Tag: privacy

EU Digital ID Wallet Trials Near End Amid Privacy Concerns

Potential, one of the consortia selected to trial the EU’s planned Digital Identity (EUDI) Wallet, is preparing to conclude its work by September 2025.

The group, which came together in 2023, has played a role in laying the foundation for a system that privacy advocates warn could dramatically expand the surveillance and data collection capabilities of both governments and private companies.

The EU’s original target of launching the wallet in 2024 has already shifted, with the current deadline now pushed back to 2026.

Over the course of its mandate, Potential coordinated with 155 organizations across 19 countries, drawing in major corporations including Idemia, Thales, Amadeus, and Namirial.

Together, they developed six proposed uses for the digital wallet, covering activities such as opening a bank account, registering SIM or eSIM cards, accessing government services, using a mobile driving license, applying a Qualified eSignature, and presenting electronic prescriptions.

Each of these use cases, while framed as a convenience for citizens, raises questions about how personal data will be stored, shared, and protected in this new ecosystem.

A series of large-scale tests have already been conducted. The first remote trials began in May 2024. February 2025 saw cross-border testing in Warsaw, where 15 national wallets and 20 services exchanged data in peer-to-peer mode.

Keep reading

Hawaii Governor Signs Medical Marijuana Expansion Bill, After Calling One Of Its Provisions ‘A Grave Violation Of Privacy,’

On the heels of signaling a possible veto of a bill meant to expand access to medical marijuana in Hawaii, Gov. Josh Green (D) instead signed the measure into law over the weekend, regardless of a provision he recently described as “a grave violation of privacy.”

HB 302 will make two main reforms around patient access. First, it allows a patient’s primary treating medical provider to recommend marijuana for any malady they see fit, regardless of whether it’s a specified qualifying condition in Hawaii. It also allows patients to receive medical cannabis recommendations through telehealth visits rather than having to establish an in-person relationship with a provider.

Before lawmakers sent the bill to Green, a conference committee revised the plan, inserting a provision to allow the state Department of Health to access medical marijuana patient records held by doctors for any reason whatsoever.

The revised bill authorizes the Department of Health to “inspect a qualifying patient’s medical records held by the physician, advanced practice registered nurse, or hospice provider who issued a written certification for the qualifying patient.” Providers who don’t comply with a department request for a patient’s records could see their ability to issue medical cannabis revoked.

Advocates initially supported HB 302 as a means to expand access to patients with conditions beyond those specified under state law. But many withdrew support following the conference committee’s changes.

An additional provision establishes a new Class C felony for unlicensed operation of a dispensary, adding another major charge on top of the state’s existing laws against illegal distribution of marijuana.

In early June, Green himself put the cannabis measure on a list of bills he intended to veto—an indication, though not a commitment, that he was leaning towards rejecting it.

“Although this bill’s authorization of medical cannabis certifications via telehealth expands access to medical cannabis,” his office wrote at the time, “provisions authorizing the inspection of patients’ medical records without warrant constitute a grave violation of privacy.”

Keep reading

Student Visa Applicants Will Now Be Forced To Make Their Social Media Accounts Public

In a Monday announcement, several U.S. embassies stated that student visa applicants will be required to turn the settings on their social media accounts to “public” in order to facilitate scrutiny of their posts, presumably for ideological screening. The change is part of a recent string of crackdowns on international students, which has targeted many who have participated in pro-Palestinian protests or expressed anti-Israel views.

In a social media post, the U.S. Embassy in London wrote that “every visa adjudication is a national security decision,” adding that applicants for several kinds of student visas would be required to “adjust the privacy settings on all of their personal social media accounts to ‘public’ to facilitate vetting necessary to establish their identity and admissibility to the United States.” Several other embassy social media accounts also posted the statement.

The directive comes after months of ramped-up efforts to ideologically filter prospective international students. Earlier this year, Secretary of State Marco Rubio began canceling the visas of some college students who participated in anti-Israel protests—or, in one student’s case, simply wrote an op-ed. In one March press conference, he estimated that his office had canceled more than 300 visas.

“Every time I find one of these lunatics, I take away their visa.” Rubio said. “At some point, I hope we run out because we’ve gotten rid of all of them, but, we’re looking every day for these lunatics that are tearing things up.”

A domestic cable sent to embassy officials in May telegraphed this latest development, ordering officials to scour social media posts from prospective Harvard students, noting that the order “will also serve as a pilot for expanded screening and vetting of visa applicants” and “will be expanded over time.” Last week, additional policy updates directed embassy officials to review F, M, and J visas (which are common student visas) for “any indications of hostility toward the citizens, culture, government, institutions or founding principles of the United States.”

This latest move in the Trump administration’s mission to prevent students with disfavored views from studying in the U.S. is nothing less than outright viewpoint discrimination. While the U.S. has a national security interest in vetting visa applicants for affiliations with outright terrorist groups, merely opposing Israel’s actions in Gaza hardly approaches that line. And, as many free speech advocates have pointed out, this precedent can easily be utilized to punish many other viewpoints.

“There is nothing stopping this or another administration from using that authority tomorrow against critics of other countries, whether they’re protesting Russia’s invasion of Ukraine or China’s oppression of Uyghurs,” reads a recent statement from the Foundation for Individual Rights and Expression (FIRE), a First Amendment group. “That’s wrong. Requiring foreign students and faculty to self-censor their views about American foreign policy in order to stay in the country violates American principles of free speech and the First Amendment.”

Keep reading

Austria Approves Spyware Law to Infiltrate Encrypted Messaging Platforms

Austria is moving forward with legislation that would authorize law enforcement to infiltrate encrypted communications, marking a pivotal shift in the country’s surveillance powers and stirring a fierce debate over digital privacy.

The federal cabinet’s approval of the plan comes after months of negotiations, with proponents citing national security needs and opponents warning of expansive overreach.

The proposed law targets messaging platforms widely used for private communication, including WhatsApp, Signal, and Telegram.

It introduces the use of spyware, formally known as source TKÜ, which would allow authorities to bypass encryption and monitor conversations directly on suspects’ devices. The change represents a major escalation in surveillance capabilities for a country that has traditionally lagged behind its European counterparts in digital interception laws.

Backers of the measure, such as Social Democrat Jörg Leichtfried, who oversees the Directorate for State Security and Intelligence (DSN), framed the move as a preventative strategy. “The aim is to make people planning terrorist attacks in Austria feel less secure; and increase everyone else’s sense of security.”

Leichtfried called the cabinet’s approval an “important milestone.”

Austria’s domestic intelligence services have until now been dependent on international partners, including the UK and the US, to provide warnings of potential threats.

Keep reading

Florida AG Subpoenas Medical Firms Over ‘Backdoor’ on China-Made Devices

Florida Attorney General James Uthmeier has subpoenaed two medical companies selling Chinese-made patient monitors over concerns that the devices could send patient data to China.

Uthmeier’s office stated in a press release that they had taken legal action against Contec Medical Systems, a China-based company known for making patient monitors, and Epsimed, a Miami-based company that resells Contec-made monitors under its own brand name.

The office alleged that Contec “concealed serious security problems” in its products, including a built-in “backdoor” that could “allow bad actors to manipulate data” on the devices without knowledge of either the patient or the provider, and programming that automatically sends patient information to an IP address that belongs to a university in China.

“Some of the most private, personal information” is going to China “without the consent, and in most cases, the awareness of the patient,” Uthmeier told The Epoch Times. “I think there’s a major consumer protection issue for Floridians, for Americans as a whole, and we’re not going to stand for it.”

Uthmeier’s office alleged that Contec and Epsimed may have violated a state law, the Deceptive and Unfair Trade Practices Act, in their assurances on product quality when the products appear to fall far short of standards given their security vulnerabilities. He threatened to pursue damages, civil penalties, and injunctive relief to protect consumers.

Contec Medical Systems is headquartered in Qinhuangdao, a port city located in northern China’s Hebei Province. It has an affiliate called Contec Medical Systems USA Inc. in Illinois to handle the U.S. market.

Keep reading

Largest Data Breach in History: *16 Billion* Login Credentials Exposed in Databases

Security researchers have uncovered potentially the largest data breach in history, comprising an astounding 16 billion login credentials, which include Apple accounts.

9to5Mac reports that a team of security researchers has stumbled upon a massive trove of stolen login credentials, exposing an unprecedented 16 billion records, including Apple accounts. The discovery, which researchers describe as “one of the largest data breaches in history,” has sent shockwaves through the cybersecurity community and raised serious concerns about the potential for widespread account takeovers, identity theft, and highly targeted phishing attacks.

The researchers, from the cybersecurity firm Cybernews, initially found a database containing 184 million records sitting unprotected on a web server last month. However, as they delved deeper, they realized that this was just one of many unsecured databases full of private information. Further investigation revealed an additional 29 datasets, each containing tens of millions to over 3.5 billion records. In total, the researchers uncovered a staggering 16 billion records, making this one of the biggest stolen login discoveries of all time.

What sets this breach apart from others is the freshness and organization of the data. The researchers emphasized that these are not just recycled old breaches, but rather “fresh, weaponizable intelligence at scale.” The neatly structured data, which includes URLs, usernames, and passwords, points to infostealers as the likely source. Infostealers are a type of malware specifically designed to collect login credentials in this exact format.

The implications of this breach are far-reaching and deeply concerning. With access to such a vast number of login credentials, cybercriminals can easily carry out account takeovers, steal identities, and launch highly targeted phishing campaigns. Apple accounts, which are among the exposed credentials, are particularly worrisome, as they can be used to access a wide range of sensitive information and services, including iCloud, Apple Pay, and the App Store. Other logins reportedly included in the massive datasets include Google, Facebook, instagram, Amazon, and many other popular web services.

Keep reading

Stripe And Substack Demand Authors’ Financial Details

Financial privacy is a right under the Constitution, as is free speech.  

Under the guise of “credit review,” Stripe is now rolling out a requirement that appears to target conservative or “anti-vax” Substack authors. Stripe is requiring that these authors provide all of their current and historic financial records associated with the bank account into which Stripe deposits Substack subscriber payments (after taking 10% off the top for Substack and 3% for Stripe). Stripe already has information concerning this bank account (including deposits from Stripe), as we have been doing business with Stripe via this account for over two years.

If I or anyone else agree to these new terms, this newly implemented arbitrary, capricious and overreaching requirement will provide Stripe with complete records of all financial transactions associated with this account. Consequently, this will provide Stripe with comprehensive information on all of my customers, patients, and clients, all of my travel (historic and planned), all of my purchases, and any donations (and donor information).

This information from my account and those of any others who comply with this demand can be hacked or sold, provided to the US Government, used to fuel predictive algorithms (AI), used to derive insights into my political orientation, weaponized against me by press or other hostile actors, or used to support future social credit score-based restrictions.

Stripe has a history of financially deplatforming (or debanking) for political reasons, including removing support for Donald Trump’s presidential campaign. Despite its relatively recent entry into the financial transaction business, Stripe has become a major global financial organization, and processed one $1 trillion in payments during 2023, and is now expanding its credit charge program

Keep reading

Senate Pushes Bill That Could End Private Messaging

Under the pretext of strengthening measures against child exploitation online, a controversial Senate bill is resurfacing with provisions that privacy advocates say would gut critical internet protections and compromise the security and privacy of all citizens.

Known as the STOP CSAM Act of 2025 (S. 1829), the legislation is being criticized for using broad language and vague legal standards that could severely weaken encryption and open the floodgates for content takedowns, including legal content, across a wide range of online services.

We obtained a copy of the bill for you here.

The bill’s stated aim is to curb the spread of child sexual abuse material, a crime already strictly prohibited under federal law. Current regulations already compel online platforms to report known instances of such material to the National Center for Missing and Exploited Children, which coordinates with law enforcement.

However, S. 1829 goes well beyond this existing mandate, targeting a wide spectrum of internet platforms with new forms of criminal and civil liability that could penalize even the most privacy-conscious and compliant services.

The scope of the legislation is sweeping. Its provisions apply not only to large social media platforms but also to private messaging apps, cloud storage services, and email providers.

Keep reading

Radio trick secretly turns laptop into a spy speaker that talks through walls

Security researchers at the University of Florida and the University of Electro-Communications in Japan have revealed that modern digital microphones used in laptops and speakers can leak audio as electromagnetic signals.

This could lead to the creation of a new network of wireless eavesdropping without needing any malware, hacking, or even physical access to your device.

In the aftermath, this vulnerability could affect billions of devices worldwide, exposing private conversations to corporate spies and government surveillance.

How does this attack work?

All devices, such as speakers and laptops, have MEMS microphones, which are a tiny part of the system tasked with converting audio into digital pulses that contain remnants of the original speech. These pulses create weak radio emissions that can be captured by invisible broadcasts.

“With an FM radio receiver and a copper antenna, you can eavesdrop on these microphones. That’s how easy this can be,” said Sara Rampazzi, a professor of computer and information science and engineering at the University of Florida who co-authored the new study. “It costs maybe a hundred dollars, or even less.”

The experiment that proved it all

The team of researchers proved their theory using eerie sounds. A woman’s distorted voice emerged from the radio equipment as she spoke test sentences like “The birch canoe slid on the smooth planks.” and “Glue the sheet to the dark blue background.” Each transmission penetrated through concrete walls up to 10 inches thick.

Laptops proved to be the weakest link as their microphones are connected through long internal wires that act as antennas, amplifying the leaked signals.

Now comes the dangerous part. For the leak to happen, your microphone does not necessarily need to be in an active state. Simply having applications like Spotify, Amazon Music, or Google Drive – can enable the microphone to leak radio signals.

AI in the scenario

The researchers didn’t just stop at this stage. They went beyond and processed the intercepted signals with AI speech-to-text tools from OpenAI and Microsoft. These LLMs then cleaned the audio and converted the recordings into clear, searchable text.

Surprisingly, in tests, the attack had recognized spoken digits with 94.2% accuracy from up to 2 meters away, even through a concrete war. It kept a 14% transcription error rate, making majority of the conversations understandable.

Keep reading

OpenAI Is Ordered to Save Every ChatGPT Chat — Even the Ones You Delete

A federal court order requiring OpenAI to retain all ChatGPT conversations, including those users have deleted, should strong concern among privacy advocates and added pressure to a growing legal battle over the use of copyrighted material in AI systems.

On May 13, US Magistrate Judge Ona T. Wang directed OpenAI to “preserve and segregate all output log data that would otherwise be deleted on a going-forward basis until further order of the Court.” Although the order was issued several weeks ago, it only came to wider attention this week as OpenAI began taking formal steps to challenge it.

The ruling stems from multiple lawsuits filed by media organizations, including The New York Times, that accuse OpenAI of unlawfully using their copyrighted content to train and operate ChatGPT.

In response, OpenAI submitted a filing urging US District Judge Sidney H. Stein to overturn what it described as a “sweeping, unprecedented order.”

The company argued that the directive forces it to ignore user choices about data deletion, jeopardizing the privacy of millions. OpenAI also pointed to a statement from The New York Times editorial board asserting that Americans “should be able to control what happens to their personal data.”

Keep reading