Privacy Alerts
Confirmed privacy events affecting products we track — regulatory fines, data breaches,
security vulnerabilities, and policy changes.
We monitor the NVD vulnerability database, FTC press releases, UK ICO enforcement actions,
EFF privacy analysis, and HaveIBeenPwned breach data. Every alert below has been reviewed and
confirmed relevant to a product in our database. Significant events are also shown on the
affected product's device page.
Regulatory Actions
3
high
2026-05-25
FTC Begins Enforcing the TAKE IT DOWN Act
The Federal Trade Commission today began enforcing the TAKE IT DOWN Act (TIDA), a law requiring platforms, at the request of victims, to remove intimate photos or videos shared online without victims’ consent.As part of its enforcement role, the FTC has launched TakeItDown.ftc.gov, a website allowin
www.ftc.gov/news-events/news/press-releases/2026/05/ftc-b...
high
2026-05-02
Walmart Agrees to $100 Million Judgment to Settle FTC, States’ Charges Over Deceptive Earnings Claims Related to the Company’s Spark Driver Delivery S
Walmart, Inc. has agreed to a $100 million judgment to settle allegations from the Federal Trade Commission and 11 states that the company caused delivery drivers to lose tens of millions of dollars’ worth of earnings, by deceiving them about the base pay, incentive pay and tips they could earn.Join
www.ftc.gov/news-events/news/press-releases/2026/02/walma...
FTC Chairman Andrew N. Ferguson Issues Warning Letters to CEOs of PayPal, Stripe, Visa and Mastercard About Debanking American Consumers
Federal Trade Commission Chairman Andrew N. Ferguson sent letters today to four major financial infrastructure platforms and payment providers reminding them of their obligations to their customers under the FTC Act.The letters issued to the CEOs of PayPal, Stripe, Visa and Mastercard raise concerns
www.ftc.gov/news-events/news/press-releases/2026/03/ftc-c...
Security Vulnerabilities
2
CVE-2026-39653: Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-confere
Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.
nvd.nist.gov/vuln/detail/CVE-2026-39653
high
TikTok
On device page
2026-04-29
CVE-2026-40518: ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab
Sandbox escape vulnerability in ByteDance DeerFlow allows arbitrary code execution. Demonstrates ongoing security issues in ByteDance infrastructure.
nvd.nist.gov/vuln/detail/CVE-2026-40518
Privacy Developments
12
medium
2026-05-31
More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints
An EFF analysis of millions of searches of Flock Safety automated license plate reader (ALPR) data by police has uncovered a troubling pattern: in the absence of a warrant requirement to search ALPR databases, law enforcement agencies have moved beyond specific investigations to use these surveillan
www.eff.org/deeplinks/2026/05/more-license-plate-reader-m...
medium
2026-05-25
Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!
For years, civil society organizations, workers, journalists, and human rights experts have warned that major technology companies risk enabling grave human rights abuses when they provide cloud computing, AI, and surveillance infrastructure to governments implicated in violations of international a
www.eff.org/deeplinks/2026/05/microsoft-took-step-toward-...
medium
2026-05-25
The Science is Not Settled: How Weak Evidence is Fueling a National Push to Ban Social Media for Youth
As statehouses ramp up for 2026, we’re seeing a familiar and concerning trend of lawmakers rushing to regulate the internet based on shockingly shaky science. From the California State Assembly to the Massachusetts and Minnesota legislatures, a wave of bills is crashing against the digital lives of
www.eff.org/deeplinks/2026/05/science-not-settled-how-wea...
medium
2026-05-16
Help EFF Solve an Issue That's Bigger than Creepy Ads
Millions of people around the world use EFF's Privacy Badger. This browser extension blocks the hidden trackers that twist your web browsing into a commodity for Big Tech, advertisers, scammers, and data brokers. But did you know that we’re trying to solve an issue that’s even bigger than creepy ads
www.eff.org/deeplinks/2026/05/online-tracking-isnt-just-u...
Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
This week, Apple released iOS 26.5, an update that supports end-to-end encryption for Rich Communication Services (RCS), meaning conversations between Android and iPhone will soon be encrypted in the default chat apps. This has been a long time coming, and is a welcome delivery on a promise both Goo
www.eff.org/deeplinks/2026/05/victory-end-end-encrypted-r...
medium
2026-05-02
Google and Amazon: Acknowledged Risks, and Ignored Responsibilities
In late 2024, we urged Google and Amazon to honor their human rights commitments, to be more transparent with the public, and to take meaningful action to address the risks posed by Project Nimbus, their cloud computing contract that includes Israel’s Ministry of Defense and the Israeli Security Age
www.eff.org/deeplinks/2026/04/google-and-amazon-acknowled...
medium
2026-05-02
Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story
For years, EFF has pushed technology companies to make real human rights commitments—and to live up to them. In response to growing evidence that Palantir’s tools help power abusive immigration enforcement by ICE, we sent the company a detailed letter asking how the promises in its own human rights
www.eff.org/deeplinks/2026/04/palantir-has-human-rights-p...
medium
2026-05-02
Utah’s New Law Targeting VPNs Goes Into Effect Next Week
For the last couple of years, we’ve watched the same predictable cycle play out across the globe: a state (or country) passes a clunky age-verification mandate, and, without fail, Virtual Private Network (VPN) usage surges as residents scramble to maintain their privacy and anonymity. We've seen thi
www.eff.org/deeplinks/2026/04/utahs-new-law-regulating-vp...
medium
2026-04-29
How Push Notifications Can Betray Your Privacy (and What to Do About It)
Update April 22, 2026. Apple has reportedly addressed part of the issue with the notification database in iOS 26.4.2 and 18.7.8, released today. With this update, notifications marked for deletion should no longer be stored in the notification database.
A phone’s push notifications can contain a sig
www.eff.org/deeplinks/2026/04/how-push-notifications-can-...