This Post is for Paid Supporters Reclaim your digital freedom. Get the latest on censorship and surveillance, and learn how to fight back. SUBSCRIBE Already a supporter? Sign In. (If you’re already logged in but still seeing this, refresh this page to show the post.) The post Your Phone’s Ads Are Spying for the Government. These Simple Changes Can Help appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Congress is about to stage one of its annual spectacles: reauthorizing Section 702 of the Foreign Intelligence Surveillance Act. Normally, this is an already messy affair, but President Trump has decided to spice things up by suggesting that Republicans attach the SAVE America Act to the must-pass FISA bill. The result is a headache for House Speaker Mike Johnson. “Maybe you put them together, because a lot of people feel very strongly about FISA,” Trump told House Republicans at their retreat last week. That might be the understatement of the year. The Foreign Intelligence Surveillance Act, or FISA, was created to let the US government collect intelligence on foreigners. In theory, it targets only non-US citizens abroad. In reality, it has become a tool for sweeping up Americans’ communications on a massive scale. Section 702, the part now up for reauthorization, allows intelligence agencies to grab emails, texts, and calls from foreign targets and, in doing so, they routinely capture the American side of those conversations. This incidental collection has become anything but incidental. The FBI treats Section 702 data as a domestic treasure trove, conducting millions of warrantless searches of Americans’ communications each year. It effectively bypasses the Fourth Amendment, giving federal agencies legal cover to monitor Americans without warrants, often funneling the information into ordinary criminal investigations. FISA’s original promise of balancing security and privacy has been eroded by decades of routine overreach. GOP leadership had been planning a clean extension, but Trump’s intervention opens the door for a faction of conservatives, led by Rep. Anna Paulina Luna, to insist on a legislative package deal. Luna didn’t vote to reauthorize FISA in 2024, but she and other SAVE supporters are already signaling they will use their leverage to shape the House floor debate. Johnson likely has the votes to pass FISA with bipartisan support, but the rule vote, the procedural step determining how the floor debate proceeds, is the real landmine. Conservatives have yet to announce support, and procedural votes have long been the preferred weapon for those who want leverage without responsibility. On the Senate side, the SAVE Act faces a grim outlook. Senate Majority Leader John Thune has offered no guarantees that SAVE will hitch a ride with FISA, prompting Rep. Chip Roy to call the Senate’s moves “performance theater” and Rep. Keith Self to accuse Thune of “gaslighting the American people,” adding, “This is nothing but a show vote.” If the Senate fails, Luna’s pressure campaign in the House is likely to intensify. FISA watchers should expect procedural obstruction and rhetorical fireworks as SAVE Act advocates push to attach reforms to the surveillance authority before it lapses on April 20. The SAFE Act, sponsored by Senators Mike Lee and Dick Durbin, offers a mix of modest reforms and symbolic gestures. Among the wins: The FBI would need a warrant before reading the content of Americans’ communications collected incidentally. Parallel construction, the sleight-of-hand technique used to hide the original, possibly unconstitutional, source of evidence, is limited. The government must disclose the Section 702 source when using it in court. Data broker loopholes are partially closed, reducing the market for personal location and communications data. Expired surveillance powers under Section 215 of the Patriot Act are explicitly retired. For anyone who has followed US surveillance law, these are small but meaningful improvements. But the SAFE Act still leaves gaping holes. The definition of “electronic communication service providers” remains ambiguous, the FBI can still query databases to see whether Americans are involved without a warrant, and practices like “Abouts collection” are still not explicitly prohibited. Here is where the circus comes in. The Senate is expected to debate the SAVE Act this week, but with Democrats opposed and key Republicans unconvinced, it is expected to fail. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post The FISA Surveillance Tool Is Up for Renewal, and the SAVE Act Is Riding Shotgun appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The EU Parliament voted to extend Chat Control 1.0, but with a significant constraint attached. By 458 votes to 103, MEPs approved extending the regulation until August 2027 while simultaneously passing an amendment that bans untargeted mass scanning of private communications. Any scanning under the extended regime must now be strictly limited to individual users or groups of users where a competent judicial authority has established a link to child sexual abuse. That’s a win on paper. For five years, Chat Control 1.0 has operated as a voluntary surveillance framework, letting platforms scan private messages at scale with no requirement for individual suspicion. The EU Commission’s own implementation report put the false positive rate as high as 20%. Millions of private conversations scanned, one in five flags landing on someone who did nothing wrong. The amendment, tabled by Pirate Party MEP Markéta Gregorová, demands that surveillance be targeted and judicially authorized before it happens. Not after the fact, not algorithmically determined, and approved by a court, applied to a specific suspect. Digital rights campaigner Patrick Breyer called it a turning point. “Today is a sensational victory for the countless citizens who made calls and sent emails to save their digital privacy of correspondence,” he said, adding that “just as with our physical mail, the warrantless screening of our digital communications must remain taboo.” The vote also puts immediate pressure on the institutions that have resisted any such limits. The European Commission and the vast majority of the EU Council have so far rejected any restrictions on untargeted mass scanning outright. Italy is the only Council member that has not opposed constraints. That political resistance doesn’t disappear because Parliament voted though. It moves to the negotiating table. Trilogue negotiations between Parliament, the Commission, and the Council began on March 12, operating under tight time pressure: the current interim regulation expires on April 6. Whatever comes out of those talks could look very different from what Parliament just approved. The Commission’s position hasn’t shifted. The Council’s appetite for targeted-only scanning remains limited. Parliament’s amendment is a mandate, not a guarantee. Chat Control 2.0 continues on its own track. The second trilogue on the permanent regulation was held on February 26. Two more sessions remain, with a third scheduled for May 4 and a fourth, expected to be the final round, on June 29. Adoption is anticipated by July 2026. The current text of 2.0 has dropped mandatory scanning of end-to-end encrypted messages, but retains a requirement that users verify their age before accessing encrypted messaging services. Anonymous encrypted communication, under that framework, ends. The encryption “survives,” but the anonymity doesn’t. The vote was the best outcome from a Parliament session that could easily have gone the other way. But it’s an interim measure, passed under deadline pressure, heading into negotiations with institutions that don’t share its position. Breyer’s framing captures the stakes: this increases pressure on EU governments to bury untargeted mass surveillance for good. Whether that pressure holds through trilogue is the question that matters now. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Chat Control: EU Parliament Blocked One Form of Mass Surveillance, But Is Pushing for Another appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Companies House in the UK briefly turned its own corporate register into a self-service fraud toolkit. A vulnerability in the dashboard of the UK’s official business registry let anyone access other companies’ private records by pressing the back button, no hacking required. Directors’ home addresses, email addresses, and dates of birth were all sitting there, readable and editable by anyone who knew where to look. Companies House is the government body where every limited company must register to legally exist. It holds the official record of who runs Britain’s businesses, including the personal details of every director. When you incorporate a company in the UK, your information goes into this register. There is no opt-out. The timing is what makes this even more interesting. Since November 2025, all directors in the UK have been legally required to verify their identity through GOV.UK One Login to act in their roles, feeding passport scans, biometric data, and government credentials into the same Companies House infrastructure. That’s the system whose dashboard just handed out private director records to anyone pressing the back button. Dan Neidle, founder of Tax Policy Associates, flagged the issue to Companies House on Friday. He was blunt about what the flaw made possible. “People could get enough data about a company and its directors to potentially commit fraud, to pretend to be it,” he told the Press Association. The risk wasn’t just passive exposure. Someone with access could update a company’s registered address to their own, intercepting official correspondence and documents. “If you could file accounts,” Neidle added, “you could do all kinds of damage.” Home addresses and dates of birth are the building blocks of identity fraud. Directors registered this information with Companies House under legal obligation, trusting that the government body safeguarding it had secured it properly. That trust had a back button. Neidle noted the window of exposure matters enormously. “If it was only there for 36 hours, then maybe it’s fine,” he said. “But if it was there for a month or more, it’s very serious.” He pointed to an uncomfortable benchmark: “Security researchers say 15 days is the average time it takes for a vulnerability to be exploited, and this was a particularly easy vulnerability with no hacking required.” Most data breaches require technical sophistication. This one required a browser. Companies House shut down the WebFiling service on Friday evening. A spokesperson said: “We are aware of an issue with our WebFiling service and have closed it while we investigate. We apologise for any inconvenience to our customers.” The agency told affected businesses to file as soon as the service returns, document any error messages with timestamps, and wait for their evidence to be reviewed against missed deadlines. What Companies House has not said is how long the vulnerability existed, how many records were accessed, or whether anyone exploited it before Neidle’s report. This is the system the UK government wants to scale up nationally. Prime Minister Keir Starmer announced a digital ID scheme in September 2025, planning to introduce it by the end of the parliamentary term in 2029. The government is developing two related services: GOV.UK One Login, a unified account system replacing over 190 separate government logins, and a GOV.UK Wallet app for storing government-issued documents like driving licences. Biometric data. Passport scans. Facial recognition. All centralized. All linked. All managed by the same government infrastructure that just exposed director records through a back button. Over time, the digital ID system is expected to serve as a single access point for government services, including benefits, tax records, and official interactions, potentially eliminating the need for physical documents or multiple logins. The convenience pitch is familiar. So is what gets sacrificed for it. The GOV.UK One Login system sitting at the core of this expansion, already has a documented security record. Security tests revealed the system allows bad actors to gain access without detection, and it scored only 21 out of 39 in its Cyber Assessment Framework tests. An internal exercise found the system may already have been compromised without detection and potentially contain malware, core work was outsourced overseas, including to Romania, individuals who raised alarms about data and process failures were allegedly silenced, and the system even lost its official trust framework certification. The government’s response has been to keep spending. The project has been compared to “Post Office Horizon all over again,” a reference to the UK’s most notorious recent IT scandal, in which a flawed computer system sent dozens of innocent postal workers to prison. The government is not learning from its mistakes. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Britain’s Business Registry Left Director Data Wide Open — Yet the Government Is Still Building a National Digital ID appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Meta is quietly dismantling one of its few genuine privacy commitments. Starting May 8, end-to-end encryption for Instagram direct messages disappears, taking with it the one technical guarantee that kept those conversations private from Meta itself. “If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep,” the company said in a help document, framing the loss of message privacy as a data export problem. Collect your things, the walls are coming down. The feature being removed was never universal anyway. End-to-end encryption for Instagram DMs had been available only in certain regions, not enabled by default, since Meta began testing it in 2021 as part of what CEO Mark Zuckerberg called his “privacy-focused vision for social networking.” That vision apparently has an expiration date. Meta also made encrypted DMs available to all adult users in Ukraine and Russia in February 2022, weeks after the Russian invasion began. That access, too, is ending. The timing is revealing. TikTok told the BBC last week that it has no plans to bring end-to-end encryption to its DMs, arguing that privacy makes users less safe. Meta is now arriving at the same destination from a different direction. The stakes are straightforward. End-to-end encryption means only the people in a conversation can read it, a technical lock that excludes the platform, third parties, and anyone who might later obtain a warrant. When that lock disappears, Meta and its employees can read Instagram DMs, law enforcement can subpoena them, and advertisers may eventually benefit from what gets learned. Instagram users who relied on encrypted DMs have until May 8 to decide what to archive. After that, their private conversations are Meta’s to read. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Meta is Ending Instagram Direct Message End-to-End Encryption appeared first on Reclaim The Net.