If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. South Carolina Governor Henry McMaster signed H.B. 4591 on May 19, turning the Stop Harm from Addictive Social Media Act into a law that will reshape how every resident of the state uses major social media platforms. The bill passed with almost no opposition, clearing the House 115-0 and the Senate 42-1. It takes effect January 1, 2027, and it brings with it a surveillance apparatus aimed at all users. We obtained a copy of the bill for you here. The law, sponsored by Rep. Brandon Guffey (R-York), requires covered platforms to repeatedly estimate and verify the age of every South Carolina account holder. The stated goal is child protection. The way it claims to do that is continuous behavioral analysis of anyone who spends enough time on a platform, combined with escalating confidence thresholds and penalties of ten thousand dollars per violation if platforms get it wrong. Here’s how the age estimation system works. Once an account holder hits 25 cumulative hours on a platform within six months (the “first trigger date”), the platform has 14 days to estimate whether that person is over 15, with 80% confidence. At 50 hours (the “second trigger date”), the confidence requirement jumps to 90%. After that, the platform must update its estimate every 100 hours of use, or whenever it runs data analytics on the user for any other reason, whichever comes sooner. That last clause is easy to miss and it means any time a platform runs its profiling algorithms on you for ad targeting, content recommendations, or anything else, it also has to re-evaluate your estimated age. The law essentially piggybacks mandatory age surveillance onto whatever commercial surveillance platforms already conduct, expanding the scope of both. Because platforms face significant liability if they can’t meet these confidence thresholds, the law creates powerful incentives to harvest far more sensitive data about users than they do today, including about minors. A platform that guesses wrong faces $10,000 per violation. A platform that overinvests in behavioral profiling to avoid those fines faces no penalty at all. The incentive structure points in one direction. The bill claims it “does not create any duty on the part of a covered social media platform to request, collect, or retain any information from or about any account holder” and that age estimates must be “derived based on information collected and retained by the covered social media platform in the ordinary course of operation.” This is the bill’s central fiction. Platforms that can’t achieve 80% or 90% confidence from existing data will need to collect more data, or face financial ruin from accumulated violations. The law doesn’t mandate new data collection in the same way that holding a knife to your wallet doesn’t mandate you hand over cash. For users classified as children (under 16), the restrictions are extensive. Accounts require verifiable parental consent, with privacy settings locked to the most restrictive levels by default. Platforms cannot show children profile-based feeds, profile-based advertising, or any “addictive interface features,” a category that includes infinite scrolling, auto-play video, push notifications, and display of personal metrics like reaction counts. The verifiable parental consent requirement will force the collection of sensitive personal information from both minors and their parents. Documents that conclusively establish a user’s age and parental relationship are almost always government-issued identification. The bill demands platforms retain documentation proving they obtained valid consent. So a law sold as protecting children’s data will, in reality, build databases of children’s and parents’ government IDs, held by the same tech companies the bill treats as untrustworthy. If a user disputes being classified as a child, the platform can “rely on any commercially reasonable age verification process to resolve the dispute.” The bill doesn’t define what counts as commercially reasonable. Government ID uploads, facial recognition scans, and financial record checks could all qualify. The user who objects to being profiled as a minor gets to choose which form of identity verification they’d prefer to submit to, not whether they submit at all. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post South Carolina’s New Social Media Law Puts Every User Under Age Surveillance appeared first on Reclaim The Net.

This Post is for Paid Supporters Reclaim your digital freedom. Get the latest on censorship and surveillance, and learn how to fight back. SUBSCRIBE Already a supporter? Sign In. (If you’re already logged in but still seeing this, refresh this page to show the post.) The post When an App Download Turns Into a Government Record appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Angela Merkel used her first major European platform since leaving office to tell the EU exactly what it wanted to hear: keep regulating speech online, and don’t worry too much about getting it wrong. The former German chancellor, speaking Tuesday at the European Parliament in Strasbourg, urged the bloc to “continue regulating the social media” and artificial intelligence. “To believe that responsibility for spreading information is no longer necessary, that accountability – there should be no accountability for lies, then that would undermine democracy,” she told the chamber. Lies. Who decides what counts as a lie? In the EU’s model, that question gets answered by the European Commission, by government-appointed regulators, by “trusted flaggers” that platforms are legally required to obey. Not by courts. Not through anything resembling due process. Merkel knows this system well. Her government built the prototype. Germany’s NetzDG law, passed under her chancellorship in 2017, required platforms to delete “clearly illegal” content within 24 hours or face fines up to €50 million. The people whose speech got censored under it included a satirical magazine, a political street artist, and an opposition party leader. NetzDG became an export product, copied by governments in Russia, Turkey, and across Southeast Asia, each adapting it to their own definition of “illegal.” The EU took the concept continent-wide with the Digital Services Act, which requires major platforms to assess and reduce “systemic risks,” a category broad enough to cover “civic discourse,” “electoral processes,” and “public security.” The Commission writes the rules, decides whether platforms comply, and levies fines of up to 6% of global revenue when they don’t. No independent prosecutor. X is currently challenging the first DSA fine ever imposed, a €120 million penalty from December 2025, arguing the process involved “grave procedural errors” and “systematic breaches of rights of defence and basic due process.” More than 50 European NGOs have warned that the DSA’s vague terms could violate the EU Charter’s own free expression protections. The Commission’s response was to declare the law “content-agnostic” and move on. Merkel acknowledged none of this. She told parliamentarians that “perhaps mistakes will be made, but we learn through mistakes.” That’s cold comfort when the mistakes involve censoring legal speech and silencing political opposition through systems with no judicial oversight and no meaningful appeal. Her remarks came at the inaugural ceremony for the European Order of Merit, where she was honored alongside 19 other laureates, including Lech Wałęsa, Moldovan President Maia Sandu, and Volodymyr Zelenskyy. She framed regulation as essential to democracy. “We’ve had 75 years of European thought,” she said. “Peace, prosperity, and democracy.” Democracy requires that citizens can speak, argue, and be wrong without a regulator deciding which claims are permissible. The EU’s apparatus does the opposite. Merkel said mistakes would be made. She didn’t say who would pay for them. The answer, as always, is the people who get silenced. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Merkel Urges EU to Keep Regulating Social Media Speech appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Ian Cheshire, the government’s pick to run the UK’s speech regulator, appeared before the Science, Innovation and Technology Committee on Wednesday and laid out what amounts to an acceleration plan for online censorship. He pledged to take on the “big tech bros,” branded VPNs as a “technical problem,” identified YouTube as needing a whole new set of regulatory powers, and hinted that Ofcom will ask the Treasury for more funding. Before the hearing, Cheshire had “reached out to the Molly Rose Foundation because I wanted to understand its perspective.” He had “quite deliberately” not met any mainstream tech companies. The Foundation has called Ofcom “slow, defensive and risk-averse” and demanded a new, broader censorship law within the first two years of this Parliament. The companies that might have raised concerns about overreach? Cheshire chose not to hear from them. More: Ofcom and the Fantasy of Global Speech Control On VPNs, he told MPs: “Parliament has chosen to legislate on online safety; therefore, we should be acting on it. That is subject to the joys of VPNs and the other technical problems we have, but there is no reason not to go after the key harms that are there. As soon as they are visible, there is no reason why we cannot to do something about them.” VPNs are legal privacy tools used by millions of people. Calling them “technical problems” tells you how the incoming chair views individual privacy relative to the state’s power to police speech. To a growing number of bureaucrats, privacy tools aren’t part of rights to be protected. They’re obstacles. Ofcom already monitors UK VPN usage using an unnamed third-party tool and a group of peers has proposed banning under-18s from using VPNs entirely. Cheshire told the committee that Ofcom will “need to deal with” the perception that “Ofcom is too timid and not moving fast enough.” The Online Safety Act already lets Ofcom compel platforms to censor content under vague categories of “harm” that the regulator defines. It can fine companies up to 10 percent of global revenue and hold executives personally liable. He singled out YouTube as “the biggest single challenge” and suggested Ofcom may need a “different toolkit” to “regulate effectively something like YouTube.” The OSA’s codes of practice are still being rolled out. Ofcom hasn’t finished writing the existing rules and the incoming chair is already signaling they won’t be enough. Cheshire also endorsed extending prominence legislation to YouTube, using law to push state-funded broadcaster content ahead of whatever YouTube’s audience actually chooses to watch. On funding, he said Ofcom should be “very demanding of itself about whether it really has the resources” and that the Treasury may get a “gentle request” to “raise the cap.” More money means more staff, more surveillance tools, and a larger apparatus for policing speech online. His description of how he’d approach tech companies was pretty blunt: “persuading them that they need to change, and then being able to present a stick if they do not change, because the quickest way to affect millions of people is to get the big platforms to change their behavior.” He sees platforms as levers. Change a platform’s behavior and you reshape the information environment for millions of users at once. The OSA’s categories of “harm” are broad enough to catch journalism, satire, and political speech. Who decides where the line falls? Ofcom. Who reviews the decision before content disappears? Nobody. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Incoming Chief of UK Speech Regulator Takes Aim at VPNs appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Disney is scanning the faces of 75,000 people a day at its Anaheim theme parks and a new $5 million class action lawsuit says the company never bothered to properly tell them. The suit, filed May 15 in federal court by visitor Summer Christine Duffield, targets the facial recognition system Disney rolled out in April at the entrances to Disneyland Park and Disney California Adventure. The technology photographs your face as you walk through the gates, then uses biometric software to convert that image into numerical values and compare them against the photo saved when you first activated your ticket or annual pass. The stated purpose is to speed up reentry and prevent ticket fraud. The unstated consequence is that Disney now operates one of the largest biometric surveillance systems aimed at consumers in the United States, processing the faces of more than 27 million annual visitors across the two parks. We obtained a copy of the complaint for you here. Duffield visited the park on May 10 with her minor children. The complaint accuses Disney of violating California privacy, competition, and consumer protection laws by harvesting guests’ biometric data without adequate disclosure or meaningful consent. The company “does not adequately disclose the use of their biometric collection, so consumers – which almost always include children – have no idea that Disney is collecting this highly sensitive data,” the complaint reads. Disney says the scanning is optional. The reality on the ground tells a different story. By late April, the technology was running in most entrance lanes at both parks, with the Los Angeles Times finding only four lanes that didn’t use it. Some guests told the publication they didn’t realize they could avoid the system before entering the lines. One visitor called it “a little scary” because the opt-out wasn’t clear, while a mother said she felt uneasy when the system was used on her young children. The opt-out signage consists of a silhouette icon with a diagonal line through it posted at select entrances. No verbal notice from staff. No alert through the Disneyland app, which millions of visitors use to plan their trips. No written consent form. Disney built a biometric dragnet and placed the burden of escaping it entirely on the people walking through the gates. Attorney Blake Yagman, representing the proposed class, put it bluntly in the complaint. “Guests should be able to expressly opt in to this type of sensitive facial recognition technology with written consent – the onus of privacy rights should not be on the victim,” he wrote. “Given how sensitive facial recognition data is, explicit written consent should be required to protect the privacy guests at Disney Theme Parks.” The distinction between opt-in and opt-out is the core of this case, and it reveals everything about how Disney thinks about its guests’ biometric data. An opt-in model means the company asks before it scans your face. An opt-out model means the company scans your face unless you notice a small pictogram and find the right lane. Disney chose the model that captures the most data from the most people. Perhaps that’s not an accident. The lawsuit also attacks Disney’s claim that it deletes biometric data within 30 days. Disney’s privacy policy states that numerical values derived from facial scans are deleted within 30 days of creation, “except in cases where data must be maintained for legal or fraud-prevention purposes.” The complaint argues this “simply cannot be true given the biometric information is compared to when guests first bought tickets or annual passes and associated their pictures with those tickets or passes.” Annual passholders visit repeatedly throughout the year. If the system compares your face at the gate against the image stored with your pass, that stored image has to exist somewhere for the comparison to work. Disney’s 30-day deletion claim and its year-round facial matching functionality can’t both be true at the same time. Disneyland spokesperson Jessica Jakary said: “We respect and protect our guests’ personal information and dispute the plaintiff’s claims, which we believe are without merit.” Disney also collects biometric data through other programs at its parks. The company harvests biometric information when visitors use a “Magic Band” wristband and through its “PhotoPass” photography program. The lawsuit argues this data is valuable for building consumer profiles that aggregate details across multiple arms of Disney’s business. A company that knows your face, your location within the park, your purchasing habits, and which rides you visit isn’t just preventing ticket fraud. It’s building a surveillance profile that follows you across every interaction with the Disney ecosystem. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Disney Faces $5M Lawsuit Over Disneyland Facial Recognition appeared first on Reclaim The Net.