Privacy

The Internal Revenue Service is building a computer program that would give deportation officers unprecedented access to confidential tax data.

ProPublica has obtained a blueprint of the system, which would create an “on demand” process allowing Immigration and Customs Enforcement to obtain the home addresses of people it’s seeking to deport.

Last month, in a previously undisclosed dispute, the acting general counsel at the IRS, Andrew De Mello, refused to turn over the addresses of 7.3 million taxpayers sought by ICE. In an email obtained by ProPublica, De Mello said he had identified multiple legal “deficiencies” in the agency’s request.

Reddit users in the United Kingdom will now be blocked from accessing “certain mature content” unless they complete the platform’s new age verification process. Reddit announced on Monday that UK users will need to upload a selfie or a photo of their government ID in order to view content that’s restricted for under-18s by the UK Online Safety Act (OSA), including abusive, violent, and sexually explicit materials.

The age verification process is performed by Persona, a third-party provider that won’t have access to users’ Reddit data or retain photos for longer than seven days. Reddit says it also won’t have access to uploaded photos, and that it will only store birthdates and verification statuses so that users don’t need to re-verify their account. I managed to complete the process myself this morning using a selfie in under a minute, though the photo tool had some difficulty detecting when my face was correctly framed.

On June 13, 2025, the EU Commission sent a letter to Italy's Minister of Foreign Affairs, Antonio Tajani, warning that the Piracy Shield may not be compliant with Digital Services Act (DSA) rules. The system, lawmakers said, may even undermine citizens' fundamental rights to freedom of expression and information as ruled by the EU Charter of Fundamental Rights.

Italy's Piracy Shield allows authorities to not only require ISPs, but also VPN and DNS providers, to block suspected pirated content within 30 minutes. A feature praised by rightholders in the country, which also led to significant overblocking incidents and sparked strong criticism across the industry.

The Trump administration has relied on a shadowy website accused of doxxing pro-Palestine academics to target them for deportation, a government official revealed during court testimony.

Peter Hatch, a senior official with Immigration and Customs Enforcement, testified in federal court Wednesday that the Department of Homeland Security used information gleaned from opaque websites, including Canary Mission.

The lawsuit, brought by the American Association of University Professors and the Middle East Studies Association, is challenging the Trump administration’s efforts to deport pro-Palestinian student activists.

The suit was filed in March after immigration authorities arrested Columbia University graduate Mahmoud Khalil, the first target of Trump's effort to deport non-citizen students with pro-Palestinian views.

The Trump administration’s “ideological deportation” policy is a violation of the First Amendment, the groups say.

On Thursday, a digital rights group, the Electronic Frontier Foundation, published an expansive investigation into AI-generated police reports that the group alleged are, by design, nearly impossible to audit and could make it easier for cops to lie under oath.

Axon's Draft One debuted last summer at a police department in Colorado, instantly raising questions about the feared negative impacts of AI-written police reports on the criminal justice system. The tool relies on a ChatGPT variant to generate police reports based on body camera audio, which cops are then supposed to edit to correct any mistakes, assess the AI outputs for biases, or add key context.

On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver “secure” and “private” messaging without a centralized infrastructure.

The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey’s white paper detailing the app’s protocols and privacy mechanisms, Bitchat’s system design “prioritizes” security.

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all — by Dorsey’s own admission.

Getting your identity stolen is bad enough. What if it was abused to buy and sell some of the worst content imaginable?

That’s what happened to a man in Ohio, whose name and personal details were used by people who were allegedly trading child sexual abuse material (CSAM), according to a search warrant reviewed by Forbes.

In 2023, when the FBI began looking into a person uploading CSAM to Dropbox, they discovered they’interacting with an individual who’d been selling links to abuse material.

Data from the user’s CashApp showed it’d ostensibly been registered by a 31-year-old from Mississippi. When cops learned the man was also under investigation in Dallas, they decided to search his address.

Instagram users have told the BBC of the "extreme stress" of having their accounts banned after being wrongly accused by the platform of breaching its rules on child sexual exploitation.

The BBC has been in touch with three people who were told by parent company Meta that their accounts were being permanently disabled, only to have them reinstated shortly after their cases were highlighted to journalists.

Doctors who oppose the use of software developed by Palantir in the NHS have “chosen ideology over patient interest”, the UK boss of the tech giant has told MPs.

Louis Mosley appeared in front of the Science, Innovation and Technology Committee on Tuesday as part of its innovation showcase.

While there, he also challenged claims that Palantir has a “reputational difficulty” and said it is “very proud” of the work it does in Israel.

Palantir was co-founded by billionaire tech entrepreneur Peter Thiel, who was an early backer of US President Donald Trump, and has worked with the US government.

It was announced in November 2023 that a group led by Palantir had secured a £330 million contract to provide the NHS Federated Data Platform (FDP).

The shared software system will aim to make it easier for health and care organisations to work together and provide better services to patients, but Palantir’s involvement sparked concerns about how patient data will be used.

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

Gemini AI needs to be disabled on Android or it will override your privacy settings and gain full access to your texts, calls, and WhatsApp - even if you’ve turned off Gemini Apps Activity.

Google recently started notifying users via email that from July 7th, 2025, its AI model, Gemini, will assist apps on Android like WhatsApp, messages, and phone. Simply put, Gemini will get access to your apps even if you previously turned tracking for Gemini Apps Activity off. Soon the AI tool will be able to run tasks like send WhatsApp messages, set timers, and even make calls – regardless of whether you previously told Google’s Gemini not to track you. We take a look at how you can disable Gemini on Android from accessing your phone’s services, using your data for AI, and how to take back your privacy.

Analyzed by exodus, island the work profile app have 3 trackers detected

https://reports.exodus-privacy.eu.org/reports/com.oasisfeng.island/latest

Should I be worried?

Apple on Monday filed an appeal against the EU’s decision to fine the company €500 million (about $580 million) for not complying with rules that mandate companies to let developers steer users outside the App Store for making purchases, according to multiple reports.

The European Commission issued the fine in April, saying that Apple failed to comply with the Digital Markets Act (DMA) rules to allow developers to accept payments for their apps outside Apple’s ecosystem.

Apple revised its fee structure for app distribution in the EU in late June with a more complicated framework that includes an initial acquisition fee, a store services fee, along with a core technology commission to accommodate alternative payment methods. This move was likely to avoid further fines from the European Commission.

The European Commission and U.K. 's competition regulator have both received legal complaints this week from publishers over Alphabet's new Google AI Overview tool, saying the company is abusing its dominance and is directing traffic away from news websites.

It comes after Google started rolling out its AI Overview feature--where summaries are displayed over Google's blue-linked search results to other websites--last year, first in the U.S., before bringing the service to users in the U.K. in August 2024 and the EU earlier this year.

On the internet, it’s easy to feel anonymous. If you don’t log in, no one can see who you are; you can even switch to incognito mode. The more savvy user would say that’s not really enough. To be anonymous, you need to clear your cookies and use a privacy-oriented browser.

But new research shows even that doesn’t work anymore. Websites are still tracking you — silently, persistently, and without your consent — by reading your browser’s unique “fingerprint.”

I've been looking at the WebCrypto API. When combined with the File system API, it can be used to encrypt and store files on your device storage in what seems to be a pretty secure way.

A webapp has some clear vulnerabilities with the code being served over the web (so you shouldnt be using this for any serious purposes!).

Live demo: https://dim.positive-intentions.com/?path=%2Fstory%2Fusefs--encrypted-demo

Demo code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js

IMPORTANT NOTES TO PREVENT MISLEADING

• this isnt a product. it provided for testing and demo.
• it isnt reviewed or audited.
• the "password encryption" is using a hardcoded password. id like to aim for a passwordless approach for this, but i havent considered it enough to discuss yet :)
• this isnt aimed to replace anything like veracrypt. just to show a comparison.
• this respository represents a webcomponent UI framework. while it holds some ideas i think are interesting, the ui framework seems like its going to be deprecated and i will be refactoring the functionality in favour of React.

I made an ephemeral onion chatroom, inspired by Ricochet and OnionShare, just for fun. Anyone wants to try? This app has a clearnet version and tor version as well!

• Clearnet: https://shadowtalk.yuzukateam.io.vn/
• Tor: 74xhglgkx3yq5o5ibiehpfwoq4jxb62323ydzam56fvqbkuo6kd7tcid (hash)
• And it open source!!!:https://github.com/plsgivemeachane/ShadowTalk I really like to get some feedback. Have fun everyone!

I'm wondering if this concept would work...

I love cheese, and sometimes find that websites don't have enough info about cheese. So I'm trying to help Google and GTM know that I have a significant interest in cheese. Only cheese, nothing else.

I want to code an extension in FF or Chrome to use in a VM that looks for a GTM container ID and injects data into that container that sends tags for cheese, cheese products, cheese accessories, charcuterie, etc. And even injects data showing large purchases of cheese. it would replace GTM tags on a site with my custom selection, just to ensure there's no question - we're all about cheese here.

This will save Google time, because otherwise I would have to rely on several weeks or months of searches about cheese. Instead, if every site I visit helps me express an interest in cheese, that would be great!

I would, of course, only use this extension myself, and never share such a thing. In the extension options, I would be able to select tags to share, just in case I end up with a similar interest for pine trees, marshmallows, or tomatoes.

Thoughts? Open to any suggestions here.

I recently realized that I’ve been using some tool a lot: a small web app I built myself to remove EXIF data from images.

United States Customs and Border Protection (CBP) is asking tech companies to pitch digital forensics tools that are designed to process and analyze text messages, pictures, videos, and contacts from seized phones, laptops, and other devices at the United States border, according to documents reviewed by WIRED.

The agency said in a federal registry listing that the tools it’s seeking must have very specific capabilities, such as the ability to find a “hidden language” in a person’s text messages; identify specific objects, “like a red tricycle,” across different videos; access chats in encrypted messaging apps; and “find patterns” in large datasets for “intel generation.” The listing was first posted on June 20 and updated on July 1.

CBP has been using Cellebrite to extract and analyze data from devices since 2008. But the agency said that it wants to “expand” and modernize its digital forensics program. Last year, CBP claims, it did searches on more than 47,000 electronic devices—which is slightly higher than the approximately 41,500 devices it searched in 2023 but a dramatic rise from 2015, when it searched just more than 8,500 devices.

Meta has come out swinging following the European Commission's decision that its pay-or-consent model falls foul of the Digital Markets Act (DMA).

In a post, the company stated: "This decision is both incorrect and unlawful, and we are appealing it." It then cites previous judgments to support its argument that it should be permitted to display personalized ads to users who don't want a paid subscription.

"Meta," it said, "is the only company in Europe unable to offer both a subscription-based and a free ad-supported service. Instead, Meta is required to offer a free, reduced-ad service – less personalized ads – that leads to poorer outcomes for users, advertisers, and platforms."

According to Meta, national courts and data protection authorities, including in France, Denmark, and Germany, have given "consistent support" for "business models that provide a paid subscription alternative to consent for personal data use for personalized ads."

But not the European Commission, which handed down a €200 million ($228 million) fine for the Meta's "consent or pay" ad model in April.