Privacy

The High Court of Justice in London has dismissed a legal challenge presented by the Wikimedia Foundation in regards to the UK’s Online Safety Act (OSA) Categorization Regulations. This decision by the court means that Wikipedia doesn’t have the immediate legal protections that it had hoped for.

The Wikimedia Foundation’s challenge targeted regulations that risk imposing the OSA’s most stringent obligation (Category 1 duties) on Wikipedia. This case was notable as it was the first legal challenge against the OSA’s Categorization Regulations; however, the dismissal is a significant setback for the foundation’s proactive legal strategy.

EU parliament accepted a last minute amendment, mandating age verification for pornographic (whatever that is) content online, punishable with up to one year prison sentence.

This was rolled into a directive concerning CSAM. Because adults accessing porn need to be de-anonymised to avoid child exploitation?

Some press releases: (1), (2), (3)

(Above link with skipped Paywall)

Summary by Andi:

A teenage hacker named Reynaldo Vasquez-Garcia discovered that the Halo 3C vape detector, which looks like a standard smoke detector in school bathrooms, contained hidden microphones and security flaws that allowed it to be turned into a secret listening device[^1].

Working with another hacker known as "Nyx," Vasquez-Garcia found the device could be hacked by exploiting weak password controls and firmware update vulnerabilities. Once compromised, attackers could use it to eavesdrop on conversations in real-time, disable its detection capabilities, create fake alerts, or play audio through its speaker[^1].

The researchers revealed these findings at the 2025 Defcon hacker conference, demonstrating how any hacker on the same network could hijack a Halo 3C by brute-forcing passwords at 3,000 attempts per minute. The device's firmware could also be modified since its encryption key was publicly available in updates on the manufacturer's website[^1].

Motorola, which owns the Halo 3C's manufacturer IPVideo Corporation, said it developed a firmware update to address the security flaws. However, the researchers argue this doesn't solve the fundamental privacy concern of having microphone-equipped devices installed in sensitive locations like school bathrooms and public housing[^1].

[^1]: Wired - It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug

Archive : https://archive.is/7I7mK

Oligarchs whose business empire was under investigation by the Serious Fraud Office spied on lawyers who ran some of the UK’s most sensitive criminal cases.

The Guardian has obtained surveillance images of former SFO prosecutors taken by hired spies. Their goal is said to have been gathering information on the agency’s activities, identifying its sources and gaining “leverage”.

Instagram’s new location-sharing update is raising privacy concerns, with users reporting their whereabouts were shared without their knowledge despite Meta saying the update is opt-in.

Experts warn that location-sharing features are linked to a higher risk of tech-based coercive control.

The controversy follows other recent privacy issues for Meta, including a lawsuit over the misuse of sensitive health data from a women’s health tracking app.

Running JavaScript from inside an image? What could possibly go wrong?

Dropsitenews published a list of websites Facebook uses to train its AI on. Multiple Lemmy instances are on the list as noticed by user BlueAEther

Hexbear is on there too. Also Facebook is very interested in people uploading their massive dongs to lemmynsfw.

Full article here.

Link to the full leaked list download: Meta leaked list pdf

Transcript

A post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957

It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f

given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public

Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight.

Big Brother Watch says the UK government has allowed images from the country's passport and immigration databases to be made available to facial recognition systems, without informing the public or parliament.

The group claims the passport database contains around 58 million headshots of Brits, plus a further 92 million made available from sources such as the immigration database, visa applications, and more.

Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system, but researchers sponsored by the German government have found a critical flaw in its business implementation.

In a presentation at the Black Hat conference in Las Vegas, Dr Baptiste David and Tillmann Osswald from independent security shop ERNW Research demonstrated how one can crack the Hello system and a local admin, or someone who has access to their credentials via malware or other means, can inject biometric information into a computer that would allow it to recognize any face or fingerprint.

Discover Hidden Gems: Open-Source Software You Should Know About

We all love open-source software, but there are so many amazing projects out there that often go unnoticed. Let's change that! Share your favorite open-source software that you think more people should know about. Here’s how you can contribute:

1. Single Option Per Comment: Mention one open-source software per comment to be able to easily find the most popular software.
2. No Duplicates: Avoid duplicating software that has already been mentioned to ensure a wide variety of options.
3. Upvote What You Love: If you see a software that you also appreciate, upvote it to help others discover it more easily.

Check out last year's post for more inspiration: Last Year's Post

Let's create a comprehensive list of open-source software that everyone should know about!