Some people say it's really privacy-giving and that you should use it as a privacy alternative. Others say it's alao on the big tech side. What's going on with telegram, really?

cross-posted from: https://hexbear.net/post/7003237

cross-posted from: https://news.abolish.capital/post/12825

Visiting the US as a tourist could soon become significantly more onerous under a new plan being mulled by the Trump administration.

According to a Tuesday report in the New York Times, US Customs and Border Protection (CBP) this week filed a new proposal that would force visitors to submit up to five years' worth of social media posts for inspection before being allowed to enter the country.

In addition to social media history, CPB says it plans to ask prospective tourists to provide them with email addresses they've used over the last decade, as well as "the names, birth dates, places of residence, and birthplaces of parents, spouses, siblings, and children."

The policy would apply even to citizens of countries that have long been US allies, including the UK, Germany, Australia, and Japan, which have long been exempt from visa requirements.

Sophia Cope, a senior staff attorney for the Electronic Frontier Foundation, told the Times that the CBP policy would "exacerbate civil liberties harms."

Cope added that such policies have "not proven effective at finding terrorists and other bad guys" but have instead "chilled the free speech and invaded the privacy of innocent travelers, along with that of their American family, friends and colleagues."

Journalist Bethany Allen, head of China investigations at the Australian Strategic Policy Institute, expressed shock that the US would take such drastic measures to scrutinize the social media posts of tourists.

"Wow," she wrote in a post on X, "even China doesn't do this."

In addition to concerns about civil liberties violations, there are also worries about what the new policy would do to the US tourism industry.

The Times noted in its report that several tourism-dependent businesses last month signed a letter opposing an administration proposal to collect a $250 "visa integrity fee," and one travel industry official told the paper that the CBP's new proposal appears to be "a significant escalation in traveler vetting."

The American tourism industry has already taken a blow during President Donald Trump's second term, even without a policy of forcing tourists to share their social media history.

A report released on Wednesday from Democrats on the Senate's Joint Economic Committee (JEC) found that US businesses that have long depended on tourism from Canada to stay afloat have been getting hit hard, as Canadian tourists stay away in protest of Trump's trade war against their country.

Overall, the report found that "the number of passenger vehicles crossing the US-Canada border declined by nearly 20% compared to the same time period in 2024, with some states seeing declines as large as 27%."

Elizabeth Guerin, owner of New Hampshire-based gift shop Fiddleheads, told the JEC that Canadians used to make up to a quarter of her custom base, but now "I can probably count the number of Canadian visitors on one hand."

Christa Bowdish, owner of the Vermont-based Old Stagecoach Inn, told the JEC that she feared a long-term loss in Canadian customers, even if Trump ended his feud with the nation tomorrow.

"This is long-lasting damage to a relationship and emotional damage takes time to heal," she said. "While people aren’t visiting Vermont, they’ll be finding new places to visit, making new memories, building new family traditions, and we will not recapture all of that."

From Common Dreams via This RSS Feed.

OG title: We need to talk... about the Proton ecosystem

Ecosystem is a trap. It lures you in with the promise of convenience, only to lock you inside a walled garden. Like Google and Apple. They start with a good product, but then force you to use the whole suite to get the full experience. This is dangerous.

Ecosystems are concentrating all of your data and your digital life in the hands of a single entity. An entity that grows so large and powerful that it will start making compromises against your rights only to find more ways to profit or protect their business. The larger the ecosystem, the bigger data harvester it becomes. It becomes a bigger target for hackers and the more products it offers the more data it has to give to the surveillance state.

We know that the big tech does this, because their only moral value is the shareholder value. [4] But when a private company starts quacking like a duck in the steps of the big tech, it should worry us the same way. That company is Proton. The maker of the most renowned privacy products that have always been meant as ethical alternatives to the big tech.

Today, Proton resembles more and more the ecosystems of Google and Apple than it does its noble origins of fighting the big tech. This is a problem. It’s a problem for your privacy and it’s a problem for the whole community. But you probably never of heard of this perspective, because none of this is talked about enough. There is a reason for this.

You see, most content on Proton you’ll find, is coming from sources that are sponsored or affiliated with Proton. And I know how lucrative Proton’s deals are, because Proton even tried to pay me. Of course, I refused their offer, because taking their money would incentivize me not to recommend against Proton products. I am uniquely positioned to give you a nuanced critique of Proton and how to solve this problem.

Some good points to be said. I find the overall argument a bit weak as it is mainly one of user erorr of sorts. Btw THO has some pretty good back log of videos on privacy; check out their stuff on burners phones and anonymizing yourself at a protest.

Are there any open-source tools that allow me to disable telemetry for Adobe, Windows, Microsoft, NVIDIA, AMD, GitHub Desktop, Docker Desktop, VS Code, and other applications? How can I disable telemetry and enhance my overall Windows experience?

cross-posted from: https://lemmy.world/post/40010335

In early September, a woman, nine months pregnant, walked into the emergency obstetrics unit of a Colorado hospital. Though the labor and delivery staff caring for her expected her to have a smooth delivery, her case presented complications almost immediately.

The woman, who was born in central Asia, checked into the hospital with a smart watch on her wrist, said two hospital workers who cared for her during her labor, and whom the Guardian is not identifying to avoid exposing their hospital or patients to retaliation.

The device was not an ordinary smart watch made by Apple or Samsung, but a special type that US Immigration and Custom Enforcement (ICE) had mandated the woman wear at all times, allowing the agency to track her. The device was beeping when she entered the hospital, indicating she needed to charge it, and she worried that if the battery died, ICE agents would think she was trying to disappear, the hospital workers recalled. She told them that, just days earlier, she had been put on a deportation flight to Mexico, but the pilot refused to let her fly because she was so close to giving birth.

The woman’s fear only grew from there, according to the hospital workers. Her delivery wasn’t progressing the way the care team hoped, and she needed a C-section, a procedure that requires doctors to use a cauterizing tool to minimize bleeding. To prevent possible burning and electrocution, patients are instructed to take off all jewelry or metals before the surgery. The mandatory watch had no way to be easily removed, nor was information about whether it would be safe to wear during the procedure readily available. Hospital staff didn’t know how to contact ICE to ask what to do. When hospital staff told the woman they might have to cut the smart watch off, she panicked, the workers said.

Staff eventually did remove the device, and ICE agents did not show up at the hospital during the delivery. The nurses said they do not know what happened to the woman after she left the hospital with her baby.

The woman was one of three pregnant patients wearing a location-tracking smart watch whom these two workers encountered in their ER in the last few months, they said. BI Inc and alternative to detention

The watches are built and operated by BI Inc, a company specializing in monitoring tech that runs the US government’s largest immigrant surveillance operation. The program, Alternative to Detention (ATD), allows select immigrants to await their day in court at home rather than in detention, provided they subscribe to intense monitoring.

When immigrants are enrolled in ATD, they are assigned one or more types of supervision. Some have to wear an ankle monitor, some a smart watch. Some are required to complete regularly scheduled facial recognition scans at their home using a BI Inc app, others are mandated to go into a BI Inc or ICE office for regular in-person check-ins.

The smart watch, officially called the VeriWatch, was introduced two years ago by BI Inc. It was first piloted under the Biden administration and framed as a more discrete alternative to the less digitally equipped ankle monitor, which BI also manufactures and supplies to ICE. As the Guardian previously reported, immigrants wearing the ankle monitors have complained about the stigma that comes with wearing the conspicuous device as well as physical pain caused by the monitors, including electric shocks and cuts from devices that are strapped on too tightly.

Nearly 200,000 people are currently enrolled in the program, and many of them have become increasingly fearful of being considered out of compliance as the Trump administration works to deport immigrants en masse. There have been several cases of people in the program showing up to a mandated, regular in-person check-in with immigration officials, believing they will continue in the ATD program, only to be detained.

All three women encountered by the Colorado hospital staff were reluctant to take their monitors off, fearing that doing so would trigger an alert to ICE or BI Inc, the staff said, even if removing the device was deemed medically necessary.

One of the women went into the ER for a C-section and was diagnosed with preeclampsia, a complication that can cause significant swelling. Staff were worried her smartwatch would cut off her circulation.

“She was in tears about it. She had this deep fear that ICE was going to come to the hospital and take her baby,” one of the staff said. The hospital worker’s shift ended before the patient underwent the C-section. They said they do not know whether the staff who took over the patient’s case convinced her to cut off the watch.

The confusion and fear surrounding the wrist monitor caused delays in the hospital’s ability to provide adequate and necessary care for these women, the workers said, though the patients delivered their babies safely.

“Waiting and trying to figure these things out even when things are not super emergent can cause something emergent to happen,” one of the workers said. “Sometimes in birth, doing a C-section 20 minutes before something bad happens can prevent it.”

The workers pointed out that when they treat patients wearing a monitor issued by the state Department of Corrections, there is a protocol in place to remove it ahead of medical procedures. Trump’s chaotic crackdown

Hospital staff from across the US who spoke to the Guardian say the confusion brought on by monitoring devices is just one of several ways Donald Trump’s immigration crackdown is affecting medical care, and comes as immigrant patients are increasingly fearful of seeking out treatment.

One of the staff at the Colorado hospital said she’s had at leastthree pregnant patients show up for their first-ever prenatal appointment at anytime between 34 and 38 weeks – well into their third trimester and long after pregnant women are recommended to begin going to consistent doctor appointments.

In California, hospital workers have also noticed a drop this year in immigrants not just seeking emergency care but also showing up for regular doctor visits or vaccinations, according to the California Nurses Association president, Sandy Reding.

“Obviously it has a cascading effect,” Reding said. “If you don’t see your doctor regularly then the outcomes are worse and you wait until you have a crisis to go to the ER.”

In Chicago, CommunityHealth, one of the largest volunteer-based health centers in the country, documented an overall drop in visits per patient and patient retention between 2024 and 2025 due to immigration enforcement activity in the city. In June, the organization observed a 30% dip in patients showing up for their appointments and around a 40% drop in patients picking up their medication since Trump took office.

Neither ICE nor BI Inc responded to requests for comment. ICE previously told the Guardian that there is no evidence the ankle monitors have caused physical harm and that the ATD program was effective at increasing court appearance rates among immigrants facing removal. skip past newsletter promotion

after newsletter promotion Vague procedures, concrete problems

The lack of procedure to have ankle or wrist monitors removed in medical emergencies has affected more than just pregnant women. In one July 2025 case, ICE responded to a man’s request to remove his ankle monitor because of a medical issue by detaining him, according to a court petition filed on his behalf by immigrant rights group Amica, which the Guardian reviewed.

The man came to the US from Bangladesh to seek political asylum, and was told he had to wear an ankle monitor while his claim was pending. Suffering from nerve damage in one leg, he obtained a note from a medical clinic requesting the monitor be removed. His lawyer sent the note to the ICE officer on the case but never heard back. During his first check-in at the BI offices, the man brought the medical note to the BI Inc employee assigned to the case, who suggested the man might be able to move the ankle monitor to his other leg. But after the man’s lawyer called ICE to inquire about moving the ankle monitor, the BI case manager informed the man that ICE officers were coming to the BI office to speak with him. They arrested and detained the man, according to the petition.

“He explained that he was just asking for the ankle monitor to be put on the other leg, and the officer told him it was ‘too late’,” the petition reads.

In 2009, ICE discontinued the use of ankle monitors for pregnant women and people whose medical conditions made it “inappropriate” to wear them. But former BI Inc staff as well as immigrants rights groups Amica and American Friends Services Committee said they are concerned that these exceptions are not always enforced. That exception also doesn’t apply to smart watches, a June 2025 ICE memo shows.

The ICE memo instructs agency staffers to put ankle monitors on anyone enrolled in ATD. Dawnisha M Helland, an ICE acting assistant director in the management of non-detained immigrants, wrote that the only group who would not be given ankle monitors were pregnant women. Instead, pregnant women in ATD would wear the smart watch.

Though it resembles a typical consumer smart watch, the VeriWatch is not less restrictive than the ankle monitor. Like the ankle monitor, the wrist watch can’t be removed by the person wearing it. ICE had the option of using a removable version of the watch, according to a 2023 request for information DHS published. The agency chose a different direction; it currently only uses a watch that cannot be removed except by an ICE or authorized BI agent, according to two former DHS officials and two former BI employees.

Immigrants in the program are not told what to do with their ankle or wrist monitors in case of medical emergencies, and BI staff were not authorized to approve the removal of the monitors without first speaking to ICE, the two former BI Inc. staff recalled.

There’s not always time in emergency cases to wait for approval from ICE to cut off the monitors, the Colorado hospital workers said. One of the Colorado staff said they’re deeply concerned about how this unremovable watch will continue to impact vulnerable pregnant women.

“They’re looking at people who literally can’t speak up, who have no legal resources, who are not American citizens, and are pregnant. They’re asking themselves what they can get away with in terms of violating civil liberties for these patients,” the employee said. “That’s the true pilot program: How far can they overreach?” Internal alarm

Healthcare workers are not the only ones sounding the alarm over surveillance’s interference with medical care. Two former Department of Homeland Security officials told the Guardian that the lack of protocols for immigrants surveilled under ATD with exigent medical issues is a symptom of a larger issue with the way BI Inc and ICE run the program. As the Guardian previously reported, immigrants surveilled under ATD and BI Inc employees alike have long complained that the program is highly discretionary. They said that many of the decisions about how, why or how long a given person was mandated to wear an ankle monitor or a smart watch were left to individual case workers.

BI Inc, which started off as a cattle monitoring company, and its parent company the Geo Group, which develops detention centers, private prisons, and rehabilitation facilities, have been given the exclusive DHS contract to operate all aspects of the ATD program since its inception in 2004. That’s despite previous attempts by ICE leadership under Joe Biden’s administration to break the contract up into three parts rather than awarding the entirety of the contract to Geo Group, a company that has served as a landing spot for former ICE and DHS officials.

At its peak, BI Inc monitored approximately 370,000 immigrants under the Biden administration as part of a policy that put every head of household crossing the border on ATD. The tally decreased in 2025 to about 180,000 people, due in part to high costs of putting so many people on ATD, former DHS officials said. As Trump’s second administration supercharged immigration enforcement and greenlit a $150bn surge in funding for ICE, though, Geo Group executives expressed confidence they could reach the same height by the second half of 2025. The goal, the executives have said, is to monitor all 7.5 million people listed on the federal government’s non-detained docket, the list of non-citizens who have not been detained but are subject to removal.

However, the Trump administration has focused on deportation and detention rather than monitoring, and the number of immigrants enrolled in ATD and wearing ankle monitors or other GPS tracking devices has hovered around 180,000, much to the dismay of Geo Group executives.

“Now the count has been fairly stable, which is a little disappointing, obviously,” George Zoley, the GEO Group founder and executive chairman of the board, said during the company’s November earnings call.

ICE awarded another two-year-contract to BI Inc to manage ATD in September. Executives have said they’re pleased that the agency is prioritizing using the company’s more expensive ankle monitors on those immigrants already in ATD rather than the more cost-effective tools like the company’s facial recognition app, Smart Link.

Under the Biden administration, several departments within DHS attempted to address the lack of consistent policy around how ICE should run ATD. In December 2022, DHS hosted 100 non-governmental organizations as well as members of academia and private industry to discuss how to bring more “uniform standards to govern” ATD. That two year effort to draft guidelines in a document, initially titled Non-Detained Management Standards, was ultimately scuttled by ICE and BI, said Scott Shuchart, a former assistant director for regulatory affairs and police at ICE under the Biden administration. Another former DHS official confirmed his account. The draft standards were never made public.

“The program is really structured for the benefit of BI and not for the benefit of the non-citizens who were going to be managed through it,” said Shuchart. “Therefore ERO [ICE’s enforcement and removal arm] was extremely resistant to bring rationalization and consistent policy into it.”

cross-posted from: https://lemmy.world/post/40009551

https://www.404media.co/man-charged-for-wiping-phone-before-cbp-could-search-it/

A man in Atlanta has been arrested and charged for allegedly deleting data from a Google Pixel phone before a member of a secretive Customs and Border Protection (CBP) unit was able to search it, according to court records and social media posts reviewed by 404 Media. The man, Samuel Tunick, is described as a local Atlanta activist in Instagram and other posts discussing the case. The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known. But it is uncommon to see someone charged specifically for wiping a phone, a feature that is easily accessible in some privacy and security-focused devices. 💡 Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co. The indictment says on January 24, Tunick “did knowingly destroy, damage, waste, dispose of, and otherwise take any action to delete the digital contents of a Google Pixel cellular phone, for the purpose of preventing and impairing the Government’s lawful authority to take said property into its custody and control.” The indictment itself was filed in mid-November. Tunick was arrested earlier this month, according to a post on a crowd-funding site and court records. “Samuel Tunick, an Atlanta-based activist, Oberlin graduate, and beloved musician, was arrested by the DHS and FBI yesterday around 6pm EST. Tunick's friends describe him as an approachable, empathetic person who is always finding ways to improve the lives of the people around him,” the site says. Various activists have since shared news of Tunick’s arrest on social media.

The indictment says the phone search was supposed to be performed by a supervisory officer from a CBP Tactical Terrorism Response Team. The American Civil Liberties Union (ACLU) wrote in 2023 these are “highly secretive units deployed at U.S. ports of entry, which target, detain, search, and interrogate innocent travelers.” “These units, which may target travelers on the basis of officer ‘instincts.’ raise the risk that CBP is engaging in unlawful profiling or interfering with the First Amendment-protected activity of travelers,” the ACLU added. The Intercept previously covered the case of a sculptor and installation artist who was detained at San Francisco International Airport and had his phone searched. The report said Gach did not know why, even years later. Court records show authorities have since released Tunick, and that he is restricted from leaving the Northern District of Georgia as the case continues. The prosecutor listed on the docket did not respond to a request for comment. The docket did not list a lawyer representing Tunick.

cross-posted from: https://lemmy.zip/post/54712925

According to the document, the CPB also plans to request numerous additional personal data in the ESTA application. This includes all – including professional – phone numbers and email addresses used in the past five or ten years, names and phone numbers of close family members, as well as their birth dates and places. Biometric data is also included.

It appears that even if you don't have the app installed, it is in Settings > Apps. But there's no option at all, to customise its privacy settings.

Downloading the app also doesn't let you customise its privacy settings. In fact, the app then disappears altogether from the privacy settings! It doesn't even appear anymore in the "Hidden Apps". Removing it again however, shows the app popping up again in the settings.

What's more, it's deliberately erroneously labelled as "Start Screen" when you don't have downloaded it.

Ridiculous. One more reason to go to a Fairphone or something like it.

However, you can edit it... but very cumbersomely, only by going to Settings > Siri > App Access ... and then suddenly, you see the app!

This seems like it's straight up illegal.

Cities: Eugene and Springfield, OR

cross-posted from: https://lemmy.world/post/39835035

Privacy is worth fighting for.

Manyverse is a social networking app with features you would expect: posts, likes, profiles, private messages, etc. But it's not running in the cloud owned by a company, instead, your friends' posts and all your social data live entirely in your phone. This way, even when you're offline, you can scroll, read anything, and even write posts and like content! When your phone is back online, it syncs the latest updates directly with your friends' phones, through a shared local Wi-Fi or on the internet.

We're building this free and open source project as a community effort because we believe in non-commercial, neutral, and fair mobile communication for everyone.

( Android, iOS, Windows, macOS, Linux)

cross-posted from: https://lemmy.world/post/39867783

When seeding a file. Let's say a movie, and all I see are a lot of connections where others try to download that movie. However, they remain at 0% and never download anything.

Almost feels like its something watching, logging connections to everyone connected to that torrent. Just a theory.. No idea. (Privacy conscious)

Maybe someone can shed some light?

SearxNG instances are not working as well these days and I want something more reliable. I will just pay a subscription. Swiss cows is pushing subscriptions and I'm good with paying. Never tried Kagi.

This is something I've been thinking about for a while. I've decided to get a Pixel with GrapheneOS as my next phone and I'm trying to decide the pros and cons of putting a SIM card in it. Convenience vs privacy, public wifi with a VPN vs using phone data, etc.

I can't get a SIM card where I live without ID and I'm looking to reduce being tracked as much as possible. Does anyone else do the same thing?

I was looking for a Google Drive alternative. Its mainly for storing small documents. 10GB is Filen's limit on their free plan. Its more than enough.

But I am concerned about their privacy. Have anyone used it? I am ready to pay for a really good service but if they are giving it for free than I why should I pay if they are private enough?

They also have paid ones but they are an overkill for me. I mainly use offline HDD backups. These are for some quick access files. I don't need an app or anything. Simple web login would be fine.

I want to use PGP in Addy.io so I can at least encrypt the subjects (full encryption strips HTML) before it sends onto my receipt address @customdomain.tld in mailbox.

I also want to encrypt everything received to mailbox (encryption at rest, but not zero knowledge)

I'll won't use the mailbox web app and will use the private key(s) in my mail client.

Should I use one key for both services, or two keys?

I know both services could make a copy before they encrypt with the key, but I'm ok with thst risk. I also know about proton and simple login, but I'm not a fan of proton at this stage.

A followup. I might want others to send an encrypted email to name@customdomain.tld hosted at Addy.io

Should I make an individual public key linked to the email address I give the sender?

Although new to PGP I understand the basics of i, and that a key can have any email address. I'm just not sure what's best practice in this setup.

cross-posted from: https://lemmy.world/post/39947303

cross-posted from: https://lemmy.zip/post/54414754

In order to monitor encrypted communication, investigators will in future, according to the Senate draft and the Änderungen der Abgeordneten, not only be allowed to hack IT systems but also to secretly enter suspects' apartments.

If remote installation of the spyware is technically not possible, paragraph 26 explicitly allows investigators to "secretly enter and search premises" in order to gain access to IT systems. In fact, Berlin is thus legalizing – as Mecklenburg-Western Pomerania did before – state intrusion into private apartments in order to physically install Trojans, for example via USB stick.

cross-posted from: https://hexbear.net/post/6941726

cross-posted from: https://news.abolish.capital/post/11686

Highly invasive spyware from consortium led by a former senior Israeli intelligence official and sanctioned by the US government is still being used to target people in multiple countries, a joint investigation published Thursday revealed.

Inside Story in Greece, Haaretz in Israel, Swiss-based WAV Research Collective, and Amnesty International collaborated on the investigation into Intellexa Consortium, maker of Predator commercial spyware. The "Intellexa Leaks" show that clients in Pakistan—and likely also in other countries—are using Predator to spy on people, including a featured Pakistani human rights lawyer.

“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.

🚨Intellexa Leaks:"Among the most startling findings is evidence that—at the time of the leaked training videos—Intellexa retained the capability to remotely access Predator customer systems, even those physically located on the premises of its govt customers."securitylab.amnesty.org/latest/2025/...

[image or embed]
— Vas Panagiotopoulos (@vaspanagiotopoulos.com) December 3, 2025 at 9:07 PM

Predator works by sending malicious links to a targeted phone or other hardware. When the victim clicks the link, the spyware infects and provide access to the targeted device, including its encrypted instant messages on applications such as Signal and WhatsApp, as well as stored passwords, emails, contact lists, call logs, microphones, audio recordings, and more. The spyware then uploads gleaned data to a Predator back-end server.

The new investigation also revealed that in addition to the aforementioned "one-click" attacks, Intellexa has developed "zero-click" capabilities in which devices are infected via malicious advertising.

In March 2024, the US Treasury Department sanctioned two people and five entities associated with Intellexa for their alleged role "in developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts."

"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the department said at the time.

Those sanctioned include Intellexa, its founder Tal Jonathan Dilian—a former chief commander of the Israel Defense Forces' top-secret Technological Unit—his wife and business partner Sara Aleksandra Fayssal Hamou; and three companies within the Intellexa Consortium based in North Macedonia, Hungary, and Ireland.

In September 2024, Treasury sanctioned five more people and one more entity associated with the Intellexa Consortium, including Felix Bitzios, owner of an Intellexa consortium company accused of selling Predator to an unnamed foreign government, for alleged activities likely posing "a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."

The Intellexa Leaks reveal that new consortium employees were trained using a video demonstrating Predator capabilities on live clients. raising serious questions regarding clients' understanding of or consent to such access.

"The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs—allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes," said van Bergen.

"If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware," he added.

Dilian, Hamou, Bitzios, and Giannis Lavranos—whose company Krikel purchased Predator spyware—are currently on trial in Greece for allegedly violating the privacy of Greek journalist Thanasis Koukakis and Artemis Seaford, a Greek-American woman who worked for tech giant Meta. Dilian denies any wrongdoing or involvement in the case.

Earlier this week, former Intellexa pre-sale engineer Panagiotis Koutsios testified about traveling to countries including Colombia, Kazakhstan, Kenya, Mexico, Mongolia, the United Kingdom, and Uzbekistan, where he pitched Predator to public, intelligence, and state security agencies.

The new joint investigation follows Amnesty International's "Predator Files," a 2023 report detailing "how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance is being sold and transferred around the world with impunity."

The Predator case has drawn comparisons with Pegasus, the zero-click spyware made by the Israeli firm NSO Group that has been used by governments, spy agencies, and others to invade the privacy of targeted world leaders, political opponents, dissidents, journalists, and others.

From Common Dreams via This RSS Feed.

Archive link in case anyone hits a paywall.

This article is from September, but it is good, and in light of other recent efforts by the Indian government at mass surveillance of their population, I think it is worth a read.

A system like Aadhaar is a great way for governments to sneak in a platform of surveillance and control under the guise of welfare and could serve as a model for other governments seeking to supercharge their own surveillance efforts.

Mullvad VPN - AND THEN? A film about Chat Control and mass surveillance

Cross posted from: https://feddit.uk/post/40600495

After a years-long battle, the European Commission’s “Chat Control” plan, which would mandate mass scanning and other encryption-breaking measures, at last codifies agreement on a position within the Council of the EU, representing EU States. The good news is that the most controversial part, the forced requirement to scan encrypted messages, is out. The bad news is there’s more to it than that.

Chat Control has gone through several iterations since it was first introduced, with the EU Parliament backing a position that protects fundamental rights, while the Council of the EU spent many months pursuing an intrusive law-enforcement-focused approach. Many proposals earlier this year required the scanning and detection of illicit content on all services, including private messaging apps such as WhatsApp and Signal. This requirement would fundamentally break end-to-end encryption.

Thanks to the tireless efforts of digital rights groups, including European Digital Rights (EDRi), we won a significant improvement: the Council agreed on its position, which removed the requirement that forces providers to scan messages on their services. It also comes with strong language to protect encryption, which is good news for users.

Continue reading here - https://www.eff.org/deeplinks/2025/12/after-years-controversy-eus-chat-control-nears-its-final-hurdle-what-know

cross-posted from: https://lemmy.zip/post/54387905

India's government is reviewing a telecom industry proposal to force smartphone firms to enable satellite location tracking that is always activated for better surveillance

Privacy stalwart Nicholas Merrill spent a decade fighting an FBI surveillance order. Now he wants to sell you phone service—without knowing almost anything about you.

Nicholas Merrill has spent his career fighting government surveillance. But he would really rather you didn’t call what he’s selling now a “burner phone.”

Yes, he dreams of a future where anyone in the US can get a working smartphone—complete with cellular coverage and data—without revealing their identity, even to the phone company. But to call such anonymous phones “burners” suggests that they’re for something illegal, shady, or at least subversive. The term calls to mind drug dealers or deep-throat confidential sources in parking garages.

With his new startup, Merrill says he instead wants to offer cellular service for your existing phone that makes near-total mobile privacy the permanent, boring default of daily life in the US. “We're not looking to cater to people doing bad things,” says Merrill. “We're trying to help people feel more comfortable living their normal lives, where they're not doing anything wrong, and not feel watched and exploited by giant surveillance and data mining operations. I think it’s not controversial to say the vast majority of people want that.”

That’s the thinking behind Phreeli, the phone carrier startup Merrill launched today, designed to be the most privacy-focused cellular provider available to Americans. Phreeli, as in, “speak freely,” aims to give its user a different sort of privacy from the kind that can be had with end-to-end encrypted texting and calling tools like Signal or WhatsApp. Those apps hide the content of conversations, or even, in Signal’s case, metadata like the identities of who is talking to whom. Phreeli instead wants to offer actual anonymity. It can’t help government agencies or data brokers obtain users’ identifying information because it has almost none to share. The only piece of information the company records about its users when they sign up for a Phreeli phone number is, in fact, a mere ZIP code. That’s the minimum personal data Merrill has determined his company is legally required to keep about its customers for tax purposes.

By asking users for almost no identifiable information, Merrill wants to protect them from one of the most intractable privacy problems in modern technology: Despite whatever surveillance-resistant communications apps you might use, phone carriers will always know which of their customers’ phones are connecting to which cell towers and when. Carriers have frequently handed that information over to data brokers willing to pay for it—or any FBI or ICE agent that demands it with a court order

Merrill has some firsthand experience with those demands. Starting in 2004, he fought a landmark, decade-plus legal battle against the FBI and the Department of Justice. As the owner of an internet service provider in the post-9/11 era, Merrill had received a secret order from the bureau to hand over data on a particular user—and he refused. After that, he spent another 15 years building and managing the Calyx Institute, a nonprofit that offers privacy tools like a snooping-resistant version of Android and a free VPN that collects no logs of its users’ activities. “Nick is somebody who is extremely principled and willing to take a stand for his principles,” says Cindy Cohn, who as executive director of the Electronic Frontier Foundation has led the group’s own decades-long fight against government surveillance. “He's careful and thoughtful, but also, at a certain level, kind of fearless.”

Nicholas Merrill with a copy of the National Security Letter he received from the FBI in 2004, ordering him to give up data on one of his customers. He refused, fought a decade-plus court battle—and won.

More recently, Merrill began to realize he had a chance to achieve a win against surveillance at a more fundamental level: by becoming the phone company. “I started to realize that if I controlled the mobile provider, there would be even more opportunities to create privacy for people,” Merrill says. “If we were able to set up our own network of cell towers globally, we can set the privacy policies of what those towers see and collect.”

Building or buying cell towers across the US for billions of dollars, of course, was not within the budget of Merrill’s dozen-person startup. So he’s created the next best thing: a so-called mobile virtual network operator, or MVNO, a kind of virtual phone carrier that pays one of the big, established ones—in Phreeli’s case, T-Mobile—to use its infrastructure.

The result is something like a cellular prophylactic. The towers are T-Mobile’s, but the contracts with users—and the decisions about what private data to require from them—are Phreeli’s. “You can't control the towers. But what can you do?” he says. “You can separate the personally identifiable information of a person from their activities on the phone system.”

Signing up a customer for phone service without knowing their name is, surprisingly, legal in all 50 states, Merrill says. Anonymously accepting money from users—with payment options other than envelopes of cash—presents more technical challenges. To that end, Phreeli has implemented a new encryption system it calls Double-Blind Armadillo, based on cutting-edge cryptographic protocols known as zero-knowledge proofs. Through a kind of mathematical sleight of hand, those crypto functions are capable of tasks like confirming that a certain phone has had its monthly service paid for, but without keeping any record that links a specific credit card number to that phone. Phreeli users can also pay their bills (or rather, prepay them, since Phreeli has no way to track down anonymous users who owe them money) with tough-to-trace cryptocurrency like Zcash or Monero.

Phreeli users can, however, choose to set their own dials for secrecy versus convenience. If they offer an email address at signup, they can more easily recover their account if their phone is lost. To get a SIM card, they can give their mailing address—which Merrill says Phreeli will promptly delete after the SIM ships—or they can download the digital equivalent known as an eSIM, even, if they choose, from a site Phreeli will host on the Tor anonymity network.

Phreeli’s “armadillo” analogy—the animal also serves as the mascot in its logo—is meant to capture this sliding scale of privacy that Phreeli offers its users: Armadillos always have a layer of armor, but they can choose whether to expose their vulnerable underbelly or curl into a fully protected ball.

Even if users choose the less paranoid side of that spectrum of options, Merrill argues, his company will still be significantly less surveillance-friendly than existing phone companies, which have long represented one of the weakest links in the tech world’s privacy protections. All major US cellular carriers comply, for instance, with law enforcement surveillance orders like “tower dumps” that hand over data to the government on every phone that connected to a particular cell tower during a certain time. They’ve also happily, repeatedly handed over your data to corporate interests: Last year the Federal Communications Commission fined AT&T, Verizon, and T-Mobile nearly $200 million for selling users’ personal information, including their locations, to data brokers. (AT&T’s fine was later overturned by an appeals court ruling intended to limit the FCC’s enforcement powers.) Many data brokers in turn sell the information to federal agencies, including ICE and other parts of the DHS, offering an all-too-easy end run around restrictions on those agencies’ domestic spying.

Phreeli doesn’t promise to be a surveillance panacea. Even if your cellular carrier isn’t tying your movements to your identity, the operating system of whatever phone you sign up with might be. Even your mobile apps can track you.

But for a startup seeking to be the country’s most privacy-focused mobile carrier, the bar is low. “The goal of this phone company I'm starting is to be more private than the three biggest phone carriers in the US. That’s the promise we’re going to massively overdeliver on,” says Merrill. “I don’t think there’s any way we can mess that up.”

Merrill’s not-entirely-voluntary decision to spend the last 20-plus years as a privacy diehard began with three pages of paper that arrived at his office on a February day in New York in 2004. An FBI agent knocked on the door of his small internet service provider firm called Calyx, headquartered in a warehouse space a block from the Holland Tunnel in Manhattan. When Merrill answered, he found an older man with parted white hair, dressed in a trench coat like a comic book G-man, who handed him an envelope.

Merrill opened it and read the letter while the agent waited. The first and second paragraphs told him he was hereby ordered to hand over virtually all information he possessed for one of his customers, identified by their email address, explaining that this demand was authorized by a law he’d later learn was part of the Patriot Act. The third paragraph informed him he couldn’t tell anyone he’d even received this letter—a gag order.

Then the agent departed without answering any of Merrill’s questions. He was left to decide what to do, entirely alone.

Merrill was struck immediately by the fact that the letter had no signature from a judge. He had in fact been handed a so-called National Security Letter, or NSL, a rarely seen and highly controversial tool of the Bush administration that allowed the FBI to demand information without a warrant, so long as it was related to “national security.”

Calyx’s actual business, since he’d first launched the company in the early ’90s with a bank of modems in the nonfunctional fireplace of a New York apartment, had evolved into hosting the websites of big corporate customers like Mitsubishi and Ikea. But Merrill used that revenue stream to give pro bono or subsidized web hosting to nonprofit clients he supported like the Marijuana Policy Project and Indymedia—and to offer fast internet connections to a few friends and acquaintances like the one named in this surveillance order.

Merrill has never publicly revealed the identity of the NSL's target, and he declined to share it with WIRED. But he knew this particular customer, and he certainly didn’t strike Merrill as a national security threat. If he were, Merrill thought, why not just get a warrant? The customer would later tell Merrill he had in fact been pressured by the FBI to become an informant—and had refused. The bureau, he told Merrill, had then retaliated by putting him on the no-fly list and pressuring employers not to hire him. (The FBI didn’t respond to WIRED’s request for comment on the case.)

Merrill immediately decided to risk disobeying the gag order—on pain of what consequences, he had no idea—and called his lawyer, who told him to go to the New York affiliate of the American Civil Liberties Union, which happened to be one of Calyx’s web-hosting clients. After a few minutes in a cab, Merrill was talking to a young attorney named Jameel Jaffer in the ACLU’s Financial District office. “I wish I could say that we reassured him with our expertise on the NSL statute, but that's not how it went down,” Jaffer says. “We had never seen one of these before.”

Merrill, meanwhile, knew that every lawyer he showed the letter to might represent another count in his impending prosecution. “I was terrified,” he says. “I kind of assumed someone could just come to my place that night, throw a hood over my head, and drag me away.” Phreeli will use a novel encryption system called DoubleBlind Armadillo—based on cutting edge crypto protocols known as...

Phreeli will use a novel encryption system called Double-Blind Armadillo—based on cutting edge crypto protocols known as zero-knowledge proofs—to pull of tricks like accepting credit card payments from customers without keeping any record that ties that payment information to their particular phone.

Despite his fears, Merrill never complied with the FBI’s letter. Instead, he decided to fight its constitutionality in court, with the help of pro bono representation from the ACLU and later the Yale Media Freedom and Information Access Clinic. That fight would last 11 years and entirely commandeer his life.

Merrill and his lawyers argued that the NSL represented an unconstitutional search and a violation of his free-speech rights—and they won. But Congress only amended the NSL statute, leaving the provision about its gag order intact, and the legal battle dragged out for years longer. Even after the NSL was rescinded altogether, Merrill continued to fight for the right to talk about its existence. “This was a time when so many people in his position were essentially cowering under their desks. But he felt an obligation as a citizen to speak out about surveillance powers that he thought had gone too far,” says Jaffer, who represented Merrill for the first six years of that courtroom war. “He impressed me with his courage.”

Battling the FBI took over Merrill’s life to the degree that he eventually shut down his ISP for lack of time or will to run the business and instead took a series of IT jobs. “I felt too much weight on my shoulders,” he says. “I was just constantly on the phone with lawyers, and I was scared all the time.”

By 2010, Merrill had won the right to publicly name himself as the NSL’s recipient. By 2015 he’d beaten the gag order entirely and released the full letter with only the target’s name redacted. But Merrill and the ACLU never got the Supreme Court precedent they wanted from the case. Instead, the Patriot Act itself was amended to reign in NSLs’ unconstitutional powers.

In the meantime, those years of endless bureaucratic legal struggles had left Merrill disillusioned with judicial or even legislative action as a way to protect privacy. Instead, he decided to try a different approach. “The third way to fight surveillance is with technology,” he says. “That was my big realization.”

So, just after Merrill won the legal right to go public with his NSL battle in 2010, he founded the Calyx Institute, a nonprofit that shared a name with his old ISP but was instead focused on building free privacy tools and services. The privacy-focused version of Google’s Android OS it would develop, designed to strip out data-tracking tools and use Signal by default for calls and texts, would eventually have close to 100,000 users. It ran servers for anonymous, encrypted instant messaging over the chat protocol XMPP with around 300,000 users. The institute also offered a VPN service and ran servers that comprised part of the volunteer-based Tor anonymity network, tools that Merrill estimates were used by millions.

As he became a cause célèbre and then a standout activist in the digital privacy world over those years, Merrill says he started to become aware of the growing problem of untrustworthy cellular providers in an increasingly phone-dependent world. He’d sometimes come across anti-surveillance hard-liners determined to avoid giving any personal information to cellular carriers, who bought SIM cards with cash and signed up for prepaid plans with false names. Some even avoided cell service altogether, using phones they connected only to Wi-Fi. “Eventually those people never got invites to any parties,” Merrill says.

All these schemes, he knew, were legal enough. So why not a phone company that only collects minimal personal information—or none—from its normal, non-extremist customers? As early as 2019, he had already consulted with lawyers and incorporated Phreeli as a company. He decided on the for-profit startup route after learning that the 501c3 statute can’t apply to a telecom firm. Only last year, he finally raised $5 million, mostly from one angel investor. (Merrill declined to name the person. Naturally, they value their privacy.)

Building a system that could function like a normal phone company—and accept users’ payments like one—without storing virtually any identifying information on those customers presented a distinct challenge. To solve it, Merrill consulted with Zooko Wilcox, one of the creators of Zcash, perhaps the closest thing in the world to actual anonymous cryptocurrency. The Z in Zcash stands for “zero-knowledge proofs,” a relatively new form of crypto system that has allowed Zcash’s users to prove things (like who has paid whom) while keeping all information (like their identities, or even the amount of payments) fully encrypted.

For Phreeli, Wilcox suggested a related but slightly different system: so-called “zero-knowledge access passes.” Wilcox compares the system to people showing their driver’s license at the door of a club. “You’ve got to give your home address to the bouncer,” Wilcox says incredulously. The magical properties of zero knowledge proofs, he says, would allow you to generate an unforgeable crypto credential that proves you’re over 21 and then show that to the doorman without revealing your name, address, or even your age. “A process that previously required identification gets replaced by something that only requires authorization,” Wilcox says. “See the difference?”

The same trick will now let Phreeli users prove they’ve prepaid their phone bill without connecting their name, address, or any payment information to their phone records—even if they pay with a credit card. The result, Merrill says, will be a user experience for most customers that’s not very different from their existing phone carrier, but with a radically different level of data collection.

As for Wilcox, he’s long been one of that small group of privacy zealots who buys his SIM cards in cash with a fake name. But he hopes Phreeli will offer an easier path—not just for people like him, but for normies too.

“I don't know of anybody who's ever offered this credibly before,” says Wilcox. “Not the usual telecom-strip-mining-your-data phone, not a black-hoodie hacker phone, but a privacy-is-normal phone.”

Even so, enough tech companies have pitched privacy as a feature for their commercial product that jaded consumers may not buy into a for-profit telecom like Phreeli purporting to offer anonymity. But the EFF’s Cohn says that Merrill’s track record shows he’s not just using the fight against surveillance as a marketing gimmick to sell something. “Having watched Nick for a long time, it's all a means to an end for him,” she says. “And the end is privacy for everyone.”

Merrill may not like the implications of describing Phreeli as a cellular carrier where every phone is a burner phone. But there’s little doubt that some of the company’s customers will use its privacy protections for crime—just as with every surveillance-resistant tool, from Signal to Tor to briefcases of cash.

Phreeli won’t, at least, offer a platform for spammers and robocallers, Merrill says. Even without knowing users’ identities, he says the company will block that kind of bad behavior by limiting how many calls and texts users are allowed, and banning users who appear to be gaming the system. “If people think this is going to be a safe haven for abusing the phone network, that’s not going to work,” Merrill says.

But some customers of his phone company will, to Merrill’s regret, do bad things, he says—just as they sometimes used to with pay phones, that anonymous, cash-based phone service that once existed on every block of American cities. “You put a quarter in, you didn’t need to identify yourself, and you could call whoever you wanted,” he reminisces. “And 99.9 percent of the time, people weren't doing bad stuff.” The small minority who were, he argues, didn’t justify the involuntary societal slide into the cellular panopticon we all live in today, where a phone call not tied to freely traded data on the caller’s identity is a rare phenomenon.

“The pendulum has swung so far in favor of total information awareness,” says Merrill, using an intelligence term of the Bush administration whose surveillance order set him on this path 21 years ago. “Things that we used to be able to take for granted have slipped through our fingers.”

“Other phone companies are selling an apartment that comes with no curtains—where the windows are incompatible with curtains,” Merrill says. “We’re trying to say, no, curtains are normal. Privacy is normal.”