Privacy Digest 14/25

"The Supreme Court just upended internet law, and I have questions"

Says Adi Robertson, senior tech and policy editor at The Verge. Days ago, online age verification violated the First Amendment. Now, it doesn’t. In Free Speech Coalition v. Paxton, the Court ruled that requiring users to verify their age before accessing adult content is now constitutional. While meant to protect children, the ruling raises urgent privacy concerns, potentially opens the door to data exploitation, and may trigger aggressive content policing. As states push the boundaries of what counts as “porn,” sites may preemptively censor or collect more data—reshaping the web far beyond its original intent.

theverge.com

Age Verification Porn Data exploitation Kids Online Safety Act

Unless users take action, Android will let Gemini access third-party apps

As of July 7, Google is rolling out a change that allows its Gemini AI to interact with third-party apps like WhatsApp, even on devices where users had previously blocked such access. Those who wish to maintain their original restrictions may need to update their settings manually.

arstechnica.com

Android Privacy Third-Party Applications

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

Security researchers uncovered critical flaws in the McHire platform, an AI-powered hiring site developed by Paradox.ai for McDonald’s. This exposed the personal data of tens of millions of applicants. One glaring issue was the use of an extremely weak password, while another allowed attackers to access other users’ applications simply by tweaking the application ID. The vulnerabilities were reported responsibly to both McDonald’s and Paradox.ai.

wired.com

Data Leak Paradox.ai McHire McDonald’s

Android 16 will protect users from fake cell towers and potential spying threats

A new feature in Android 16 will warn if you connect to an unencrypted network or if it requests sensitive info from your device.

engadget.com

Android Mobile Security Cell Tower Spoofing

Swedish PM’s safety threatened by Strava location leaks through bodyguards

Over 1,400 Strava uploads from Ulf Kristersson’s protection detail exposed sensitive routes linked to the Swedish Prime Minister, including his home, hotels, and international visits. At least 35 posts revealed his live whereabouts, with other high-profile figures also affected. Säpo has launched an investigation and secured the accounts. The US Secret Service and Emmanuel Macron’s bodyguards were involved in similar lapses in 2024. In 2018, secret US military bases were revealed the same way.

theguardian.com

Strava Data Leak Privacy Risks