Tag: privacy

The country that inspired Keir Starmer’s digital ID card fiasco: Labour’s blueprint for Britain is a ‘goldmine for hackers and scammers to steal your money’

Estonia’s digital identity system has been beset by blunders and security issues that  allow hackers to steal data and help scammers take money, we can reveal.

The digital ID system used by 1.4million people in the Baltic state country is said to be the blueprint for Keir Starmer‘s so-called Brit Card. 

Digital ID cards showing a resident’s picture, name, unique number and date of birth, and including a microchip storing more personal information, have been used in the former Soviet republic for more than 20 years.

Estonians can hold their cards in e-wallets on mobile phones and use them to vote, check on bank accounts, e-sign contracts and invoices, file tax returns, claim benefits, book medical appointments, access health records, shop online, and even collect supermarket loyalty points.

But the much-praised scheme in Estonia has suffered security lapses that have allowed fraudsters to bypass encryption systems to con victims out of their savings and leak the names and photographs of citizens.

The Daily Mail can reveal that users have also repeatedly fallen victim to phishing emails and calls from scammers who have persuaded them to disclose PIN numbers for their cards and stolen cash from their bank accounts in a grim warning of what could happen in the UK.

Official figures reveal that citizens of so-called ‘E-Stonia’ lost more than 7million euros to fraud last year with 837 ‘significant’ incidents recorded, up from 546 in 2023, although the true figure is thought to be much higher due to many cases being unreported.

Reports suggest that the amount lost to fraud in Estonia has soared since last year with a total of 7.5million euros lost in the first six months this year.

A large number of the cases reported by Estonia’s Police and Border Guard are thought to involve personal information from ID cards being stolen due to people being tricked into revealing PIN codes.

Keep reading

Discord Support Data Breach Exposes User IDs, Personal Data

A data breach affecting a third-party customer service provider used by Discord has exposed personal information from users who had contacted the platform’s support teams and among the data accessed were some images of government-issued IDs submitted by users.

The incident will amplify growing concerns around online ID verification, a practice increasingly mandated by governments as a way to enforce age restrictions online.

While Discord confirmed that the attacker did not breach its internal systems, the compromise of a vendor handling sensitive user data shows how collecting official identification, even in limited cases, creates serious and lasting privacy risks.

The compromised vendor had supported Discord’s Customer Support and Trust & Safety teams, and the attacker targeted it in an effort to extort money.

While the breach did not involve Discord’s internal systems, sensitive user data was exposed.

The company stated that the attacker accessed information from a “limited number of users” who had interacted with support staff.

Keep reading

Telegram Founder Pavel Durov Slams French Investigation, Warns of Global Crackdown on Privacy and Free Speech

Telegram CEO Pavel Durov made no attempt to hide his frustration with French authorities during a wide-ranging conversation on The Lex Fridman Podcast, describing the French government’s investigation into him and his company as “Kafkaesque,” “absurd,” and deeply damaging.

He warned that efforts to undermine digital privacy are accelerating not just in France, but across Europe and beyond, using pretexts like child protection and election integrity to justify surveillance and censorship.

Throughout the interview, Durov painted a grim picture of what he sees as growing authoritarianism disguised as public safety.

“Every dictator in the world justifies taking away your rights with very reasonable-sounding justifications,” he said, warning that citizens often don’t realize the gravity of their loss until it’s too late. “Every message they send is monitored. They can’t assemble. It’s over.”

Durov flatly rejected the idea that any government, including France’s, could force Telegram to grant access to users’ private conversations.

“Nothing,” he responded when asked if there was any scenario in which French intelligence could gain a backdoor.

He emphasized that Telegram does not and will not use personal data to power ad targeting, saying, “We would never use…your personal messaging data or your context data or your metadata or your activity data to target ads.”

Despite facing legal pressure and travel restrictions stemming from the French case, Durov said Telegram remains firm in its refusal to censor political content or violate users’ privacy.

“The more pressure I get, the more resilient and defiant I become,” he said, accusing French authorities of trying to “humiliate” him and millions of Telegram users through coercive tactics.

Durov described encounters with French intelligence officials who allegedly tried to pressure him into shutting down Telegram channels during elections in Romania and Moldova, actions he said would have amounted to “political censorship.”

He recounted being approached while detained in France and asked to disable channels that criticized preferred candidates of Western-aligned governments. “If you think that, because I’m stuck here, you can tell me what to do, you are very wrong,” Durov said he told one official.

He made it clear that Telegram had only taken down content in Moldova that actually violated platform rules, refusing broader demands that lacked justification.

Keep reading

“Smart Dust Is Already Everywhere”: Microscopic Spy Sensors Track Your Location While Tech Companies Hide The Surveillance Revolution Forever

The concept of “smart dust” might sound like something from a science fiction tale, but it’s gradually becoming an integral part of modern technology. Originating as a theoretical proposal for the Defense Advanced Research Projects Agency (DARPA), smart dust has evolved into a promising tool for various industries. From environmental monitoring to intelligence gathering, these microscopic sensors offer a wide range of applications. As they continue to develop, the potential to revolutionize data collection and interaction with our environments becomes increasingly apparent. This article delves into the origins, current developments, and future implications of smart dust technology.

The Science Fiction Origins of Smart Dust

The idea of smart dust can trace its roots back to a 1963 science fiction story by Polish writer Stanisław Lem. In “The Invincible,” Lem envisioned a world where tiny, autonomous nanobots roamed the atmosphere of a distant planet. These microscopic entities, although individually weak, could form powerful swarms capable of complex behaviors. While the story’s bots operated through basic instincts, the narrative explored the tension between human intelligence and automaton logic. Lem’s narrative serves as a fascinating precursor to the smart dust technology we see today, highlighting the thin line between fiction and scientific innovation.

While Lem’s nanobots were purely fictional, they set the stage for real-world technological advancements. In the decades following Lem’s story, researchers began exploring the potential of creating tiny, wireless sensors capable of collecting and transmitting data. These early efforts laid the groundwork for what we now call smart dust. Initially conceptualized as a military technology, smart dust was meant to gather intelligence in a discreet and efficient manner. Over time, its potential applications have expanded dramatically.

From Concept to Reality: The Evolution of Smart Dust

Smart dust technology has come a long way since its inception. What started as a theoretical concept has become a tangible tool for data collection and environmental monitoring. Early prototypes, like the “MICA” platform developed by Crossbow Technology, Inc. and the “Spec” sensors from UC Berkeley, demonstrated the feasibility of creating tiny sensors capable of measuring environmental variables. These devices, measuring only a few millimeters, could record changes in humidity, light, and temperature, providing valuable data for various scientific and industrial applications.

In recent years, the capabilities of smart dust have expanded significantly. Advances in microengineering have enabled the development of sensors that are nearly invisible to the naked eye, with some measuring as small as 0.02 cubic millimeters. These tiny devices can now detect sound and are being adapted to analyze the chemical composition of the air. The ability to deploy these sensors in swarms offers the potential for comprehensive environmental monitoring and data collection on an unprecedented scale.

Keep reading

First the U.K., Next the U.S.? Britain’s Digital ID Plan Should Scare Americans.

The U.K. may be about to get even more dystopian. Prime Minister Keir Starmer proposed a plan last week that would require every adult in the United Kingdom to have a digital ID in order to work in the country, with these IDs becoming mandatory by 2029. Employers would be required to consult an app-based system containing a person’s name, photo, birth date, nationality, and residency status, rather than check physical IDs or National Insurance numbers (the U.K.’s version of a Social Security number) before hiring.

“The proposals are the government’s latest bid to tackle illegal immigration, with the new ID being a form of proof of a citizen’s right to live and work in the UK,” reports Sky News. “The so-called ‘Brit card’ will be subject to a consultation and would require legislation to be passed, before being rolled out.”

In the U.K. and the U.S., authorities already employ an array of government-issued identification mechanisms—passports, physical driver’s licenses, Social Security or National Insurance numbers. So how different could a digital ID be?

Very different, say civil libertarians, privacy experts, and cybersecurity gurus.

Keep reading

How a Fight Over Voter Data Could Reshape American Elections

America’s electoral system has always been subject to—by design—a shifting balance of local control, state authority, and federal oversight. That balance is once again under strain, this time in the form of a pair of federal lawsuits that could redefine who ultimately controls access to voters’ personal data. Last week, the Justice Department filed twin lawsuits against Maine and Oregon, arguing that the states violated federal election laws and the Civil Rights Act by refusing to give the agency full access to the states’ voter data.

Since May, the Justice Department has sent letters to at least 32 states requesting access to their voter registration databases, according to the Brennan Center for JusticeIn early August, the agency followed up with a more specific demand for full electronic copies of those files—including names, addresses, dates of birth, and sensitive identifiers such as driver’s license and partial Social Security numbers—along with documentation of how states identify and remove ineligible voters.

While the Justice Department has requested information from states about election administration in the past—including during the first Trump administration—the scope of the request is unprecedented, per the Brennan Center. Most states have not complied, and those that have appear to have provided only the publicly available portions of their voter files, which vary by state but may include information such as voter names, addresses, party affiliation, and voting history.

The Justice Department’s requests have raised privacy concerns from state officials, including Washington Democratic Secretary of State Steve Hobbs, who “fears the information would be shared with the Department of Homeland Security to fuel the Trump administration’s immigration crackdown,” reports the Washington State Standard. The Brennan Center notes that the Justice Department’s demands could conflict with the Privacy Act, which restricts how federal agencies collect and share personally identifiable information, especially when such data are not explicitly authorized for disclosure.

Despite the broad lack of participation from the states, only Maine and Oregon have been sued so far. “States simply cannot pick and choose which federal laws they will comply with, including our voting laws, which ensure that all American citizens have equal access to the ballot in federal elections,” said Harmeet K. Dhillon, an assistant attorney general at the Justice Department, in a press release.

Maine Democratic Secretary of State Shenna Bellows has called the Justice Department’s actions “absurd” and a “federal abuse of power,” according to CNN. Oregon Democratic Secretary of State Tobias Read criticized President Donald Trump in a statement, saying, “If the President wants to use the [Justice Department] to go after his political opponents and undermine our elections, I look forward to seeing them in court.” Read also maintains that the federal government lacks the constitutional authority to pursue legal action on these grounds, according to the Oregon Capital Chronicle.

In the U.S., elections—and the voter data that underpin them—are managed primarily by state and local governments, not federal agencies. However, since being reelected, Trump has sought to increase the federal government’s role in national elections. In March, the president signed an executive order directing federal agencies to enforce stricter eligibility verification, tighten mail‑in voting rules, and enhance data sharing between federal and state authorities regarding voter registration and citizenship status.

Keep reading

EU Finance Ministers Approve Roadmap for Digital Euro, Deferring Decision on Holding Limits Amid Privacy Concerns

EU finance ministers have signed off on a roadmap that could pave the way for a digital euro, outlining how caps on individual holdings would be introduced, without setting those limits just yet.

The decision, made during a Eurogroup meeting in Copenhagen, edges the European Central Bank closer to launching its own digital currency, even as skepticism grows over how the system could affect personal financial freedom.

Rather than settling on specific numbers, ministers agreed on a timetable and institutional process for introducing holding limits.

A senior official at the press conference emphasized that the discussion focused on the how, not the how much.

That distinction comes at a moment when digital currency plans are drawing increased scrutiny across Europe and beyond.

In the UK, central bank proposals to limit stablecoin balances have already prompted warnings from digital asset advocates concerned about restricting financial choice.

Keep reading

California Bills on Social Media and AI Chatbots Fuel Privacy Fears

Two controversial tech-related bills have cleared the California legislature and now await decisions from Governor Gavin Newsom, setting the stage for a potentially significant change in how social media and AI chatbot platforms interact with their users.

Both proposals raise red flags among privacy advocates who warn they could normalize government-driven oversight of digital spaces.

The first, Assembly Bill 56, would require social media companies to display persistent mental health warnings to minors using their platforms.

Drawing from a 2023 US Surgeon General report, the legislation mandates that platforms such as Instagram, TikTok, and Snapchat show black-box warning labels about potential harm to youth mental health.

The alert would appear for ten seconds at login, again after three hours of use, and once every hour after that.

Supporters, including Assemblymember Rebecca Bauer-Kahan and Attorney General Rob Bonta, claim the bill is necessary to respond to what they describe as a youth mental health emergency.

Critics of the bill argue it inserts state messaging into private platforms in a way that undermines user autonomy and treats teens as passive recipients of technology, rather than individuals capable of making informed choices.

Newsom has until October 13 to sign or veto the measure.

Keep reading

What Is ICE Doing With This Israeli Spyware Firm?

The deployment of Paragon’s Graphite spyware was a major scandal in Italy. Earlier this year, the messaging app WhatsApp revealed that 90 journalists and civil society figures had been targeted by the military-grade surveillance tech, which gives “total access” to a victim’s messages. The Italian government admitted to spying on refugee rights activists, and Paragon cancelled its contract with the government almost immediately after the story broke.

Now the same software may be coming to America—and again with an immigration focus. Last week, the U.S. Department of Homeland Security quietly lifted a stop-work order on a $2 million contract that Immigration and Customs Enforcement (ICE) had with Paragon for a “fully configured proprietary solution including license, hardware, warranty, maintenance, and training.”

The deal was first signed by the Biden administration, and it was frozen in October 2024, less than a week after Wired broke the news of the contract. An administration official later insisted to Wired that, rather than reacting to bad publicity, they were reviewing the contract to comply with President Joe Biden’s order to ensure that commercial spyware use by the U.S. government “does not undermine democracy, civil rights and civil liberties.”

The details of that review—or even the contract itself—were never publicly disclosed. But the results are clear: ICE now has a green light to use whatever software Paragon was offering. (Neither Paragon nor ICE responded to requests for comment from The Guardian.)

The Citizen Lab at the University of Toronto, dedicated to researching electronic surveillance, found that Graphite targeted users through a “zero-click exploit.” By adding someone to a WhatsApp group in a certain way, Graphite can force their phones to read an infected PDF file without the user’s input. In other words, a cyberattack can be disguised as a spam text—and works even if victims ignore it.

After discovering the vulnerability with the Citizen Lab’s help, WhatsApp said in a statement that it was “constantly working to stay ahead of threats” and “build new layers of protection into WhatsApp.”

Paragon was co-founded by Ehud Barak, a former Israeli prime minister and general in charge of military intelligence, and Ehud Schneorson, a former head of Unit 8200, the Israeli equivalent of the National Security Agency. Last year, an American private equity firm bought Paragon for $500 million with the intention of merging it into RED Lattice, a firm connected to former U.S. intelligence officials. Paragon has positioned itself as a more ethical alternative to NSO Group, a spyware company similarly run by Unit 8200 veterans.

In 2021, NSO Group suffered a series of scandals after it was revealed that its Pegasus spyware was sold to police states around the world and was possibly used to spy on journalists who were murdered. NSO Group accused the media of running a “vicious and slanderous campaign” and promised to “thoroughly investigate any credible proof of misuse.” The Biden administration hit NSO Group with economic sanctions in response.

Around the time that the Pegasus scandal was breaking, a Paragon executive boasted to Forbes that their company would only deal with customers who “abide by international norms and respect fundamental rights and freedoms.”

Keep reading

Where VPN Demand Surged Due To Internet Blocks In 2025

Violence and chaos have gripped Nepal as protests sparked by the blocking of social media sites spiralled out of control.

The country’s prime minister resigned Tuesday after security forces fired on protestors Monday. Hundreds were injured and at least 22 people died, most by live ammunition. The army assumed control Tuesday night after many government and other buildings were set ablaze by protestors.

Young people were reported to lead the uprising, which was catalized by the attempt to surpress online expression but brought to the surface the population’s deep discontent with issues like corruption, inequality and political participation.

Democracy in Nepal only has a relatively short history and despite the last remnants of its monarchy abolished in 2008, nepotism and deep-seated corruption have continued to rule the country, drawing the ire of the population.

This is especially true for young Nepalese who struggle with finding employment and opportunity. In a country dependent on the remittances of workers abroad, the social media ban has been described as a very strong trigger as it cut off communications with the diaspora.

As Statista’s Katharina Buchholz shows in the chart below, using data from website Top10VPN, Nepal’s social media blocks elicited the most pronounced response in terms of people looking for a way around via VPNs this year.

On September 7, VPN search volume in the country had risen almost 3,000 percent above the previous month’s average – the biggest spike recorded globally this year by the source.

Keep reading