Privacy
Privacy Under Siege: Age Checks, Surveillance, and Encryption Threats
From mandatory age verification to warrantless tracking and AI listening, today's edition covers the biggest threats to your digital privacy.
Congress Prepares to Vote on KIDS Act Mandating Age Checks Online
Congress is set to vote within the next week on the KIDS Act, a legislative package that includes revised versions of KOSA, the SAFE BOTS Act, and the SCREEN Act, moving under an ultra-expedited process without separate debate. The bill would require online services to verify all users’ ages, impose government-directed moderation policies, and create new rules for private and encrypted communications. Supporters claim it protects minors, but critics argue it undermines privacy, free expression, and the ability to use the internet without revealing sensitive data. KOSA defines children as under 13 and teens as 13–16, imposing special protections whenever a platform “knows or should have known” a user is a minor, a negligence-style standard that forces services to determine ages before any lawsuit. Age estimation systems make mistakes, especially for people of color, people with disabilities, and trans and nonbinary individuals. The SAFE BOTS Act restricts chatbot features for minors under the same standard, while the SCREEN Act requires services hosting sexually explicit content to assess users’ ages. The revised KOSA removes the duty of care but still pressures platforms to moderate broad categories of lawful speech, likely leading to over-removal. New rules for direct messages, ephemeral messages, and AI chat also create pressure to weaken encryption, as the bill does not fully protect strong encryption when platforms must “address” harms to minors. The package ultimately pushes more age checks, more restrictions, and less privacy for all users.
The KIDS Act Would Require Age Checks To Get Online →
Tech Giants Pay $3.5 Billion in AI-Related Privacy Fines and Settlements
A Surfshark analysis of ten enforcement actions found that major tech companies collectively incurred $3.5 billion in AI-related fines and settlements between 2022 and 2026. Nine out of ten cases involved using personal data without consent. Companies named include Anthropic, Meta, Google, Clearview AI, Apple, Amazon, and OpenAI. The largest individual penalties include Anthropic’s $1.5 billion settlement for training AI on pirated books, Meta’s $1.4 billion fine for biometric data collection without consent, and Clearview AI’s approximately $46 million fine for scraping facial images. Enforcement accelerated in 2024, with multiple penalties against Google, OpenAI, Meta, Amazon, and Clearview AI. Surfshark’s Dr. Luis Costa stated that “this could be only the beginning” and that accountability is catching up with innovation. However, enforceability remains a bottleneck, as companies can contest jurisdiction, negotiate settlements down, or delay payment through legal maneuvers. Meta’s $1.4 billion fine represents about 1% of its annual revenue, which exceeded $130 billion. Europe has also placed restrictions on what major cloud providers can do with sensitive government data.
Big Tech Took a $3.5 Billion Hit for Feeding AI With Your Personal Data →
Google Pixel May Gain ‘Audio Memory’ Feature That Listens to Conversations
Google is working on a feature tentatively called “Audio Memory” for Pixel smartphones, according to hints found in a preview version of Android System Intelligence. A leak reported by 9to5Google revealed a description stating: “Keep track of what you hear throughout your day, from the music around you to your important conversations.” The feature would go beyond the existing Now Playing functionality, potentially allowing the phone to record ambient conversations. It is unclear whether the smartphone will listen continuously in the background or activate only after a trigger, and whether only phone calls or all ambient speech will be captured. Audio Memory is still in development and may never reach the market, but it is reminiscent of Microsoft Recall, which faced massive privacy criticism and was redesigned with stricter protections. If Audio Memory records conversations continuously, Google would have to comply with the EU General Data Protection Regulation and national laws, and automatically recording conversations could constitute a criminal offense under German law. It remains open whether and in what form Google would offer the feature in Europe.
Will My Pixel Smartphone Soon Be Eavesdropping on Me? →
Harris County Mother Counts Eight Flock Cameras on Route to School
A mother went viral after counting eight Flock Safety cameras on the drive to her child’s school in Harris County, Texas. The county sheriff’s office has access to 480 Flock cameras under a contract renewed through June 2027 for roughly $869,000, and Houston Police can query up to 88,000 cameras nationwide through Flock’s cross-agency network. Flock cameras capture license plates, vehicle make and model, color, GPS coordinates, and timestamps, searchable in real time with cross-jurisdiction alerts. An investigation by the Houston Chronicle found that HPD officers rarely document why they run searches on the platform. The Texas Department of Public Safety is investigating whether Flock operated in Houston without a valid private security license, which was reportedly suspended for failing to maintain required liability insurance. A Texas Civil Rights Project representative told commissioners the system “enables police surveillance, with little to no oversight.” No federal standard governs data retention or access, and no Texas statute requires officers to log search justifications. The DPS investigation remains open.
Martin Lewis Warns Callers Not to Assume Privacy While on Hold
Martin Lewis warned that callers may inadvertently reveal personal or sensitive information while on hold with a service provider. On his BBC podcast, he shared a tip from a call centre worker: “If you think you’re on hold, don’t assume because there is music that the call handler can’t hear what you’re saying whilst you’re on hold.” Lewis said the revelation “sent chills through me” and that he was “blown away” by it. He advised that when haggling, callers should not mention a specific price they would accept while on hold, as the handler might overhear. He added that other confidential information could also be accidentally disclosed, such as private conversations.
Martin Lewis data privacy warning whenever you phone up a service provider →
Website Reveals How Much Your Browser Tells About You
The Since You Arrived website (sinceyouarrived.com) demonstrates what data a browser reports to websites. Volume IV lists information the browser makes available, including location (via ISP), browser software, current timezone, system GPU, device battery life, the previously visited website, and time spent on the page. The site reported that one user’s screen was 1470 by 956 pixels at 2x density, which it described as “almost certainly a recent, high-end display,” noting the device volunteered all that data in the first milliseconds of the connection. To limit this data collection, recommended steps include installing a VPN that spoofs location and time zone, changing browsers to Mozilla Firefox (which has built-in anti-fingerprinting technology) or Tor Browser (which offers even stronger protections at the cost of speed). Incognito mode has limited effect, while Tor Browser runs in a constant state similar to incognito. Additional steps like limiting ad personalization on Google address broader privacy but not the immediate data websites receive upon visiting.
Your web browser knows a lot about you. Here’s what you can do about it. →
EU Faces ‘Double Threat’ to Encrypted Messaging as Campaign Relaunches
Civil rights activist Dr. Patrick Breyer warns of an unprecedented “double-attack” on secure messaging ahead of critical EU meetings. On Friday, European Parliament President Roberta Metsola is attempting to resurrect the expired Chat Control 1.0 regulation, ignoring that the Parliament rejected it in March. A leak reveals the Council will try to adopt a first-reading position to force it through. On Monday, final trilogue negotiations on the permanent Chat Control 2.0 regulation will take place, where the Parliament may rush a new mandate on detection and scanning. The worst-case scenario includes voluntary mass scanning that could be made effectively mandatory, mandatory detection orders without court oversight, and mandatory age verification that would end the right to anonymous communication in Europe. Civil society has relaunched fightchatcontrol.eu, enabling citizens to email EU lawmakers. Breyer stated that genuine child protection is possible without destroying the privacy of 450 million Europeans, calling for targeted investigations and proactive deletion of material on the darknet rather than error-prone algorithms.
ATF Cancels Warrantless Phone Tracking Contract After Lawmaker Concerns
The Bureau of Alcohol, Tobacco, Firearms and Explosives canceled its contract for Webloc, a surveillance tool enabling warrantless tracking of mobile devices, after Rep. Michael Cloud and Sen. Ron Wyden raised concerns. ATF described the use of Webloc as a pilot program. Webloc, made by Penlink, sources location data from consumer apps and advertising networks, allowing agencies to bypass warrant requirements. ATF said the tool “does not meet our needs” and is not using any other ad-tech-sourced services. Wyden called the decision “a victory for Americans’ constitutional rights.” After a May congressional hearing, Wyden and Cloud learned that ATF had conducted more than 300 warrantless searches using Webloc, including over 200 tied to active cases. In one instance, a prosecutor and judge expressed concerns about Webloc data, and ATF was forced to obtain a traditional court order. Other users of Webloc include the U.S. military, ICE, and police in multiple cities. The FBI and DHS continue to buy commercial geolocation data, and a bipartisan bill to ban the practice without a court order has been introduced.
ATF cancels phone tracking contract after lawmakers raise concerns - ABC News →
School Bus Cameras to Become Always-On License Plate Readers
BusPatrol, a company that operates stop-arm cameras on school buses, plans to convert those cameras into always-on automatic license plate readers. The company has over 40,000 stop-arm cameras deployed across 24 states, using AI to review images of drivers illegally passing buses and submit them to law enforcement. According to leaked documents, BusPatrol now aims to keep the cameras active at all times, capturing data on any vehicle in sight, and sell that data to law enforcement agencies. The stop-arm cameras have been criticized for not delivering promised safety benefits but have generated tens of millions of dollars in revenue. The ACLU’s Jay Stanley said there is “a real risk that AI will be used to create a hellscape of over-enforcement.” The leaked documents indicate BusPatrol expects pushback. An anonymous source said a new investor is pushing the company to find alternate revenue streams. BusPatrol is already testing with one school bus and plans to deploy 100 license-plate-reading cameras on school buses by the end of next month.
Your Kids’ School Bus Is About to Become a Roaming Surveillance Vehicle →
Data Breach Exposes Up to 14.2 Million Email Logins at Six Japanese ISPs
KDDI Corporation, a Japanese telecommunications operator, disclosed a data breach affecting an email system used by five other ISPs in Japan. The compromise was discovered on June 17, and the attacker was blocked immediately after exploiting a vulnerability in an unnamed third-party software. KDDI warned that email addresses and passwords of customers may have been obtained. The incident impacted STNet, JCOM, Chubu Telecommunications, NIFTY Corporation, and BIGLOBE. Up to 14.22 million customers, including current, former, and inactive account holders, may have had their email addresses and passwords exposed. Some passwords were stored hashed and/or encrypted, but KDDI did not specify the encryption type or the percentage of plaintext passwords. KDDI has been contacting affected ISPs since June 17 and notified Japan’s data protection authorities. Customers are advised to reset their email passwords and enable two-factor authentication if available.
Data breach exposes up to 14.2 million email logins at six ISPs →
Quantum Computing Race Could Break Encryption by 2028, US Executive Orders Signal
Recent advances in error correction and qubit stability by Google, Microsoft, and IBM have challenged the assumption that quantum computing is decades away. Governments are now scrambling for an early advantage, viewing it as the next major technology race. This month, US President Donald Trump signed executive orders to accelerate the development of a scientific-grade quantum computer in the US and to prepare for a future in which quantum computers can crack today’s encryption systems. The orders target a 2028 breakthrough, raising the specter of ‘Q-Day’ when current encryption becomes obsolete. Global powers are investing billions to secure hardware superiority, as quantum computing threatens the privacy and security of all digitally encrypted communications.
Mint Explainer: Why quantum computing is the next geopolitical race →