If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Britain’s Labour government wants image-scanning software on every phone in the country and this last week the government confirmed it will not stop at new devices. It will reach the old ones, the secondhand ones, and the phone a parent wipes before handing it to a child. During a House of Lords exchange, Conservative peer Lord Markham asked whether teenagers would just dodge it by staying on older software. “What assessment has been made of the risk that younger users will simply remain on old operating systems, and of the practical challenges of implementing these measures across different manufacturers?” he asked. Baroness Lloyd of Effra, the technology minister, stretched the plan across nearly every device in use. “It applies to both old and new smartphones and tablets, and we expect tech companies to set up controls so that, if a parent hands down a phone, for example, all they have to do is reset it to enact this operating-level facility,” she said. That commits Apple, Google, and every manufacturer to wiring a scanner into the operating system, then switching it on across phones they sold years ago. To catch one banned photo, the software has to inspect all of them, which posts an automated examiner inside the camera of a device you own outright. The real damage falls on encryption. Reading an image on your phone before the encryption seals it walks around the protection while leaving the padlock looking untouched. Home Secretary Shabana Mahmood tried to drain the alarm out of it. “There is no reporting, no data collection, no monitoring, and no images leaving the device. All adults will be able to switch off the protections if they are over 18,” she said. The promise collapses on its own logic. A scanner that recognizes nude images is a trained model and someone off the device has to keep building it, updating it, and telling it what to flag. The escape hatch is worse. An adult can switch it off only after proving their age to a verification scheme, which means handing over your identity to use a camera you already own. Tyranny aside, mandating all this on old phones runs into a basic problem the minister’s “reset it” line glosses over. A factory reset restores whatever operating system the phone already runs. It does not install a capability that version never shipped with. Getting the scanner onto an old device means getting a newer OS onto it first, and Apple and Google stop pushing operating-system updates to their devices after a handful of years. The minister is describing a switch that, on many of the phones she named, has nothing to switch. The hardware compounds it. On-device nudity detection relies on machine-learning models that lean on the dedicated silicon built into recent phones, and older devices lack the neural processing and memory to run that kind of model without wrecking battery life and speed. That is the reason these features ship on new hardware and skip the old stuff in the first place. The picture gets worse once you leave Apple’s walled garden. Android runs across thousands of models from dozens of manufacturers, plenty of them on forked or abandoned builds that stopped getting security patches years ago, some stripped of Google services entirely. There is no single control the government can reach in and flip across all of them. The teenagers this policy targets also happen to be the group most able to route around it, whether by flashing a community-built version of Android with no scanner, keeping a phone on old software on purpose, or buying a handset that never had the feature. A rule that cannot reach most old phones and can be sidestepped on the ones it does reach is an expensive way for the government to show it does not understand technology. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post UK Even Wants Image Scanners on Millions of Unsupported Devices appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Senator Marsha Blackburn wants video platform Kik to verify the age of everyone who signs up and there is no way to do that without first identifying everyone who signs up. Kik runs on usernames instead of phone numbers, so confirming that a user is over 18 risks attaching that account to a real person. The Tennessee Republican sent the demand to MediaLab CEO Michael Heyward on June 12 and gave the company until June 19 to answer a list of questions about how it screens its users. We obtained a copy of the letter for you here. Blackburn’s letter follows a report from the National Center on Sexual Exploitation, which created a fake test account posing as a 12-year-old girl under the username “Im12BeNice.” The group alleges the account drew sexually explicit messages and nude images from adult strangers “within seconds,” even with Kik’s explicit-content filter switched on. NCOSE Executive Director Haley McNamara said the test “indicates that the platform fails to protect children and remains a ‘predator’s paradise.'” Blackburn’s letter points to recent prosecutions, including a repeat offender sentenced on May 20 to 15 years for sharing child sexual abuse material on Kik, a man who pleaded guilty the same day to forcing a child to produce such material, and a former teacher arrested in March for uploading it. Blackburn accused Kik of running the same script as other platforms, advertising safety while ignoring or enabling abuse. “Children are being abused on your platform, and it appears you are doing little to stop it,” she wrote. If the abuse the report documents is real, a system that ignored an account openly labeled as a child is an issue. The fix Blackburn is reaching for though does something the original problem does not. It forces every adult on Kik to identify themselves in order to keep talking and fits right into Blackburn’s overall agenda. Blackburn’s legislative record is a growing stack of bills that use child safety and copyright protection to build surveillance and censorship tools. Her TRUMP AMERICA AI Act, a 291-page draft introduced in March, would repeal Section 230 entirely, expose platforms and AI developers to open-ended liability for “reasonably foreseeable harms,” and fold KOSA’s age-verification mandates into a single federal framework enforced by the FTC, DOJ, and state attorneys general. Without Section 230’s protections, platforms face lawsuits for hosting user speech and the rational business response is to remove anything that might attract one. She also co-sponsored the Block BEARD Act, which would give federal courts the power to order ISPs, search engines, and potentially VPNs to block entire foreign websites accused of piracy, a site-blocking authority the US government has never held at that scale. The child-safety framing on Kik is one piece of a broader push toward an internet where users carry digital IDs, platforms pre-screen speech to avoid liability, and the government can make websites disappear by court order. Blackburn signs the letter as chairman of the Senate Judiciary subcommittee on Privacy, Technology, and the Law. She is also leading negotiations with the White House over a package that would trade limits on state regulation of artificial intelligence for a set of kids-safety bills, among them her Kids Online Safety Act and a federal age-verification requirement that lawmakers and the technology industry have fought over for years. KOSA aims at general social media, which is exactly the ground the Paxton ruling left unsettled, so the constitutional fight that decision postponed is the one this package would start. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Senator Blackburn Demands Kik Verify the Age of Every User appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Federal subpoenas hit JPMorgan Chase, Bank of America, and Wells Fargo this week, ordering the banks to name every customer they cut off and to say why. The legal fight is about fraud statutes and prosecutorial reach. A blunter question sits underneath it. When a bank shuts your account over your politics, where are you supposed to go? The demands came from the US Attorney’s Office in Washington, D.C., run by Jeanine Pirro. Her prosecutors asked the banks for lists of people who were “debanked” and for the reasons behind shutting them out. Some of the subpoenas reach back more than a year. The investigation tests whether the account closures violated the Financial Institutions Reform, Recovery and Enforcement Act of 1989, a law built to chase bank fraud. Debanking amounts to financial exile. A private institution decides your views, or your line of work, make you a liability, and your access to checking accounts, payroll, and credit can vanish. There’s no hearing, no judge, and often no warning beyond a card that stops working. The power to do this sits with the bank, and the person on the other end rarely gets to argue back. Last August, President Trump signed an executive order telling banking regulators to root out “politicized or unlawful debanking” and to penalize it. The Office of the Comptroller of the Currency later reviewed the nine largest banks and reported it had found early signs of the practice. Pirro’s office went further on its own, opening the criminal probe without waiting for a referral from those regulators. The banks’ defense is the one you’d expect. They say they shut accounts only over legal, regulatory, or financial risk, never over belief. That explanation is convenient and hard to check because the standards live inside the banks and the people affected almost never see them. When the threshold for losing your account is “risk” defined by the institution that benefits from defining it loosely, almost any disfavored customer can be folded in. For the crypto industry, the probe puts a name to a years-old grievance. Digital-asset firms watched their accounts close across 2022 and 2023 and called it “Operation Chokepoint 2.0,” a nod to a 2013 Obama-era program that pushed banks to drop industries the government disliked. The pattern repeats because the method works. You don’t have to outlaw an activity if you can cut off the money that keeps it alive. That is the chilling effect in its purest form. People and businesses learn that the wrong affiliation can cost them a bank account, so they grow careful about what they say, fund, or build. The punishment never needs a courtroom to land, and it teaches everyone watching to keep their heads down. JPMorgan, Bank of America, and Wells Fargo have mostly declined to comment on the subpoenas. JPMorgan has disclosed that it faces “reviews, investigations and legal proceedings” tied to the executive order. The records Pirro wants would show, customer by customer, who the banks decided to drop and why. People shut out of the financial system for their views have spent years being told it never happened. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post DOJ Probes JPMorgan, Bank of America, Over Political Account Closures appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Brussels and a run of European governments, France loud among them, have spent the past few years treating strong encryption as a problem to be solved. The argument behind proposals like Chat Control is that the state needs a way to scan private messages to keep people safe and that it can be trusted to hold that kind of access without abusing it or losing control of it. But France just handed that argument an awkward rebuttal. Tchap, the messenger the French government built for its own civil servants, got breached. France’s National Cybersecurity Agency, ANSSI, detected the compromise on June 7, and DINUM, the digital affairs directorate that runs the platform, blocked the account involved and published an incident notice. The intrusion broke neither the encryption nor the servers. Someone hijacked a legitimate user account, which is all an attacker needs when any one credential is a key to the same building. That detail is the part the backdoor crowd keeps refusing to absorb. The encryption on Tchap did its job. DINUM says private conversations stay end-to-end encrypted even when an account is impersonated and that the attacker could reach only the unencrypted public chat rooms any authenticated user is able to find. Security researchers were quick to note what that reassurance skips over. An attacker wearing a real user’s identity can see whatever that account sees in the moment, private rooms included. A government backdoor is exactly that, an access path bolted on beside working encryption and France just demonstrated it cannot keep one of those paths shut for a single weekend. DINUM has notified CNIL, the French data protection regulator, because personal information may have surfaced in whatever the attacker viewed. The directorate described its handling of the intrusion in a press release. “At this stage, the account originating the malicious requests has been identified. It was immediately blocked to remove the attacker’s persistent access and allow for a thorough analysis of the data they were able to access. The investigation continues, including the study of event logs, to identify the conversations that the attacker was able to access and the nature of the exfiltrated data,” DINUM said. The directorate also pushed responsibility back toward its own users, reminding them where the safe lines were supposed to be. “A message has been sent to all Tchap users reminding them that a public chat room can be found and joined by any user and that its content is not encrypted. In accordance with Tchap’s terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms: such exchanges should be reserved for private chat rooms.” A threat actor using the handle Misère tells a far bigger story. The attacker claims to have reached data tied to roughly 73,000 state agents, 643,000 messages, nearly 60,000 files adding up to about 13.5 gigabytes, hundreds of chat rooms, and around 90 items referencing Diffusion Restreinte, a French restricted-distribution marking, spanning June 2023 through June 2026. “I social engineered a valid account on the education shard (matrix.agent.education.tchap.gouv.fr). Everything below is what that one account could reach, other shards will have more,” they wrote. The attacker also described pulling files at will. “Every file ever shared on Tchap, on any shard, is downloadable without a token,” they added. “The media IDs come from the messages. Once you have a message with a media URL you can pull the file freely regardless of which shard hosts it.” None of those figures have been confirmed. ANSSI and DINUM have said nothing about restricted documents, directory exposure, or any of the volumes the attacker cited, and French security analysts have kept the numbers out of their breach trackers while independent confirmation is missing. Hold that against what Tchap was built to be. DINUM and ANSSI launched it in 2019 as a French-hosted alternative to WhatsApp, Telegram, and Slack, so government communication would not sit on foreign-controlled services. A state that cannot keep one civil-service messenger out of a social-engineering attack is lobbying for a standing ability to read the private messages of hundreds of millions of people and to store whatever it scans somewhere. Every backdoor is a new door and every door is something Misère, or the next handle, gets to try. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post France’s Own Hack Is the Best Argument Against Its War on Encryption appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The White House has asked Keir Starmer’s government to drop the part of its plan that would cut Britain’s under-16s off from social media, a measure that would have swept up roughly 13 million young people. The request arrived in a formal US submission to the UK consultation titled “Growing Up in the Online World,” published by the US Embassy in London. The pushback is narrower than the headline suggests. The administration raised concern about rules that would “impose disproportionate compliance burdens on American companies or that apply to one platform but not similar services.” Where the submission lands hardest is on identity documents. The administration wrote that it would “strongly oppose regulations that require or create conditions that compel platforms to collect government-issued IDs (e.g., driver’s licenses, passports), which create serious privacy and security risks, encourage surveillance systems vulnerable to abuse, and chill freedom of speech.” Forcing someone to hand a passport scan to a website builds the exact surveillance plumbing that gets abused later and Washington said the words “chill freedom of speech” out loud. Credit where it is due. But then the door swings back open. The same document keeps age verification on the table for adult material, backing “narrowly targeted requirements primarily with respect to pornographic and adult commercial content (e.g., online gambling, tobacco sales, alcohol sales), rather than broad social media bans.” It then frames the wider position. “The United States does not categorically oppose age assurance measures, but we urge careful consideration of their scope and implementation,” the submission reads. That means that ultimately the principle of checking your age before you can speak or read online survives. Only the bluntest version of it gets rejected. The administration also threw its weight behind a specific fix, saying it “strongly supports privacy-preserving age assurance technologies.” That phrase points at zero-knowledge proofs, the cryptographic trick that lets a site confirm you clear an age threshold without seeing your birth date or your ID. It sounds like the clean answer but it’s not. A proof that you are over 18 does nothing to stop a site from logging your IP address, fingerprinting your device, or demanding the check again every single day. It does nothing about the data-broker profiles already sitting on most people. The proof shrinks one piece of what you hand over. The checkpoint itself stays bolted to the front door of the open web and you are now showing papers to the doorman to get in. Who decides which content sits behind that door is the question nobody in either government wants pinned down. “Adult content” is the lazy example everyone reaches for. The definitions written into law rarely stop there and the people writing them are the same people who would rather you not see certain things. On usage limits and screen time, Washington pushed parents over the state. The submission “favors parental empowerment,” and spells out the reasoning. “Parents should be able to control their children’s online experiences, not prescribed one-size-fits-all government restrictions,” the White House wrote. That is the right instinct. It also sits awkwardly next to what states already signed into law at home. Here is the part the submission does not mention. While the US warns London about chilling speech, it is already running a pipe of its own. The states have spent two years assembling the exact ID checkpoint the submission tells Britain to avoid. The Supreme Court upheld Texas HB 1181 in June 2025 in Free Speech Coalition v. Paxton, a 6-3 ruling that lets the state force adult sites to verify age before entry, by government ID or a third-party credential. Justice Clarence Thomas wrote for the majority that “adults have no First Amendment right to avoid age verification.” That one line melted decades of precedent and read to every state legislature as a green light. They took it. Nine states had adult-content age-verification laws in effect by the end of 2025, among them Florida, Tennessee, Georgia, Arizona, and Ohio, with more drafting their own. Several reach past pornography. Florida and Arkansas wrote laws pointed at social media itself, sweeping in platforms that host little or no adult material. Utah, Nebraska, and New York passed measures forcing platforms to bar younger users or collect parental consent. California went its own way with an Age-Appropriate Design Code that pushes services toward estimating the age of everyone who shows up. Courts have frozen some of these and let others stand, so the check you hit now depends on which state you log in from and which judge ruled last. A US submission can warn London that ID mandates “chill freedom of speech” while Texas already demands the ID, the Supreme Court has blessed the demand, and the states lining up behind Texas are copying the requirement rather than the caution in the letter to Britain. Whatever Washington tells a foreign government, the direction of travel at home is toward proving who you are before you read. That fight will be loud and it will be fought over commercial categories rather than the thing being lost. The thing being lost is the default that an adult, or a 15-year-old reading the news, can open a site without first proving who they are to a verifier that logs the visit. Washington pushed back on the crudest form of that and then endorsed the polished form. The British government wants the polished form badly. Two governments arguing over the gauge of the fence is not the same as a government deciding there should be no fence. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post US Opposes UK Online ID Mandate as Nine States Expand Age Checks appeared first on Reclaim The Net.