CySecurity News - Latest Information Security and Hacking Incidents: Data Privacy

AI Chatbot Ai Data AI Security AI Techniques Chatbots Cloud Security Data Privacy Data Usage Online Security Privacy

PocketPal AI Brings Offline AI Chatbot Experience to Smartphones With Full Data Privacy

In a digital world where most AI chatbots rely on cloud computing and constant internet connectivity, PocketPal AI takes a different approach by offering an entirely offline, on-device chatbot experience. This free app brings AI processing power directly onto your smartphone, eliminating the need to send data back and forth across the internet. Conventional AI chatbots typically transmit your interactions to distant servers, where the data is processed before a response is returned. That means even sensitive or routine conversations can be stored remotely, raising concerns about privacy, data usage, and the potential for misuse.

PocketPal AI flips this model by handling all computation on your device, ensuring your data never leaves your phone unless you explicitly choose to save or share it. This local processing model is especially useful in areas with unreliable internet or no access at all. Whether you’re traveling in rural regions, riding the metro, or flying, PocketPal AI works seamlessly without needing a connection.

Additionally, using an AI offline helps reduce mobile data consumption and improves speed, since there’s no delay waiting for server responses. The app is available on both iOS and Android and offers users the ability to interact with compact but capable language models. While you do need an internet connection during the initial setup to download a language model, once that’s done, PocketPal AI functions completely offline. To begin, users select a model from the app’s library or upload one from their device or from the Hugging Face community.

Although the app lists models without detailed descriptions, users can consult external resources to understand which model is best for their needs—whether it’s from Meta, Microsoft, or another developer. After downloading a model—most of which are several gigabytes in size—users simply tap “Load” to activate the model, enabling conversations with their new offline assistant.

For those more technically inclined, PocketPal AI includes advanced settings for switching between models, adjusting inference behavior, and testing performance. While these features offer great flexibility, they’re likely best suited for power users. On high-end devices like the Pixel 9 Pro Fold, PocketPal AI runs smoothly and delivers fast responses.

However, older or budget devices may face slower load times or stuttering performance due to limited memory and processing power. Because offline models must be optimized for device constraints, they tend to be smaller in size and capabilities compared to cloud-based systems. As a result, while PocketPal AI handles common queries, light content generation, and basic conversations well, it may not match the contextual depth and complexity of large-scale models hosted in the cloud.

Even with these trade-offs, PocketPal AI offers a powerful solution for users seeking AI assistance without sacrificing privacy or depending on an internet connection. It delivers a rare combination of utility, portability, and data control in today’s cloud-dominated AI ecosystem.

As privacy awareness and concerns about centralized data storage continue to grow, PocketPal AI represents a compelling alternative—one that puts users back in control of their digital interactions, no matter where they are.

Google’s AI Virtual Try-On Tool Redefines Online Shopping Experience



 

Privacy

AI Systems AI technology AI tools customer data privacy Data Privacy Data Safety User Data data security Data Usage Google Google AI model Privacy

Google’s AI Virtual Try-On Tool Redefines Online Shopping Experience

At the latest Google I/O developers conference, the tech giant introduced an unexpected innovation in online shopping: an AI-powered virtual try-on tool. This new feature lets users upload a photo of themselves and see how clothing items would appear on their body. By merging the image of the user with that of the garment, Google’s custom-built image generation model creates a realistic simulation of the outfit on the individual.

While the concept seems simple, the underlying AI technology is advanced. In a live demonstration, the tool appeared to function seamlessly. The feature is now available in the United States and is part of Google’s broader efforts to enhance the online shopping experience through AI integration. It’s particularly useful for people who often struggle to visualize how clothing will look on their body compared to how it appears on models.

However, the rollout of this tool raised valid questions about user privacy. AI systems that involve personal images often come with concerns over data usage. Addressing these worries, a Google representative clarified that uploaded photos are used exclusively for the try-on experience. The images are not stored for AI training, are not shared with other services or third parties, and users can delete or update their photos at any time. This level of privacy protection is notable in an industry where user data is typically leveraged to improve algorithms.

Given Google’s ongoing development of AI-driven tools, some expected the company to utilize this photo data for model training. Instead, the commitment to user privacy in this case suggests a more responsible approach. Virtual fitting technology isn’t entirely new. Retail and tech companies have been exploring similar ideas for years. Amazon, for instance, has experimented with AI tools in its fashion division. Google, however, claims its new tool offers a more in-depth understanding of diverse body types.

During the presentation, Vidhya Srinivasan, Google’s VP of ads and commerce, emphasized the system’s goal of accommodating different shapes and sizes more effectively. Past AI image tools have faced criticism for lacking diversity and realism. It’s unclear whether Google’s new tool will be more reliable across the board. Nevertheless, their assurance that user images won’t be used to train models helps build trust.

Although the virtual preview may not always perfectly reflect real-life appearances, this development points to a promising direction for AI in retail. If successful, it could improve customer satisfaction, reduce returns, and make online shopping a more personalized experience.

Beware iPhone Users: Indian Government Issues Urgent Advisory Over Data Theft Risk



 

Security flaw

Data Privacy Indian Government iPhone Users Mobile Security Security flaw

Beware iPhone Users: Indian Government Issues Urgent Advisory Over Data Theft Risk

The Indian government has issued an urgent security warning to iPhone and iPad users, citing major flaws in Apple's iOS and iPadOS software. If not addressed, these vulnerabilities could allow cybercriminals to access sensitive user data or make devices inoperable. The advisory was issued by the Indian Computer Emergency Response Team (CERT-In), which is part of the Ministry of Electronics and Information Technology, and urged users to act immediately.

Apple devices running older versions of iOS (before to 18.3) and iPadOS (prior to 17.7.3 or 18.3) are particularly vulnerable to the security flaws. The iPad Pro (2nd generation and up), iPad 6th generation and later, iPad Air (3rd generation and up), and iPad mini (5th generation and later) are among the popular models that fall within this category, as are the iPhone XS and newer.

A key aspect of Apple's message system, the Darwin notification system, is one of the major flaws. The vulnerability enables unauthorised apps to send system-level notifications without requiring additional permissions. The device could freeze or crash if it is exploited, necessitating user intervention to restore functionality.

These flaws present serious threats. Hackers could gain access to sensitive information such as personal details, financial information, and so on. In other cases, they could circumvent the device's built-in security protections, running malicious code that jeopardises the system's integrity. In the worst-case situation, a hacker could crash the device, rendering it completely unusable. CERT-In has also confirmed that some of these flaws are actively abused by hackers, emphasising the need for users to act quickly.

Apple has responded by releasing security upgrades to fix these vulnerabilities. It is highly recommended that impacted users update to the most latest version of iOS or iPadOS on their devices as soon as feasible. To defend against any threats, this update is critical. Additionally, users are cautioned against downloading suspicious or unverified apps as they could act as entry points for malware. It's also critical to monitor any unusual device behaviour as it may be related to a security risk.

As Apple's footprint in India grows, it is more critical than ever that people remain informed and cautious. Regular software upgrades and sensible, cautious usage patterns are critical for guarding against the growing threat of cyber assaults. iPhone and iPad users can improve the security of their devices and sensitive data by taking proactive measures.

Here's Why Websites Are Offering "Ad-Lite" Premium Subscriptions



 

User Security

Ad-lite Cyber Security Data Privacy Premium Subscriptions User Security

Here's Why Websites Are Offering "Ad-Lite" Premium Subscriptions

Some websites allow you to totally remove adverts after subscribing, while others now offer "ad-lite" memberships. However, when you subscribe to ad-supported streaming services, you do not get the best value.

Not removing all ads

Ads are a significant source of income for many websites, despite the fact that they can be annoying. Additionally, a lot of websites are aware of ad-blockers, so outdated methods may no longer be as effective.

For websites, complete memberships without advertisements are a decent compromise because adverts aren't going away. The website may continue to make money to run while providing users with an ad-free experience. In this case, everybody wins.

However, ad-lite subscriptions are not always the most cost-effective option. Rather than fully blocking adverts, you do not see personalised ads. While others may disagree, I can't see how this would encourage me to subscribe; I'd rather pay an extra few dollars per month to completely remove them.

In addition to text-based websites, YouTube has tested a Premium Lite tool. Although not all videos are ad-free, the majority are. Subscribing makes no sense for me if the videos with advertisements are on topics I'm interested in.

Using personal data

Many websites will track your behaviour because many advertisements are tailored to your preferences. Advertisers can then use this information to recommend items and services that they believe you would be interested in.

Given that many people have been more concerned about their privacy in recent years, it's reasonable that some may wish to pay money to prevent having their data used. While this is occasionally the case, certain websites may continue to utilise your information even after you subscribe to an ad-lite tier.

Websites continue to require user information in order to get feedback and improve their services. As a result, your data may still be used in certain scenarios. The key distinction is that it will rarely be used for advertising; while this may be sufficient for some, others may find it more aggravating. It is difficult to avoid being tracked online under any circumstances. You can still be tracked while browsing in incognito or private mode.

Use ad-free version

Many websites with ad-lite tiers also provide totally ad-free versions. When you subscribe to them, you will not receive any personalised or non-personalised advertisements. Furthermore, you frequently get access to exclusive and/or infinite content, allowing you to fully support your preferred publications. Rather than focussing on the price, evaluate how much value you'll gain from subscribing to an ad-free tier. It's usually less expensive than ad-lite.

Getting an ad-lite membership is essentially the worst of everything you were attempting to avoid. You'll still get adverts, but they'll be less personal. Furthermore, you may see adverts on stuff you appreciate while paying for ad-free access to something you do not care about. It's preferable to pay for the complete version.

WhatsApp Reveals "Private Processing" Feature for Cloud Based AI Features



 

Technology

AI Cloud Data Privacy Meta Technology

WhatsApp Reveals "Private Processing" Feature for Cloud Based AI Features

WhatsApp claims even it can not process private data

WhatsApp has introduced ‘Private Processing,’ a new tech that allows users to use advanced AI features by offloading tasks to privacy-preserving cloud servers, without exposing their chat to Meta. Meta claims even it cannot see the messages while processing them. The system employs encrypted cloud infrastructure and hardware-based isolation without making it visible to anyone, even Meta, or processing data.

About private processing

For those who decide to use Private Processing, the system works in an obscure verification via the user’s WhatsApp client to confirm the user’s validity.

Meta claims this system keeps WhatsApp’s end-to-end encryption intact while offering AI features in chats. However, the feature currently applies only to select use cases and excludes Meta’s broader AI deployments, including those used in India’s public service systems.

Private processing employs Trusted Execution Environments (TEEs) — safe virtual machines that use cloud infrastructure to keep AI requests hidden.

About the system

Performs encryption of user requests from the system to the TEE utilizing end-to-end encryption
Encrypts user requests from the device to the TEE using end-to-end encryption
Restricts storage or logging of messages post-processing
Reports logs and binary images for external verification and audits

WhatsApp builds AI through wider privacy concerns

According to Meta, the Private processing is a response to privacy questions around AI and messaging. WhatsApp has now joined other companies like Apple that have introduced confidential AI computing models in the previous year. “To validate our implementation of these and other security principles, independent security researchers will be able to continuously verify our privacy and security architecture and its integrity,” Meta said.

It is similar to Apple’s private cloud computing in terms of public transparency and stateless processing. Currently, however, WhatsApp is using them only for select features. Apple, on the other hand, has declared plans to implement this model throughout all its AI tools, whereas WhatsApp has not made such claims, yet.

WhatsApp says, “Private Processing uses anonymous credentials to authenticate users over OHTTP. This way, Private Processing can authenticate users to the Private Processing system but remains unable to identify them.”

ProtectEU and VPN Privacy: What the EU Encryption Plan Means for Online Security



 

secure VPN

customer privacy Cyber Security and Privacy Data Privacy encrypted European Union Messaging Apps Privacy secure VPN

ProtectEU and VPN Privacy: What the EU Encryption Plan Means for Online Security

Texting through SMS is pretty much a thing of the past. Most people today rely on apps like WhatsApp and Signal to share messages, make encrypted calls, or send photos—all under the assumption that our conversations are private. But that privacy could soon be at risk in the EU.

On April 1, 2025, the European Commission introduced a new plan called ProtectEU. Its goal is to create a roadmap for “lawful and effective access to data for law enforcement,” particularly targeting encrypted platforms. While messaging apps are the immediate focus, VPN services might be next. VPNs rely on end-to-end encryption and strict no-log policies to keep users anonymous. However, if ProtectEU leads to mandatory encryption backdoors or expanded data retention rules, that could force VPN providers to change how they operate—or leave the EU altogether.

Proton VPN’s Head of Public Policy, Jurgita Miseviciute, warns that weakening encryption won’t solve security issues. Instead, she believes it would put users at greater risk, allowing bad actors to exploit the same access points created for law enforcement. Proton is monitoring the plan closely, hoping the EU will consider solutions that protect encryption. Surfshark takes a more optimistic view. Legal Head Gytis Malinauskas says the strategy still lacks concrete policy direction and sees the emphasis on cybersecurity as a potential boost for privacy tools like VPNs. Mullvad VPN isn’t convinced.

Having fought against earlier EU proposals to scan private chats, Mullvad criticized ProtectEU as a rebranded version of old policies, expressing doubt it will gain wide support. One key concern is data retention. If the EU decides to require VPNs to log user activity, it could fundamentally conflict with their privacy-first design. Denis Vyazovoy of AdGuard VPN notes that such laws could make no-log VPNs unfeasible, prompting providers to exit the EU market—much like what happened in India in 2022. NordVPN adds that the more data retained, the more risk users face from breaches or misuse.

Even though VPNs aren’t explicitly targeted yet, an EU report has listed them as a challenge to investigations—raising concerns about future regulations. Still, Surfshark sees the current debate as a chance to highlight the legitimate role VPNs play in protecting everyday users. While the future remains uncertain, one thing is clear: the tension between privacy and security is only heating up.

Best Encrypted Messaging Apps: Signal vs Telegram vs WhatsApp Privacy Guide



 

Signal app

Bleep Private Messaging App Cyber Security Data Privacy encrypted messaging apps End-to-End Encrypted Messaging Services Message encryption Signal app

Best Encrypted Messaging Apps: Signal vs Telegram vs WhatsApp Privacy Guide

Encrypted messaging apps have become essential tools in the age of cyber threats and surveillance. With rising concerns over data privacy, especially after recent high-profile incidents, users are turning to platforms that offer more secure communication. Among the top contenders are Signal, Telegram, and WhatsApp—each with its own approach to privacy, encryption, and data handling.

Signal is widely regarded as the gold standard when it comes to messaging privacy. Backed by a nonprofit foundation and funded through grants and donations, Signal doesn’t rely on user data for profit. It collects minimal information—just your phone number—and offers strong on-device privacy controls, like disappearing messages and call relays to mask IP addresses. Being open-source, Signal allows independent audits of its code, ensuring transparency. Even when subpoenaed, the app could only provide limited data like account creation date and last connection, making it a favorite among journalists, whistleblowers, and privacy advocates.

Telegram offers a broader range of features but falls short on privacy. While it supports end-to-end encryption, this is limited only to its “secret chats,” and not enabled by default in regular messages or public channels. Telegram also stores metadata, such as IP addresses and contact info, and recently updated its privacy policy to allow data sharing with authorities under legal requests. Despite this, it remains popular for public content sharing and large group chats, thanks to its forum-like structure and optional paid features.

WhatsApp, with over 2 billion users, is the most widely used encrypted messaging app. It employs the same encryption protocol as Signal, ensuring end-to-end protection for chats and calls. However, as a Meta-owned platform, it collects significant user data—including device information, usage logs, and location data. Even people not using WhatsApp can have their data collected via synced contacts. While messages remain encrypted, the amount of metadata stored makes it less privacy-friendly compared to Signal.

All three apps offer some level of encrypted messaging, but Signal stands out for its minimal data collection, open-source transparency, and commitment to privacy. Telegram provides a flexible chat experience with weaker privacy controls, while WhatsApp delivers strong encryption within a data-heavy ecosystem. Choosing the best encrypted messaging app depends on what you prioritize more: security, features, or convenience.

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage



 

VPN

Apple Data Privacy Data Regulation Google Internet Privacy VPN

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports that 5 VPNs still available to U.S users, such as VPN Proxy master and Turbo VPN, are linked to Qihoo. It was sanctioned in 2020 on the charges of alleged military ties.

Ilusion of Privacy: VPNs collecting data

In 2025 alone, three VPN apps have had over a million downloads on Google Play and Apple’s App Store, suggesting these aren’t small-time apps, Sensor Tower reports. They are advertised as “private browsing” tools, but the VPNs provide the companies with complete user data of their online activity. This is alarming because China’s national security laws mandate that companies give user data if the government demands it.

Concerns around ownership structures

The intricate web of ownership structures raises important questions; the apps are run by Singapore-based Innovative Connecting, owned by Lemon Seed, a Cayman Islands firm. Qihoo acquired Lemon Seed for $69.9 million in 2020. The company claimed to sell the business months late, but FT reports the China-based team making the applications were still under Qihoo’s umbrella for years. According to FT, a developer said, “You could say that we’re part of them, and you could say we’re not. It’s complicated.”

Amid outrage, Google and Apple respond

Google said it strives to follow sanctions and remove violators when found. Apple has removed two apps- Snap VPN and Thunder VPN- after FT contacted the business, claiming it follows strict rules on VPN data-sharing.

Privacy scare can damage stock valuations

What Google and Apple face is more than public outage. Investors prioritise data privacy, and regulatory threat has increased, mainly with growing concerns around U.S tech firms’ links to China. If the U.S government gets involved, it can result in stricter rules, fines, and even more app removals. If this happens, shareholders won’t be happy.

According to FT, “Innovative Connecting said the content of the article was not accurate and declined to comment further. Guangzhou Lianchuang declined to comment. Qihoo and Chen Ningyi did not respond to requests for comment.”

Orion Brings Fully Homomorphic Encryption to Deep Learning for AI Privacy



 

encryption technology

AI Privacy AI Systems AI technology AI Tool Cryptography Cyber Security Data Privacy Deep Learning encryption technology

Orion Brings Fully Homomorphic Encryption to Deep Learning for AI Privacy

As data privacy becomes an increasing concern, a new artificial intelligence (AI) encryption breakthrough could transform how sensitive information is handled. Researchers Austin Ebel, Karthik Garimella, and Assistant Professor Brandon Reagen have developed Orion, a framework that integrates fully homomorphic encryption (FHE) into deep learning.

This advancement allows AI systems to analyze encrypted data without decrypting it, ensuring privacy throughout the process. FHE has long been considered a major breakthrough in cryptography because it enables computations on encrypted information while keeping it secure. However, applying this method to deep learning has been challenging due to the heavy computational requirements and technical constraints. Orion addresses these challenges by automating the conversion of deep learning models into FHE-compatible formats.

The researchers’ study, recently published on arXiv and set to be presented at the 2025 ACM International Conference on Architectural Support for Programming Languages and Operating Systems, highlights Orion’s ability to make privacy-focused AI more practical. One of the biggest concerns in AI today is that machine learning models require direct access to user data, raising serious privacy risks. Orion eliminates this issue by allowing AI to function without exposing sensitive information. The framework is built to work with PyTorch, a widely used machine learning library, making it easier for developers to integrate FHE into existing models.

Orion also introduces optimization techniques that reduce computational burdens, making privacy-preserving AI more efficient and scalable. Orion has demonstrated notable performance improvements, achieving speeds 2.38 times faster than previous FHE deep learning methods. The researchers successfully implemented high-resolution object detection using the YOLO-v1 model, which contains 139 million parameters—a scale previously considered impractical for FHE. This progress suggests Orion could enable encrypted AI applications in sectors like healthcare, finance, and cybersecurity, where protecting user data is essential.

A key advantage of Orion is its accessibility. Traditional FHE implementations require specialized knowledge, making them difficult to adopt. Orion simplifies the process, allowing more developers to use the technology without extensive training. By open-sourcing the framework, the research team hopes to encourage further innovation and adoption. As AI continues to expand into everyday life, advancements like Orion could help ensure that technological progress does not come at the cost of privacy and security.



 

Threat Intelligence

AI AI Tool Data Privacy Technology Threat Intelligence

AI and Privacy – Issues and Challenges

Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the line between safety and overreach as AI-driven systems become more and more integrated into daily life.

The same artificial intelligence (AI) tools that aid in spotting online threats, optimising security procedures, and stopping fraud can also be used for intrusive data collecting, behavioural tracking, and mass spying. The use of AI-powered surveillance in corporate data mining, law enforcement profiling, and government tracking has drawn criticism in recent years. AI runs the potential of undermining rather than defending basic rights in the absence of clear regulations and transparency.

AI and data ethics

Despite encouraging developments, there are numerous instances of AI-driven inventions going awry, which raise serious questions. A face recognition business called Clearview AI amassed one of the largest facial recognition databases in the world by illegally scraping billions of photos from social media. Clearview's technology was employed by governments and law enforcement organisations across the globe, leading to legal action and regulatory action about mass surveillance.

The UK Department for Work and Pensions used an AI system to detect welfare fraud. An internal investigation suggested that the system disproportionately targeted people based on their age, handicap, marital status, and country. This prejudice resulted in certain groups being unfairly picked for fraud investigations, raising questions about discrimination and the ethical use of artificial intelligence in public services. Despite earlier guarantees of impartiality, the findings have fuelled calls for increased openness and supervision in government AI use.

Regulations and consumer protection

The ethical use of AI is being regulated by governments worldwide, with a number of significant regulations having an immediate impact on consumers. The AI Act of the European Union, which is scheduled to go into force in 2025, divides AI applications into risk categories.

Strict regulations will be applied to high-risk technology, like biometric surveillance and facial recognition, to guarantee transparency and moral deployment. The EU's commitment to responsible AI governance is further reinforced by the possibility of severe sanctions for non compliant companies.

Individuals in the United States have more control over their personal data according to California's Consumer Privacy Act. Consumers have the right to know what information firms gather about them, to seek its erasure, and to opt out of data sales. This rule adds an important layer of privacy protection in an era where AI-powered data processing is becoming more common.

The White House has recently introduced the AI Bill of Rights, a framework aimed at encouraging responsible AI practices. While not legally enforceable, it emphasises the need of privacy, transparency, and algorithmic fairness, pointing to a larger push for ethical AI development in policy making.

Encryption Under Siege: A New Wave of Attacks Intensifies



 

Government surveillance

Cyber Security Data Privacy Digital Security Encryption End-to-End Encryption Government surveillance

Encryption Under Siege: A New Wave of Attacks Intensifies

Over the past decade, encrypted communication has become a standard for billions worldwide. Platforms like Signal, iMessage, and WhatsApp use default end-to-end encryption, ensuring user privacy. Despite widespread adoption, governments continue pushing for greater access, threatening encryption’s integrity.

Recently, authorities in the UK, France, and Sweden have introduced policies that could weaken encryption, adding to EU and Indian regulatory measures that challenge privacy. Meanwhile, US intelligence agencies, previously critical of encryption, now advocate for its use after major cybersecurity breaches. The shift follows an incident where the China-backed hacking group Salt Typhoon infiltrated US telecom networks. Simultaneously, the second Trump administration is expanding surveillance of undocumented migrants and reassessing intelligence-sharing agreements.

“The trend is bleak,” says Carmela Troncoso, privacy and cryptography researcher at the Max-Planck Institute for Security and Privacy. “New policies are emerging that undermine encryption.”

Law enforcement argues encryption obstructs criminal investigations, leading governments to demand backdoor access to encrypted platforms. Experts warn such access could be exploited by malicious actors, jeopardizing security. Apple, for example, recently withdrew its encrypted iCloud backup system from the UK after receiving a secret government order. The company’s compliance would require creating a backdoor, a move expected to be challenged in court on March 14. Similarly, Sweden is considering laws requiring messaging services like Signal and WhatsApp to retain message copies for law enforcement access, prompting Signal to threaten market exit.

“Some democracies are reverting to crude approaches to circumvent encryption,” says Callum Voge, director of governmental affairs at the Internet Society.

A growing concern is client-side scanning, a technology that scans messages on users’ devices before encryption. While presented as a compromise, experts argue it introduces vulnerabilities. The EU has debated its implementation for years, with some member states advocating stronger encryption while others push for increased surveillance. Apple abandoned a similar initiative after warning that scanning for one type of content could pave the way for mass surveillance.

“Europe is divided, with some countries strongly in favor of scanning and others strongly against it,” says Voge.

Another pressing threat is the potential banning of encrypted services. Russia blocked Signal in 2024, while India’s legal battle with WhatsApp could force the platform to abandon encryption or exit the market. The country has already prohibited multiple VPN services, further limiting digital privacy options.

Despite mounting threats, pro-encryption responses have emerged. The US Cybersecurity and Infrastructure Security Agency and the FBI have urged encrypted communication use following recent cybersecurity breaches. Sweden’s armed forces also endorse Signal for unclassified communications, recognizing its security benefits.

With the UK’s March 14 legal proceedings over Apple’s backdoor request approaching, US senators and privacy organizations are demanding greater transparency. UK civil rights groups are challenging the confidential nature of such surveillance orders.

“The UK government may have come for Apple today, but tomorrow it could be Google, Microsoft, or even your VPN provider,” warns Privacy International.

Encryption remains fundamental to human rights, safeguarding free speech, secure communication, and data privacy. “Encryption is crucial because it enables a full spectrum of human rights,” says Namrata Maheshwari of Access Now. “It supports privacy, freedom of expression, organization, and association.”

As governments push for greater surveillance, the fight for encryption and privacy continues, shaping the future of digital security worldwide.

How Data Removal Services Protect Your Online Privacy from Brokers



 

Privacy

Data Brokers Data collection Data Mining Data Privacy Data Removal data security Online Privacy Privacy

How Data Removal Services Protect Your Online Privacy from Brokers

Data removal services play a crucial role in safeguarding online privacy by helping individuals remove their personal information from data brokers and people-finding websites. Every time users browse the internet, enter personal details on websites, or use search engines, they leave behind a digital footprint. This data is often collected by aggregators and sold to third parties, including marketing firms, advertisers, and even organizations with malicious intent. With data collection becoming a billion-dollar industry, the need for effective data removal services has never been more urgent.

Many people are unaware of how much information is available about them online. A simple Google search may reveal social media profiles, public records, and forum posts, but this is just the surface. Data brokers go even further, gathering information from browsing history, purchase records, loyalty programs, and public documents such as birth and marriage certificates. This data is then packaged and sold to interested buyers, creating a detailed digital profile of individuals without their explicit consent.

Data removal services work by identifying where a person’s data is stored, sending removal requests to brokers, and ensuring that information is deleted from their records. These services automate the process, saving users the time and effort required to manually request data removal from hundreds of sources. Some of the most well-known data removal services include Incogni, Aura, Kanary, and DeleteMe. While each service may have a slightly different approach, they generally follow a similar process. Users provide their personal details, such as name, email, and address, to the data removal service.

The service then scans databases of data brokers and people-finder sites to locate where personal information is being stored. Automated removal requests are sent to these brokers, requesting the deletion of personal data. While some brokers comply with these requests quickly, others may take longer or resist removal efforts. A reliable data removal service provides transparency about the process and expected timelines, ensuring users understand how their information is being handled. Data brokers profit immensely from selling personal data, with the industry estimated to be worth over $400 billion.

Major players like Experian, Equifax, and Acxiom collect a wide range of information, including addresses, birth dates, family status, hobbies, occupations, and even social security numbers. People-finding services, such as BeenVerified and Truthfinder, operate similarly by aggregating publicly available data and making it easily accessible for a fee. Unfortunately, this information can also fall into the hands of bad actors who use it for identity theft, fraud, or online stalking.

For individuals concerned about privacy, data removal services offer a proactive way to reclaim control over personal information. Journalists, victims of stalking or abuse, and professionals in sensitive industries particularly benefit from these services. However, in an age where data collection is a persistent and lucrative business, staying vigilant and using trusted privacy tools is essential for maintaining online anonymity.

Microsoft MUSE AI: Revolutionizing Game Development with WHAM and Ethical Challenges



 

Privacy

AI Gaming AI Model AI Systems AI technology Data Privacy data security Data Technology Microsoft Privacy

Microsoft MUSE AI: Revolutionizing Game Development with WHAM and Ethical Challenges

Microsoft has developed MUSE, a cutting-edge AI model that is set to redefine how video games are created and experienced. This advanced system leverages artificial intelligence to generate realistic gameplay elements, making it easier for developers to design and refine virtual environments. By learning from vast amounts of gameplay data, MUSE can predict player actions, create immersive worlds, and enhance game mechanics in ways that were previously impossible. While this breakthrough technology offers significant advantages for game development, it also raises critical discussions around data security and ethical AI usage.

One of MUSE’s most notable features is its ability to automate and accelerate game design. Developers can use the AI model to quickly prototype levels, test different gameplay mechanics, and generate realistic player interactions. This reduces the time and effort required for manual design while allowing for greater experimentation and creativity. By streamlining the development process, MUSE provides game studios—both large and small—the opportunity to push the boundaries of innovation.

The AI system is built on an advanced framework that enables it to interpret and respond to player behaviors. By analyzing game environments and user inputs, MUSE can dynamically adjust in-game elements to create more engaging experiences. This could lead to more adaptive and personalized gaming, where the AI tailors challenges and story progression based on individual player styles. Such advancements have the potential to revolutionize game storytelling and interactivity.

Despite its promising capabilities, the introduction of AI-generated gameplay also brings important concerns. The use of player data to train these models raises questions about privacy and transparency. Developers must establish clear guidelines on how data is collected and ensure that players have control over their information. Additionally, the increasing role of AI in game creation sparks discussions about the balance between human creativity and machine-generated content.

While AI can enhance development, it is essential to preserve the artistic vision and originality that define gaming as a creative medium. Beyond gaming, the technology behind MUSE could extend into other industries, including education and simulation-based training. AI-generated environments can be used for virtual learning, professional skill development, and interactive storytelling in ways that go beyond traditional gaming applications.

As AI continues to evolve, its role in shaping digital experiences will expand, making it crucial to address ethical considerations and responsible implementation. The future of AI-driven game development is still unfolding, but MUSE represents a major step forward.

By offering new possibilities for creativity and efficiency, it has the potential to change how games are built and played. However, the industry must carefully navigate the challenges that come with AI’s growing influence, ensuring that technological progress aligns with ethical and artistic integrity.

The Need for Unified Data Security, Compliance, and AI Governance



 

GDPR

AI governance AI Security AI technology CCPA Compliance Cyber Security Data Privacy data security GDPR

The Need for Unified Data Security, Compliance, and AI Governance

Businesses are increasingly dependent on data, yet many continue to rely on outdated security infrastructures and fragmented management approaches. These inefficiencies leave organizations vulnerable to cyber threats, compliance violations, and operational disruptions. Protecting data is no longer just about preventing breaches; it requires a fundamental shift in how security, compliance, and AI governance are integrated into enterprise strategies. A proactive and unified approach is now essential to mitigate evolving risks effectively.

The rapid advancement of artificial intelligence has introduced new security challenges. AI-powered tools are transforming industries, but they also create vulnerabilities if not properly managed. Many organizations implement AI-driven applications without fully understanding their security implications. AI models require vast amounts of data, including sensitive information, making governance a critical priority. Without robust oversight, these models can inadvertently expose private data, operate without transparency, and pose compliance challenges as new regulations emerge.

Businesses must ensure that AI security measures evolve in tandem with technological advancements to minimize risks. Regulatory requirements are also becoming increasingly complex. Governments worldwide are enforcing stricter data privacy laws, such as GDPR and CCPA, while also introducing new regulations specific to AI governance. Non-compliance can result in heavy financial penalties, reputational damage, and operational setbacks. Businesses can no longer treat compliance as an afterthought; instead, it must be an integral part of their data security strategy. Organizations must shift from reactive compliance measures to proactive frameworks that align with evolving regulatory expectations.

Another significant challenge is the growing issue of data sprawl. As businesses store and manage data across multiple cloud environments, SaaS applications, and third-party platforms, maintaining control becomes increasingly difficult. Security teams often lack visibility into where sensitive information resides, making it harder to enforce access controls and protect against cyber threats. Traditional security models that rely on layering additional tools onto existing infrastructures are no longer effective. A centralized, AI-driven approach to security and governance is necessary to address these risks holistically.

Forward-thinking businesses recognize that managing security, compliance, and AI governance in isolation is inefficient. A unified approach consolidates risk management efforts into a cohesive, scalable framework. By breaking down operational silos, organizations can streamline workflows, improve efficiency through AI-driven automation, and proactively mitigate security threats. Integrating compliance and security within a single system ensures better regulatory adherence while reducing the complexity of data management.

To stay ahead of emerging threats, organizations must modernize their approach to data security and governance. Investing in AI-driven security solutions enables businesses to automate data classification, detect vulnerabilities, and safeguard sensitive information at scale. Shifting from reactive compliance measures to proactive strategies ensures that regulatory requirements are met without last-minute adjustments. Moving away from fragmented security solutions and adopting a modular, scalable platform allows businesses to reduce risk and maintain resilience in an ever-evolving digital landscape. Those that embrace a forward-thinking, unified strategy will be best positioned for long-term success.

South Korea Blocks DeepSeek AI App Downloads Amid Data Security Investigation



 

South Korea

AI Apps AI technology Data Privacy data security DeepSeek Privacy privacy laws South Korea

South Korea Blocks DeepSeek AI App Downloads Amid Data Security Investigation

South Korea has taken a firm stance on data privacy by temporarily blocking downloads of the Chinese AI app DeepSeek. The decision, announced by the Personal Information Protection Commission (PIPC), follows concerns about how the company collects and handles user data.

While the app remains accessible to existing users, authorities have strongly advised against entering personal information until a thorough review is complete. DeepSeek, developed by the Chinese AI Lab of the same name, launched in South Korea earlier this year. Shortly after, regulators began questioning its data collection practices.

Upon investigation, the PIPC discovered that DeepSeek had transferred South Korean user data to ByteDance, the parent company of TikTok. This revelation raised red flags, given the ongoing global scrutiny of Chinese tech firms over potential security risks. South Korea’s response reflects its increasing emphasis on digital sovereignty. The PIPC has stated that DeepSeek will only be reinstated on app stores once it aligns with national privacy regulations.

The AI company has since appointed a local representative and acknowledged that it was unfamiliar with South Korea’s legal framework when it launched the service. It has now committed to working with authorities to address compliance issues. DeepSeek’s privacy concerns extend beyond South Korea. Earlier this month, key government agencies—including the Ministry of Trade, Industry, and Energy, as well as Korea Hydro & Nuclear Power—temporarily blocked the app on official devices, citing security risks.

Australia has already prohibited the use of DeepSeek on government devices, while Italy’s data protection agency has ordered the company to disable its chatbot within its borders. Taiwan has gone a step further by banning all government departments from using DeepSeek AI, further illustrating the growing hesitancy toward Chinese AI firms.

DeepSeek, founded in 2023 by Liang Feng in Hangzhou, China, has positioned itself as a competitor to OpenAI’s ChatGPT, offering a free, open-source AI model. However, its rapid expansion has drawn scrutiny over potential data security vulnerabilities, especially in regions wary of foreign digital influence. South Korea’s decision underscores the broader challenge of regulating artificial intelligence in an era of increasing geopolitical and technological tensions.

As AI-powered applications become more integrated into daily life, governments are taking a closer look at the entities behind them, particularly when sensitive user data is involved. For now, DeepSeek’s future in South Korea hinges on whether it can address regulators’ concerns and demonstrate full compliance with the country’s strict data privacy standards. Until then, authorities remain cautious about allowing the app’s unrestricted use.

DeepSeek AI Raises Data Security Concerns Amid Ties to China



 

DeepSeek

AI Models AI technology AI Threat China Cyber Security Data Mining Data Privacy data security DeepSeek

DeepSeek AI Raises Data Security Concerns Amid Ties to China

The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google.

However, its rapid rise in popularity has also sparked serious concerns about data security, with critics drawing comparisons to TikTok and its ties to China. Government officials and cybersecurity experts warn that the open-source AI assistant could pose a significant risk to American users.

On Thursday, two U.S. lawmakers announced plans to introduce legislation banning DeepSeek from all government devices, citing fears that the Chinese Communist Party (CCP) could access sensitive data collected by the app. This move follows similar actions in Australia and several U.S. states, with New York recently enacting a statewide ban on government systems.

The growing concern stems from China’s data laws, which require companies to share user information with the government upon request. Like TikTok, DeepSeek’s data could be mined for intelligence purposes or even used to push disinformation campaigns. Although the AI app is the current focus of security conversations, experts say that the risks extend beyond any single model, and users should exercise caution with all AI systems.

Unlike social media platforms that users can consciously avoid, AI models like DeepSeek are more difficult to track. Dimitri Sirota, CEO of BigID, a cybersecurity company specializing in AI security compliance, points out that many companies already use multiple AI models, often switching between them without users’ knowledge. This fluidity makes it challenging to control where sensitive data might end up.

Kelcey Morgan, senior manager of product management at Rapid7, emphasizes that businesses and individuals should take a broad approach to AI security. Instead of focusing solely on DeepSeek, companies should develop comprehensive practices to protect their data, regardless of the latest AI trend. The potential for China to use DeepSeek’s data for intelligence is not far-fetched, according to cybersecurity experts.

With significant computing power and data processing capabilities, the CCP could combine information from multiple sources to create detailed profiles of American users. Though this might not seem urgent now, experts warn that today’s young, casual users could grow into influential figures worth targeting in the future.

To stay safe, experts advise treating AI interactions with the same caution as any online activity. Users should avoid sharing sensitive information, be skeptical of unusual questions, and thoroughly review an app’s terms and conditions. Ultimately, staying informed and vigilant about where and how data is shared will be critical as AI technologies continue to evolve and become more integrated into everyday life.

Apple Patches Zero-Day Flaw allowing Third-Party Access to Locked Devices



 

Vulnerabilities and Exploits

Data Privacy Locked Device Security Patch Tech Giant Vulnerabilities and Exploits

Apple Patches Zero-Day Flaw allowing Third-Party Access to Locked Devices

Tech giant Apple fixed a vulnerability that "may have been leveraged in a highly sophisticated campaign against specific targeted individuals" in its iOS and iPadOS mobile operating system updates earlier this week.

According to the company's release notes for iOS 18.3.1 and iPadOS 18.3.1, the vulnerability made it possible to disable USB Restricted Mode "on a locked device." A security feature known as USB Restricted Mode was first introduced in 2018 and prevents an iPhone or iPad from sending data via a USB connection if the device hasn't been unlocked for seven days.

In order to make it more challenging for law enforcement or criminals employing forensic tools to access data on those devices, Apple announced a new security feature last year which triggers devices to reboot if they are not unlocked for 72 hours.

Based on the language used in its security update, Apple suggests that the attacks were most likely carried out with physical control of a person's device, implying that whoever exploited this vulnerability had to connect to the person's Apple devices using a forensics device such as Cellebrite or Graykey, two systems that allow law enforcement to unlock and access data stored on iPhones and other devices. Bill Marczak, a senior researcher at Citizen Lab, a University of Toronto group that studies cyberattacks on civil society, uncovered the flaw.

However, it remains unclear who was responsible for exploiting this vulnerability and against whom it was used. However, there have been reported instances in the past in which law enforcement agencies employed forensic tools, which often exploit zero-day flaws in devices such as the iPhone, to unlock them and access the data inside.

Amnesty International published a report in December 2024 detailing a string of assaults by Serbian authorities in which they utilised Cellebrite to unlock the phones of journalists and activists in the nation before infecting them with malware. According to security experts, the Cellebrite forensic tools were probably used "widely" on members of civil society, Amnesty stated.

Amazon Faces Lawsuit Over Alleged Secret Collection and Sale of User Location Data



 

Data Theft

Amazon class action lawsuits Data Breach Data Harvesting SDK Data Privacy Data Safety User Data data security Data Theft

Amazon Faces Lawsuit Over Alleged Secret Collection and Sale of User Location Data

A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software development kit (SDK) to extract sensitive geolocation information from mobile apps. According to the lawsuit, plaintiff Felix Kolotinsky of San Mateo claims

Amazon embedded its SDK into numerous mobile applications, allowing the company to collect precise, timestamped location details. Users were reportedly unaware that their movements were being tracked and stored. Kolotinsky states that his own data was accessed through the widely used “Speedtest by Ookla” app. The lawsuit contends that Amazon’s data collection practices could reveal personal details such as users’ home addresses, workplaces, shopping habits, and frequented locations.

It also raises concerns that this data might expose sensitive aspects of users’ lives, including religious practices, medical visits, and sexual orientation. Furthermore, the complaint alleges that Amazon leveraged this information to build detailed consumer profiles for targeted advertising, violating California’s privacy and computer access laws. This case is part of a broader legal pushback against tech companies and data brokers accused of misusing location tracking technologies.

In a similar instance, the state of Texas recently filed a lawsuit against Allstate, alleging the insurance company monitored drivers’ locations via mobile SDKs and sold the data to other insurers. Another legal challenge in 2024 targeted Twilio, claiming its SDK unlawfully harvested private user data. Amazon has faced multiple privacy-related controversies in recent years. In 2020, it terminated several employees for leaking customer data, including email addresses and phone numbers, to third parties.

More recently, in June 2023, Amazon agreed to a $31 million settlement over privacy violations tied to its Alexa voice assistant and Ring doorbell products. That lawsuit accused the company of storing children’s voice recordings indefinitely and using them to refine its artificial intelligence, breaching federal child privacy laws.

Amazon has not yet issued a response to the latest allegations. The lawsuit, Kolotinsky v. Amazon.com Inc., seeks compensation for affected California residents and calls for an end to the company’s alleged unauthorized data collection practices.

Researchers at University of Crete Developes Uncrackable Optical Encryption



 

University of Crete

Advanced Technology Data Privacy Hologram Optical Encryption University of Crete

Researchers at University of Crete Developes Uncrackable Optical Encryption

An optical encryption technique developed by researchers at the Foundation for Research and Technology Hellas (FORTH) and the University of Crete in Greece is claimed to provide an exceptionally high level of security.

According to Optica, the system decodes the complex spatial information in the scrambled images by retrieving intricately jumbled information from a hologram using trained neural networks.

“From rapidly evolving digital currencies to governance, healthcare, communications and social networks, the demand for robust protection systems to combat digital fraud continues to grow," stated project leader Stelios Tzortzakis.

"Our new system achieves an exceptional level of encryption by utilizing a neural network to generate the decryption key, which can only be created by the owner of the encryption system.”

Optical encryption secures data at the network's optical transport level, avoiding slowing down the overall system with additional hardware at the non-optical levels. This strategy may make it easier to establish authentication procedures at both ends of the transfer to verify data integrity.

The researchers investigated whether ultrashort laser filaments travelling in a highly nonlinear and turbulent medium might transfer optical information, such as a target's shape, that had been encoded in holograms of those shapes. The researchers claim that this renders the original data totally scrambled and unretrievable by any physical modelling or experimental method.

Data scrambled by passage via ethanol liquid

A femtosecond laser was used in the experimental setup to pass through a prepared hologram and into a cuvette that contained liquid ethanol. A CCD sensor recorded the optical data, which appeared as a highly scrambled and disorganised image due to laser filamentation and thermally generated turbulence in the liquid.

"The challenge was figuring out how to decrypt the information," said Tzortzakis. “We came up with the idea of training neural networks to recognize the incredibly fine details of the scrambled light patterns. By creating billions of complex connections, or synapses, within the neural networks, we were able to reconstruct the original light beam shapes.”

In trials, the method was used to encrypt and decrypt thousands of handwritten digits and reference forms. After optimising the experimental approach and training the neural network, the encoded images were properly retrieved 90 to 95 percent of the time, with additional improvements potential with more thorough neural network training.

The team is now working on ways to use a less expensive and bulkier laser system, as a necessary step towards commercialising the approach for a variety of potential industrial encryption uses.

“Our study provides a strong foundation for many applications, especially cryptography and secure wireless optical communication, paving the way for next-generation telecommunication technologies," concluded Tzortzakis.

Federal Employees Sue OPM Over Alleged Unauthorized Email Database



 

privacy laws

Cyber Security Data Privacy data security Elon Musk Email OPM data breach privacy laws

Federal Employees Sue OPM Over Alleged Unauthorized Email Database

Two federal employees have filed a lawsuit against the Office of Personnel Management (OPM), alleging that a newly implemented email system is being used to compile a database of federal workers without proper authorization. The lawsuit raises concerns about potential misuse of employee information and suggests a possible connection to Elon Musk, though no concrete evidence has been provided. The controversy began when OPM sent emails to employees, claiming it was testing a new communication system. Recipients were asked to reply to confirm receipt, but the plaintiffs argue that this was more than a routine test—it was an attempt to secretly create a list of government workers for future personnel decisions, including potential job cuts.

Key Allegations and Concerns

The lawsuit names Amanda Scales, a former executive at Musk’s artificial intelligence company, xAI, who now serves as OPM’s chief of staff. The plaintiffs suspect that her appointment may be linked to the email system’s implementation, though they have not provided definitive proof. They claim that an unauthorized email server was set up within OPM’s offices, making it appear as though messages were coming from official government sources when they were actually routed through a separate system.

An anonymous OPM employee’s post, cited in the lawsuit, alleges that the agency’s Chief Information Officer, Melvin Brown, was sidelined after refusing to implement the email list. The post further claims that a physical server was installed at OPM headquarters, enabling external entities to send messages that appeared to originate from within the agency. These allegations have raised serious concerns about transparency and data security within the federal government.

The lawsuit also argues that the email system violates the E-Government Act of 2002, which requires federal agencies to conduct strict privacy assessments before creating databases containing personal information. The plaintiffs contend that OPM bypassed these requirements, putting employees at risk of having their information used without consent.

Broader Implications and Employee Anxiety

Beyond the legal issues, the case reflects growing anxiety among federal employees about potential restructuring under the new administration. Reports suggest that significant workforce reductions may be on the horizon, and the lawsuit implies that the email system could play a role in streamlining mass layoffs. If the allegations are proven true, it could have major implications for how employee information is collected and used in the future.

As of now, OPM has not officially responded to the allegations, and there is no definitive proof linking the email system to Musk or any specific policy agenda. However, the case has sparked widespread discussions about transparency, data security, and the ethical use of employee information within the federal government. The lawsuit highlights the need for stricter oversight and accountability to ensure that federal employees’ privacy rights are protected.

The lawsuit against OPM underscores the growing tension between federal employees and government agencies over data privacy and transparency. While the allegations remain unproven, they raise important questions about the ethical use of employee information and the potential for misuse in decision-making processes. As the case unfolds, it could set a precedent for how federal agencies handle employee data and implement new systems in the future. For now, the controversy serves as a reminder of the importance of safeguarding privacy and ensuring accountability in government operations.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

WhatsApp claims even it can not process private data

About private processing

About the system

WhatsApp builds AI through wider privacy concerns

Ilusion of Privacy: VPNs collecting data

Concerns around ownership structures

Amid outrage, Google and Apple respond

Privacy scare can damage stock valuations

Key Allegations and Concerns

Broader Implications and Employee Anxiety