RT @roxananasoi: Surveillance is not Safety. A Ban is not Care. A government that holds everyone else accountable but never its own insti…

This is what the UK spyware proposal means. There must be government spyware on every mobile device. It shall watch everything that happens, including always watching the screen, looking for things the government disapproves of. When anything is flagged by the software as something the government doesn't like, the software must block it from being sent or displayed (in realtime). The user of the device must not be able to shut this watching and blocking off. The only way to shut it off would be to ask the government or its proxies to do so for you, at their discretion. Therefore the whole device must be locked down. Administrator rights and the decision of what software or operating system to run or not to run must be taken from the owner/user and handed to the government and its proxies. Apple and Google are themselves working hard to lock down the devices they are involved in to shut out competition and establish a duopoly. The UK government says it is "working closely" with Apple and Google and currently they synchronise and coordinate their communication on this subject. The UK government is now proposing to mandate what would otherwise be illegal anti-competitive practices. @GrapheneOS on the Apple and Google duopoly: x.com/GrapheneOS/status/2053… Statement from @signalapp x.com/signalapp/status/20640… @ReclaimTheNetHQ on the state spyware: reclaimthenet.org/starmer-ca… The government announcement: gov.uk/government/news/new-p…

Using GrapheneOS is not illegal, remember that. Don't be fear-mongered by companies who think that spitting out words will get you to give up your right to privacy.

Sony PlayStation is reporting GrapheneOS users to the authorities. If you try to age verify using GrapheneOS you are labeled a security risk, for trying to follow the rules while using a secure operating system.

The age verification company 'Yoti', used by companies like Sony, Meta and Instagram, is allegedly flagging GrapheneOS users as suspicious, and reporting them to authorities: "[...] Yoti automatically flags [...] any devices running GrapheneOS. These instances are automatically reported both to the authorities and our security team." However, this doesn't seem very likely, here the reaction from GrapheneOS: "It's unlikely the company has done anything to specifically detect GrapheneOS or ban using it. It's far more likely they detect not using a Google Mobile Services operating system without modifications. This customer support person went on a power trip to scare someone and get the ticket closed." What do you think?

This is complete nonsense. There's nothing illegal about using GrapheneOS and it doesn't do anything interfering with the secure operation of apps and services. It's far more secure than any Google-certified OS. Play Integrity API banning GrapheneOS is an antitrust law violation.

You paid Avast to block trackers. Avast was the tracker. 435 million users. 6 years of selling your full browsing history. Every search, every site, every location. The FTC caught them in 2024. $16.5 million fine. Here is the full story and how to stay safe. Avast was one of the biggest free antivirus companies in the world. At its peak it had 435 million active users. Its entire marketing pitch was simple: install us, and we will block the trackers that follow you across the web. Millions of people trusted that pitch. Most still have it installed. In January 2020, Motherboard and PCMag published leaked Avast internal documents. The truth: since 2014, Avast had been collecting the full browsing history of its users and selling it. The data was sold through a quiet subsidiary nobody had heard of, called Jumpshot. This was not a leak. It was the business model. What Jumpshot was actually selling, in the FTC's own words: "detailed, re-identifiable browsing data." That data included "religious beliefs, health concerns, political leanings, location, financial status, visits to child-directed content." Each URL came with a precise timestamp and a unique device identifier. Avast's defense was that the data was "anonymized." The FTC said that was the lie. Every URL came with a unique device ID and a precise timestamp. Any company holding its own customer data could match those timestamps and identify the real person behind the clicks. Anonymous in theory. Trackable in practice. The data was sold to over 100 different companies. One contract, with the advertising giant Omnicom in December 2017, paid Jumpshot about $2 million a year. In exchange, Omnicom received an "All Clicks Feed" covering 50% of Jumpshot's entire user base across the US, UK, Mexico, Australia, Canada and Germany. Every URL clicked, across all domains. The contract also let Omnicom map Jumpshot's user IDs to identifiers from data broker Neustar and LiveRamp. In plain English: re-identify the people. The timeline: -August 2014: Avast starts feeding browsing data to Jumpshot. -2018: Jumpshot says it has data from 100 million devices. -January 27, 2020: Motherboard and PCMag publish the leak. -January 30, 2020: Avast shuts Jumpshot down 3 days later. -February 2024: The FTC files formal charges. -June 2024: $16.5 million fine. Permanent ban. What the FTC ordered Avast to do, on top of the fine: delete every dataset given to Jumpshot. Delete every algorithm trained on that data. Get explicit consent before selling any browsing data ever again. Notify every affected user. About 3.6 million Americans were eligible for refunds. The claim window closed June 5, 2025. So how do you actually stay safe. Step 1. If you are on Windows 10 or 11, you already have Microsoft Defender built in. It is free. It updates automatically. PCMag, AV-TEST and AV-Comparatives all rank it as a top-tier antivirus every year. You do not need anything else. To confirm it is on: open Settings, click Privacy and Security, click Windows Security, click Virus and Threat Protection, confirm "Real-time protection" is On. That is the entire setup. Step 2. On Mac, you do not need a third-party antivirus at all. macOS already has Gatekeeper, XProtect and App Sandbox built in. They scan every app before it runs. Apple's malware database updates automatically in the background. If you want extra protection once a month, Malwarebytes Free is the most respected free name in that space. Step 3. On any device, also remove these: any browser "security" extension you do not recognize. Any free VPN you do not pay for, because most sell your traffic. Any antivirus you installed years ago and forgot about. If the software is free and it touches your browsing, it has a way of making money. Usually with your data. The bigger lesson from the Avast story. Free software is never actually free. Someone is always paying. Often it is you, with data you did not know you were giving. Before you install anything next, ask one question. If I am not paying for it, what is the product.

SECRETARY RUBIO: "One of the things you'll find pretty consistently in every totalitarian system is that they want to control the ability of their citizens to communicate with one another."

So-called age verification for social media is spreading across the world, framed as an effort to create a safer internet for children. In reality, age verification lays the foundation for a fully controlled internet. The age verification rush must be slowed down, and politicians need to recognize the consequences of different types of legislation and systems. Age verification is the wrong approach to fix “the social media problem” The big tech social media companies are bad. Their business model is bad; it is based on mass surveillance and manipulation, and they cooperate with governments in mapping entire populations. But age verification is fundamentally the wrong approach to preventing children from using big tech social media platforms. Introducing age verification is based on coercion; the state forces social media companies to verify their users’ identities. But the big tech social media platforms already know which of their users are children. Their business model depends on knowing this. They know how old users are, and they know exactly what type of person they are. As age verification is based on coercion, politicians could instead force platforms to stop doing the things politicians consider harmful to children, or force them to block children (again, they know who they are) from using their services. But instead, politicians seek to massively invade everyone’s privacy and undermine democratic rights on a global scale. In other words, the latter is the real objective – they do not want to protect children; they want to impose control. Slippery slope of age verification It is undeniable that age verification threatens freedom of expression, risks increasing mass surveillance, and is likely to lead to censorship. It will not only shrink the online world and reduce young people’s right to privacy (for example, if VPN services were to be restricted); but also risks becoming a significant step toward a controlled internet for everyone. Most age verification is identity verification Most countries are now considering introducing age verification systems, meaning that everyone would have to identify themselves either to the service/website they want to use or to a third party capable of linking them to their activity on that service or website. This is not age verification but identity verification, and the consequence is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media. This is a major problem in countries like the UK and Germany where the police conduct raids on people’s homes for posting content on social media that the authorities dislike. Or in the United States, where authorities are trying to pressure tech companies into revealing the identities behind accounts protesting ICE. Social media identity verification removes important tools for activists in countries where criticizing those in power is dangerous. Restrictions on app store or operating system level Some countries are looking to impose identity verification at the app store level or even within the operating system itself. This is an exciting experiment, since this is possible to circumvent using open-source operating systems. Some countries are already looking to include open-source systems. Since open-source systems cannot be controlled, politicians would ultimately need to ban devices that are not controlled by the state. The end point: telescreens like those in Orwell’s 1984, devices that both monitor you and broadcast only the information approved by the state. The Zero-Knowledge Proof (ZKP) alternative and the EU The EU has presented its own age verification app as “completely anonymous”. The idea is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is currently designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time. Read more on our site. mullvad.net/blog/age-verific…

Our Android app has for the second time passed MASA, a standardized security assessment, conducted by Leviathan Security Group. Read more: mullvad.net/blog/2026-securi…

The EU age verification app is presented as “completely anonymous”. But the risk is that member states (the countries are supposed to create their own versions of the open-source EU app) use it to introduce identity verification that makes it impossible to post anonymously on social media. The idea behind “completely anonymous” is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time. This means that the EU could decide at any time that ZKP may no longer be used, and in one stroke the app would fall back to its default mode, meaning that every post on social media carries an ID tag. By that point, an infrastructure will already have been rolled out; people will have gotten used to it, and it will be harder to roll it back. More details on mullvad.net/blog/age-verific…

MetaCert’s Link Verifier & Why It’s A Gamechanger For Many Different Industries. open.substack.com/pub/beamer…

No, this isn't a security feature but rather is the direct opposite and reduces security. It won't prevent theft and won't help people recover a stolen device in practice either. Making it more difficult to return a device to Before First Unlock state directly weakens the security of user data rather than improving it. A thief can still forcefully trigger a shutdown or reboot by holding the power button. On a device where that triggers a reboot rather than a shutdown, the device can be forced to go into a special mode rather than the OS or can also usually be forcefully powered off afterwards. If devices didn't include a way to force reboot/shutdown then they could get easily stuck with the OS booted if it stops responding to input but is still functioning under the hood. There's nearly always a way to force reboot/shutdown and also a way to forcefully get out of a boot loop into a powered off state if holding power only triggers a reboot at first. The remote location detection service from both Apple and Google supports finding an iPhone or Pixel while it's otherwise turned off via nearby Apple or Google Play devices. In general, a thief needs to use a faraday bag or battery removal to block a device being located. Both approaches also work against an OS trying to make shutting down require authentication but it's not required since it can be bypassed by holding power. Once a device is unlocked for the first time, the encrypted data remains accessible to the operating system until it's powered off again. Only a tiny portion of data is inaccessible to the OS while locked in After First Unlock state. For most devices, fully restoring the security of Before First Unlock state requires shutting down and waiting for memory to degrade. Rebooting won't fully restore Before First Unlock state unless the operating system zeroes memory at boot and/or shutdown/reboot with both of those ideally being done. Devices in After First Unlock state can have all user data extracted by exploiting the hardware, firmware or software running on the device. A device with Evolution X is far more vulnerable to data extracted than an iPhone or stock Pixel due to lack of strong security protections and incomplete security patches. Most Android devices including anything running most alternate operating systems have atrocious security against exploits and data extraction from After First Unlock state is very easy. Being able to quickly turn off a device or having someone mistakenly do that themselves is needed for encryption to work against even a well informed university student with access to basic equipment. A thief turning off your device helps keep with the data safe. Many Android devices also lack truly working disk encryption for users without a strong passphrase but that's a separate problem.

WhatsApp encryption is a giant fraud. The state of Texas just sued WhatsApp for lying to users about privacy — because WhatsApp employees have access to “virtually all” private messages. Now we know what WhatsApp’s founder meant when he said he “sold his users’ privacy.”

ANYONE with a laptop can now access spy-grade surveillance tools for FREE. It's called OSIRIS, an open-source clone of Palantir $PLTR, the $324 BILLION intelligence company. It lets anyone WATCH every commercial flight, spy satellite, and CCTV cameras. It tracks military jets, detects GPS jamming, and maps active war zones. All updating LIVE, in ONE browser tab, free FOREVER. Governments paid Palantir MILLIONS per year for tools like this. The CIA's playbook is now public domain.

Researchers proved that your Android phone is sending data to Google every 4.5 minutes. Even when you opt out of EVERYTHING. Researchers at Trinity College Dublin did an exhaustive deep-dive into exactly how much data iOS and Android devices stealthily transmit back to Apple and Google. Both tech giants are running non-stop telemetry pipelines from your device. Even when you are not logged into an account. Even when you explicitly opt out of data collection. Even when the phone is completely untouched. The sheer volume of data being harvested is staggering. Android sends data back to Google every 4.5 minutes. iOS follows right behind, pinging Apple every 4.5 minutes. Within the first 10 minutes of powering on a fresh device, Android sends roughly 1MB of data to Google. iOS sends about 42KB to Apple. When the phones are just sitting there doing nothing, Google harvests around 1MB of data every 12 hours. Apple collects roughly 52KB. Google is collecting 20x more telemetry data than Apple. But what they are collecting is the real problem. The researchers discovered that your phone isn’t just sending generic system diagnostics. It is sending a highly detailed digital fingerprint: - Hardware serial numbers - Device IMEI numbers - Wi-Fi MAC addresses - Your phone number - SIM card details And it gets darker. iOS uploads the WiFi MAC addresses of every device near you. Your roommate's laptop, the café router, your neighbor's home gateway—all tagged with your exact GPS coordinates. If just one person in your building enables location services once, Apple now knows where every single device on that network lives. Forever. The researchers tried to opt out of everything. They turned off location services, restricted background data, and avoided signing into any accounts. It didn't matter. The data transmission never stopped. The escape hatch has been welded shut. Right now, millions of professionals use these devices to handle sensitive business data, proprietary code, and private operations under the assumption that "idle" means "safe." But the data shows there is no such thing as an offline smartphone anymore. --- Paper: Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google (2021)

Privacy is the foundation of a free society. A monitored society is a controlled society.

What privacy-first software looks like: ddocs[.]new(@fileverse) → documents encrypted locally before upload. the provider cannot read drafts, deleted text, or revision history. privacy enforced by cryptography. Mullvad VPN(@mullvadnet) → privacy-focused VPN with anonymous account generation, minimal data collection, and optional anonymous payments. Windscribe (@windscribecom)privacy-focused VPN designed to reduce tracking, hide your IP address, and give users more control over their network privacy GrapheneOS(@GrapheneOS) → hardened Android-based OS focused on security, sandboxing, and minimizing unnecessary data collection. Linux → open-source operating systems that give users more transparency, control, and customization over their devices and data. Brave(@brave), LibreWolf, Tor Browser(@torproject) → privacy-focused browsers with tracker blocking, anti-fingerprinting protections, and stronger control over web surveillance. Signal(@signalapp) → end-to-end encrypted messaging with minimal metadata retention. open source and built around private communication. Monero(@monero) → privacy-focused cryptocurrency that hides sender, receiver, and transaction amounts by default instead of exposing everything on a public ledger. What did i miss ? 🤔

🚨 BREAKING: France’s Digital ID System Hacked—Sensitive Data of 19 Million Citizens Now Sold on the Dark Web France’s centralized digital identity platform, operated by France Titres (formerly ANTS), suffered a major breach on April 15, 2026. Hackers stole records affecting roughly one-third of the French population and started auctioning them on dark web forums. The exposed database contains: • Full names • Email addresses and phone numbers • Dates and places of birth • Postal addresses • Unique government account IDs This information gives criminals powerful tools for identity theft, phishing campaigns, synthetic identities, and large-scale financial fraud. The system manages passports, national ID cards, driver’s licenses, residency permits, and vehicle registrations. Officials confirmed no biometric photos or uploaded documents were taken, but the core personal data is now circulating. Hackers operating under aliases like “breach3d” and “ExtaseHunters” posted the massive dump soon after the intrusion. French authorities acknowledged the security incident and are notifying affected individuals, though the sheer scale makes rapid alerts challenging. France has seen multiple major government data breaches recently, including student records via ÉduConnect, bank account details, and medical information. Centralized systems handling vast amounts of linked personal data create high-value targets that attract persistent attackers. Action steps if you’re in France or have connections there: • Closely monitor all financial and government accounts • Strengthen 2FA on every service • Stay alert for phishing attempts impersonating official agencies • Consider credit monitoring or freezes where available French authorities detained a 15-year-old suspect on April 25 in connection with the breach. The teenager is believed to have operated under the alias “breach3d” and offered between 12 and 18 million records for sale on hacking forums. Prosecutors in Paris have opened a formal investigation into the minor on computer crime charges. The full story is still unfolding as more details emerge about how the breach occurred and the exact scope of the exposure. This incident highlights the profound dangers of centralized digital ID systems. When governments consolidate citizens’ most sensitive personal information into single, internet-connected databases, they create massive single points of failure. One successful hack can expose millions instantly, turning everyday personal details into weapons for widespread fraud and surveillance. As nations push for broader digital ID adoption, this breach serves as a stark reminder that convenience and control come at the steep price of heightened vulnerability for entire populations.

"My Ministers will also proceed with the introduction of digital ID that will modernise how citizens interact with public services." Child safety was the bait. Surveillance is the product. The UK just announced the end of private access to public services. Privacy is dead.