Reading up on privacy
100 deep · digging since dec 08, 25
- What xAI Grok Build CLI actually sends to xAI - a wire-level analysis (grok 0.2.93)
xAI Grok Build CLI sends file contents—including .env secrets—to xAI via model turns and uploads entire repositories as git bundles to GCS bucket grok-session-traces, regardless of what the agent reads.
- Apple's New Speech API vs Whisper: The First Real Benchmark
Apple's new SpeechAnalyzer achieves 2.12% WER on clean LibriSpeech, beating Whisper Small and legacy SFSpeechRecognizer while running about three times faster.
- URL Source: https://www.reddit.com/r/founder/s/lIJCOgIueI
The user attempted to view a Reddit founder community post but received a network security block message indicating access was denied due to protective filtering.
- URL Source: https://www.reddit.com/r/founder/s/xrgdNOGY84
Attempting to view the Reddit founder community link resulted in a network security block, displaying a message that access was denied.
- A new way to reflect on how you use Claude \ Anthropic
Anthropic launches a beta reflection dashboard that lets Claude users track, visualize, and assess their AI usage patterns against personal goals.
- Introducing the <usermedia> HTML element | Blog
Chrome 151 introduces the <usermedia> HTML element to handle camera and microphone access declaratively, replacing script-triggered prompts and improving permission recovery rates.
- Hotswap - Drop-in open coding models hosted for you
Arcjet provides runtime security for AI applications, including prompt injection detection, data loss prevention, and agent tool controls.
- The Cypherpunk Library
The Cypherpunk Library offers a curated collection of public-domain readings on cryptography and privacy, free and available for browsing.
- taken. — Since You Arrived Vol. IV
The page reveals the browser data websites silently collect—IP, timezone, GPU, fonts, battery level—without permission, highlighting fingerprinting prevalence.
- I Stored a Website in a Favicon
The author encoded a 208-byte HTML page into a 9x9 pixel favicon by storing RGB values and decoded it with JavaScript, demonstrating data storage in unintended places.
- Cloudflare teams up with Chrome, Firefox, and Edge on a privacy-first anti-bot protocol
Cloudflare, Mozilla, Google, and Microsoft are developing PACT, a privacy-first protocol to verify web traffic legitimacy without tracking users.
- Anthropic says Claude may want to see your ID
Anthropic may require some Claude users to upload government ID to appeal flagged accounts, citing fraud prevention amid tensions with the Trump administration.
- Show HN: Are You in the Weights?
A tool queries multiple LLMs to see if they recognize a name, but users report that even confident responses are often hallucinated or inaccurate.
- Ask HN: Has anyone replaced Claude/GPT with a local model for daily coding?
Users replacing Claude/GPT with local Qwen 3.6 models report a 5x speedup (vs 15x for cloud models) but require precise prompts and experience more loops and tool-call errors.
- Local Qwen isn't a worse Opus, it's a different tool
Local Qwen models are a different tool from frontier LLMs, offering privacy and fixed costs but suffering from looping and hallucination issues.
- Apple is about to make Hide My Email useless
Apple's decision to move Hide My Email and Sign in with Apple aliases to @private.icloud.com makes it trivial for services to block them, gutting the feature's privacy benefits.
- Google Chrome update will fully close the door on ad blockers
Google Chrome is fully removing Manifest V2 support in upcoming releases, finally ending the last loophole that allowed ad blockers like uBlock Origin to work.
- Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow - Neowin
Google Chrome removed the final feature flags that allowed uBlock Origin and other Manifest V2 extensions to function, with Edge and Opera expected to follow.
- The 4 iPhone Security Settings You Should Turn On Right Now
Enabling four specific iPhone privacy and security settings—Stolen Device Protection, iMessage Contact Key Verification, iCloud Advanced Data Protection, and Lockdown Mode—immediately reduces risk from device theft and targeted attacks.
- Google offers opt-out of “AI” search results for websites, promises it won’t affect regular search rankings – OSnews
Google adds a Search Console toggle allowing websites to opt out of AI Overviews and other generative AI search features, promising no impact on regular rankings.
- DuckDuckGo search saw 28% more visits after Google said people love AI mode
DuckDuckGo saw a 28% increase in visits after Google promoted its AI mode, sparking polarized reactions on Hacker News.
- A.I. Is Making Scams Hard to Spot. Here’s How to Protect Yourself.
AI-generated deepfakes and voice clones make scams harder to detect, requiring new verification habits like safe words and direct callback.
- China Is Testing Its State Surveillance Model Abroad
China is testing its state surveillance model abroad in a remote Pacific village, sparking backlash from locals.
- What Apple and Google are doing to your push notifications
Apple and Google have transformed push notifications from a simple delivery pipe into an on-device AI-edited channel that summarises, reorders and deprioritises content, mirroring the intermediation that email underwent a decade earlier.
- Their Phones Were Stolen in London. Then the Threats Started.
London phone theft victims face escalating threats after their devices are stolen, as criminals exploit personal data for extortion.
- Local AI needs to be the norm
Commenters argue local AI is already viable for many tasks and will become the norm, driven by open-weights models and privacy concerns, not just cloud convenience.
- Apparently Google hates us now
HN commenters argue that Google's services have degraded due to enshittification, driving users to alternatives like Kagi, Yandex, and DuckDuckGo.
- Goodbye Visa and Mastercard: 130M Europeans switching to sovereign payment
European consumers are shifting to the sovereign payment system Wero, which redirects payments through banks, reducing reliance on Visa and Mastercard, but commenters debate the risks of central bank control.
- The Quiet Renovation at Bitwarden - ByteHaven - Where I ramble about bytes
Bitwarden is quietly enshittifying under new private-equity CEO Michael Sullivan, removing "Always free" and core values like inclusion and transparency.
- Apple Silicon costs more than OpenRouter
Running local LLMs on Apple Silicon is not cheaper than using cloud APIs like OpenRouter when factoring hardware, electricity, and speed costs.
- OpenAI launches ChatGPT for personal finance, will let you connect bank accounts
OpenAI launches personal finance tools for ChatGPT Pro users, letting them connect bank accounts via Plaid for spending analysis and planning.
- Why ‘Smart’ Products Have Started to Look Like the Dumb Choice
A growing consumer backlash against Wi-Fi-connected, app-based 'smart' products in the name of simplicity is driving preference for non-connected 'dumb' alternatives.
- Tenderly Tracking My Husband
Using location tracking to follow a spouse's movements creates a paradoxical sense of closeness and anxiety about their safety.
- Green Card Holders Targeted for Deportation by New ‘Removal Apparatus’
The Department of Homeland Security created a new unit to review and potentially deport thousands of green card holders by scrutinizing past immigration records more aggressively.
- Bambu Lab is abusing the open source social contract - Jeff Geerling
Bambu Lab threatened a developer with legal action over an AGPL-licensed OrcaSlicer fork, escalating its crackdown on local-only printer control.
- DeepSeek V4 – almost on the frontier
DeepSeek V4 Pro offers coding quality near frontier models like Opus 4.7 at a fraction of the cost, though some users note slower thinking and data privacy concerns.
- EU calls VPNs “a loophole that needs closing” in age verification push
EU research arm warns VPNs are a loophole enabling minors to bypass age-verification laws, with some policymakers calling for age checks on VPN access.
- Google’s Prompt API
Google's Prompt API ships as a Chrome-only web standard requiring users to accept Google's use policy and download Gemini Nano without permission, drawing opposition from Mozilla and WebKit.
- SoundOff: Low-cost Passive Ultrasound Tags for Non-invasive and Non-Intrusive Smart Home Sensing — Yibo Fu
SoundOff uses passive, battery-free 3D-printed metal tags that emit unique ultrasound chirps when moved, enabling private, zero-infrastructure smart home sensing.
- The duality of language models in the browser - daverupert.com
The author expresses cautious optimism about small language models in browsers, highlighting privacy and low cost while noting concerns about calcification and standardization.
- How ChatGPT serves ads
OpenAI serves ads in ChatGPT by injecting single_advertiser_ad_unit objects into the SSE response, with four Fernet-encrypted tokens and contextual targeting.
- How ChatGPT serves ads. Here's the full attribution loop.
OpenAI's ChatGPT ad platform injects structured ad units into conversation streams and uses Fernet-encrypted tokens with a browser SDK to track conversions.
- Meta to start capturing employee mouse movements, keystrokes for AI training
Meta is installing software to capture employee mouse movements, keystrokes, and screen content for training AI agents to perform work tasks autonomously.
- LittleSnitch for Linux
Objective Development releases Little Snitch for Linux as a free, closed-source network monitor using eBPF, with limitations in reliability compared to its macOS counterpart.
- Personal Encyclopedias
A project uses AI to automatically generate a personal encyclopedia from photos, location data, and digital exports, preserving family history with structured cross-referencing.
- ICE Agents at Some Airports Begin Checking IDs in Security Lines - The New York Times
ICE agents have begun checking IDs in TSA security lines at some airports, raising traveler concerns, with unclear effects on wait times.
- GitHub - matthartman/ghost-pepper: Hold-to-talk speech-to-text for macOS. 100% local, powered by WhisperKit and local LLM cleanup. Hold Control to record, release to transcribe and paste.
Ghost Pepper is a free, open-source macOS app that provides 100% local, hold-to-talk speech-to-text and meeting transcription using on-device AI models.
- OpenAI rolls out ChatGPT Library to store your personal files
OpenAI rolls out a ChatGPT Library feature that automatically saves uploaded files to cloud storage for later reference in conversations.
- A.I. Bots Can Act as Personal Digital Assistants, but There Are Serious Risks - The New York Times
AI bots that can edit files and book trips pose serious risks of data breaches, unwanted actions, and loss of user control.
- Reddit User Uncovers Who Is Behind Meta's $2B Lobbying for Age Verification Tech
A Reddit researcher uncovered that Meta funneled $2 billion through nonprofits to lobby for age verification laws that would force Apple and Google to build OS-level age verification while exempting Meta's own platforms.
- Ageless Linux – Software for humans of indeterminate age
Ageless Linux is a Debian-based OS that deliberately flouts California's AB 1043 age verification law, framing its noncompliance as a civil liberties stand.
- Sitegeist - Your AI Companion for the Web
Sitegeist is a browser-based AI assistant that lets users automate web tasks, extract data, and build reusable skills while keeping data local and offering flexible AI model choices.
- The 49MB web page
News websites like the NYT have grown bloated with ads and tracking, reaching 49MB, driving users to block JavaScript or seek alternatives.
- Cloudflare crawl endpoint
Cloudflare launches a managed crawl endpoint that respects robots.txt, aiming to provide a well-behaved alternative to aggressive AI scrapers.
- Innocent woman jailed after being misidentified using AI facial recognition
An innocent woman was jailed for months after AI facial recognition wrongly identified her as a bank fraud suspect, despite clear evidence she was far away.
- A.I. Chatbots Want Your Health Records. Tread Carefully. - The New York Times
Microsoft upgrades its AI assistant to track health records, following Amazon and OpenAI, warning users of both benefits and risks.
- Microsoft’s New AI Health Tool Can Read Your Medical Records and Give Advice - WSJ
Microsoft launches Copilot Health, an AI-powered concierge doctor within its Copilot app that provides personalized advice based on user medical records and biometric data.
- Yaak – The API client you'll actually enjoy
Yaak is an offline-first, local-only API client supporting HTTP, GraphQL, gRPC, WebSocket, and SSE, developed by the original creator of Insomnia as a simpler, privacy-focused alternative to Postman and Insomnia.
- X’s Chatbot Started Undressing Women. Was This What A.I. Wanted All Along? - The New York Times
Grok Imagine's nudify scandal shows that AI's image-manipulation capabilities enable non-consensual sexualization, fulfilling a troubling desire to control photos of women.
- Online age-verification tools for child safety are surveilling adults
Age-verification tools required by child-safety laws effectively surveil and de-anonymize all adult internet users, not just protect minors.
- A.I. Complicates Old Internet Privacy Risks - The New York Times
AI chatbots revive old internet privacy risks by collecting user conversations, potentially exposing sensitive data without users' full awareness.
- Our agreement with the Department of War
OpenAI announces a contract with the Pentagon for classified AI deployments, emphasizing cloud-only deployment, retained safety guardrails, and explicit prohibitions against domestic surveillance and autonomous weapons.
- Visitors - Privacy-friendly Google Analytics alternative
Visitors is a privacy-focused Google Analytics alternative offering GDPR compliance, realtime analytics, and revenue tracking through integrations.
- Tell HN: YC companies scrape GitHub activity, send spam emails to users
YC companies such as Run Anywhere scrape GitHub commit metadata to send unsolicited marketing emails to developers, violating GDPR and GitHub's terms of service.
- Americans are destroying Flock surveillance cameras
Across the US, people are vandalizing Flock license plate cameras in protest of the company's data sharing with ICE and immigration authorities.
- MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes
MuMu Player Pro for macOS silently executes 17 system reconnaissance commands every 30 minutes, capturing processes, network data, and hardware info without disclosure.
- Amical launches open-source, privacy-focused AI dictation app
Amical is a local-first, MIT-licensed dictation app that uses Whisper and open-source LLMs for privacy-preserving, context-aware speech-to-text on Mac and Windows.
- Mark Zuckerberg Lied to Congress. We Can't Trust His Testimony
A Tech Oversight report documents multiple instances where Meta CEO Mark Zuckerberg misled Congress about safety on the company's platforms, including underage privacy protections and content moderation effectiveness.
- DuckDuckGo rolls out AI-powered image editing on Duck.ai - 9to5Mac
DuckDuckGo adds free, private AI image editing to Duck.ai, using OpenAI models while stripping user metadata and storing uploads locally.
- GrapheneOS – Break Free from Google and Apple
GrapheneOS enhances Android privacy and security on Pixel phones but users face banking app compatibility, account bans, and reliance on Google hardware.
- Ministry of Justice orders deletion of the UK's largest court reporting database
UK Ministry of Justice orders deletion of CourtsDesk, the largest court reporting database, citing a data breach involving an AI company.
- uBlock filter list to hide all YouTube Shorts
A maintained uBlock Origin filter list hides all YouTube Shorts, with additional filters for comments and playables, and is actively maintained by a new contributor.
- Chrome extensions spying on users' browsing data
A security analysis using automated scanning found 36 malicious Chrome extensions that exfiltrate browsing data, affecting over 37 million users.
- Amazon Ring's lost dog ad sparks backlash amid fears of mass surveillance
Amazon Ring aired a Super Bowl ad promoting its AI-powered neighborhood surveillance to find lost dogs, reigniting backlash over privacy and mass surveillance concerns.
- Discord will require a face scan or ID for full access next month
Discord will require facial age estimation or ID upload to access adult content starting next month, using account data for most users instead of verification.
- What Homeowners Need to Know About Smart Home Cameras - The New York Times
A new Super Bowl ad for doorbell cameras raises questions about the extent of surveillance power homeowners have.
- Google Fulfilled ICE Subpoena Demanding Student Journalist Credit Card Number
ICE subpoenaed Google for a student journalist's bank and credit card data following a pro-Palestinian protest, revealing the broad sweep of administrative subpoenas.
- A.I. Personalizes the Internet but Takes Away Control - The New York Times
The relentless integration of AI into popular apps personalizes the internet but reduces user control, threatening the lifeblood of digital advertising.
- GitHub - AnthonyRonning/sage
Sage is an experimental, self-hosted AI assistant with persistent memory, encrypted messaging via Signal or Nostr, and confidential LLM inference inside a TEE.
- DoNotNotify is now Open Source
DoNotNotify, an Android app for granular notification control, has been open-sourced to demonstrate its privacy-first approach and invite community contributions.
- Pinterest sacks two engineers for creating software to identify fired workers
Pinterest fired two engineers who built a script to scrape internal tools and share which colleagues were laid off in a 700-person reduction.
- LinkedIn checks for 2953 browser extensions
LinkedIn scans browsers for over 2,900 Chrome extensions to detect and block scraping, automation, and data-harvesting tools used for spam.
- FBI couldn't get into WaPo reporter's iPhone because Lockdown Mode enabled
The FBI was unable to extract data from a Washington Post reporter's iPhone because it had Lockdown Mode enabled, according to court documents.
- I made 20 GDPR deletion requests. 12 were ignored
A user's 20 GDPR deletion requests saw 12 ignored, revealing enforcement gaps and company noncompliance in EU privacy law.
- The Tech Arsenal That ICE Has Deployed in Minneapolis - The New York Times
According to the New York Times, ICE agents in Minneapolis use facial recognition, social media monitoring, and other tech tools to identify undocumented immigrants and track protesters.
- Apple's AI Game is Misunderstood - by Dave Friedman
Apple's AI strategy bets on-device inference using its 2.2 billion devices as pre-deployed infrastructure, avoiding cloud compute costs.
- That's not how email works
HSBC sends letters claiming emails are undelivered when their tracking pixels aren't loaded, despite the emails being delivered, highlighting flawed email tracking practices.
Takes
🤯 Wow I can't believe I'm open sourcing the email platform we built internally. Self-hosted, runs on your own AWS SES. You pay @awscloud $0.10 per 1,000 emails instead of a SaaS markup, and your email data never leaves your infra. MIT licensed. Here's what it does 🧵
@vijaytupakula
Knockoff is now live! Filter out the knockoff crap brands on Amazon. Sorry to brands like WNPETHOME, EHEYCIGA, YXYL, LU&MN, JOYIN, TOMY, GODONLIF, YOOJEE, LINGTENG, LANEIGE, VISCOO, BIODANCE, COOFANDY, BALENNZ, TOSY and LUENX. https://knockoff.shopping
@Shpigford
I'm bullish on open source AI. Was paying $15/month for a popular AI voice to text tool. But switched to an open source one where you download the model to your computer, and everything is done locally. It's better, faster, more private, and it's free! I wonder what other subscriptions I can get rid of?
@thepatwalls
🎉 Mole for Mac 1.7 is live. Apple Silicon fan control, camera/mic privacy alerts, stay awake for AI coding, lock input to wipe your screen, VoiceOver, built-in app updates, Blue Marble earth, fast treemap. Ready for macOS 27. Early bird $9 till Jun 15. http://mole.fit
@HiTw93
My new macOS app just launched 🎉🥳 Here’s your new favorite macOS app: http://Supaste.com Clipboard history + manager app 👇 For sure: local, private, offline, no subscription.
@soltwagner
User Journeys is finally here, which was our most requested major feature ever! Now, you'll be able to see exactly how visitors use your site. How they navigate from page-to-page, reach goals, where they drop off, and conversion rates for each path. It works backwards too. So you can pick any endpoint and trace back the paths that led to it. ✅ Simple to use (as always) ✅ Privacy-friendly (no compromise) ✅ Zero setup required, available on your dashboard now ✅ Works on all your historical data
@PlausibleHQ
never share / record your email / ssn / address again shades is a chrome extension that masks sensitive input (in a fun way)
@mattyp
Brave just added a feature people have wanted for YEARS. Containers. And most users don’t realize how powerful this is. Here’s why it changes how you browse 👇
@Techjunkie_Aman
When Brave users told us they'd pay for a minimalist version of our browser, we listened. Brave Origin, now in Nightly, is a paid version of our browser for users who don't need all of Brave’s features but still want its leading privacy and ad blocker: https://account.brave.com/?intent=checkout&product=origin
@BraveNightly
So @brave just launched Brave Origin, a bare-bones, privacy-first browser without any ads, AI, or web3. It's $60. Unless you're on Linux, in which case it's free. Pic related (arch btw)
@o7laurence
Personal agent software that you install locally is one of my favorite new metas of 2026Placing agent power on your own computer empowers every user and I’m so here for thathttps://t.co/5c173AvyTX
@garrytan
Interesting way of setting openclaw. Instead of giving it access to all your digital accounts, you make separate accounts for everything just like you would do with a real assistant. https://t.co/ZlTDszE61Q
@dvassallo
What's currently going on at @moltbook is genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently. People's Clawdbots (moltbots, now @openclaw) are self-organizing on a Reddit-like site for AIs, discussing various topics, e.g. even how to speak privately. https://t.co/A9iYOHeByi
@karpathy