VPNs Could Expose You to NSA Spying, North Korea's Open-Source Hijack, Android Malware Hits 2.3 Million Devices via Google Play, and the EU Ending Chat Control

This week's highlight story is a big one...six lawmakers are pressing intelligence officials to answer whether Americans using commercial VPNs could be stripped of their constitutional protections and treated as foreign targets under Section 702 of FISA. The irony here is these same organizations have all recommended that consumers use VPNs for privacy, which may inadvertently hand the NSA legal cover to surveil your traffic as if you're a foreign national. I don't think this is any reason to ditch your VPN, but it does expose the deeper flaw in how governments are approaching digital rights. I think the real fix isn't carving out exceptions for Americans; it's recognizing that mass surveillance is wrong, regardless of whose citizens it targets.

Beyond the VPN story, this was an enormous week. North Korea pulled off a weeks-long, methodically planned supply chain hijack of the widely-used Axios JavaScript library. And right as Google is pushing to lock down Android sideloading under the banner of Play Store safety, we got the story of NoVoice—Android malware distributed through 50+ Play Store apps with 2.3 million downloads, capable of surviving a factory reset. I also covered Apple's expanding device-level age verification, the EU Parliament's big vote to kill Chat Control (and Patrick Brayer's compelling five-point action plan for real child protection), and a packed Defense Bulletin with updates from VeraCrypt, Meta's child exploitation loss in court, Apple Maps ads, and more.

Written by

Share

Copied