Reclaim The Net Feed
Reclaim The Net Feed

Reclaim The Net Feed

@reclaimthenetfeed

Full Sixth Circuit Is Asked To Kill Ohio’s Online ID Law
Favicon 
reclaimthenet.org

Full Sixth Circuit Is Asked To Kill Ohio’s Online ID Law

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. NetChoice is asking every judge on the U.S. Court of Appeals for the Sixth Circuit to undo a decision that lets Ohio demand your identity before you open an account online. The group filed its petition for rehearing on July 16, weeks after a divided three-judge panel revived HB33 and became the first federal appeals court in the country to uphold this kind of law. HB33, Ohio’s Social Media Parental Notification Act, bars anyone under 16 from making an account on a long list of websites unless a parent signs off first. Getting that consent means handing over sensitive documents to confirm a user’s age and identity. The requirement reaches well past the platforms lawmakers name, catching blogs and book-recommendation sites in the same net. Those verification checks build new stores of personal data. Sites that never needed your government ID would have to collect it and hold on to it, turning ordinary services into targets for anyone hunting for identities to steal. Ohio calls this child safety. What it manufactures is a fresh cache of records waiting to be breached. The panel split 2-1 on June 18. Judge Eric Clay’s lead opinion leaned on standing, deciding NetChoice could not sue for the free-speech rights of the minors it says the law shuts out. He questioned whether the trade group had children’s interests at heart at all, and called the consent rule “a marginal burden that precisely targets the multi-faceted problem that Ohio has identified: Children’s unsupervised assent to terms and conditions for use of platforms that take advantage of and harm them.” Judge Alice Batchelder agreed the group could not stand in for young users. NetChoice’s interests, she wrote, “vis-a-vis those of minors are not ‘completely consistent,’ ‘closely aligned,’ or even neutral. They are opposed to one another.” Judge Kevin Ritz read the case differently. He warned the consent mandate could work as an “insurmountable barrier to entry for online speech,” and doubted it would deliver what Ohio promised. Parents give consent one time, he noted, after which a child keeps using a site with no further oversight, which left him unconvinced the law would head off the “issues with sleep, anxiety, body dysmorphia, depression, and bullying” the state blamed on these platforms. NetChoice wants the full court to reverse. “The First Amendment’s protections apply to digital speech just as they apply to books, movies, and television. Ohio’s law is unconstitutional, and we are confident the full Sixth Circuit will strike it down,” said Paul Taske, director of the NetChoice Litigation Center. Taske cast the case as a fight over who decides what families can read. “Parenting decisions must be made by parents. The government cannot impose its view of what some parents want on all families across the state,” he said. The debate over parental rights is on top of a data-collection regime that asks adults and children alike to surrender private records for the chance to speak online. The law has lost in court before, like when Judge Algenon Marbley of the Southern District of Ohio blocked it with a temporary restraining order in January 2024, added a preliminary injunction weeks later, then struck it down for good in April 2025, finding it was not tailored narrowly enough to serve the state’s interest in protecting kids. Ohio appealed, and the June ruling erased that win. Laws like it have collapsed elsewhere and federal judges have blocked comparable identity-check mandates in Arkansas, Louisiana, and Georgia, each time on First Amendment grounds. The Sixth Circuit’s decision breaks from that run of losses and hands other states a template for pushing the same demands. Ohio’s new attorney general, Andy Wilson, called the panel ruling “a win for Ohio families.” Whether the full Sixth Circuit agrees, the machinery the law would build stays the same. Age verification does not verify only age. It records who you are, where you are, and what you came to say. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Full Sixth Circuit Is Asked To Kill Ohio’s Online ID Law appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

Wyden Urges Blanche and Rubio to Fight Canada’s Bill C-22 Surveillance Law
Favicon 
reclaimthenet.org

Wyden Urges Blanche and Rubio to Fight Canada’s Bill C-22 Surveillance Law

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Ron Wyden wants the Trump administration to treat one of America’s allies as a counterintelligence threat. The Oregon senator wrote to acting Attorney General Todd Blanche and Secretary of State Marco Rubio, who is doubling as acting national security adviser, on July 16. His warning centers on an invasive surveillance bill moving through Canada’s Parliament that could turn American technology companies into tools for spying on Americans. That bill is C-22, the Lawful Access Act. It would require telecoms, messaging apps, and potentially any digital service operating in Canada to rebuild their systems so that police and the intelligence service CSIS can reach into user data. Providers would also have to keep metadata, the record of who contacted whom, when, and from where, for as long as a year, pulling in millions of people suspected of nothing. Wyden’s alarm runs past Canada’s borders. American law contains no rule stopping US firms from helping a foreign government spy on Americans, even when the target is the president or a senior official. Ottawa could therefore order a company like Apple or Google to hand over data or weaken its own security, in secret, with an American in the crosshairs. Wyden called that gap “a glaring statutory vacuum.” The Lawful Access Act “threatens to weaponize American technology infrastructure by enabling the Canadian government to force U.S. companies to secretly facilitate surveillance of Americans, while systematically undermining the security of their products,” he wrote. Britain already ran the experiment. News broke in February 2025 that the UK had secretly ordered Apple to weaken encrypted iCloud backups. Then-Director of National Intelligence Tulsi Gabbard told Congress that forcing American firms to engineer backdoors violates privacy rights and opens severe holes for hostile hackers to climb through. President Trump and Vice President Vance pressed London to pull back. When Wyden’s staff asked British officials whether their laws could block a demand built to spy on Americans, no assurance came. The senator sketched five ways a foreign government could pry open the vacuum. It could force a company to store an American target’s backups on local servers, where authorities can walk in and seize them. It could demand that end-to-end encryption be switched off for specific targets. It could require a hidden, government-controlled “ghost” key that decrypts protected backups. It could relocate the signing keys that vouch for the authenticity of software updates, leaving them exposed to foreign seizure. It could push government spyware onto a target’s device through a corrupted update from a company the user trusts. The US holds leverage over how this ends. The CLOUD Act lets a foreign country that signs a deal with the Justice Department request data straight from American companies, skipping the mutual legal assistance treaty process that can crawl on for months or years. Only Britain and Australia have signed. Canada is negotiating its first agreement right now. Wyden wants American officials to use that window to lock in “ironclad, explicit prohibitions against these extraterritorial technical and prospective engineering mandates,” and to “take all necessary administrative and regulatory steps to insulate U.S. government officials and the American public from foreign surveillance demands against American firms.” The companies that would have to build all of this have spent months refusing. Google told a House of Commons committee that C-22 would create “surveillance infrastructure” and hand the Public Safety Minister “sweeping powers to issue secret orders.” A weak definition of “systemic vulnerability,” it warned, could let the law “decrease overall user security, by creating backdoors that would break end-to-end encryption and create significant cybersecurity risks, facilitating foreign interference and weakening global user privacy.” The company drew its own line. “Google has never built a backdoor or other mechanism to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is end-to-end encrypted.” Wyden has company in Washington. House Judiciary Chairman Jim Jordan and Foreign Affairs Chairman Brian Mast warned Canada’s public safety minister in May that American firms face a choice between “compromising the security of their entire user base, including US citizens, or risking exclusion from the Canadian market.” Bill C-22 has passed Canada’s House of Commons and awaits the Senate. Public Safety Minister Gary Anandasangaree has accused the tech companies of misreading it. They have read it closely enough to refuse to build what it asks for. A backdoor cut into Apple or Google does not know to stop at the border, and Wyden is wagering that this fear will move an administration that privacy arguments alone would not. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Wyden Urges Blanche and Rubio to Fight Canada’s Bill C-22 Surveillance Law appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

Missouri Age Verification Law Signed by Governor Mike Kehoe
Favicon 
reclaimthenet.org

Missouri Age Verification Law Signed by Governor Mike Kehoe

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Missouri wants to see your ID before you can look at legal content, and it is selling that demand as child protection. Governor Mike Kehoe signed House Bill 1839 on July 9, turning an attorney general rule into hard law and dropping the state deeper into the widening group of governments that treat online anonymity as a loophole to close. We obtained a copy of the bill for you here. The statute goes after websites where more than a third of the content qualifies as “sexual material harmful to minors.” Cross that line and you have to route every visitor through a third-party age check before they reach anything. Social media platforms answer to the same requirement once enough of what they host trips the threshold. The check collects far more than a birthday. A visitor can hand over a government-issued ID, a form of digital identification tied to their legal name, or submit to what the bill calls “a commercially reasonable method that relies on public or private transactional data to verify the age of an individual.” That transactional data, the text spells out, can be pulled from mortgage, education, and employment records. Confirming that someone has cleared 18 now means surfacing where they went to school, who holds their loan, and where they work. Missouri could have asked for a birth year. It chose instead to build a system that welds a person’s real identity to the specific sites they visit, about the most sensitive browsing there is. The law tells the companies running these checks that they cannot keep what they gather. A third party “shall not retain any identifying information of the individual,” the bill reads, and the attorney general can charge $10,000 for every instance a company hangs onto that data. The promise reads well on the page. It also rests on trusting that a verification vendor, sitting on a database of IDs matched to porn habits, never gets breached. Age-check providers have leaked this exact kind of information before, and a no-retention clause cannot un-leak a database that has already spilled. Catherine Hanaway, the state attorney general, enforces the rule and can stack penalties fast. A site faces $10,000 for each day it operates out of compliance, plus an added sum of up to $250,000 if a minor reaches restricted content. Hanaway, who inherited the rule from her predecessor Andrew Bailey, framed the signing as a landmark. “Our office is proud to have promulgated and enforced Missouri’s age-verification rule, which prompted Pornhub to stop operating in Missouri- delivering one of the most significant online child-protection victories in our state’s history. House Bill 1839 builds on that success, and Missouri will continue leading the nation in standing with parents, protecting children, and holding pornography websites accountable,” she said in a statement. Representative Sherri Gallick, who sponsored the bill, leaned on exposure figures. “The average age of first exposure is around 11. Early exposure shapes unrealistic expectations with pornography portraying sometimes violent and degrading sexual behavior. Much of the content is violent and demeaning, especially toward women and children,” Gallick wrote. The bill does carve out news. Bona fide news and public interest content stay exempt, and the text says it cannot be read to touch the work of a news-gathering organization. Internet providers, search engines, and cloud services get their own shield, safe from liability for content they neither create nor control. Aylo, the company that owns Pornhub, shows how compliance plays out. The site cut off Missouri users in December when the rule first landed, then reappeared as the signing drew near, now serving the state an age-verification prompt where it had gone dark. One version of that gate asked visitors to click “I am 18 or older – Enter” or “I am under 18 – Exit,” a reminder that the heaviest verification machinery tends to fall on the ordinary user while the theater of protection stays cheap. The requirements take effect August 28. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Missouri Age Verification Law Signed by Governor Mike Kehoe appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

Heather Herbert Charged Over Ann Widdecombe Bluesky Posts
Favicon 
reclaimthenet.org

Heather Herbert Charged Over Ann Widdecombe Bluesky Posts

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Police Scotland has arrested and charged someone over two posts published online. Heather Herbert, a 50-year-old web developer at the University of Aberdeen, a transgender activist and a former Labour and Scottish Greens candidate, wrote two vile messages on Bluesky about the death of Ann Widdecombe, a British politician and television personality who was found murdered in her home last week. “And some good news for once. I hope it was an extremely painful death,” the first one said. The second went further. “And I hope she was handcuffed to the bed as she screamed in agony.” Wishing an elderly woman a screaming, agonized end is the sort of thing that typically earns you a wide social berth and a lot of quiet unfollowing. Then the police got involved. And un-involved. And then involved again. Police Scotland looked at the posts and decided, in its own words, that “no criminality has been established.” Filed away, done. Then a petition gathered around 3,500 signatures in a matter of days, and the force pulled a handbrake turn. A spokesman confirmed that “following further assessment, additional inquiries are being carried out.” Put plainly, the public shouted and the definition of a crime shuffled over to meet the shouting. A 50-year-old, Herbert, was then arrested and charged, with a report going to the procurator fiscal. The police have not said which offense was supposedly committed. They made the arrest first and will presumably tell everyone the crime later. Herbert, for what it is worth, was unrepentant, dismissing the whole row as “overblown” before the Bluesky account went dark and was suspended. Herbert is clearly not charming company to keep but Britain has a troubling habit of turning vile speech into a police matter. The death that started all this turned out to be far worse than anyone first assumed. Widdecombe, 78, the former Conservative minister turned Reform UK spokeswoman, was found dead at her home in Haytor on Dartmoor with serious injuries. A 28-year-old man from South Yorkshire was arrested, then re-arrested under terrorism law. Counter-terror officers now describe a “brutal” and “targeted attack.” Herbert posted before any of that was known, which spares nothing morally but is legally relevant, because you cannot be prosecuted for gloating over a murder that had not yet been called one. The University of Aberdeen says it is reviewing the posts “as a matter of priority,” that the comments “are entirely the individual’s own,” and that it does not condone “violence or hateful behaviour in any form.” The principal added his own condemnation on top. So a web developer’s repugnant messages have become a workplace disciplinary matter, a police matter and a political-party matter all at once. Three investigations for two sentences. Herbert’s posts are horrible, and horrible speech is exactly the speech that tests whether a country believes in the freedom it advertises. Pleasant opinions have never needed protecting. Scotland has spent years assembling the machinery to police the ugly ones, and that machinery does not politely switch itself off when the target happens to be unsympathetic. Today it points at a gloating activist. Tomorrow it points wherever the next petition tells it to. You are not obliged to like Heather Herbert. You can find the posts repulsive, think a great deal less of the person who wrote them, and still spot the much bigger problem standing behind them. But a police force that works out what is criminal by reading the room is a police force you should never trust with a single one of your own words. Widdecombe deserved better than those posts. Everyone in Scotland deserves better than a speech code enforced by whoever can shout the loudest. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Heather Herbert Charged Over Ann Widdecombe Bluesky Posts appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

Apple Sued Over Hide My Email Flaw That Unmasks Real Addresses
Favicon 
reclaimthenet.org

Apple Sued Over Hide My Email Flaw That Unmasks Real Addresses

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Apple sells Hide My Email as a wall between your inbox and everyone who wants a piece of it. A California customer says that wall was never really standing, and that Apple kept charging for it anyway. Anthony Alvarez filed a proposed class action against Apple this week, accusing the company of taking money for privacy it could not deliver. His complaint lands after reporting that the real address behind any Hide My Email alias can be dug up by almost anyone, through a flaw Apple has sat on for more than a year and still has not closed. We obtained a copy of the lawsuit for you here.  More: The Right Way to Hide Your Email Address The feature works as a buffer. You generate a random alias, hand it to an app or a newsletter, and Apple forwards the mail to your real account while keeping that account out of sight. Sign in with Apple bundles it free. iCloud+ subscribers who pay from $0.99 a month get a broader version for any site they choose. The whole idea is anonymity you can rent. However, Tyler Murphy, co-founder of EasyOptOuts, found a way to trace the real address behind an alias and reported it to Apple in June 2025, replication instructions included. 404 Media, which confirmed the flaw using one of its own aliases, found that in tests with volunteers every Hide My Email address it checked could be unmasked. The publication is holding back the technical specifics because the flaw still works. Murphy went public after a year of waiting for a fix that never came. “Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” he said. Apple acknowledged Murphy’s report a month after he sent it. In March 2026 it told him it had “addressed the reported issue in a recent system change,” though the flaw stayed open. By late May, Apple said a fix was “expected in the coming weeks.” Murphy suggested the company stop minting new aliases until it could actually protect them, and Apple gave no sign of doing so. Murphy has been clear about who a leak endangers. “Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” he said. The customers most likely to need a throwaway alias, the ones hiding from a stalker or an abuser, are exactly the customers a leak wounds first. Alvarez’s complaint turns that risk into a bill. “Apple has known of the problem for over a year, and the flaw remains unfixed to this day—all while Apple continues to profit from Hide My Email and from its promises of privacy,” it reads. Alvarez describes himself as “one of the millions of customers who paid Apple for iCloud+ and relied on Apple’s representations that Hide My Email would keep his personal email address hidden.” Alvarez argues that customers paid for privacy twice over. “Plaintiff and Class Members paid Apple for their privacy—iCloud+ subscribers though the price-premium built into iCloud+ subscription fees, and all Apple customers through the price premium built into Apple products that Apple markets as including enhanced privacy protections and features such as Hide My Email,” the filing states. The complaint stacks up nine causes of action, among them violations of California’s Unfair Competition Law, False Advertising Law, and Consumers Legal Remedies Act, alongside fraud, negligent misrepresentation, breach of contract, breach of implied contract, breach of implied warranty of merchantability, and unjust enrichment. Alvarez wants damages, restitution, a jury trial, and “injunctive relief to ensure Apple ceases its deceptive conduct and either delivers the privacy protection it promised or clearly discloses that it cannot.” He is asking the court to certify four classes covering Apple device owners and iCloud+ subscribers, nationwide and in California, with combined claims the complaint values above $5 million. The suit also argues this fits a habit rather than a one-off. It cites a 2023 finding that Apple’s randomized MAC address feature, another tool sold on privacy, had failed to mask users’ real hardware identifiers for three years. Apple has stayed silent on the lawsuit. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Apple Sued Over Hide My Email Flaw That Unmasks Real Addresses appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.