On Our Radar 🎯

Australia’s Social Media Experiment: 5 Million Accounts Down, Questions Rising

It’s been one month since Australia implemented the world’s first social media ban for under-16s. The government announced that nearly five million teen accounts have been deactivated or removed from platforms like Instagram, Facebook, Snapchat, and Reddit.

The devil’s in the implementation details, and they aren't encouraging. The government released only the total account removal number, no breakdown by platform, no data on how many teens successfully bypassed the restrictions, no clarity on what “removed access” actually means in practice. Meanwhile, Australian teens report widespread workarounds: lying about their age, using parents’ accounts, or simply not being flagged at all. All at the cost of less privacy on the internet for people of all ages, less freedom of information, and the need to handle the data security of these age verification systems.

As just one case study: Fifteen-year-old Jack Okill, who built a 1,500-follower audience on Instagram for a political podcast, found himself locked out. His solution? Creating a new account using his mother’s details, with her managing it until he turns 16. Fourteen-year-old Raeve changed his age on YouTube and kept his Reddit account active without any issues.

Despite these obvious shortcomings, governments in Denmark, the EU, France, New Zealand, Malaysia, US, and now the UK are all still looking at this as an idea that needs to be copied. Perhaps most concerning is what the ban reveals about government priorities. As Raeve noted after being bullied at age 9 for videos he posted and watching a classmate fall into radicalization through social media: he’s disappointed in what he sees as an inadequate effort to actually make platforms safer. The view is that government chose removal over reform, banning kids from the platforms rather than forcing platforms to be safe for everyone.

What you can do: If you’re in Australia and affected by this ban, the eSafety Commissioner is tracking long-term impacts. Your feedback matters, whether you’re a teen finding workarounds, a parent seeing both benefits and harms, or an advocate concerned about who gets left behind. For those outside Australia, you should be contacting your local representatives and expressing your concerns, as there is still time to make your voice heard!

Bits & Bytes 🤖

~ 840,000 Users Hit by Browser Extensions Hiding Malware in PNG Files

Seventeen malicious browser extensions collectively downloaded 840,000 times have been discovered hiding malware in their logo images, and some have been active since 2020. This is part of the same “GhostPoster” campaign exposed by Koi Security in December.

Here’s how it works: The extensions hide code in image files that gets extracted and executed after installation. That code fetches heavily obfuscated payloads that track your browsing activity, hijack affiliate links on major e-commerce sites, and inject invisible iframes for ad and click fraud. The most popular infected extension is: “Google Translate in Right Click" — which got over 500k installs alone.

The latest variant in “Instagram Downloader” moved malicious staging logic into the background script and uses bundled image files as covert payload containers. At runtime, it scans image bytes for a specific delimiter, extracts hidden data, stores it locally, then Base64-decodes and executes it as JavaScript. So it's only getting more advanced.

Our take: Five years. Some of these extensions sat in Chrome, Firefox, and Edge stores for five years before detection. All have now been removed from official stores, but if you installed any of them, they’re still active on your browser. Check your installed extensions immediately to check for them! If you see any of the 17 listed extensions (full list in the article), remove them now and consider resetting passwords for accounts you accessed while they were active. Let this be another reminder to keep your extensions as minimal as possible, and only download extensions from trusted developers or organizations. No random extensions from random people!

~ FTC Bans GM From Selling Your Driving Data for 5 Years

The Federal Trade Commission finalized a settlement with General Motors that bans the automaker from sharing drivers’ location and behavior data with consumer reporting agencies for five years, AND imposes 20-year consent requirements for all connected vehicle data collection.

The case stems from GM’s (now-discontinued) “Smart Driver” feature, which the company marketed as a self-assessment tool to help you improve your driving habits. What GM didn’t say: the feature was collecting your precise location and detailed driving behavior every 3 seconds and selling it to consumer reporting agencies, who then sold it to insurance companies. The result? Higher insurance rates or outright coverage denial for millions of drivers who had no idea they were being tracked.

Our take: This is what “your car is a smartphone on wheels” actually means in practice...constant surveillance feeding a data broker pipeline you never consented to. The FTC called this an “egregious betrayal of consumers’ trust,” and they’re right. If you own a GM vehicle (GMC, Cadillac, Chevrolet, or Buick), check your OnStar settings and opt out of data collection if you haven’t already. For broader vehicle privacy concerns, visit privacy4cars.com to see what data your specific vehicle collects and how to limit it.

This Week on Techlore 📺

In more concerning UK developments, they have activated their new Online Safety Act which requires platforms to preemptively scan every message, with some concerning repercussions

UK Mandates Scanning Your Messages Before You Send Them

The UK has activated new Online Safety Act regulations requiring platforms to preemptively scan every message, image, and post before users can see it. This video explains how client-side scanning works, why encrypted services like Signal and WhatsApp face an impossible choice (break encryption or leave the UK), and the

TechloreHenry Fisher

One of the hottest new VPNs on the scene, Obscura, joined me for a Techlore Talks interview to discuss VPN technology and what issues they're trying to solve. Fun fact: They are partnered with Mullvad as part of their service!

It’s Time for the VPN Industry to Innovate (Obscura Interview)

Techlore Talks brings you in-depth conversations with the experts at the forefront of digital rights, privacy and security.

TechloreHenry Fisher

This week's Surveillance Report highlights more Microsoft Copilot security concerns, and other hot news in the digital rights space:

Microsoft Copilot’s Security Failures Are Putting Everyone at Risk

Techlore Surveillance Report: Weekly News for Your Digital Freedom

TechloreHenry Fisher

And finally, in a new Techlore video style, I made a response video to a WIRED article titled "Dumbphone Owners Have Lost Their Minds" — which I have some strong opinions on:

“Dumbphone Owners Have Lost Their Minds” Response Video

Wired published an article saying dumbphone users “lost their minds.” I disagree. In this video, I respond to Wired’s piece arguing that choosing a dumbphone means you’ve lost touch with reality. The author admits smartphone addiction is real, that tech companies intentionally designed “enmeshment,” and that giving up your smartphone

TechloreHenry Fisher

Action Item ✅

Audit your browser extensions right now. Open your browser’s extensions page and remove anything you don’t actively use or don’t remember installing. Pay special attention to “utility” extensions like translators, ad blockers, screenshot tools, and downloaders. If you see any of the 17 GhostPoster extensions listed in the linked article, remove them immediately. They’ve been pulled from stores but remain active on your browser until you manually delete them.​​​​​​​​​​​​​​​​

Written by

Share

Copied