Tag: privacy

Palantir, Fractal And Your Personal Data Privacy – Get used to being used, because YOU are the product

Who controls the data the government collected from you for a generation?

Your insurance company collected data on your driving – so did your Lexus – who owns that data?

You told your doctor about controlled substances you used – and now it gets brought up in an interview.

If you can’t exclude someone from using your data, then you don’t control it. That means you really don’t own it. It’s that simple.

What does “own” mean here, let’s define the terms.

Owning the data means you can do anything you want with it – share it, sell it, mine it or build an A.I. language model with it.

From birth until the last Social Security check gets cashed, your data is collected by federal and state agencies, corporations and of course the internet.

Your teen daughter puts every waking moment on Facebook or Instagram – so who owns those hundreds of images?

TSA Pre Check, Medicare/Medicaid, Social Security, government or military retirement, Tri-Care, veterans hospitals, and of course, the IRS – gather more data about every citizen than has ever been gathered in the history of mankind.

Each agency gathers different data, at different times, for slightly different purposes. And those purposes may change over time.

Who owns the rights to that data?

It’s a far stickier question than you think.

The knee jerk response is the government owns the data. They collected it for their purposes, so it’s theirs.

The government will certainly say so.

Keep reading

Wisconsin Lawmakers Propose VPN Ban and ID Checks on Adult Sites

Wisconsin legislators have found a new villain in their quest to save people from themselves: the Virtual Private Network.

The state’s latest moral technology initiative, split into Assembly Bill 105 and Senate Bill 130, would force adult websites to verify user ages and ban anyone connecting through a VPN.

It passed the Assembly in March and now waits in the Senate, where someone will have to pretend this is enforceable.

Supporters are selling the plan as a way to “protect minors from explicit material.”

The bill’s machinery reads like a privacy demolition project written by people who still call tech support to reset passwords.

The law would apply to any site that “knowingly and intentionally publishes or distributes material harmful to minors.” It then defines that material as anything lacking “serious literary, artistic, political, or scientific value for minors.”

The wording is broad enough to rope in half the internet, yet somehow manages to exclude “bona fide news” (as to be determined by the state) and cloud platforms that don’t create the content themselves.

Whether that covers social media depends on who you ask: lawyers, lobbyists, or whichever intern wrote the definitions section.

The bill instructs websites to delete verification data after access is granted or denied.

That sounds good until you recall how the tech industry handles deletion promises.

Au10tix left user records exposed for a year after pledging to delete them within 30 days. Tea suffered multiple breaches despite assurances of immediate deletion. In the real world, “deleted” often means “archived on an unsecured server until a hacker finds it.”

The headline feature is a rule penalizing anyone who uses a VPN to access restricted material. VPNs encrypt internet traffic and disguise user locations, which lawmakers apparently see as a threat to order.

The logic is that if people can hide their IP addresses, the state can’t check their ID to ensure they’re old enough to view certain content. That’s technically true and philosophically disturbing.

Officials in other places are already cheering this idea. Michigan introduced a proposal requiring internet providers to detect and block VPN traffic.

If Wisconsin adopts the rule, VPN users would become collateral damage. Journalists, activists, and everyday users who rely on encryption for safety would be swept up in the ban.

Keep reading

Russia Moves to Mandate State Biometric ID for Online Age Verification

Russian lawmakers are moving forward with a proposal that would make the country’s biometric and e-government systems the mandatory gatekeepers for online age verification.

If implemented, the measure would tie access to adult or “potentially harmful” content directly to a person’s verified state identity, dissolving any remaining expectation of online anonymity.

The plan, discussed on October 28, is being marketed as a child protection initiative. Officials insist it is designed to keep minors away from dangerous material, yet the scope of what qualifies is remarkably broad.

According to TechRadar, one official included pornography, violent or profane videos, and even “propaganda of antisocial behavior” in the list of restricted content.

The main part of the proposal is the use of the “Gosuslugi” digital services portal, which already functions as Russia’s main interface for state verification.

This system connects directly to the Unified System of Identification and Authentication (ESIA) and the national Unified Biometrics System (UBS), both of which are controlled by the government.

State Duma deputy Anton Nemkin, a former FSB officer, suggested that these networks “could be used to verify age without directly transmitting passport data to third-party platforms.”

In effect, the state would become the universal intermediary between citizens and the internet.

Legal experts specializing in digital rights argue that this initiative continues a long-established trajectory.

Since 2012, when Russia began constructing its online censorship framework under the pretext of protecting minors, each new regulation has chipped away at personal privacy while expanding government visibility into everyday digital life.

The current proposal also fits neatly within Moscow’s broader strategy of “digital sovereignty.”

Deputy Chairman of the State Duma Committee on Information Policy Andrei Svintsov recently claimed that every Russian internet user will lose their anonymity within “three years, five at most,” TechRadar reported.

This vision aligns with another state project approved in June, the development of a national “super app” integrating digital ID, government services, and payment systems, which would even let users “confirm one’s age to a supermarket cashier.”

Keep reading

Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline

An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.

He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again. After several rounds of back-and-forth, the service center probably got tired and just stopped accepting it, saying it was out of warranty. Because of this, he decided to disassemble the thing to determine what killed it and to see if he could get it working again.

Since the A11 was a smart device, it had an AllWinner A33 SoC with a TinaLinux operating system, plus a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware.

Keep reading

California’s Mileage-Based Road Charge: What It Is, How It Would Work, and Why Privacy Risks Increase

As I’ve been investigating California’s mileage-based road charge, it’s clear this isn’t just a policy about road funding. It’s the quiet rollout of a system built to track, record, and bill movement itself. The state says it’s about fairness and modernization, but the deeper I look, the more it resembles a permanent surveillance and revenue network disguised as transportation reform. What’s being tested today through Caltrans and the State Transportation Agency is the blueprint for total mileage monitoring tied to personal identity.

California is advancing a plan to replace the state gas tax with a mileage-based road charge that taxes drivers by distance traveled. The effort is led by the California State Transportation Agency and Caltrans under a multi-year Road Charge program first authorized by SB 1077 in 2014 and extended and refined by SB 339 in 2021. The state’s stated purpose is to stabilize road funding as fuel-tax revenue declines.

As of October 2025, the program is still in the pilot and data-gathering phase. No statewide mandate or rate schedule has been enacted, but Caltrans has already built the structure necessary for full implementation. What is being called a “test” now is the foundation for what will later become mandatory reporting.

Keep reading

Google Adds Age Check Tech as Texas, Utah, and Louisiana Enforce Digital ID Laws

Google is preparing for a new era of digital age checks as state-level rules in TexasUtah, and Louisiana begin to reshape how app stores operate.

To get ahead of these requirements, the company has introduced the Play Signals API in beta, a system built to help developers adapt to laws that will soon mandate age-based controls.

Starting in early 2026, each of the three states will enforce its own version of the App Store Accountability Act.

Texas’s law takes effect first, followed by Utah and Louisiana a few months later. Each statute requires app marketplaces to confirm the age range of their users through “commercially reasonable” verification methods.

Developers will be responsible for interpreting those signals and tailoring their apps accordingly. In some regions, they will also have to inform Google Play if a product update could require new parental consent.

For testing purposes, the company is providing a FakeAgeSignalsManager so that developers can simulate data before the laws officially apply.

Google’s rollout of its new Play Signals API is part of a broader shift toward a verified internet, one where digital access is increasingly tied to proof of identity.

The company’s beta API is being framed as a neutral compliance tool, but its function sets the stage for a more monitored web.

While the stated purpose is child safety and regulatory compliance, the architecture being built threatens to erode one of the internet’s core principles, pseudonymity.

The data points that determine whether someone is over 13 or over 18 can easily evolve into a persistent set of identifiers, linking activity across apps, accounts, and even devices. Once these signals are standardized, nothing prevents them from being combined with advertising, analytics, or behavioral tracking systems.

The result could be a world where age verification quietly becomes identity verification, and where “commercially reasonable” checks amount to permanent user profiling.

Keep reading

Lawmakers Want Proof of ID Before You Talk to AI

It was only a matter of time before someone in Congress decided that the cure for the internet’s ills was to make everyone show their papers.

The “Guidelines for User Age-verification and Responsible Dialogue Act of 2025,” or GUARD Act, has arrived to do just that.

We obtained a copy of the bill for you here.

Introduced by Senators Josh Hawley and Richard Blumenthal, the bill promises to “protect kids” from AI chatbots that allegedly whisper bad ideas into young ears.

The idea: force every chatbot developer in the country to check users’ ages with verified identification.

The senators call it “reasonable age verification.”

That means scanning your driver’s license or passport before you can talk to a digital assistant.

Keeping in mind that AI is being added to pretty much everything these days, the implications of this could be far-reaching.

Keep reading

Global Cybercrime Treaty Draws Criticism from Rights Groups and Tech Companies Over Surveillance Fears

Sixty-five countries, including the United States and Canada, have signed a United Nations treaty on cybercrime that threatens privacy, online research, and free expression.

The agreement, known as the UN Convention against Cybercrime, was signed in Hanoi and will take effect once 40 member states have ratified it.

Each country must complete its own ratification process. In the United States, a two-thirds Senate vote is required for approval.

The UN Secretary-General António Guterres described the treaty as an essential step in combating cybercrime, saying that “cyberspace has become fertile ground for criminals…every day, sophisticated scams defraud families, steal livelihoods, and drain billions of dollars from our economies.”

He called the Convention “a powerful, legally binding instrument to strengthen our collective defenses against cybercrime” and insisted it “cannot be used for any forms of surveillance or others that could be linked to violations of human rights.”

The UN Office on Drugs and Crime (UNODC), which directed negotiations, has argued that the treaty includes protections for human rights and legitimate research.

But organizations such as Human Rights Watch (HRW) and the Electronic Frontier Foundation (EFF) disagree.

Before the signing, both groups urged governments not to endorse the treaty, warning that its vague definitions could allow governments to monitor citizens, prosecute security researchers, and suppress political speech.

Technology companies have also raised concerns. The Cybersecurity Tech Accord, whose members include Meta and Microsoft, described the treaty as a “surveillance treaty” that could promote government data sharing and criminalize ethical hacking.

Keep reading

Are Your Identification Photos in a Face Recognition Database?

A majority of Americans are in face recognition databases in use by the U.S. government. Are you one of them? The Electronic Frontier Foundation (EFF) has launched a new quiz called “Who Has Your Face” to help you find out.

“Your driver’s license picture and other ID photos are often shared with law enforcement and other agencies like Immigration and Customs Enforcement (ICE),” said EFF Digital Strategist Jason Kelley. “Those agencies use facial recognition technology to compare your face with those in mugshots and with other photos of people suspected of committing crimes—putting you at risk of being misidentified. So we created this quiz to help show people what we know about who has their face.”

To create the Who Has Your Face quiz, EFF and the Center on Privacy & Technology at Georgetown Law reviewed thousands of pages of public records to determine as much as possible which government photos of U.S. citizens, residents, and travelers are shared with which agencies for facial recognition purposes.

We learned that government agencies—including ICE, the Department of Homeland Security, and the FBI—could all have some access to these photos. However, despite hundreds of hours of research it’s nearly impossible to know precisely which agencies are sharing which photos, and with whom. For example, each state DMV shares access to their photos differently, depending on agreements with local police, other states, and federal agencies.  Our Who Has Your Face quiz asks you questions like what kind of ID you have and which state you live in to help you narrow down which agencies might have copies of your photos.

“These public records have shown us that biometric database sharing is widespread and completely unregulated—and this is still just a partial picture,” said Clare Garvie, senior associate with the Center on Privacy & Technology. “Americans deserve to know how their biometric information is being used, especially when it may put them at risk of being misidentified as a criminal suspect.”

“Here’s the truth: it should be easy to learn the full list of which entities have personal data that you’ve been required to hand over in exchange for a driver’s license or for re-entry into the country after visiting family abroad—especially when that’s a photo of your face,” said EFF Surveillance Litigation Director Jennifer Lynch. “Most people realize that their photos are scanned into a database, but they don’t realize this effectively makes them part of a perpetual police line-up. That’s what’s happening to millions of people, without their knowledge, and it’s practically impossible to opt out.”

Despite the proliferation of federal, state, and local face databases, we can fight back. Laws that ban government use of face recognition are increasingly passing around the country. Several states already don’t allow or don’t have face recognition at DMVs. Cities like San Francisco, Berkeley, and Oakland, California, as well as Somerville, Massachusetts have also passed bans on its use.  To help ban government use of face recognition in your city, visit our About Face campaign.

Keep reading

The Hidden Risks of the Digital Euro

The European Central Bank has presented the digital euro as a symbol of financial autonomy and modernization. But, much like the Chinese model that seems to inspire ECB President Christine Lagarde, what is at stake is not just technology: it is the risk of turning a payment instrument into a mechanism of control over every citizen’s transactions. Across the Atlantic, the United States took the opposite path: it legalized stablecoins and banned a centralized digital dollar, strengthening freedom and competition instead of state control.

On September 26, the European Central Bank announced what had long been anticipated: it will conduct new experiments on what can be achieved with the digital euro.

This project, presented as an achievement of financial autonomy, has now been accelerated after the United States Congress approved the so-called GENIUS (“Guiding and Establishing National Innovation for U.S. Stablecoins”) Act, which authorizes stablecoins currencies pegged to stable assets, usually the dollar. At the same time, Congress also approved a prohibition on the Federal Reserve from creating an official digital dollar, ensuring that innovation remains decentralized and outside the direct control of the State.

In Brussels, the reaction was the opposite. The fear that these dollar-linked digital currencies could trigger a “digital dollarization” of the European economy served as justification to accelerate the digital euro. But instead of strengthening the diversity of existing solutions, the European Union is moving forward with a project directly controlled by the ECB. The narrative is one of “financial sovereignty,” but in practice it risks increasing citizens’ dependence on central power and undermines competition in the financial sector, especially when the Chinese model appears to serve as reference.

The ECB insists that the digital euro will be just another payment option, coexisting with cash. But President Lagarde has repeatedly praised the Chinese model, which looks very much like a declaration of intent. Even if it begins with promises of voluntarism, the reality is that models of this kind rarely remain optional for long. China’s case is illustrative: the digital yuan was presented as a complement to physical cash and a voluntary choice, but it quickly became a mass-use instrument, encouraged by the State and integrated into nearly all daily transactions.

In 2023, in cities such as Shanghai and Shenzhen, public salaries and subsidies were being paid through the digital yuan. After the 2022 Beijing Winter Olympics, its use expanded to such an extent that it became virtually impossible to avoid. In just five years, the digital yuan became unavoidable in many Chinese cities, with public wages, subsidies, and taxes processed exclusively this way.

By recording in real time all transactions through the People’s Bank of China, the government monitors in detail who buys, what, where, and when. This level of surveillance opens the door to direct conditioning of citizens’ behavior. Features such as “programmable money,” with an expiration date that forces people to spend within a certain timeframe instead of saving, have already been tested.

Added to this is the risk of social exclusion: those who do not join the system or lack access to the necessary digital tools are, in practice, shut out from a growing part of the economy. State incentives make adhesion inevitable if public salaries, subsidies, and even transport are processed via digital money; the space for private alternatives shrinks progressively.

In such a model, financial freedom ceases to exist: every payment ultimately depends on state approval.

Although official EU platforms highlight numerous advantages of the digital euro, such as lower cost payments, privacy protected by European law, and structures to prevent cyberattacks. One unavoidable question remains: Why is this system necessary at all? At present, the private sector offers multiple secure and reliable digital payment options.

Since the market already provides safe and efficient alternatives, the only possible incentive to develop this system lies in control through the centralization of power, at the expense of privacy while weakening the private banking system. In essence, the digital euro is not a technological advance, but a serious step backward in terms of freedom and privacy.

Keep reading