News Recap, March 16-20, 2026: Blackouts, Bans, and an AI Hamster
Some weeks, the news crawls. But as you probably can guess, this was not one of those weeks.
Congo cut the internet while voters were still at the polls. Russia blocked Telegram two weeks early and let the Moscow blackouts explain themselves. China live-censored a CNN segment about Chinese censorship and saw no irony in it. Brazil activated mandatory age ID and watched VPN signups jump 250% overnight. A platform that promised anonymity to 8 million people had been logging them all along. And that’s just some of it.
March 16 through 20 gave us ten stories spanning Congo, Russia, China, Brazil, Italy, the UK, and the United States. The tools keep changing, from election blackouts to identity mandates to surveillance databases, but the instinct driving all of them is the same one it always has been.
Congo Cuts Internet During Presidential Elections and Calls It Democracy
On March 15, as voters in the Republic of Congo headed to the polls, NetBlocks confirmed a nation-scale internet blackout was in effect. Incumbent Denis Sassou Nguesso, 82, was seeking another term while two prominent opposition leaders sat in prison, others were in exile, and several parties had already boycotted the vote.
This was the third consecutive Congolese election with an internet shutdown attached. Sassou Nguesso has governed the country for nearly four decades, and the international response to his election-day blackouts has never shifted his calculus. Shutdowns with no accountability tend to spread, and this week was a reminder that the playbook keeps working precisely because nothing stops it.
Moscow Is Back to Pagers and Paper Maps After Russia Killed Its Mobile Internet
Since March 5, mobile internet across Moscow has been down on all four major carriers, spreading from the outskirts into downtown with no announced end date. ATMs stopped working, card terminals went dark, road atlas sales jumped 170%, and pager sales surged 73%.
The Kremlin cited drone defense, but the infrastructure tells a longer story. Putin signed a law granting the FSB authority to order telecom shutdowns in February, and it came into force on March 3, two days before the blackout began. Russia has been building a sovereign internet architecture for years, and every drone attack provides a ready-made reason to run another drill.
Meta Removes Instagram Encrypted Chats by Updating a Four-Year-Old Article
Starting May 8, 2026, end-to-end encrypted direct messages on Instagram will be gone. Meta chose to announce this by editing a 2022 Messenger newsroom article and updating a help center page. The official reason given to the press was that very few users opted in.
The opt-in argument only holds if users were given a fair chance to opt in, and on Instagram, they weren't. The feature was never enabled by default and never meaningfully promoted. This came right after TikTok announced that it won't implement E2EE either, citing child safety, and the EU is expected to push for law enforcement access to encrypted data through its Technology Roadmap this year.
Cloudflare Stands Up for the Open Internet Against Italy's "Piracy Shield"
Italy's AGCOM fined Cloudflare €14 million for refusing to register with Piracy Shield, the country's website blocking system, and Cloudflare filed its appeal on March 8. Piracy Shield lets an unidentified group of Italian media companies submit sites and IPs for blocking within 30 minutes, with no judicial oversight, no public record, and no advance notice to the site owner.
Italian law caps non-compliance penalties at 2% of revenue within the relevant jurisdiction, which should have produced a figure around €140,000. AGCOM used Cloudflare's global revenue instead, arriving at a penalty roughly 100 times the legal limit, and issued it six days after a court had ordered AGCOM to share its Piracy Shield records with Cloudflare. The regulator demanding transparency from internet companies has apparently decided transparency doesn't apply to itself.
Defeating InfoStealer Malware
Infostealer malware targets browsers because browsers store valuable authentication data and typically require no password to open. Once inside, these tools scrape saved credentials, session cookies, autofill data, cryptocurrency wallets, and VPN logins, then move outward to email accounts and cloud storage.
The piece, written by former threat actor Jesse William McGraw, covers defenses available to ordinary users. External password vaults reduce damage from credential theft by preventing bulk dumps of stored passwords. Session cookies are harder to protect, but logging out after use invalidates them at the server level, and hardware-based multi-factor authentication adds a layer that survives even a compromised password.
Brazil's Social Media Ban Is Live, and Brazilians Are Already Circumventing It
Lei 15.211/2025, Brazil's Digital ECA, took effect on March 17, covering apps, operating systems, app stores, video games, and social networks, with fines of up to 50 million Brazilian reais or 10% of Brazilian revenue for non-compliance. Discord began rolling out facial age estimation in Brazil from March 9, while Rockstar Games pulled its storefront from the country entirely rather than absorb the compliance burden.
The law bans "massive, generic, or indiscriminate surveillance" in Article 37 and then mandates auditable age verification two articles later, requiring exactly the kind of data collection Article 37 prohibits. The legislators wrote the contradiction into the text. VPN signups jumped 250% overnight on Monday, matching the same pattern that played out in Australia when its age mandates landed.
Telegram Goes Dark in Russia Two Weeks Early, "Coinciding" With Moscow Blackout
Telegram has been largely inaccessible across Russia since the weekend of March 14-15, with a full nationwide block having been expected in early April. Nearly 6,000 complaints were logged on Saturday alone, and doubled by Sunday. The Moscow internet blackouts from a few days ago, framed as drone defense, now look exactly like what they were – a dress rehearsal for what rolled out days later.
An investigation published March 16 found that the son of FSB first deputy director Sergey Korolev holds a stake in the company whose subsidiary manufactures the TSPU hardware installed across every Russian telecom, the systems Roskomnadzor uses to control traffic flows directly. At least 80 billion rubles have been allocated to deploy those systems nationwide, and every new app added to the block list means more revenue for the people who built it.
China Just Censored a CNN Segment on Chinese Censorship, Live, in Real Time
On March 17, during a live CNN broadcast, Beijing correspondent Mike Valerio warned anchor Elex Michaelson that the network's China feed was actively monitored and that anything problematic would trigger color bars and a "please stand by" message. Seconds later, mid-explanation, it happened exactly as he described. Later in the same broadcast, the feed went dark a second time, the moment the conversation returned to censorship.
CNN put the China feed onscreen for American viewers, showing the color bars and "No signal, please stand by." The censors had every opportunity to let it go. They didn't, because the system is built for reflex, and the reflex runs even when it's counterproductive, providing a live demonstration of exactly the point they were trying to suppress.
Millions Trusted Crime Stoppers With Their Safety, and the Platform Was Quietly Logging Them
Hackers breached P3 Global Intel, the Texas-based company powering Crime Stoppers tip lines for thousands of law enforcement agencies, schools, and federal departments. The stolen cache holds more than 8.3 million records from February 1987 to November 2025, including tips, user account details, and support requests. P3's sales material promised each tipster's identity would remain anonymous at all times.
What the sales material didn't mention was a feature called Session Information Disclosure, an opt-in tool allowing law enforcement clients to formally request the IP addresses and session data of tipsters, stored for up to 90 days. Federal departments, including Defense, Homeland Security, Justice, and the Interior, were among P3's clients. Navigate360 had claimed its tools had never been breached in 20 years, and the hackers cited that line in the note accompanying the dump.
Ofcom Fined 4chan £520,000 and Got an AI-Generated Hamster in Return
Ofcom fined 4chan £450,000 for refusing to implement age checks, £50,000 for failing to assess illegal content risk, and £20,000 for inadequate terms of service, for a total of £520,000 under the UK's Online Safety Act. 4chan has 28 days to pay or face escalating daily penalties and has paid none of its Ofcom fines to date.
4chan's lawyer responded with a letter noting that the United Kingdom lost the American Revolutionary War and that his clients remained disinclined to discuss compliance 250 years later. Since the fine was considerably larger than the last, to which the lawyers sent back an AI-generated hamster, the response scaled up to Nigel J. Whiskerford, a giant hamster cousin dressed as Godzilla. Ofcom has issued roughly £3 million in Online Safety Act fines and collected very little of it, and without a US federal court win, every fine is unenforceable.
Be part of the resistance, quietly.
Get Mysterium VPN
Dominykas is a technical writer with a mission to bring you information that will help you in keeping your digital privacy and security protected at all times. If there's knowledge that can help keep you safe online, Dominykas will be there to cover it.
Related Articles
.png)
.png){kind=small}
