If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Google wants a look at your hands before it lets you through. The company’s newest reCAPTCHA check, rolling out now as a test, asks you to switch on your camera and wave at it so an algorithm can decide whether you’re a human or a bot. That wave is less casual than it looks. The system records a short video of your hand and pulls 21 hand-landmark coordinates from it, mapping your finger joints, your palm geometry, and the way you move in real time. Google describes the purpose as liveness detection, a way for websites to fend off automated account creation, credential-stuffing, and other fraud. But this is still a biometric scan, collected so you can prove you’re a person and still involves turning on your cameras for Google. Google has lined up the promises you would expect. The company says the footage is deleted once verification finishes, no audio is recorded, and the video is never tied to your identity. Its documentation adds that nothing goes to third parties and the data serves security alone, then points to the Google Privacy Policy for how everything is used and stored, a policy elastic enough to cover almost anything. For now the feature seems optional. People who cannot perform the gestures still get the older puzzles, with Google saying reCAPTCHA “continues to provide visual and audio challenges” while it develops alternatives. However, we all know that optional today is rarely optional forever and the older challenges survive partly because the gesture check is still being tested. The reassurances rest on trust and Google has spent years giving people reasons to hold it back. This is a company whose business runs on gathering and monetizing personal data, now asking to switch on your camera and read your hand. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Google’s New reCAPTCHA Wants Your Camera Access and 21 Points of Your Hand appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Europe’s governments lost a fight over surveillance three months ago, and now they want a rematch on their own terms. EU ambassadors agreed on Friday to advance a temporary extension of the framework that lets platforms like WhatsApp and Messenger scan users’ private communications. They say it’s all about stopping child sexual abuse material, reviving a regime the European Parliament voted to bury in March. The proposal comes from the Cypriot presidency of the Council, and pushing it forward would be unprecedented because Parliament has already rejected the Commission’s plan and would normally have the final word. In a note circulated this week, the Cypriot presidency invited member states to “carefully consider adopting a first reading position by the Council, even if this would be without precedent in the present circumstances where the European Parliament has rejected the Commission’s proposal.” When the question reached the full chamber, 311 lawmakers voted against prolonging the derogation, and the legal basis for voluntary scanning lapsed in April. The objection has held for years because reading the private messages of 450 million people to catch a tiny fraction of offenders treats the entire population as suspects. A European Parliament study found no way to scan for this material without error rates high enough to catch large volumes of lawful communication and the Council’s own legal service has flagged the same proposal as a problem for the right to privacy. Reported error rates for some of the detection tools run between 13 and 20 percent, (with some having as high as nearly 50% in one German study), while the share of scanned content actually confirmed as abuse material has been vanishingly small. The push to override the March vote is being led by Roberta Metsola, the President of the European Parliament. At the European Council on June 18, Metsola urged EU leaders to drive the interim file forward, even though her own chamber had refused it and even though her own political group, the center-right European People’s Party, opposed it in the final vote. The timing turns this into a two-front week for private communication in Europe. The Council’s Friday maneuver runs alongside the permanent CSAM regulation, the long-term law called “chat control,” whose negotiators meet again on Monday. The contested part of that law would reach into end-to-end encrypted services, the technology that keeps a message readable only by sender and recipient. The worst-case version still on the table would let governments order detection that is not limited to actual suspects and does not require a judge’s approval first. It would pair that with mandatory age verification across hosting and communications services. The negotiators meet on Monday morning. By the end of it, Europeans may need to prove who they are before they can send a private message. We’ll keep you updated. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Brussels Could Reopen the Fight to Scan Your Private Chats appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Apple wiped the Russian tech company VK off its App Store on Thursday, pulling down the social networks VKontakte and Odnoklassniki along with the email client Mail.ru, the content platform Dzen, VK Video, VK Music, VK Dating, and VK Messenger. The education service Skillbox went too. There was no warning. VK has called the deletion “completely unprompted and unacceptable.” The company said in a statement that “Apple is cutting off Russian users from highly popular services used by tens of millions of people every single day,” and warned iPhone owners they would stop receiving push notifications across its apps. VK also said it has “never been subject to sanctions and has never appeared on any sanctions list.” There is a lot at play here. A single corporation holds a kill switch over the software millions of people use to talk to each other and it can throw that switch overnight without telling anyone why. Apple did not respond to a request for comment from The Moscow Times. When it deleted VK’s state-built messenger MAX earlier this month, it told BBC News Russian only that it was complying with sanctions, and declined to say which ones. That vagueness is the whole problem. “Sanctions compliance” is the stated reason, yet Apple won’t name the specific measure, so the public can’t check the claim or contest it. VK says it gave Apple the paperwork long ago. “Official legal opinions and all necessary information have long been in Apple’s possession. Nevertheless, Apple unilaterally removed VK’s apps without warning,” the company’s press service told Meduza. The arbitrariness has a track record. Apple pulled VK’s apps in September 2022 after British sanctions, then restored them less than a month later. The lever that removes an app can put it back and the decision happens inside one company, on a timeline no user controls. None of this makes VK a plucky victim. The company is a pillar of the Kremlin’s drive to wall off Russia’s internet behind domestic platforms it can monitor, and it took $579 million in state money to build a YouTube rival. Its CEO, Vladimir Kiriyenko, son of Putin adviser Sergei Kiriyenko, sits under US, EU, and British sanctions. MAX, the messenger Apple deleted first, launched in 2025 as a state-promoted answer to WhatsApp and is legally required to come pre-installed on every phone sold in Russia. So the ordinary Russian iPhone owner is wedged between two powers that both want to control what runs on their phone. The Kremlin mandates apps and steers citizens toward platforms it can surveil. Apple deletes them by fiat from the other direction. Digital Development Minister Maksut Shadayev complained that the MAX removal cut more than 20 million iPhone users off without explanation. He is right about the explanation part, even coming from a government that blocks and throttles speech as a matter of policy. The push to delete MAX came partly from Russia’s exiled opposition. Yulia Navalnaya launched a campaign in February pressing Apple and Google to drop the app worldwide, framing it as anti-censorship. There is an argument there, that a state surveillance tool does not deserve global distribution. There is also a precedent forming that lobbying a platform to erase an app for millions of strangers is a normal political tactic. Both things are true at once. Russia is one of the most aggressive censors on the planet and it built VK and MAX into as instruments of that censorship. Apple is following the sanctions law. Yet these apps are not new arrivals. VKontakte has been the default social network for Russians since before Facebook abandoned the market, and people have run it on iPhones for well over a decade. Deleting it now does not stop anyone in Russia from being who they already are online. It makes the dominant Western phone a worse way to do it, which is the outcome the Kremlin has spent years engineering. The Russian state distrusts the iPhone in public but leans on it in private. Officials were barred from carrying iPhones into cabinet meetings back in 2023 over spying fears, and this month the FSB accused Western web services of helping foreign intelligence snoop on senior officials through their Apple devices. Tens of millions of ordinary Russians carry one anyway. A sanctions removal aimed at a Kremlin-linked company therefore, lands hardest on the citizens the Kremlin has never managed to pull off foreign tech, the exact people an open internet is supposed to protect. Follow that logic forward and you arrive at the splinternet, a world where the global network breaks into national pens, each with its own approved apps and its own gatekeeper deciding who gets through the gate. Every sanctions-driven deletion hands Moscow the same line. Foreign platforms are unreliable, so move to ours, the ones we can read. Apple pulls VK to satisfy Washington. Russia answers by mandating MAX and herding everyone toward the software it surveils. Both sides build the walls higher, and the person standing between them ends up with fewer ways out, not more. Russia, predictably, says it wants answers. Kremlin spokesman Dmitry Peskov told reporters on Thursday that Moscow expects an explanation from Apple and advised Russians to switch to other operating systems. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Apple Removes VK’s Apps from App Store in Russia, Citing Sanctions Compliance appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Canada’s new cyber-security law gives a cabinet minister the power to order any telecom provider to cut off service to a named person, without a warrant, without prior judicial approval, and under a gag order that can prohibit the provider from explaining why. That power is now live. The law also creates warrantless data-collection authorities broad enough to scoop up subscriber information, metadata, location data, and browsing history. It was supposedly written to protect critical infrastructure but what it built is a surveillance machine with almost no independent checks on how it gets used. We obtained a copy of the bill for you here. What the Law Is C-8 carries the formal title An Act Respecting Cyber Security. It replaces Bill C-26, which died on the order paper when the previous Parliament was prorogued, and was reintroduced in substantially the same form. The bill ran two parts through Parliament. The first rewrites the Telecommunications Act so that security is an explicit policy objective and gives the government direct authority over carriers. The second creates the Critical Cyber Systems Protection Act, imposing mandatory cybersecurity obligations on operators in banking, energy, transportation, and the nuclear sector. The telecom powers are already in force and the critical-infrastructure regime will roll out in phases. The Power to Disconnect Under the amended Telecommunications Act, the Minister of Industry can “prohibit a telecommunications service provider from providing any service to any specified person,” or direct a provider to suspend service for a set period. The order takes effect once the minister signs it, after consultation with the Minister of Public Safety. No court reviews it beforehand. These orders bypass the normal regulatory publication path because the Statutory Instruments Act does not apply to them. An order can include a provision “prohibiting the disclosure of its existence,” so a person can lose phone and internet access while the provider is legally forbidden from telling them why. And the Act states that “No one is entitled to any compensation” for financial losses an order causes. The government added a carve-out for individuals, barring orders that suspend an individual’s service unless the measure is necessary against “any specified threat of a technical nature.” That limit covers only the suspension power. The broader prohibition authority reaches “any specified person,” with no such restriction. OpenMedia’s executive director Matt Hatfield said before the bill passed: “There is no such thing as a private intercepted message, and no backdoor that exists only for law enforcement. Our government knows it, yet their draft cybersecurity legislation Bill C-8 can be abused to surveil Canadians in secret, well beyond its legitimate purpose.” Warrantless data collection Section 15.4 of the amended Telecommunications Act gives the minister an open-ended power to compel “any person” to hand over information the minister considers necessary, with no requirement for a warrant or prior judicial authorization. The Citizen Lab’s Senate brief called this “an unprecedented, warrantless power to collect telecommunications data, and to share this information widely across the federal government,” including with CSIS and the Communications Security Establishment. As a matter of constitutional law, Citizen Lab argued, the power is “presumptively contrary to section 8 of the Charter, because it would authorize the collection of information that is subject to a reasonable expectation of privacy without prior independent judicial authorization.” The Privacy Commissioner warned during testimony that the law could result in the collection and sharing of subscriber account information, communication data, website visits, metadata, location data, and financial data. The Intelligence Commissioner of Canada also weighed in. “The glaring absentee in this bill is the Canadian public,” he said. “The information that is collected is Canadians’ personal information.” He characterized warrantless seizure of private information as a constitutional issue the bill had failed to resolve. The bill’s minimal safeguards, including a requirement that the minister weigh “potential impacts on the privacy of Canadians” before issuing orders, do not even apply to these collection powers. Encryption and Backdoors C-8’s order-making powers are broad enough to force telecom companies to weaken or bypass encryption. The minister can order a provider “to do anything or refrain from doing anything” deemed necessary to secure the telecom system, language that does not exclude orders to install surveillance capabilities or degrade encryption standards. Writing in The Globe and Mail, Citizen Lab’s Kate Robertson and Ron Deibert warned that the bill’s “secretive, encryption-breaking powers” would “threaten the online security of everyone in Canada” and that it “empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada’s networks.” The government did introduce amendments stating the minister “must not order the decoding of an encrypted private communication.” That language prohibits one specific action, decoding, while leaving the broader order-making power intact. The Canadian Civil Liberties Association’s Tamir Israel said the fix was insufficient: “By failing to guarantee critical end-to-end encryption protocols will not be undermined, Bill C-8 risks doing more harm than good to cybersecurity.” Secrecy by Design Operators receiving a cybersecurity direction are prohibited from disclosing its existence or content. The minister can keep orders out of the Canada Gazette. Judicial review proceedings operate under rules that let the government present evidence the target never sees. Committee amendments that would have required prior judicial authorization for orders and transferred non-disclosure decisions to the courts were adopted, then removed by a Speaker’s ruling before final passage. Israel called this a “secrecy by default approach” that “pose[s] an additional threat to privacy and other civil liberties.” Citizen Lab argued the secrecy provisions restrict public and media scrutiny and raise freedom-of-expression concerns under section 2(b) of the Charter. For orders that include a gag, the minister must notify two intelligence-review bodies within 90 days, and the Act requires an annual report to Parliament. That is the total extent of the transparency obligation. Who the Bill Actually Affects The government’s own Charter analysis argued that privacy interests are “diminished in regulatory and administrative contexts.” Citizen Lab disputed this directly, arguing that the bill “is reforming Canada’s national security laws and powers, and will impact the privacy interests of people across Canada,” who are not regulated companies. Telecom providers carry Canadians’ most private communications. The people whose data flows through those networks are not regulatory subjects and their privacy interests are not diminished because the company carrying their data is. The critical-infrastructure part applies to designated operators in telecom, banking, energy, transportation, and the nuclear sector. Those operators must build formal cybersecurity programs within 90 days, manage supply-chain risk, and report incidents to the Communications Security Establishment within 72 hours. Penalties run as high as 15 million dollars per violation for a corporation. The Act also opens channels for personal and confidential information to flow to provincial governments, foreign states, and international organizations under written arrangements. The Privacy Commissioner urged safeguards on foreign sharing and called for a mandatory process to notify the office of breaches and incidents involving internationally shared information. The final law does not include that process. What Did Not Survive Parliament considered and rejected or stripped out most of the stronger protections proposed during the committee study. Amendments requiring prior judicial authorization for security orders were removed. Amendments transferring non-disclosure authority to the courts were removed. The Privacy Commissioner’s call for mandatory breach notification to the OPC was not adopted. No whistleblower protections were added, a gap the Canadian Cyber Threat Exchange warned would discourage organizations from disclosing breaches or vulnerabilities. A mandatory five-year review of the law’s provisions made it into the final text. The question is what happens in the years before that review, when the regulations filling out the Act’s operational details are drafted without any of the oversight mechanisms that were proposed and discarded. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Canada’s Bill C-8, Explained, and What It Means for Your Privacy appeared first on Reclaim The Net: Free Speech, Privacy, Digital Rights.

This Post is for Paid Supporters Reclaim your digital freedom. Get the latest on censorship and surveillance, and learn how to fight back. Subscribe Already a supporter? Sign In. The post How a Ticket Check at MSG Became a Biometric Dragnet and Four Lawsuits appeared first on Reclaim The Net.