James | MrConnectivity

So-called age verification for social media is spreading across the world, framed as an effort to create a safer internet for children. In reality, age verification lays the foundation for a fully controlled internet. The age verification rush must be slowed down, and politicians need to recognize the consequences of different types of legislation and systems. Age verification is the wrong approach to fix “the social media problem” The big tech social media companies are bad. Their business model is bad; it is based on mass surveillance and manipulation, and they cooperate with governments in mapping entire populations. But age verification is fundamentally the wrong approach to preventing children from using big tech social media platforms. Introducing age verification is based on coercion; the state forces social media companies to verify their users’ identities. But the big tech social media platforms already know which of their users are children. Their business model depends on knowing this. They know how old users are, and they know exactly what type of person they are. As age verification is based on coercion, politicians could instead force platforms to stop doing the things politicians consider harmful to children, or force them to block children (again, they know who they are) from using their services. But instead, politicians seek to massively invade everyone’s privacy and undermine democratic rights on a global scale. In other words, the latter is the real objective – they do not want to protect children; they want to impose control. Slippery slope of age verification It is undeniable that age verification threatens freedom of expression, risks increasing mass surveillance, and is likely to lead to censorship. It will not only shrink the online world and reduce young people’s right to privacy (for example, if VPN services were to be restricted); but also risks becoming a significant step toward a controlled internet for everyone. Most age verification is identity verification Most countries are now considering introducing age verification systems, meaning that everyone would have to identify themselves either to the service/website they want to use or to a third party capable of linking them to their activity on that service or website. This is not age verification but identity verification, and the consequence is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media. This is a major problem in countries like the UK and Germany where the police conduct raids on people’s homes for posting content on social media that the authorities dislike. Or in the United States, where authorities are trying to pressure tech companies into revealing the identities behind accounts protesting ICE. Social media identity verification removes important tools for activists in countries where criticizing those in power is dangerous. Restrictions on app store or operating system level Some countries are looking to impose identity verification at the app store level or even within the operating system itself. This is an exciting experiment, since this is possible to circumvent using open-source operating systems. Some countries are already looking to include open-source systems. Since open-source systems cannot be controlled, politicians would ultimately need to ban devices that are not controlled by the state. The end point: telescreens like those in Orwell’s 1984, devices that both monitor you and broadcast only the information approved by the state. The Zero-Knowledge Proof (ZKP) alternative and the EU The EU has presented its own age verification app as “completely anonymous”. The idea is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is currently designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time. Read more on our site. https://t.co/wTVKHMS1zg

The EU age verification app is presented as “completely anonymous”. But the risk is that member states (the countries are supposed to create their own versions of the open-source EU app) use it to introduce identity verification that makes it impossible to post anonymously on social media. The idea behind “completely anonymous” is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time. This means that the EU could decide at any time that ZKP may no longer be used, and in one stroke the app would fall back to its default mode, meaning that every post on social media carries an ID tag. By that point, an infrastructure will already have been rolled out; people will have gotten used to it, and it will be harder to roll it back. More details on https://t.co/wTVKHMS1zg

No, this isn't a security feature but rather is the direct opposite and reduces security. It won't prevent theft and won't help people recover a stolen device in practice either. Making it more difficult to return a device to Before First Unlock state directly weakens the security of user data rather than improving it. A thief can still forcefully trigger a shutdown or reboot by holding the power button. On a device where that triggers a reboot rather than a shutdown, the device can be forced to go into a special mode rather than the OS or can also usually be forcefully powered off afterwards. If devices didn't include a way to force reboot/shutdown then they could get easily stuck with the OS booted if it stops responding to input but is still functioning under the hood. There's nearly always a way to force reboot/shutdown and also a way to forcefully get out of a boot loop into a powered off state if holding power only triggers a reboot at first. The remote location detection service from both Apple and Google supports finding an iPhone or Pixel while it's otherwise turned off via nearby Apple or Google Play devices. In general, a thief needs to use a faraday bag or battery removal to block a device being located. Both approaches also work against an OS trying to make shutting down require authentication but it's not required since it can be bypassed by holding power. Once a device is unlocked for the first time, the encrypted data remains accessible to the operating system until it's powered off again. Only a tiny portion of data is inaccessible to the OS while locked in After First Unlock state. For most devices, fully restoring the security of Before First Unlock state requires shutting down and waiting for memory to degrade. Rebooting won't fully restore Before First Unlock state unless the operating system zeroes memory at boot and/or shutdown/reboot with both of those ideally being done. Devices in After First Unlock state can have all user data extracted by exploiting the hardware, firmware or software running on the device. A device with Evolution X is far more vulnerable to data extracted than an iPhone or stock Pixel due to lack of strong security protections and incomplete security patches. Most Android devices including anything running most alternate operating systems have atrocious security against exploits and data extraction from After First Unlock state is very easy. Being able to quickly turn off a device or having someone mistakenly do that themselves is needed for encryption to work against even a well informed university student with access to basic equipment. A thief turning off your device helps keep with the data safe. Many Android devices also lack truly working disk encryption for users without a strong passphrase but that's a separate problem.

ANYONE with a laptop can now access spy-grade surveillance tools for FREE. It's called OSIRIS, an open-source clone of Palantir $PLTR, the $324 BILLION intelligence company. It lets anyone WATCH every commercial flight, spy satellite, and CCTV cameras. It tracks military jets, detects GPS jamming, and maps active war zones. All updating LIVE, in ONE browser tab, free FOREVER. Governments paid Palantir MILLIONS per year for tools like this. The CIA's playbook is now public domain.

Researchers proved that your Android phone is sending data to Google every 4.5 minutes. Even when you opt out of EVERYTHING. Researchers at Trinity College Dublin did an exhaustive deep-dive into exactly how much data iOS and Android devices stealthily transmit back to Apple and Google. Both tech giants are running non-stop telemetry pipelines from your device. Even when you are not logged into an account. Even when you explicitly opt out of data collection. Even when the phone is completely untouched. The sheer volume of data being harvested is staggering. Android sends data back to Google every 4.5 minutes. iOS follows right behind, pinging Apple every 4.5 minutes. Within the first 10 minutes of powering on a fresh device, Android sends roughly 1MB of data to Google. iOS sends about 42KB to Apple. When the phones are just sitting there doing nothing, Google harvests around 1MB of data every 12 hours. Apple collects roughly 52KB. Google is collecting 20x more telemetry data than Apple. But what they are collecting is the real problem. The researchers discovered that your phone isn’t just sending generic system diagnostics. It is sending a highly detailed digital fingerprint: - Hardware serial numbers - Device IMEI numbers - Wi-Fi MAC addresses - Your phone number - SIM card details And it gets darker. iOS uploads the WiFi MAC addresses of every device near you. Your roommate's laptop, the café router, your neighbor's home gateway—all tagged with your exact GPS coordinates. If just one person in your building enables location services once, Apple now knows where every single device on that network lives. Forever. The researchers tried to opt out of everything. They turned off location services, restricted background data, and avoided signing into any accounts. It didn't matter. The data transmission never stopped. The escape hatch has been welded shut. Right now, millions of professionals use these devices to handle sensitive business data, proprietary code, and private operations under the assumption that "idle" means "safe." But the data shows there is no such thing as an offline smartphone anymore. --- Paper: Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google (2021)

🚨 BREAKING: France’s Digital ID System Hacked—Sensitive Data of 19 Million Citizens Now Sold on the Dark Web France’s centralized digital identity platform, operated by France Titres (formerly ANTS), suffered a major breach on April 15, 2026. Hackers stole records affecting roughly one-third of the French population and started auctioning them on dark web forums. The exposed database contains: • Full names • Email addresses and phone numbers • Dates and places of birth • Postal addresses • Unique government account IDs This information gives criminals powerful tools for identity theft, phishing campaigns, synthetic identities, and large-scale financial fraud. The system manages passports, national ID cards, driver’s licenses, residency permits, and vehicle registrations. Officials confirmed no biometric photos or uploaded documents were taken, but the core personal data is now circulating. Hackers operating under aliases like “breach3d” and “ExtaseHunters” posted the massive dump soon after the intrusion. French authorities acknowledged the security incident and are notifying affected individuals, though the sheer scale makes rapid alerts challenging. France has seen multiple major government data breaches recently, including student records via ÉduConnect, bank account details, and medical information. Centralized systems handling vast amounts of linked personal data create high-value targets that attract persistent attackers. Action steps if you’re in France or have connections there: • Closely monitor all financial and government accounts • Strengthen 2FA on every service • Stay alert for phishing attempts impersonating official agencies • Consider credit monitoring or freezes where available French authorities detained a 15-year-old suspect on April 25 in connection with the breach. The teenager is believed to have operated under the alias “breach3d” and offered between 12 and 18 million records for sale on hacking forums. Prosecutors in Paris have opened a formal investigation into the minor on computer crime charges. The full story is still unfolding as more details emerge about how the breach occurred and the exact scope of the exposure. This incident highlights the profound dangers of centralized digital ID systems. When governments consolidate citizens’ most sensitive personal information into single, internet-connected databases, they create massive single points of failure. One successful hack can expose millions instantly, turning everyday personal details into weapons for widespread fraud and surveillance. As nations push for broader digital ID adoption, this breach serves as a stark reminder that convenience and control come at the steep price of heightened vulnerability for entire populations.