Tag: privacy

FTC Says Companies Can Collect Kids’ Personal Data, As Long As It’s Called “Age Verification”

The FTC just told companies they can collect children’s personal data without parental consent, as long as it’s for “age verification.”

That’s the practical effect of a policy statement the agency issued this week. Under COPPA, websites collecting data on kids under 13 generally need verifiable parental consent first. The FTC’s new statement carves out an exception: gather whatever personal information you need to verify someone’s age, and the Commission won’t come after you for it.

The agency calls this child protection. The infrastructure it’s enabling looks different.

Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection, said “Age verification technologies are some of the most child-protective technologies to emerge in decades,” and framed the announcement as a tool for parents.

What the statement actually does is green-light personal data collection from minors, on the theory that knowing someone’s age requires knowing who they are first.

The exemption is conditional. To avoid enforcement, sites must delete age verification data “promptly” after use, restrict third-party sharing to vendors with adequate security assurances, post clear notices about what they’re collecting, and use methods likely to produce “reasonably accurate” results. These requirements are unverifiable by the people whose data gets collected, and enforced by an agency that just announced it won’t enforce.

COPPA supposedly exists precisely because children’s personal data is sensitive and companies can’t be trusted to protect it without legal pressure.

The FTC’s new exemption uses that same sensitive data as the price of admission for age verification, then steps back from enforcement. The agency is weakening the law’s protections in order to expand the infrastructure that the law was supposedly designed to regulate.

Keep reading

Privacy Groups Revolt Against Google’s Demand to Register Every Android Developer

Android’s defining advantage over iOS has always been openness. You could build an app, distribute it yourself, and never touch Google’s systems. That era is about to end unless the open-source community can force Google to back down.

Starting September 2026, any app installed on a certified Android device must be registered by a Google-verified developer. No registration, no installation. The verification demands government-issued identification, agreement to Google’s terms and conditions, and a $25 fee.

Developers who skip Google’s approval process will find their apps blocked, even when distributed entirely outside Google Play, through stores like F-Droid, the Amazon Appstore, or Samsung’s Galaxy Store.

Organizations, including the Electronic Frontier Foundation, the Free Software Foundation, F-Droid, Article 19, Fastmail, and Vivaldi, signed an open letter calling on Alphabet CEO Sundar Pichai, founders Larry Page and Sergey Brin, and app ecosystem chief Vijaya Kaza to kill the policy. Their message is simple: Google is reaching into distribution channels it doesn’t own, doesn’t operate, and has no legitimate authority over.

Keep reading

40 Attorneys General Urge Congress to ‘Tie Online Access to ID’

Forty state attorneys general (AGs) last week urged federal lawmakers to pass a bill that could ultimately require people to digitally verify their identity to access the internet, according to privacy and free speech watchdog group Reclaim The Net.

In a Feb. 10 letter, the AGs backed the U.S. Senate version of the Kids Online Safety Act. They did not support the U.S. House of Representatives version, which differs in key ways.

If passed, the Senate bill would require government officials and agencies to figure out how computers, cellphones and operating systems could verify people’s age. The bill states:

“The Secretary of Commerce, in coordination with the Federal Communications Commission and the Federal Trade Commission, shall conduct a study evaluating the most technologically feasible methods and options for developing systems to verify age at the device or operating system level.”

The federal officials and agencies would be required to submit a report of their findings to Congress within a year.

Designing cellphones and computer operating systems to verify a user’s age would bring the U.S. another step closer to cementing a digital ID system, Reclaim The Net reported. In an article titled “40 State Attorneys General Want To Tie Online Access to ID,” it wrote:

“Device-level verification would likely depend on digital identity checks tied to government-issued identification, third-party age verification vendors, or persistent account authentication systems. …

“… Once age checks are embedded at the operating system level, the boundary between verifying age and verifying identity becomes difficult to maintain.”

Greg Glaser, a digital privacy expert and attorney, agreed. “By embedding identity checks into apps, hardware, or operating systems, the bill would create a de facto digital ID checkpoint for broad internet use,” he said.

Keep reading

Zuckerberg’s “Fix” for Child Safety Could End Anonymous Internet Access for Everyone

Mark Zuckerberg spent more than five hours on the stand in Los Angeles Superior Court on Wednesday, testifying before a jury for the first time about claims that Meta deliberately designed Instagram to addict children.

The headline from most coverage was the spectacle: an annotated paper trail of internal emails, a 35-foot collage of the plaintiff’s Instagram posts unspooled across the courtroom, a CEO growing visibly agitated under cross-examination.

The more important story is what Wednesday’s proceedings are being used to build.

The trial is framed as a child safety case. What it is actually doing, especially through Zuckerberg’s own testimony, is laying the political and legal groundwork for mandatory identity verification across the internet.

And Zuckerberg, rather than pushing back on that outcome, offered the court his preferred implementation plan.

Keep reading

Texas Sues Drone Maker Anzu Over Alleged Ties to CCP

Texas Attorney General Ken Paxton is suing drone-maker Anzu Robotics, alleging that the U.S.-based company misled consumers and concealed its ties with the Chinese communist regime.

Paxton announced the lawsuit on Feb. 19, accusing the Texas-based startup of rebranding products sourced from Chinese drone giant Da Jiang Innovations, commonly known as DJI.

Founded in the southern Chinese city of Shenzhen in 2006, DJI has been flagged by U.S. regulators as a security risk because of its ties to the Chinese Communist Party (CCP).

The U.S. Commerce Department added DJI to its export control list in 2020 for aiding the CCP’s human rights abuses. The Treasury banned U.S.-based individuals from trading DJI shares the following year because of similar concerns. The Pentagon blacklisted DJI as a Chinese military company in 2022, noting that the Chinese regime requires all Chinese companies to allow it to use them as part of its military-civil fusion strategy.

In the lawsuit, Paxton accused Anzu of making false and misleading representations to Texans about its business relationship with DJI, data-sharing practices, and software development.

Anzu markets itself as an American-owned, made-in-Malaysia alternative, but much of its drone technology is licensed from DJI, which receives payments for every drone that Anzu orders, the complaint alleges.

Keep reading

Spanish Court Orders NordVPN and Proton VPN to Block Piracy Streams

Spain’s soccer league has found a new target in its fight against pirate streams: the VPNs people use to protect their privacy online.

A court in Córdoba has ordered NordVPN and Proton VPN to block specific IP addresses broadcasting illegal LaLiga matches, requiring both companies to alter their “internal systems” to make those addresses “inaccessible from Spain.”

The ruling was issued without notifying either provider. Neither could challenge it before it took effect. The court says it cannot be appealed at all.

LaLiga and Telefónica Audiovisual Digital brought the case to Commercial Court No. 1 of Córdoba, framing the measures as “precautionary” and taken in “defense of [LaLiga] clubs’ audiovisual rights.”

The court’s theory of liability is that VPNs are “contributing” to piracy simply by doing what VPNs do, letting users change their IP address and location. The order also notes that VPNs “acknowledge and advertise” their effectiveness at evading internet restrictions. Offering a privacy tool that works, in other words, is now evidence of wrongdoing.

Both companies found out about the ruling the same way everyone else did. NordVPN and Proton have said that they have received no notice of this.

Keep reading

UK Government Plans to Use Delegated Powers to Undermine Encryption and Expand Online Surveillance

The UK government wants to scan people’s photos before they send them. Not just children’s photos. Everyone’s.

Technology Secretary Liz Kendall spelled it out on BBC Breakfast, floating a proposal to “block photographs being sent that are potentially nude photographs by anybody or block children from sending those.” That second clause is the tell. Blocking “anybody” from sending potentially nude images requires scanning everybody’s messages. There’s no technical path to that outcome that doesn’t involve reading content the sender assumed was private.

Kendall said the government is conducting a consultation on “whether we should have age limits on things like live streaming” and whether there should be “age limits on what’s called stranger pairing, for example, on games online.” The consultation, she said, will look at all of these. That list now covers messaging apps, photo sharing, gaming, and live streaming. Any feature that lets you share an image with another person potentially falls inside it.

This is how the mandate grows. The government announced a push for new delegated powers on February 16, framing them around age verification for social media and VPNs.

Keep reading

ProtonMail Logs Activist’s IP Address With Authorities After Swiss Court Order

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.

The Switzerland-based company said it received a “legally binding order from the Swiss Federal Department of Justice” related to a collective called Youth for Climate, which it was “obligated to comply with,” compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account.

On its website, ProtonMail advertises that: “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

Despite its no IP logs claims, the company acknowledged that while it’s illegal for the company to abide by requests from non-Swiss law enforcement authorities, it will be required to do so if Swiss agencies agree to assist foreign services such as Europol in their investigations.

“There was no possibility to appeal or fight this particular request because an act contrary to Swiss law did in fact take place (and this was also the final determination of the Federal Department of Justice which does a legal review of each case),” the company said in a lengthy response posted on Reddit.

Put simply, ProtonMail will not only have to comply with Swiss government orders, it will be forced to hand over relevant data when individuals use the service to engage in activities that are deemed illegal in the country. This includes monitoring IP addresses from users in “extreme criminal cases,” according to its transparency report.

“Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities,” ProtonMail founder and CEO Andy Yen tweetedadding “It’s deplorable that legal tools for serious crimes are being used in this way. But by law, [ProtonMail] must comply with Swiss criminal investigations. This is obviously not done by default, but only if legally forced.”

If anything, ProtonMail users who are concerned about the visibility of their IP addresses should use a VPN or access the email service over the Tor network for additional anonymity.

“The prosecution in this case seems quite aggressive. Unfortunately, this is a pattern we have increasingly seen in recent years around the world (for example in France where terror laws are inappropriately used),” the company said.

Keep reading

Keir Starmer Considers VPN ID Checks as UK Expands Online Safety Act Powers

Having already installed itself as the nation’s digital nanny with its online censorship law, the Online Safety Act, the government is now peering into the last remaining corner of online privacy and wondering whether it, too, might benefit from a sturdy padlock.

Prime Minister Keir Starmer has confirmed that ministers are examining new powers to move beyond social media age limits and into the architecture of private browsing itself. The latest idea involves ID checks for VPN use and chatbots.

Naturally, this is all for the children.

A VPN, or virtual private network, is often treated like a villainous contraption, but it’s actually a tool that encrypts your internet traffic and masks your location. In plain English, it stops internet providers, advertisers, and sometimes governments from tracking what you read, watch, or search.

Keep reading

‘No Privacy’ CBDCs Will Come, Warns Billionaire Ray Dalio

American billionaire and hedge fund manager Ray Dalio has warned that central bank digital currencies (CBDCs) are coming, offering benefits but also potentially allowing governments to exert more control over people’s finances.

“I think it will be done,” said Dalio on CBDCs in a wide-ranging interview on the Tucker Carlson Show on Monday, which also included topics on the US debt crisis, gold prices, and even a potential civil war. 

Ray Dalio is a billionaire hedge fund manager who has been co-chief investment officer of Bridgewater Associates since 1985, after founding the firm in 1975. 

During the interview, Dalio said CBDCs could be appealing due to the ease of transactions, likening them to money market funds in terms of functionality, but he also cautioned about their downsides.

He said there will be a debate, but CBDCs “probably won’t” offer interest, so they will not be “an effective vehicle to hold because you’ll have the depreciation [of the dollar].”

Dalio also cautioned that all CBDC transactions will be known to the government, which is good for controlling illegal activity, but also provides a great deal of control in other areas. 

“There will be no privacy, and it’s a very effective controlling mechanism by the government.”

Keep reading