If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Google is removing the last technical workaround that kept effective ad blockers alive in Chrome. When Chrome 150 ships on June 30, the browser will delete a hidden setting called the ExtensionManifestV2Disabled flag, a switch that power users had been toggling to keep old-style extensions running after Google officially discontinued them. Without it, uBlock Origin and every other extension built on the old Manifest V2 framework, the set of rules that governed how browser extensions worked for years, will stop functioning permanently. Chrome 151, expected in July, will strip the remaining MV2 flags entirely. No policy override and no hidden setting will bring them back. The company that sells more advertising than any other on Earth now controls whether you can block those ads. And it just decided you can’t, at least not effectively. What Google took away and why it took it The technical change is the replacement of Chrome’s webRequest API with the declarativeNetRequest API. Under the old system, extensions like uBlock Origin could watch your browser’s traffic as it happened, see an ad or tracker trying to load, and block it on the spot before it ever reached your screen. Under the new system, extensions have to hand Google a pre-written list of things to block and Chrome decides whether to follow those instructions. The lists are capped at a fixed number of rules, and the extension can’t react to anything that isn’t already on the list. uBlock Origin’s developer, Raymond Hill, has been clear that a Manifest V3 version cannot replicate the original’s full capabilities. A stripped-down version called uBlock Origin Lite exists for MV3, but it handles only a fraction of the filter lists, the community-maintained databases of known ads and trackers, that the original supported. It also can’t perform cosmetic filtering, the process of hiding ad containers and promotional elements that remain on a page even after the ad itself is blocked. Without it, you get blank boxes where ads used to be, or sponsored content that looks native to the page. For more than 40 million Chrome users who relied on the original, the replacement is a downgrade by design. Google engineer Devlin Cronin confirmed the timeline in a Chromium code review commit, a logged change to Chrome’s underlying source code that other developers can inspect, writing that “MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won’t be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we’ve actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire.” Cronin’s sign-off, that “other browsers can continue supporting these if they so desire,” suggests the removal as a Chrome-specific choice. It isn’t. Google controls 65% of the desktop browser market and the MV2 code being stripped from Chromium, the open-source project that Chrome and many other browsers are built on top of, affects every browser that shares that foundation. Google justifies the migration on security grounds and there’s some substance to the argument. The old webRequest API gives extensions deep access to every network request a browser makes, from images and page loads to login credentials, and the extension sees the data before Chrome acts on it. A compromised or malicious extension with that access can read your passwords as you type them, redirect you to fake websites, or slip harmful code into pages you trust. The declarativeNetRequest API is designed to prevent exactly this kind of attack by restricting extensions to predefined rule sets. Instead of giving an extension free rein over your browser traffic, Chrome only lets it submit a list of instructions in advance and handles the blocking itself. That narrows the ways a bad actor can exploit an extension because the extension never gets to touch your data directly. But Google generated roughly $239.5 billion in advertising revenue in 2025, and content blockers directly reduce the number of ads users see. The MV3 restrictions don’t ban ad blocking entirely. They cap how many rules an extension can use and eliminate dynamic blocking, the ability to recognize and stop new ad formats and trackers as they appear in real time. Ad companies constantly change how they deliver ads, rotating domains and disguising tracking scripts, and the old extensions could keep up with that. The new ones can only block what’s already on a list that was written before the ad loaded. The result is ad blockers that work against yesterday’s ads but struggle against the ones that adapt daily. The same company that built Chrome and sells the ads it displays also wrote the rules governing what ad blockers can do inside it. Whether those incentives shaped MV3’s design is the most obvious question in the room, and Google has never given a convincing answer. Microsoft Edge and Opera, both built on Google’s Chromium engine, are expected to follow suit because the MV2 code being removed is shared across all Chromium-based browsers. Maintaining it independently would require significant engineering resources that most of those browsers are unlikely to commit. Brave, also Chromium-based, supports MV2 but also sidesteps the problem by building its own ad-blocking engine directly into the browser, bypassing the extension framework entirely. Firefox, which runs on its own engine, continues to support Manifest V2 and uBlock Origin without restriction. Mozilla implemented its own version of Manifest V3 but kept the old webRequest API working alongside it, so extensions that need real-time traffic access can still use it. That proves security improvements and effective content blocking can coexist. Google chose not to make them coexist. What you can do For Chrome users who want effective content blocking, the options are leaving Chrome or accepting reduced protection. Firefox supports uBlock Origin in full and shows no signs of changing that. Brave blocks ads natively. Both are free and work well, and switching takes about ten minutes. You can also install uBlock Origin Lite on Chrome and accept that it blocks less, adapts more slowly to new threats and can’t match the original. Or you can do nothing, and Chrome 150 will disable the extension through a routine update and show you a notification that it’s no longer supported. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Google Removes the Final Workaround for Full Ad Blocking in Chrome appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Poland’s Council of Ministers voted this month to approve a bundle of internet laws that, if enacted, would require adult websites to verify the identity of every visitor, speed up the government’s ability to block online content it classifies as “illegal,” and ban mobile phones in primary schools starting in September. Prime Minister Donald Tusk framed the entire package around protecting children. The age-verification bill does away with the self-declaration checkbox. Under the proposed rules, sites would have to confirm a visitor’s age through banks, mobile carriers, credit cards, or a government digital ID wallet. Poland’s mObywatel app, which already stores identity data for around 12 million people, is the most likely tool. Providers who don’t comply face fines ranging from 10,000 to 1 million zloty (roughly $2,700 to $270,000). The government can also order their sites blocked entirely. That blocking power is where the bill stops being about children and starts being about control. It works against sites hosted outside Poland, bypasses Polish courts, and requires no foreign cooperation. Domestic networks get the order and the connection dies. Digital affairs minister Krzysztof Gawkowski told reporters the companion legislation would let “paedophile material, child grooming attempts, fraud and identity theft” be blocked faster “and under full judicial oversight.” Nobody is going to argue with blocking child abuse material. But the bill doesn’t stop at child abuse material. It aligns Polish law with the EU’s Digital Services Act, and the DSA defines “illegal content” to include “illegal hate speech.” The government writes the definition of what qualifies. That gap between the stated purpose and the actual reach of the law is the whole problem. Poland’s own data protection authority, the PUODO, flagged this a year ago. The International Bar Association reported that the PUODO objected because the drafters never defined what “harmful content” means anywhere in the statute. The method for age verification was left to non-binding recommendations that sit outside the legal hierarchy entirely. Rights and obligations can’t be derived from recommendations. When the rule that gets your content deleted was never spelled out in binding law you have no grounds to challenge it. This all follows news that the Polish Sejm voted 419 to 19 on June 11 to criminalize the online publication of content that depicts crime, animal cruelty, or “degrading treatment” of another person. Anyone convicted faces up to three years in prison, rising to five when the content involves a minor. The bill now heads to the Senate, which can delay but not kill it, and then to President Karol Nawrocki’s desk. The law targets patostreaming, a Polish portmanteau of “pathological” and “streaming” that describes broadcasts where hosts do awful things on camera for paying audiences. The English equivalent is “trashstreaming.” The hosts are easy villains, and they gave lawmakers an excuse to pass something much broader than what’s needed to stop them. Two provisions in the bill reach far beyond shock-value livestreamers. The first concerns consent. The ban on distributing content showing “degrading treatment” applies even when the person being filmed agreed to appear. Two adults who consent to record something that a prosecutor later decides was degrading are both criminally exposed. The participants’ own judgment about what their conduct meant is overridden by the state’s judgment. A government prosecutor, not the people actually involved, gets the last word. The second concerns fiction. The same penalties apply to anyone who simulates or stages one of the prohibited acts without actually committing it. That means a performance depicting a crime that nobody carried out can still send its creator to prison. The offense lives in the depiction, not the act. Documentary footage of police violence depicts a crime. Protest video can be called degrading to someone. Satire can be staged. Once you’ve criminalized depictions and tied the trigger to “personal benefit,” which covers ad revenue, donations, or follower growth, you’ve written a law that can reach almost any online video a prosecutor wants to target. The vote itself was remarkable. Donald Tusk’s ruling coalition and the opposition Law and Justice party, bitter enemies on nearly everything, lined up together. The only opposition came from the right-wing Confederation and Confederation of the Polish Crown. PiS MP Michal Wojcik celebrated the result by tweeting, “This is a major success for Polish democracy.” When a tool to silence people is described as a success for democracy by a party that spent eight years in power dismantling judicial independence, that ought to tell you how useful the tool will be to whoever holds it next. Digital affairs minister Krzysztof Gawkowski told Polsat News he expects no presidential veto. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post The Broad New Powers Hiding Inside Poland’s Child Safety Bills appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Here is a fun fact to keep in your back pocket the next time a politician appears on the morning TV sofas to explain that the government’s new face-scanning and digital ID regime is really, deep down, about protecting your children. UK Prime Minister Keir Starmer, spent the first half of his career as a human rights lawyer and the second half running the Crown Prosecution Service. He has argued for the individual against the state and he has aimed the full weight of the state at the individual. He has, in other words, seen this particular movie from both seats. So when he tells you he has stumbled, blinking and innocent, into the most comprehensive surveillance apparatus in British peacetime history, do not extend him the courtesy of believing it. He spent twenty years learning precisely what these powers do to a person. He is not building this in his sleep. And what he is building is a country in which you must ask permission to exist online. Not ask the platform. Ask the state. Before you read, post, store a photo, or send a message, you are expected to step up to the booth, show your papers, and prove you are a citizen the government has pre-approved. The default setting of a free society, that you are left alone until you give the state a reason, is being flipped on its head. The new arrangement is that you are a suspect with a phone until you prove otherwise, and you prove it constantly, because proving it has been welded onto the act of going online and speaking at all. That is the whole game. Everything else is set dressing. Monday’s headline was a ban on under-16s using social media which, to some, sounds about as sinister as a wholesome ribbon-cutting until you ask the obvious question nobody in Downing Street wants asked aloud: how, precisely, do you stop a fourteen-year-old from opening Instagram without first checking the age of the forty-year-old? You don’t. You can’t. So everyone gets carded. Britain is lifting the system wholesale from Australia, where a computer first scans your face and guesses your age from your cheekbones, then, failing that, surveils you to death, studies your browsing habits and the hours you keep, and then, when the algorithm throws up its hands, simply demands your passport. The face scan is sold to you as the polite option, the velvet rope. It is, in fact, the funnel and, at the bottom of the funnel, sits the national identity check that three million people already told this government, in no uncertain terms, to scrap. In September 2025 Starmer stood at a lectern and announced a mandatory digital ID scheme with the confidence of a man who assumed it would be popular. The British public’s response was to reach for the rhetorical equivalent of a cricket bat. Nearly three million signatures on a single petition, the fourth-biggest in parliamentary history. Public support belly-flopped from positive thirty-five to negative fourteen in the time it takes to renew a passport. Big Brother Watch branded the whole thing “wholly unBritish.” His own MP Rebecca Long Bailey, is warning of “an infrastructure that can follow us, link our most sensitive information and expand state control over all our lives,” which is a sentence you do not expect to hear from the governing party about its own flagship policy. This was more than the usual rent-a-mob. This was the nation telling its Prime Minister, with rare unanimity, to take a hike. A normal politician takes that hint. A human rights lawyer, in theory, frames the petition and hangs it on the wall as a cautionary tale. Starmer did something else entirely. He kept the goal and ditched the honesty. The mandatory card was quietly dropped in January, the ambition was not, and the operation simply moved from the front door, which the public had bolted, to the tradesman’s entrance round the back, which they had not thought to lock because who breaks into their own house? The trick is almost elegant in its cynicism. You cannot sell the public a surveillance dragnet, so you stop calling it a surveillance dragnet and start attaching it to causes that make opposition look like a personality defect. Don’t ask “may we build a national biometric database?” because the answer is a resounding no. Ask “would you like us to protect children from pornography,” and watch the same people who hated the ID card nod along, because the alternative is being presented as the weirdo at the dinner party defending kids’ access to Pornhub. Which, by the way, is exactly where the government ran its pilot scheme. Age checks for adult content went live last July, Pornhub’s UK traffic promptly fell off a cliff by 77 per cent (most switched to a VPN), the image site Imgur switched off the entire country rather than play along, and the great public uprising against it amounted to roughly nobody, because marching for your right to watch pornography is not a hill most people will plant a flag on. Lesson learned, filed away, reused. First, the embarrassing door, then the children’s door, and this week the door to the phone in your actual pocket, where Apple and Google have now been ordered to install spyware that pokes through your photos, on pain of criminal liability if they decline. Different doormat, same burglar. Knowing who you are is only act one. Act two is reading what you keep, and here the children conveniently evaporate, because there is no cuddly justification for the next bit, which is why it was done in the dark like most things you would be ashamed of. The Home Office served Apple with a secret order to tear a hole in iCloud encryption, an order so secret that Apple was forbidden by law from admitting it had even received it. The ambition is something to behold: a government wanting to force a company to break encryption in secret and then wanting the court case about the secret order to also be a secret. Apple told them where to go and yanked its strongest encryption from every British user instead, meaning the government reached for one company’s lock and ended up ripping the door off millions of phones. The French still have the protection. The Germans have it. The Americans have it. Britons do not. If Apple breaks end-to-end encryption for people in Britain, it breaks it for everyone, and the power to do it all again, to any company it fancies, remains fully loaded and pointed at the room. Act three was already humming along before anyone was paying attention. British police arrested over 12,000 people in a single year for things they typed online, more than thirty a day, and managed to convict fewer than one in ten of them. When the conviction rate is that feeble, the arrest stops being a step toward justice and becomes the punishment itself, the knock at the door and the phone in the evidence bag doing the work no courtroom ever will. Over 133,000 “non-crime hate incidents” have been logged since 2014, which is the state’s charming term for keeping a permanent file on something you said that wasn’t actually illegal. This is what speech policing looks like once the government already knows your name and can read your post. It doesn’t need to win. It just needs you nervous. Bolt the three acts together and the production reveals itself. A state that checks who you are before you log on, reads what you store once you have, and arrests you for what you say if it doesn’t care for your tone. Identity, surveillance, punishment, each ushered in through its own tear-jerking side door, each defended by a minister with their hand on their heart, swearing it’s really about the kids. No single piece is a jackboot. Assembled, they quietly abolish the notion that a British adult can read, think, or speak online without the government’s full knowledge and explicit say-so. And none of it unbuilds. Every future Home Secretary inherits the encryption power. Every future government inherits the identity plumbing and the speech laws. The ratchet has precisely one direction, and Starmer the former prosecutor, knows that better than you do, because prosecutors are the people who get to turn it. To be scrupulously fair, since the government will not be: there are of course some harms on social media. All true, and all completely beside the point, because a real problem is the finest gift wrapping an illegitimate power ever received. It lets the state answer a question you never asked. “Are children at risk online?” is not the question on the table. “Should the British government be able to identify, monitor, and punish every adult who uses the internet” is the question on the table, and it has already been answered, by three million furious people, which is the entire reason it is never the question they put to you. None of this was ever really about social media. Starmer tried to sell people the identity state openly, the public broke his fingers in the door, and he came back through the backdoor with a child in his arms. So here is the only thing worth remembering as the announcements keep coming. Nobody voted for any of this. It was not in the Labour manifesto. No party put facial scanning, biometric databases, broken encryption, and identity checks for the entire population to the electorate and won a mandate for it. There is no democratic permission slip for the biggest expansion of state surveillance in British peacetime history. There is only a government that asked once, got refused, and decided to take it anyway under a friendlier name. And over the coming weeks, the British people are going to be told, by ministers and by a media that prints the narrative as gospel, that this is about keeping children safe, and that anyone who objects must therefore be on the wrong side of it. That is the trap. Falling for it means handing your government a machine it will never give back, in exchange for a feeling. The children are the reason you are being asked to stop thinking. They are not the reason this is being built. The moment to notice the difference is now, while saying so still costs you nothing, and not later, when it costs considerably more. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Starmer’s Social Media Ban, the Reinvention of the Surveillance State appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The ancestry profiles and family data of nearly seven million people, stolen in 2023 and scattered across the dark web, now carry a court-approved price tag of $46.8 million. A Missouri bankruptcy administrator approved the fund Wednesday, settling the largest claims against the company once known as 23andMe and now operating under the name Chrome Holding Co. What the hackers took cannot be reset. A password gets changed after a breach and a stolen credit card gets canceled within hours. Your ancestry and ethnic background do not change and neither does the web of relatives you connect to, which exposes people who never signed up for anything. The ancestry estimates, predicted family relationships, birth years and self-reported locations they harvested are enough to identify someone and the people related to them and that information stays true for life. This was the data 23andMe failed to protect, starting around April 2023 and running for roughly five months before the company disclosed the intrusion in an October blog post. Attackers reused login credentials harvested from earlier breaches on other sites, slipping into a sliver of accounts whose owners had recycled their passwords. From there the damage spread through DNA Relatives, an opt-in feature built to let customers find genetic kin. The hacker reached 5.5 million DNA Relatives profiles and pulled information on another 1.4 million people who used a tool called Family Tree, turning a feature designed for connection into a map of who is related to whom. Victims who filed claims will divide $32.5 million of the fund, with individual payouts running from $50 to $10,000 for extraordinary losses such as identity fraud and mental health treatment. The administrator has resolved more than 255,860 claims so far, and thousands remain pending. The remaining $14.29 million goes to Kroll, the firm processing the claims and roughly $13 million of that was covered by cyber insurance policies from Allied World, Tokio Marine’s Houston Casualty, Berkshire Hathaway’s Landmark American, and underwriters at Lloyd’s. The people whose data was exposed carry the permanent risk, and the insurers carry most of the bill. Plaintiffs had asked for $48 billion. The administrator landed on a figure several orders of magnitude lower, citing a federal court’s finding that an earlier $30 million deal was “reasonable in light of the Company’s dire financial condition.” The administrator called the result an “equitable outcome” that avoids more litigation and reflects what the company can actually pay. The final number sits $3.25 million under the $50 million ceiling that Judge Brian Walsh authorized back in January. The harm was never evenly distributed. After the breach, compilations of stolen profiles surfaced for sale on the dark web. Ancestry data sorted by ethnicity and offered to buyers is the kind of exposure no payout reverses. The company that gathered all of this is mostly gone. 23andMe filed for Chapter 11 in March 2025, sold most of its assets for more than $300 million, and was bought back by co-founder Anne Wojcicki over objections from regulators. California tried to block the sale, arguing that its Genetic Information Privacy Act required opt-in consent before genetic data could change hands, and lost. Late in May, the state sued Chrome Holding Co. for failing to protect customer data in the first place. The corporate shell keeps changing names. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post 23andMe’s Stolen Data Gets a $46.8 Million Payout appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Britain’s Labour government wants image-scanning software on every phone in the country and this last week the government confirmed it will not stop at new devices. It will reach the old ones, the secondhand ones, and the phone a parent wipes before handing it to a child. During a House of Lords exchange, Conservative peer Lord Markham asked whether teenagers would just dodge it by staying on older software. “What assessment has been made of the risk that younger users will simply remain on old operating systems, and of the practical challenges of implementing these measures across different manufacturers?” he asked. Baroness Lloyd of Effra, the technology minister, stretched the plan across nearly every device in use. “It applies to both old and new smartphones and tablets, and we expect tech companies to set up controls so that, if a parent hands down a phone, for example, all they have to do is reset it to enact this operating-level facility,” she said. That commits Apple, Google, and every manufacturer to wiring a scanner into the operating system, then switching it on across phones they sold years ago. To catch one banned photo, the software has to inspect all of them, which posts an automated examiner inside the camera of a device you own outright. The real damage falls on encryption. Reading an image on your phone before the encryption seals it walks around the protection while leaving the padlock looking untouched. Home Secretary Shabana Mahmood tried to drain the alarm out of it. “There is no reporting, no data collection, no monitoring, and no images leaving the device. All adults will be able to switch off the protections if they are over 18,” she said. The promise collapses on its own logic. A scanner that recognizes nude images is a trained model and someone off the device has to keep building it, updating it, and telling it what to flag. The escape hatch is worse. An adult can switch it off only after proving their age to a verification scheme, which means handing over your identity to use a camera you already own. Tyranny aside, mandating all this on old phones runs into a basic problem the minister’s “reset it” line glosses over. A factory reset restores whatever operating system the phone already runs. It does not install a capability that version never shipped with. Getting the scanner onto an old device means getting a newer OS onto it first, and Apple and Google stop pushing operating-system updates to their devices after a handful of years. The minister is describing a switch that, on many of the phones she named, has nothing to switch. The hardware compounds it. On-device nudity detection relies on machine-learning models that lean on the dedicated silicon built into recent phones, and older devices lack the neural processing and memory to run that kind of model without wrecking battery life and speed. That is the reason these features ship on new hardware and skip the old stuff in the first place. The picture gets worse once you leave Apple’s walled garden. Android runs across thousands of models from dozens of manufacturers, plenty of them on forked or abandoned builds that stopped getting security patches years ago, some stripped of Google services entirely. There is no single control the government can reach in and flip across all of them. The teenagers this policy targets also happen to be the group most able to route around it, whether by flashing a community-built version of Android with no scanner, keeping a phone on old software on purpose, or buying a handset that never had the feature. A rule that cannot reach most old phones and can be sidestepped on the ones it does reach is an expensive way for the government to show it does not understand technology. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post UK Even Wants Image Scanners on Millions of Unsupported Devices appeared first on Reclaim The Net.