EFF: Updates
Victory! Flock Ends Rollout of Audio “Distress Detection” of Human Voices
Reversing course, Flock Safety—the surveillance technology vendor most known for its extensive network of automated license plate readers—has announced that it will end a pilot for its acoustic gunshot detection devices to identify signs of “human distress.”
In October 2025, EFF warned the public that Flock was rolling out a new feature called “Distress Detection” that would be deployed through their acoustic gunshot detection devices (formerly known as Flock Raven, now called Audio Detection). This feature purported to use high-powered microphones scattered throughout a city to search for sounds of human distress, with original advertisements from the product indicating it would search for “screaming.” (Since the publication of our original blog post, Flock quietly amended the ad on this webpage to say “distress” instead of “screaming.”)
Now, Flock has published a blog post stating that “[a]fter careful consideration and community consultation, we decided to remove the feature.” Good riddance.
We said it when the product was announced and we’ll say it again: this was a misguided and dangerous feature because of the civil liberties concerns it poses, the possibility it could summon armed police to every loud interaction happening on the street, and because in several places this type of spying would be illegal under state eavesdropping laws.
We were not quiet about this potential new feature. Flock even mentioned our concern about Distress Detection in an attempt to rebut our opposition to the mass surveillance their products enable.
The suspension of Distress Detection, however, does not mean that these high-powered microphones are now magically safe or beyond our concern. Acoustic gunshot detection is still a dangerous and often highly inaccurate technology that has resulted in real world harm, as in Chicago where it resulted in police shooting at children lighting fireworks. As Flock itself states, “No acoustic system is perfect, and we don't claim otherwise.” But police response to a situation where they believe guns are actively in use seems like a pretty high-stakes situation to be making, selling, and deploying technology known to be imperfect. Flock’s devices also listen for more than just gunshots. Their marketing materials admit to be listening for “community disruption,” which includes “non-violent” threats like car sideshows and fireworks.
Flock’s failed attempt to roll out Distress Detection teaches us a few important lessons about the current state of police surveillance. First, we should not assume that just because these companies are large and well-funded, that does not ensure that they are complying with local privacy laws before floating new products to customers. Second, companies roll out and police adopt invasive technology under the justification that it will be used to address our society’s very worst crimes. However, both the companies and police will leverage deployed surveillance infrastructure to introduce new uses without necessarily seeking the consent or approval of the public. Gunshot detecting microphones eventually being used to listen for screaming is exactly the type of mission creep that we’ve seen happen with other pieces of surveillance technology, including Flock’s license plate readers. Finally, gun violence is too serious and complex of an issue to purport to solve with one flawed piece of technology. It has become too easy for police and cities to listen to the fancy marketing pitches of tech companies claiming they’re going to solve all crime instead of doing the hard work of addressing the root causes of societal issues. And, in the meantime, that technology creates more problems and hazards for the communities they blanket in police surveillance.
As we’ve also seen with people across the country pushing back on Flock license plate reader contracts in their communities, public pressure can sometimes work to influence both companies and lawmakers that control a city’s purse strings to discontinue or divest from harmful products. Flock’s decision to end “Distress Detection” for human voices is a win.
Your Vision. Your Legacy. Your Future.
This month, we celebrate 36 years of EFF and a mission that is bigger than any one of us. Thanks to EFF, communities around the world are demanding that technology protects their freedom, advances justice, and opens doors to opportunity. That's not a small thing—it's a life's work worth continuing.
If you are committed to staying on the cutting edge of digital rights issues, I'd like to invite you to consider taking that commitment one step further by joining EFF’s Lighthouse Society, our way to acknowledge and thank the community of supporters who are including EFF in their legacy plans.
Learn About the Lighthouse Society
By including EFF in your will or estate plans, you can ensure that EFF’s work and values don't just live beyond you; they thrive because of you. A legacy gift is one of the most powerful ways to say: This matters, and I want it to matter long after I'm gone.
Your gift will fuel our mission for generations by protecting freedom, advancing justice, and driving innovation for communities who need it most. There is still so much more to do, so much more to fight for. With your foresight, it can go so much further.
Planned giving is also more flexible than you might realize. A bequest in your will, a simple beneficiary designation, or another estate planning option can all make a profound difference, often without affecting your finances today.
Get in touch and learn more about what's possible with the Lighthouse Society. Reach out to Jocelyn Wicker at majorgifts@eff.org or fill out our online form to share your intention to give. Thank you for considering a legacy that will carry this work forward for years to come.
How the Watch Dogs Video Game Series Mirrored and Predicted Real-World Digital Rights Issues
When Ubisoft's Watch Dogs 2 was released in 2016, it was a headtrip for those of us working on digital-rights issues in the Bay Area. During the day, I'd fight tech-authoritarianism from EFF's San Francisco offices and then, at night, I'd fight tech-authoritarianism in an uncanny simulation of San Francisco from my home gaming console.
Watch Dogs 2 is an open-world video game that follows a hacktivist collective called Dedsec as they take on surveillance tech and discriminatory AI systems that are being controlled by tech bros, government contractors, and corrupt cops. The game's missions often felt like they were ripped from the pages of EFF's Deeplinks blog.
EFF’s mission is defending civil liberties in the digital world, and we do that with activists, technologists, and lawyers. If you've ever dreamt of joining Dedsec, you should definitely join us as a member.
Join the movement to Take Back CTRL.
In fact, we've even got the same merch aesthetic. I cosplayed as the lead character, Marcus, at Dragon Con, and no one even knew I was in costume.
Dave (left) as Marcus takes a selfie with a Wrench cosplayer at Dragon Con 2018.
To commemorate Watch Dog 2's 10th anniversary, I'll be speaking on a panel at San Diego Comic-Con reflecting on how the game predicted tech issues we're facing today. Organized by Mia Ginae of The Mighty Hostess and Black in Gaming, we've got voice actors Ruffin Prentiss lll and Shawn Baichoo, cinematic producer Timmy Fisher, and music producer Hudson Mohawke, who did the soundtrack, with Mia Ginae moderating. That's at 3:15 PM on Friday, July 24 in room 6BCF.
But not everyone can get to Comic-Con and I certainly have more to say that can fit in. So here are a few ways where Watch Dogs 2 mirrored our work back then and foresaw what we're facing today.
Check out our full San Diego Comic Schedule, including panels and a meet-up.
Insecure Surveillance CamerasOne of the signature gameplay elements of the Watch Dogs series is the ability for your character to hack into nearby security cameras from your phone and use that to gain a strategic advantage over hostile adversaries.
About a year before, that's exactly the issue that we were working on. EFF Technologist Cooper Quintin and I used the service Shodan to identify a slew of automated license plate readers (ALPRs) that Louisiana police had left unprotected on the internet. We found that the controls were open to anyone to manipulate and, just like in the game, you could watch the live video feeds.
We didn't use the data to acquire a skill point or collectible outfit. Instead, we forced police agencies to lock down their equipment and then used what we learned to persuade then Gov. Bobby Jindal to veto a bill that would have created a new statewide surveillance dragnet.
This issue still persists today. Most recently, security researchers Benn Jordan and Jon “GainSec” Gaines, and the award-winning journalists at 404 Media, uncovered how at least 60 pan-tilt-zoom cameras from the vendor Flock Safety were left exposed online.
Cell-Site SimulatorsIn Watch Dogs 2 there's a mission called "Stolen Signals," in which Marcus and his best friend Wrench are trying to locate "stingrays," police devices that gather nearby cell-phone data by masquerading as legit cellular towers. We call these "cell-site simulators" (CSSs) and they're are an extremely alarming mass surveillance technology that allows police to track individual users through their phone identifiers. We've long advocated that this should require a search warrant.
Like Dedsec, we also had initiated a project to do the exact same thing. And in true Dedsec fashion, we also gave it a pop-culture name: Crocodile Hunter, an homage to wildlife expert Steve Irwin, who had famously died after a stingray attack.
But while Marcus was running around Telegraph Hill, staff technologist Cooper Quintin and I were running around downtown San Francisco, testing out our own device for detecting suspicious cell phone towers during Salesforce's annual Dreamforce conference. And while we didn't find a CSS that day, we did find a mobile surveillance tower that a start-up had set up for the event.
Cooper Quintin, EFF's own 'Wrench,' testing out Crocodile Hunter at Dreamforce
Today, that project has evolved into Rayhunter, which allows anyone to use a cheap mobile hotspot to detect the type of cellular anomalies associated with CSSs. We're proud to say that now there's a whole international Dedsec-style network of researchers using this technology to look for surveillance at protests, at the border, and in metropolitan areas.
Security RobotsThroughout the game, Marcus encounters a number of autonomous pickle-shaped security robots wandering the city. At one point, Wrench reprograms one to become "Wrench Jr," a bona fide member of the Dedsec team.
In real life, these robots are made by a company called Knightscope, and EFF started shining light on them in 2020-2021, when they were first being deployed by companies and government agencies.
A Knightscope robot patrols a casino parking lot in Reno, Nevada.
Today, law enforcement is pursuing weaponized robots and drones, and EFF is at the forefront to stop this dystopian reality. In fact, in December 2022, we successfully fought for San Francisco to ban the police department from weaponizing drones. In 2024, New York Police Department also retired its subway robot.
A Citywide Surveillance "Operating System"In the Watch Dog series, one of the ominous developments is CTOS 2.0 (Central Operating System 2.0). Through this system, Blume, a government contractor, tries to collect a massive amount of data through citywide sensors and infrastructure, and to combine all that data into one unified—and totally insecure—analytics system.
At the time we'd only just begun to see this idea floated, with a limited number of cities trying tools like Palantir's Gotham to manage data.
Today, it is a frighteningly competitive market, particularly when it comes to law enforcement surveillance. For example, both Axon and Flock Safety are trying to offer products that integrate with every function of policing that sound like CTOs. In fact, Flock Safety product is literally titled, "Flock OS."
Fusus demonstrated at a police chief's conference.
Meanwhile, Axon's camera networking product, "Fusus," sounds like it came straight from the Watch Dogs' writers room. Fusus allows for central live-streaming of all types of surveillance cameras in a city, including body-worn cameras, which was another prediction from the Watch Dog series that came true.
EFF has been part of many local battles to reject Flock and Axon surveillance systems, and we've also advocated against recent efforts at the federal level to consolidate government data.
Join the Fight Against Authoritarian TechWatch Dogs 2's protagonists aren't just the merry band of core hackers: It's a distributed movement spread across the region and social media. The sequel, Watch Dogs Legion, is even designed so that every single person in the city of London is a potential playable Dedsec member, ready to take on tech tyranny with whatever skills they have.
That's also our philosophy: If you use tech, if you're affected by tech, this is your fight. And it's time to take back control.
There are a lot of ways to do this. You can become a member by donating. You can contact public officials through our Action Center. You can join the thousands of volunteers who are helping gather data on surveillance through our Atlas of Surveillance project. You can also hunt cell-site simulators with us—and help improve our code—through the Rayhunter project.
And just like Watch Dogs 2, this is a game we can win if we work together.
EFF and ARTICLE 19 Submission to the European Commission on the DSA Trusted Flagger Guidelines
EFF and ARTICLE 19 have submitted joint comments to the European Commission on draft guidelines for the Digital Services Act’s trusted flagger mechanism. Having long advocated for a DSA that protects freedom of expression while preserving intermediary liability protections and the prohibition on general monitoring, we welcome the Commission's effort to provide practical guidance on how the trusted flagger system should operate.
The DSA’s trusted flagger system can help platforms identify illegal content more efficiently. But if implemented poorly, it could also encourage over-removal of lawful speech, weaken due process, and give government authorities disproportionate influence over online expression.
We support the Commission's focus on good practices and illustrative examples, rather than legal interpretations that could inadvertently steer platforms toward particular enforcement outcomes—and argue that the guidelines should include stronger safeguards to protect freedom of expression, due process, and the impartiality of the trusted flagger system.
We also support the Commission's clarification that the DSA itself does not define "illegal content"; that determination must come from applicable national or EU law. Trusted flaggers submit prioritized notice, but platforms remain responsible for determining whether content is actually illegal. Platforms must therefore conduct careful, informed assessments and should not assume that a trusted flagger notice necessarily warrants restricting content.
Our submission highlights several areas where the guidelines could be strengthened:
- Cross-border assessments require caution. Platforms should not rely on a trusted flagger notice to assess legality across Member States, where national legal frameworks may differ.
- Systemic risks extend beyond content moderation. The DSA's systemic risk framework should not rely too heavily on individual moderation decisions, but should also consider broader platform design choices, including recommender systems.
- Law enforcement authorities should generally not be granted trusted flagger status. They already have statutory powers under Article 9 of the DSA, and combining those powers with trusted flagger status creates a risk that platforms may treat trusted flagger notices as de facto removal orders, undermining due process and the rule of law.
- Civil society organizations play an essential role. Civil society organizations help identify illegal content and report human rights abuses, but the guidelines should also recognize that these organizations may face retaliation for their work and should be protected from abusive campaigns that threaten their independence.
- Trusted flaggers should complement—not replace—existing partnerships. The new mechanism should not sideline existing trusted partnership programs, including collaborations with civil society organizations that do not or cannot hold trusted flagger status, especially those outside of the EU with valuable regional expertise.
Read the full submission here:
California Steps Back From Dangerous Expansion of its Age-Gating Law
The California legislature has stepped back from a plan that would have expanded its age-gating law, removing language that could have compounded serious threats to users’ speech, privacy and security just to browse the internet. A.B. 1856, authored by Assemblymember Buffy Wicks, will now move forward through the legislature without its most problematic pieces.
EFF still believes the underlying law that A.B. 1856 amends, A.B. 1043, is unconstitutional. Signed into law in 2025 (and effective January of 2027), A.B. 1043 requires all operating systems and app stores to collect users’ ages, place them in various age brackets and then block young people from lawful speech and services depending on their age. We also believe that even though A.B. 1043 does not require age verification, the liability it creates for operating systems and app stores—including fining operating systems up to $7,500 per affected child for violating the law—will push those services to verify users’ ages. In practice, that could lead to more ID checks, more biometric scanning, more invasive data collection and risk of breach, and more barriers to adults’ and young people’s lawful speech.
However, we appreciate that the Legislature has abandoned its plan to expand this problematic age-gating framework to browsers and websites. This would have significantly expanded this dangerous law before it even took effect. We thank the author and committee staff for recognizing these harms and not moving forward with this language.
On top of that, EFF is pleased that an earlier amendment to A.B 1856 reduced the threat to the open-source community by exempting open-source operating systems. Given these changes, EFF has removed its opposition to A.B. 1856. We appreciate the author for listening to concerns from advocates, developers and others about the effect it would have on open-source development and also around expanding this problematic framework.
To be clear, we still believe the law passed last year threatens online anonymity, privacy, and security. A.B. 1043 is one of a troubling wave of proposals that encourage—or, in some cases, outright require—age verification. Our position on this is clear: no one should have to provide or verify their age to access the internet. Once users’ personal data is collected, it can easily be leaked, hacked, or misused. No matter the method, every age verification system demands that people hand over their sensitive and immutable personal information to link their offline identity to their online activity. That’s a bad deal for us all.
Age-gating mandates are reshaping the internet in ways that are invasive, dangerous, and deeply unnecessary. But users are not powerless! We can challenge these laws, protect our digital rights, and build a safer digital world for all internet users, no matter their ages. This resource hub can help—so explore, share, and join us in the fight for a better internet.
Most Smart Watches, Rings, and Bands Lack Basic Transparency Reports and Key Privacy Features
Oura Rings, Garmin GPS fitness watches, Apple Watches, Whoop bands—every year, more and more tech devices are promising to monitor our health and fitness, guide us toward healthier living, and provide useful health metrics to take to our doctors. But few of these tools provide the sorts of privacy and security promises we demand from all technology, let alone tech that captures personal health data. It’s time they step up and start providing transparency reports and stronger encryption options.
Surveys suggest that around 40 percent of people in the United States own some sort of commercially available wearable health device. Despite being marketed as health devices, they have no special health-related privacy protections that one might hope for. The companies who make these devices can and do collect an abundance of data, and many of them share that data with third-parties for marketing or to influence insurance rates, or use it for their own purposes, like training artificial intelligence models.
Health data is increasingly an important part of law enforcement or government investigations. Wearable data has been critical in a number of cases, where information about heart rate and steps was used to determine the whereabouts of individuals. And the surveillance company Penlink calls fitness trackers and wearables an “overlooked source” for law enforcement since they tend to show movement patterns and changes in heart rates. Law enforcement can try to get access to this data through subpoenas or warrants.
There are many potential privacy issues with these sorts of devices, including whether the companies who make them share or sell information to third-parties. But here we are choosing to focus on two facets we’re concerned with around health data itself: 1) whether the company shares information with law enforcement and governments and 2) if they offer end-to-end encryption, which means the company itself can’t access that health data to begin with.
Reading through dozens of product review sites we narrowed our research in on ten companies that seem to make the majority of recommended consumer health products on the market:
- Amazfit
- Apple
- Coros
- Garmin
- Google (including Fitbit)
- Hume
- Oura
- Polar
- Suunto
- Whoop
We reviewed each company’s public facing policies, then emailed them to confirm those findings. Here’s what we found.
Transparency Reports Are Few and Far BetweenCompanies should provide transparency reports of how often they provide data to the government, including information about whether it’s an official demand or an unofficial request. We have been calling on tech companies to publish transparency reports for a long time, but the practice is still rare across the industry. That’s especially true with fitness gadgets.
Only two of the companies we surveyed, Apple and Google (which also owns Fitbit), currently publish transparency reports. Apple, Google, and Whoop promise to notify users of law enforcement requests in publicly available documentation.
Oura now does too, after an update to their privacy policy in June 2026 that was perhaps prompted by a series of requests from journalist Zack Whittaker. In that same update and in an email to us, Oura promises that it is “actively evaluating ways to provide greater visibility into how we handle these requests, like through a transparency report.” This is promising, and we hope the company agrees that transparency reports are the best option moving forward.
Any company that handles data that’s of interest to law enforcement and governments owes it to their users to publish transparency reports and, when legally possible, notify users when that data is requested.
Similarly, Suunto does not currently publish transparency reports, but in an email reply to our questions the company did express an openness to potentially doing so, stating, “We continuously evaluate our transparency practices and may publish additional information, such as a transparency report, in the future if we believe it would provide meaningful value for users and support our data protection efforts.” We hope they do, as these sorts of reports are a useful metric for all of us to better understand if and when our data can potentially be accessed by law enforcement.
We could not find instances where the other companies publicly state a policy around notification or transparency reports, and no others replied to our email questions.
Any company that handles data that’s of interest to law enforcement and governments owes it to their users to publish transparency reports and, when legally possible, notify users when that data is requested. This is especially true of personal health data, which can reveal our movements, and be used to infer details about what we’re doing at any given moment.
End-to-End Encrypted Data Is Far Too Rare of a FeatureEnd-to-end encryption is a method to ensure that your personal data is only accessible by you, and not the company who makes the device and manages the cloud storage. End-to-end encryption is usually used to refer to message encryption in communication apps, like Signal or WhatsApp, but can also refer to data storage. For example, many password managers use end-to-end encryption, and Ring implemented it for its cameras after we pushed for it. There’s no reason it can’t be offered for wearables too.
In the case of health data from wearable devices, it’s a way to store data in the cloud so that information can be synced and backed up between your device and an app on your phone in a way where only your devices can access it.
Support for end-to-end encryption is more rare than transparency reports.
The Apple Watch, at least with data that’s stored in the Health app, is the only popular fitness wearable that supports end-to-end encryption, and it’s enabled by default for all users (you are required to have two-factor authentication enabled as well, but that is also on by default for most accounts).
However, Apple Watch owners should remember that this protection is only for data stored in the Apple Health app. If you use other apps on your watch, or choose to share data with third-parties, like Strava, or if you’re sharing data with other wearables, like an Oura ring, that data is likely not end-to-end encrypted by the third-party company.
Support for end-to-end encryption is more rare than transparency reports.
And that’s it. Apple is the only one. No other popular consumer health wearable offers end-to-end encryption for the data it collects and stores online. Not Google. Not Garmin. Not Oura. Most of these companies instead offer encryption in transit and at rest, but this means those companies can still see and use your data. This is the industry standard, but it doesn’t have to be.
Another option would be more robust local-storage options. Some devices we looked at, like a handful of Garmin and Polar watches, can operate on the watch itself without syncing data to the cloud, but some models are limited in capability and cannot sync to an app without storing data online. More robust options for limiting the data to just the wearable and the phone app it's synced to would be a privacy improvement. For example, the Apple Watch has the option to disable iCloud sharing in Apple Health, which will keep the data only on your phone. It’s the only wearable we found that offers this feature without using a third-party app like Gadgetbridge or by physically connecting the wearable to a computer with a USB cable and transferring activity files over manually.
The general lack of local-only options or end-to-end encryption is a major privacy oversight, especially when you consider these devices collect heart rate, track sleep, and can log your location while also calculating a variety of health metrics supposedly intuiting everything from anxiety to your fitness “age.”
We understand that it’s technically more difficult to implement end-to-end encryption than other sorts of cloud storage, and comes with some limitations that may affect a user’s experience with a product. It also makes certain types of AI-related features harder to implement, since they’d typically need to work on-device (either in the app or the wearable device itself). Because of that, we believe an option for end-to-end encryption or local-only storage of the data collected by a wearable is the least companies can do. This way, those who want to use these devices can do so with the choice to either accept some privacy risks, or choose a more locked down option.
What’s NextIf you’re a user of a fitness wearable from any of the companies we’ve reached out to, or any other one, don’t be shy in asking for these sorts of features. In the rare cases a company offers a feature request page, use it—like for Garmin, Polar, Suunto, and Whoop. And when those types of outlets aren’t offered, don’t shy away from general contact pages, like those offered by Amazfit and Oura, or on community subreddits.
The companies that make these wearables, whether they’re designed for fitness or health, need to improve. At the bare minimum, companies need to publish transparency reports detailing how often they receive requests from law enforcement and commit to notifying users whenever that happens.
It’s also well past the time for more companies to offer end-to-end encryption for the health data they’re storing. We acknowledge that this may be a trade-off for some features, like social networking features, but it should be up to users to decide if they’re willing to make those trade-offs. This level of privacy is an appealing feature that benefits users in myriad ways and more companies can set themselves apart by committing to this level of privacy.
Health data is some of the most personal data we produce, and most wearables companies are behind the times when it comes to basic privacy practices and transparency. Now’s the time to improve those practices.
🚫 Don't Let Congress Age-Gate the Internet | EFFector 38.13
The effort to age gate the internet is back in Washington—and now it has a new name. Recently passed by the House of Representatives, the KIDS Act is a sprawling package of proposals to control what we can see and say online. Supporters claim the KIDS Act is needed to protect minors online. But if lawmakers really want to make the internet safer, why are they encouraging more surveillance instead of protecting our privacy? We dive into this question with our EFFector newsletter.
For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This issue covers a victory for location privacy in the Supreme Court, disturbing developments in the militarization of domestic drones, and a controversial Congressional bill to control what we can see and say online.
Prefer to listen in? EFFector is now available on all major podcast platforms. This time, we're chatting with EFF Senior Policy Analyst Joe Mullin on what would happen to the open internet if the KIDS Act becomes law. You can find the episode and subscribe on your podcast platform of choice:
%3Ciframe%20height%3D%22200px%22%20width%3D%22100%25%22%20frameborder%3D%22no%22%20scrolling%3D%22no%22%20seamless%3D%22%22%20src%3D%22https%3A%2F%2Fplayer.simplecast.com%2F4e65dc91-33af-4dd4-ae88-1c8626b39537%3Fdark%3Dfalse%22%20allow%3D%22autoplay%22%3E%3C%2Fiframe%3E
Privacy info.
This embed will serve content from simplecast.com
Want to protect your right to online anonymity and access to the open web? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight for privacy and free speech online when you support EFF today!
European Court: Apple Can Not Shirk Off its Interoperability Requirements
One of the best bulwarks against monopoly is interoperability—that is making a new product or service work with an existing product or service. Interoperability allows users, and not the manufacturers of their devices or largest player in a market, to decide what application best serves them. Unsurprisingly, companies like Apple have worked hard to resist interoperability requirements.
On July 8, the General Court of the European Union (General Court) ruled against Apple in several cases the company brought against the European Commission (joint cases), affirming the company’s obligations under the Digital Markets Act (DMA). Apple argued in the cases that it should be exempted from the law’s requirements especially with regards to interoperability on multiple grounds. We applaud the General Court’s decision, and congratulate the Free Software Foundation Europe (FSFE) as well as others who intervened in support of the Commission against Apple's attempt to shirk off its responsibilities, thus ensuring fair competition in European markets.
A Positive Development for EuropeansThis is a clear and substantive win for developers and users in Europe. The stranglehold Apple exerts over its ‘walled garden’ is injurious for developers, users, and researchers alike. By confirming Apple’s obligations under the DMA, the General Court has ensured that developers will be given more choice on where they can publish their apps, and users will have more options to obtain apps which, for whatever reason, Apple dislikes. And researchers will have less roadblocks and hurdles to overcome in their studies of Apple’s OSes, particularly iOS, iPadOS, and watchOS.
Apple argues that the interoperability requirements will force it to lower the security standards that have led Apple products’ users to trust their devices. While this self-serving logic is not entirely without merit, it is far from the inevitable outcome. Especially with regards to the App Store, users can be given clear, informed choice when leaving the Apple ecosystem to obtain apps elsewhere. While we urge European courts to take Apple’s security concerns seriously, we’ve previously noted that this should not be used as a smokescreen to protect anticompetitive behavior.
Interoperability and security are not inherently at odds. When interoperable functionality is worked into the security model of a platform from the ground-up, a proper balance can be struck between two forces that are often falsely framed as naturally conflicting. While Apple OS platforms have not been built this way from the get-go, it is still possible, but takes more time to get it right. Here, the devil is in the implementation details.
Apple’s Case Arguments and the Court’s RebuttalUnder the DMA, designation as a ‘gatekeeper’ is reserved for the biggest of Big Tech, companies that provide services deemed essential for businesses to reach end users. Apple is one of only seven companies that meet this designation, along with Alphabet, Amazon, Booking, ByteDance, Meta, and Microsoft. In its case, Apple argued that Article 6(7) of the DMA, specifying interoperability requirements for gatekeepers aimed at restoring fair competition, is unlawful in light of the Charter of Fundamental Rights of the European Union (specifically the right to property), and as such its designation as a gatekeeper subject to the requirements is unlawful and should be annulled as a result. In its ruling, the General Court rejected the argument as Article 6(7) does not form the legal basis of the designation.
Apple separately argues that the App Store fails to meet the requirements defining a core platform service (CPS), since the various stores (across iOS, iPadOS, watchOS, macOS) do not constitute a single platform. A company’s gatekeeper status relies on it providing a CPS that is an important gateway for business users to reach end users. Here, the implications of the argument are clear: remove service designation as CPSes, remove the gatekeeper status. The court rejected the argument on the basis that “irrespective of the device on which it was available, each of the App Stores was used for the same purpose, namely to intermediate between end users and business users in the distribution of applications and in-app digital content.”
Finally, the court rejected as inadmissible Apple’s argument that iMessage should not be classified as a number-independent interpersonal communication service (NIICS) constituting a CPS. This decision rested on the fact that the “classification does not, by itself, produce binding legal effects that bring about a change in Apple’s legal position” since iMessage was not listed as an “important gateway” in the designation decision and therefore was not subject to the DMA obligations.
In ruling against Apple in favor of the European Commission, the General Court has set an important precedent in ensuring competitive fairness and openness in the digital marketplace. The landmark effects of the DMA will serve to benefit all Europeans in the choice and freedom it affords them. Despite Big Tech’s legal challenges, these decisions build a strong foundation for a better digital future—a lesson which other regions should learn from and take note.
Don’t Repeat NY’s 3D Printing Blunder
This year the state of New York had the dubious honor of being the first to pass a controversial provision to mandate all 3D printers come with surveillance and censorship. That means not only is there a ticking clock to protect every artist, researcher, engineer, and hobbyist in the state, but there is a real risk of other states thoughtlessly following suit—prior to the New York rules even taking effect.
We, along with many other experts, already warned about this bill buried in the state’s crowded budget process. Hundreds of our supporters and 3D printing enthusiasts in New York reached out to their representatives hoping to kill this farcical bill. While there were some welcome amendments in response to the outcry, Albany passed it anyway.
It might be well-intentioned, but bills like these sell a fantasy that can only have an untold negative impact on the privacy, free expression, and consumer rights of anyone using these general purpose devices. Behind the banner of reducing gun violence, which is nearly always committed with commercial firearms, New York lawmakers have passed draconian legislation that will let manufacturers lock in users and collect their data.
Now that the bill has passed and been signed by Governor Hochul, let’s look at two important ways the final legislation changed since we last wrote about it, and why states like California shouldn’t make the same mistake.
Reduced Risk for Lawful File SharingThe New York bill includes language that criminalizes access to firearm print files, a proposal correctly dropped by states like Colorado due to First Amendment concerns. While this made it through to the passed legislation, a few wins were still gained.
Originally the legislation threatened felony charges for the storing and sharing of files, potentially impacting researchers, artists, and journalists with no intention of printing a firearm component. These charges were downgraded to a Class A misdemeanor.
Two provisions criminalized file sharing. The first of the two provisions criminalizing this file sharing, which pertains to the sale or distribution of files in the state, gained an important exception for when a sender has a reasonable belief that the recipient won’t illegally print these components. However the second provision, pertaining to criminalizing file possession, complicates this. Under 2.12 of the subpart, people who possess the file with intent to share the files do not clearly get this same reasonable belief exception.
In other words, if you share one of these files the actual sharing is covered by the exception, but the law makes it ambiguous whether possessing those same files is covered when you intend to share them.
While this exception could have created some breathing room for researchers and journalists operating in good faith, this slapdash bill language leaves plenty of ambiguity and potential speech-chilling effects. However, these changes do offer a modicum of harm reduction in this unconstitutional law.
Saving Face by Preserving Online SaleOriginally the bill had a strange requirement for all 3D printers and Computer Numerical Control, or CNC, machines to be sold and delivered face-to-face, with no exception. That would have meant a major barrier to access, particularly for people in agricultural and rural areas of the state who uniquely benefit from in-home fabrication and repair. It also would have meant a major inconvenience for businesses using these devices. For everyone though, it meant fewer retailers to choose from and facing more stigma for using these devices.
Fortunately this was dropped from the bill entirely.
Next Step: We Find Out What Was Actually PassedIn addition to being buried in the complicated legislative process of the NY budget and avoiding proper scrutiny, this bill also kicked the can down the road in determining what exactly is being mandated. In many respects, legislators passed a vibe. We’ll see how the actual law be developed over the next year by a working group with no mandated transparency to the public. Further, they have no obligation to ensure consumer safeguards in developing this state-mandated censorware.
We are still concerned by the possibility of a biased working group acting in the interest of manufacturers or facing pressure to accept consumer harms in the standards they produce. Our remaining hope is this working group convened by the Department of State and the state university system is composed of actual experts who are aware of how unfeasible and harmful this mandate is, and prevent it from being realized.
The Fight ContinuesNew York is the first to go down this path of state-mandated censorship and surveillance software on 3D printers, but it’s far from the only one to entertain it. It is now more urgent that we fiercely oppose this trend in other states, like California, as they attempt to join the bandwagon—before even seeing the real-world impacts.
Don’t Let California Repeat NY’s Mistake
We cannot allow this to be the foundation for future restrictions on speech and design, or serve as a playbook for the state and corporations to wrest control over our tools.
Sony Nerfs Videogame Ownership
Legal intern Suzanne Castillo co-authored this post.
Playstation’s decision to kill physical game discs is the latest attack on our diminishing rights to access and engage with culture digitally. Rent-seeking corporations and negligent lawmakers share the blame–and they can do better.
We’ve seen the same playbook used in the move to digital distribution of film, TV, and music: draw in customers with the convenience of a digital download, then limit physical access and move the goalpost on what it actually means to “own” a piece of media. The end goal is to turn the customer into a renter, stuck making regular subscription payments for access. Gamers are right to sound the alarm, and we must take this moment to fight for digital ownership before it’s too late.
Disk Space InvadersDepriving gamers of physical discs leads to another obvious and immediate cost: data. Unlike other digital media like film and TV, video games require a ton of storage. Access to high speed internet is still abysmal in the US, making the high-speeds needed for digital game downloads a luxury some of us may take for granted. For many, a modern game can take days and exceed their data caps.
This made physical discs, particularly for the biggest AAA titles, a logical choice that also largely spared gamers from losing traditional ownership rights. With physical disks, the cost of storing the game was included in the purchase.
Own or Be PwnedLimiting customers to digital copies also pushes gamers further into rent-only copyright culture.
Physical media comes with a "right of first sale," which means you can lawfully share, resell, alter, or destroy your own copy of a copyrighted work. This right has also helped protect the emergence of alternative community servers, and emulator addition of online play to games from the dial up era.
But courts have held that digital media doesn't carry the same right, meaning no such protection is afforded to digital purchases. Your ability to freely share games with friends or pass them on to family members becomes totally subject to the whims of the distributor.
So, for example, a digital-only approach effectively guts the second-hand market for games. Saving some money with a used game and recouping the costs by reselling are no longer an option. Even with steep discounts and holiday sales, this raises the minimum cost of engaging with the medium at all.
The inevitable conclusion of the move to digital-only purchases is to lock gamers into subscription models, making their access totally dependent on the distributor— or, several distributors, as we’ve seen with major TV and movie streamers. A handful of companies actually own the games, and your only option is to regularly pay for fractured libraries of games you may never play and will never truly own.
Achievement LockedSince digital games are easy to copy, distributors and publishers argue that they are in an arms race against piracy. The irony is that law-abiding customers consistently suffer collateral damage.
Most digital distributors lock down the content they offer with restrictive user agreements and digital rights management (DRM) software. DRM software, in particular, imposes onerous controls on the game — like forcing internet connection for single player games or modifications that harm performance — and can even introduce serious privacy and security concerns. Any gamer or researcher in the US who wants to reduce this burden by removing or modifying that DRM risks a lawsuit, thanks to Section 1201 of the Digital Millennium Copyright Act (DMCA). This federal law makes it illegal to alter DRM software, and is a beloved tool for companies trying to restrict how we can lawfully use our purchases — whether it’s a copy of the newest tractor simulator or a literal tractor.
And since much of this DRM is tied to user accounts, ownership of a game is also revocable and modifiable for any number of reasons outside of your control. Error in your subscription payment? Your account got hacked? Licensing deal falls through with a major publisher? Developers want to kill the game in an update? All of this can limit or change your ability to access the game long after your so-called “purchase.”
Level-up OwnershipPolicymakers can and should work to restore our ownership rights for the digital age.
That starts with legal protections ensuring that the same rights that apply to physical media apply to digital media. Next up? Reform Section 1201 of the DMCA to clarify that it does not forbid fair uses.
At the state level, we need meaningful consumer protections. Some promising models include California’s AB 1921, which would clarify what customers are actually paying for on digital storefronts and ensure some protections for maintaining discontinued games. The gaming industry has done its best to kill the bill, including claiming that private community servers are illegal.
If you bought it, you should own it, and EFF will continue working to mitigate some of the worst harms of the DMCA 1201, defending modders, and fighting deceptive licensing that makes culture less free.
Building Our Future Together
In my first weeks as Executive Director of EFF, I’ve been reminded every day how consequential this moment is in determining what kind of future we will have.
We are on the edge. What each one of us steps up to do – with our expertise, energy, and resources – will determine whether our future is one of openness, security, and fundamental rights, or one controlled through fear, surveillance, and centralized power.
I am proud to take the torch and help lead our EFF community forward at this pivotal time in history. And we need you in the fight.
Right now, we are celebrating an important U.S. Supreme Court win in Chatrie v. United States that reaffirmed our right to privacy in our location data and will help curb one flank of supercharged government surveillance. But in another case, the Court overturned 90 years of precedent limiting executive power and rubber-stamped the President’s firing of FTC Commissioner Rebecca Slaughter. The U.S. government also issued a chilling directive to Anthropic to prohibit the company from allowing foreign nationals to access its newest technology – then rescinded it two weeks later. And legislation limiting access to social media is advancing in many places around the world.
Each headline is different, but they tell one story: Many of the threats that once seemed hypothetical are now reality, and EFF’s work to ensure technology supports rights, justice, freedom, and innovation for all people has never been more critical. Governments and large corporations possess surveillance capabilities that were unimaginable just a few years ago. Ever greater concentrations of power are shaping speech, creativity, markets, and democratic institutions. Governments are increasingly seeking to control the internet and people’s ability to access information and communicate freely. Our community’s work is fundamental to the future of our countries, our livelihoods, and literally our lives.
I am also mindful that the United States marked its 250th anniversary last week and that this week is EFF’s 36th birthday. Anniversaries, like leadership changes, naturally invite reflection on where we are in history and challenge us to look ahead. What does it mean for a democracy, founded in an analog age, to survive in the digital world?
It is also an opportunity to ask how our EFF community can be even stronger, so we can help bring more people into the work of making sure technology serves everyone.
I began my career in public-interest work in Silicon Valley at the height of the 1990s dotcom boom, working at some of the earliest nonprofit “digital divide” programs that provided community access to computers and the internet, because I have always believed in the power of technology to create greater opportunity for all, not just profit for a few. I have dedicated my career to public interest technology because I am driven to see technology’s promise realized in my lifetime, and there is no other organization in the world that can do more to meet this moment and build a future where technology truly works for people than EFF.
These are perilous times. It is also a moment of extraordinary possibility. The future of AI has not been written and we can work together to get it right. We can make sure our laws reflect the needs of the modern digital age. We can build the technologies that empower rather than marginalize communities.
For me, the work starts with recognizing that digital rights are not a siloed policy issue. We must fight and win on the digital terrain to organize, speak freely, access healthcare, find work, receive an education, and participate fully in democracy. We can and must reject a false choice between innovation and civil liberties, and build power across movements to make sure technology truly works for people.
This challenge is what EFF was purpose-built to tackle. When EFF was founded in 1990, the World Wide Web did not yet exist, cell phones were the size of bricks, and EFF’s founders understood something remarkably prescient: Technology and civil liberties would become inseparable.
Now we all live digital lives, and the important digital rights issues that EFF has worked on since 1990 have become kitchen-table issues all around the world. EFF’s founders understood that how technology is built, developed, used, and controlled deeply intersects with rights, justice, freedom, and democracy.
EFF’s unique combination of world-class lawyers, activists, and public interest technologists pursue change simultaneously in the courts, legislatures, companies, and our communities, and pierce through false choices. This integrated, intersectional approach, grounded in deep legal, policy, and technical expertise, is a linchpin in fighting and winning against some of the most powerful forces in the world – both governments and trillion-dollar companies.
We defend people against unlawful government data collection and challenge license plate and face surveillance in our communities. We shape AI law and policy to protect civil liberties and support creativity and innovation. We push companies to strengthen encryption, fight to ensure you have the right to own what you buy, and build public interest technologies like Privacy Badger and Certbot that millions of people rely on every day.
This work matters because it all answers the same question: Will technology empower or control us?
As I look ahead, there are major battles on the horizon. We must:
- Challenge increasingly sophisticated government and corporate surveillance systems that endanger our rights, democracy, safety and security
- Preserve strong encryption and online anonymity
- Ensure AI is developed and used in ways that respect fundamental rights and works for those who build it, use it, and are affected by it
- Confront the concentrations of power that limit access to new creativity and defend the rights of developers to build and innovate
To meet these challenges, we must not only utilize the powerful levers of successful litigation, smart policy interventions, and effective public interest technology tools. We must also build a broader movement that recognizes that fights on the digital terrain are integral to all our fights for rights and justice – from civil rights and immigrants’ rights to reproductive rights, disability rights, LGBTQ+ rights, workers' rights, economic justice, and more. Together, our EFF community can help broaden the public conversation about technology's role in society and continue building the collective power necessary to shape the future rather than react to it.
I have hit the ground running, working with EFF’s exceptional staff and Board and starting to meet many of you in the broader EFF community. Every conversation has reinforced my confidence that our community is uniquely prepared for the work ahead. I’m looking forward to meeting more of you at my first EFFecting Change livestream on August 12 with Cory Doctorow, and hope this conversation is just the beginning of finding new ways to work together. Please stay tuned for additional in-person events with me around the country this fall.
As we celebrate EFF's birthday, I am energized by all the opportunities ahead for us to build on EFF’s strong foundation and make it even mightier. And we need you and others in the fight. Please renew your membership, become a recurring monthly supporter, and introduce someone new to EFF by snagging them a gift membership.
Everything we accomplish—every lawsuit, every policy victory, every public interest technology tool, every campaign—is possible because people like you are committed to ensuring technology strengthens freedom, privacy, creativity, and opportunity for everyone.
The future we want and need will be built by people and movements working together to ensure technology empowers rather than oppresses.
Let’s build that future together.
Automated Moderation Is Here to Stay—Accountability Must Keep Pace
This post is part 2 in a series about automated content moderation. Read the first post here.
When whistleblower Frances Haugen leaked a set of documents from Meta in 2020, among the revelations was a jarring statistic: The company’s algorithms designed to detect terrorist content incorrectly deleted nonviolent Arabic-language content 77 percent of the time, while failing to detect hate speech under the company’s own policies in many instances. Meta’s own transparency report released later that year demonstrated similar findings. Five years later, researchers in the region report that overzealous moderation remains a problem, while paths to remedy have all but collapsed.
Where these systems are faltering in Arabic, they’re positively failing in less-resourced languages. As a 2025 report from the Center for Democracy and Technology found, labeled datasets in certain languages and dialects such as Maghrebi Arabic and Kiswahili contain inconsistencies, bias, and inaccuracies due to the limited hiring of annotators who actually speak the languages as well as shifts in the languages themselves. An investigation into ChatGPT’s outputs in several low-resource languages demonstrates the depth of problem.
But language disparities are just one of several concerns as automated moderation becomes more widespread. From the systemic suppression of content from Palestine to the repeated misclassification of LGBTQ+ content as adult or explicit material, these varied examples demonstrate the risks of overreliance on automated moderation—and the need for stronger safeguards.
Transparency, Cultural Competence, AppealsAs we discussed in Part 1 of this series, automated systems can process content at a scale that humans never could, potentially enabling better moderation at scale and alleviating the psychological load on ill-paid moderators whose jobs require them to view incredibly disturbing content. But automated systems also reproduce existing biases, struggle to understand context, and often make mistakes that disproportionately affect journalists, activists, artists, and other vulnerable and marginalized communities.
As Rachel Griffin wrote in 2023, “Perfectly accurate moderation is not only technically out of reach but intrinsically impossible.” Despite those intrinsic flaws, there is a great deal companies, policymakers, and civil society can do to help ensure that highly-automated systems operate in ways that respect human rights, minimize predictable harms, and provide meaningful accountability when they fail. If companies are going to continue relying on automation to moderate users’ speech—and there is little reason to believe they won’t—then accountability must evolve alongside these technologies.
That evolution can start with committing to the Santa Clara Principles 2.0. These principles, first outlined in 2020 and re-launched in 2021 after substantial international input, reflect the needs and expectations of the global community and specifically address automation. The first Foundational Principle states:
Companies should ensure that human rights and due process considerations are integrated at all stages of the content moderation process, and should publish information outlining how this integration is made. Companies should only use automated processes to identify or remove content or suspend accounts, whether supplemented by human review or not, when there is sufficiently high confidence in the quality and accuracy of those processes. Companies should also provide users with clear and accessible methods of obtaining support in the event of content and account action.
Drawing on the Santa Clara Principles 2.0, international human rights standards, and years of research documenting the shortcomings of automated moderation, we propose eight recommendations for policymakers thinking about regulation and companies deploying AI-assisted content moderation systems.
- Automated technologies should help, not replace, human moderators. For example, automated systems can help flag and prioritize content for review, while humans can interpret context, handle sensitive cases, and refine system performance.
- Companies must be transparent about when and how automation is used in content decisions.
- Companies must regularly audit their automated systems for bias, with particular attention to low-resource languages, vulnerable and marginalized communities, and conflict zones.
- Users must have the ability to appeal, and to provide context when they believe human or automated moderation decisions have wrongfully removed their content. Appeals should be promptly evaluated and decided by human moderators.
- Companies should regularly assess the human rights impact of their moderation decisions, and issue public statements of the results
- If they rely on third-party vendors, companies should carefully (and regularly) audit those vendors for compliance with these same principles
- Lawmakers should avoid promoting and passing legislation that effectively or explicitly mandates automated moderation systems
- Policymakers should also refrain from attempting to dictate platforms technical and design choices to favor or disfavor particular expression.
These recommendations understand that automated content moderation isn’t just a technical problem for clever engineers and product teams to solve. Because content moderation shapes public discourse and fundamental rights, its design and oversight must respond to the concerns of policymakers, civil society, independent researchers, and the communities most affected by these systems.
This is the second post in a 2-part series on automated content moderation. Read the first post here.
The House Passed The KIDS Act—The Senate Should Reject It
Last week, the House voted on the KIDS Act, a disjointed package of legislation that seeks to control Americans’ web browsing and private messaging. The package combines a revised version of the Kids Online Safety Act (KOSA), with several other internet bills, study bills, reporting requirements, and new regulations. Different parts of the bill pressure online services to impose different age-gating schemes, using different standards. EFF opposed this bill, along with many of our members and supporters.
Tell Congress: no internet age-gates
The bill passed the House, 267-117. It now heads to the Senate, where its fate remains uncertain. But this fight is not over. Even if you took our earlier action to contact the House, we need you to reach out to your Senators today.
The KIDS Act Will Lead to Mandatory Age ChecksMany of the bills in the KIDS Act share the same premise: that children and teenagers should have different experiences online than adults. In practice, that requires websites and apps to determine who is under 18—and who isn’t. That’s where the problems with the KIDS Act start.
EFF certainly supports giving all users better privacy and safety tools online. But those protections should not, and do not need to, come at the expense of privacy or free expression. Unfortunately, that’s exactly the tradeoff the KIDS Act makes.
There is no way to determine a user’s age online that is both privacy protective and accurate. Some age verification processes may rely on collecting government-issued ID, while others may use biometric scans. Others will use algorithms to guess a user’s age based on facial images or online behavior. But no matter the method, every system demands users hand over sensitive personal information that links their offline identity to their online activity. And then, once that valuable data is collected, it can be leaked, hacked, or misused. In fact, we’ve already seen several breaches of age verification providers.
The Bill Still Regulates Online SpeechThe revised KOSA language within the KIDS Act still pressures companies to police lawful speech online. Platforms must “establish, implement, maintain, and enforce” policies that address content like gambling or the use of alcohol or cannabis. This encourages platforms to broadly restrict speech on these topics, which could include a teen seeking advice on a parent’s gambling problem or searching for substance abuse recovery resources. When platforms are required to create and enforce content moderation policies that regulators can sue them over, they will often err on the side of deleting speech.
Protect Privacy For EveryoneThere is a better way to protect young people online. Instead of encouraging a complicated system of age checks, more monitoring, and more restrictions on access to information, Congress could finally pass a strong, comprehensive privacy law that benefits all users. A great place to start would be to ban behavioral advertising that tracks us across the web—again, for users of all ages.
We urge the Senate to oppose the KIDS Act and instead focus on a strong, bipartisan privacy package for all users.
European Commission Chooses to Keep EU Users Locked Up Behind Big Tech’s Gates
Users are always seeking more control over their social networking experience to make it better, whether to improve privacy or enhance flexibility. Interoperability between social networking platforms like Facebook and TikTok has so many benefits that solve those issues.
Say you’re on multiple platforms because you have friends you follow on different networks, but you’ve decided to choose one platform with better privacy practices. With interoperability, you could switch and still interact with friends who remain on larger platforms. It could also enable independent apps with better privacy controls and more user choice. These are the untapped possibilities that could benefit users in the European Union under the 2022 Digital Markets Act (DMA).
Yet, the European Commission, in its first review of the DMA, announced in April it had decided not to extend the DMA’s interoperability mandate to social networking and didn’t give a deadline or a timeline for enforcing that part of the Act. The Commission said “there is no clear demand” from users and businesses for social networking interoperability and, in any case, it’s too technically complex at the moment. Meanwhile, the Big Tech platforms that have been slow-walking interoperability over the last two years, erecting a myriad of hurdles for users seeking more freedom to choose other platforms, get a pass.
This is a huge disappointment and a missed opportunity by the Commission. Interoperability dismantles one of the biggest barriers faced by users who want to leave the tech giants’ platforms: the choice between changing to a platform you prefer or staying behind on a platform where all your friends, communities, and customers are.
The DMA, which went into force in 2024, aims to foster more choices for European Union users and encourage competition and innovation by forcing so-called gatekeeper platforms like Meta, Apple, and Google, to open their ecosystems to competitors. The regulation does a great deal to foster the integration of competing services and devices with the ecosystems of very large online platforms that act as gatekeepers. It even requires interoperability for messaging services, despite the significant technical and privacy challenges involved.
So, it’s odd that the Commission is using complexity as a shield against taking on social networking interoperability. The internet already runs on complex interoperable systems. Approaches like ActivityPub, the decentralized networking protocol behind the “Fediverse,” which gave rise to decentralized networks like Mastodon, already exist. The DMA shouldn’t mandate a specific protocol, but it can require meaningful interoperability outcomes.
The argument that there’s no real demand for social networking interoperability also falls flat. Users want the ability to move across platforms, choose the content they’d like to see from platforms, and not be tied down to a single platform. But there’s no way to get there—the platforms are doing little to open their social networking ecosystems. And now you have the DMA’s enforcer saying it’s not going to make them change. Demand for alternatives won’t materialize at scale until users see real progress towards interoperability, something the Commission has the power to do.
Having decided there’s little demand and too much complexity to proceed with mandating social networking interoperability, the Commission said it “will continue to monitor and assess how these services evolve.” This wait-and-see-posture only hurts users and strengthens and further entrenches Big Tech incumbents.
The DMA is supposed to center on the rights of technology users and be the pathway to an internet experience where you decide which software runs on your devices, where it’s easy to find the best products and services, and where you can leave a platform for a better one without forfeiting your social relationships.
Meanwhile, Big Tech is also resisting the DMA’s openness requirements. For example, Apple is supposed to be opening up iOS devices to rival app stores. Yet, the smartphone giant’s plan for opening its App Store levies junk fees and onerous conditions on app makers and is effectively impossible for any competitor to use.
It’s not just Apple pushing back against DMA enforcement. Meta's response is a “pay for privacy “system, in which users who do not consent to Meta’s surveillance will have to pay to use the service, or be blocked from it. Whether their plan complies with the DMA remains under review.
Nowhere in the DMA does it say social networking companies get to install a toll booth for users seeking to benefit from privacy rights the regulation grants them. The future EU Digital Fairness Act is another opportunity to protect users from such practices by declaring them unfair.
The Commission has responded to these developments with investigations, preliminary rulings, and fines. Meanwhile, users are missing out on greater choice and flexibility in how they communicate and connect online.
Google's new remote attestation scheme is every bit as terrible as its old remote attestation scheme
Google owes its existence to the open web, but today, its technological “innovations” have much to do with locking users into a “walled garden.” The latest of these is “reCAPTCHA Mobile Verification,” an experimental initiative that will let companies block users if they are running independent, "de-googled" versions of Android. These “indie Android” versions are favored by people who want to protect their privacy and their attention by blocking trackers and ads. Worse, this is just the latest in a line of similarly user-hostile measures.
Long before “agentic AI,” we had the idea that software would act as your agent on the internet. That's why the old-fashioned technical term for a browser is a “user agent.” Your browser acts on your behalf to retrieve information and then show it to you, in the format you choose. It's your agent.
This is a powerful and profound idea. It is because browsers are our “agents” that we expect them to accept our directives, say, by blocking pop-ups, or by turning off autoplay sound, or by blocking commercial surveillance trackers.
Your browser does all that because your browser works for you. The reason your browser can work for you is that the web is an open, standardized technology. In theory, anyone who follows the standards published by the World Wide Web Consortium (W3C) can make a browser, and that web browser can connect to any web server. Browsers and servers are interoperable. It's the same force that means you can put anyone's gas in your gas-tank, or anyone's shoelaces in your shoes, or anyone's milk on your cereal.
But what if manufacturers could dictate those choices to you? What if your light socket refused to use a lightbulb unless it was officially blessed by the socket's manufacturer? What if your dishwasher refused to wash your dishes unless you bought them from one of the manufacturer's “dish partners?” What if your toaster refused to toast “unauthorized bread?”
It's hard to see how a company could win its market with this strategy. After all, if the dishes are really better than the competition's, you'd buy them voluntarily, without any need for law or technology to force the matter. The only reason to make a dishwasher that refuses a rival's dishes is if the manufacturer's own dishes are ugly, expensive, and/or badly made.
But once a company owns the market—once they've achieved dominance by buying out their rivals; by bribing potential competitors to stay out of their lane; and by engaging in deceptive conduct to trap key suppliers and customers—they can cement their dominance by blocking interoperability, keeping out rival dishes, milk, gas, lightbulbs, shoelaces and bread, capturing their whole market and squeezing it.
That's what Google has done, and that's what Google wants to do more of Google's commercial behavior has been so unethical, deceptive and abusive that the company just lost three federal antitrust cases. This thrice-convicted monopolist paid Apple—more than $20b/year— to stay out of the search market: It cheated app vendors, ripping them off with sky-high junk fees and onerous conditions that raised prices while lowering the share of your spending that went to the companies whose products you were paying for. It cheated advertisers, rigging the ad market to gouge businesses on ad prices and underinvesting to fight rampant ad-fraud, sucking hundreds of billions out of the productive economy for overpriced ads that no one saw.
Google wasn't always this way. The “don't be evil” company owes its very existence to the open web ecosystem. When the company started to index the web in 1998, it was playing on an open field, where any web server could talk to any “user agent,” even one whose user was a startup like Google, that was making a copy of every page on the server.
For years, Google thrived on the open web, and built open technologies. Android—the mobile operating system that Google bought in 2005 —was presented as an “open” alternative to existing mobile offerings, and as the mobile market collapsed into two companies—Google and Apple—Google always presented Android as the open alternative to Apple's “walled garden.” But there were always ways in which Google's “open” Android wasn't exactly open. The company engaged in illegal “tying” arrangements that forced hardware vendors and carriers to lock out versions of Android that were created by Google's competitors.
In other words, even though Google offered a mobile platform that was (mostly) technically open, it found other ways to try to choke off the market oxygen for alternative Android versions that tried to capitalize on that technical openness.
But life finds a way. The existence of an open, modifiable, tinkerer-friendly mobile operating system meant Android hackers could create alternatives to Google's (de facto) walled garden, which thrived in the cracks in that garden wall. Operating systems like CalyxOS, PureOS and Graphene offered a more private, more secure Android experience, one that was largely “de-Googled,” blocking Google's relentless acquisition of your private data.
And Google's data-hunger is relentless. Android exfiltrates a chunk of your personal and behavioral data every five minutes. The “resting heartbeat” of Android surveillance pulses and pulses, irrespective of whether you're using your device, and the instant you unlock your screen, that heartbeat quickens, sending even more data to the company. All that data has proven irresistible to authoritarian governments. Donald Trump's enforcers have seized on Google data as a vital source of information about the identity of protesters and the location of migrants hunted by ICE.
So there are plenty of reasons why users would seek out these de-Googled alternatives to Android, finding them in spite of Google's efforts to block access to competing technologies. The worse it got, the better those alternatives looked.
Perhaps this explains Google's years-long effort to increase the technical barriers to using modified versions of Android, beefing these up to match the commercial restrictions that stand in the way of a de-Googled existence.
Back in 2023, Google floated the idea of “Web Environment Integrity” (WEI), a set of modifications to web standards that would force your computer to disclose its operating environment to the web servers it connected to, even if you objected to this disclosure.
WEI was a form of “remote attestation.” That's when your device uses a sub-processor (sometimes called a “Technical Protection Module” or “TPM”) or a walled off part of its main processor (sometimes called a “secure enclave”) to produce a cryptographically signed description of your device and its configuration: which hardware, software, plug-ins, and settings you're running.
When you connect to a server, it demands that your device send this “attestation” before it handles your request. If your device won't provide this data, or if the server doesn't like (or recognize) your device and its details, it can refuse to deal with you. And because the attestation is prepared by a TPM or a secure enclave that you can't modify or override, you don't get to decide which facts about your device it's allowed to see.
Practically speaking, this means that remote attestation lets a server refuse to deal with you until you turn off your ad-blocker and your tracker-blocker. It means that the server can discriminate against users who block auto-play sound and video, who block pop-ups, who put the tab in the background when it's playing a mandatory pre-roll ad.
WEI was especially disturbing in light of Google's plan to kill ad-blockers and privacy blockers through updates to Chrome, an effort that continues to this day.
These blockers are an important part of the dynamic between web publishers and their users. In the real world, when you get an offer, you can make a counter-offer. That's all an ad-blocker is: a way for users to respond to a server whose opening bid is, “How about you give me all your data and let me take over your computer in exchange for showing you this page?” with “How about 'Nah?'”
We didn't get rid of pop-up ads by making them illegal, or by boycotting advertisers who used them. We got rid of pop-up ads when web users installed pop-up blockers, which made pop-up ads pointless. Take away our ability to block obnoxious digital content and you guarantee that we will be flooded with it.
These kinds of modifications aren't just used to block ads—they're also key to accessibility. People who have photosensitive epilepsy or suffer from low-contrast vision problems use add-ons to reformat pages so they can safely and legibly access them.
WEI's creators said they were only trying to put the web on a level playing field with apps, which routinely disclose facts about your device to the companies whose servers you connect to, without asking you, and even if you don’t want them to. Apps are a source of bottomless enshittification, not least because (unlike the web), they enjoy special, dangerous legal protections that make it very legally risky to modify them. WEI wasn't an effort to level the playing field between apps and the web—it was a race to the bottom, an attempt to make the web as enshittification-friendly as apps.
Public outrage to WEI killed the project, but Google's commitment to augmenting its illegal commercial lockdown efforts with technical lockdowns never ended. Now, Google has rolled out an experimental “reCAPTCHA Mobile Verification” that uses an app, your camera, and your device's TPM or secure enclave to produce an attestation about your Android device.
This will make it much easier for the apps and other services you interact with to block your device if you run an Android alternative, or if you install a mod that overrides the actions of Google's stock Android.
This is a terrible idea—it's every bit as bad as WEI was. In an age in which Big Tech is ever-more tied to authoritarian governments, redesigning our devices to tell strangers things we don't want them to know isn't just shortsighted, it's inexcusable.
"We Want Texans to Know Their Rights": Q&A with Mayday Health on the Impact of Surveillance on Abortion Care
Last May, EFF reported that a sheriff’s office in Texas searched data from more than 83,000 automated license plate reader (ALPR) cameras to track down a woman suspected of self-managing an abortion. ALPRs are promoted as tools for keeping communities safe by finding missing persons and locating stolen vehicles, but this case showed how ALPRS can be weaponized to investigate people’s private healthcare decisions. And these aren’t the only tools in the surveillance arsenal: others include location tracking tools like Locate X, which can show a person’s visit to an abortion clinic, or search histories which might be used as evidence of a person’s interest in obtaining abortion pills. Taken together, these tools create a dangerous surveillance pipeline that threatens everyone’s health privacy.
Too often, though, the public is unaware of the threat, and one nonprofit is working to change that. Following EFF and 404 Media’s report on Texas’s use of Flock cameras, eye-catching billboards popped up in Houston, warning drivers that if they’re pregnant, the state of Texas could be tracking them.
Photo provided by Mayday Health
These billboards came from Mayday Health, a nonprofit dedicated to sharing information about abortion pills, birth control, and gender-affirming care. We spoke with Leo Raisner, Executive Director of Mayday Health, about the billboards to learn more about the campaign and organization and to discuss how surveillance affects reproductive freedom.
***
THOMAS: Why did Mayday Health start this campaign in Texas?
RAISNER: Well, we read the incredible reporting coming from EFF about Texas's surveillance. We want Texans to know their rights, to know their options, and to know that there are organizations and people who have their back. So we decided to put up a few billboards around the Houston area to remind people that they still have options.
Digital advertising in the space, as I know you're well aware of, faces enormous platform restrictions from Meta and Google, whereas billboards reach people in the physical world without algorithmic gatekeeping and without requiring anyone to search for information. So at the very least, if a driver's passing by the billboard, we’re spreading information that they should be careful that they might be surveilled, and also there are different options. There's a website where they can come learn more about those options.
THOMAS: And how have the billboards been received so far? Have you heard anything from folks in the Houston area yet?
RAISNER: Yeah, we've heard some messages of support on social media DMs. We're just thrilled about how many drivers these messages are going to reach. They'll be up for 4 weeks, and are expected to hit over 1,000,000 drivers during that 4-week campaign period.
THOMAS: Are there other ways that Mayday Health has seen surveillance systems impact people seeking healthcare?
RAISNER: You know, we go all over the country and talk to folks who are seeking reproductive healthcare options in states where clinics are banned, and we direct folks to our website where they can learn more about abortion pills. We make privacy very central to how we operate. Privacy is not just an afterthought for us. When people arrive at our website, we direct them to the Digital Defense Fund, which offers people privacy and security resources as they're navigating reproductive healthcare in states where they might be being surveilled. We don't collect cookies, we don't collect identifying information from visitors to our site. We want people to know their options, and we don't have any interest in knowing who they are.
THOMAS: Why do you think the work of the digital rights movement is so important to the work of the reproductive health rights and justice movement?
RAISNER: I mean, those two movements are inextricably linked. The anti-abortion movement is using every tool in their toolbox to prevent people from getting the healthcare access they need, whether that's surveilling people online or closing down brick-and-mortar clinics, but we encourage people to visit Mayday Health and learn that they still have options no matter where they live.
THOMAS: Is there anything else that you would like the readers of our blog to know about Mayday Health?
RAISNER: I'd love for people to know that abortion pills are FDA approved. They're safe, they're effective, and they're available through the mail.
***
EFF has said it time and time again – surveillance and reproductive freedom cannot coexist. Whether the tracking occurs over the internet or through license plate reader systems with over 83,000 cameras, it is an invasion of privacy. Protecting our digital privacy is more critical now than ever. Help EFF fight back against this digital dragnet and protect reproductive freedom for all by making a donation.
Automated Moderation Is Here to Stay
This blog post is part 1 of a 2-part series. The second part will set out recommendations for companies and policymakers.
Six years ago—one month into a global pandemic—we argued that the automated moderation processes many platforms were rapidly adopting should be highly transparent, easily appealable, and temporary. We warned that "protocols adopted in times of crisis often persist when the crisis is over."
That warning proved prescient. The use of automation and artificial intelligence (AI) to identify, flag, and moderate content has become the new norm—a permanent feature of how platforms govern speech online. In this two part series, we’re take stock of this new norm, and considering what platforms can and should do to ensure that AI serves online expression rather than stifling it.
A brief history of automated content moderationFrom spam filtering and keyword blacklists to the hash-matching technologies used to identify child sexual abuse material and terrorist content, automated technologies have been used in commercial content moderation for many years. While these tools have long posed risks to freedom of expression, their use was, for quite some time, relatively limited in scope.
Then, in 2017, a blog post published by Facebook (now Meta) described the company's "fairly recent" use of artificial intelligence to identify, classify, and remove violent extremist content. At the same time, Facebook emphasized caution, noting that it did not want to suggest there was "any easy technical fix."
Just one year later, Mark Zuckerberg appeared before the U.S. Senate's Commerce and Judiciary Committees and disclosed that "99 percent of the ISIS and Al Qaida content" removed by Facebook was flagged by AI "before any human sees it." He also stated that Facebook was "developing A.I. tools that can identify certain classes of bad activity proactively and flag it for our team at Facebook." At the time, we raised concerns about the ethical implications of using AI in this manner.
Then came 2020. The sudden reduction of the human moderation workforce, combined with a dramatic increase in social media use—and with it, a surge in misinformation—created the perfect conditions for platforms to expand their reliance on AI-driven moderation. It quickly became apparent that companies'—and particularly Meta's—approach to moderation during the pandemic represented a backslide in transparency, freedom of expression, and access to remedy. The increased reliance on automation was a significant factor.
The costs and benefits of AI content moderationWe knew in 2020 that the use of AI to moderate content would present problems for online freedom of expression. Today, those problems are well-documented. A 2025 joint declaration by special rapporteurs and representatives of the United Nations (UN), Organization for Security and Co-operation in Europe (OSCE), Organization of American States (OAS), and African Commission on Human and Peoples’ Rights (ACHPR) states:
“The use of AI content moderation can lead to over-removal, discrimination and censorship. Reliance on inherently biased datasets and opaque training processes can amplify pre-existing inequalities, risking homogenisation of expression, and erasure of linguistic and cultural diversity.”
EFF and many of our allies have documented these impacts. For example, our 2019 paper co-authored with Witness and Syrian Archive examined the impact of extremist content regulations—and their implementation through automation and AI—on human rights documentation. A 2020 report from Human Rights Watch highlighted the consequences of these removals, noting: "There is no way of knowing how much potential evidence of serious crimes is disappearing without anyone's knowledge."
The Center for Democracy and Technology's recent series on content moderation in the Global South demonstrates persistent inequities in content moderation of four “low-resource” languages—so-called because the relative scarcity of training data makes it more difficult to develop equitable and accurate AI models for them.
Content moderation often disproportionately impacts vulnerable and historically marginalized groups, and AI content moderation is no different. GLAAD recognizes the role AI plays in scaling content moderation but notes that “when moderation systems lack nuance, transparency, and human oversight, they can fail to curb harassment and wrongly suppress legitimate LGBTQ content.”
These failures are not incidental. They are a predictable consequence of deploying automated systems to make complex judgments about language, culture, context, and identity at scale.
All of that said, automated content moderation can offer important benefits. The primary one: helping to spare human content moderators who must review content that varies from whimsical to horrific, often for little pay and with devastating mental health consequences. Outsourcing this work to the bots can offer some relief—though it’s worth noting that the humans hired to train the AI models face a similar dynamic.
In addition, AI models could potentially be trained over time to be more precise, accurate, and dynamic, helping to mitigate over-censorship and disinformation. The jury is still out on whether this potential will be realized; what we do know is that new approaches to the persistent problem of over and under-enforcement are desperately needed.
Automated moderation is no longer an experimentGetting the balance between real costs and potential benefits depends a lot on the details: how automated systems are designed, trained, implemented, and audited.
Despite advances in the sophistication and scale of automated moderation systems, many of the transparency, accountability, and due process safeguards advocated by civil society, researchers, and human rights experts have yet to be fully realized. At the same time, automated systems have become increasingly central to how platforms enforce their rules and govern online speech.
The question today is not whether companies will use AI to moderate content, but under what conditions they should do so. And now as ever, the answer is not that the public should just trust that platforms’ deployment of increasingly powerful systems will serve, rather than inhibit online expression. In fact, as automated systems become more sophisticated and more deeply embedded in platform governance, the need for transparency and accountability becomes more urgent.
Help EFF Cut the AI Hype
In the global race to build and dominate the AI industry, it can sure seem like the interests of ordinary people sit last on the agenda. It's just the opposite for EFF. While companies furiously jam AI tools into their veins and your eyeballs, EFF’s technologists, activists, and attorneys have been meticulously cutting through the hype to ensure AI can serve your privacy and free expression. Technology has leaned into a new era, and this summer you can help EFF fight for the people.
Over the next two weeks, we’re encouraging you to support the cause as an EFF member for as little as $10 each month. You can get great member swag every year like our privacy puffy stickers, Claw Back t-shirt, and Privacy Badger Crewneck.
Fight mass surveillance! Pictured: Claw Back member t-shirt and Privacy Badger Crewneck.
AI tools—beyond their marketing fluff—demonstrate both incredible potential and real danger. With the support of members around the world, EFF detangles the possibilities from the anxieties and threats with the care and nuance it deserves. In recent months, EFF:
- Mobilized people against the GUARD Act, which would require problematic age verifications systems for AI companions.
- Joined civil society partners to call out a General Services Administration proposal that would make AI tools less safe and less useful.
- Sued for answers under the Freedom of Information Act to uncover how the government is using AI to evaluate requests for medical care.
- Testified before the U.S. Congress Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
The scope of AI, both the good and the bad, multiplies every day. If we want the AI-powered benefits of efficiency, scientific discovery, and greater accessibility to knowledge, then we also need strong protections against surveillance, harms to creativity and innovation online, perpetuating systemic bias, and privacy violations now.
With AI taking over the public consciousness, you can be assured that EFF will never stop advocating for you. Together, we can ensure that technology supports freedom, justice, and innovation for all people.
____________________
EFF is a member-supported U.S. 501(c)(3) organization. We've received top ratings from the nonprofit watchdog Charity Navigator since 2013! Your donation is tax-deductible as allowed by law.
LGBT Q&A: How Can I Wipe Online Data That Points To My Queer Identity?
This Pride, we’re answering all your digital rights questions in season two of our initiative, LGBT Q&A.
You Asked: Is there a way for me to wipe data about me online that could point to my queer identity?
EFF’s Answer: You cannot protect everything all the time, but there are ways to wipe information about yourself online.
Most information available about you online will typically be found in two places:
- The site where you voluntarily posted the data, such as your pictures and videos on social media, comments in user reviews and forums, and even classified postings for items you’ve sold.
- A data broker. These companies collect personal information, repackage it, and sell it to the highest bidders. This information often includes your address, phone number, details about your family members, and more.
So you might not want this information out there, especially if it points to your queer identity.
The best time to take steps to protect yourself is before anything bad happens, because once this information is in the hands of bad actors you have fewer options.
To see what information people might find about you online, you can look for it for yourself. This is as simple as opening up a search engine and entering your name, nickname, handle, avatar and seeing what comes up. It can also be worth searching for your address, phone number, and email addresses to check what's out there.
Do this in a private browsing window or a separate browser than the one you normally use to ensure you’re not logged into any accounts that might skew the results, like a Google account.
It’s also best to try to make a lot of your information hard to find in the first place—and we’ve got you covered on how to do this.
- Establish a strong security baseline: use unique passwords (a password manager helps simplify this) and set up two-factor authentication for your online accounts to add an extra layer of protection when logging into your accounts.
- Add our install-and-forget tracker blocking tool, Privacy Badger, which lets you browse in peace and stops the sorts of web trackers that compile information about your habits for advertising purposes and for data brokers.
- Remove your advertising ID on your phone to help prevent some tracking there, too (directions for Android or iPhone). This way less information about you is available for purchase, making it harder for corporations to profit from your online activities.
- Ask data brokers to delete your personal data. You might spend the time doing it yourself. If you’re in California, you can use the Privacy Protection Agency’s tool for this. You also might use professional services like EasyOptOuts and Optery to help minimize the information available about you online from data brokers and similar sources.
- You can remove yourself from Google results by heading to the “Results about you” page, then entering your information. Once set up, you’ll get notifications if some new types of information about you appear in Google Search. Just remember that this will not remove the information from the internet, it just won’t show up in Google’s search.
You also should consider auditing your digital footprint on public-facing social media and forums. Different people have different tolerance for risk when it comes to announcing who we are and what we are doing in these online spaces. You can make a list of every social media or forum account you’ve had over the years, and review the public-facing content about you, including your name, contact information like email addresses or phone numbers, and pictures that might show your home or workplace. You can also review the account settings to ensure you’re comfortable with the privacy options and that you’ve got strong login credentials.
For more in depth advice check out our Surveillance Self Defense guide on managing your digital footprint.
EFF and Allies: X’s FTC Petition to Waive Privacy Violation Order Should be Rejected
X Corp. should not be able to escape privacy compliance because it changed its name.
On May 15, X Corp. filed a petition before the Federal Trade Commission (FTC) to set aside or modify an order issued in 2022 requiring the company to report regularly to the FTC for its violations of user data. The order or “consent decree” is a result of misleading the platforms’ 140 million users by using private information given to secure accounts, like phone numbers and email addresses, for targeted advertising. It also fined the company $150 million for the infraction. As part of an open comments period, EFF and allies including Demand Progress Education Fund (DPEF), National Consumers League (NCL) and Electronic Privacy Information Center (EPIC) call on the FTC to reject this petition.
The 2022 order was a renewal of an order stemming from a previous violation. Back in 2011, Twitter (now X) reached a settlement with the FTC after the regulator found Twitter had failed to secure users’ personal information, resulting in exposure of that data to hackers. The settlement banned the company from misrepresenting its data protection measures, required it to set up safeguards on user data, and regularly report its security posture for twenty years. The renewal updated the expiration of X’s obligations to 2042, but if the FTC accepts X's petition, it would end much sooner.
In arguing to set aside the order, X remarks that since the order in 2011 it has “built an entirely new privacy and information security program staffed by new personnel operating under new leadership with a … philosophy grounded on the importance of privacy and information security.”
These sweeping assurances that corporate restructuring led to a fundamental change in X’s policy and practices around user data should be met with a healthy dose of skepticism, given evidence to the contrary. For example, the company’s quiet rollout integrated its AI model Grok with the platform in 2024, trained (without meaningful consent) on X user data. The company was also subject to a massive data breach in 2025. Even if a rotation of leadership led to prioritizing privacy and information security, our letter highlights that this would not be sufficient grounds to remove the order, “because the FTC orders bind the corporate entity. Those obligations do not dissolve when the employees who negotiated or administered it depart.”
X argues that its entry into the AI space should be reason not to continue the oversight, claiming that “terminating the Order is critical to advancing American leadership in artificial intelligence.” Here again, broad-stroke claims that the guardrails in place “[diverts] engineering resources from innovation to compliance paperwork” ignores the dangers that AI introduces to user data. Far from being a reason to waive the order, clever attacks on models trained on user data has the ability to supercharge the types of secondary use violations that led to the 2022 order renewal. After all, an entire art has been developed around engineering LLM prompts to reveal the data a model was originally trained on.
Our response to X’s petition debunks many claims the company uses in its arguments. For example, there’s little evidence the order placed an undue financial burden on X. In our letter, we note that the compliance cost is merely “a rounding error against the $200 billion valuation of X Corp. following the xAI merger.”
Strong safeguards on our information require eagle-eyed oversight when that data is abused and misused for profiteering ventures. X’s actions not only showed us this in the past, but continue to do so in the present day. We and our civil society partners urge the FTC to take the clear, sensible path and reject X’s petition.
