EU Passes Chat Control Anyway, Plus Microsoft's Secure Boot Mess & the Flock Resistance
The EU Parliament originally rejected mass message scanning, then passed it anyway. Plus Microsoft's decade-old Secure Boot flaw, the age verification wave, and LAPD drops Flock.
On Our Radar 🎯
The EU Parliament Previously Voted Against Chat Control. It's Law Now.
Here's what happened: earlier this year a majority of EU lawmakers voted against reinstating Chat Control's mass message scanning. But a quick vote was snuck in last week and a majority voted in favor of it. Overturning it would have required a supermajority, that supermajority didn't materialize...so let's discuss it.
To be specific about what passed, because the two versions get conflated frequently: this is commonly known as Chat Control 1.0, not 2.0. As Patrick Breyer breaks down, this allows U.S. tech companies to continue scanning private messages without a warrant or prior suspicion, making mass scanning of user data the norm. What it does not do is break end-to-end encryption. Signal and WhatsApp are exempt, and European providers have never implemented these measures in the first place. Chat Control 2.0 is the one that demands an encryption backdoor, and it's still out there, and Chat Control 1.0 being passed isn't a great sign for the future.
So my brutally honest framing around this is "this really harms digital rights...and it could have been a lot worse...and the worst parts haven't been touched yet." Put simply: I think this is a warning shot for upcoming attempts at Chat Control 2.0 in September of this year.
My take, and the thing I keep coming back to: nobody in the digital rights space is against protecting kids. We're against pretending that this protects kids. Every hour spent on indiscriminate scanning that hasn't been shown to help victims is an hour not spent on strategies that would. It's the same playbook as "upload your ID to every platform," it's a loud gesture at a real problem, leaving the real problems to go untouched. Most of what we've seen so far leads to increased surveillance and attacks against privacy, with little evidence they actually work.
What you can do: If you're in the EU, I'm putting together a guide on protecting yourself from this scanning coming soon on the main YouTube channel in the next several days, many of you have asked for exactly this in the comments so I hope you enjoy it. Keep an eye out. If you're in the EU, I highly encourage you to contact your reps and make your voices heard—it worked before and it can work again!
Bits & Bytes 🤖
~ Story 1: Microsoft's Secure Boot Has Been Broken for a Decade
ESET identified 11 firmware images that were known to be defective but stayed signed by Microsoft anyway. These shims (originally built to extend Secure Boot to Linux devices and utility software) can be used to completely circumvent Secure Boot protection using a technique simple enough for novice hackers. Secured-core PCs in their default state are immune; Windows users who installed the June update batch are patched; Linux users should check the Linux Vendor Firmware Service or their distributor.
My take: This one is a bit more technical...but the takeaway here is to try and consider the downstream and upstream security of your tech stack. While Secure Boot was never meant to be a primary defense, many people don't consider this upstream tool of your normal operating system. The scariest part is that this has been technically possible for over a decade without indication if anyone was quietly using it. Windows users make sure you update, and Linux users should investigate!
~ Story 2: The Age Verification Wave In The US
Texas's age verification law is unusual as it targets app stores rather than platforms, meaning you'd verify your age just to download a calculator app on your iPhone or Android device from the default app stores. The Supreme Court declined the emergency appeal, leaving the Fifth Circuit's decision in place and letting Texas enforce while litigation continues. Meanwhile, the House passed the KIDS Act, bundling a revised KOSA with other internet bills; the EFF opposes it, and it's now headed to the Senate.
My take: Same story as Chat Control, different continent. There's still no way to reliably verify age in a manner that's privacy-respecting and actually keeps kids safe. In fact, we've already seen age verification providers get breached, which is the predictable result of forcing everyone to hand their ID to a middleman. I think targeting app stores is a dangerous precedent to set, and if you're in Texas you need to be contacting your reps about this. While Google & Apple are fighting it in court, we shouldn't put all our eggs in that basket, for self-explanatory reasons that come with trusting big tech companies in 2026.
~ Story 3: The Flock Resistance with LAPD Walking Away
The LAPD let its contract with license plate surveillance company Flock expire, citing serious concerns over civil liberties and privacy. Flock's warrantless dragnet has made it the current face of corporate surveillance, especially after the Ring partnership backfired around the Super Bowl.
My take: I don't know if that's how LAPD really feels, or if public pressure just made renewal untenable. Either way, this is something I'm celebrating—good job, LA! And I wanted to draw attention to something: the National Week of Action Against ALPRs runs August 16–22, with over 100 participating cities. GO! You'll actually feel the camaraderie of being around people who think like you. See if your city is participating!
This Week on Techlore 📺
I want to deeply apologize to those of you depending on these newsletters and content for the delays the last few weeks. For context: I've been in the middle of a major move and some inevitable hurdles came up, but as of right now I'm mostly settled into my new place 😁 We still got some fun stuff done back here:
Last week I covered a tier list of password managers, which was a commonly requested list many of you wanted to see. This one was a lot of fun!

And finally, I interviewed Vik Sharma from Cake Wallet on Techlore Talks to discuss digital assets, their privacy practices, Monero, and so much more!

Things should overall be returning to normal scheduling-wise, thank you everyone for your patience during this transition 🙏
Action Item ✅
- Check if you are impacted by the Secure Boot issue, and if you are get it patched
- If you're in the US or EU, you have a lot to be contacting your reps about this week!
Until next week 🫡
This Week's Sources
Highlight: EU Parliament Greenlights Chat Control
- https://www.patrick-breyer.de/en/eu-parliament-greenlights-chat-control-1-0-breyer-our-children-lose-out/
- Techlore Guide Coming soon
Story 1: The Microsoft Wave, Secure Boot Was Broken for a Decade, and That's Just the Start
- https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence/
- https://arstechnica.com/security/2026/07/patch-for-windows-defender-0-day-could-allow-attackers-to-fill-hard-disk/
- https://www.pcmag.com/news/a-hackers-arrest-reveals-microsoft-can-track-users-via-a-windows-device
- https://arstechnica.com/gadgets/2026/06/microsoft-adds-another-year-to-windows-10-extended-update-program/
- https://tech.slashdot.org/story/26/07/08/1728229/windows-drops-under-60-in-global-desktop-os-share
Story 2: The Age-Verification Wave — SCOTUS, Europe, and the KIDS Act
- https://www.cnn.com/2026/07/06/politics/supreme-court-allows-texas-to-require-age-verification-for-mobile-apps
- https://www.eff.org/deeplinks/2026/07/house-passed-kids-act-senate-should-reject-it
Story 3: The Flock Resistance
- https://techcrunch.com/2026/07/13/lapd-lets-contract-with-surveillance-giant-flock-expire-citing-serious-concerns-over-civil-liberties-and-privacy/
- https://deflock.org/
- https://noalprs.com/
The Defense Bulletin
Data Breaches
- https://www.bleepingcomputer.com/news/security/japanese-telecom-giant-kddi-says-data-breach-affects-12-million-people/
- https://techcrunch.com/2026/07/08/another-massive-data-breach-exposed-millions-of-drivers-license-numbers/
- https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/
- https://www.bleepingcomputer.com/news/security/mount-royal-university-confirms-breach-as-hackers-claim-attack/
- https://www.bleepingcomputer.com/news/security/lidl-discloses-online-shop-breach-after-service-provider-hack/
- https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/
- https://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform
Threats
- https://arstechnica.com/security/2026/07/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabilities-to-surface-this-week/
- https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access
- https://www.socialmediatoday.com/news/meta-cto-confirms-facial-recognition-in-ai-glasses/824910/
- https://yro.slashdot.org/story/26/07/08/1750234/metas-glasses-will-turn-off-the-camera-if-you-tamper-with-the-privacy-light
- https://www.wired.com/story/eu-politicians-investigated-pegasus-spyware-then-it-ended-up-on-one-of-their-phones/
- https://arstechnica.com/security/2026/07/new-pamstealer-macos-malware-uses-clever-tradecraft-to-remain-stealthy
- https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/
- https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/
- https://www.bleepingcomputer.com/news/security/lastpass-bitwarden-users-targeted-with-fake-security-alerts/
FOSS+ Updates
- https://mastodon.world/@signalapp/116891415899179791
- https://alternativeto.net/news/2026/7/grapheneos-update-new-exec-spawning-app-toggle-july-2026-security-patch/
- https://alternativeto.net/news/2026/7/calyxos-is-back-with-version-7-2-2-bringing-shiftphone-8-support-and-hsm-based-signing
- https://alternativeto.net/news/2026/7/lineageos-introduces-web-flashing-tools-revamped-stats-page-android-17-plans-and-more/
- https://alternativeto.net/news/2026/7/postmarketos-introduces-kde-plasma-6-7-better-usb-gadget-handling-and-waydroid-updates/
- https://alternativeto.net/news/2026/7/linux-mint-plans-full-wayland-support-and-security-updates/
- https://alternativeto.net/news/2026/7/brave-now-has-working-containers-like-firefox-for-tab-isolation-and-account-separation
- https://alternativeto.net/news/2026/7/immich-3-0-adds-non-destructive-editing-and-ocr-on-mobile-workflows-and-improved-backups
- https://alternativeto.net/news/2026/7/organic-maps-adds-satellite-imagery-public-transport-routing-alternate-routes-and-more
- https://www.youtube.com/watch?v=XCzVQKLBkhM
- https://alternativeto.net/news/2026/7/proton-vpn-launches-official-snap-package-for-linux/
- https://proton.me/blog/lumo-2-design
- https://alternativeto.net/news/2026/7/proton-sheets-update-custom-formats-drift-detection-and-bug-fixes-unveiled/
- https://www.bleepingcomputer.com/news/software/duckduckgo-browser-now-blocks-youtube-video-ads/
- https://tuta.com/blog/tuta-one-click-migration-closed-beta
- https://alternativeto.net/news/2026/7/hannah-montana-linux-has-been-revived-with-a-modernized-stack-but-still-a-lot-of-pink-/
- https://www.bleepingcomputer.com/news/security/whatsapp-rolls-out-usernames-to-help-users-hide-their-phone-number
- https://tails.net/news/version_7.9.1
- https://www.bleepingcomputer.com/news/linux/kali-linux-20262-released-with-9-new-tools-nethunter-updates
Digital Rights Digest—threats to your freedom and how to fight back. A five-minute weekly read, 100% free.

