privacy

Google Chrome is automatically downloading a 4GB Gemini Nano model weights file to users' devices to power on-device AI features like scam detection and writing assistance, often without clear notification about storage requirements. Users can disable the On-Device AI toggle in Chrome settings to remove the file and prevent re-downloads.

The European Parliamentary Research Service (EPRS) has labeled VPNs 'a loophole that needs closing' in the context of online age-verification laws, raising concerns about children bypassing regional content restrictions. The push has sparked pushback from privacy advocates and VPN providers, highlighting tensions between child safety regulation and digital privacy rights.

Meta is removing end-to-end encryption from Instagram DMs, effective May 8, 2026, citing low opt-in rates. The decision comes amid controversy, including a New Mexico lawsuit alleging E2E encryption hinders child safety efforts, with the company directing users to WhatsApp where E2E is enabled by default.

Google's next-generation reCAPTCHA now requires Play Services on Android, breaking verification for de-Googled users and raising privacy concerns about ecosystem control.

The article argues that Google's newly announced Cloud Fraud Defense is essentially a rebranded version of the controversial Web Environment Integrity proposal that Google withdrew in 2023 after widespread criticism, raising concerns about device attestation and user privacy.

A web page that reveals the information your browser shares without your explicit consent, demonstrating browser fingerprinting and data leakage.

The article argues that the future of AI lies not in better prompting, but in establishing private human-AI protocols that define personal working styles, boundaries, and safety rules for autonomous agents.

This paper introduces 'constant-context skill learning,' a framework that moves procedural knowledge from prompts into model weights to reduce token usage and improve privacy for LLM agents. The method achieves strong performance on benchmarks like ALFWorld and WebShop while significantly reducing inference costs.

Google Chrome is silently installing a 4 GB Gemini Nano AI model on user devices without explicit consent or opt-out UI, raising significant privacy, legal, and environmental concerns.

DELIGHT is a self-hosted AI engineering autopilot that combines local LLMs, a browser farm, and a semantic repo graph to automate development tasks without sending data to the cloud.

Reefy allows users to turn any PC into a private AI machine, running AI locally on their hardware.

MediaOptim is a tool that compresses images, video, and audio locally to save storage without uploading files.

RNDA is a data protocol designed to ensure that raw data is never stored, focusing on privacy and security.

OpenAI introduces 'Trusted Contact' in ChatGPT, a safety feature allowing adults to nominate a trusted person to be notified if serious self-harm concerns are detected during conversations.

Researcher Alexander Hanff claims Google Chrome silently downloads a 4GB AI model to user devices without consent, raising concerns about potential violations of EU privacy laws and significant energy consumption.

OpenAI explains how ChatGPT learns from public data and user interactions while protecting privacy through filtering and user controls.

A warning that Claude Code may be reading .env files containing API keys, database passwords, and other secrets, sending them to Anthropic's servers via conversation logs, with a claimed fix involving a settings.json configuration.

OpenAI has introduced 'Advanced Account Security,' a new opt-in setting for ChatGPT and Codex that enforces phishing-resistant sign-in methods, restricts account recovery options, shortens sessions, and automatically excludes conversations from model training.

Trustworthy Technology launches as a movement promoting open hardware, FOSS, and respectful services to restore user freedom, privacy, and informed consent in tech products.

Citizen Lab exposed two surveillance campaigns exploiting SS7 and Diameter flaws to track phone locations via rogue telecom access.