If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Discord has a new company handling your face and your government ID, and it is making the same privacy promises that came right before tens of thousands of those documents leaked last fall. The platform began testing Incode, an AI-powered identity verification firm, earlier this month for both ID scans and selfie-based age estimation. That trial runs through July 2026, next to parallel tests of Google Wallet and credit card checks. Discord describes all of it as giving people more ways to prove they are old enough for age-restricted servers, channels, and sensitive content. What it does in real terms is widen the roster of outside companies you have to trust with your most sensitive documents to keep using a service that once asked for nothing more than a username. The ID scan sends your government ID and a selfie straight to Incode, where Discord says “the entire process is fully automated so no human ever sees your ID,” that “everything is permanently deleted once your age is confirmed,” and that “your ID is never linked to your Discord account.” The other option, selfie verification, runs on facial age estimation that Discord says “meets our strict requirements for on-device facial age estimation so your biometric data never leaves your phone.” Discord CTO and co-founder Stanislav Vishnevskiy described Incode as an additional provider for countries that legally require age verification, pointing to a UK law that took effect in July 2025. That law, the Online Safety Act, is the regulatory pressure that has pushed Discord through a rotating cast of verification vendors over the past year, from Persona to k-ID and now Incode. Discord has reached for nearly identical wording before, and it did not prevent anything. Back in April 2025, a company spokesperson said, “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face. For ID verification, the scan of your ID is deleted upon verification.” A July 2025 blog post offered the same reassurance, stating that “the video selfie used for facial age estimation never leaves their device.” Then a third-party vendor got breached in October 2025, and more than 70,000 government IDs spilled out along with names, emails, and other personal data. Those exposed IDs came from age verification appeals. Incode brings its own record to the arrangement. The company settled a class action under Illinois’ Biometric Information Privacy Act in November 2024 for $4 million. The plaintiffs alleged that Incode gathered biometric data, selfies and photo IDs, without the notice or consent the law requires. The settlement covered people in Illinois who uploaded a selfie and photo ID to any application, software, or website an Incode customer operated between November 2018 and August 2024 without first receiving the disclosure BIPA mandates before biometric data can be taken. Discord’s pledge that “everything is permanently deleted once your age is confirmed” also runs straight into Incode’s own published policies. Incode’s privacy policy and biometric data notice say the firm may hold biometric data for up to three years and keep other personal data “as long as necessary for the purpose(s) for which it has been collected and in accordance with applicable laws and regulations,” which is a polite way of saying indefinitely. Incode’s policy also reserves the right to share personal data with service providers, analytics partners, business partners, and legal authorities, so the documents you hand over to clear an age gate can travel well beyond the company you handed them to. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Discord’s New Face-Scan Vendor Comes with a Familiar Promise appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The House voted Monday night to build the machinery of online identity checks into federal law, packaging the mandate inside a bundle of kids online safety bills that cleared the chamber 267-117, with 47 members not voting. It marks the first time any version of the Kids Online Safety Act, known as KOSA, has escaped the lower chamber, and the version that survived carries a structure that pushes platforms to figure out who you are before you can use them. The legislation, called the Kids Internet and Digital Safety Act, or KIDS Act (H.R. 7757), stitches together more than a dozen separate bills, including KOSA, the SCREEN Act, the SAFE BOTs Act, COPPA 2.0, and the SPY Kids Act, plus data broker rules and research initiatives. House leaders rushed it to the floor under suspension of the rules, a fast-track path requiring a two-thirds majority. Committee Chairman Brett Guthrie and ranking Democrat Frank Pallone, who announced their agreement a week earlier, said the bill would “hold Big Tech accountable” and described months of cross-aisle work toward what Guthrie called a “workable compromise.” If you’ve been following our updates, you’ll know the accountability positioning hides the actual design. The bill defines “know” or “knows” to mean “to know or should have known,” and that phrase runs through sections covering platforms, AI chatbots, and gaming services. A company that fails to spot a minor faces legal exposure, which gives every platform a reason to gather more information about everyone who shows up. The text tries to defuse this, stating that nothing in it may be construed “to require the provider of a covered platform to implement an age gating or age verification functionality on the covered platform.” The reassurance collapses on contact. A platform forbidden from ignoring a user’s age, yet liable the moment it “should have known” someone was a minor, has one move left. It starts checking ages, deploying age-estimation tools, demanding ID, or watching behavior closely enough to guess. The law does not order surveillance outright, it engineers the incentive and lets companies build the rest. That is the First Amendment problem dressed as a child-safety provision. Verifying age means verifying identity, and identity checks sit between a person and ordinary protected activity, whether that is reading, watching, posting, or speaking. Adult websites would face explicit age-verification requirements under the package, which functionally means every visitor proves who they are before viewing lawful content. Anonymous and pseudonymous speech, the kind the Supreme Court has shielded for decades, gets harder to find the more platforms lean on identity to limit their liability. The bill tightens how data brokers handle children’s information and updates the Children’s Online Privacy Protection Act to widen its reach. But, to do that, it would require platforms that know a user is a minor to offer controls that limit communications, restrict geolocation sharing, cut compulsive-use features, and let users opt out of personalized recommendation systems, with default settings for minors set to what the bill calls “the most protective level of control with respect to privacy and safety.” These are strong protections on paper and would be good if they applied evenly to all users, but they all depend on the platform identifying minors first, which loops straight back to the same question of how much data gets pulled from users, adult or not, to sort out who the children are. The encryption language carries the same gap. The bill says platform requirements may not override encrypted communications and that companies must comply in ways that “do not compromise the integrity of strong encryption.” That could read as a shield until you notice that regulatory pressure to monitor behavior or flag certain users can hollow out encryption without ever formally banning it. Compliance routes around the protection the text claims to offer. Getting the package across the floor cost the duty of care provision, the piece many child-safety groups and KOSA’s Senate authors consider the heart of the bill. The text now states that nothing in it may be construed to “impose a duty of care on a provider of a covered platform.” Sen. Richard Blumenthal (D-Conn.), a KOSA co-author, wrote that “KOSA without a duty of care isn’t KOSA,” and said last week that the House version is “dead in the Senate.” Sen. Marsha Blackburn (R-Tenn.), the other co-author, agrees the provision was central. Sen. Ted Cruz (R-Texas), who chairs the Senate Commerce Committee, told reporters he stays open to negotiating with the House. That stalemate is the most encouraging thing about this whole fight. The Senate’s standalone KOSA (S.1748) keeps the duty of care, which would legally require platforms to “exercise reasonable care” to prevent broad categories of harm to minors. On the free speech axis, that is the more dangerous of the two bills, not the safer one. A duty of care over vaguely defined harms compels companies to police or re-engineer recommendation algorithms for lawful, constitutionally protected content, under threat of liability so open-ended that the rational corporate response is to over-remove anything that might draw a lawsuit. So neither chamber holds the civil-liberties high ground. The Senate bill compels platforms to suppress protected speech, while the House bill conscripts them into identity verification, and a conference committee tasked with reconciling the two could just as easily graft the worst of each onto a single law as split the difference. The good news for anyone who values either anonymity or free expression is that the two chambers, each representing a different type of civil liberties disaster, do not appear close to agreement. Blumenthal and Blackburn have written off the House version, House Republicans spent four years refusing the Senate’s duty of care over censorship fears, and nothing in the current standoff suggests that gap is about to close. Gridlock, in this case, is the protection the bills themselves do not provide. Guthrie defended the result from the floor. “While no single bill will solve every challenge facing families online, this legislation represents a significant and long-overdue step forward in establishing meaningful safeguards,” he said. “It is an important milestone, not a finish line, in the effort to better protect children online and hold bad actors accountable.” Blackburn is running a separate track in the Senate, negotiating with the White House over a deal that could carry the Senate version of KOSA. Two sources familiar with those talks said the White House told several tech and policy organizations this month that the package might also fold in the House’s version of the App Store Accountability Act, along with language preempting some state laws, which would override the stronger protections states have written into their own books. The agreement still needs Senate approval and President Trump’s signature, neither of which looks imminent. What it offers, if it ever gets there, is a federal blueprint for the same identity-gated internet other countries have spent the past few years assembling, sold under the banner of protecting children and built to make proving who you are the price of going online. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post The House Just Voted for KOSA, a Privacy and Free Speech Disaster appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. A 6-3 decision says geofence warrants, the tool that lets law enforcement vacuum up everyone near a crime scene, trigger the Fourth Amendment. US Police can no longer demand a digital dragnet of everyone’s phone location near a crime scene without answering to the Fourth Amendment. The US Supreme Court ruled 6-3 on Monday that the geofence warrants law enforcement has relied on for years count as a search of the people they catch, even when those people did nothing but carry a phone through the wrong place at the wrong time. We obtained a copy of the ruling for you here. A geofence warrant treats location itself as the suspect. Police draw a virtual fence around a spot and a stretch of time, then force a company like Google to turn over data on every phone that passed through. The method does not begin with a specific person and a trace their movements. It begins with everyone’s movements and goes looking for a person, which is why it gathers bystanders by the thousands. Justice Elena Kagan, writing for the majority, held that the records pulled into these warrants carry a “reasonable expectation of privacy,” even for someone out in public. “An individual has a reasonable expectation of privacy in records about his cell phone’s location, and police intrude on that constitutionally protected interest when they demand the information – even though for only a limited time, and from a third-party tech company,” Kagan wrote. The majority refused to treat the everyday act of using a phone as permission to hand your life to the government. A cell-phone user, Kagan wrote, “is not to be viewed as sharing private information with third parties – which then can be freely passed on to the government – just by doing the ordinary things cell-phone users do.” The opinion ran through the apps that pull location all day, the maps app that wants to route you home, the rideshare app that keeps tracking after you’ve climbed out, and a dozen others doing it in the background. The government’s fallback was that two hours of someone’s movements is too thin a slice to deserve protection. The Court rejected the notion that privacy only switches on once the tracking runs long enough. Justice Sonia Sotomayor wrote that “even short-term monitoring” of a person’s movements can yield “a wealth of detail about [his] familial, political, professional, religious, and sexual associations,” and she listed the stops most people consider nobody’s business, trips to “the psychiatrist, the plastic surgeon, the abortion clinic, the Aids treatment center, the strip club, the criminal defense attorney, (or) the by-the hour motel.” The government also argued that anyone running Location History chose to, that the feature is optional, and so the data it produces is fair game. It leaned on its own figure that “only about one-third of active Google account holders actually opted into the location history service.” The majority called that argument “meritless” and spelled out why in terms anyone who has set up a phone will recognize. “That argument ignores how and why Google users turn on location history: Google repeatedly prompts users to turn on the service, often warning that devices will not “work correctly” otherwise, while not disclosing in that prompt how frequently users’ location information would be recorded, how precise it would be, or how it might be given to the government,” the judges wrote. The case behind the ruling, Chatrie v US, grew out of an armed robbery at a credit union in Midlothian, Virginia, where the robber left with $195,000. Investigators ran out of leads and turned to a geofence warrant aimed at Google. Their eventual suspect, Okello Chatrie, had switched on Google’s optional location history, which logged his position every couple of minutes and placed him near the credit union around the time of the robbery. He later pleaded guilty and was sentenced to 12 years. Chatrie’s lawyers had argued the search was far too broad and breached his Fourth Amendment shield against “unreasonable search and seizure.” The Court agreed that a search happened. It left the harder question, whether this particular search was reasonable, to the lower court, which now has to decide whether the “search was reasonable, meaning that each of its steps was properly described with particularity and found to be supported by probable cause.” Officers never have to name a target. They just define a place and a window of time, and Google produces everyone who was inside it. That one-third of accountholders still came to more than 500 million people, by the count Chatrie’s lawyers gave the court. Google itself admitted that geofence searches “often run a high risk of sweeping in innocent users–sometimes thousands of them,” reaching into private homes, apartment buildings, government buildings, hotels, places of worship, and busy roads that police had no cause to search. This is the first time the Supreme Court has taken up the scope of the Fourth Amendment in the digital age since 2018, when a 5-4 majority in Carpenter v United States held that the government generally needs a warrant to obtain a person’s cellphone location history. Monday’s decision carries that logic from a single tracked suspect to the whole crowd a geofence pulls in. The ruling lands on a procedure that no longer exists. Google changed how location history works in July 2025. It now stores that data on users’ own devices instead of its own servers and says it can no longer answer geofence warrants for it. The exact procedure the Court just ruled on is one Google has already abandoned but the principle the justices set down outlasts it, though, and it reaches whatever location database law enforcement turns to next. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Supreme Court Rules 6-3 That Geofence Warrants Trigger Fourth Amendment Protections appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Sony plans to wipe 551 movies and TV shows from the PlayStation Store libraries of customers who paid full price for them. The deletion is coming on September 1 and so far the company has said nothing about giving anyone their money back. The titles all come from StudioCanal, the distributor behind Terminator 2, Total Recall, Rambo: First Blood, The Deer Hunter, Bridget Jones’s Diary, From Dusk Till Dawn, and Cliffhanger. Anyone who hit “buy” on one of them will open their library that morning and find a hole where it used to be. PlayStation’s notice states it without apology: “You will no longer be able to access your previously purchased content from Studio Canal, and it will be removed from your video library.” The justification Sony offers runs to six words, “due to our content licensing agreements.” A licensing deal between Sony and StudioCanal expired or shifted, and the people who paid are the ones losing their films over it. None of them signed that contract and none gets a vote in it. X user somatyk surfaced the news on June 25, posting the notification they’d received. The message signed off with, “Click here for a full list of affected titles that will no longer be supported. Thank you.” Sony has since reproduced the same warning, and the full roster of 551 titles, on the PlayStation website. Nobody rented these movies. The store put a “buy” button next to them, charged the purchase price, and dropped them into a library it called yours. Sony can empty that library the moment a contract somewhere upstream changes, and the terms of service you scrolled past on first boot already say you agreed to this. If the movie case feels abstract, the games industry just made the same point with its biggest release in over a decade. GTA 6 arrives November 19, and the boxed copy you can buy at Walmart or GameStop contains no disc. Take-Two confirmed it in a press release: “The physical version of Grand Theft Auto VI, containing a download code inside the box, will be available starting November 12, 2026 to support pre-loading.” You pay $80 for a cardboard sleeve wrapped around a download code that locks the game to your account. You cannot lend it, resell it, or install it offline. Do you want an actual disc that lives on your shelf and answers to no server? There isn’t one, and if a real physical edition ever ships, you’ll buy the game a second time to get it. Asked earlier whether Rockstar might hold physical copies back to stop leaks, Take-Two CEO Strauss Zelnick had said, “That’s not the plan.” The plan, it turns out, was to keep the box and throw away the disc. Killing the disc also ends the secondhand market and lending, and it hands the publisher control over access that a physical object never gave them. Ownership is being pulled back to the center, into accounts and servers a handful of companies control, and the words on the storefront haven’t caught up. The word “buy” might still sit on the button, but the definition of what that means keeps getting thinner. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Sony Deletes 551 StudioCanal Movies PlayStation Owners Paid For appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Australia has spent six months running the world’s first big experiment in keeping teenagers off social media. The results are now in and the results are that teenagers are still on social media. Pretty much all of them. So naturally, the government has looked at this comprehensive, undeniable, slightly embarrassing failure and decided that the correct response is to do exactly the same thing again, except angrier and with bigger fines. A study in the British Medical Journal followed 408 teenagers and found that 85% of Australians aged 12 to 15 were still merrily logging on three months after the ban supposedly cut them off from the world. The New York Times took a look and concluded that “six months in, most indications are that the law has largely failed at keeping young teens off the platforms.” One parent, asked how the great crackdown was going in their household, offered the immortal line “I don’t know a single person who’s lost an account.” The methods teenagers use to defeat this multimillion-dollar age-verification apparatus are the fun part. Some of them draw mustaches on their faces. A nation’s flagship child-protection technology, the thing other governments are flying in to study, can be undone by a child with a marker. The rest just borrow an account from mom, or an older brother, or anyone in the house who has technically aged past the algorithm’s wild guessing. The whole edifice has the structural integrity of a wet paper bag and the teenagers worked that out in roughly a day. You would think a government confronted with this would feel a flicker of doubt. You would be wrong. Prime Minister Anthony Albanese stepped up on Saturday and announced that the maximum fine for tech firms would double from A$49.5 million to A$99 million (around 68 million USD) because clearly the problem with an impossible law is that the threats attached to it weren’t scary enough. “It’s clear Big Tech are not doing enough to comply with the law – there are still too many children on social media,” he said, with the wounded confidence of a man who has never once considered that the law itself might be the issue. “These changes reflect the seriousness with which we take any failure by social media companies to comply.” Here sits a real expansion of state power and the mustache jokes have done a fine job of keeping anyone from looking at it. The government wants to strengthen the information-gathering reach of its internet regulator, the eSafety Commissioner. Communications Minister Anika Wells delivered the obligatory villain messaging, declaring that “Based on the regular updates I receive from the eSafety Commissioner, it is clear to me that social media platforms are adopting tricks straight out of the big tech playbook and doing the bare minimum to get by.” That’s a tidy story that conveniently skips over who’s building the surveillance plumbing. Because that is what these new powers are. The regulator would be able to compel platforms to hand over documentation proving what they’ve done to keep under-16s out, and the reach stretches past the platforms themselves to third parties, the digital ID companies and the app stores. A law sold to the public as a simple rule about teenagers opening accounts is a government machine that can demand records from every business that so much as glances at the verification process. The five platforms currently under investigation, Meta’s Instagram and Facebook, Google’s YouTube, Snap’s Snapchat, and TikTok, are being squeezed to deploy ever more aggressive age-checking, which means scanning more faces and binding more real identities to more usernames, all to fail at stopping a 13-year-old with a borrowed login. The face-scanning deserves a special prize for pointlessness. The BMJ researchers found two-thirds of underage users sailed through by either declaring themselves over 16 or posting a selfie that the platform cheerfully accepted as over 16. The system doesn’t work. What it does, reliably, every single time, is normalize the idea that you should hand your face to an automated identity scanner before you’re allowed to speak to your friends. Kids beat it by pulling stupid expressions. Adults beat it by simply existing for more than 16 years. And in both cases, the camera still got its data. The verification fails at its job and succeeds wildly at the thing it was never advertised to do, which is harvesting biometric and identity information from the entire population on the way past. The genuinely maddening thing is that a less invasive road existed, and Australia bulldozed straight past it. A government that actually cared about minimizing data collection could have accepted that no system catches every teenager, leaned on lighter measures, and declined to build a face-scanning, identity-linking, document-demanding regime to chase a problem it was never going to solve. Instead, it has done the opposite with real enthusiasm. The fines climb, the regulator’s tentacles extend and the pressure on platforms to gather more personal information rises with every press conference. The government brags that it has already deactivated or restricted more than five million accounts, which it presents as a triumph, and which is really five million identity judgments made by systems no user can see, question, or appeal. Other countries are watching this circus and taking notes, not as a warning but as inspiration. Britain announced this month that it wants restrictions to go even further, dragging gaming and live-streaming platforms into the same net. The thing they’re all so keen to copy does not keep children off social media. The children are demonstrably still there, drawing facial hair and giggling. What it builds with frightening efficiency is permanent infrastructure for identity checks, biometric scans, and behavioral profiling at the front door of every platform you use. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Australia’s Teen Social Media Ban Failed. The Government’s Fix Is to Double the Fines appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.