"everybody who's out there thinking of using VPNs, let me just say to you directly, verifying your age keeps a child safe...So let's just not try and find a way around. Just prove your age." - UK government.

WHOA: Could Germany Ban Ad Blockers? German megapublisher Axel Springer is asking a German court to ban an ad-blocker. They claim HTML/ CSS of their sites are protected computer programs. And influencing they are displayed (e.g by removing ads) violates copyright. I'm in puzzled wonderment at this claim. Preventing ad-blocking would be a huge blow to German cybersecurity and privacy. There are critical security & privacy reasons to influence how a websites code gets displayed. Like stripping out dangerous code & malvertising. Hacking risks from the online advertising are documented. Any attempt to force Germans to run all of the code on a website without consideration for their privacy and security rights and needs will end very, very poorly. Defining HTML/CSS as a protected computer program will quickly lead to absurdities touching every corner of the internet. Just think of the potential infringements: -Screen readers for the blind -'Dark mode' bowser extensions -Displaying snippets of code in a university class -Inspecting & modifying code in your own browser -Website translators Or blocking unwanted trackers. This is why most governments do it on their systems. I'm not a lawyer, but if Axel Springer wins the consequences are just nuts: Basic stuff like bookmarking & saving a local copy of a website might be legally risky. The Wayback Machine & internet archives and libraries might be violators. This might even extend to search engines displaying excerpts of sites. Code sharing sites like GitHub could become a liability minefield... The list goes on and on. Finally, only one country has banned ad-blockers. China. This is not good company for Germany. READ MORE: From Mozilla

Open Policy & Advocacy

Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. – Open Policy & Advocacy

Across the internet, users rely on browsers and extensions to shape how they experience the web: to protect their privacy, improve accessibility, b...

Bleeping Computer:

BleepingComputer

Mozilla warns Germany could soon declare ad blockers illegal

A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyrigh...

NEW: UK reportedly drops secret demand for Apple encryption backdoor. Good. While there was strong activist pressure here the key push came from the US government. But there is zero rest for the weary as the UK has been leaning much harder into Age Verification. Which is another mechanism for gaining deep visibility into peoples online activity. Story:

The Verge

UK drops demand for backdoor into Apple encryption

Here’s hoping that ADP returns to the UK.

Location tracking based on interior pictures. It will be abused to target people. Post the inside your place at your peril.

Earliest days of vibecoding-as-a-target. Without a radical increase in security, vibecoders will get wiped out & lose their savings. And their companies will get hit with fat breaches. Me? I'm waiting for attackers to figure out how to reliably slip backdoors into vibecoded outputs at scale.

Neuroticism? Ripping. Conscientiousness & agreeableness? Dipping. Via FT: https://www.ft.com/content/5cd77ef0-b546-4105-8946-36db3f84dc43

NEW: 🇩🇪Germany's top court says spyware severely violates fundamental rights. Bans spyware in cases with <3year sentences. Enforces tough proportionality tests on all surveillance. Restricts spyware to serious cases. Interesting development. Court says: capturing data at the source (i.e. on someone's phone) is maximally invasive. Especially given how much of our lives happens online. They also surface the security risks to systems from this kind of surveillance. Watching Germany's highest court grapple with spyware's invasiveness & rights violations is instructive. States wielding spyware without robust legal limitations and tight judicial oversight... are almost guaranteed to be violating their citizens' basic rights. In so many jurisdictions, state secrecy & lack of effective legal challenges means spyware harms happening daily Huge credit to German digital freedoms organization #digitalcourage for bringing this case. Court statement: https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2025/bvg25-069.html

Internet-connected microphones in school bathrooms. What could go wrong? Mandated microphones in private spaces are a bad idea. Throwing invasive sensors into private spaces rarely fixes socially scary problems. But is almost guaranteed to have risky downsides. Story:

WIRED

It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug

A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow ...

Regular people know that age verification mandates won't work. But they are worried about their children's safety, and they aren't being offered non-dystopian alternatives.

LLM chat exposures keep on coming. Why? My theory is that these platforms don't do a very good job explaining to users what their public/share features mean. Result: users may think that while something is public that doesn't necessarily mean that anyone is indexing or caching. Story:

404 Media

More than 130,000 Claude, Grok, ChatGPT, and Other LLM Chats Readable on Archive.org

The issue of publicly saving shared LLM chats is bigger than just Google.

What took them so long? Maybe they had to dust off exploits from the 2000s? Or maybe the better question is: how many unnoticed breaches have happened here. It is an open secret (ask any lawyer) that these court filing systems are incredibly out of date. https://www.politico.com/news/2025/08/06/federal-court-filing-system-pacer-hack-00496916

Age verification laws are coming fast. And, from my perspective, opponents are struggling to find impactful messaging to explain to the general public the damage they are about to do to freedom. Or to propose alternate futures that address the underlying anxieties. Sure, most folks that are here on #Nostr intuitively understand the dangers... And nod along when we gesture at the dangers of surveillance overreach. But I worry that the common language for talking about these initiatives typically relies on some priors that are not universally shared outside people that live and breathe concerns about tech. Saying that something is a surveillance dystopia works on me. But not the neighbors. I'm guilty of being inside this language bubble too, and it's hard to escape. Yet, when faced with politicians talking about protecting kids from bad things that parents feel they see right now... I worry that the communities doing pushback are struggling to: 1 -find framing that makes *enough sense* to the vast majority of people that they say 'ok this is net bad' and push back 2- find their own ways to productively connect with the anxieties that politicians are drawing on. E.g. worried parents. 3- offer things that are honest, well meaning alternative paths for the underlying problems Anyone have thoughts on this? #AskNostr

It seems to me like a strong anti-AI view is becoming left / progressive coded. I'd love to understand this better. Anyone have thoughts?

Rhisotope Sauce:

South African rhino horns turned radioactive to fight poachers

The scheme is the latest innovation in decades of work aiming to protect South Africa’s rhinos.

Google bad ux. And you'll get your results in Comic Sans. Try it

It is a lot easier to celebrate a turn towards dictatorship when you are untethered to historical knowledge. No amount of centralized power delivers a society with true personal freedom in the long run. History shows that even when dictatorships perform 'well' on some factors, especially in the short term, they send people into a freedom-robbing labyrinth. Do you care about personal liberty? Because in the long run with dictatorships you will lose on having a society that supports freedom, personal rights and liberties and decentralization of knowledge and innovation. Because dictatorships concentrate power without balance. Over time as inequalities & unfairness become severe... the rule gets more brittle. And dictators have to give more favors to the people that help them stay in power. Like economic favors. People with ambition then need to play into the system and help prop up the dictator if they want to keep their resources. Even then they are vulnerable to having everything taken. And for anyone that dares point out increasingly obvious flaws? Well, most dictatorships invariably slide into repression. People with new, better ideas that also happen to challenge the dictators entrenched interests? Or those of the dictators necessary economic allies? Family members? Point out corruption? Co-opted or cut down. Fueled by massive surveillance. And the threat of violence. Because self-censorship scales better than physical coercion on each person. People see opportunity for personal advantage. Some become informers. Some delight in the cruelty of seeing people they dislike arbitrarily punished. And when the strong leader dies? The society can be incredibly unstable as it carries the weight of so many injustices, so many lies. And for the system to persist? More repression needed.

Vibecoding is super interesting. And powerful. Coding syntax is getting better. But secure coding isn't keeping pace. In a test of 100 coding models, 45% of them introduced a serious vulnerability. For example, in 86% of tests, code wasn't secured against Cross-Site Scripting. NOW-TERM IMPLICATIONS This has big implications. Sure, there are the YOLOcoders that ship whole vibecoded apps without thinking about security. Or code review. Some percentage of their users will get rekt. If those projects get near high risk users, they are sprinkling knives in the weeds with potential for harm. BUT BIGGER MODELS = BETTER? Interestingly, even big fat models aren't massively better with security. S'EVERYWHERE My other worry? Vibecoding without security check steps is happening in existing projects / platforms etc. Even when people say they are coding. Sometimes they be vibecoding. This sort of thing has already come to tools you use, including to handle your funds & privacy. Sure secure code writing & review has never been anything near universal, but the scale and speed of new code creation that #vibecoding enables is new. VULNERABILITY DISCOVERY...ALSO ACCELERATING ICYMI, vulnerability DISCOVERY is also accelerating a lot faster than secure code creation... Whole industries are spinning up, including lots of offensive projects. ME? I #VIBECODE I love the change in how I create with code. But I think we are in for some really rough times, and the least informed parties are gonna be users. As ever. In the longer run this problem space also seems to offer paths for AI-driven improvement in secure code creation. But since not everything is accelerating at the same pace, the deltas = harm. Sauce:

Veracode

We Asked 100+ AI Models to Write Code. Here’s How Many Failed Security Tests. | Veracode

Application Security for the AI Era | Veracode

The EU's Digital Identity Wallet project has a lot of big icks. Looking at the GitHub for the android Age Verification application feels like chewing rocks. Like the proprietary attestation baked into a must-use form of identification is absolutely the wrong path... And while we're at it, recall the rule of thumb: Age Verification either by deliberate or convenient naïveté is almost always a surveillance trojan horse. Source:

GitHub

GitHub - eu-digital-identity-wallet/av-app-android-wallet-ui

Contribute to eu-digital-identity-wallet/av-app-android-wallet-ui development by creating an account on GitHub.

Proton #VPN signups spike1,400% as the UK Online Safety Act rolls out. Proton says spike is sustained & higher than when France blocked adult content. Source: https://archive.ph/i2d9W

Tea enforced ID & selfie collection. And doxxed their own users. In other news, the UK Online Safety Act is forcing websites to begin collecting IDs. This will end, predictably in fresh breaches. And more harm to users.