Encryption can’t protect you from adding the wrong person to a group chat. But there is also a setting to make sure you don’t.

You can add your own nickname to a Signal contact by clicking on the person’s profile picture in a chat with them then clicking “Nickname.” Signal says “Nicknames & notes are stored with Signal and end-to-end encrypted. They are only visible to you.” So, you can add a nickname to a Jason saying “co-founder,” or maybe “national security adviser,” and no one else is going to see it. Just you. When you’re trying to make a group chat, perhaps.

Signal could improve its user interface around groups and people with duplicate display names.

A contractor for Immigration and Customs Enforcement (ICE) and many other U.S. government agencies has developed a tool that lets analysts more easily pull a target individual’s publicly available data from a wide array of sites, social networks, apps, and services across the web at once, including Bluesky, OnlyFans, and various Meta platforms, according to a leaked list of the sites obtained by 404 Media. In all the list names more than 200 sites that the contractor, called ShadowDragon, pulls data from and makes available to its government clients, allowing them to map out a person’s activity, movements, and relationships.

ShadowDragon says in marketing material its tools can be used to monitor protests, and claims it found protests around Union Station in Washington DC during a 2023 visit by Benjamin Netanyahu. Daniel Clemens, ShadowDragon’s CEO, previously said on a podcast that protesters should not “be surprised when people are going to investigate you because you made their life difficult.”

“The long list of sites and services that ShadowDragon’s SocialNet tool accesses is a reminder of just how much data is accessible and collected from and about us to provide surveillance services to the government and others,” Jeramie Scott, senior counsel and director the Electronic Privacy Information Center’s (EPIC) Project on Surveillance Oversight, told 404 Media in an email. “SocialNet is just one example of the unchecked surveillance ecosystem that lacks any meaningful transparency, oversight, or accountability that allows the government to circumvent Constitutional and statutory protections to access sensitive personal data,” he added.

The leaked list of targeted sites and services include ones from major tech companies such as Apple, Amazon, Meta, Microsoft, and TikTok. It also includes communication tools like Discord and WhatsApp; activity- or hobby-focused sites like AllTrails, BookCrossing, Chess.com, and cigar review site Cigar Dojo; payment services like Cash App, BuyMeACoffee, and PayPal; sex worker sites OnlyFans and JustForFans; and social networks Bluesky and Telegram. Even relatively obscure social networks are included in the list, such as BeReal.

Apple reportedly filed an appeal in hopes of overturning a secret UK order requiring it to create a backdoor for government security officials to access encrypted data.

"The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter," the Financial Times reported today. The case "is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court," the article said.

Although it wasn't previously reported, Apple's appeal was filed last month at about the time it withdrew ADP from the UK, the Financial Times wrote today.

"The case could be heard as soon as this month, although it is unclear whether there will be any public disclosure of the hearing," the FT wrote. "The government is likely to argue the case should be restricted on national security grounds."

At launch, access to Mullvad Leta was restricted to users with a paid Mullvad VPN account, but it is now free and open to all.

Mullvad Leta has been audited by Assured.

• FAQ
• Terms of Service

Just a heads up, some of the details in the FAQ and Terms of Service seem a bit outdated and might not be accurate anymore.

Some relevant information from their FAQ section is as follows:

What can I do with Leta?

Leta is a search engine. You can use it to return search results from many locations. We provide text search results, currently we do not offer image, news or any other types of search result. Leta acts as a proxy to Google and Brave search results. You can select which backend search engine you wish to use from the homepage of Leta.

Can I use Leta as my default search engine?

Yes, so long as your browser supports changing default search engines.

Navigate to https://leta.mullvad.net/ in your browser and right-click on the URL bar.

From there you should see Add “Mullvad Leta“ with the Mullvad VPN logo to the left.

If you do not see this, you can attempt to add a custom search engine to your browser with:

• The name set to: Leta
• The URL set to: https://leta.mullvad.net/?q=%25s

You can select which backend engine to use as follows:

• Google: https://leta.mullvad.net/?q=%25s&engine=google
• Brave: https://leta.mullvad.net/?q=%25s&engine=brave

Did you make your own search engine from scratch?

We did not, we made a front end to the Google and Brave Search APIs.

Our search engine performs the searches on behalf of our users. This means that rather than using Google or Brave Search directly, our Leta server makes the requests.

Searching by proxy in other words.

What is the point of Leta?

Leta aims to present a reliable and trustworthy way of searching privately on the internet.

However, Leta is useless as a service if you use the perfect non-logging VPN, a privacy focussed DNS service, a web browser that resists fingerprinting, and correlation attacks from global actors. Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.

For most people Leta can be useful, as the above conditions cannot ever truly be met by systems that are available today.

What is a cached search?

We store every search in a RAM based cache storage (Redis), which is removed after it reaches over 30 days in age.

Cached searches are fetched from this storage, which means we return a result that can be from 0 to 30 days old. It may be the case that no other user has searched for something during the time that you search, which means you would be shown a stale result.

What happens to everything I search for?

Your searches are performed by proxy, it is the Leta server that makes calls to the Google or Brave Search API.

Each search that has not already been cached is saved in RAM for 30 days. The idea is that the more searches performed, the larger and more substantial the cached results become, therefore aiding with privacy.

All searches will be stored hashed with a secret in a cache. When you perform a search the cache will be checked first, before determining whether a direct call to Google or Brave Search should be made. Each time the Leta application is restarted (due to an upgrade, or new version) server side, a new secret hash is generated, meaning that all previous search queries are no longer visible to Leta

What could potentially be a unique search would become something that many other users would also search for.

What is running on the server side?

We run the Leta servers on STBooted RAM only servers, the same as our VPN servers. These servers run the latest Ubuntu LTS, with our own stripped down custom Mullvad VPN kernel which we tune in-house to remove anything unnecessary for the running system.

The cached search results are stored in an in-memory Redis key / value store.

The Leta service is a NodeJS based application that proxies requests to Google or Brave Search, or returns them from cache.

We gather metrics relating to the number of cached searches, vs direct searches, solely to understand the value of our service.

Additionally we gather information about CPU usage, RAM usage and other such information to keep the service running smoothly.

Firefox maker Mozilla deleted a promise to never sell its users' personal data and is trying to assure worried users that its approach to privacy hasn't fundamentally changed. Until recently, a Firefox FAQ promised that the browser maker never has and never will sell its users' personal data. An archived version from January 30 says:

Does Firefox sell your personal data?

Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That's a promise.

That promise is removed from the current version. There's also a notable change in a data privacy FAQ that used to say, "Mozilla doesn't sell data about you, and we don't buy data about you."

The data privacy FAQ now explains that Mozilla is no longer making blanket promises about not selling data because some legal jurisdictions define "sale" in a very broad way:

Mozilla doesn't sell data about you (in the way that most people think about "selling data"), and we don't buy data about you. Since we strive for transparency, and the LEGAL definition of "sale of data" is extremely broad in some places, we've had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).

Mozilla didn't say which legal jurisdictions have these broad definitions.

Hot off the back of its recent leadership rejig, Mozilla has announced users of Firefox will soon be subject to a ‘Terms of Use’ policy — a first for the iconic open source web browser.

This official Terms of Use will, Mozilla argues, offer users ‘more transparency’ over their ‘rights and permissions’ as they use Firefox to browse the information superhighway — as well well as Mozilla’s “rights” to help them do it, as this excerpt makes clear:

You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet.

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

Also about to go into effect is an updated privacy notice (aka privacy policy). This adds a crop of cushy caveats to cover the company’s planned AI chatbot integrations, cloud-based service features, and more ads and sponsored content on Firefox New Tab page.

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.

She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope.

Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however.

"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications."

Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer.

Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE.

The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request.

It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”

With reproductive rights under fire across the U.S. and globally, access to accurate abortion information has never been more critical—especially online.

That’s why reproductive health and rights organizations have turned to online platforms to share essential, sometimes life-saving, guidance and resources. Whether it's how to access information about abortion medication, where to find clinics, or the latest updates on abortion laws, these online spaces have become a lifeline, particularly for those in regions where reproductive freedoms are under siege. But there's a troubling trend making it harder for people to access vital abortion information: social media platforms are increasingly censoring or removing abortion-related content—often without clear justification or policy basis.

In response to this growing issue, EFF has partnered with the Repro Uncensored coalition to call attention to instances of reproductive health and abortion content being removed or suppressed by social media platforms.

We are collecting stories from individuals and organizations who have faced censorship on these platforms to expose the true scale of the issue. Our goal is to demand greater transparency in tech companies' moderation practices and ensure that their actions do not silence critical conversations about reproductive rights.

We are not simply raising awareness—we are taking action to hold tech companies accountable for their role in censoring free speech around reproductive health.

Not everyone has experienced censorship, but that doesn’t mean you can’t contribute to the cause. You can still help by spreading the word.

Together, we can amplify the message that information about reproductive health and rights should never be silenced—whether in the real world or online.

Protector, an app that lets you book armed goons the same way you’d call for an Uber, is having a viral moment.

Protector lets the user book armed guards on demand. Right now it’s only available in NYC and LA. According to its marketing, every guard is either “active duty or retired law enforcement and military.” Every booking comes with a motorcade and users get to select the number of Escalades that’ll be joining them as well as the uniforms their hired goons will wear.

Protector is currently “#7 in Travel” on Apple’s App Store. It’s not available for people who use Android devices. Sorry Google phone fans, if you want your own armed goons you’ll have to resort to more traditional methods of goon employment.

The marketing for Protector, which lives on its X account, is surreal. A series of robust and barrel-chested men in ill-fitting black suits deliver their credentials to the camera while sitting in front of a black background. They’re all operators. They describe careers in SWAT teams and being deployed to war zones. They show vanity shots of themselves kitted out in operator gear. All of them have a red lapel pin bearing the symbol of Protector.

Who is this for, you might ask? A video posted on January 6, 2025, that runs just over two minutes gives the game away. It opens with a photo of assassinated UnitedHealthcare CEO Brian Thompson. “We’re going to run through a scenario to demonstrate, where if a Protector had been present, crisis could have been averted,” the Protector says in the video. He then runs through several fantasy versions of the assassination where a Protector is on hand to prevent the assassin from killing the CEO.

Reddit is planning to introduce a paywall this year, CEO Steve Huffman said during a videotaped Ask Me Anything (AMA) session on Thursday.

Huffman previously showed interest in potentially introducing a new type of subreddit with "exclusive content or private areas" that Reddit users would pay to access.

When asked this week about plans for some Redditors to create "content that only paid members can see," Huffman said:

It’s a work in progress right now, so that one’s coming... We're working on it as we speak.

When asked about "new, key features that you plan to roll out for Reddit in 2025," Huffman responded, in part: “Paid subreddits, yes.”

Reddit's paywall would ostensibly only apply to certain new subreddit types, not any subreddits currently available.

Reddit executives also discussed how they might introduce more ads into the social media platform. The push for ads follows changes to Reddit’s API policy that, in part, led to the closing of most third-party apps used for accessing Reddit. Reddit makes most of its revenue from ads and can only show ads on its native apps and website.

Reddit started testing ads in comments last year, with COO Jen Wong saying during an AMA that such ads are in “about 3 percent of inventory.” The executive hinted at that percentage growing. Wong also shared hopes that contextual advertising, or ads being shown based on the content surrounding them, will be a “bigger part of” Reddit’s business by 2026.

When thousands of pages started disappearing from the Centers for Disease Control and Prevention (CDC) website late last week, public health researchers quickly moved to archive deleted public health data.

Soon, researchers discovered that the Internet Archive (IA) offers one of the most effective ways to both preserve online data and track changes on government websites. For decades, IA crawlers have collected snapshots of the public Internet, making it easier to compare current versions of websites to historic versions. And IA also allows users to upload digital materials to further expand the web archive. Both aspects of the archive immediately proved useful to researchers assessing how much data the public risked losing during a rapid purge following a pair of President Trump's executive orders.

Part of a small group of researchers who managed to download the entire CDC website within days, virologist Angela Rasmussen helped create a public resource that combines CDC website information with deleted CDC datasets. Those datasets, many of which were previously in the public domain for years, were uploaded to IA by an anonymous user, "SheWhoExists," on January 31. Moving forward, Rasmussen told Ars that IA will likely remain a go-to tool for researchers attempting to closely monitor for any unexpected changes in access to public data.

Rasmussen told Ars that the deletion of CDC datasets is "extremely alarming" and "not normal." While some deleted pages have since been restored in altered versions, removing gender ideology from CDC guidance could put Americans at heightened risk. That's another emerging problem that IA's snapshots could help researchers and health professionals resolve.

On Bluesky, Rasmussen led one of many charges to compile archived links and download CDC data so that researchers can reference every available government study when advancing public health knowledge.

"These data are public and they are ours," Rasmussen posted. "Deletion disobedience is one way to fight back."

To help researchers quickly access the missing data, anyone can help the IA seed the datasets, the Reddit user said in another post providing seeding and mirroring instructions. Currently dozens are seeding it for a couple hundred peers.

"Thank you to everyone who requested this important data, and particularly to those who have offered to mirror it," the Reddit user wrote.

As Rasmussen works with her group to make their archive more user-friendly, her plan is to help as many researchers as possible fight back against data deletion by continuing to reference deleted data in their research. She suggested that effort—doing science that ignores Trump's executive orders—is perhaps a more powerful way to resist and defend public health data than joining in loud protests, which many researchers based in the US (and perhaps relying on federal funding) may not be able to afford to do.

"Just by doing things and standing up for science with your actions, rather than your words, you can really make, I think, a big difference," Rasmussen said.