Archive for June 30, 2026

Tuesday, June 30, 2026

Chatrie v. United States

Amy Howe:

The Supreme Court on Monday ruled that when law enforcement officials used a “geofence warrant” – a warrant that instructed Google to provide location data for cellphone users who were near a particular place during a specific time period – to obtain evidence used to convict a Virginia man of a 2019 bank robbery, they conducted a “search” for purposes of the Fourth Amendment. By a vote of 6-3, the justices sent Okello Chatrie’s case back to the lower court for it to consider whether, as the Fourth Amendment requires, the search was “reasonable.”

Writing for the majority, Justice Elena Kagan emphasized that “[a]n individual has a reasonable expectation of privacy in records about his cell phone’s location, and police intrude on that constitutionally protected interest when they demand the information—even though for only a limited time, and from a third-party tech company.”

[…]

For purposes of whether the government conducted a search, Kagan said, it does not matter that law enforcement officials “access[ed] only a short amount of cell-phone location information.” […] Nor does it matter, Kagan continued, that Chatrie gave Google permission to collect and use the location data.

Previously:

Dissecting Apple’s Sparse Image Format (ASIF)

Erik Schamper:

ASIF takes a lot of inspiration from existing virtual disk formats. Practically, that means it’s another sparse virtual disk format, and functions very similar to sparse VMDK, VHDX or QCOW2 files (for the uninitiated, it allow you to store a large disk, or file, in a smaller, “sparse” manner).

Shortly before the release of macOS Tahoe (late 2025), I thought it’d be a fun exercise to try and write a parser for ASIF files.

Previously:

App Store Complaint From Chinese Developers

Hartley Charlton:

A group of 48 China-based iOS developers have filed an antitrust complaint against Apple with the country’s market regulator over the App Store’s commission rates, the South China Morning Post reports.

The developers sent an open letter to China’s State Administration for Market Regulation (SAMR), alleging that Apple failed to deliver on a promise to offer the lowest commission rate to the Chinese market. The group asked the SAMR to investigate and penalize Apple for allegedly abusing its market dominance to impose “unfair and excessively high” costs on local developers.

Apple lowered the fees in March but not as much as it did in Brazil and Japan.

Previously:

Kids Online Safety Act

Amanda Silberling (May 2025):

The Kids Online Safety Act (KOSA) has been reintroduced into Congress. If passed into law, this bill could impose some of the most significant legislative changes that the internet has seen in the U.S. since the Children’s Online Privacy Protection Act (COPPA) of 1998.

As it currently stands, KOSA would be able to hold social media platforms legally accountable if it’s proven that these companies aren’t doing enough to protect minors from harm. The bill includes a long list of possible harms, such as eating disorders, sexual exploitation, substance abuse, and suicide. Though it overwhelmingly passed through the Senate last year, the bill was stifled in the House.

[…]

“Apple is pleased to offer our support for the Kids Online Safety Act (KOSA). Everyone has a part to play in keeping kids safe online, and we believe [this] legislation will have a meaningful impact on children’s online safety,” Timothy Powderly, Apple’s senior director of Government Affairs, said in a statement.

Nick Heer:

The App Store Accountability Act is based on model legislation written by the Digital Childhood Alliance. The lobbying group also publishes marketing pieces, including one (PDF) that calls Apple’s age verification frameworks “ineffective”. Specifically, it points to the lack of parental consent required “for kids to enter into complex contracts”, with “no way to verify that parental consent has been obtained”.

Maya Posch (via ednl):

Since the arrival of so-called ‘social media’ the central tenet of never giving out your personal information which was front and center during the 1990s and 2000s got quite literally flipped around. Suddenly we had massive corporations practically begging you to give every last scrap of your personal information, every intimate detail of your daily life and with it every last second of your attention span.

[…]

The upshot of this reversal is that instead of a mostly comfortable anonymous experience, suddenly every second that you’re awake has been turned into the equivalent of a schoolyard during recess, the watercooler banter at the office and similar social interactions.

[…]

This raises many questions, such as whether ‘social media’ and the FOMO it introduces is a legitimate addiction, and whether we shouldn’t make being online more anonymous rather than enforce a rather dystopian ‘real name’ policy onto the populace.

Joe Mullin (Hacker News):

Within the next week, Congress is preparing to vote on the KIDS Act, a sprawling package of legislation that seeks to control Americans’ web browsing and private messaging. The package includes a revised version of the Kids Online Safety Act, or KOSA, combined with a collection of other internet bills, study bills, reporting requirements, and new regulations. Instead of debating any of these proposals on their merits, lawmakers are attempting to move them all at once under an ultra-expedited process.

[…]

Buried inside the KIDS Act are provisions that will push online services to verify all users’ ages, require government-directed moderation policies for online speech, and even create new rules about private and encrypted communications. While supporters continue to claim this bill protects minors online, its requirements come at the expense of privacy, free expression, and the ability of people of all ages to use the internet without revealing sensitive data.

[…]

Several provisions of the bill create new rules around direct messages, disappearing or “ephemeral” messages, and AI chat services.

The bill includes language stating that certain KOSA requirements should not be construed to override strong encryption. But the protection is incomplete. The carve-out applies to certain features and messaging controls, but doesn’t apply to KOSA’s separate requirement that platforms “address” a list of harms to minors.

Previously:

UK Social Media Ban

Tim Hardwick:

The British government will introduce a ban on social media access for all users under 16 years of age, set to take effect in 2027.

[…]

The plan goes further than a similar ban introduced in Australia. It will cover major platforms Snapchat, TikTok, YouTube, Instagram, Facebook, and X. An exhaustive list has not yet been released, but Starmer said the rules will apply to services “whose purpose is to enable social interaction and which allow users to post material.”

Messaging apps like WhatsApp and Signal are not covered by the ban, and most social media platforms already require children to be over 13 to create an account and use their services.

Max Goldbart (Hacker News):

So-called AI ‘romantic companion’ chatbots – designed to simulate sexual relationships or roleplay with users – will have to enforce a minimum age of 18 and the government will also be looking in more detail at overnight curfews and breaks in infinite scrolling for under-18s, with more detail coming in July.

[…]

The government said it will “learn the lessons” from Australia’s experience by introducing more highly effective age assurance measures to support compliance, making it far harder for children to bypass safeguards.

Ax Sharma (Hacker News):

In practice that means anyone opening a new account will likely have to prove they’re over 16 by uploading an ID or passing a facial age scan, the same checks that adult sites serving UK visitors have implemented since July 2025 under the Online Safety Act.

Long-standing accounts are largely exempt, but signing up fresh now triggers verification, effectively ending anonymous account creation in the UK.

James Rodger (Hacker News):

New VPN rules are set to be issued by the Labour Party government as part of the under-16 social media ban. The government has not revealed any plans to regulate them, but ministers have said details about action alongside the social media ban, including regarding VPN use, will come in July.

Paige Collings and Jillian C. York (Hacker News):

There remains no reliable, privacy-preserving method of verifying the age of every internet user and methods vary from one platform to the next.

Young people will not simply be protected from being contacted by adults or endlessly scrolling—they’ll also lose access to educational videos on YouTube, local events on Facebook, and potentially cut off from distant friends and family.

[…]

The provision also requires internet service providers to limit the time kids spend online, and has rules about who can contact them online. These extreme rules will take decisions about using technology away from families and put them in the hands of government regulators.

Cory Doctorow (Hacker News):

The problem is, there’s no such thing as “age verification” for the internet. What we call “age verification” is actually mass surveillance, so invasive and pervasive that it makes the ad-tech industry’s commercial surveillance look like some kind of cypherpunk darknet pirate utopia[…]

[…]

Any attempt to save kids from online harms should start with saving kids from online surveillance, but that’s the opposite of what we’re doing today. After decades of failing to pass and enforce privacy controls for the internet, those same governments are breaking all land-speed records to pass “age verification” laws that make privacy illegal[…]

Anonymous (Hacker News):

Lots of US states, European countries, and Australia have introduced “age verification” regulations. They present it as the classic “save the children” talking point, but it’s really just a precursor to attribution of speech, particularly attributing your words to your real identity.

Sean Hollister (via John Gruber):

Azdoufal is the security researcher who used Claude Code to help discover that every DJI Romo robot vacuum cleaner and a million baby monitors and security cameras were embarrassingly easy to hack. This time, he says he discovered over 985,000 photo IDs sitting on the public internet for any half-decent hacker to steal.

[…]

Traditionally, you’d need to provide a photo ID every time you wanted to get into a club. But with the verification system, the receptionist can pull up your stored identity documents and check if your face matches. There’s also an optional app called PuffPal that lets clubs scan a QR code for faster entry.

But when Azdoufal decompiled that PuffPal app, he explains in his report, he discovered that Nefos had no meaningful level of security.

Previously: