Internet Freedom Monthly: News Recap, May 2026
May produced 54 stories, and the volume alone would be enough to make the point, but the pattern makes it more vivid.
Age verification climbed from websites to social media platforms to operating systems, with California's law forcing OS makers to pipe your age bracket to every developer who asks. Russia's mandatory state messenger was caught detecting VPNs, surveilling users, and pinging a server-controlled list of blocked domains.
Meanwhile, the EU spent the month simultaneously funding a Serbian government that publicly vilifies its own press and drafting a teen social media ban on evidence so thin that the researchers it cited asked for their names to be removed. And everywhere, the justifications rotated on cue between child safety, national security, and platform accountability.
This article covers all the most important internet freedom developments from May 2026. The tools change, the legislation gets rebranded, and the press releases get softer, but the direction of travel stays perfectly consistent.
Utah's Anti-VPN Law, Which Kicks In This Week, Might Break the Web for Everyone
Utah's App Store Transparency Act took effect in May 2026, requiring app stores to verify the age of every user and restricting what minors can access, and because VPNs can mask device location, the law effectively threatens to break geolocation-dependent compliance for every app operating in the state. The implications extend well beyond Utah's borders, since developers serving a national or global audience can't easily wall off one state without affecting functionality for everyone else.
Iran's Blackout Has Hit 66 Days and Smugglers Are the Last Line of Resistance
By early May, Iran's internet blackout had reached 66 days, making it one of the longest recorded shutdowns in the country's history. With official channels blocked, a gray market of Starlink dishes and smuggled routers has become the primary means of connectivity for ordinary Iranians, run by networks operating at considerable personal risk. The state cut the wire, and the population is routing around it by hand.
World Press Freedom Day 2026: Celebrating a Value That Is Losing Ground Fast
World Press Freedom Day 2026 arrived against a backdrop of record journalist imprisonments, escalating legal harassment campaigns, and governments in democratic countries using courts and visa revocations to discipline unfriendly outlets.
The occasion offered an opportunity to take stock of how far the ground has shifted, and the picture isn't one that supports much celebration. Press freedom indices track declines across nearly every region, with the mechanisms of suppression growing more varied and harder to contest.
New Mexico Pushes to Rewire Meta Platforms for Minors
New Mexico filed suit against Meta, arguing that Instagram and Facebook were designed to harm minors and demanding structural changes to how the platforms operate for underage users.
The state's complaint focuses on algorithmic amplification of harmful content and the company's internal knowledge of the risks, citing internal documents suggesting Meta had evidence of harm and chose engagement over intervention. The case adds to a growing pile of state-level litigation that Meta is managing across multiple fronts simultaneously.
Beaten Into Testifying: How Senegal Convicted Journalist René Capain Bassène
Senegalese journalist René Capain Bassène was convicted following a prosecution that relied, in significant part, on testimony extracted under physical coercion.
Bassène had been reporting on armed conflict in the Casamance region and was charged in connection with that work, drawing international condemnation not only for the conviction itself but also for documented mistreatment during the investigative phase, which courts failed to treat as disqualifying. It was a prosecution that exposed how legal process can be made to absorb abuse without formally acknowledging it.
Motorola Weaponized Indian Defamation Law Against Platforms, and Speech Will Pay the Price
Motorola used India's civil defamation framework to pursue legal action against platforms hosting critical commentary about its products, setting a precedent that corporate actors can weaponize speech law in a jurisdiction where defamation thresholds are low and litigation costs are high.
The tactic illustrates a broader pattern of using legal mechanisms designed for personal reputation protection as instruments of platform pressure, with the chilling effect landing not just on the original commenters but on every platform weighing whether user content is worth the legal exposure.
US Revokes Visas for Five La Nación Directors Over Their Editorial Line
The US State Department revoked visas for five directors of Costa Rican newspaper La Nación, a move the paper's leadership attributed directly to its critical coverage of US immigration policy.
It was an unusually direct use of visa authority as editorial pressure, targeting named individuals at a private media outlet in a democratic ally country rather than sanctioning a government or institution. La Nación had published reporting that contradicted the administration's preferred framing on deportation flights, and the timing left little room for alternative explanations.
UK Age Verification Is Being Outsmarted by Eyebrow Pencils and Fake Birthdays
Ofcom's age verification rollout for UK pornography sites was, within weeks of implementation, being bypassed through methods including covering the face with makeup during facial age estimation scans and submitting false birth dates that the systems can't cross-reference.
The failure was predictable, as critics had noted during the consultation period that any system relying on facial estimation or self-reported data could be defeated trivially, but the rollout proceeded anyway. The actual outcome is a surveillance infrastructure that collects genuine data from compliant adults while stopping virtually none of the minors it was built to screen out.
Nineteen Organizations Tell UK Policymakers to Fix Big Tech, Not Users
A coalition of 19 civil society organizations published an open letter to UK policymakers arguing that the government's approach to online safety is systematically misplaced, focused on surveilling and restricting users rather than holding platforms accountable for their design choices.
The letter calls for structural obligations on platform architecture rather than age gates and content filters that put the compliance burden on individuals. The coalition includes organizations covering children's rights, digital rights, and journalism, making it harder to dismiss as a narrow tech-industry position.
Russia Plans to Kill 92% of VPN Access by 2030, With Billions Already Allocated
Russia's communications regulator Roskomnadzor published plans to block 92% of VPN services currently accessible in the country by 2030, with billions of rubles already earmarked for the technical infrastructure required to implement the restriction at scale.
The plan builds on Russia's existing TSPU deep packet inspection network, deployed across ISPs as a blocking layer. The 92% figure is notable for its specificity, suggesting operational planning rather than political signaling, backed by a named target and a budget.
MFRR Partners Warn Georgia Is Dismantling Its Press, One Law at a Time
The Media Freedom Rapid Response coalition published a report documenting how the Georgian government has used a sequence of legislative moves to systematically weaken press independence, including laws on foreign agents, broadcast licensing restrictions, and tax measures that disproportionately burden independent outlets.
The pattern isn't a single dramatic act of censorship but an accumulation of individually deniable legal changes that collectively narrow the space for critical journalism, with Georgia's EU candidacy still nominally active and European silence on the findings particularly notable.
Four Years After the Spying, Barcelona Reopened the Òmnium Pegasus Case
Barcelona's courts reopened proceedings in the case involving Pegasus spyware used against Òmnium Cultural, a Catalan civil society organization, four years after the surveillance was first documented. The delay itself was part of the story, with four years passing in which the targets had lived with knowledge of state-grade spyware used against them and no one had faced meaningful accountability.
The reopening was a procedural step, not a verdict, but it keeps alive the possibility that using commercial spyware against civil society in a European democracy might eventually produce legal consequences.
Moscow Goes Dark for Victory Day and Russia Isn't Even Hiding It Anymore
Russia implemented widespread internet restrictions around Victory Day celebrations in May, including disruptions to messaging apps and social media platforms in multiple cities, with mobile signals jammed in areas where unofficial commemorations or protests were anticipated.
What distinguished this instance from earlier blackouts was the absence of any official denial, with Russian authorities making no effort to attribute the disruptions to technical faults or third-party interference. Shutdowns have become routine enough that the government no longer considers a cover story necessary.
Most EU Countries Missed a Deadline to Stop Lawsuits That Silence Journalists
The EU's anti-SLAPP directive, designed to protect journalists and civil society from abusive cross-border litigation, required member states to transpose it into national law by May 2026, and most missed the deadline.
The directive had been negotiated specifically because strategic lawsuits against public participation, meritless cases designed to exhaust defendants financially rather than succeed legally, had become a documented pressure tactic against investigative reporters across the bloc. The transposition failures leave the gap in protection open exactly where it was supposed to be closed.
A Cold War Doomsday Book Could Now Be Used to Silence Press and Detain Citizens
A presidential preparedness document dating to the Cold War era, never formally repealed and containing broad emergency authority, resurfaced in legal analysis suggesting it could be invoked to restrict press activity and authorize detention of citizens without standard due process protections.
The document's existence was not new, but the analysis gives it renewed relevance in a political context where executive authority has been expanding and institutional checks have been challenged repeatedly. The concern isn't that the book will be opened tomorrow. It's that a tool for silencing the press is sitting on a shelf with no expiry date.
Cannes 2026 Celebrates World Cinema From Behind a Licensing Paywall
Cannes 2026 opened with the usual fanfare and the usual frustration, with films celebrated as landmarks of world cinema inaccessible to most of the world due to territorial licensing arrangements determining which platforms can stream what and where.
The festival's prestige operates globally, while its actual content distribution operates through a country-by-country licensing system that hasn't been meaningfully updated to reflect how audiences now consume film. The gap between what Cannes says cinema is for and what it's actually accessible to remains as wide as the previous year.
Eurovision Sells the Dream of a Borderless Europe and Then Geoblocks the Stream
Eurovision 2026, running May 12–16 at Vienna's Wiener Stadthalle, billed itself as a pan-European celebration open to 200 million viewers, but the European Broadcasting Union's territorial licensing system meant that access depended entirely on where you happened to live.
National member broadcasters held country-specific rights, and viewers in countries without broadcaster access or whose broadcaster had moved coverage behind a paywall had no legitimate route to the stream. The political boycott that removed five countries from the stage was the visible drama, while the licensing system quietly removed millions more from the audience.
When Romance Becomes Resistance: Hausa Women Writers and Digital Censorship
Hausa-language romance writers in northern Nigeria built a substantial readership through digital platforms, only to face a campaign of legal harassment and platform removal driven by conservative religious and political pressure on their work. The writers are using digital distribution to reach audiences that print infrastructure never effectively served, and the censorship campaigns are a direct response to that success.
For many of the writers targeted, the platforms aren't just distribution channels, they're the only route around gatekeeping structures that have historically excluded their voices entirely.
The EU Is Still Funding Serbia While Its Government Vilifies the Press
The European Commission continued disbursing pre-accession funds to Serbia in May 2026 despite documented and ongoing government pressure on independent media, including public statements by senior officials branding critical journalists as foreign agents and threatening them directly.
EU funding rules nominally require progress on rule of law and press freedom as conditions for continued financial support, but the disbursements continue regardless, producing a situation in which the EU is simultaneously publishing press freedom reports criticizing Serbian media conditions and writing checks to the government responsible for them.
The FCC Is Waging a Censorship Campaign Against Disney, a Commissioner Confirms
An FCC commissioner stated on record that the commission's regulatory actions against Disney were politically motivated, confirming what critics had been arguing since the investigations began. The cases involve broadcast license reviews and merger scrutiny timed to coincide with Disney's public disputes with the administration over content and editorial decisions.
Having a sitting commissioner characterize the agency's own proceedings as a censorship campaign moves the allegation from outside criticism to internal acknowledgment, which is a different thing entirely.
Gaza: Doctors Under Attack Wins BAFTA After the BBC Buried Its Own Investigation
The BBC documentary "Doctors Under Attack," investigating medical facility targeting in Gaza, won a BAFTA after the BBC had declined to broadcast it internally, shelving its own investigation amid editorial pressure over the subject matter.
The BAFTA win gave the film renewed visibility and sharpened the question of why the corporation that produced it chose not to air it. The sequence illustrates a pattern in which award bodies and audience reception are forcing into public view journalism that institutional broadcasters have decided is too uncomfortable to platform.
Microsoft's Own Investigation Caught Its Israeli Branch Spying on Palestinians
An internal Microsoft investigation found that its Israeli subsidiary had provided Azure cloud services used in surveillance operations targeting Palestinians, contrary to the company's stated policies on human rights due diligence.
The finding came from Microsoft's own review processes rather than from an external investigation, which makes the subsequent questions about what action was taken particularly pointed. The gap between what the company's policies say and what its infrastructure was being used for had been visible to its own investigators and continued regardless.
Maldives Sends Two Journalists to Jail Over a Documentary and a Question
Two Maldivian journalists were imprisoned after producing a documentary and posing questions to public officials that the government deemed problematic. The Maldives has been trending toward tighter press restrictions under its current administration, and the imprisonments confirm that the trend has moved from policy signals to direct enforcement.
Jailing reporters over a documentary and a question, neither of which alleged criminal wrongdoing by the journalists, marks a significant escalation that drew international condemnation without producing any change in the government's position.
EU Members Sold Spyware to Rights Abusers While Brussels Rewrote the Rules
EU member states sold commercial spyware to governments with documented records of using surveillance technology against journalists, activists, and political opponents, at the same time that the European Commission was drafting new rules meant to constrain exactly this kind of export.
The parallel timelines illustrate the gap between EU institutional commitments on human rights and the commercial decisions of member state governments operating within the same framework. The new rules, whenever finalized, will face a continent of precedent working against them.
The EU Is Moving Toward a Teen Social Media Ban Built on Contested Research
The European Commission advanced proposals for a default social media ban for users under 16, citing research on the harms of platform use for adolescent mental health, but the evidence base the proposals rely on is contested, with several of the cited researchers publicly disputing how their work has been characterized.
In at least one case, a researcher asked to have their name removed from supporting materials after concluding their findings didn't support the policy as drafted. Legislating on mental health grounds while the mental health researchers disagree is a particular kind of confidence.
Britain Is Finally Giving Security Researchers the Legal Cover They Were Always Owed
The UK government announced reforms to the Computer Misuse Act that would provide a statutory defense for security researchers acting in good faith, a protection that had been absent from the law since its enactment in 1990.
Researchers have for decades operated in a legal gray zone where exposing vulnerabilities could technically constitute an offense under the same statute designed to prosecute malicious actors. The reform doesn't resolve every ambiguity in the law, but it establishes the principle that finding and responsibly disclosing security flaws is not the same thing as exploiting them.
Moscow Bans Drone Strike Photos and Frames It as Fighting Misinformation
Russia's communications regulator issued guidance prohibiting the publication of photographs from drone strike sites, framing the restriction as a measure against the spread of misinformation.
Banning documentation of military strikes on Russian territory is presented not as censorship of war coverage but as an anti-disinformation initiative. It's a particularly efficient piece of rhetorical work, with the images that would contradict the official narrative reclassified as misinformation, making their removal the responsible editorial choice.
NetChoice Sues Nebraska Over a Digital ID Law That Is a Cybersecurity Disaster
Tech industry group NetChoice filed suit against Nebraska over a digital ID law that would require platforms to collect and verify government-issued identification from users as an age-verification mechanism.
The lawsuit argues that the law creates a cybersecurity liability by mandating the mass collection of sensitive identity documents by platforms not equipped to store them securely, with the breach risk constituting a foreseeable harm the state has chosen to impose on its own residents. Age verification and mass ID collection are being treated as the same thing, and they aren't.
Ofcom Fined a Suicide Forum Google Kept Serving to Vulnerable Users Online
Ofcom fined a forum promoting suicide methods that had continued to appear in Google search results for vulnerable users despite multiple prior complaints and takedown requests.
The fine highlights the gap between platform responsibility for what their search algorithms surface and the existing enforcement mechanisms for addressing it, with Google serving the results, the forum hosting the content, and the regulator fining the forum while the question of search accountability remains structurally unresolved. The users who found that forum through a Google search during a crisis were the shared product of both.
Australia's Social Media Ban Is Quietly Cutting Teens Off From the News
Australia's social media restrictions for under-16s, framed as a child protection measure, are having an unintended and largely undiscussed effect of removing teenagers from the primary channels through which they encounter news and current events.
Research tracking news consumption habits among the affected age group found significant drops in engagement with journalism alongside the intended drops in platform use, with no evidence that alternative news consumption habits have developed to replace them. A generation being protected from social media is also being systematically disconnected from the information environment.
Lifeline with a Catch: WTISD Has No Answer for Growing State-Ordered Shutdowns
World Telecommunications and Information Society Day 2026 passed with the usual institutional statements about connectivity as a right and the digital divide as an urgent global problem, without any meaningful engagement with the fact that a significant share of the world's internet shutdowns are being ordered by the governments represented in the room.
The gap between the ITU's stated mission of universal, meaningful connectivity and the behavior of its member states on shutdowns has never been wider, and the day's programming offered no mechanism for holding anyone accountable for that contradiction.
Fraudulent Copyright Claims Are Silencing Kazakh and Uzbek Journalists
Journalists and independent media outlets in Kazakhstan and Uzbekistan are facing a campaign of fraudulent copyright takedown claims targeting their published work on platforms including YouTube and Facebook, with coordinated filings designed to remove critical reporting under the guise of intellectual property enforcement.
The tactic exploits the automated nature of platform content moderation, since filing a DMCA-style claim is faster and cheaper than any legal proceeding, and restoration of removed content requires navigating a counter-notice process that most targeted outlets lack the resources to pursue effectively.
Indonesia's Military Brands Its Critics as Foreign Agents, Then Follows Through With Violence
Indonesia's military has been applying "foreign agent" framing to civil society critics, a designation with no formal legal status in Indonesian law but with documented consequences for the individuals labeled, including harassment, surveillance, and in several cases physical violence by actors the state makes no serious effort to investigate or prosecute.
The framing serves as a permission structure, recontextualizing subsequent action against labeled individuals as a security response rather than political repression. The label doesn't need to be legally enforceable to be functionally dangerous.
Bill C-22 Is Canada's Most Ambitious Surveillance Expansion in a Generation
Canada's Bill C-22 proposes an expanded framework for national security surveillance, including provisions that would broaden the scope of communications interception authorities and introduce new categories of data collection with limited judicial oversight.
Critics including privacy commissioners and civil liberties organizations describe it as the most significant expansion of Canadian surveillance powers in a generation, arguing that the safeguards built into the bill are structurally inadequate to constrain the authorities it creates. Canada's reputation as a middle-ground country on surveillance issues makes the scope of C-22 particularly notable.
Georgia Is Handing Speech Policing to Its Interior Ministry, Without Any Rules
Georgia's government moved authority over online hate speech enforcement to the Interior Ministry, with no published criteria for what would constitute a violation, no independent oversight mechanism, and no appeals process outlined in the enabling legislation.
Giving a ministry with law enforcement powers the authority to police speech online and doing so without a published rulebook creates a system where the definition of actionable speech is determined case by case by the same institution making the enforcement decisions. That's not a content moderation system. It's a discretionary suppression tool dressed in regulatory language.
YouTube Is Asking Users to Enroll in a Biometric Database to Stop Deepfakes
YouTube announced a program inviting users to submit biometric facial data as part of a system designed to identify and remove deepfake content using their likeness without consent. The pitch is framed around protection, but the mechanism requires handing YouTube a biometric template that will persist in the company's systems indefinitely.
Deepfake victims being asked to submit their face to a corporate database as the solution to having their face misused without their consent is the kind of logic that only works if you don't think about it for more than thirty seconds.
Discord Is End-to-End Encrypting Every Voice and Video Call, No Opt-In Required
Discord rolled out end-to-end encryption for all voice and video calls across the platform by default, requiring no action from users. The move is significant partly for its substance, since E2EE on voice and video calls meaningfully limits what Discord can access or be compelled to hand over, and partly for its framing, with no opt-in requirement, no premium tier, and no privacy-as-a-feature marketing.
Encryption is the baseline rather than an upgrade, and the fact that this is notable says something about how rarely it happens.
EU Member States Are Still Getting Police Data Protection Law Wrong Eight Years Later
Eight years after the EU's Law Enforcement Directive, the data protection framework specifically governing how police and law enforcement agencies can process personal data came into force, a review found that most member states are still not in full compliance with its requirements.
The failures include inadequate safeguards on data sharing, insufficient records of processing activities, and missing oversight mechanisms. The directive exists specifically because general data protection rules don't apply to law enforcement contexts, meaning the gap it was designed to fill has remained open for nearly a decade.
Tennessee Retiree Jailed for Posting a Trump Meme Wins $835,000 Settlement
A Tennessee retiree who had been arrested and jailed for 37 days for posting a political meme on social media was awarded an $835,000 settlement from the jurisdiction responsible for his prosecution. The arrest had no defensible legal basis, the meme was protected speech by any standard analysis, and the settlement, while significant, came years after the arrest and the reputational and personal harm it produced.
The case is a data point in a pattern of politically motivated law enforcement actions against social media expression that are legally indefensible but costly and disruptive to contest.
Texas AG Goes After Meta's Smart Glasses Over Biometric Privacy Violations
The Texas Attorney General opened an investigation into Meta's Ray-Ban smart glasses over alleged violations of the state's biometric data law, focusing on the glasses' facial recognition capabilities and the data collection practices associated with them.
Texas has one of the stronger biometric privacy statutes in the US, and the investigation tests whether that framework can be applied to wearable hardware that captures facial data in public spaces without the consent of the people being recorded. The glasses can identify faces in real time, and the question is whether that makes them a consumer product or a surveillance device.
Russia's State Messenger Can Record You, Detect Your VPN, and Straight-Up Gaslight You
A May 2026 reverse-engineering analysis of Russia's state-backed messaging app MAX, mandatory on every new smartphone sold in the country since September 2025, found 15 significant surveillance capabilities embedded in the APK, including the ability to detect active VPN connections, record audio, and ping a server-controlled list of domains, including Telegram.
A separate report found that all 30 of the most popular Russian Android apps are actively detecting VPNs following an April 2026 update, with MAX using XOR encoding to obscure its detection methods from researchers. It's preinstalled, it's surveilling, and it's doing its best to make sure you can't tell.
Europol Took Down the VPN That Showed Up in Nearly Every Major Cybercrime Case
Europol coordinated the takedown of a VPN service that investigators said had appeared in connection with nearly every major cybercrime case they had worked over a multi-year period, describing it as a key piece of infrastructure for ransomware groups, fraud operations, and other criminal networks.
The service had explicitly marketed itself as beyond the reach of law enforcement. The takedown raises the now-routine question that follows every criminal VPN seizure, given that the legitimate privacy use case and the criminal use case run on the same infrastructure, and enforcement can't distinguish between them at the point of takedown.
Texas Accuses Meta of Running a Three-Billion-User Encryption Scam on WhatsApp
Texas filed a lawsuit accusing Meta of misrepresenting the end-to-end encryption protections on WhatsApp, arguing that the company's marketing of E2EE is misleading given the metadata collection practices and third-party data sharing that continue alongside the encrypted messaging layer.
The case focuses on the gap between what users understand E2EE to mean and what Meta is actually doing with the information surrounding those messages, with encrypting the content while retaining the envelope as the central allegation, and three billion users having been told they were getting the full package.
Malaysia's Online Safety Codes Are Live and So Is the Age Verification Problem
Malaysia activated its Online Safety Codes in May 2026, bringing mandatory age verification requirements into force for social media platforms operating in the country.
The implementation immediately surfaced the same technical and privacy tensions that accompany equivalent legislation elsewhere, since robust age verification requires collecting personal data, the data creates a breach liability, and the systems most resistant to gaming are the ones most intrusive to users. Malaysia watched other countries work through these trade-offs and arrived at the same answer anyway.
What's Inside the World's Open Buckets: A Mysterium VPN Research
Mysterium VPN's own research team analyzed a large-scale index of publicly listable cloud storage across Amazon S3, Google Cloud, Azure, DigitalOcean, and Alibaba, finding 19.6 billion files exposed to anyone with a browser, including credential files, database exports, and mailbox archives.
More than two-thirds of the exposed storage sits on AWS, not because S3 is less secure than alternatives, but because it's the default choice, and defaults are where misconfiguration scales. The research was a count-and-categorize study with no files accessed or downloaded, but the inventory of what's sitting open is striking enough without needing to look inside.
The Never-Ending Story of India's Relationship With the Internet
India's internet governance record in May 2026 continues the pattern that has defined it for years, with the world's largest democracy also operating the world's most active internet shutdown regime and localized blackouts used as a routine administrative tool in response to protests, exams, and civil unrest.
The article traces the arc from early network optimism through the current reality of government-ordered disruptions that are documented, appealed, and largely accepted as normal by the institutions meant to constrain them. India's internet story keeps ending the same way regardless of which chapter you start reading from.
Pezeshkian Has Ordered Iran's Internet Restored, but Day 88 Is Still Dark
Iranian President Pezeshkian issued a public order for internet access to be restored, but by day 88 of the blackout, connectivity had not returned to pre-shutdown levels, and significant portions of the country remained effectively cut off.
The gap between a presidential order and the actual state of the network illustrates where control over Iran's internet infrastructure actually sits, not with the elected government but with the Revolutionary Guard and the institutions overseeing the filtering and blocking systems. An order that can't be implemented says more about who's running the internet than any organizational chart would.
How a Protest Activist Exposed Serbia's Airport Surveillance Free-for-All
A protest activist discovered that Belgrade's Nikola Tesla Airport was running an unregulated facial recognition surveillance system with no published data retention limits, no clear legal basis, and no oversight mechanism, finding their own image in the system's database during a data access request.
The airport's surveillance apparatus has expanded significantly without any corresponding regulatory framework, and the activist's request was the first documented case of someone successfully identifying the extent of what the system holds. In the absence of rules, the default is unlimited collection.
Doctors Manitoba Ranked Social Media Riskier Than Drugs Based on Opinions Alone
The Doctors Manitoba professional association published a position statement ranking social media as riskier to adolescent health than recreational drug use, a claim that drew immediate criticism from researchers who noted the statement was based on survey opinions from physicians rather than on the available evidence base.
The methodological gap between "doctors believe this" and "evidence shows this" was treated as irrelevant by the media coverage that followed, which reported the ranking as a clinical finding. The episode is a case study in how professional authority can launder contested claims into coverage that looks like medical consensus.
China's Police Force Just Got Glasses With Real-Time Facial Recognition
Chinese police in multiple cities began deploying smart glasses with real-time facial recognition capabilities, able to cross-reference faces against national ID databases during routine patrols and checkpoints. The technology extends the surveillance reach of officers on foot to effectively every public space they move through, without requiring fixed camera infrastructure or a warrant process.
It's a meaningful expansion of biometric surveillance capacity dressed as a hardware upgrade, with the glasses looking like glasses and the database check happening invisibly to everyone except the person being identified.
Malaysia's MCCA Nails the Education Argument and Misses the Obvious Conclusion
Malaysia's communications regulator made the case, in published guidance, that digital literacy education is a critical component of protecting children online and then proceeded to implement age verification requirements that bypass the question of education entirely in favor of gatekeeping access.
The logic is self-contradicting, since if education is the answer, the policy should be built around education, and if age gates are the answer, the education argument is covered. Malaysia managed to make both cases simultaneously without noticing they were pulling in opposite directions.
The UK's Online Safety Consultation Closed and the Hard Decisions Start Now
The UK government's consultation period on secondary legislation under the Online Safety Act closed in May 2026, ending the phase where options were debated and beginning the phase where specific obligations will be codified into binding requirements.
The consultation surfaced deep disagreements on encryption, age verification, and content moderation standards, disagreements the process didn't resolve but formally documented. What comes next requires the government to make actual choices rather than gather more views, and the choices available are all going to make someone very unhappy.
Age Verification Has Been Climbing the Tech Stack and It Just Reached Your OS
California's AB 1043, taking effect January 1, 2027, requires operating systems to collect users' ages at account creation and expose that data to app developers via a real-time API, bringing age verification from websites and apps to the OS layer itself.
The law applies to Windows, macOS, Linux distributions, Android, iOS, and any project meeting California's broad definition of an operating system, including, improbably, an open-source calculator. Some developers are exploring privacy-preserving local alternatives, MidnightBSD has updated its license to exclude California users entirely, and the stack has one more layer to go.
Microsoft Had the Researcher Banned Rather Than Fix the Bugs They Found
A security researcher who reported significant vulnerabilities in Microsoft products through responsible disclosure channels found themselves banned from Microsoft's bug bounty program rather than receiving the standard acknowledgment-and-patch response.
The researcher's findings had been substantiated, the bugs were real, but the company's response was to remove them from the program rather than address the vulnerabilities publicly. Banning the person who found the problem while leaving the problem in place prioritizes optics over security and tells every other researcher exactly what responsible disclosure is worth when the findings are inconvenient.
Be part of the resistance, quietly.
Get Mysterium VPN
Dominykas is a technical writer with a mission to bring you information that will help you in keeping your digital privacy and security protected at all times. If there's knowledge that can help keep you safe online, Dominykas will be there to cover it.
Related Articles
.png)
.png){kind=small}
