Lemdro.id

Youtube

Hacking the EU Age Verification app in under 2 minutes.

During setup, the app asks you to create a PIN. After entry, the app encrypts it and saves it in the shared_prefs directory.

1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.

So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.

After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.

Other issues:

1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.

Seriously von der leyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time. . Von Der Leyen "The European Age Verification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..."

I did. It didn't take long to find what looks like a serious privacy issue.

The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well.

But, the source image used to collect that data is written to disk without encryption and not deleted correctly.

For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them.

For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them.

This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary.

From a GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach.

YouTube Video.

Source: Paul Moore(Security Consultant) X/Twitter, 2.

Solid-state batteries might not be cheaper at first. But once economies of scale from mass production efficiencies kick in, they will be.

One thing that goes under-appreciated about EVs is that even though they are winning today against gas-cars on reliability and cheapness, they still have years of improvements and cost reductions ahead. By the 2030s, they will be vastly cheaper & better than fossil fuel cars.

China is already making decent cars in the $10-15k price range; this battery tech will make that even easier. It's also making these cars with good Level 3 self-driving tech. There is a vast unserved market in the Global South (& huge chunks of the Western world) for cars like this.

The standard global car of the 2030s will be Chinese-made, an EV, self-driving & cost about $10,000. Anyone who still thinks gas cars have a future in this world is a dinosaur who can't see that asteroid streaking through the sky & about to hit them.

Solid-state EV batteries are coming sooner than expected after another breakthrough

From Lilies Blooming in 100 Days, an Twitter challenge of 1 yuri every day. Another entry with what looks like the same characters:

Donald Trump’s racist immigration forces deported over 440,000 people in the US fiscal year for 2025. His jackbooted Immigration and Customs Enforcement (ICE) agents have been terrorising American cities — and even killing US citizens — virtually since he came back to power in 2025.

US outlet Axios reported:

The top U.S. immigration enforcement agency deported 442,637 people between October 2024 and September 2025, according to newly-released statistics.

Adding:

The top-line figure is about 171,000 people more than the fiscal year before, but far short of Trump’s campaign promise to deport one million people a year.

Clearly Trump’s racist immigration regime is not hitting its grotesque targets:

The figure is the first official deportation statistic released under the Trump administration and was included in a congressional budget justification report.

Axios reported:

The Office of Homeland Security Statistics hasn’t updated its data since November of 2024. Homeland Security’s much-hyped “self deportation” figure is not included in the report. The agency has claimed in press releases that more than two million have “self-deported” but hasn’t shared regular data.

MAGA sad about Trump’s mere 400k deportations

Meanwhile Trump’s fascistic Make America Great Again (MAGA) allies have said the president has gone soft on deportations. Nigh-on half a million people ejected not enough for them then…

The grim-sounding Mass Deportation Coalition is chief among the complainers. Its leader, Mike Howell, told Axios:

The truth is the first year was not a year of mass deportation

Adding:

A conscious decision was made to go after the worst first, which was, we’ll call it a deviation from the central campaign promise of mass deportations.

A White House spokesperson told the outlet:

Nobody is changing the Administration’s immigration enforcement agenda and the President’s entire team is on the same page when it comes to implementing his policies.

Budgetary changes

And MAGA’s white supremacist weirdos might have more discomfort in store for them. A new report by Homeland Security, which control ICE, says that it has actually asked for less money for the next financial year:

The ICE report shows that the goal for next year is to deport 1 million people. But the agency has asked for less money in fiscal year 2027 than it did in fiscal year 2026.

ICE recently lost its boss after Trump fired nativist horror Kristi Noem and replaced her with another fascist tool, the preposterously named Markwayne Mullin. As the Canary wrote at the time:

Turns out that using a masked secret police to murder and kidnap people to concentration camps makes you unpopular, even in America.

As such, Noem has made a convenient sacrifice to make Trump look like he’s relenting. Meanwhile, nothing will change under Markwayne Mullin, save maybe that ICE will get a little more cautious, a little more covert in their actions.

There is no number of deportations which will sate American fascism’s thirst for human suffering. Trump may be distracted by his failed war against Iran, but sooner or later his Sauron gaze will turn back to the US and his attention will return to the ignoble task of kicking out immigrants left, right and centre. We hope the American people will continue to fight back, as they have in Minnesota and elsewhere.

Featured image via the Canary

By Joe Glenton

From Canary via This RSS Feed.

In a setback for federal efforts to thwart climate litigation, the judge ruled that the suit, which tried to block the state from suing oil companies, was too speculative.

source : https://www.reddit.com/r/lesbianmemes/comments/r9m0td/non_binary_lesbians_rise_up/