Tag: privacy

AI Safety Institute Debuts with Big-Name Backers and a Censorship Agenda

Common Sense Media’s Youth AI Safety Institute arrived at the Danish Parliament this week and the guest list is stacked with people who think you can’t be trusted to speak freely online.

Hillary ClintonUrsula von der Leyen, former Biden Surgeon General Vivek Murthy, Ofcom chief Melanie Dawes, and the head of an organization that wants to break end-to-end encryption are all gathering at Christiansborg Palace in Copenhagen to announce what they’d like to do next about AI and children.

The “next” part is where it gets concerning. The Youth AI Safety Institute, launched by Common Sense Media on May 5, says it will “complement efforts by regulators and policymakers to translate frameworks such as the EU AI Act, the Digital Services Act, and the UK Online Safety Act into practical protections for child-safe AI.”

Those three censorship laws represent the most aggressive government-directed speech suppression regimes currently operating in the Western world. The Institute isn’t questioning them. In fact, it wants to help implement them and push them further.

The summit, titled “Keeping Our Children and Families Safe in the AI Era,” is co-hosted by Common Sense Media, Save the Children Denmark, and Margrethe Vestager, who spent years as the European Commission’s executive vice president building the regulatory architecture that now lets EU officials order platforms to delete content.

More than 200 policymakers, tech executives, and civil society figures are expected. King Frederik X of Denmark is giving the opening address. The Duchess of Edinburgh will attend. Danish Prime Minister Mette Frederiksen is on the bill.

And so is Pinterest CEO Bill Ready, whose company helped pay for the Institute’s creation.

Keep reading

France Moves to Break Encrypted Messaging

France’s intelligence delegation in parliament has formally backed breaking the encryption that protects WhatsApp, Signal, and Telegram conversations, recommending that magistrates and intelligence agents be granted what lawmakers describe as targeted access to messages that platforms currently cannot read even themselves.

The delegation, an eight-member body composed of four deputies and four senators, published its conclusions on Monday after months of work on a question that keeps returning to the French Parliament. “The inability to access the content of encrypted communications constitutes a major obstacle for the work of the justice system and intelligence services,” the delegation wrote, framing end-to-end encryption as a problem to be solved rather than a protection to be preserved.

The technology end-to-end encryption uses is precisely the thing the delegation wants weakened. Decryption keys live on user devices, not on company servers, which means the platforms holding your messages genuinely cannot read them. That’s the design and the point. Strip that property away and the protection collapses because a system that lets investigators read messages on demand is also a system that can be abused, leaked, subpoenaed, or hacked.

French police and intelligence services have spent years complaining about this tech. They can still intercept old-fashioned phone calls and SMS messages with a judge’s warrant but encrypted platforms route around that capability entirely.

Keep reading

Europe Wants To Ban VPN Privacy

The European Union is now openly discussing restricting VPN access as part of its expanding online age-verification system, which demonstrates precisely where the entire digital agenda has been heading from the beginning. They always introduce these systems under emotionally untouchable justifications such as child safety or combating terrorism, but once the infrastructure is in place, the scope inevitably expands.

According to a new European Parliament briefing, officials are concerned that users are bypassing online age-verification requirements via VPNs, and the report notes a surge in VPN usage in countries implementing stricter digital controls. The proposal being discussed is to potentially restrict VPN access itself to those above a so-called “digital age of majority.” In other words, they are now targeting the very tools people use to protect their privacy online.

For readers who may not use these services personally, a VPN simply encrypts your internet traffic and masks your location, preventing internet providers, corporations, and governments from monitoring everything you do online. Businesses use them constantly, financial institutions rely on them, journalists use them, and ordinary people use them simply to avoid being tracked across the internet.

The problem from the government’s perspective is that VPNs interfere with surveillance. Europe’s Digital Services Act has already pushed platforms toward mandatory age-verification systems that increasingly require identification documents, facial scans, or biometric verification simply to access online content. Once users began using VPNs to avoid those systems, regulators immediately shifted toward framing the VPN itself as the threat. This is how these systems always evolve, because the objective is never merely regulation, it is compliance and visibility.

What they are building is effectively a digital identity system where access to information requires permission. People fail to understand how dangerous this becomes once connected to the broader European agenda involving CBDCs, centralized digital IDs, online speech regulation, and financial monitoring. These are not isolated policies appearing randomly at the same time. They are interconnected components of a single structural transition toward centralized digital control.

First they regulate speech under the justification of misinformation. Then they regulate platforms under the justification of safety. Then they require identity verification under the justification of protecting children. Finally they target anonymity itself by restricting the tools people use to avoid surveillance.

This fits perfectly within the broader cycle unfolding in Europe, where declining economic confidence and political instability lead governments toward greater centralization and control. Historically, governments facing crisis do not voluntarily reduce authority, they expand surveillance, tighten restrictions, and attempt to maintain control over information and capital flows.

Keep reading

EU Going To War With VPNs In Bid To “Save The Children”

Western European governments and EU bureaucrats are advancing tighter regulations on VPNs as part of a broader push for “online age verification” and their ‘Chat Control’ agenda.  Privacy advocates and digital rights groups warn that Europe is drifting towards a surveillance and censorship regime similar to internet restrictions and firewalls used by Russia and China.

Last week European Commission Executive Vice-President Henna Virkkunen suggested that Brussels may need to address the use of VPNs to bypass the EU’s upcoming age-verification systems.  Speaking during a press conference on the EU’s new digital age-verification app, Virkkunen acknowledged that users could circumvent the system with VPNs and stated that preventing such circumvention would be among the ‘next steps’ policymakers need to examine.

Her statements were delivered only two weeks after she shared a stage with EU Commission President Ursula von der Leyen, who called for a crackdown on web media companies to “protect children” from dangerous content.  The first stage of their agenda is a government created universal age verification app which web companies will be required to integrate.  Von der Leyen asserts that the new restrictions are designed to “defend children’s rights” (how does restricting access protect rights?).

The Orwellian language of the EU is not coincidental.  “Child vulnerability” is a carefully chosen vehicle to manipulate public approval, opening the door to incremental government management of online content and discourse. 

Keep reading

EU Targets VPNs in EU Age Verification Push

Brussels has a problem with people trying to stay anonymous online and now it’s eyeing the tools they use to do it.

Henna Virkkunen, the European Commission’s Executive Vice-President for Tech Sovereignty, Security, and Democracy, told reporters that VPNs sit on the agenda as the EU pushes its age verification app toward member states.

Asked how Brussels intends to stop children from routing around age checks with a VPN, she said “it’s also an important part of next steps also to look at that it shouldn’t be circumvented.”

VPNs are more than a tool for teenagers trying to access Instagram. They are how journalists protect sources, how dissidents talk to family, how ordinary people stop their internet provider from logging every site they visit. Treating circumvention as a problem to be solved at the network level means treating privacy tools as the obstacle, rather than the proportionate response to a system that demands ID for ordinary online activity.

The VPN comment surfaced at a press conference about the Commission’s broader regulatory squeeze.

Brussels provisionally found that Meta likely violated the Digital Services Act by failing to keep under-13s off Facebook and Instagram, accusing the company of “failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services.”

By the Commission’s own count, roughly 12% of European children below the age limit log into the platforms anyway.

Virkkunen framed the finding as enforcement of existing rules rather than a new mandate. “The DSA requires platforms to enforce their own rules: terms and conditions should not be mere written statements, but rather the basis for concrete action to protect users, including children,” she said.

A Commission spokesperson echoed the line, telling ISMG that the DSA “does not mandate specific mitigation measures,” and pointing to alternatives like better internal review processes.

The denial sits awkwardly next to everything else Brussels is doing. The Commission published guidelines last July recommending age verification. It is now pressing member states to “accelerate the adoption of age verification tools.”

Keep reading

Virginia Governor Gets Bad News on Background Check Bill

Since the Virginia General Assembly approved a revised version of the bill last week, there’s been a whole lot of confusion about Virginia’s HB 1525, which raises the age to purchase handguns from 18 to 21 and requires the Virginia State Police to resume conducting background checks on private sales. Governor Abigail Spanberger’s amended version contained language that declared the act an emergency, which would allow it to take effect immediately, but the legislature did not approve the changes with a 4/5ths vote, which is supposedly what’s required in order for that “emergency” provision to be adopted. 

The Virginia legislative website lists the effective date for HB 1525 as July 1, but the Virginia State Police put out a notice on Tuesday that declared the law is already in effect. That was the good news for Spanberger. 

The bad news? The VSP won’t be resuming background checks on private sales of firearms anytime soon… at least not without a court order. 

Gun Owners of America and VCDL had threatened to seek contempt charges against the head of the VSP if they abided by Spanberger’s edict, and it looks like the VSP didn’t see that as an idle threat. 

Keep in mind that there are three parts to HB 1525; a ban on those under 18 from possessing handguns and “assault firearms” except under limited circumstances, the ban on handgun and “assault firearm” sales to adults under the age of 21, and the edict to the VSP to start enforcing the enjoined universal background check law. The only portion of the law that the state police say will not be enforced is the section of law regarding background checks on private sales of firearms, and as far as the agency is concerned it’s now against the law for a 20-year-old to purchase an AR-15 in Virginia, even through a private sale. 

Of course, as of July 1 it will be illegal for any adult over the age of 21 to purchase an AR-15 too. The sale ban wasn’t the primary motivation for HB 1525. It was the restoration of the state’s universal background check law, and the VSP just said that isn’t happening until a judge tells the agency it can resume enforcement. 

So what will that take? The case cited by VSP has concluded, with then-Attorney General Jason Miyares declining to appeal the decision. Current AG Jay Jones attempted to intervene before he took office, but the Virginia Court of Appeals shut down that effort fairly quickly. 

Keep reading

Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks

Utah’s Online Age Verification Amendments, formally Senate Bill 73, take effect on May 6, making the state the first in the U.S. to explicitly target VPN use as part of age verification legislation.

Signed by Governor Spencer Cox on March 19, the controversial law establishes that a user is considered to be accessing a website from Utah if they are physically located there, regardless of whether they use a VPN or proxy to mask their IP address. It also prohibits covered websites from sharing instructions on how to use a VPN to bypass age checks.

NordVPN has called the law an “unresolvable compliance paradox” and a “liability trap,” arguing that it holds websites responsible for identifying users whose tools are specifically designed to be unidentifiable. The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.

The law is also technically flawed, given that it assumes that a web provider can reliably detect VPN traffic and determine a user’s true physical location — they can’t. IP reputation databases such as MaxMind and IP2Proxy can flag traffic from known datacenter IP ranges, but commercial VPN providers rotate addresses constantly, and residential VPN endpoints are largely indistinguishable from standard home connections. Autonomous System Number analysis can catch traffic originating from datacenter networks, but can’t identify a personal WireGuard tunnel running on a cloud VPS, for example, which routes through the same infrastructure as ordinary web hosting.

The only detection method that reliably identifies VPN protocol signatures is deep packet inspection, which analyzes traffic at the network level, not system- or app-level. China’s Great Firewall and Russia’s TSPU system deploy DPI via ISPs, but a website operator can’t because it requires access to network infrastructure that sits between the user and the server, not on the server itself.

Meanwhile, setting up a personal WireGuard instance on any major cloud provider takes minutes, meaning the law will be more likely to negatively impact non-technical users who rely on commercial VPN services for legitimate privacy: journalists, people living under authoritarian regimes, political dissidents, and abuse survivors, among others.

Keep reading

Meta Terminates Contract with Kenya After Workers Shared Intimate Videos Recorded by Smart Glasses

Mark Zuckerberg’s Meta has ended its contract with Sama, a Kenya-based data annotation company, two months after workers reported viewing sensitive footage ranging from sexual activity to bathroom breaks recorded by Ray-Ban Meta smart glasses.

Ars Technica reports that Meta has terminated its business relationship with Sama, a Kenyan data annotation firm, following reports that contracted workers had viewed explicit and private content captured by Ray-Ban Meta smart glasses. The contract termination, which affected 1,108 workers according to Sama, occurred less than two months after the allegations became public.

In February, multiple workers from Sama reported viewing sensitive, embarrassing, and apparently private footage while performing data annotation work for Meta. The complaints were featured in a report by Swedish newspapers Svenska Dagbladet and Göteborgs-Posten, along with Kenya-based freelance journalist Naipanoi Lepapa. Workers described watching explicit footage shot from Ray-Ban Meta glasses, including people changing clothes, doing drugs, having sex, and using the toilet.

Sama, headquartered in Kenya, had been contracted by Meta to perform data annotation work involving video, image, and speech annotation for Meta’s AI systems used in Ray-Ban Meta smart glasses. The company’s workers were tasked with reviewing content to help improve the performance of Meta’s AI products.

A Meta spokesperson told Breitbart News, “Last month, we paused our work with Sama while we looked into these claims. We take them seriously. Photos and videos are private to users. Humans review AI content to improve product performance, for which we get clear user consent. We’ve also decided to end our work with Sama because they don’t meet our standards.”

Sama workers believe the contract was terminated in retaliation for speaking out about the disturbing content they encountered during their work. One anonymous Sama employee was quoted in the February report saying workers “are just expected to carry out the work” even when viewing private footage.

Keep reading

New Digital ID Bill Ties Your Identity to Your Phone—and Everything You Do Online

Republicans are once again teaming up with Democrats to ram Digital ID through at the federal level.

The bill they’ve just introduced is, if you can believe it, worse than all the others before it.

HR 8250, deceptively named the Parents Decide Act, doesn’t just force everyone to link their identity to use apps on their phones, it mandates that they must do it to use ANY operating system. That means Apple, iOS, Windows, Google, Android, even Samsung—basically everything.

And once that’s in place, there’s nowhere to step outside of it.

But one brave group is refusing to go along.

GrapheneOS has made a statement saying: GrapheneOS will remain usable by anyone around the world without requiring personal information, identification, or an account.

Glenn and Eric Meder from Privacy Academy have been working to educate people on how to escape the digital control grid, including how to put GrapheneOS on your phone—for free. And they have a solution to Digital ID right now.

Keep reading

Mike Johnson’s Crusade to Renew Warrantless NSA Spying on Americans Culminates This Week

House Speaker Mike Johnson is on a crusade. He is determined to pass a three-year, reform-free renewal of the notorious FISA law that authorizes the NSA to spy on the communications of American citizens, on U.S. soil, without warrants of any kind.

Immediately prior to the last (unsuccessful) attempt by Johnson to pass a new reform-free renewal of this spying law — just two weeks ago — I wrote about the bizarre and deeply bipartisan history of FISA domestic spying and how the U.S. somehow became a country that authorizes its surveillance state to target American citizens, all without warrants.

I will not recount all of that here, except to note that — like the 2001 Patriot Act — the original law empowering the NSA to spy on Americans without warrants was such a self-evident departure from American tradition that passage was only possible by portraying it as a mere temporary emergency measure. Yet those spying powers have now become one of the many such “temporary” and “emergency” measures that have seamlessly become a quasi-permanent fixture of the U.S. government. This upcoming week in the House will determine whether it becomes genuinely permanent and, worse, forever immune to reforms.

The FISA bill that permits warrantless NSA spying on American citizens was first enacted by Nancy Pelosi’s House in 2008, then signed into law by President Bush. The law provided for those powers to expire four years later, unless Congress approved renewal.

The law was first renewed in 2012 with the support of the Obama White House, this time for five years, without any reforms. When that five-year renewal was set to expire in 2018, Congress, this time backed by the Trump White House, passed a six-year reform-free renewal, requiring a new vote in 2024.

For the 2018 renewal, there was a mountain of evidence demonstrating abuse, which in turn gave rise to steadfast opposition to such a renewal from dozens of members of both parties (who were demanding, among other reforms, the addition of a warrant requirement for spying on Americans). As a result, then-Speaker Paul Ryan (R-WI) was forced to rely on dozens of Democratic representatives to secure FISA renewal.

Ryan accomplished this by working in close tandem with three key California Democrats: then-Minority Leader Nancy Pelosi, ranking Intelligence Committee member Adam Schiff, and Eric Swalwell (D-CA). That liberal trio led 65 House Democrats alongside 191 Republicans to vote to endow a President they were calling a Hitler-type fascist with virtually unlimited power to spy on Americans without warrants.

The last time the FISA bill was renewed was four years after that 2018 vote: in April, 2024, with the support of the Biden White House and the key support of newly elected House Speaker Mike Johnson. That time, Congress was only willing to extend it only for two years, meaning the bill was scheduled to lapse on April 17, 2026, unless it was renewed again.

That is why Mike Johnson is now tasked with securing a new multi-year renewal of FISA with no reforms. On April 17 — last week — Johnson’s first attempt to renew the spying law for 18 more months failed to secure the necessary votes in the House for renewal He was thus forced to desperately plead with the chamber for a short 10-day extension to give more time to pressure the 20 House GOP holdouts to change their minds, and to try to induce more Democratic defections.

Keep reading