GigaTap articles in the opsec category.
- Schibsted Pay or Okay raises consent legality questions - Schibsted’s Pay or Okay rollout faces a complaint in Norway over whether paid opt-outs still count as freely given consent under GDPR.
- Abortion Access Blocks Across 7 Countries via Network Censorship - OONI data shows Women on Web blocked across seven countries using DNS and TLS interference, revealing how network censorship impacts abortion access.
- Cinemas as civic infrastructure when speech narrows - AIHRFF shows why film can matter in shrinking civic spaces: not as a magic route to policy change, but as a platform for testimony, coalition-building, and
- Lost Villages Show How Ground Truth Breaks in Rakhine - Bellingcat’s Rakhine investigation shows how destroyed villages can disappear from both the ground and the record. The practical issue is evidence discipli
- ShinyHunters Exploit Hits PeopleSoft Before Patch Window Closed - UNC6240 activity shows zero-day exploitation of Oracle PeopleSoft Environment Management, heavily impacting higher education systems before advisory releas
- PPE Bans Raise a Larger Risk Than Reporter Safety - Restrictions on protective gear at protests may affect more than journalists. They can reduce independent observation when public scrutiny matters most.
- DOJ Press Protection Questions Move Into Court - A new FOIA lawsuit seeks records that could reveal whether statutory protections for journalists were omitted during warrant applications.
- Who Gets to Decide Who Counts as a Journalist? - A dispute in New Jersey highlights a broader press freedom question: can police decide who qualifies for journalistic protections?
- AI Is Making Bug Hunting Faster - AI will not replace expert exploit work overnight. The sharper risk is speed: more actors can search, triage, and weaponize vulnerability leads faster.
- AI Surveillance Is Becoming State Infrastructure - A cited 2026 study says 11 African governments spent more than USD 2 billion on AI-powered surveillance. The risk is not just better tools, but weaker limi
- Colorado’s AI Law Gets Weaker Before It Starts - EPIC says Colorado lawmakers again amended the state’s landmark AI law, removing important requirements and delaying its effective date.
- Patching Faster Will Not Fix the Bug Wave - Risky Business #836 points to a harder problem: AI may speed vulnerability discovery, but patching alone cannot carry the full security load.
- Recording ICE Is Protected. Retaliation Is the Risk - The ACLU says people have a First Amendment right to record ICE and other federal agents, but hundreds have reportedly faced retaliation for doing it.
- Risky Business #840: disclosure risk becomes operational - Risky Business #840 shows why Microsoft’s researcher walk-back matters beyond drama: disclosure posture, location data, backups, and open-source supply cha
- Tails 7.8 Fixes a Security Weak Point - Tails 7.8 addresses privilege-escalation vulnerabilities and changes how Thunderbird updates are delivered to reduce security lag.
- VPN bans would hit more than age-gate evasion - Freedom of the Press Foundation warns that restricting VPNs would weaken tools journalists use to research sensitive targets, protect sources, and reduce n
- When settlements become political leverage - FPF argues that Paramount’s Trump settlement and weak attorney discipline helped normalize a dangerous use of courts and regulators as political pressure t
- AI Opt-Outs Are Starting to Look Like Data-Broker Playbooks - A new study argues that major AI providers are adopting privacy opt-out patterns long criticized in the data-broker industry. The key issue is not whether
- School AI Needs Rules Before It Becomes Infrastructure - CDT argues that states need stronger guardrails for AI in K–12 schools, especially around procurement, implementation, student privacy, and accountability.
- A seed guardian is infrastructure, not folklore - Global Voices’ Caatinga profile shows why seed stewardship is a practical resilience system — and why attention should come with privacy checks.
- EU Tech Policy Brief: May 2026 Updates - CDT Europe outlines the latest EU technology policy signals affecting digital rights, security operations, and operational compliance.
- Statement end: why ISS World Europe now needs scrutiny - EDRi’s call to cut ties with ISS World Europe turns a surveillance trade fair into an operational due-diligence problem for public bodies, universities, an
- Why Vermont's Privacy Bill Is Facing Privacy Advocate Opposition - EPIC and Consumer Reports say Vermont's S. 71 would weaken existing privacy protections, raising questions about what the bill actually changes.
- Risky Business #837: GitHub Actions as a supply-chain fault line - Risky Business #837 points to the TanStack compromise and a familiar CI/CD risk: workflows with too much trust can turn package publishing into an incident
- Access Now’s NSO filing is about more than WhatsApp - Access Now wants the Ninth Circuit to preserve an injunction against NSO targeting WhatsApp users. The practical risk sits at the device layer.
- EPIC Coalition Targets ALPR Creep With a Tolling-Only Line - EPIC and more than 40 groups are urging Congress to limit automatic license plate readers to tolling. The practical issue is purpose control, not just data
- EPIC’s Roblox FTC Call Targets Design Risk - EPIC and child safety groups asked the FTC to investigate Roblox. The operational issue is design risk: engagement loops, currency flows, and child chat ex
- What behind EU digitalisation: rights or control? - EDRi argues the EU’s digitalisation push is not just a service upgrade. The operational risk sits in identity, welfare access, health data reuse, and syste
- Czech stadium facial recognition hits a legal push back - A Prague derby security failure triggered calls for facial recognition. The push back shows why biometric systems need legal and operational checks first.
- Failed YouTube warrants exposed a wider privacy risk - Unsealed records show failed warrants targeting journalists’ YouTube accounts. The key risk is not only press freedom, but platform metadata and sealed pro
- Iran Internet Is Back, But Not Back to Normal - Cloudflare Radar shows Iran internet access partially restored, with Tehran-heavy traffic, DNS recovery, and IPv6 still effectively absent.
- Journalists slam Paramount deal over press-freedom risk - Journalists and filmmakers warn the proposed Paramount-Warner Bros. Discovery merger could weaken editorial independence and concentrate control over major
- Roblox FTC complaint turns safety claims into an ops risk - EPIC says several groups backed an FTC request over Roblox child safety claims. The key issue is whether platform promises match operating reality.
- CDT Submits Comments: Teen Chatbots Need Rights, Not Bans - CDT’s filing offers a practical lens for governing teen chatbot access without reducing minors to a risk category.
- Chinese PhaaS moves past password theft - GTIG says Chinese-language phishing services are maturing into real-time MFA interception platforms, making OTP-based defenses a weaker line.
- GitHub’s probe puts repository trust back in focus - GitHub said it was investigating unauthorized access to internal repositories. The current facts are narrow, but the operational lesson is broad: repositor
- Kenya’s protest rights face continental scrutiny - ARTICLE 19 used an African Commission session to raise concerns over Kenya’s digital freedom, media freedom, and the right to peaceful assembly.
- A Judge, a Trump Lawsuit, and a Recusal Question - FPF says a Florida judge ruled for Trump in a Pulitzer-related defamation case while seeking a federal judgeship from Trump’s administration.
- Fast16 and the old lesson in destructive malware - Risky Business #835 points to a useful warning: destructive malware is not only a current incident problem. It is also a history problem, and the timeline
- Meta reach blocks put rights speech in the dark - Access Now says Meta blocked human rights accounts from reaching audiences in Saudi Arabia and the UAE. The key issue is not only the block, but the lack o
- Tor Browser 15.0.14: a small update worth installing - Tor Browser 15.0.14 brings Firefox ESR and GeckoView updates plus security backports. It is a maintenance release, but users should patch promptly.
- Local Government Cyber Risk Is Now a Data-Rights Fight - CDT’s House testimony frames state and local cybersecurity as a privacy and public trust issue, especially if federal support weakens.
- The ACLU’s case for suing federal agents - The ACLU wants Congress to restore legal paths for people to sue federal officers and agencies when constitutional rights are allegedly violated.
- RightsCon Cancellation: A Lost Coordination Layer - RightsCon’s cancellation matters not only as an event loss, but as a blow to digital rights coordination infrastructure.
- Evidence needs an archive, not just a feed - OpenArchive’s Save app shows why mobile evidence needs privacy, provenance, redundancy, and community control before platforms or devices fail.
- Tor tests crypto funding for internet freedom tools - Tor and Funding the Commons launched a crypto-native matching campaign for privacy, anti-censorship, and public-interest infrastructure projects.
- Arti 2.3.0 pushes Tor’s Rust rewrite deeper - The Tor Project’s Arti 2.3.0 release adds logging and RPC work, raises macOS support requirements, and continues development toward relay and directory aut
- Canada’s Bill C-22 tests the line on encrypted messages - Bill C-22 is moving through Canada’s Parliament with lawful-access powers that CDT says could threaten end-to-end encryption through secret compelled acces
- Censorship needs evidence before it can be challenged - Tor Project’s OONI work shows why public internet measurements matter when blocks, throttling, and shutdowns are made to look like ordinary failure.
- Civic space pressure in Kenya and Rwanda reaches ACHPR - ARTICLE 19 used the African Commission sessions to warn about protest policing, surveillance, cybercrime laws, and media pressure in Kenya and Rwanda.
- Surveillance Pricing Moves Into New Jersey’s Policy Lane - EPIC backed a New Jersey bill targeting surveillance pricing. The key issue is not only data collection, but how hidden profiling can shape the price a con
- AI-Assisted Exploits Move From Theory to Operations - GTIG says it identified a zero-day believed to be AI-developed, pointing to a more mature phase of AI use in adversary workflows.
- ICE detention expansion raises a capacity and abuse risk - The ACLU says ICE detention is being scaled toward 96,000 people despite deaths and severe conditions. The core issue is capacity without matching accounta
- BlackFile shows how vishing turns SSO into an extortion path - GTIG says UNC6671 uses live vishing, AiTM credential capture, and SaaS access to steal corporate data. The weak point is identity workflow, not a vendor CV
- Utah’s Digital ID Has a Loyalty Problem - Utah frames digital ID as modernization, but the real issue is who the system is built to serve when access and control collide.
- ABC’s FCC Fight Is a First Amendment Test - ABC’s pushback against FCC pressure could test whether broadcasters resist regulatory jawboning or self-censor to avoid a fight.
- Swat River vs hydropower: a Torwali test of consent and safeguards - Torwali communities say the Swat River is being treated as infrastructure, not a living system. A reported cabinet withdrawal is a win — but the financing,
- Digital Harm Is Protection Work in Conflict Zones - Access Now’s May 19 webinar highlights why civil society groups must treat digital risk as a core protection issue in crises.
- Exam Shutdowns Are a Bad Anti-Cheating Policy - Exam-related internet shutdowns are spreading despite thin evidence and broad social harm.
- Ireland’s Meta Probe Tests the DSA’s Real Force - Ireland is investigating whether Meta’s feed design blocks users from choosing non-profiled recommendations. The case could decide whether DSA rights becom
- When an FBI Leak Probe Tests the First Amendment - A reported FBI probe into The Atlantic’s Patel coverage raises a core press-freedom question: leak enforcement or retaliation?
- Paramount's Trump Deals Face a Shareholder Records Demand - Freedom of the Press Foundation and Reporters Without Borders say Paramount should turn over records tied to reported Trump-friendly deals, editorial chang
- Tails 7.7.2: emergency kernel fix that blocks easy privilege jumps - Tails 7.7.2 is an emergency release updating the Linux kernel to 6.12.85 to fix a critical privilege-escalation risk. The Tor Project warns a chained explo
- Tor Browser 16.0a6 alpha: updates in, but testing risk stays - Tor Browser 16.0a6 is out on the Alpha channel with Firefox security updates and dependency bumps. Tor Project reiterates: Alpha is for testing, not for at
- Vercel breach, Mythos bugs, and the security backlog crunch - Risky Business #834 links a Vercel incident, Mythos-found Firefox bugs, and NIST triage limits into one story: identity compromise stays easy, and vulnerability volume keeps rising.
- EU Chat Control 1.0 Failed Over Safeguards, Not Just Politics - The EU’s interim ePrivacy derogation collapsed because lawmakers could not agree on surveillance limits, not because one side dismissed child safety.
- Digital security in war and conflict: what civil society needs to prioritize - Access Now’s webinar announcement reflects a wider shift: digital harms are increasingly treated as part of conflict protection work. Here is what that fra
- Stateless Tor Relays: Why Tor Wants Seized Servers to Remember Nothing - Tor’s stateless relay model aims to make confiscated hardware far less useful by removing disk state from the trust equation.
- Surveillance for Sale Threatens Press Freedom - When agencies buy app-derived location data, they don’t just dodge warrants—they gain a map to journalists’ sources.
- Georgia’s media freedom crisis: what the latest warning says, and what to verify next - MFRR partners warn that press freedom in Georgia has deteriorated rapidly since the contested October 2024 elections. The available excerpt is sparse, so h
- OPSEC for Everyday Use - Practical guide: daily OPSEC routines that reduce accidental identity leaks without hurting usability.