Marcelo Castro

🚨🇪🇺 The European Commission is about to steal your search history in one of the largest forced data grabs in the history of the open internet, and almost nobody is talking about it. The scope is staggering: 🔴 Every query you type 🔴 Every voice and photo search 🔴 Every autocomplete you accept 🔴 Your language, your device 🔴 Your country pinned to a ~3km² grid 🔴 Every result you saw, every link you hovered 🔴 Every click and scroll 🔴 The full chronological order of your search sessions Meaning the European Union now knows your: 🔴 Health symptoms 🔴 Pregnancy 🔴 Sexual orientation 🔴 Political views 🔴 Religious beliefs 🔴 Financial distress 🔴 Legal trouble 🔴 Addictions 🔴 Affairs Under the proposed measures for DMA Article 6(11), Google would be ordered to ship the daily search behaviour of hundreds of millions of Europeans to multiple third parties through a daily API feed. Any approved "online search engine," AI chatbots included, would get five years of access. The things people only ever type when they think no one is watching. All of it now scheduled to flow daily into an open-ended list of third parties scattered across the European Union. Brussels promises "anonymisation." The reality is a thin technical veneer that has been broken in academic literature again and again for over a decade. Search behaviour is a fingerprint. Stripping a name does not change that. Mass data leaks become inevitable. Every new beneficiary is a new attack surface, and every annual audit is a year of silent exposure between checks. The 2025 Discord vendor breach already showed how fast 70,000 government IDs can leak through a single weak link. Now imagine that link holding Europe's search history. Surveillance without consent becomes the default. Hundreds of millions of EU citizens never agreed to have their queries packaged and shipped to companies they have never heard of. The legal fiction of "anonymisation" cannot manufacture consent that was never given. Behavioural search data is a goldmine for phishing, blackmail, social engineering, and corporate espionage. Foreign intelligence services get a back door without effort. They do not need to breach Google. They only need to compromise the weakest name on the beneficiary list. One insolvent startup. One compromised contractor. One approved entity quietly acquired by a hostile state. In the name of "competition," the EU is about to manufacture a permanent, distributed, daily-refreshed copy of Europe's collective search history. A surveillance dataset Brussels itself would never approve if any other government tried to build it. The public consultation closes Friday, May 1, 2026 at 23:59 CEST. The final binding decision lands July 27, 2026. After that, the door does not close again. Tag your MEPs! File a response! Make noise!

Hoje vim até Fortaleza para atualizar os indicadores do meu estudo sobre os bloqueios sigilosos de endereços na Internet brasileira e na sequência farei parte de um painel que a Anatel mandou um representante e a Universidade de Twente da Holanda mandou uma pesquisadora especializada nos bloqueios em curso na Itália, sobretudo contra a Cloudflare. Na última edição desse congresso em São Paulo mostrei que mais de 250 milhões de endereço são bloqueados em sigilo por autoridades brasileiras. Querer não é poder, mas com essa pesquisa e pressão popular, espero que a Anatel deixe de fazer esses bloqueios em sigilo e libere a lista completa de bloqueios para a ampla fiscalização da sociedade e do cidadão. Como tenho denunciado desde 2023, o aparelho tecnológico de bloqueios de conteúdos, IPs e domínios em massa está em produção na internet brasileira, é operado pela Anatel e a agência o faz em pleno sigilo. Esse sigilo precisa cair e que seja hoje. Conto com o apoio de vocês. Vocês poderão assistir tanto a minha palestra como o painel e mandar perguntas para mim ou para Anatel nesse link: https://t.co/5yg15HtsPh