Episode 50 - Digital Dictatorships - Velvet Glove Coup

Proxmox - Proxmox develops powerful and efficient open-source server solutions like the Proxmox VE platform, Proxmox Backup Server, and Proxmox Mail Gateway. Proxmox - Powerful open-source server solutions
Immich - Easily back up, organize, and manage your photos on your own server. Immich helps you browse, search and organize your photos and videos with ease. https://immich.app
Nextcloud - Nextcloud offers a modern, on-premises content collaboration platform with real-time document editing, video chat & groupware on mobile, desktop and web. Search. https://nextcloud.com
Adguard - AdGuard is the best way to get rid of annoying ads and online tracking and protect your computer from malware. Make your web surfing fast, safe and ad-free. AdGuard — The world’s most advanced ad blocker! Get the best ad-free experience
Jellyfin - Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. https://jellyfin.org
Plex - Available on almost any device, Plex is the first-and-only streaming platform to offer free ad-supported movies, shows, and live TV together with the ability to stream to almost any device. https://www.plex.tv
SearXNG - SearXNG is a free internet metasearch engine which aggregates results from up to 243 search services. Users are neither tracked nor profiled. https://docs.searxng.org
Ollama - Ollama floating on a cloud · Cloud models are now available in Ollama . Chat & build with open models. Download Explore models. Available for macOS, Windows, and Linux. https://ollama.com
Kasm - Kasm Workspaces delivers zero-trust remote browser isolation, Desktop as a Service (DaaS), and OSINT workloads to your web browser. https://kasm.com
Cobalt Tools - cobalt lets you save what you love without ads, tracking, paywalls or other nonsense. just paste the link and you’re ready to rock! settings / video ~ cobalt

39C3 - AI Agent, AI Spy

Agentic AI is the catch-all term for AI-enabled systems that propose to complete more or less complex tasks on their own, without stopping to ask permission or consent. What could go wrong? These systems are being integrated directly into operating systems and applications, like web browsers. This move represents a fundamental paradigm shift, transforming them from relatively neutral resource managers into an active, goal-oriented infrastructure ultimately controlled by the companies that develop these systems, not by users or application developers. Systems like Microsoft’s “Recall,” which create a comprehensive “photographic memory” of all user activity, are marketed as productivity enhancers, but they function as OS-level surveillance and create significant privacy vulnerabilities. In the case of Recall, we’re talking about a centralized, high-value target for attackers that poses an existential threat to the privacy guarantees of meticulously engineered applications like Signal. This shift also fundamentally undermines personal agency, replacing individual choice and discovery with automated, opaque recommendations that can obscure commercial interests and erode individual autonomy.

What Will Happen to Our Privacy in 2026

Digital ID / Age Verification Laws / Proposaals

United States

Missouri — State-Level Internet Age Gates

Status: In force (Nov 30, 2025)
What changed: Websites hosting “harmful to minors” content must verify age using government ID or third-party age-verification services
Verification method:
- Driver’s license / government ID upload
- Commercial age-verification vendors (often selfie + ID)
Scope creep risk: Infrastructure can be reused beyond adult content
Observed effects:
- Sites blocking Missouri IPs
- Increased VPN usage
Links:
- Missouri's age verification law is now in effect – here's what you need to know | Tom's Guide
- Attorney General Hanaway Delivers On Promise To Protect Children With Age-Verification Rule Now In Force | Attorney General Office of Missouri

Virginia — Social Media Time-Limit Law (Under 16)

Status: Effective Jan 1, 2026 (under legal challenge)
What changed: Limits minors to 1 hour/day on social platforms
Why it forces age assurance:
- Enforcement requires reliable age determination
- Platforms must distinguish minors vs adults at account level
Likely verification path:
- Third-party age estimation or ID-based verification
Link:
- NetChoice sues Virginia to block its one-hour social media limit for kids | The Verge

Federal (U.S.) — App Store Accountability Act

Status: Active legislative push (Nov–Dec 2025)
What changed: Would require Apple & Google to verify user age at the app store level
Why it matters:
- Centralizes age verification into OS-level identity systems
- Makes ID-backed app store accounts a de facto requirement
Verification methods discussed:
- Government ID
- Parental ID linkage
Link:
- https://www.them.us/story/grindr-age-verification-bill-app-store-accountability-act-mike-lee

United States (Trend Signal)

Pattern: State-by-state age laws → indirect identity verification mandates
Civil liberties response:
- Widespread concern over biometric data retention
- Normalization of ID checks for lawful speech
Links:
- The Age-Gated Internet Is Sweeping the US. Activists Are Fighting Back | WIRED
- Age Verification Is Coming For the Internet. We Built You a Resource Hub to Fight Back. | Electronic Frontier Foundation

Europe

France — Under-15 Social Media Ban

Status: Announced, effective Sept 2026 (reported Dec 31, 2025)
What changed: Social media access prohibited for under-15s
Why it forces identity verification:
- Platforms must prove age at account creation
Likely verification methods:
- Government-approved age verification providers
- Potential integration with national digital ID
Links:
- https://www.reuters.com/world/france-aims-ban-under-15s-social-media-september-2026-le-monde-reports-2025-12-31/
- France targets Australia-style social media ban for children next year | France | The Guardian

Italy — Mandatory Age Verification for Adult Content

Status: In force (Nov 12, 2025)
What changed: Adult websites must verify user age
Verification methods:
- Third-party ID verification services
- Facial recognition / selfie-based checks
Secondary effects:
- VPN adoption
- Geo-blocking of Italian IPs
Link:
- Italy introduces mandatory age verification − here's how this Black Friday deal can help you protect your privacy | TechRadar

Asia-Pacific

Australia — Social Media Minimum Age Law

Status: Took effect Dec 10, 2025
What changed: Platforms must take “reasonable steps” to prevent under-16 accounts
Verification mechanisms under discussion:
- Government Digital ID system
- Approved third-party age-assurance providers
Why this is significant:
- Explicit link between national digital ID and social media access
Links:
- https://www.digitalidsystem.gov.au/news/social-media-minimum-age-verification-law-and-digital-id
- https://www.esafety.gov.au/about-us/industry-regulation/social-media-age-restrictions/faqs

Malaysia — Proposed Under-16 Social Media Ban

Status: Approved for 2026 (reported Dec 2025)
What changed: Social platforms must block under-16 users
Verification method discussed publicly:
- National ID or passport verification
Link:
- Malaysia to ban social media for children under 16 next year

India — Domain Registration e-KYC (Infrastructure Level)

Status: Mandated by Delhi High Court (Dec 2025)
What changed: Domain registrants must complete strict e-KYC
Why it matters:
- Extends identity verification beyond platforms
- Reduces anonymous publishing infrastructure
Verification methods:
- Aadhaar-linked KYC
- Government-approved ID
Link:
- HC mandates strict e-KYC for domain name registrants to curb cyber fraud | Delhi News - The Times of India

Tracker table (last ~2 months)

Jurisdiction	Category	What expanded (summary)	Date / status	Likely methods	Risk flags	Sources
USA – Missouri	Adult-content access (internet-wide gating pattern)	Age verification required for covered sites; widely discussed as ID/third-party gate, plus VPN/geo-block reactions	Effective Nov 30, 2025	ID-UPLOAD; DIGITAL-ID; FACE/SELFIE (via vendors)	VENDOR-OUTSOURCED; CHILLING-RISK; VPN-SIGNAL; SCOPE-REUSE	Missouri AG rule/notice ; TechRadar on enforcement/VPN ; Missouri Independent on bypass risks
USA – Virginia	Social platforms	Default 1 hour/day limit for under-16s; requires “commercially reasonable” age verification	Effective Jan 1, 2026 (active; litigated/contested)	AGE-ESTIMATION and/or ID-UPLOAD (platform choice)	CHILLING-RISK; SCOPE-REUSE (age registry); VENDOR-OUTSOURCED possible	Washington Post summary ; NBC4 explainer
USA – App stores (state trend surfaced in Dec coverage)	App-store gate	Reporting highlights multiple state app-store age verification laws taking effect (e.g., Texas Jan 1)	Dec 2025 reporting; Jan 2026 effective in TX	APP-STORE GATE; ACCOUNT-LINKING; possibly ID-UPLOAD	SCOPE-REUSE; VENDOR-OUTSOURCED possible (if app store uses vendors)	JD Supra roundup of effective dates ; Verge “new tech laws” context
Australia (federal)	Social platforms	“World-first” social media minimum age restrictions now in effect; platforms must take “reasonable steps” to prevent under-16 accounts; Digital ID mentioned in official materials	In effect Dec 10, 2025	DIGITAL-ID; AGE-ESTIMATION; ID-UPLOAD (implementation varies)	VENDOR-OUTSOURCED; SCOPE-REUSE; CHILLING-RISK	eSafety regulator page ; Digital ID System note ; Reuters report ; Snap implementation note
France	Social platforms	Plan to ban under-15s from social media; draft legislation expected to include workable age verification	Reported Dec 31, 2025 (target Sept 2026)	AGE-ESTIMATION; ID-UPLOAD; potential DIGITAL-ID alignment	SCOPE-REUSE; VENDOR-OUTSOURCED; CHILLING-RISK	Reuters ; Guardian
Malaysia	Social platforms	Government says it plans to ban under-16 social media accounts starting 2026; discussion includes stronger verification expectations	Reported Nov 24, 2025 (starts 2026)	ID-UPLOAD; DIGITAL-ID / eKYC patterns	SCOPE-REUSE; VENDOR-OUTSOURCED; CHILLING-RISK	AP ; Reuters
Italy	Adult-content access	Mandatory age verification regime for adult sites; reporting highlights VPN impacts and timelines	Effective Nov 12, 2025 (implementation deadlines vary)	ID-UPLOAD; FACE/SELFIE (common vendor pattern); AGE-ESTIMATION possible	BIO-COLLECT likely; VENDOR-OUTSOURCED; VPN-SIGNAL; CHILLING-RISK	TechRadar update ; background reporting
India (Delhi High Court)	Internet infrastructure	Court-ordered strict e-KYC for domain registrants, reducing anonymous domain ownership	Ruling late Dec 2025	INFRA-KYC (ID-based eKYC)	SCOPE-REUSE; CHILLING-RISK (publishing infra)	Times of India ; Hindustan Times

DATA BREACHES

PornHub extorted after hackers steal Premium member activity data - 500M

Recent Major Data Breaches (Nov–Dec 2025 / Early Jan 2026)

Coupang (South Korea) — ~34 Million Customer Records Exposed

Summary: South Korea’s largest online retailer suffered a massive breach affecting about 34 million customers. Exposed personal info included names, emails, phone numbers, shipping addresses, and order details. The breach was reportedly due to a former employee with access and later led to a settlement offering compensation vouchers.
Impact: Massive identity exposure; billions in potential liability and reputational harm.
News: South Korea’s Coupang breach blames ex-employee, customer data exposed — GovInfoSecurity & TechRadar (compensation plan) - https://www.cpomagazine.com/cyber-security/data-breach-at-south-koreas-largest-online-retailer-coupang-impacts-nearly-34-million-customers/?utm_source=chatgpt.com

4.3 Billion Records Exposed — LinkedIn-Related Data Leak

Summary: A massive unprotected database containing 4.3 billion records — including LinkedIn profile details (emails, photos, employment history) — was found exposed publicly due to a misconfigured MongoDB instance.
Impact: One of the largest exposures ever, potentially fueling phishing, credential spam, and identity fraud.
News: 4.3B+ LinkedIn-related records exposed in massive data leak — CyberNews report - https://cybernews.com/security/database-exposes-billions-records-linkedin-data/?utm_source=chatgpt.com

University of Phoenix Data Breach — ~3.5 Million Affected

Summary: The University of Phoenix disclosed a large breach impacting approximately 3.5 million students, applicants, and employees. The incident stemmed from unauthorized access within a third-party system.
Impact: Exposed highly sensitive academic and identification data potentially including dates of birth and Social Security numbers (no financial data impacted).
News: University of Phoenix breach hits 3.5M people — Security Boulevard & Fox News reports - Top Data Breaches of December 2025 - Security Boulevard

Salesforce – Gainsight Supply Chain Breach — Impacts 200+ Firms

Summary: A major supply-chain breach involving Salesforce and Gainsight systems affected more than 200 organizations, exposing sensitive corporate and customer info (including some U.S. banks).
Impact: Broad sector impact due to third-party ecosystem compromise.
News: Salesforce-Gainsight breach hits 200+ organizations — Kaseya weekly breach recap (Dec 3, 2025) - The Week in Breach News: December 03, 2025 | Kaseya

Oracle EBS Vulnerability Exploited — Korean Air Catering & Duty-Free

Summary: Thousands of Korean Air employees were impacted when a vulnerability in Oracle E-Business Suite was exploited by the Cl0p ransomware group. About 500 GB of data was leaked.
Impact: Employee names and bank account numbers leaked; risk of identity theft and fraud.
News: Korean Air supply-chain data breach via Oracle vulnerability — TechRadar report - Thousands of employees exposed as Korean Air compromised in Oracle breach | TechRadar

European Space Agency (ESA) — External Server Breach

Summary: ESA confirmed a cyberattack on external servers supporting collaborative science projects, with ~200 GB of data reportedly stolen; however, the breach has not been fully verified.
Impact: Possible data loss from scientific and development projects; reputational and security concerns.
News: European Space Agency confirms server breach — TechRadar Pro - European space agency confirms 'external servers' breached in cyberattack | TechRadar