Well, I will just repeat what I said about California (A new California law says all operating systems, including Linux, need to have some form of age verification at account setup) – NB people on this LinkedIn post were not too happy about that either:

Here we see the creeping sliding scale that is the terror of Age Verification. First of all, an OS does not need an age – it’s like saying any technology needs age verification: all gadgets use an OS, whether it is your washing machine, your smart light switch, your PSP or your PC. Second of all, an OS has no business being forced online – they are supposed to be non-cloud, personal, non-connected unless you want them to connect. Age verification requires external suppliers and so you would need to connect to perform the age verification – and send who knows what kind of other personal data. Eg Windows sends hardware data (along with a whole load of other data) that works much like a fingerprint. This makes it easy to track a users movements online. This is one reason why people want to bypass the online account creation on Windows and use local accounts.

For more on the horrors of age verification, see https://www.linkielist.com/?s=age+verification&submit=Search

As more US states consider online age-verification requirements, two Colorado lawmakers want to implement the age checks at the operating system-level, after California enacted a similar law. 

Colorado’s SB26-051, introduced last month, would require operating systems to register the owner’s age, which third-party apps can then leverage to determine if the user is an adult. The bill calls for the device owner to register their birthdate or age, but for the purposes of creating an “age bracket,” which can then be shared to an app developer through an API to learn their age range, according to BiometricUpdate.com.  

The bill comes from state Sen. Matt Ball and Rep. Amy Paschal, both Democrats. “The intent is to create thoughtful safeguards for kids online through a privacy-forward framework for age assurance,” Ball told PCMag. “Unlike some laws in other states, SB 51 doesn’t require users to share personally identifiable information or use facial recognition technology.”

Ball also said the legislation was based on California’s bill AB 1043, which was passed last year. It too requires OS makers to create a way for the device owner to register their age bracket, which can then be shared to app developers over an API. The California law starts to take effect January 1, 2027.

Ball added: “SB 26-51 is very closely modeled on it. One of the reasons for bringing SB 51 was that the tech and software industry is already complying with AB 1043, so there’s minimal added burden.”

Note here: they are not. Several Linux distributions have in fact already changed their ToU making it illegal for the software to be used in California.

The legislation also promises to centralize the age check through the OS, rather than mandating that each app enforce their own age-verification mechanism, which can involve scanning the user’s official ID, thus raising privacy and security concerns. The bill also forbids the sharing of the age-bracket data for any other purpose. 

But it looks like it’s easy to bypass the age check proposed by SB26-051. The legislation itself doesn’t mention any state ID check to verify the owner’s age. In addition, the bill doesn’t seem to cover websites, only apps and app stores. 

Source: Colorado Lawmakers Push for Age Verification at the Operating System Level | PCMag

Last week, Discord users reported seeing prompts to submit personal information to Persona, a third-party age-verification service. As Discord commits to universal age-verification, the new measures have come under intense scrutiny after previous security failures. Now a trio of hacktivists say they’ve successfully breached Persona, getting a closer look at how the company uses submitted biometrics. They say their findings raise alarms beyond the possibility of leaks.

According to The Rage, Persona’s front-end security left a lot to be desired. Worse, however, were investigative findings that suggested Persona’s surveillance of the users whose data it collected was way more sprawling than originally believed.

“It was initially meant to be a passive recon investigation,” writes vmfunc, a cybersecurity researcher and one of the hackers, “that quickly turned into a rabbit hole deep dive into how commercial AI and federal government operations work together to violate our privacy every waking second.”

On top of finding it surprisingly easy to access data gathered by Persona, the research showed that faces and biometrics were not just being scanned for age verification, but flagged for suspicious behavior and bounced off watchlists as well. To some, particularly those who don’t worry about their face being deemed “suspicious,” this may not sound like an Orwellian level of intrusion, until you remember Persona’s full network.

Persona received $150 million in 2021 from the Founders Fund, a long-running tech investor group headed by Peter Thiel. Thiel’s main business, on top of palling around in Jeffery Epstein’s emails and waiting for the antichrist, is Palantir, an intentionally ominously-named data brokering service that is currently peddling user information to support ICE raids. The findings of vmfunc and co’s research doesn’t directly tether Persona and Discord’s operations to Palantir or Thiel, but it wouldn’t be conspiratorial to point out that all this data seems to be funnelling along similar slopes.

Trust but verify

Persona has confirmed the breach, CEO Rick Song corresponding and even thanking the hackers for flagging the security exploit. This has not, however, tempered concerns among those hacktivists about how the user information is ultimately being used.

“Transparently, we are actively working on a couple of potential contracts which would be publicly visible if we move forward,” writes Christie Kim, chief operating officer at Persona, in an email regarding the security breach and speculation around Discord. “However, these engagements are strictly for workforce account security of government employees and do not include ICE or any agency within the Department of Homeland Security.”

After the alarm was initially raised about Persona, Discord claimed its work with the Thiel-backed firm was only temporary, and that it didn’t have new contacts with it moving forward. It also promised user info was being wiped from servers within seven days of being gathered.

Source: Discord’s First Age-Verification ‘Experiment’ Alarms Hackers

Discord announced on Monday that it’s rolling out age verification on its platform globally starting next month, when it will automatically set all users’ accounts to a “teen-appropriate” experience unless they demonstrate that they’re adults.

“For most adults, age verification won’t be required, as Discord’s age inference model uses account information such as account tenure, device and activity data, and aggregated, high-level patterns across Discord communities. Discord does not use private messages or any message content in this process,” Savannah Badalich, Discord’s global head of product policy, tells The Verge.

Users who aren’t verified as adults will not be able to access age-restricted servers and channels, won’t be able to speak in Discord’s livestream-like “stage” channels, and will see content filters for any content Discord detects as graphic or sensitive. They will also get warning prompts for friend requests from potentially unfamiliar users, and DMs from unfamiliar users will be automatically filtered into a separate inbox.

Direct messages and servers that are not age-restricted will continue to function normally, but users won’t be able to send messages or view content in an age-restricted server until they complete the age check process, even if it’s a server they were part of before age verification rolled out. Badalich says those servers will be “obfuscated” with a black screen until the user verifies they’re an adult. Users also won’t be able to join any new age-restricted servers without verifying their age.

1/2Unverified users won’t be able to enter age-restricted servers. Image: Discord

Discord’s global age verification launch is part of a wave of similar moves at other online platforms, driven by an international legal push for age checks and stronger child safety measures. This is not the first time Discord has implemented some form of age verification, either. It initially rolled out age checks for users in the UK and Australia last year, which some users figured out how to circumvent using Death Stranding’s photo mode. Badalich says Discord “immediately fixed it after a week,” but expects users will continue finding creative ways to try getting around the age checks, adding that Discord will “try to bug bash as much as we possibly can.”

It’s not just teens trying to cheat the system who might attempt to dodge age checks. Adult users could avoid verifying, as well, due to concerns around data privacy, particularly if they don’t want to use an ID to verify their age. In October, one of Discord’s former third-party vendors suffered a data breach that exposed users’ age verification data, including images of government IDs.

If Discord’s age inference model can’t determine a user’s age, a government ID might still be required for age verification in its global rollout. According to Discord, to remove the new “teen-by-default” changes and limitations, “users can choose to use facial age estimation or submit a form of identification to [Discord’s] vendor partners, with more options coming in the future.”

The first option uses AI to analyze a user’s video selfie, which Discord says never leaves the user’s device. If the age group estimate (teen or adult) from the selfie is incorrect, users can appeal it or verify with a photo of an identity document instead. That document will be verified by a third party vendor, but Discord says the images of those documents “are deleted quickly — in most cases, immediately after age confirmation.”

Users can view and update their age group from their profile. Image: Discord

Badalich also says after the October data breach, Discord “immediately stopped doing any sort of age verification flows with that vendor” and is now using a different third-party vendor. She adds, “We’re not doing biometric scanning [or] facial recognition. We’re doing facial estimation. The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.”

“A majority of people are not going to see a change in their experience.”

Badalich goes on to explain that the addition of age assurance will mainly impact adult content: “A majority of people on Discord are not necessarily looking at explicit or graphic content. When we say that, we’re really talking about things that are truly adult content [and] age inappropriate for a teen. So, the way that it will work is a majority of people are not going to see a change in their experience.”

Even so, there’s still a risk that some users will leave Discord as a result of the age verification rollout. “We do expect that there will be some sort of hit there, and we are incorporating that into what our planning looks like,” Badalich says. “We’ll find other ways to bring users back.”

Source: Discord will require a face scan or ID for full access next month | The Verge

If you want to look at more people blowing up about age verification you can try this Slashdot thread: Discord Will Require a Face Scan or ID for Full Access Next Month

If you tuned into Super Bowl LX on Sunday, you may have caught Ring’s big ad of the night: The company tried to tap into us dog owners’ collective fear of losing our pets, demonstrating how its new “Search Party” feature could reunite missing dogs with its owners. Ring probably thought audiences would love the feature, with existing users happy to know Search Party exists, and new customers looking to buy one of their doorbells to help find lost dogs in the neighborhood.

Of course, that’s not what happened at all. Rather than evoke heartwarming feelings, the ad scared the shit out of many of us who caught it. That’s due to how the feature itself works: Search Party uses AI to identify pets that run in its field of vision. But it’s not just your camera doing this: The feature pools together all of the Ring cameras that have Search Party enabled to look for your lost dog. In effect, it turns all these individual devices into a Ring network, or, perhaps in harsher terms, a surveillance state. It does so in pursuit of a noble goal, sure, but at what cost?

The reactions I saw online ranged from shock to anger. Some were surprised to learn that Ring cameras could even do this, seeing as you might assume your Ring doorbell is, well, yours. Others were furious, lashing out at anyone who thinks Search Party is a good idea, or that the feature isn’t the beginning of a very slippery slope. My favorite take was one comparing Search Party to Batman’s cellphone network surveillance system from The Dark Knight, which famously compromised morals and ethics in the name of catching the bad guy.

This Tweet is currently unavailable. It might be loading or has been removed.

According to Ring, Search Party is a perfectly safe and wholesome way to look for lost dogs in the area. The company’s FAQs explain that users can opt-out of the feature at any time, and only Ring doorbells in the area around the home that started the current Search Party will look for the dog. In addition, Ring says the feature works based on saved videos, so Ring doorbells without a subscription and a saved video history won’t be able to participate. (Though I’m not sure the fact that the feature works with saved videos assuages any fears on my end.)

I am not pro-missing dogs. But I am pro-privacy. At the risk of sounding alarmist, Search Party really does seem like a slippery slope. Today, the neighborhood is banding together to find Mrs. Smith’s missing goldendoodle; tomorrow, they’re looking for a “suspicious person.” Innocent until proven guilty, unless caught on your neighbor’s Ring camera.

Can law enforcement request Search Party data?

Here’s the big question regarding Search Party and its slippery slope: Can law enforcement—including local police, FBI, or ICE—request saved videos from Ring cameras participating in Search Party in order to track down people, not pets?

You won’t be surprised to learn that that wasn’t answered by Ring’s Super Bowl ad, nor is it part of the official Search Party FAQs. However, we do know that, as of October 2025, Ring partnered with both Flock Safety as well as Axon. Axon makes and sells equipment for law enforcement, like tasers and body cameras, while Flock Safety is a security company that offers services like license plate recognition and video surveillance. These partnerships allow law enforcement to post requests for Ring footage directly to the Ring app. Ring users in the vicinity of the request have the choice to either share that footage or ignore the petition. Flock Safety says that users who do choose to share footage remain private.

Of course, law enforcement isn’t always going to ask for volunteers. According to Ring’s law enforcement guidelines, the company will comply with “valid and binding search warrants.” That’s not surprising, of course. But the company does note an important distinction in what it will share: Ring will share “non-content” data in response to both subpoenas and warrants, including a user’s name, home address, email address, billing info, date they made the account, purchase history, and service usage data. The company says it will not share “content,” meaning the data you store in your account, like videos and recordings of service calls, for subpoenas, only warrants.

Ring also says it will tell you if it shares your data with law enforcement, unless it is barred from doing so, or it’s clear your Ring data breaks the law. This applies for both standard data requests, as well as “emergency” requests.

Based on its current language, it seems that Ring would give up the footage used in Search Party to law enforcement, assuming they present a valid warrant. The thing is, it’s not clear whether Search Party has any actual impact on that data: For example, imagine a dog runs in front of your Ring doorbell, and the footage is saved to your history. Now, a valid warrant comes through requesting your footage. Whether you have Search Party enabled or disabled, Ring may share that footage with law enforcement—the feature itself had no impact on whether your doorbell saved the footage. The difference would be whether law enforcement has access to the identification data within the footage: Can they see that Ring thinks that dog is, in fact, Mrs. Smith’s goldendoodle, or do they simply see a video of a fluffy pup running past your house? If so, that would be your slippery slope indeed: If law enforcement could obtain your footage with facial recognition data of the suspect they’re looking for, we’d be in particularly dangerous territory.

I’ve reached out to Ring for comment on this side of Search Party, and I hope to hear back to provide a fuller answer to this question.

How to opt-out of Search Party on your Ring cameras

If you’d rather not bother with the feature at all, Ring says it’s easy enough to turn off. To start, open the Ring app, tap the hamburger menu, then choose “Control Center.” Here, choose “Search Party,” then choose the “blue Pet icon” next to each of your cameras for “Search for Lost Pets.”

To be honest, if I had a Ring camera, I’d go one step further and delete my saved videos. Law enforcement can’t obtain what I don’t save. If you want to delete these clips from your Ring account, head to the hamburger menu in the app, tap “History,” choose the “pencil icon,” then tap “Delete All” to wipe your entire history.

Source: How to Disable Ring’s ‘Search Party’ Feature | Lifehacker

All this talk of digital self sufficiency, data supremacy, etc and the EU will continue to feed the hand that strangles it, whilst not paying a cent to EU companies that could build the same (and better) functionalities.

The European Commission is trialling using European open source software to run its internal communications, a spokesperson confirmed to Euractiv.

The move comes at a time of growing concern within European administrations over their heavy dependency on US software for day-to-day work amid increasingly unreliable transatlantic relations.

“As part of our efforts to use more sovereign digital solutions, the European Commission is preparing an internal communication solution based on the Matrix protocol,” the spokesperson told Euractiv.

Matrix is an open source, community-developed messaging protocol shepherded by a non-profit that’s headquartered in London. It’s already widely used for public messengers across Europe, with the French government, German healthcare providers and European armed forces all using tools built on the protocol.

Sovereign backup 

The Commission is looking into using Matrix as a “complement and backup solution” to existing internal communications software, the spokesperson said.

That means there are no plans for a Matrix-based solution to replace Microsoft Teams, which is currently widely found on the Commission’s computers, according to remarks by an EU official at a conference in October.

A different open source tool – namely the Signal messaging app, which is also a favourite with journalists – is fulfilling the backup role at present but the software wasn’t flexible enough for a large organisation like the Commission, the official also said.

The Commission is also eyeing another use case for the Matrix-based comms tool: It could be used to connect to other Union bodies in the future, which are currently lacking a common tool to communicate securely.

[…]

Source: Commission trials European open source communications software | Euractiv

[…] Called “Take a Message,” the buggy feature was released last year and is supposed to automatically transcribe voicemails as they’re coming in, as well as detect and mark spam calls. Unfortunately, according to reports from multiple users on Reddit (as initially spotted by 9to5Google), the feature has started turning on the microphone while taking voicemails, allowing whoever is leaving you a voicemail to hear you.

[…]

The issue has been reported affecting Pixel devices ranging from the Pixel 4 to the Pixel 10, and on a recent support page, Google’s finally acknowledging it. However, the company’s action might not be enough, depending on how cautious you want to be.

According to Community Manager Siri Tejaswini, the company has “investigated this issue,” and has confirmed it “affects a very small subset of Pixel 4 and 5 devices under very specific and rare circumstances.” The post doesn’t go any further on the how and why of the diagnosis, but says that Google is now disabling Take a Message and “next-gen Call Screen features” on these devices.

[…]

While it’s encouraging that Google is taking action on the Take a Message bug, the company only seems to be acknowledging it for Pixel 4 and Pixel 5 models, at least for now. I’ve asked Google whether owners of other Pixel models should be worried, as user reports seem split on this. Still, because some have mentioned an issue with even the most up-to-date Pixel phone, if you want to practice your own abundance of caution, it might be worth disabling Take a Message on your device, regardless of its model number.

To do this, open your Phone app, then tap the three-lined menu icon at the top-left of the page. Navigate to Settings > Call Assist > Take a Message, and toggle the feature off.

Source: This Pixel Bug Leaked Audio to Incoming Callers, and Google’s Fix Might Not Be Enough | Lifehacker

Let us not forget that the reason Nazi Germany was so great at exporting Jews from the Netherlands was for a large part because of the great databases the Netherlands kept at that time containing religious and ethnic information on its’ population.

It’s not enough to have its agents in streets and schools; ICE now wants to see what data online ads already collect about you. The US Immigration and Customs Enforcement last week issued a Request for Information (RFI) asking data and ad tech brokers how they could help in its mission.

The RFI is not a solicitation for bids. Rather it represents an attempt to conduct market research into the spectrum of data – personal, financial, location, health, and so on – that ICE investigators can source from technology and advertising companies.

“[T]he Government is seeking to understand the current state of Ad Tech compliant and location data services available to federal investigative and operational entities, considering regulatory constraints and privacy expectations of support investigations activities,” the RFI explains.

Issued on Friday, January 23, 2026, one day prior to the shooting of VA nurse Alex Pretti by a federal immigration agent, two weeks after the shooting of Renée Good, and three weeks after the shooting of Keith Porter Jr, the RFI lands amid growing disapproval of ICE tactics and mounting pressure to withhold funding for the agency.

ICE did not immediately respond to a request to elaborate on how it might use ad tech data and to share whether any companies have responded to its invitation.

The RFI follows a similar solicitation published last October for a contractor capable of providing ICE with open source intelligence and social media information to assist the ICE Enforcement and Removal Operations (ERO) directorate’s Targeting Operations Division – tasked with finding and removing “aliens that pose a threat to public safety or national security.”

[…]

Tom Bowman, policy counsel with the Center for Democracy & Technology’s (CDT) Security & Surveillance Project, told The Register in a phone interview that ICE is attempting to rebrand surveillance as a commercial transaction.

“But that doesn’t make the surveillance any less intrusive or any less constitutionally suspect,” said Bowman. “This inquiry specifically underscores what really is a long-standing problem – that government agencies have been able to sidestep Fourth Amendment protections by purchasing data that would otherwise need a warrant to collect.”

The data derived from ad tech and various technology businesses, said Bowman, can reveal intimate details about people’s lives, including visits to medical facilities and places of worship.

[…]

“Ad tech compliance regimes were never designed to protect people from government surveillance or coercive enforcement,” he said. “Ad tech data is often collected via consent that is meaningless. The data flows are opaque. And then these types of downstream uses are really difficult to control.”

Bowman argues that while there’s been a broad failure to meaningfully regulate data brokers, legislative solutions are possible.

[…]

Source: ICE takes aim at data held by advertising and tech firms • The Register

Google has agreed to pay $68m (£51m) to settle a lawsuit claiming it secretly listened to people’s private conversations through their phones.

Users accused Google Assistant – a virtual assistant present on many Android devices – of recording private conversations after it was inadvertently triggered on their devices.

They claimed the recordings were then shared with advertisers in order to send them targeted advertising.

The BBC has contacted Google for comment. But in a filing seeking to settle the case, it denied wrongdoing and said it was seeking to avoid litigation.

Google Assistant is designed to wait in standby mode until it hears a particular phrase – typically “Hey Google” – which activates it.

The phone then records what it hears and sends the recording to Google’s servers where it can be analysed.

[…]

The claim has been brought as a class action lawsuit rather than an individual case – meaning if it is approved, the money will be paid out across many different claimants.

Those eligible for a payout will have owned Google devices dating back to May 2016.

But lawyers for the plaintiffs may ask for up to one-third of the settlement – amounting to about $22m in legal fees.

It follows a similar case in January where Apple agreed to pay $95m to settle a case alleging some of its devices were listening to people through its voice-activated assistant Siri without their permission.

The tech firm also denied any wrongdoing, as well as claims that it “recorded, disclosed to third parties, or failed to delete, conversations recorded as the result of a Siri activation” without consent.

Source: Google to pay $68m to settle lawsuit claiming it recorded private conversations

A couple months ago, YouTuber Benn Jordan “found vulnerabilities in some of Flock’s license plate reader cameras,” reports 404 Media’s Jason Koebler. “He reached out to me to tell me he had learned that some of Flock’s Condor cameras were left live-streaming to the open internet.”

This led to a remarkable article where Koebler confirmed the breach by visiting a Flock surveillance camera mounted on a California traffic signal. (“On my phone, I am watching myself in real time as the camera records and livestreams me — without any password or login — to the open internet… Hundreds of miles away, my colleagues are remotely watching me too through the exposed feed.”) Flock left livestreams and administrator control panels for at least 60 of its AI-enabled Condor cameras around the country exposed to the open internet, where anyone could watch them, download 30 days worth of video archive, and change settings, see log files, and run diagnostics. Unlike many of Flock’s cameras, which are designed to capture license plates as people drive by, Flock’s Condor cameras are pan-tilt-zoom (PTZ) cameras designed to record and track people, not vehicles. Condor cameras can be set to automatically zoom in on people’s faces… The exposure was initially discovered by YouTuber and technologist Benn Jordan and was shared with security researcher Jon “GainSec” Gaines, who recently found numerous vulnerabilities in several other models of Flock’s automated license plate reader (ALPR) cameras.
Jordan appeared this week as a guest on Koebler’s own YouTube channel, while Jordan released a video of his own about the experience. titled “We Hacked Flock Safety Cameras in under 30 Seconds.” (Thanks to Slashdot reader beadon for sharing the link.) But together Jordan and 404 Media also created another video three weeks ago titled “The Flock Camera Leak is Like Netflix for Stalkers” which includes footage he says was “completely accessible at the time Flock Safety was telling cities that the devices are secure after they’re deployed.”

The video decries cities “too lazy to conduct their own security audit or research the efficacy versus risk,” but also calls weak security “an industry-wide problem.” Jordan explains in the video how he “very easily found the administration interfaces for dozens of Flock safety cameras…” — but also what happened next: None of the data or video footage was encrypted. There was no username or password required. These were all completely public-facing, for the world to see…. Making any modification to the cameras is illegal, so I didn’t do this. But I had the ability to delete any of the video footage or evidence by simply pressing a button. I could see the paths where all of the evidence files were located on the file system…

During and after the process of conducting that research and making that video, I was visited by the police and had what I believed to be private investigators outside my home photographing me and my property and bothering my neighbors. John Gaines or GainSec, the brains behind most of this research, lost employment within 48 hours of the video being released. And the sad reality is that I don’t view these things as consequences or punishment for researching security vulnerabilities. I view these as consequences and punishment for doing it ethically and transparently.

I’ve been contacted by people on or communicating with civic councils who found my videos concerning, and they shared Flock Safety’s response with me. The company claimed that the devices in my video did not reflect the security standards of the ones being publicly deployed. The CEO even posted on LinkedIn and boasted about Flock Safety’s security policies. So, I formally and publicly offered to personally fund security research into Flock Safety’s deployed ecosystem. But the law prevents me from touching their live devices. So, all I needed was their permission so I wouldn’t get arrested. And I was even willing to let them supervise this research.

I got no response.
So instead, he read Flock’s official response to a security/surveillance industry research group — while standing in front of one of their security cameras, streaming his reading to the public internet.

“Might as well. It’s my tax dollars that paid for it.”

” ‘Flock is committed to continuously improving security…'”

Source: What Happened After Security Researchers Found 60 Flock Cameras Livestreaming to the Internet | Slashdot

For more on why Flock cameras are problematic, read here