Orange Owl priv/acc

Depuis le début de la semaine… 🔵 Bluesky a commencé à mettre en place des demandes de vérification d’âge 🤖 Google Chrome a commencé à télécharger automatiquement des modèles d’IA sur les ordinateurs des utilisateurs, sans consentement explicite 🇪🇺 L’Union européenne a ouvertement évoqué la possibilité de restreindre ou d’interdire les VPN 🇺🇸 La loi anti-VPN de l’Utah est officiellement entrée en vigueur Quatre actualités différentes, mais une même tendance qui se dessine : un Internet de plus en plus contrôlé, identifié et surveillé.

🚨🇪🇺 The European Commission is about to steal your search history in one of the largest forced data grabs in the history of the open internet, and almost nobody is talking about it. The scope is staggering: 🔴 Every query you type 🔴 Every voice and photo search 🔴 Every autocomplete you accept 🔴 Your language, your device 🔴 Your country pinned to a ~3km² grid 🔴 Every result you saw, every link you hovered 🔴 Every click and scroll 🔴 The full chronological order of your search sessions Meaning the European Union now knows your: 🔴 Health symptoms 🔴 Pregnancy 🔴 Sexual orientation 🔴 Political views 🔴 Religious beliefs 🔴 Financial distress 🔴 Legal trouble 🔴 Addictions 🔴 Affairs Under the proposed measures for DMA Article 6(11), Google would be ordered to ship the daily search behaviour of hundreds of millions of Europeans to multiple third parties through a daily API feed. Any approved "online search engine," AI chatbots included, would get five years of access. The things people only ever type when they think no one is watching. All of it now scheduled to flow daily into an open-ended list of third parties scattered across the European Union. Brussels promises "anonymisation." The reality is a thin technical veneer that has been broken in academic literature again and again for over a decade. Search behaviour is a fingerprint. Stripping a name does not change that. Mass data leaks become inevitable. Every new beneficiary is a new attack surface, and every annual audit is a year of silent exposure between checks. The 2025 Discord vendor breach already showed how fast 70,000 government IDs can leak through a single weak link. Now imagine that link holding Europe's search history. Surveillance without consent becomes the default. Hundreds of millions of EU citizens never agreed to have their queries packaged and shipped to companies they have never heard of. The legal fiction of "anonymisation" cannot manufacture consent that was never given. Behavioural search data is a goldmine for phishing, blackmail, social engineering, and corporate espionage. Foreign intelligence services get a back door without effort. They do not need to breach Google. They only need to compromise the weakest name on the beneficiary list. One insolvent startup. One compromised contractor. One approved entity quietly acquired by a hostile state. In the name of "competition," the EU is about to manufacture a permanent, distributed, daily-refreshed copy of Europe's collective search history. A surveillance dataset Brussels itself would never approve if any other government tried to build it. The public consultation closes Friday, May 1, 2026 at 23:59 CEST. The final binding decision lands July 27, 2026. After that, the door does not close again. Tag your MEPs! File a response! Make noise!

>be Dutch Justice Ministry >2014, quietly sign a contract with Palantir >hand it to the military border police >plug it into the Advance Passenger Information system >silently screen millions of Schengen flyers >names, DOBs, nationalities, passport numbers, all of it >years pass, no one knows >Parliament asks the minister: "you using Palantir?" >minister: "No" >journalists FOIA the ministry anyway >documents drop >leaked invoice surfaces: six figures. for THREE months. >internal emails show the minister KNEW about the contract while drafting the denial >journalists, now holding the proof, ask the border police: "you using Palantir?" >spokesperson, straight face: "never" >journalist slides the documents across the table >"ok actually we ran it from 2009 to 2015" >constitutional law prof: "political mortal sin" >Article 68 violated, the duty to inform Parliament >ministry still won't say when the contract really ended >or if it ended >or what happened to the data on millions of passengers

It should NOT be this hard to buy a privacy-respecting printer. Seriously. A printer should be one of the simplest devices in the house. You send it a document. It puts ink or toner on paper. That should be the whole relationship. Instead, the mainstream printer market has become a swamp of cloud accounts, mobile apps, subscriptions, cartridge DRM, remote diagnostics, vendor lock-in, and “smart” features nobody asked for. HP is the canonical example of how bad this got. HP+ ties the printer to an HP account, an internet connection, and original HP ink for the life of the device. Dynamic Security can reject cartridges based on vendor-controlled firmware rules. Instant Ink turns printing into a subscription relationship. Why does it need to talk to the vendor just to do the one job it was built for? And from a security perspective, this is a nightmare. A Wi-Fi printer is a computer on your LAN. It has firmware, network services, a web admin panel, default settings, cloud features, and sometimes stored documents or saved credentials. A compromised printer can expose services. It can: - advertise itself to the LAN - store print jobs and scans - keep address books and scan destinations - hold credentials for scan-to-email, scan-to-SMB, scan-to-FTP, LDAP, or remote management And it usually sits on the same network as your laptop, phone, NAS, smart home devices, and sometimes work machine. Used printers are worse. Assume the previous owner left behind Wi-Fi settings, scan destinations, address books, stored credentials, and cached documents. One reason to prefer black-and-white: many color laser printers can embed machine identification codes into printed pages. Yellow dots are the famous version. The broader issue is forensic marking. Good intel on this is weirdly hard to come by.