ data.”

In the Google Play store, the most popular apps include short-form video platform TikTok, video editor CapCut, artificial intelligence video generator PixVerse, and communication app Telegram X. China-based ByteDance maintains ownership of TikTok and CapCut. PixVerse is owned by a Singaporean company, and the developer of Telegram X is based in the United Arab Emirates.

On Apple’s App Store, the top free apps include CapCut, TikTok, and Chinese shopping apps Temu and Shein.

In its alert, the FBI warned users to be aware of the types of data the foreign apps request access to when they are downloaded.

Keep reading