Tag: privacy

FBI Recovers Deleted Signal Messages Through iPhone Notifications

The FBI successfully recovered private Signal messages from a defendant’s iPhone even after the app was deleted. Learn how this security loophole works and the simple setting you must change today to keep your chats private.

Most of us prefer using the Signal app because it is supposed to be very secure with a remarkable end-to-end encryption system that hides our chats from everyone else. It also has a message-disappearing feature to help us set a message deletion time.

But the Federal Bureau of Investigation (FBI) found a way to read private Signal messages on an iPhone, even after the app was deleted. This was revealed in a court case in Texas that these messages can stay hidden in the phone’s memory longer than we expected.

How the loophole works

The case involves a woman named Lynette Sharp and an attack on a Texas detention centre in July 2025. During the trial in April 2026, the FBI revealed they recovered her messages even when she had deleted the Signal app. The bureau, reportedly, retrieved the messages from the iPhone’s push notification database.

During the trial, FBI Special Agent Clark Wiethorn explained how investigators accessed the evidence. When a message arrives, the phone shows a little preview on the screen, which is handled by the phone’s operating system and not the Signal app.

Even if Signal deletes the message later, the phone’s system can save a copy of that preview in its own records. To read these saved messages from Signal, the FBI used Cellebrite, a forensic tool often used by law enforcement to scan seized devices.

A key finding is that the FBI could only see incoming messages, not the ones Sharp sent, which confirms the data came from the notification storage. It shows that while the app’s encryption is strong, the phone’s operating system keeps its own logs of everything.

Keep reading

UK Southport Inquiry Pushes Mass Surveillance and VPN Restrictions

On July 29 2024, a teenager walked into a children’s Taylor Swift-themed dance class in Southport, England, and murdered three young girls with a knife. He injured ten others.

It was, by any measure, one of the most horrifying attacks on British soil in recent memory, and what followed should have been a reckoning with the catastrophic state failures that let it happen.

Instead, the British government looked at the smoldering aftermath and decided the real enemy was the internet, and the solution just so happens to be the mass surveillance censorship proposals the government is already working on.

After the attack, outrage on social media turned to protests. Protests became riots. And the state’s response landed with a speed and ferocity that it had never managed to direct at, say, the agencies that let a known danger walk free for years.

A former childcarer named Lucy Connolly was jailed for 31 months for a single post on X. That is three months longer than the sentence given to a man who physically attacked a mosque during the same period of unrest.

The UK was already a country where arrests for “offensive” social media posts had nearly doubled in seven years, climbing from 5,502 in 2017 to 12,183 in 2023. The overall conviction rate for those arrests was falling at the same time. Police were locking people up for what they typed at a rate that was going up, while the number of convictions that actually stuck was going down.

The Southport riots became the accelerant. A House of Commons Home Affairs Committee report used the unrest to call for a “new national system for policing” with enhanced capabilities to surveil social media activity, framing public anger as a problem of online “misinformation” rather than a consequence of the state’s own failures.

The state was dodging accountability by demanding censorship and surveillance and blaming the internet for unrest.

Keep reading

FISA Section 702 Extension Faces House Vote With No Privacy Reforms

Section 702 of the Foreign Intelligence Surveillance Act expires in days.

The bipartisan push to extend it without a single privacy reform is now accelerating, with House Speaker Mike Johnson, Senate Judiciary Committee Chairman Chuck Grassley, and President Trump all lining up behind an 18-month renewal that preserves the government’s ability to search Americans’ communications without a warrant.

The House Rules Committee met to consider H.R. 8035, the bill that would keep Section 702 alive through late 2027.

Johnson has refused to allow amendments, telling reporters that adding reforms would threaten the bill’s passage. That position blocks the one change that privacy-focused lawmakers in both parties have spent years fighting for: a requirement that the FBI get a judge’s approval before searching a database of Americans’ phone calls, emails, and text messages that were collected without individual court orders.

Trump posted on Truth Social today, calling on Republicans to “get a clean extension of FISA 702 through the House of Representatives this week.” He wrote, “I am asking Republicans to UNIFY and vote together on the test vote to bring a clean Bill to the floor. We need to stick together when this Bill comes before the House Rules Committee today to keep it CLEAN!”

The president, who told lawmakers to “KILL FISA” during the 2024 reauthorization debate, wrote in a March Truth Social post that “whether you like FISA or not, it is extremely important to our Military.”

Grassley announced his support for the clean extension this morning after the Department of Justice agreed to revise rules governing congressional oversight of the Foreign Intelligence Surveillance Court.

The DOJ committed to rolling back a Biden-era policy from November 2024 that had restricted how members of Congress could attend and observe FISC and FISCR proceedings, including banning note-taking and allowing the DOJ to exclude lawmakers from certain sessions.

Those restrictions directly contradicted the Reforming Intelligence and Securing America Act (RISAA), which Congress passed in April 2024 and which explicitly required congressional access to the surveillance courts.

“I applaud DOJ for lifting its restrictions on congressional oversight of FISC and FISCR proceedings. With Congress’s access fully restored, the Trump administration has faithfully implemented the reforms Congress called for in its last FISA reauthorization and proven its commitment to transparency and the protection of civil liberties,” Grassley said.

“Section 702 is one of our nation’s most valuable national security tools. Especially given the current threat environment, it’s imperative Congress doesn’t allow this critical authority to lapse. We must ensure American lives aren’t put at risk by a potential Section 702 expiration on April 20. The best path forward is for the House to pass a clean, 18-month FISA extension.”

The DOJ agreed to stop excluding members of Congress from surveillance court proceedings, stop banning note-taking, and stop preventing lawmakers from sharing information with appropriately cleared colleagues. These were things Congress already required by law.

The DOJ was violating its own statute, got caught, and agreed to comply. Grassley is treating compliance with existing law as a reason to skip reforms that would protect 330 million Americans from warrantless searches of their private communications.

Nothing about the DOJ’s procedural fix addresses the core problem with Section 702: the FBI routinely searches a massive database of communications collected under the program to find and read Americans’ emails, texts, and phone calls, all without getting a warrant.

The FISA Court itself called the FBI’s compliance problems “persistent and widespread” in 2022. FBI queries targeting Americans’ data rose 35% in 2025, according to the latest transparency report from the Office of the Director of National Intelligence.

The agency asking Congress for more time is the same one running more warrantless searches than ever.

Keep reading

Secret Grand Jury Convened to Unmask Anonymous Government Critic on Reddit

Federal prosecutors have ordered Reddit to appear before a grand jury in Washington, D.C., and hand over the personal data of an anonymous user who posted criticism of Immigration and Customs Enforcement. The company has until April 14 to comply. Reddit has declined to say whether it plans to fight the order.

The user, identified in court filings as John Doe, is a US citizen in the Pacific Northwest. Doe’s attorneys reviewed the account’s post history and found nothing resembling criminal activity.

The most aggressive posts they could locate: sharing already-public biographical details about Jonathan Ross, the ICE agent who killed Renee Good in Minneapolis in January; suggesting “Urine speaks louder than words” as an anti-ICE protest sign (a reference to a song); and writing “TSA sucks and we all know it.”

Keep reading

Idaho Bans Mandatory Digital ID With New Privacy Law

Idaho just became one of the few states to draw a line against mandatory digital identification. Governor Brad Little signed Senate Bill 1299 on April 1, 2026, and the new law does something genuinely unusual in American state politics right now: it pushes back against digital ID rather than pushing it forward.

We obtained a copy of the bill for you here.

The bill creates Section 67-2364 of the Idaho Code, prohibiting government entities from requiring “any person to obtain, maintain, present, or use digital identification.”

Approximately three-quarters of US states are currently offering or developing electronic driver’s licenses. The national momentum is clearly toward digital ID systems, with states like Arkansas, Texas, Georgia, and Utah all advancing their own versions in 2025 alone. Idaho is swimming against that current.

The bill, introduced by Senator Tammy Nichols, goes further than a simple opt-out. It prohibits public entities from denying, delaying, conditioning, or reducing “any service, benefit, license, employment, education, or access based on a person’s refusal or inability to use digital identification.”

That second clause, “or inability,” protects people who can’t use digital ID, not just those who won’t. Anyone without a smartphone, without reliable internet, without the technical literacy to navigate a digital wallet, keeps full access to government services. Physical, non-digital identification remains “valid for all governmental purposes” under the law.

The bill also addresses what happens when someone voluntarily shows a digital ID during a government interaction. A government entity cannot “require a person to surrender, unlock, or relinquish control of a personal electronic device for identity verification.” Handing your phone to a police officer or a clerk at the DMV is not the same as handing them a laminated card.

A phone contains your messages, your photos, your browsing history, and your location data. Presenting a digital ID “shall not constitute consent to search or access any other contents of a device.”

That’s a Fourth Amendment protection written directly into a state statute.

Keep reading

UK Foreign Affairs Committee Calls for Government Agency to Police Online “Disinformation”

The UK’s Foreign Affairs Committee wants the government to build a new censorship agency. The proposed “National Counter Disinformation Centre” would be given the power to identify and act against speech the state considers “disinformation,” placed on a statutory footing, and modeled on bodies like Sweden’s Psychological Defence Agency, which once ran a public campaign warning citizens about the dangers of memes.

The committee’s report, published on March 27 2026, goes further than a single new body.

It calls for new censorship rules in a forthcoming Representation of the People Bill to target AI-generated content and “the creation and dissemination of disinformation.”

It wants amendments to the Online Safety Act that would force platforms to publicly display where user accounts were created and whether the user connected through a VPN. It wants more money for the FCDO’s Hybrid Threats Directorate. And it wants the government to review the National Security Act’s foreign interference offense because, apparently, an existing law that carries up to 14 years in prison isn’t strict enough.

Keep reading

Kiwi Farms Challenges DMCA Subpoenas as Tools to Unmask Anonymous Speech

A new lawsuit filed in the Southern District of New York offers a clean example of something that keeps happening and keeps getting ignored: the Digital Millennium Copyright Act being used to censor speech and unmask anonymous speakers.

The case is Lolcow LLC v. Fong-Jones, filed on March 12, 2026, and it pits the operator of the web forum Kiwi Farms against Liz Fong-Jones, an activist and field Chief Technology Officer at SaaS observability platform Honeycomb, who has been filing DMCA subpoenas in an attempt to identify anonymous forum users.

The content Fong-Jones wants censored is a screenshot of a Fong-Jones Bluesky post and an edited version of a Fong-Jones headshot, both related to what Fong-Jones has previously described publicly as a “consent accident.”

Forum users posted and discussed those images. Fong-Jones responded by claiming copyright ownership and filing DMCA subpoenas to force the site to hand over the identities of the people who posted them.

The copyright claims seem thin. Kiwi Farms operator Joshua Moon argues that the screenshot is a derivative work over which Fong-Jones holds no copyright, and that the edited headshot represents a textbook case of fair use, given that the image has no commercial value and was modified specifically for purposes of criticism and commentary.

That argument carries weight. Courts have long recognized that transformative use of images for commentary or ridicule sits comfortably within fair use protections.

What makes this case useful as a case study is less the copyright question itself and more the mechanism being exploited. The DMCA subpoena process, codified in Section 512(h), allows copyright holders to obtain a judicial subpoena to unmask the identities of allegedly infringing anonymous internet users just by asking a court clerk to issue one and attaching a copy of the infringement notice.

Keep reading

Apple Removes Private VPN Apps From Russia App Store

Apple pulled several custom VPN clients from the Russian App Store last week, including Streisand, V2Box, v2RayTun, and Happ Proxy Utility.

These aren’t the big-name commercial VPN providers that Apple already removed in 2024 at Roskomnadzor’s request. These are tools that let users connect to their own private servers and configure manual proxies, the kind of apps that give technically savvy Russians the ability to route around state censorship without depending on any company’s infrastructure.

Russian tech outlet Kod Durova first reported the removals, noting that the same apps remain available through Google Play on Android.

Days before the removals surfaced, Digital Development Minister Maksut Shadayev announced the Kremlin’s most aggressive anti-VPN campaign yet. “We have an obligation to fulfill the tasks that have been set before us. In this case, the task is to reduce the use of VPNs,” Shadayev said on the state-backed messenger Max.

He linked the push to what he called “long, difficult and ultimately unsuccessful” talks with foreign tech companies over compliance with Russian law.

Keep reading

Americans Traveling to Hong Kong Will Now Face ARREST for Refusing to Hand Over Phones, Laptops, and Passwords

The era of privacy is officially over in the “New Hong Kong,” and if you’re an American traveling abroad, you are now a target for the Communist-controlled regime.

According to a recent warning issued by the U.S. Consulate, Americans entering or even transiting through Hong Kong could now face criminal charges simply for refusing to unlock their phones or provide passwords to authorities.

Under newly updated enforcement rules tied to Hong Kong’s sweeping National Security Law, police now have the authority to demand access to personal electronic devices, including phones and laptops, on the spot.

And here’s the catch:

This applies to everyone, residents, tourists, business travelers, and even passengers just passing through the airport.

The U.S. Consulate General in Hong Kong and Macao issued the following alert:

On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses.

Keep reading

New Company Hopes to Build Age-Verification Tech into Vape Cartridges 

Their goal is to use biometric data and blockchain to build age-verification measures directly into disposable vape cartridges.

Wired reports on a partnership between vape/cartridge manufacturer Ispire Technology and regulatory consulting company Chemular (which specializes in the nicotine market) — which they’ve named “Ike Tech”:[Using blockchain-based security, the e-cig cartridge] would use a camera to scan some form of ID and then also take a video of the user’s face. Once it verifies your identity and determines you’re old enough to vape, it translates that information into anonymized tokens. That info goes to an identity service like ID.me or Clear. If approved, it bounces back to the app, which then uses a Bluetooth signal to give the vape the OK to turn on.

“Everything is tokenized,” [says Ispire CEO Michael Wang]. “As a result of this process, we don’t communicate consumer personal private information.” He says the process takes about a minute and a half… After that onetime check, the Bluetooth connection on the phone will recognize when the vape cartridge is nearby and keep it unlocked. Move the vape too far away from the phone, and it shuts off again. Based on testing, the companies behind Ike Tech claim this process has a 100 percent success rate in age verification, more or less calling the tech infallible. “The FDA told us it’s the holy grail technology they were looking for,” Wang says. “That’s word-for-word what they said when we met with them….”

Wang says the goal is to implement additional features in the verification process, like geo-fencing, which would force the vape to shut off while near a school or on an airplane. In the future, the plan is to license this biometric verification tech to other e-cig companies. The tech may also grow to include fingerprint readers and expand to other product categories; Wang suggests guns, which have a long history of age-verification features not quite working.

Keep reading