Tag: privacy

Tor Project received $2.5M from the US government to bolster privacy

The US government contributed over $2.5 million to the Tor Project in its 2023–2024 fiscal year, marking a continued but reduced financial relationship with the privacy-focused nonprofit.

The funds represent 35% of Tor’s $7.28 million in reported revenue, according to newly released financial disclosures.

The funding, primarily sourced through the US State Department’s Bureau of Democracy, Human Rights, and Labor (DRL), supports multiple high-impact projects aimed at strengthening internet freedom, especially in regions experiencing heavy censorship. The largest single contributor was DRL, providing $2.12 million. These funds were allocated across several major initiatives, including expanding Tor access in China, Hong Kong, and Tibet; developing a Tor-based VPN client for Android; combating malicious Tor relays; and migrating core network infrastructure to a more secure Rust-based implementation (Arti).

Keep reading

How new social media checks would change travel to US

The US is seeking to significantly expand its 

vetting of social media accounts for people who want to enter the country.

In 2019, during President Donald Trump’s first term, the US imposed a requirement that visa applicants disclose their social media accounts. The Department of Homeland Security (DHS) now aims to apply a similar requirement to another group: travellers from countries such as the UK, Japan and Australia whose citizens can enter the US without a visa.

The Trump administration argues that the rule change is necessary to ensure travellers entering the country “do not bear hostile attitudes” to the US and its citizens. Civil-liberties groups warn that the approach marks a sweeping expansion of federal surveillance over routine travel. Here’s what to know.

What exactly is the US proposing?

The US is proposing that foreign visitors from countries whose citizens can travel to the US without a visa, but must still apply online for advance authorisation, provide their social media history from the last five years. 

DHS did not respond to a query about what information applicants from visa-waiver countries would need to supply for the social media screening. (Visa applicants are required to list all social media identifiers they have used in the past five years.)

Applicants would also be required to supply, when “feasible,” a broad set of additional personal information: telephone numbers used in the last five years; e-mail addresses used in the last ten years; IP addresses and metadata from electronically submitted photos; family members’ names, residences, places and dates of birth, and phone numbers used in the last five years; and personal biometrics – fingerprints, DNA samples, iris scans, and facial images. The proposal does not clarify how biometric information would be collected. 

Keep reading

Governments Are Pushing Digital IDs. Are You Ready To Be Tracked?

Politicians push government IDs.

In a TSA announcement, Secretary of Homeland Security Kristi Noem sternly warns, “You will need a REAL ID to travel by air or visit federal buildings.”

European politicians go much further, reports Stossel TV producer Kristin Tokarev.

They’re pushing government-mandated digital IDs that tie your identity to nearly everything you do.

Spain’s prime minister promises “an end to anonymity” on social media!

Britain’s prime minister warns, “You will not be able to work in the United Kingdom if you do not have digital ID.”

Queen Maxima of the Netherlands enthusiastically told the World Economic Forum that digital IDs are good for knowing “who actually got a vaccination or not.”

Many American tech leaders also like digital IDs.

The second richest man in the world, Oracle founder Larry Ellison, says, “Citizens will be on their best behavior because we’re constantly recording and reporting everything.”

That’s a good thing?

“That is a recipe for disaster and totalitarianism,” says privacy specialist Naomi Brockwell. “Privacy is not about hiding. It’s about an individual’s right to decide for themselves who gets access to their data. A digital ID will strip individuals of that choice.”

“I already have a government-issued ID,” says Tokarev. “Why is a digital one worse?”

“It connects everything,” says Brockwell. “Your financial decisions, social media posts, your likes, things that you’re watching, places you’re going. You won’t be able to voice things anonymously online anymore. Everything you say will be tied back to who you are.”

Digital ID backers say the new ID will make life easier.

“You can access your own money, make payments so much more easily,” says the U.K.’s prime minister.

Yes, says Brockwell, “until those services start saying, ‘No, you can’t use our system.'”

Even without a digital ID, Canada froze the bank accounts of truckers who protested COVID-19 vaccine mandates.

With a digital ID, politicians could do that much more easily.

Keep reading

Porn Sites Must Block VPNs To Comply With Indiana’s Age-Verification Law, State Suggests in New Lawsuit

Indiana Attorney General Todd Rokita is suing dozens of porn websites, claiming that they are in violation of the state’s age-verification law and seeking “injunctive relief, civil penalties, and recovery of costs incurred to investigate and maintain the action.”

Last year, Indiana Senate Bill 17 mandated that websites featuring “material harmful to minors” must verify that visitors are age 18 or above. Rather than start checking IDs, Aylo—the parent company of Pornhub and an array of other adult websites—responded by blocking access for Indiana residents.

Now, Indiana says this is not good enough. To successfully comply, Pornhub and other Aylo platforms (which include Brazzers, Youporn, and Redtube, among others) must also block virtual private networks and other tools that allow internet users to mask their IP addresses, the state suggests.

This is an insane—and frighteningly dystopian—interpretation of the law.

Broad Anti-Privacy Logic

In a section of the suit detailing how Aylo allegedly violated the age-check law, Indiana notes that last July, “an investigator employed by the Office of the Indiana Attorney General (‘OAG Investigator’) accessed Pornhub.com from Indiana using a Virtual Private Network (VPN) with a Chicago, Illinois IP address.”

“Defendants have not implemented any reasonable form of age verification on its website Pornhub.com,” the suit states. It goes on to detail how Indiana investigators also accessed Brazzers.com, Faketaxi.com, Spicevids.com, and other adult websites using a VPN.

Keep reading

Privacy For The Powerful, Surveillance For The Rest: EU’s Proposed Tech Regulation Goes Too Far

Last month, we lamented California’s Frontier AI Act of 2025. The Act favors compliance over risk management, while shielding bureaucrats and lawmakers from responsibility. Mostly, it imposes top-down regulatory norms, instead of letting civil society and industry experts experiment and develop ethical standards from the bottom up.

Perhaps we could dismiss the Act as just another example of California’s interventionist penchant. But some American politicians and regulators are already calling for the Act to be a “template for harmonizing federal and state oversight.” The other source for that template would be the European Union (EU), so it’s worth keeping an eye on the regulations spewed out of Brussels.

The EU is already way ahead of California in imposing troubling, top-down regulation. Indeed, the EU Artificial Intelligence Act of 2024 follows the EU’s overall precautionary principle. As the EU Parliament’s internal think tank explains, “the precautionary principle enables decision-makers to adopt precautionary measures when scientific evidence about an environmental or human health hazard is uncertain and the stakes are high.” The precautionary principle gives immense power to the EU when it comes to regulating in the face of uncertainty — rather than allowing for experimentation with the guardrails of fines and tort law (as in the US). It stifles ethical learning and innovation. Because of the precautionary principle and associated regulation, the EU economy suffers from greater market concentration, higher regulatory compliance costs, and diminished innovation — compared to an environment that allows for experimentation and sensible risk management. It is small wonder that only four of the world’s top 50 tech companies are European.

From Stifled Innovation to Stifled Privacy

Along with the precautionary principle, the second driving force behind EU regulation is the advancement of rights — but cherry-picking from the EU Charter of Fundamental Rights of rights that often conflict with others. For example, the EU’s General Data Protection Regulation (GDPR) of 2016 was imposed with the idea of protecting a fundamental right to personal data protection (this is technically separate from the right to privacy, and gives the EU much more power to intervene — but that is the stuff of academic journals). The GDPR ended up curtailing the right to economic freedom.

This time, fundamental rights are being deployed to justify the EU’s fight against child sexual abuse. We all love fundamental rights, and we all hate child abuse. But, over the years, fundamental rights have been deployed as a blunt and powerful weapon to expand the EU’s regulatory powers. The proposed Child Sex Abuse regulation (CSA) is no exception. What is exceptional, is the extent of the intrusion: the EU is proposing to monitor communications among European citizens, lumping them all together as potential threats rather than as protected speech that enjoys a prima facie right to privacy.

As of 26 November 2025, the EU bureaucratic machine has been negotiating the details of the CSA. In the latest draft, mandatory scanning of private communications has thankfully been removed, at least formally. But there is a catch. Providers of hosting and interpersonal communication services must identify, analyze, and assess how their services might be used for online child sexual abuse, and then take “all reasonable mitigation measures.” Faced with such an open-ended mandate and the threat of liability, many providers may conclude that the safest — and most legally prudent — way to show they have complied with the EU directive is to deploy large-scale scanning of private communications.

The draft CSA insists that mitigation measures should, where possible, be limited to specific parts of the service or specific groups of users. But the incentive structure points in one direction. Widespread monitoring may end up as the only viable option for regulatory compliance. What is presented as voluntary today risks becoming a de facto obligation tomorrow.

In the words of Peter Hummelgaard, the Danish Minister of Justice: “Every year, millions of files are shared that depict the sexual abuse of children. And behind every single image and video, there is a child who has been subjected to the most horrific and terrible abuse. This is completely unacceptable.” No one disputes the gravity or turpitude of the problem. And yet, under this narrative, the telecommunications industry and European citizens are expected to absorb dangerous risk-mitigation measures that are likely to involve lost privacy for citizens and widespread monitoring powers for the state.

The cost, we are told, is nothing compared to the benefit.

After all, who wouldn’t want to fight child sexual abuse? It’s high time to take a deep breath. Child abusers should be punished severely. This does not dispense a free society from respecting other core values.

But, wait. There’s more…

Keep reading

House Lawmakers Unite in Moral Panic, Advancing 18 “Kids’ Online Safety” Bills That Expand Surveillance and Weaken Privacy

The House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade spent its latest markup hearing on Thursday proving that if there’s one bipartisan passion left in Washington, it’s moral panic about the internet.

Eighteen separate bills on “kids’ online safety” were debated, amended, and then promptly advanced to the full committee. Not one was stopped.

Ranking Member Jan Schakowsky (D) set the tone early, describing the bills as “terribly inadequate” and announcing she was “furious.”

She complained that the package “leaves out the big issues that we are fighting for.” If it’s not clear, Schakowsky is complaining that the already-controversial bills don’t go far enough.

Eighteen bills now move forward, eight of which hinge on some form of age verification, which would likely require showing a government ID. Three: App Store Accountability (H.R. 3149), the SCREEN Act (H.R. 1623), and the Parents Over Platforms Act (H.R. 6333), would require it outright.

The other five rely on what lawmakers call the “actual knowledge” or “willful disregard” standards, which sound like legalese but function as a dare to platforms: either know everyone’s age, or risk a lawsuit.

The safest corporate response, of course, would be to treat everyone as a child until they’ve shown ID.

Keep reading

Tourists to US would have to reveal five years of social media activity under new Trump plan

Tourists to the United States would have to reveal their social media activity from the last five years, under new Trump administration plans.

The mandatory new disclosures would apply to the 42 countries whose nationals are currently permitted to enter the US without a visa, including longtime US allies Britain, France, Australia, Germany and Japan.

In a notice published on Tuesday, the US Customs and Border Protection agency (CBP) said it would also require any telephone numbers used by visitors over the same period, and any email addresses used in the last decade, as well as face, fingerprint, DNA and iris biometrics. It would also ask for the names, addresses, birthdates and birthplaces of family members, including children.

CBP said the new changes to the Electronic System for Travel Authorization (Esta) application were required in order to comply with an executive order issued by Donald Trump on the first day of his new term. In it, the US president called for restrictions to ensure visitors to the US “do not bear hostile attitudes toward its citizens, culture, government, institutions, or founding principles”.

The plan would throw a wrench into the World Cup, which the US is co-hosting with Canada and Mexico next year. Fifa has said it expects will attract 5 million fans to the stadiums, and millions more visitors to the US, Canada and Mexico.

Tourism to the US has already dropped dramatically in Trump’s second term, as the president has pushed a draconian crackdown on immigrants, including recent moves to ban all asylum claims and to stop migration entirely from more than 30 countries.

California tourism authorities are predicting a 9% decline in foreign visits to the state this year, while Hollywood Boulevard in Los Angeles reported a 50% fall in foot traffic over the summer. Las Vegas, too, has been badly hit by a decline in visits, worsened by the rise of mobile gambling apps.

Statistics Canada said Canadian residents who made a return trip to the US by car dropped 36.9% in July 2025 compared with the same month in 2024, while commercial airline travel from Canada dropped by 25.8% in July compared with the previous year, as relations between the two countries plummeted.

The US has already started squeezing foreign tourism in other ways, slapping an additional $100 fee per foreign visitor per day to visit national parks, such as the Grand Canyon and Yosemite, on top of the regular admission fees. Nor will national parks have free admission on Martin Luther King Jr Day any longer: they will now only be free to visit on Trump’s birthday.

The notice gives members of the public two months to comment. The Department of Homeland Security, under which CBP operates, did not respond to media outlets’ requests for comment. Meta, which owns two of the biggest social media platforms – Facebook and Instagram – did not immediately respond to questions.

The Trump administration had already launched a more widespread crackdown on visas for people hoping to live and work in the country. US Citizenship and Immigration Services (USCIS) said in August that it will start looking for “anti-American” views, including on social media, when assessing the applications of people wanting to live in the US.

The administration has also demanded that prospective foreign students unlock their social media profiles; those who refuse will be suspected of hiding their activity. Several high-profile foreign-born students have been detained for voicing support for Palestinians. The social-media policy also applies to anyone applying for an H1-B visa for skilled workers, which are now also subject to a new eye-watering $100,000 fee.

As recently as last week, the administration told consular officials to deny visas to anyone who might have worked in factchecking or content moderation, for example at a social media company, accusing them in blanket terms of being “responsible for, or complicit in, censorship or attempted censorship of protected expression in the US”.

It has suggested reducing visa lengths for foreign journalists from five years to eight months, and has started demanding any visitors who are not from the 42 visa-exempt countries pay a new $250 fee.

CBP claims the authority to search the devices of any prospective entrant to the US. Although you can refuse, you may then be denied entry. While CBP said in 2024 it searched about 47,000 devices of the 420 million people who crossed the US border that year, experts said the number may be much higher under the new Trump administration.

There were already fears that the World Cup could become chaotic if US immigration raids continue at the same torrid pace.

Keep reading

The Encryption Double Life of Canberra

The Australian government is quietly relying on encrypted messaging to conduct sensitive business, even as it hardens its stance against public use of secure communications.

While the public faces increasing surveillance and legal pressure for using end-to-end encryption, senior officials are steering policy conversations into private digital spaces, shielding them from scrutiny under Freedom of Information (FOI) laws.

Since midyear, ministerial staff have been advising lobbyists, peak bodies and industry groups to avoid email altogether and submit reform proposals through the encrypted messaging app Signal.

Some of these exchanges have been requested using disappearing messages, ensuring there is no record retained on government systems.

Several sources confirmed to the Saturday Paper that this guidance is now common across a number of policy areas.

In addition to Signal, stakeholders have been encouraged to use phone calls for detailed conversations and limit the content of any written communications.

In at least one case, after a formal meeting, the follow-up came in the form of a verbal summary rather than the usual written recap sent by email.

While the government has maintained formal channels for official submissions, a secondary mode of policymaking is taking shape.

This mode operates out of reach of archiving protocols and public oversight.

One participant in this informal process described it as an effort to protect the early phases of policy development from outside scrutiny, arguing that “fluid thoughts and ideas” should be exempt from public record.

Yet the effect of these practices is to create a shadow layer of government consultation that leaves no trace and falls outside the accountability mechanisms intended to safeguard democratic participation.

Keep reading

This FTC Workshop Could Legitimize the Push for Online Digital ID Checks

In January 2026, the Federal Trade Commission plans to gather a small army of “experts” in Washington to discuss a topic that sounds technical but reads like a blueprint for a new kind of internet.

Officially, the event is about protecting children. Unofficially, it’s about identifying everyone.

The FTC says the January 28 workshop at the Constitution Center will bring together researchers, policy officials, tech companies, and “consumer representatives” to explore the role of age verification and its relationship to the Children’s Online Privacy Protection Act, or COPPA.

It’s all about collecting and verifying age information, developing technical systems for estimation, and scaling those systems across digital environments.

In government language, that means building tools that could determine who you are before you click anything.

The FTC suggests this is about safeguarding minors. But once these systems exist, they rarely stop where they start. The design of a universal age-verification network could reach far beyond child safety, extending into how all users identify themselves across websites, platforms, and services.

The agency’s agenda suggests a framework for what could become a credential-based web. If a website has to verify your age, it must verify you. And once verified, your information doesn’t evaporate after you log out. It’s stored somewhere, connected to something, waiting for the next access request.

The federal effort comes after a wave of state-level enthusiasm for the same idea. TexasUtahMissouriVirginia, and Ohio have each passed laws forcing websites to check the ages of users, often borrowing language directly from the European UnionAustralia, and the United Kingdom. Those rules require identity documents, biometric scans, or certified third parties that act as digital hall monitors.

In these states, “click to enter” has turned into “show your papers.”

Many sites now require proof of age, while others test-drive digital ID programs linking personal credentials to online activity.

The result is a slow creep toward a system where logging into a website looks a lot like crossing a border.

Keep reading

Twin Brothers Charged with Plotting to Delete Government Databases and Steal Private Info

Two Virginia twin brothers were arrested for their alleged roles in destroying government databases hosted by a federal government contractor, the Justice Department said on Wednesday.

Muneeb and Sohaib Akhter, both 34 years old, were indicted in November for allegedly plotting to destroy databases used to store government information.

Muneeb was charged with conspiracy to commit computer fraud and to destroy records, two counts of computer fraud, theft of government records, and two counts of aggravated identity theft, while Sohaib was charged with conspiracy to commit computer fraud, destroying records, and computer fraud.

Bloomberg News reported in May how the two former federal contractors had compromised data across many government agencies, which includes the Internet Revenue Service (IRS) and the General Services Administration (GSA).

The Akhter brothers also pled guilty in 2016 to federal charges of conspiracy regarding data breaches at the State Department and a cosmetics company. The two worked at Opexus, a federal contractor that helped process government records.

Keep reading