HeadFlash

Privacy

Privacy in the Crosshairs: New Protocols, AI Risks, and Census Data Shake-Up

Cloudflare joins browsers for PACT, Cate Blanchett launches consent registry, and Trump's census ban sparks data chaos.

Listen

Cloudflare and Major Browsers Propose Privacy-First Protocol to Replace CAPTCHAs

On June 22, 2026, Cloudflare announced a collaboration with Mozilla Firefox, Google Chrome, and Microsoft Edge to develop and standardize a privacy-preserving protocol that helps humans and bots prove their traffic is not malicious. The initiative responds to the increasing shift from human-driven clicks to autonomous agent activity, which has made existing abuse-defense tools too generic and coarse. Cloudflare CTO Dane Knecht said that autonomous agents are beginning to orchestrate workflows on behalf of people, such as ordering food, and that the collaboration aims to eliminate friction from security protocols without sacrificing privacy. Shopify is also participating in the development. The protocol, called Private Access Control Tokens (PACT), allows sites with strong knowledge of ‘personhood’ to issue anonymous tokens; a user’s browser can then provide these tokens to other sites to prove a human is present, reducing the need for CAPTCHAs or invasive tracking. PACT is designed to prevent sites from using it to track or identify users or their browsing history. Microsoft Edge Director of Engineering Erik Anderson called for effective, interoperable, privacy-preserving tools to combat abuse. Mozilla Firefox CTO Bobby Holley noted that an avalanche of automated traffic is pushing sites toward blunt defenses like paywalls and CAPTCHAs, and that the collaboration aims to build a solution that maintains strong privacy and provides a less annoying experience. Cloudflare stated that using PACT on its network raises the bar for trustworthiness and integrity online without traditional costs.

Cloudflare Collaborates with Leading Browsers to Develop a Privacy-First Protocol for the Global Internet →

License Plate Readers Now Track AirPods and Smartwatches, Study Finds

Defense contractor Leonardo’s SignalTrace system, which produces sensors that can be fitted to existing license plate readers, can collect unique identifiers from phones, AirPods, and other Bluetooth-enabled devices, according to a report by 404Media. The sensors can also detect non-contact RFID devices such as air-pressure sensors, work badges, and pet microchips. Leonardo’s website states that the data collected shows what group of devices are traveling together, and algorithms can determine which specific mix of devices—linked by common timestamps and locations—are predictably moving together, forming an electronic fingerprint that can aid in identifying suspects or witnesses. The identifiers are fed into an algorithm along with license plate and other identifying information; if multiple devices travel together, a link is created between the device owners and the vehicle. All data is stored at Leonardo’s Enterprise Operations Center for future use, presumably by law enforcement agencies. Leonardo advertises that the sensors do not need to be connected to a license plate reader and can be used in off-road and non-traffic environments such as rail stations, event venues, and shopping centers. The Electronic Frontier Foundation has warned that massive repositories of identifying data become prime targets for cybercriminals, citing an advisory from the Cybersecurity and Infrastructure Security Agency that identified seven vulnerabilities in Motorola Solutions’ Vigilant ALPRs. Leonardo stated in a press release that its technology captures device frequencies emitted into the air but does not decrypt or capture the contents of the devices or their communications.

License plate cameras can track your AirPods, smartwatch, and more, disturbing study finds | The Independent →

Medical AI Models Vulnerable to ‘Near-Perfect’ Privacy Attacks, Study Warns

A new study warns that medical AI systems could be used to perform privacy attacks that allow hackers to determine whether a specific patient’s data was used to train a model. The attack, called a ‘membership inference attack,’ can achieve ‘near-perfect success rates’ for some individual patients, with the risk being greater for underrepresented groups. This could be used by cybercriminals to learn sensitive medical information, such as whether a person has cancer, and to launch further attacks. The researchers state that ‘medical AI models and their deployment contexts should be assessed for the sensitive information that attackers could obtain by successfully inferring training dataset membership.’ The study is reported in the paper ‘Disparate privacy risks from medical AI,’ published in the journal Nature. No specific models or datasets are mentioned in the source, but the findings highlight a significant privacy vulnerability in healthcare AI that demands urgent attention from developers and regulators.

Medical AI could compromise your privacy in disturbing new way, experts warn →

Cate Blanchett Launches Free Tool to Let Individuals Control AI Use of Their Likeness

On June 23, 2026, RSL Media, a public benefit nonprofit co-founded by Cate Blanchett, launched the Human Consent Registry, a free tool available to residents of the US and EU. The registry allows individuals to set a color-coded consent level for how AI may use their name, face, voice, and likeness: red prohibits all AI use, yellow permits use with terms such as payment or a licensing agreement, and green allows unrestricted use. Registration occurs at rslmedia.org, where a user provides biographical information and receives a Human Consent ID tied to machine-readable records covering name, image, likeness, voice, movement, and other personal attributes. The registry aims to address the billions of images scraped from the open web annually without the knowledge of the people in them. However, no enforcement mechanism currently exists; AI companies face no legal obligation to honor RSL signals, and registering hands personal data to a third party. The current value is a timestamped audit trail that could support future regulatory complaints. RSL Media plans future registries for creative works, fictional characters, and brand marks. Blanchett stated, ‘Your identity is your IP in the age of AI, and every person deserves the right to decide how AI can or cannot use it.’ The registry bets on voluntary compliance and future regulation, paralleling the robots.txt web standard.

Cate Blanchett Just launched a Free Tool To Stop AI From Stealing Your Face →

Trump Administration’s Ban on Noise Infusion Threatens Usable Census Data, Experts Warn

On June 4, the Trump administration issued an order, Disclosure Avoidance for Statistical Products, that forbids ‘any use of noise infusion’ for statistical products and states that coarsening shall be the preferred method and suppression permitted as a last resort. Noise infusion is a common privacy technique that creates random values within a dataset to protect confidentiality. Data experts warned the change will severely limit public data related to redistricting, natural disasters, the workforce, and housing. Beth Jarosz of Georgetown University said that because coarsening and suppression are the only allowed tools, the Census Bureau and Bureau of Economic Analysis must group small communities or suppress data completely, so small industries may be rolled into bigger categories and small counties may not be reported. On June 17, five major data associations released a joint statement condemning the order, stating it ‘subverts processes developed over decades to foster transparency and public trust and creates a scenario in which there will either be less privacy for our personal information, or less usable data, or both.’ Former Census Bureau chief scientist John Abowd listed affected data products including the OnTheMap for Emergency Management system and Quarterly Workforce Indicators. The order also came as the administration eliminated test locations for the 2030 census. America First Legal had previously challenged the Census Bureau’s differential privacy system. Lynda Kellam noted confusion over how the order will be enacted retroactively. The Data Rescue Project has been proactively collecting and archiving Census Bureau working papers.

The Trump Administration’s New Census Data Rules Are a Policy Disaster →