Tag: privacy

Mullvad Introduces QUIC-Based WireGuard Obfuscation to Bypass Censorship and VPN Blocks

Mullvad has begun rolling out a new feature that hides WireGuard connections inside QUIC traffic, a technique designed to help users slip past aggressive censorship systems.

By making VPN traffic look more like ordinary encrypted browsing, the update gives people in tightly controlled regions, including Russia and China, a better chance of maintaining stable access to the internet.

It also helps with accessing websites that are increasingly trying to ban VPNs.

The addition comes as Mullvad prepares to move away from OpenVPN, which it will no longer support starting January 2026.

With that change on the horizon, the company is putting its weight behind WireGuard while also making sure it remains usable in countries where standard WireGuard connections are heavily throttled or blocked.

QUIC itself is not new. Originally created by Google and now the backbone of HTTP/3, the protocol is prized for its speed, ability to handle multiple streams of data at once, and resilience against network issues.

Services like YouTube already rely on it, making QUIC traffic extremely common. Mullvad takes advantage of that by wrapping WireGuard’s UDP packets inside QUIC, effectively disguising VPN usage as something indistinguishable from normal web activity.

To make this possible, Mullvad has turned to MASQUE, a standard that allows UDP traffic to be tunneled through HTTP/3 connections.

The result is traffic that appears identical to everyday browsing, far harder for censors to single out and shut down.

The feature is included in Mullvad’s desktop apps for Windows and macOS beginning with version 2025.9.

Users can activate it in the VPN settings, though if multiple connection attempts fail, the client will automatically switch over to QUIC on its own. Support for Android and iOS devices is also planned.

Different VPN companies are taking different routes to achieve similar goals. Proton VPN relies on its Stealth protocol, which disguises WireGuard traffic inside TLS.

Keep reading

The Surveillance Net Is Closing, But the Smart Ones Can See the Writing on the Wall

The privacy coin Zano just rallied nearly 70 percent in the last 30 days, lifting its market cap toward a quarter billion dollars and pushing daily trading volume close to three million. The spike isn’t about speculation alone. It reflects a shift underway as people begin to hedge against a tightening surveillance state.

The latest proof of financial control came just last month, when Tether froze $49.6 million in USDT at regulators’ request during a coordinated international crackdown. Regardless of the guilt or innocence of the targets, the lesson is obvious. These assets can be frozen in an instant, with no trial and no process, making them less a hedge against the state and more a compliant extension of it. 

Congress reinforced this fact with the GENIUS Act, a law that hard-wires surveillance into stablecoins by forcing issuers to operate under bank-style oversight, AML regimes, and reserve mandates. The fact that Democrats and Republicans both lined up behind it should tell you everything. In Washington, true bipartisan consensus only happens when war, debt, or control are on the line.

That same logic now extends to the streets. National Guard units are being deployed into American cities to “fight crime,” but the justification is always the same: safety over freedom. Deployments like this normalize militarization at home and make clear that the tools built for foreign wars are now being pointed inward. 

The grid doesn’t stop at the barrel of a gun either. It runs through data. Federal agencies have been caught buying location data from brokers like Venntel to track millions of Americans without warrants. The AT&T Hemisphere program continues to funnel call records to law enforcement, building a quiet dragnet with virtually no oversight. License plate readers vacuum up hundreds of millions of scans, with databases shared across jurisdictions and tapped for immigration enforcement. Flock Safety’s license-plate readers generated 1,400+ immigration-related searches in Denver and 113 million scans in a year in Austin, triggering local backlash over data-sharing and policy violations. This is mass movement tracking, normalized street by street. All of this happens without a vote, without consent, and in most cases without warrants.

Keep reading

Age Verification Company Exposes User Data, Reinforcing Privacy Fears Over Digital ID Systems

A company tasked with confirming users’ ages before they access adult content may be compromising their privacy by leaking detailed browsing data, according to a report by the nonprofit AI Forensics.

The group’s investigation highlights serious flaws in how some sites are complying with growing online age-check requirements, raising new concerns about surveillance and data exposure under the guise of protecting children.

France’s law requires that users’ identities remain concealed, not just from adult websites, but from the age verification services themselves.

Known as “double anonymity,” this standard is meant to ensure that those performing the verification process have no knowledge of which websites users are visiting or what content they attempt to access.

But AI Forensics found that AgeGO, one of the verification systems in active use, doesn’t meet those expectations.

Instead, AgeGO’s system reportedly transmits precise details about the user’s activity, including the URL of the video being viewed and the name of the website.

Keep reading

Google ordered to pay over $425 million in damages for smartphone privacy violations

Tech giant Google has been ordered to pay over $425 million for improperly snooping on the data of smartphone users and invading users’ privacy from 2016-2024.

It’s a violation of public trust,” said attorney & political analyst Madeline Summerville.

The class action lawsuit, initially filed in 2020, accused the company of collecting data from 98 million devices that had turned off a tracking feature in their Google account.

Even though I’ve shutoff all the different apparatuses that would keep Google from monitoring me, they’re still doing it because they were doing it through third party apps,” Summerville said.

The jury found Google spied on users and was in violation of California privacy laws. But Google denied it was improperly accessing devices. A Google spokesperson told Reuters, this decision misunderstands how its products work and it plans to file an appeal. “Our privacy tools give people control over their data, and when they turn off personalization, we honor that choice.”

Keep reading

New ‘Sextortion’ Spyware Snaps Webcam Photos Of People Watching Porn

If you’re indulging in adult content online, you might want to slap some electrical tape over your webcam pronto, according to a new report from WIRED. Cybersecurity experts at Proofpoint, a battle-tested firm, just dropped a bombshell detailing a nasty new strain of “infostealer” malware called Stealerium. This open-source digital menace can hijack your webcam to snap photos, snoop on your browser for NSFW keywords, and capture screenshots of anything spicy – all of which could be weaponized for blackmail and extortion schemes that’ll leave victims reeling.

When it comes to infostealers, they typically are looking for whatever they can grab,” Proofpoint researcher Selena Larson told WIRED, exposing the chilling reality of this cyberthreat. “This adds another layer of privacy invasion and sensitive information that you definitely wouldn’t want in the hands of a particular hacker.”“It’s gross,” Larson fumed. “I hate it.”

WIRED has more:

More hands-on sextortion methods are a common blackmail tactic among cybercriminals, and scam campaigns in which hackers claim to have obtained webcam pics of victims looking at pornography have also plagued inboxes in recent years—including some that even try to bolster their credibility with pictures of the victim’s home pulled from Google Maps. But actual, automated webcam pics of users browsing porn is “pretty much unheard of,” says Proofpoint researcher Kyle Cucci. The only similar known example, he says, was a malware campaign that targeted French speaking users in 2019, discovered by the Slovakian cybersecurity firm ESET.

Larson laid bare the sinister tactics of sextortion spyware, which preys on individuals for profit while flying under the radar. “For a hacker, it’s not like you’re taking down a multimillion-dollar company that is going to make waves and have a lot of follow-on impacts,” she said. “They’re trying to monetize people one at a time. And maybe people who might be ashamed about reporting something like this.”

The malware’s creator, known as witchfindertr, identifies as a “malware analyst” based in London. To top it all off, Stealerium is freely available as an open-source tool on GitHub.

Keep reading

The Quiet Rebranding Of CBDCs As “Digital-ID”

Let’s call them for what they are: Social Credit systems.

We know that “CBDC” stands for Central Bank Digital Currencies – and we have long held our hypothesis on what those entail (the TL;DR is that they will either launch as, or morph into, China-style social credit systems).

We’ve seen an Executive Order expressly ruling out CBDCs in the US, but as I keep warning readers: we’re seeing components we’d expect to see under a CBDC system appearing – only they aren’t originating at The Fed (who has never really expressed an interest in them, anyway).

Now the US Treasury Department is seeking comments on Digital ID as it relates to DeFi:

“The Department of the Treasury has filed a request for public comments to provide input on the use of “innovative or novel methods to detect and mitigate illicit finance risks involving digital assets” in accordance with the GENIUS Act, as well as in accordance with Donald Trump’s policy to support “the responsible growth and use of digital assets,” as outlined in the President’s Executive Order to strengthen US leadership in digital financial technology.”

— TheRage.co

The areas covered range from:

“the use of APIs “to help enforce strict access controls, monitor transactions and activities, and bolster security and integrity of financial institutions providing digital asset services”, the use of Artificial Intelligence to “make predictions, recommendations or decisions” to “effectively identify illicit finance patterns, risks, trends, and typologies”, and blockchain monitoring to “evaluate high-risk counterparties and activities, analyze transactions across multiple blockchains,trace or monitor transaction activities, and identify patterns that indicate potential illicit transactions.”

As well as Digital ID (which I think is the catch-phrase we’re going to see a lot of in the future, that will capture a lot of the objectives of CBDCs)

“the treasury is also seeking comments on the introduction of “portable digital identity credentials designed to support various elements of AML/CFT and sanctions compliance, maximize user privacy, and reduce compliance burden on financial institutions” to potentially be used “by decentralized finance (DeFi) services’ smart contracts to automatically check for a credential before executing a user’s transaction.”

Sounds similar to what the Bank of International Settlements (BIS) wants to do in terms of rating individual crypto wallets for AML compliance.

In a white paper titled An approach to anti-money laundering compliance for cryptoassets they propose to:

“leverag[e] the provenance and history of any particular unit or balance of a cryptoasset, including stablecoins”

In order to assign an “AML compliance score”.

Keep reading

Comprehensive data privacy laws go into effect in 8 more states this year

This year, comprehensive privacy laws are going into effect in eight states to regulate how businesses handle digital information and to give consumers more protections over their personal data.

The laws in DelawareIowaMinnesotaNebraskaNew HampshireNew Jersey and Tennessee have taken effect already this year, according to a database from the International Association of Privacy Professionals’ Westin Research Center. Maryland’s privacy law, signed by Democratic Gov. Wes Moore last year, will go into effect Oct. 1.

Privacy laws enacted in IndianaKentucky and Rhode Island will go into effect next year.

Several other states are considering comprehensive privacy bills during this year’s legislative sessions. They include MassachusettsMichiganNorth CarolinaPennsylvania and Wisconsin.

When a person visits a website, applies to a job or logs into an online portal, they may be sharing their personal information. Comprehensive privacy laws can apply to a wide range of companies that participate in this kind of data collection.

These laws generally include two types of provisions — those related to consumer rights and those that establish business obligations, according to the association.

Under each of the new laws, consumers have the right to control when and how their data is collected and shared. Some of those provisions include the right to delete data from a company’s database, the ability to opt out of sharing sensitive information and the right to prohibit a company from selling their data.

The new measures also require businesses to ask consumers if they want to opt in to data collection. In some states, businesses are required to complete consumer data risk assessments and identify ways in which discrimination could take place. Some companies also may be required to limit to how consumer data is processed.

Keep reading

Google’s Android Lockdown: Are You Really In Control Of Your Phone?

Android’s new rule requires all app developers to submit personal information to Google, even for apps outside the Play Store. Critics argue this threatens user freedom and ignores solutions…

Android, Google’s mobile operating system, announced on August 25 that it will be requiring all app developers to verify their identity with the organization before their apps can run on “certified android devices.”

While this might sound like a common-sense policy by Google, this new standard is not just going to be applied to apps downloaded from Google Play store, but all apps, even those “side-loaded” — installed directly into devices by side-stepping the Google Play store. Apps of the sort can be found online in Github repositories or on project websites and installed on Android devices directly by downloading the installation files (known as APKs). 

What this means is that, if there is an application that Google does not like, be it because it does not conform to its policies, politics or economic incentives, they can simply keep you from running that application on your own device. They are locking down Android devices from running applications not with their purview. The ask? All developers, whether submitting their apps through the Play store or not, need to give their personal information to Google. 

The decision begs the question, if you can not run whatever app you want on your device without the permission of Google, then is it really your device? How would you respond if Windows decided you could only install programs from the Microsoft app store?

The move has of course made news in tech and cybersecurity media and caused quite a stir as it has profound consequences for the free and open web. For years, Android has been touted as an open source operating system, and through this strategy has gained massive distribution throughout the world with users in developing countries where Apple’s “walled garden” model and luxury devices are not affordable.

This new policy will tighten up controls over applications and its developers, and threatens the freedom to run whatever software you like on your own device in a very subversive and legalistic way. Because of Google’s influence over the Android variety of phones, the consequences of this policy are likely to be felt by the majority of users and devices, throughout the world.

Keep reading

Microsoft Word To Save New Files to the Cloud by Default

Microsoft is preparing to change how documents are saved in Word for Windows, shifting new file storage to the cloud by default.

Instead of asking users to activate AutoSave or select a cloud location manually, Word will now store all newly created documents directly in OneDrive or another designated cloud service automatically.

Raul Munoz, a product manager on Microsoft’s Office shared services and experiences team, described the change by saying, “We are modernizing the way files are created and stored in Word for Windows. Now you don’t have to worry about saving your documents: Anything new you create will be saved automatically to OneDrive or your preferred cloud destination.”

Currently being rolled out to Microsoft 365 Insiders, this new setup is presented as a way to prevent lost work and provide immediate access to files across mobile platforms and browsers.

However, for anyone working outside Microsoft’s cloud ecosystem, this change introduces additional steps to avoid online storage.

The update also comes with adjustments to how documents are named. Rather than appending sequential numbers to new files, Word will now assign file names based on the date of creation.

Users will have the option to set a preferred default save location or opt out of automatic cloud saves entirely, though doing so requires manual reconfiguration.

Microsoft has been steadily nudging its user base toward cloud reliance. AutoSave already defaults to cloud storage, and persistent prompts in Windows have encouraged, or pressured, users to turn on OneDrive backups.

These reminders have drawn complaints, especially from those who feel Microsoft is eroding straightforward local file access.

Keep reading

Is your baby, doorbell or security cam spying for China? Florida’s top cop wants to know

Florida’s top law enforcement official has issued a subpoena to Lorex Corp., a top maker of baby monitors, security and doorbell cameras, demanding documents and information about its corporate structure, whether it has any ties to Chinese Communist firms and whether Americans’ data or privacy can be breached. Those documents could provide evidence of illegal activity.

Attorney General James Uthmeier’s office told Just the News he believes Lorex, though North American-based, has imported large swaths of equipment from a Chinese manufacturer banned from the United States over alleged human rights abuses and national security risks.

A spokesperson for Lorex did not immediately respond to a written request for comment sent via email to its corporate public relations account.

Probe into whether products are relabeled from black-listed maker

“Lorex Corporation is importing millions of devices from CCP-controlled Dahua, which has been banned in the United States for human rights abuses and national security risks,” the office said in a statement to Just the News. “AG Uthmeier must discover whether Lorex is selling re-labeled Dahua products which would introduce a range of cybersecurity vulnerabilities that would give the CCP a direct line into the homes and private lives of millions of Floridians.”

Dahua, a Chinese technology company, acquired the Canadian-based Lorex in 2018 but sold it to Taiwan-based Skywatch nearly three years ago after Dahua was blacklisted in the United States.

The Pentagon in 2022 listed Dahua as one of 13 companies doing business with the Chinese military and banned its products in the United States. Earlier, the Commerce Department in 2020 identified Dahua as one of several Chinese firms involved in human rights abuses with alleged slave labor involving Uighur minorities.

In 2023, the Australian government expressed alarm when it found about 1,000 security cameras in its various offices tied to Dahua and another Chinese-tied firm, ordering a sweeping review of all security equipment in its government facilities.

The Florida attorney general’s subpoena was issued Friday, and shortly afterwards, Uthmeier put out a statement on X advising Florida consumers about his actions and possible vulnerabilities in Lorex products they may own.

“What consumers do not know is that data might be shared with the Chinese military,” he said. “Imagine that. Footage of your baby in a crib going to the Chinese government. This is unacceptable. It is a national security issue, and it will not be tolerated.”

Keep reading