Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Privacy. Show all posts
secure VPN
customer privacy Cyber Security and Privacy Data Privacy encrypted European Union Messaging Apps Privacy secure VPN

ProtectEU and VPN Privacy: What the EU Encryption Plan Means for Online Security

 

Texting through SMS is pretty much a thing of the past. Most people today rely on apps like WhatsApp and Signal to share messages, make encrypted calls, or send photos—all under the assumption that our conversations are private. But that privacy could soon be at risk in the EU.

On April 1, 2025, the European Commission introduced a new plan called ProtectEU. Its goal is to create a roadmap for “lawful and effective access to data for law enforcement,” particularly targeting encrypted platforms. While messaging apps are the immediate focus, VPN services might be next. VPNs rely on end-to-end encryption and strict no-log policies to keep users anonymous. However, if ProtectEU leads to mandatory encryption backdoors or expanded data retention rules, that could force VPN providers to change how they operate—or leave the EU altogether. 

Proton VPN’s Head of Public Policy, Jurgita Miseviciute, warns that weakening encryption won’t solve security issues. Instead, she believes it would put users at greater risk, allowing bad actors to exploit the same access points created for law enforcement. Proton is monitoring the plan closely, hoping the EU will consider solutions that protect encryption. Surfshark takes a more optimistic view. Legal Head Gytis Malinauskas says the strategy still lacks concrete policy direction and sees the emphasis on cybersecurity as a potential boost for privacy tools like VPNs. Mullvad VPN isn’t convinced. 

Having fought against earlier EU proposals to scan private chats, Mullvad criticized ProtectEU as a rebranded version of old policies, expressing doubt it will gain wide support. One key concern is data retention. If the EU decides to require VPNs to log user activity, it could fundamentally conflict with their privacy-first design. Denis Vyazovoy of AdGuard VPN notes that such laws could make no-log VPNs unfeasible, prompting providers to exit the EU market—much like what happened in India in 2022. NordVPN adds that the more data retained, the more risk users face from breaches or misuse. 

Even though VPNs aren’t explicitly targeted yet, an EU report has listed them as a challenge to investigations—raising concerns about future regulations. Still, Surfshark sees the current debate as a chance to highlight the legitimate role VPNs play in protecting everyday users. While the future remains uncertain, one thing is clear: the tension between privacy and security is only heating up.
Read more »
Signal app
Bleep Private Messaging App Cyber Security Data Privacy encrypted messaging apps End-to-End Encrypted Messaging Services Message encryption Signal app

Best Encrypted Messaging Apps: Signal vs Telegram vs WhatsApp Privacy Guide

 

Encrypted messaging apps have become essential tools in the age of cyber threats and surveillance. With rising concerns over data privacy, especially after recent high-profile incidents, users are turning to platforms that offer more secure communication. Among the top contenders are Signal, Telegram, and WhatsApp—each with its own approach to privacy, encryption, and data handling. 

Signal is widely regarded as the gold standard when it comes to messaging privacy. Backed by a nonprofit foundation and funded through grants and donations, Signal doesn’t rely on user data for profit. It collects minimal information—just your phone number—and offers strong on-device privacy controls, like disappearing messages and call relays to mask IP addresses. Being open-source, Signal allows independent audits of its code, ensuring transparency. Even when subpoenaed, the app could only provide limited data like account creation date and last connection, making it a favorite among journalists, whistleblowers, and privacy advocates.  

Telegram offers a broader range of features but falls short on privacy. While it supports end-to-end encryption, this is limited only to its “secret chats,” and not enabled by default in regular messages or public channels. Telegram also stores metadata, such as IP addresses and contact info, and recently updated its privacy policy to allow data sharing with authorities under legal requests. Despite this, it remains popular for public content sharing and large group chats, thanks to its forum-like structure and optional paid features. 

WhatsApp, with over 2 billion users, is the most widely used encrypted messaging app. It employs the same encryption protocol as Signal, ensuring end-to-end protection for chats and calls. However, as a Meta-owned platform, it collects significant user data—including device information, usage logs, and location data. Even people not using WhatsApp can have their data collected via synced contacts. While messages remain encrypted, the amount of metadata stored makes it less privacy-friendly compared to Signal. 

All three apps offer some level of encrypted messaging, but Signal stands out for its minimal data collection, open-source transparency, and commitment to privacy. Telegram provides a flexible chat experience with weaker privacy controls, while WhatsApp delivers strong encryption within a data-heavy ecosystem. Choosing the best encrypted messaging app depends on what you prioritize more: security, features, or convenience.
Read more »
VPN
Apple Data Privacy Data Regulation Google Internet Privacy VPN

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports that 5 VPNs still available to U.S users, such as VPN Proxy master and Turbo VPN, are linked to Qihoo. It was sanctioned in 2020 on the charges of alleged military ties. 

Ilusion of Privacy: VPNs collecting data 

In 2025 alone, three VPN apps have had over a million downloads on Google Play and  Apple’s App Store, suggesting these aren’t small-time apps, Sensor Tower reports. They are advertised as “private browsing” tools, but the VPNs provide the companies with complete user data of their online activity. This is alarming because China’s national security laws mandate that companies give user data if the government demands it. 

Concerns around ownership structures

The intricate web of ownership structures raises important questions; the apps are run by Singapore-based Innovative Connecting, owned by Lemon Seed, a Cayman Islands firm. Qihoo acquired Lemon Seed for $69.9 million in 2020. The company claimed to sell the business months late, but FT reports the China-based team making the applications were still under Qihoo’s umbrella for years. According to FT, a developer said, “You could say that we’re part of them, and you could say we’re not. It’s complicated.”

Amid outrage, Google and Apple respond 

Google said it strives to follow sanctions and remove violators when found. Apple has removed two apps- Snap VPN and Thunder VPN- after FT contacted the business, claiming it follows strict rules on VPN data-sharing.

Privacy scare can damage stock valuations

What Google and Apple face is more than public outage. Investors prioritise data privacy, and regulatory threat has increased, mainly with growing concerns around U.S tech firms’ links to China. If the U.S government gets involved, it can result in stricter rules, fines, and even more app removals. If this happens, shareholders won’t be happy. 

According to FT, “Innovative Connecting said the content of the article was not accurate and declined to comment further. Guangzhou Lianchuang declined to comment. Qihoo and Chen Ningyi did not respond to requests for comment.”

Read more »
encryption technology
AI Privacy AI Systems AI technology AI Tool Cryptography Cyber Security Data Privacy Deep Learning encryption technology

Orion Brings Fully Homomorphic Encryption to Deep Learning for AI Privacy

 

As data privacy becomes an increasing concern, a new artificial intelligence (AI) encryption breakthrough could transform how sensitive information is handled. Researchers Austin Ebel, Karthik Garimella, and Assistant Professor Brandon Reagen have developed Orion, a framework that integrates fully homomorphic encryption (FHE) into deep learning. 

This advancement allows AI systems to analyze encrypted data without decrypting it, ensuring privacy throughout the process. FHE has long been considered a major breakthrough in cryptography because it enables computations on encrypted information while keeping it secure. However, applying this method to deep learning has been challenging due to the heavy computational requirements and technical constraints. Orion addresses these challenges by automating the conversion of deep learning models into FHE-compatible formats. 

The researchers’ study, recently published on arXiv and set to be presented at the 2025 ACM International Conference on Architectural Support for Programming Languages and Operating Systems, highlights Orion’s ability to make privacy-focused AI more practical. One of the biggest concerns in AI today is that machine learning models require direct access to user data, raising serious privacy risks. Orion eliminates this issue by allowing AI to function without exposing sensitive information. The framework is built to work with PyTorch, a widely used machine learning library, making it easier for developers to integrate FHE into existing models. 

Orion also introduces optimization techniques that reduce computational burdens, making privacy-preserving AI more efficient and scalable. Orion has demonstrated notable performance improvements, achieving speeds 2.38 times faster than previous FHE deep learning methods. The researchers successfully implemented high-resolution object detection using the YOLO-v1 model, which contains 139 million parameters—a scale previously considered impractical for FHE. This progress suggests Orion could enable encrypted AI applications in sectors like healthcare, finance, and cybersecurity, where protecting user data is essential. 

A key advantage of Orion is its accessibility. Traditional FHE implementations require specialized knowledge, making them difficult to adopt. Orion simplifies the process, allowing more developers to use the technology without extensive training. By open-sourcing the framework, the research team hopes to encourage further innovation and adoption. As AI continues to expand into everyday life, advancements like Orion could help ensure that technological progress does not come at the cost of privacy and security.
Read more »
Threat Intelligence
AI AI Tool Data Privacy Technology Threat Intelligence

AI and Privacy – Issues and Challenges

 

Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the line between safety and overreach as AI-driven systems become more and more integrated into daily life.

The same artificial intelligence (AI) tools that aid in spotting online threats, optimising security procedures, and stopping fraud can also be used for intrusive data collecting, behavioural tracking, and mass spying. The use of AI-powered surveillance in corporate data mining, law enforcement profiling, and government tracking has drawn criticism in recent years. AI runs the potential of undermining rather than defending basic rights in the absence of clear regulations and transparency. 

AI and data ethics

Despite encouraging developments, there are numerous instances of AI-driven inventions going awry, which raise serious questions. A face recognition business called Clearview AI amassed one of the largest facial recognition databases in the world by illegally scraping billions of photos from social media. Clearview's technology was employed by governments and law enforcement organisations across the globe, leading to legal action and regulatory action about mass surveillance. 

The UK Department for Work and Pensions used an AI system to detect welfare fraud. An internal investigation suggested that the system disproportionately targeted people based on their age, handicap, marital status, and country. This prejudice resulted in certain groups being unfairly picked for fraud investigations, raising questions about discrimination and the ethical use of artificial intelligence in public services. Despite earlier guarantees of impartiality, the findings have fuelled calls for increased openness and supervision in government AI use. 

Regulations and consumer protection

The ethical use of AI is being regulated by governments worldwide, with a number of significant regulations having an immediate impact on consumers. The AI Act of the European Union, which is scheduled to go into force in 2025, divides AI applications into risk categories. 

Strict regulations will be applied to high-risk technology, like biometric surveillance and facial recognition, to guarantee transparency and moral deployment. The EU's commitment to responsible AI governance is further reinforced by the possibility of severe sanctions for non compliant companies. 

Individuals in the United States have more control over their personal data according to California's Consumer Privacy Act. Consumers have the right to know what information firms gather about them, to seek its erasure, and to opt out of data sales. This rule adds an important layer of privacy protection in an era where AI-powered data processing is becoming more common. 

The White House has recently introduced the AI Bill of Rights, a framework aimed at encouraging responsible AI practices. While not legally enforceable, it emphasises the need of privacy, transparency, and algorithmic fairness, pointing to a larger push for ethical AI development in policy making.
Read more »
Government surveillance
Cyber Security Data Privacy Digital Security Encryption End-to-End Encryption Government surveillance

Encryption Under Siege: A New Wave of Attacks Intensifies

 

Over the past decade, encrypted communication has become a standard for billions worldwide. Platforms like Signal, iMessage, and WhatsApp use default end-to-end encryption, ensuring user privacy. Despite widespread adoption, governments continue pushing for greater access, threatening encryption’s integrity.

Recently, authorities in the UK, France, and Sweden have introduced policies that could weaken encryption, adding to EU and Indian regulatory measures that challenge privacy. Meanwhile, US intelligence agencies, previously critical of encryption, now advocate for its use after major cybersecurity breaches. The shift follows an incident where the China-backed hacking group Salt Typhoon infiltrated US telecom networks. Simultaneously, the second Trump administration is expanding surveillance of undocumented migrants and reassessing intelligence-sharing agreements.

“The trend is bleak,” says Carmela Troncoso, privacy and cryptography researcher at the Max-Planck Institute for Security and Privacy. “New policies are emerging that undermine encryption.”

Law enforcement argues encryption obstructs criminal investigations, leading governments to demand backdoor access to encrypted platforms. Experts warn such access could be exploited by malicious actors, jeopardizing security. Apple, for example, recently withdrew its encrypted iCloud backup system from the UK after receiving a secret government order. The company’s compliance would require creating a backdoor, a move expected to be challenged in court on March 14. Similarly, Sweden is considering laws requiring messaging services like Signal and WhatsApp to retain message copies for law enforcement access, prompting Signal to threaten market exit.

“Some democracies are reverting to crude approaches to circumvent encryption,” says Callum Voge, director of governmental affairs at the Internet Society.

A growing concern is client-side scanning, a technology that scans messages on users’ devices before encryption. While presented as a compromise, experts argue it introduces vulnerabilities. The EU has debated its implementation for years, with some member states advocating stronger encryption while others push for increased surveillance. Apple abandoned a similar initiative after warning that scanning for one type of content could pave the way for mass surveillance.

“Europe is divided, with some countries strongly in favor of scanning and others strongly against it,” says Voge.

Another pressing threat is the potential banning of encrypted services. Russia blocked Signal in 2024, while India’s legal battle with WhatsApp could force the platform to abandon encryption or exit the market. The country has already prohibited multiple VPN services, further limiting digital privacy options.

Despite mounting threats, pro-encryption responses have emerged. The US Cybersecurity and Infrastructure Security Agency and the FBI have urged encrypted communication use following recent cybersecurity breaches. Sweden’s armed forces also endorse Signal for unclassified communications, recognizing its security benefits.

With the UK’s March 14 legal proceedings over Apple’s backdoor request approaching, US senators and privacy organizations are demanding greater transparency. UK civil rights groups are challenging the confidential nature of such surveillance orders.

“The UK government may have come for Apple today, but tomorrow it could be Google, Microsoft, or even your VPN provider,” warns Privacy International.

Encryption remains fundamental to human rights, safeguarding free speech, secure communication, and data privacy. “Encryption is crucial because it enables a full spectrum of human rights,” says Namrata Maheshwari of Access Now. “It supports privacy, freedom of expression, organization, and association.”

As governments push for greater surveillance, the fight for encryption and privacy continues, shaping the future of digital security worldwide.


Read more »
Privacy
Data Brokers Data collection Data Mining Data Privacy Data Removal data security Online Privacy Privacy

How Data Removal Services Protect Your Online Privacy from Brokers

 

Data removal services play a crucial role in safeguarding online privacy by helping individuals remove their personal information from data brokers and people-finding websites. Every time users browse the internet, enter personal details on websites, or use search engines, they leave behind a digital footprint. This data is often collected by aggregators and sold to third parties, including marketing firms, advertisers, and even organizations with malicious intent. With data collection becoming a billion-dollar industry, the need for effective data removal services has never been more urgent. 

Many people are unaware of how much information is available about them online. A simple Google search may reveal social media profiles, public records, and forum posts, but this is just the surface. Data brokers go even further, gathering information from browsing history, purchase records, loyalty programs, and public documents such as birth and marriage certificates. This data is then packaged and sold to interested buyers, creating a detailed digital profile of individuals without their explicit consent. 

Data removal services work by identifying where a person’s data is stored, sending removal requests to brokers, and ensuring that information is deleted from their records. These services automate the process, saving users the time and effort required to manually request data removal from hundreds of sources. Some of the most well-known data removal services include Incogni, Aura, Kanary, and DeleteMe. While each service may have a slightly different approach, they generally follow a similar process. Users provide their personal details, such as name, email, and address, to the data removal service. 

The service then scans databases of data brokers and people-finder sites to locate where personal information is being stored. Automated removal requests are sent to these brokers, requesting the deletion of personal data. While some brokers comply with these requests quickly, others may take longer or resist removal efforts. A reliable data removal service provides transparency about the process and expected timelines, ensuring users understand how their information is being handled. Data brokers profit immensely from selling personal data, with the industry estimated to be worth over $400 billion. 

Major players like Experian, Equifax, and Acxiom collect a wide range of information, including addresses, birth dates, family status, hobbies, occupations, and even social security numbers. People-finding services, such as BeenVerified and Truthfinder, operate similarly by aggregating publicly available data and making it easily accessible for a fee. Unfortunately, this information can also fall into the hands of bad actors who use it for identity theft, fraud, or online stalking. 

For individuals concerned about privacy, data removal services offer a proactive way to reclaim control over personal information. Journalists, victims of stalking or abuse, and professionals in sensitive industries particularly benefit from these services. However, in an age where data collection is a persistent and lucrative business, staying vigilant and using trusted privacy tools is essential for maintaining online anonymity.
Read more »
Privacy
AI Gaming AI Model AI Systems AI technology Data Privacy data security Data Technology Microsoft Privacy

Microsoft MUSE AI: Revolutionizing Game Development with WHAM and Ethical Challenges

 

Microsoft has developed MUSE, a cutting-edge AI model that is set to redefine how video games are created and experienced. This advanced system leverages artificial intelligence to generate realistic gameplay elements, making it easier for developers to design and refine virtual environments. By learning from vast amounts of gameplay data, MUSE can predict player actions, create immersive worlds, and enhance game mechanics in ways that were previously impossible. While this breakthrough technology offers significant advantages for game development, it also raises critical discussions around data security and ethical AI usage. 

One of MUSE’s most notable features is its ability to automate and accelerate game design. Developers can use the AI model to quickly prototype levels, test different gameplay mechanics, and generate realistic player interactions. This reduces the time and effort required for manual design while allowing for greater experimentation and creativity. By streamlining the development process, MUSE provides game studios—both large and small—the opportunity to push the boundaries of innovation. 

The AI system is built on an advanced framework that enables it to interpret and respond to player behaviors. By analyzing game environments and user inputs, MUSE can dynamically adjust in-game elements to create more engaging experiences. This could lead to more adaptive and personalized gaming, where the AI tailors challenges and story progression based on individual player styles. Such advancements have the potential to revolutionize game storytelling and interactivity. 

Despite its promising capabilities, the introduction of AI-generated gameplay also brings important concerns. The use of player data to train these models raises questions about privacy and transparency. Developers must establish clear guidelines on how data is collected and ensure that players have control over their information. Additionally, the increasing role of AI in game creation sparks discussions about the balance between human creativity and machine-generated content. 

While AI can enhance development, it is essential to preserve the artistic vision and originality that define gaming as a creative medium. Beyond gaming, the technology behind MUSE could extend into other industries, including education and simulation-based training. AI-generated environments can be used for virtual learning, professional skill development, and interactive storytelling in ways that go beyond traditional gaming applications. 

As AI continues to evolve, its role in shaping digital experiences will expand, making it crucial to address ethical considerations and responsible implementation. The future of AI-driven game development is still unfolding, but MUSE represents a major step forward. 

By offering new possibilities for creativity and efficiency, it has the potential to change how games are built and played. However, the industry must carefully navigate the challenges that come with AI’s growing influence, ensuring that technological progress aligns with ethical and artistic integrity.
Read more »
GDPR
AI governance AI Security AI technology CCPA Compliance Cyber Security Data Privacy data security GDPR

The Need for Unified Data Security, Compliance, and AI Governance

 

Businesses are increasingly dependent on data, yet many continue to rely on outdated security infrastructures and fragmented management approaches. These inefficiencies leave organizations vulnerable to cyber threats, compliance violations, and operational disruptions. Protecting data is no longer just about preventing breaches; it requires a fundamental shift in how security, compliance, and AI governance are integrated into enterprise strategies. A proactive and unified approach is now essential to mitigate evolving risks effectively. 

The rapid advancement of artificial intelligence has introduced new security challenges. AI-powered tools are transforming industries, but they also create vulnerabilities if not properly managed. Many organizations implement AI-driven applications without fully understanding their security implications. AI models require vast amounts of data, including sensitive information, making governance a critical priority. Without robust oversight, these models can inadvertently expose private data, operate without transparency, and pose compliance challenges as new regulations emerge. 

Businesses must ensure that AI security measures evolve in tandem with technological advancements to minimize risks. Regulatory requirements are also becoming increasingly complex. Governments worldwide are enforcing stricter data privacy laws, such as GDPR and CCPA, while also introducing new regulations specific to AI governance. Non-compliance can result in heavy financial penalties, reputational damage, and operational setbacks. Businesses can no longer treat compliance as an afterthought; instead, it must be an integral part of their data security strategy. Organizations must shift from reactive compliance measures to proactive frameworks that align with evolving regulatory expectations. 

Another significant challenge is the growing issue of data sprawl. As businesses store and manage data across multiple cloud environments, SaaS applications, and third-party platforms, maintaining control becomes increasingly difficult. Security teams often lack visibility into where sensitive information resides, making it harder to enforce access controls and protect against cyber threats. Traditional security models that rely on layering additional tools onto existing infrastructures are no longer effective. A centralized, AI-driven approach to security and governance is necessary to address these risks holistically. 

Forward-thinking businesses recognize that managing security, compliance, and AI governance in isolation is inefficient. A unified approach consolidates risk management efforts into a cohesive, scalable framework. By breaking down operational silos, organizations can streamline workflows, improve efficiency through AI-driven automation, and proactively mitigate security threats. Integrating compliance and security within a single system ensures better regulatory adherence while reducing the complexity of data management. 

To stay ahead of emerging threats, organizations must modernize their approach to data security and governance. Investing in AI-driven security solutions enables businesses to automate data classification, detect vulnerabilities, and safeguard sensitive information at scale. Shifting from reactive compliance measures to proactive strategies ensures that regulatory requirements are met without last-minute adjustments. Moving away from fragmented security solutions and adopting a modular, scalable platform allows businesses to reduce risk and maintain resilience in an ever-evolving digital landscape. Those that embrace a forward-thinking, unified strategy will be best positioned for long-term success.
Read more »
South Korea
AI Apps AI technology Data Privacy data security DeepSeek Privacy privacy laws South Korea

South Korea Blocks DeepSeek AI App Downloads Amid Data Security Investigation

 

South Korea has taken a firm stance on data privacy by temporarily blocking downloads of the Chinese AI app DeepSeek. The decision, announced by the Personal Information Protection Commission (PIPC), follows concerns about how the company collects and handles user data. 

While the app remains accessible to existing users, authorities have strongly advised against entering personal information until a thorough review is complete. DeepSeek, developed by the Chinese AI Lab of the same name, launched in South Korea earlier this year. Shortly after, regulators began questioning its data collection practices. 

Upon investigation, the PIPC discovered that DeepSeek had transferred South Korean user data to ByteDance, the parent company of TikTok. This revelation raised red flags, given the ongoing global scrutiny of Chinese tech firms over potential security risks. South Korea’s response reflects its increasing emphasis on digital sovereignty. The PIPC has stated that DeepSeek will only be reinstated on app stores once it aligns with national privacy regulations. 

The AI company has since appointed a local representative and acknowledged that it was unfamiliar with South Korea’s legal framework when it launched the service. It has now committed to working with authorities to address compliance issues. DeepSeek’s privacy concerns extend beyond South Korea. Earlier this month, key government agencies—including the Ministry of Trade, Industry, and Energy, as well as Korea Hydro & Nuclear Power—temporarily blocked the app on official devices, citing security risks. 

Australia has already prohibited the use of DeepSeek on government devices, while Italy’s data protection agency has ordered the company to disable its chatbot within its borders. Taiwan has gone a step further by banning all government departments from using DeepSeek AI, further illustrating the growing hesitancy toward Chinese AI firms. 

DeepSeek, founded in 2023 by Liang Feng in Hangzhou, China, has positioned itself as a competitor to OpenAI’s ChatGPT, offering a free, open-source AI model. However, its rapid expansion has drawn scrutiny over potential data security vulnerabilities, especially in regions wary of foreign digital influence. South Korea’s decision underscores the broader challenge of regulating artificial intelligence in an era of increasing geopolitical and technological tensions. 

As AI-powered applications become more integrated into daily life, governments are taking a closer look at the entities behind them, particularly when sensitive user data is involved. For now, DeepSeek’s future in South Korea hinges on whether it can address regulators’ concerns and demonstrate full compliance with the country’s strict data privacy standards. Until then, authorities remain cautious about allowing the app’s unrestricted use.
Read more »
DeepSeek
AI Models AI technology AI Threat China Cyber Security Data Mining Data Privacy data security DeepSeek

DeepSeek AI Raises Data Security Concerns Amid Ties to China

 

The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google. 

However, its rapid rise in popularity has also sparked serious concerns about data security, with critics drawing comparisons to TikTok and its ties to China. Government officials and cybersecurity experts warn that the open-source AI assistant could pose a significant risk to American users. 

On Thursday, two U.S. lawmakers announced plans to introduce legislation banning DeepSeek from all government devices, citing fears that the Chinese Communist Party (CCP) could access sensitive data collected by the app. This move follows similar actions in Australia and several U.S. states, with New York recently enacting a statewide ban on government systems. 

The growing concern stems from China’s data laws, which require companies to share user information with the government upon request. Like TikTok, DeepSeek’s data could be mined for intelligence purposes or even used to push disinformation campaigns. Although the AI app is the current focus of security conversations, experts say that the risks extend beyond any single model, and users should exercise caution with all AI systems. 

Unlike social media platforms that users can consciously avoid, AI models like DeepSeek are more difficult to track. Dimitri Sirota, CEO of BigID, a cybersecurity company specializing in AI security compliance, points out that many companies already use multiple AI models, often switching between them without users’ knowledge. This fluidity makes it challenging to control where sensitive data might end up. 

Kelcey Morgan, senior manager of product management at Rapid7, emphasizes that businesses and individuals should take a broad approach to AI security. Instead of focusing solely on DeepSeek, companies should develop comprehensive practices to protect their data, regardless of the latest AI trend. The potential for China to use DeepSeek’s data for intelligence is not far-fetched, according to cybersecurity experts. 

With significant computing power and data processing capabilities, the CCP could combine information from multiple sources to create detailed profiles of American users. Though this might not seem urgent now, experts warn that today’s young, casual users could grow into influential figures worth targeting in the future. 

To stay safe, experts advise treating AI interactions with the same caution as any online activity. Users should avoid sharing sensitive information, be skeptical of unusual questions, and thoroughly review an app’s terms and conditions. Ultimately, staying informed and vigilant about where and how data is shared will be critical as AI technologies continue to evolve and become more integrated into everyday life.
Read more »
Vulnerabilities and Exploits
Data Privacy Locked Device Security Patch Tech Giant Vulnerabilities and Exploits

Apple Patches Zero-Day Flaw allowing Third-Party Access to Locked Devices

 

Tech giant Apple fixed a vulnerability that "may have been leveraged in a highly sophisticated campaign against specific targeted individuals" in its iOS and iPadOS mobile operating system updates earlier this week.

According to the company's release notes for iOS 18.3.1 and iPadOS 18.3.1, the vulnerability made it possible to disable USB Restricted Mode "on a locked device." A security feature known as USB Restricted Mode was first introduced in 2018 and prevents an iPhone or iPad from sending data via a USB connection if the device hasn't been unlocked for seven days. 

In order to make it more challenging for law enforcement or criminals employing forensic tools to access data on those devices, Apple announced a new security feature last year which triggers devices to reboot if they are not unlocked for 72 hours. 

Based on the language used in its security update, Apple suggests that the attacks were most likely carried out with physical control of a person's device, implying that whoever exploited this vulnerability had to connect to the person's Apple devices using a forensics device such as Cellebrite or Graykey, two systems that allow law enforcement to unlock and access data stored on iPhones and other devices. Bill Marczak, a senior researcher at Citizen Lab, a University of Toronto group that studies cyberattacks on civil society, uncovered the flaw.

However, it remains unclear who was responsible for exploiting this vulnerability and against whom it was used. However, there have been reported instances in the past in which law enforcement agencies employed forensic tools, which often exploit zero-day flaws in devices such as the iPhone, to unlock them and access the data inside.

Amnesty International published a report in December 2024 detailing a string of assaults by Serbian authorities in which they utilised Cellebrite to unlock the phones of journalists and activists in the nation before infecting them with malware. According to security experts, the Cellebrite forensic tools were probably used "widely" on members of civil society, Amnesty stated.
Read more »
Data Theft
Amazon class action lawsuits Data Breach Data Harvesting SDK Data Privacy Data Safety User Data data security Data Theft

Amazon Faces Lawsuit Over Alleged Secret Collection and Sale of User Location Data

 

A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software development kit (SDK) to extract sensitive geolocation information from mobile apps. According to the lawsuit, plaintiff Felix Kolotinsky of San Mateo claims 

Amazon embedded its SDK into numerous mobile applications, allowing the company to collect precise, timestamped location details. Users were reportedly unaware that their movements were being tracked and stored. Kolotinsky states that his own data was accessed through the widely used “Speedtest by Ookla” app. The lawsuit contends that Amazon’s data collection practices could reveal personal details such as users’ home addresses, workplaces, shopping habits, and frequented locations. 

It also raises concerns that this data might expose sensitive aspects of users’ lives, including religious practices, medical visits, and sexual orientation. Furthermore, the complaint alleges that Amazon leveraged this information to build detailed consumer profiles for targeted advertising, violating California’s privacy and computer access laws. This case is part of a broader legal pushback against tech companies and data brokers accused of misusing location tracking technologies. 

In a similar instance, the state of Texas recently filed a lawsuit against Allstate, alleging the insurance company monitored drivers’ locations via mobile SDKs and sold the data to other insurers. Another legal challenge in 2024 targeted Twilio, claiming its SDK unlawfully harvested private user data. Amazon has faced multiple privacy-related controversies in recent years. In 2020, it terminated several employees for leaking customer data, including email addresses and phone numbers, to third parties. 

More recently, in June 2023, Amazon agreed to a $31 million settlement over privacy violations tied to its Alexa voice assistant and Ring doorbell products. That lawsuit accused the company of storing children’s voice recordings indefinitely and using them to refine its artificial intelligence, breaching federal child privacy laws. 

Amazon has not yet issued a response to the latest allegations. The lawsuit, Kolotinsky v. Amazon.com Inc., seeks compensation for affected California residents and calls for an end to the company’s alleged unauthorized data collection practices.
Read more »
University of Crete
Advanced Technology Data Privacy Hologram Optical Encryption University of Crete

Researchers at University of Crete Developes Uncrackable Optical Encryption

 

An optical encryption technique developed by researchers at the Foundation for Research and Technology Hellas (FORTH) and the University of Crete in Greece is claimed to provide an exceptionally high level of security. 

According to Optica, the system decodes the complex spatial information in the scrambled images by retrieving intricately jumbled information from a hologram using trained neural networks.

“From rapidly evolving digital currencies to governance, healthcare, communications and social networks, the demand for robust protection systems to combat digital fraud continues to grow," stated project leader Stelios Tzortzakis.

"Our new system achieves an exceptional level of encryption by utilizing a neural network to generate the decryption key, which can only be created by the owner of the encryption system.”

Optical encryption secures data at the network's optical transport level, avoiding slowing down the overall system with additional hardware at the non-optical levels. This strategy may make it easier to establish authentication procedures at both ends of the transfer to verify data integrity. 

The researchers investigated whether ultrashort laser filaments travelling in a highly nonlinear and turbulent medium might transfer optical information, such as a target's shape, that had been encoded in holograms of those shapes. The researchers claim that this renders the original data totally scrambled and unretrievable by any physical modelling or experimental method. 

Data scrambled by passage via ethanol liquid 

A femtosecond laser was used in the experimental setup to pass through a prepared hologram and into a cuvette that contained liquid ethanol. A CCD sensor recorded the optical data, which appeared as a highly scrambled and disorganised image due to laser filamentation and thermally generated turbulence in the liquid. 

"The challenge was figuring out how to decrypt the information," said Tzortzakis. “We came up with the idea of training neural networks to recognize the incredibly fine details of the scrambled light patterns. By creating billions of complex connections, or synapses, within the neural networks, we were able to reconstruct the original light beam shapes.”

In trials, the method was used to encrypt and decrypt thousands of handwritten digits and reference forms. After optimising the experimental approach and training the neural network, the encoded images were properly retrieved 90 to 95 percent of the time, with additional improvements potential with more thorough neural network training. 

The team is now working on ways to use a less expensive and bulkier laser system, as a necessary step towards commercialising the approach for a variety of potential industrial encryption uses

“Our study provides a strong foundation for many applications, especially cryptography and secure wireless optical communication, paving the way for next-generation telecommunication technologies," concluded Tzortzakis.
Read more »
privacy laws
Cyber Security Data Privacy data security Elon Musk Email OPM data breach privacy laws

Federal Employees Sue OPM Over Alleged Unauthorized Email Database

 

Two federal employees have filed a lawsuit against the Office of Personnel Management (OPM), alleging that a newly implemented email system is being used to compile a database of federal workers without proper authorization. The lawsuit raises concerns about potential misuse of employee information and suggests a possible connection to Elon Musk, though no concrete evidence has been provided. The controversy began when OPM sent emails to employees, claiming it was testing a new communication system. Recipients were asked to reply to confirm receipt, but the plaintiffs argue that this was more than a routine test—it was an attempt to secretly create a list of government workers for future personnel decisions, including potential job cuts.

Key Allegations and Concerns

The lawsuit names Amanda Scales, a former executive at Musk’s artificial intelligence company, xAI, who now serves as OPM’s chief of staff. The plaintiffs suspect that her appointment may be linked to the email system’s implementation, though they have not provided definitive proof. They claim that an unauthorized email server was set up within OPM’s offices, making it appear as though messages were coming from official government sources when they were actually routed through a separate system.

An anonymous OPM employee’s post, cited in the lawsuit, alleges that the agency’s Chief Information Officer, Melvin Brown, was sidelined after refusing to implement the email list. The post further claims that a physical server was installed at OPM headquarters, enabling external entities to send messages that appeared to originate from within the agency. These allegations have raised serious concerns about transparency and data security within the federal government.

The lawsuit also argues that the email system violates the E-Government Act of 2002, which requires federal agencies to conduct strict privacy assessments before creating databases containing personal information. The plaintiffs contend that OPM bypassed these requirements, putting employees at risk of having their information used without consent.

Broader Implications and Employee Anxiety

Beyond the legal issues, the case reflects growing anxiety among federal employees about potential restructuring under the new administration. Reports suggest that significant workforce reductions may be on the horizon, and the lawsuit implies that the email system could play a role in streamlining mass layoffs. If the allegations are proven true, it could have major implications for how employee information is collected and used in the future.

As of now, OPM has not officially responded to the allegations, and there is no definitive proof linking the email system to Musk or any specific policy agenda. However, the case has sparked widespread discussions about transparency, data security, and the ethical use of employee information within the federal government. The lawsuit highlights the need for stricter oversight and accountability to ensure that federal employees’ privacy rights are protected.

The lawsuit against OPM underscores the growing tension between federal employees and government agencies over data privacy and transparency. While the allegations remain unproven, they raise important questions about the ethical use of employee information and the potential for misuse in decision-making processes. As the case unfolds, it could set a precedent for how federal agencies handle employee data and implement new systems in the future. For now, the controversy serves as a reminder of the importance of safeguarding privacy and ensuring accountability in government operations.

Read more »
Technology
AI Learning Artificial Intelligence Data Privacy Personalised learning Technology

AI-Powered Personalized Learning: Revolutionizing Education

 

In an era where technology permeates every aspect of our lives, education is undergoing a transformative shift. Imagine a classroom where each student’s learning experience is tailored to their unique needs, interests, and pace. This is no longer a distant dream but a rapidly emerging reality, thanks to the revolutionary impact of artificial intelligence (AI). Personalized learning, once a buzzword, has become a game-changer, with AI at the forefront of this transformation. In this blog, we’ll explore how AI is driving the personalized learning revolution, its benefits and challenges, and what the future holds for this exciting frontier in education.

Personalized learning is an educational approach that tailors teaching and learning experiences to meet the unique needs, strengths, and interests of each student. Unlike traditional one-size-fits-all methods, personalized learning aims to provide a customized educational experience that accommodates diverse learning styles, paces, and preferences. The goal is to enhance student engagement and achievement by addressing individual characteristics such as academic abilities, prior knowledge, and personal interests.

The Role of AI in Personalized Learning

AI is playing a pivotal role in making personalized learning a reality. Here’s how:

  • Adaptive Learning Platforms: These platforms use AI to dynamically adjust educational content based on a student’s performance, learning style, and pace. By analyzing how students interact with the material, adaptive systems can modify task difficulty and provide tailored resources to meet individual needs. This ensures a personalized learning experience that evolves as students progress.
  • Analyzing Student Performance and Behavior: AI-driven analytics processes vast amounts of data on student behavior, performance, and engagement to identify patterns and trends. These insights help educators pinpoint areas where students excel or struggle, enabling timely interventions and support.

Benefits of AI-Driven Personalized Learning

The integration of AI into personalized learning offers numerous advantages:

  1. Enhanced Student Engagement: AI-powered personalized learning makes education more relevant and engaging by adapting content to individual interests and needs. This approach fosters a deeper connection to the subject matter and keeps students motivated.
  2. Improved Learning Outcomes: Studies have shown that personalized learning tools lead to higher test scores and better grades. By addressing individual academic gaps, AI ensures that students master concepts more effectively.
  3. Efficient Use of Resources: AI streamlines lesson planning and focuses on areas where students need the most support. By automating repetitive tasks and providing actionable insights, AI helps educators manage their time and resources more effectively.

Challenges and Considerations

While AI-driven personalized learning holds immense potential, it also presents several challenges:

  1. Data Privacy and Security: Protecting student data is a critical concern. Schools and technology providers must implement robust security measures and transparent data policies to safeguard sensitive information.
  2. Equity and Access: Ensuring equal access to AI-powered tools is essential to prevent widening educational disparities. Efforts must be made to provide all students with the necessary devices and internet connectivity.
  3. Teacher Training and Integration: Educators need comprehensive training to effectively use AI tools in the classroom. Ongoing support and resources are crucial to help teachers integrate these technologies into their lesson plans.

AI is revolutionizing education by enabling personalized learning experiences that cater to each student’s unique needs and pace. By enhancing engagement, improving outcomes, and optimizing resource use, AI is shaping the future of education. However, as we embrace these advancements, it is essential to address challenges such as data privacy, equitable access, and teacher training. With the right approach, AI-powered personalized learning has the potential to transform education and unlock new opportunities for students worldwide.

Read more »
Web browser
Cyber Security Data Privacy search engine Tor Browser Web browser

Best Tor Browser Substitute for Risk-Free Web Surfing

 


 Anonymous Browsing: Tools and Extensions for Enhanced Privacy

Anonymous browsing is designed to conceal your IP address and location, making it appear as though you are in a different region. This feature is particularly useful in safeguarding your private information and identity from third parties.

Many users assume that using Incognito (or Private) mode is the simplest way to achieve anonymity. However, this is not entirely accurate. Incognito mode’s primary purpose is to erase your browsing history, cookies, and temporary data once the session ends. While this feature is useful, it does not anonymize your activity or prevent your internet service provider (ISP) and websites from tracking your behavior.

Secure DNS, or DNS over HTTPS, offers another layer of security by encrypting your DNS queries. However, it only secures your searches and does not provide complete anonymity. For discreet browsing, certain browser add-ons can be helpful. While not flawless, these extensions can enhance your privacy. Alternatively, for maximum anonymity, experts recommend using the Tor Browser, which routes your internet traffic through multiple servers for enhanced protection.

Installing privacy-focused extensions on Chrome or Firefox is straightforward. Navigate to your browser's extension or add-on store, search for the desired extension, and click "Add to Chrome" or "Add to Firefox." Firefox will ask for confirmation before installation. Always ensure an extension’s safety by reviewing its ratings, user reviews, and developer credibility before adding it to your browser.

Top Privacy Tools for Anonymous Browsing

Cybersecurity experts recommend the following tools for enhanced privacy and discretion:

AnonymoX

AnonymoX is a browser add-on that enables anonymous and private internet browsing. It allows you to change your IP address and country, functioning like a lightweight VPN. With a single click, you can switch locations and conceal your identity. However, the free version includes ads, speed limitations, and restricted capabilities. While AnonymoX is a handy tool in certain situations, it is not recommended for constant use due to its impact on browser performance.

Browsec VPN

A VPN remains one of the most reliable methods to ensure online anonymity, and Browsec VPN is an excellent choice. This extension encrypts your traffic, offers multiple free virtual locations, and allows secure IP switching. Its user-friendly interface enables quick country changes and one-click activation or deactivation of features.

Browsec VPN also offers a Smart Settings feature, allowing you to configure the VPN for specific websites, bypass it for others, and set preset countries for selected sites. Upgrading to the premium version ($1.99 per month) unlocks additional features, such as faster speeds, access to over 40 countries, timezone matching, and custom servers for particular sites.

DuckDuckGo

DuckDuckGo is a trusted tool for safeguarding your privacy. This browser extension sets DuckDuckGo as your default search engine, blocks website trackers, enforces HTTPS encryption, prevents fingerprinting, and disables tracking cookies. While DuckDuckGo itself does not include a VPN, upgrading to the Pro subscription ($9.99 per month) provides access to the DuckDuckGo VPN, which encrypts your data and hides your IP address for enhanced anonymity.

Although Incognito mode and Secure DNS offer basic privacy features, they do not provide complete anonymity. To browse discreetly and protect your online activity, consider using browser extensions such as AnonymoX, Browsec VPN, or DuckDuckGo. For maximum security, the Tor Browser remains the gold standard for anonymous browsing.

Regardless of the tools you choose, always exercise caution when browsing the internet. Stay informed, regularly review your privacy settings, and ensure your tools are up-to-date to safeguard your digital footprint.

Read more »
Privacy Policy
CFPB Cyber Security Data Brokers Data Privacy data security online data risks Privacy Policy

Privacy Expert Urges Policy Overhaul to Combat Data Brokers’ Practices

Privacy expert Yael Grauer, known for creating the Big Ass Data Broker Opt-Out List (BADBOOL), has a message for those frustrated with the endless cycle of removing personal data from brokers’ databases: push lawmakers to implement meaningful policy reforms. Speaking at the ShmooCon security conference, Grauer likened the process of opting out to an unwinnable game of Whac-A-Mole, where users must repeatedly fend off new threats to their data privacy. 

Grauer’s BADBOOL guide has served as a resource since 2017, offering opt-out instructions for numerous data brokers. These entities sell personal information to advertisers, insurers, law enforcement, and even federal agencies. Despite such efforts, the sheer number of brokers and their data sources makes it nearly impossible to achieve a permanent opt-out. Commercial data-removal services like DeleteMe offer to simplify this task, but Grauer’s research for Consumer Reports found them less effective than advertised. 

The study, released in August, gave its highest ratings to Optery and EasyOptOuts, but even these platforms left gaps. “None of these services cover everything,” Grauer warned, emphasizing that even privacy experts struggle to protect their data. Grauer stressed the need for systemic solutions, pointing to state-led initiatives like California’s Delete Act. This legislation aims to create a universal opt-out system through a state-run data broker registry. While similar proposals have surfaced at the federal level, Congress has repeatedly failed to pass comprehensive privacy laws. 

Other states have implemented statutes like Maryland’s Online Data Privacy Act, which restricts the sale of sensitive data. However, these laws often allow brokers to deal in publicly available information, such as home addresses found on property-tax sites. Grauer criticized these carve-outs, noting that they undermine broader privacy protections. One promising development is the Consumer Financial Protection Bureau’s (CFPB) proposal to classify data brokers as consumer reporting agencies under the Fair Credit Reporting Act. 

This designation would impose stricter controls on their operations. Grauer urged attendees to voice their support for this initiative through the CFPB’s public-comments form, open until March 3. Despite these efforts, Grauer expressed skepticism about Congress’s ability to act. She warned of political opposition to the CFPB itself, citing calls from conservative groups and influential figures to dismantle the agency. 

Grauer encouraged attendees to engage with their representatives to protect this regulatory body and advocate for robust privacy legislation. Ultimately, Grauer argued, achieving meaningful privacy protections will require collective action, from influencing policymakers to supporting state and federal initiatives aimed at curbing data brokers’ pervasive reach.
Read more »
United States
Data Breach Data Privacy K-12 Schools PowerSchool United States

PowerSchool Breach Compromises Student and Teacher Data From K–12 Districts

 

PowerSchool, a widely used software serving thousands of K–12 schools in the United States, has suffered a major cybersecurity breach.

The Breach has left several schools worried about the potential exposure of critical student and faculty data. With over 45 million users relying on the platform, the breach raises serious concerns about data security in the United States' educational system. 

PowerSchool is a cloud-based software platform used by several schools to manage student information, grades, attendance, and contact with parents. The breach reportedly occurred through one of its customer support portals, when fraudsters gained unauthorised access using compromised credentials. 

Magnitude of the data breach

According to PowerSchool, the leaked data consists mainly of contact details such as names and addresses. However, certain school districts' databases might have included more sensitive data, such as Social Security numbers, medical information, and other personally identifiable information.

The company has informed users that the breach did not impact any other PowerSchool products, although the exact scope of the exposure is still being assessed. 

"We have taken all appropriate steps to prevent the data involved from further unauthorised access or misuse," PowerSchool said in response to the incident, as reported by Valley News Live. “We are equipped to conduct a thorough notification process to all impacted individuals.”

Additionally, the firm has promised to keep helping law enforcement in their efforts to determine how the breach occurred and who might be accountable.

Ongoing investigation and response 

Cybersecurity experts have already begun to investigate the hack, and both PowerSchool and local authorities are attempting to determine the exact scope of the incident. 

As the investigation continues, many people are pushing for stronger security measures to protect sensitive data in the educational sector, especially as more institutions rely on cloud-based systems for day-to-day activities. 

According to Valley News Live, PowerSchool has expressed their commitment to resolving the situation, saying, "We are deeply concerned by this incident and are doing everything we can to support the affected districts and families.”
Read more »
Social Media
Account security Cyber Security Cyber Security and Privacy Data Privacy Digital Footprint Online Privacy Social Media

Practical Tips to Avoid Oversharing and Protect Your Online Privacy

 

In today’s digital age, the line between public and private life often blurs. Social media enables us to share moments, connect, and express ourselves. However, oversharing online—whether through impulsive posts or lax privacy settings—can pose serious risks to your security, privacy, and relationships. 

Oversharing involves sharing excessive personal information, such as travel plans, daily routines, or even seemingly harmless details like pet names or childhood memories. Cybercriminals can exploit this information to answer security questions, track your movements, or even plan crimes like burglary. 

Additionally, posts assumed private can be screenshotted, shared, or retrieved long after deletion, making them a permanent part of your digital footprint. Beyond personal risks, oversharing also contributes to a growing culture of surveillance. Companies collect your data to build profiles for targeted ads, eroding your control over your personal information. 

The first step in safeguarding your online privacy is understanding your audience. Limit your posts to trusted friends or specific groups using privacy tools on social media platforms. Share updates after events rather than in real-time to protect your location. Regularly review and update your account privacy settings, as platforms often change their default configurations. 

Set your profiles to private, accept connection requests only from trusted individuals, and think twice before sharing. Ask yourself if the information is something you would be comfortable sharing with strangers, employers, or cybercriminals. Avoid linking unnecessary accounts, as this creates vulnerabilities if one is compromised. 

Carefully review the permissions you grant to apps or games, and disconnect those you no longer use. For extra security, enable two-factor authentication and use strong, unique passwords for each account. Oversharing isn’t limited to social media posts; apps and devices also collect data. Disable unnecessary location tracking, avoid geotagging posts, and scrub metadata from photos and videos before sharing. Be mindful of background details in images, such as visible addresses or documents. 

Set up alerts to monitor your name or personal details online, and periodically search for yourself to identify potential risks. Children and teens are especially vulnerable to the risks of oversharing. Teach them about privacy settings, the permanence of posts, and safe sharing habits. Simple exercises, like the “Granny Test,” can encourage thoughtful posting. 

Reducing online activity and spending more time offline can help minimize oversharing while fostering stronger in-person connections. By staying vigilant and following these tips, you can enjoy the benefits of social media while keeping your personal information safe.
Read more »
Subscribe to: Posts (Atom)