Dr Gerhard Knecht, PhD

Researchers proved that your Android phone is sending data to Google every 4.5 minutes. Even when you opt out of EVERYTHING. Researchers at Trinity College Dublin did an exhaustive deep-dive into exactly how much data iOS and Android devices stealthily transmit back to Apple and Google. Both tech giants are running non-stop telemetry pipelines from your device. Even when you are not logged into an account. Even when you explicitly opt out of data collection. Even when the phone is completely untouched. The sheer volume of data being harvested is staggering. Android sends data back to Google every 4.5 minutes. iOS follows right behind, pinging Apple every 4.5 minutes. Within the first 10 minutes of powering on a fresh device, Android sends roughly 1MB of data to Google. iOS sends about 42KB to Apple. When the phones are just sitting there doing nothing, Google harvests around 1MB of data every 12 hours. Apple collects roughly 52KB. Google is collecting 20x more telemetry data than Apple. But what they are collecting is the real problem. The researchers discovered that your phone isn’t just sending generic system diagnostics. It is sending a highly detailed digital fingerprint: - Hardware serial numbers - Device IMEI numbers - Wi-Fi MAC addresses - Your phone number - SIM card details And it gets darker. iOS uploads the WiFi MAC addresses of every device near you. Your roommate's laptop, the café router, your neighbor's home gateway—all tagged with your exact GPS coordinates. If just one person in your building enables location services once, Apple now knows where every single device on that network lives. Forever. The researchers tried to opt out of everything. They turned off location services, restricted background data, and avoided signing into any accounts. It didn't matter. The data transmission never stopped. The escape hatch has been welded shut. Right now, millions of professionals use these devices to handle sensitive business data, proprietary code, and private operations under the assumption that "idle" means "safe." But the data shows there is no such thing as an offline smartphone anymore. --- Paper: Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google (2021)

Linux users are fighting new United States laws that require computers to ask for your age and share it with apps to keep kids safe online. The laws were made for big companies like Apple and Google but they cause big problems for Linux because it is free open software built by volunteers who care about privacy and freedom. System76 won a special rule in Colorado to skip this, while groups like MX Linux say no and some people have made tools to avoid the age check completely.

🚨GOOGLE JUST REPLACED CAPTCHAS WITH A SYSTEM THAT LOCKS YOU OUT OF THE INTERNET IF YOU DON'T HAVE GOOGLE SOFTWARE ON YOUR PHONE.. WHILE GIVING AI BOTS A FREE PASS.. This is the most important internet story nobody is covering.. Google upgraded reCAPTCHA on millions of websites with something called Cloud Fraud Defense.. Instead of clicking traffic lights.. You now sometimes have to scan a QR code with your phone.. Sounds harmless.. Until you understand what's actually happening.. When you scan that QR code.. Your phone runs a cryptographic check through Google Play Services to verify your device is a genuine, unmodified, Google-certified phone.. If your phone doesn't have Google Play Services.. You fail the challenge.. That means every person running a privacy-focused phone.. GrapheneOS.. CalyxOS.. LineageOS.. Any de-Googled Android.. Can be locked out of millions of websites.. Not because they're bots.. Because they removed Google's tracking software.. While humans on privacy phones get blocked.. AI bots from Google, OpenAI, and Anthropic get frictionless access.. Corporate AI agents present a cryptographic passport using Web Bot Auth and SPIFFE.. And the system waves them right through.. No QR code.. No challenge.. Nothing.. A human who cares about privacy.. Blocked.. A corporate AI bot scraping the entire internet.. Welcome right in.. This isn't even a new idea.. In 2023 Google tried to make this an official web standard called Web Environment Integrity.. The internet exploded.. The EFF called it "Chrome's plan to DRM the web".. Mozilla said it "works against users' interests".. Google withdrew it.. Then they launched the core system three years later as a commercial product.. Skipping full public standards review.. No debate.. Millions of domains were automatically upgraded to it.. Website owners didn't even know.. They just wanted to stop spam.. Now they're unknowingly enforcing Google's hardware verification on many visitors.. The QR code system uses hardware-based cryptographic keys.. VPNs can't hide you.. Tor can't hide you.. The attestation bypasses everything.. The system doesn't fully stop real fraud.. Bot operators just buy real Android phones in bulk.. Set up device farms with cameras pointed at screens.. And physically scan the QR codes.. The hardware check passes because the phones are real.. Google upgraded a system that tried to stop bots with one that can block privacy-conscious humans.. Alternatives exist.. Proof-of-work CAPTCHAs that use math instead of hardware checks.. No tracking.. No Google dependency.. Work on any device.. But millions of websites already run Google's version.. The internet was supposed to be open.. Google just put a lock on the door and kept the key.

U.S. Marines recently proved that low-tech creativity can still defeat cutting-edge military artificial intelligence. In a DARPA field trial, a team of eight Marines was challenged to sneak past a sophisticated AI-powered detection system. Instead of relying on advanced stealth gear or electronic countermeasures, they turned to absurdly simple, almost cartoonish tactics and succeeded Some Marines cartwheeled and rolled across 300 meters of open ground. Others concealed themselves under ordinary cardboard boxes and slowly inched forward. One soldier even disguised himself as a small fir tree, shuffling gradually toward the objective. Remarkably, every Marine reached the target without ever triggering the AI sensors. The system had been trained extensively on normal human walking and running patterns, but it had no reference for these bizarre movements. Because the Marines’ actions fell completely outside the AI’s learned understanding of “human behavior,” they were effectively invisible to it. This exercise offers a timely lesson for the defense sector: no matter how advanced military AI becomes, it can still be outmaneuvered by human ingenuity, unconventional thinking, and old-fashioned manual tactics. This incident serves as a vital reminder for the defense industry that while AI is an incredibly powerful tool, it remains susceptible to creative human deception and the unpredictable nature of manual tactics. source: Scharre, P. (2023). Four Battlegrounds: Power in the Age of Artificial Intelligence. W. W. Norton & Company.

I am a Vulnerability Analyst at the National Institute of Standards and Technology (NIST). There were 28,961 new CVEs published last year. I processed eleven per week. I need to explain what enrichment is because, without it, the rest of this does not matter. A CVE is a numeric identifier that catalogs a new software vulnerability. A CVE without enrichment is a number. CVE-2026-XXXXX. The number tells you a vulnerability exists. It does not tell you the severity. It does not tell you which products are affected. It does not tell you the attack vector. It doesn't indicate whether to patch on Tuesday or now. Every CISO in the country builds their patch-priority list using our enrichment data. We are the triage. Without us, the number is a fire alarm with no address. 28,961 alarms. I got to 572. Every morning I open the queue. The queue is a spreadsheet. It was a spreadsheet when I started, and it is a spreadsheet now. Monday's queue has between 70 and 130 new entries, depending on whether someone found a batch of WordPress plugins over the weekend. I scroll to the top. I pick two. Sometimes three, if one is straightforward. I assign them to myself. I open the enrichment template. I begin. The other 70 stay in the queue. Tuesday, they will be joined by 70 more. I will pick two. The page looks the same. I want to say that clearly. The NVD website, the one bookmarked on every security team's browser in every hospital and bank and water treatment plant and power utility in the country, loads the same way it loaded in 2023. Same interface. Same search. Same logo. There is no banner that says "this data is no longer current." There is no warning. There is no asterisk. The security team at a hospital in Ohio who checks NVD at 7 AM to decide which of their 340 unpatched systems to prioritize today is making life-and-death triage decisions using a database that stopped being maintained. They do not know it stopped being maintained. The page looks the same. We have not been defunded. I want to be precise about that. We have been "deprioritized." Our headcount has been "reallocated to other initiatives." Four analysts were moved to the AI Safety Measurement Initiative in January. AI safety measurement is the initiative that has funding. CVE enrichment is the initiative that protects the hospitals. The hospitals do not have an initiative. My manager told me in February that we are "transitioning to a community-driven enrichment model." Community-driven means that vendors whose products have vulnerabilities will self-report the severity of those vulnerabilities. I sat in that meeting. I wrote it down. Oracle will now assess the criticality of its vulnerabilities. Microsoft will now assess how urgent it is to patch Microsoft. The fox will now audit the henhouse and submit the findings in JSON. I still have my badge. I still have my login. I still open the spreadsheet. I still pick two. The queue has 9,247 unenriched CVEs as of this morning. Some of them are critical. I do not know which ones because they have not been enriched. That is what unenriched means. It means we do not know how dangerous they are because we stopped analyzing how dangerous they are. The page looks the same. The system that catalogs broken systems is itself broken. I catalog the brokenness. I have been cataloging it at a rate of two per day. At this rate, I will finish the current backlog in twelve years and seven months, not accounting for the 80 new entries that will arrive tomorrow, and the 80 after that, and the 80 after that. I am a Vulnerability Analyst at the National Institute of Standards and Technology. The page looks the same. The data doesn't. Nobody told the hospitals. That is my job. I am also not doing that.

🚨 BREAKING: Scientists just learned how to control magnetism at the atomic level. Not materials. Not circuits. Individual spin patterns. Read that again. Instead of using electric charge… they’re using the spin of electrons to store and process data. And it gets crazier: They can create tiny magnetic whirlpools called skyrmions… that move with almost no energy and can store massive amounts of data This means: Faster computers Lower power usage Ultra-dense memory But the real shift is this: We’re not just building electronics anymore… we’re engineering structure at the smallest possible scale. So the real question is: If information can be stored in spin itself… what limits computation? Follow me I’m tracking where physics becomes technology.