Privacy & Digital Rights

FROST is a browser side channel that uses OPFS storage timing and SSD contention to infer what else is happening on your machine. It is not a catastrophe. It is a warning about how much power we keep handing to ordinary web pages.

On May 8, Meta quietly removed end-to-end encryption from Instagram DMs. The stated reason was low adoption. The timing — 11 days before the Take It Down Act takes effect — tells a different story.

ShinyHunters breached Instructure's Canvas platform for the second time in eight months. The stolen data includes student messages, names, and IDs across 9,000 schools — from a system students were required to use.

Madison Square Garden's biometric system has been used to preemptively enroll critics who never visited, eject a 9-year-old because of her mother's law firm, and compile an 18-page surveillance dossier on a trans woman. A lawsuit put the specifics on paper.

The EU Parliament voted to let the legal basis for mass-scanning private messages expire. Google, Meta, Microsoft, and Snap were all operating under that safe harbor. It's the most significant institutional win for encrypted communications in years — and the pressure hasn't dissolved.

Buried in New York's 2026-2027 budget is a provision that would require every 3D printer sold in the state to run state-maintained censorware on every print job. California has its own version. This is not about guns.

Google handed a Cornell PhD student's data to ICE without notice — voluntarily, when no law required it. Congress votes on Section 702 in three days.

Modern cars are essentially smartphones on wheels, collecting vast amounts of data. Here is what they track and how to use GDPR to fight back.

A wave of social engineering attacks is hitting fintech companies hard. Here's why they have so much of your data and how to limit your exposure.

The Canada Goose breach is a reminder that every online purchase creates a data trail. Here's how to minimize yours.

That helpful browser extension or Outlook add-in might be harvesting everything you type. Here's how to audit what's watching you.

The EU just ruled TikTok's design is illegally addictive. Here's how to reclaim your attention on every major platform.

Email aliases are the simplest way to limit your exposure when services inevitably get breached.

Your conversations with ChatGPT, Claude, and Gemini aren't as private as you might think. Here's what each company does with your data and how to protect yourself.

What the Match Group breach means for your privacy, and how to protect yourself on dating apps.

A practical guide to removing your personal information from data broker sites — with a focus on your GDPR rights.

A practical guide to reducing location tracking on your smartphone without throwing it in the ocean.

Cutting through the marketing hype to explain what VPNs actually do and whether you need one.