The Week Big Tech Got Sued, Hacked, and Verified | March 22-31

A jury just held Meta and Google liable for designing addictive products that harmed a child. Two thousand more cases are waiting.

Photo by Mariia Shalabaieva / Unsplash

On Our Radar 🎯

The Dam Breaks: First Jury Holds Meta and Google Liable for Social Media Addiction

For the first time, a jury found Meta and Google negligent in the design and operation of their social media platforms, determining that Instagram and YouTube were a "substantial factor" in causing serious mental health harm to children.

Some legal context: the case was designed as a "bellwether"—a verdict meant to set the framework for over 2k similar lawsuits pending across the country against big tech companies. For context on some of the evidence discussed, one of the internal Meta documents introduced at trial read: "If we wanna win big with teens, we must bring them in as tweens." Another: "Oh my gosh, IG is a drug… we're basically pushers."

The legal theory here matters for digital rights: they deliberately avoided arguing about content, and instead argued about product design. Infinite scroll. Push notifications. Algorithmic amplification optimized for engagement. These are engineering choices made by human beings at companies that knew the risks. The jury agreed those choices constitute negligence. If that theory holds through appeals, this could mean very big things for the future of legislation against these companies and what kind of incentives will exist on the platforms. Which can have impacts on privacy, surveillance, and mental sovereignty.

Both Meta and Google are expected to appeal, and neither verdict is the last word. So we'll continue following closely!

What you can do: Check out Screen Time and Family Link settings on your devices. They don't fix structural issues, but can help develop the tools for children and other loved ones (including yourself!) to develop better relationships with technology. Additionally, I'm a big fan of tools like NextDNS which include quite powerful controls that can block categories of content (ex. Social Media, porn, etc.) and even do the blocking on a set schedule on all devices. No matter what tools you find, the goal is to improve your relationship with your devices so that you are in control, so I encourage you to experiment to find what works best for you.

Bits & Bytes 🤖

~ DarkSword: The iOS Exploit Now Anyone Can Use

A sophisticated iOS hacking toolkit called DarkSword was leaked. Researchers called it trivial to deploy: "no iOS expertise required," & works out of the box. It targets iPhones running iOS 18.4 through 18.7, can steal messages, contacts, passwords, photos, and cryptocurrency wallets in minutes with no user interaction required. Apple has patched the underlying vulnerabilities in iOS 26.3+ and iOS 18.7.3+, and is issuing rare backported patches for older devices.

Our take: The obvious takeaway is to update your devices and consider lockdown mode for higher threat models. But the other layer to this story is that this was originally a state-level weapon that is now basic commodity malware. These organizations (and governments!) chose to keep these attacks secret for their own gain, rather than notify Apple of the concerns before it got out of hand. It's important to remember many of these organizations directly benefit from the potential to exploit millions of people, and we hope to see greater consequences for this industry.

~ Apple Lockdown Mode: Still an Unbroken Record

Years after Apple launched Lockdown Mode, the company confirmed this week it has no record of a single device with Lockdown Mode enabled being successfully compromised by mercenary spyware. Amnesty International's security lab and Citizen Lab independently corroborated the claim. Researchers found spyware like Pegasus and Predator was even coded to abort their infection attempts upon detecting Lockdown Mode, apparently to avoid leaving detectable traces.

Our take: Lockdown Mode isn't for everyone, it restricts usability in some key ways, but it's an incredible tool for journalists, activists, lawyers, and anyone at elevated risk. The reality is it's one of the most powerful security features ever released, accessible with just a single toggle in the settings. Anyone can toggle it on and easily turn it off just as easily if it doesn't work for them.

~ Apple Rolls Out Device-Level Age Verification in the UK

iOS 26.4 introduced a new requirement for UK users: verify you're 18+ (via credit card scan or government ID) or have features restricted and monitoring enabled on AirDrop, FaceTime, and Messages. Apple is doing this proactively to avoid future problems with the UK's Online Safety Act. Meanwhile, Gizmodo asked the obvious question: could the US be next? Mark Zuckerberg has publicly endorsed device-level age checks, calling it "a lot clearer" than every app doing it separately. (And is also spending $2 billion lobbying to try and pass device-level checks to avoid the verification needing to impact Meta)

Our take: This is a big story to watch. We'll be doing a lot more dedicated coverage for this in the near future, so stay tuned!

~ Proton Launches Encrypted Video Conferencing

Proton launched Proton Meet today, a fully end-to-end encrypted video conferencing platform using the Messaging Layer Security (MLS) protocol. No account required to join calls, no logs kept, available on web and all major platforms. Simultaneous with the launch, Proton rebranded its suite of business tools as Proton Workspace, positioning itself as a direct alternative to Google Workspace and Microsoft 365 for orgs.

Our take: While not everyone may want a suite, and may prefer to individually select services in their tech stack, I think it's of critical importance that we have an easy, privacy-respecting alternative to the big tech ecosystems people are familiar with. This was a big missing piece to a suite, so it's great to see this happen! We got to beta test Proton Meet a few months ago in some meetings we had with Proton, and we can confirm it works quite nicely!

This Week on Techlore 📺

We published SR258 this week, which was a BIG episode given we had to skip a couple weeks due to travel + sickness. It's great to be back though and wonderful to see you all get active.

Finally, we sat down with Cape Cellular, an interview you don't want to miss if you've been thinking about your mobile carrier from a privacy angle. It's quite technical and dives into the full cellular infrastructure behind the scenes and what individuals can do to protect themselves.

Action Item ✅

If you're running an Apple device, check your iOS version right now: Settings → General → About → iOS Version. If you're on anything between iOS 18.4 and 18.7.2, your device is actively vulnerable to DarkSword exploits that are now freely available to anyone. Update to iOS 26.3.1 or later (or iOS 18.7.3+ if your device doesn't support iOS 26). If you are at a higher risk, consider enabling lockdown mode.