An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

You’ve probably heard about people scamming from halfway around the world, but sometimes they turn up at your door.

That’s what happened in May, when 67 year-old Robert Wise of Ohio received a text telling him that his Apple ID had been compromised. It had been used at an Apple store for a $213 purchase, the text message said.

The scam text received by Robert Wise, as shown to 10 WBNS

After calling the number on the phone, a man identifying himself as John Cooper said that thieves had racked up a total of $27,000 in charges in his name. Unless Wise withdrew $27,000 from his account immediately, it would be drained, the man said.

As you’ve probably already guessed, there had been no $27,000 theft. At least, not yet. According to local news reports, the man at the other end of the line tried to get Wise to deposit the money into a bitcoin machine to send him the funds.

Robert Wise speaks to 10 WBNS

When Wise tried and failed to do that, the crook said he’d send someone to collect the money in person. This is where 42 year-old Liwei Zhang turned up at the victim’s door and Wise handed the money over.

All might have been well save for the thief’s greed. Zhang arranged to come back and collect more money from Wise, who by this time had finally grown suspicious and called the sheriff. The sheriff told Wise to keep the criminal engaged and they managed to catch the thief at the scene.

Zhang, a Chinese national who was in the country on a business visa, now faces charges of theft, identity fraud and telecommunications fraud. He told law enforcement officers that he was just a middleman, and “felt that he was doing this revolving criminal activity”.

This isn’t an isolated case. Last month, officers in Kentucky arrested a Canadian citizen, Jia Hua Liu. Liu, who was in the US, had targeted multiple elderly victims with scams and then turned up at their homes to collect money. He had collected over $300,000 in total.

Last year, 21 year-old Tejaskumar Patel was arrested after collecting gold bars from a Florida resident. The victim, a retired marine, had been told he needed to pay to free himself from arrest warrants (which were fake). Officers only caught Patel after coming back for more gold, because the victim had called the police.

There are plenty of cases like these. Scamming this way is a reliable last resort for thieves because it will often be easier to collect cash personally from non-tech-savvy people rather than getting them to successfully make a bitcoin transaction.

However, the scammers also place themselves in great personal danger if a victim gets suspicious. Especially if they’re greedy enough to push their luck and come back for more.

Protecting yourself is simple:

*   Be on the lookout for telltale signs that a text is a scam. These include slight language errors and a sense of urgency.
*   Don’t respond directly to any text messages telling you about scams or making legal threats.
*   If the texts have you worried, verify them independently by calling the organization they’re supposed to be from. Use a number obtained independently to ensure you’re calling the right place, and don’t use the number in the text. If the organization can’t verify a text, it’s a scam.
*   Never send money to a stranger or give them money in person. No legitimate organization should ever ask for cash at the door, unless they’re wearing Girl Scout vests and come bearing cookies. If you’re spending $27,000 on Girl Scout cookies, you have bigger problems.
*   If you’re truly stumped about a text message and want some immediate, AI-assisted help, 24/7, try Malwarebytes Scam Guard for free.

Unfortunately, many elderly victims are more vulnerable to scams, as data shows, and may not heed such advice. That’s why it’s important to check in regularly with elderly friends or family to ensure that they aren’t involved in any such transactions.

Liu failed to scam $70,000 from some potential victims because their family members had found out what was going on and intervened. When scams targeting the elderly are so common, it’s important that someone has their back.

**We don’t just report on scans—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 Apple ID scam leads to $27,000 in-person theft of Ohio man 

Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.

_A special thanks to all the people at Malwarebytes and ThreatDown for sharing the text messages they received from scammers._

Many of us have received texts like these. Often super short, some flirty, some with a business tone, or sometimes just a simple ‘hello.’

You don’t know the sender, and they look like an honest mistake. But they’re not. All the messages are carefully crafted to seem plausible—so you don’t immediately feel suspicious—and short—to trigger your curiosity.

The intention of these messages are to get you to be confused enough that you will reply, perhaps by saying they have the wrong number.

Here are some of the messages our team has received recently:

**1\. The one-word text**

**2\. The “who are you again?” text**

**3\. The “tempting” text**

Sometimes these involve inviting you for fun activities on the weekend, like a BBQ or some beach time. Sometimes, it’s just a dinner suggestion:  

**4\. The business text**  

**5\. The “OMG i just woke up” text**  

These are just some examples, but we’ve seen so many more.

As soon as you reply, the scammer will initiate a friendly conversation. Their end goal will be to gain your trust and develop the relationship into a costly romance or investment scam.

From their end at least, some of my co-workers told them to go phish elsewhere.

However funny, we don’t recommend engaging with scammers in this or any other way. Here’s why:

**Why you should never respond**

*   Responding confirms your number is active.
*   It flags you as someone who reads texts and might engage.
*   The scammer may sell or share your number.
*   Some groups build long-term “mark profiles” for future scams. Even though you think you’re only providing them with little to none information, scammers often track who replies, how they reply, and how easily they engage. That data becomes part of a “mark profile”, a digital dossier on you that might include your phone number, the time of response (which suggests your schedule or time zone), and any other information you share.

**What you should do instead of replying**

*   Don’t reply, not even to be helpful. Don’t engage in conversation, even if they seem friendly.
*   Never click on links.
*   Block the number.
*   Report the message to your carrier (In the US, most carriers support forwarding spam texts to 7726).
*   Share examples (anonymized) to help others. One way to do this is to use Malwarebytes Scam Guard, which also helps you assess if a message is a scam or not.

**We don’t just report on scans—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 That seemingly innocent text is probably a scam 

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'passwd' HTTP POST parameter in /ajax/php/login.php script.

Title: Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauth Code Invasion  
Advisory ID: ZSL-2025-5956  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 31.07.2025

**Summary**

EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly customizable, user-friendly interface.

EVE is a multi-protocol platform that integrates various systems within a smart building to enhance comfort, security, safety, and energy efficiency. Users can manage building functions via iPhone, iPad, Android devices, Windows PCs, or Mac computers.

The EVE X1 Server is the dedicated hardware solution for advanced building automation needs. Compact and powerful, it is ideal for apartments, small to medium-sized homes, and smaller commercial installations. It is designed to manage entire automation systems reliably and efficiently.

**Description**

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'passwd' HTTP POST parameter in /ajax/php/login.php script.

**Vendor**

Ilevia Srl. - https://www.ilevia.com

**Affected Version**

<=4.7.18.0.eden (Logic ver: 6.00)

**Tested On**

GNU/Linux 5.4.35 (armv7l)  
GNU/Linux 4.19.97 (armv7l)  
Armbian 20.02.1 Buster  
Apache/2.4.38 (Debian)  
PHP Version 7.3.14

**Vendor Status**

\[01.05.2024\] Vulnerability discovered.  
\[06.05.2024\] Vendor contacted.  
\[06.05.2024\] Vendor responds asking more details.  
\[06.05.2024\] Sent high-level details to the vendor, asked for PGP key.  
\[06.05.2024\] Vendor provides public key and asks for a reason of the contact.  
\[06.05.2024\] Replied to the vendor.  
\[07.05.2024\] Vendor expresses gratitude, maybe discuss a service in the future.  
\[16.05.2025\] Asked vendor for status update.  
\[18.05.2025\] No response from the vendor.  
\[19.05.2025\] Asked vendor for status update.  
\[30.07.2025\] No response from the vendor.  
\[31.07.2025\] Public security advisory released.

**PoC**

eve.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <\[email protected\]\>

**References**

\[1\] https://packetstorm.news/files/id/207717/

**Changelog**

\[31.07.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: \[email protected\]

Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauth Code Invasion

The controller suffers from an unauthenticated file disclosure vulnerability. Using the 'db_log' POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

Title: Ilevia EVE X1 Server 4.7.18.0.eden (db\_log) Pre-Auth File Disclosure  
Advisory ID: ZSL-2025-5955  
Type: Local/Remote  
Impact: Exposure of System Information, Exposure of Sensitive Information  
Risk: (5/5)  
Release Date: 31.07.2025

**Summary**

EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly customizable, user-friendly interface.

EVE is a multi-protocol platform that integrates various systems within a smart building to enhance comfort, security, safety, and energy efficiency. Users can manage building functions via iPhone, iPad, Android devices, Windows PCs, or Mac computers.

The EVE X1 Server is the dedicated hardware solution for advanced building automation needs. Compact and powerful, it is ideal for apartments, small to medium-sized homes, and smaller commercial installations. It is designed to manage entire automation systems reliably and efficiently.

**Description**

The controller suffers from an unauthenticated file disclosure vulnerability. Using the 'db\_log' POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

**Vendor**

Ilevia Srl. - https://www.ilevia.com

**Affected Version**

<=4.7.18.0.eden (Logic ver: 6.00)

**Tested On**

GNU/Linux 5.4.35 (armv7l)  
GNU/Linux 4.19.97 (armv7l)  
Armbian 20.02.1 Buster  
Apache/2.4.38 (Debian)  
PHP Version 7.3.14

**Vendor Status**

\[01.05.2024\] Vulnerability discovered.  
\[06.05.2024\] Vendor contacted.  
\[06.05.2024\] Vendor responds asking more details.  
\[06.05.2024\] Sent high-level details to the vendor, asked for PGP key.  
\[06.05.2024\] Vendor provides public key and asks for a reason of the contact.  
\[06.05.2024\] Replied to the vendor.  
\[07.05.2024\] Vendor expresses gratitude, maybe discuss a service in the future.  
\[16.05.2025\] Asked vendor for status update.  
\[18.05.2025\] No response from the vendor.  
\[19.05.2025\] Asked vendor for status update.  
\[30.07.2025\] No response from the vendor.  
\[31.07.2025\] Public security advisory released.

**PoC**

ilevia\_path2.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <\[email protected\]\>

**References**

\[1\] https://packetstorm.news/files/id/207716/

**Changelog**

\[31.07.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: \[email protected\]

Ilevia EVE X1 Server 4.7.18.0.eden (db_log) Pre-Auth File Disclosure

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

As the UK’s Online Safety Act came into effect on Friday—along with its age verification controls—the use of virtual private network (VPN) services has skyrocketed by up to 20-fold across the region.

Top10VPN, which monitors VPN traffic around the world, spotted UK VPN traffic spiking 1,327% on July 25, compared to the daily average over the prior four weeks. The traffic didn’t slow down on the days following, either, increasing 1,.712% above the pre-July 25 baseline on July 26, and by almost 2,000% on July 27.

The Online Safety Act forces a variety of websites to verify a user’s age, ensuring they are 18 years old or over. This doesn’t just apply to the obvious porn sites, but to a broad array of other categories: social media, gaming, and even search. The content considered harmful under the bill isn’t just sexual either, but covers areas including suicide, self-harm, and content related to eating disorders. Sites that don’t comply risk fines or even bans in the UK.

The more stringent law means that simply checking a box saying you’re over 18 won’t cut it. Instead, the UK’s communications regulator OFCOM suggests several ways for sites to verify a person’s age:

*   Using open banking information (where a person submits information from their bank that proves their age)
*   Photo ID matching using facial recognition
*   Proving your age to your mobile operator who then approves you on the site’s behalf
*   Checking your credit card (only adult UK residents can get one)
*   Analyzing your email to see if it’s likely to have been used in an adult situation (a mortgage application, say)
*   Using digital identity services such as a digital ID wallet (the EU is working on one of these)
*   Estimating a person’s age from a selfie.

OFCOM argues that all methods must be implemented in line with UK privacy law, but it’s understandable that adult users might consider this a privacy risk. It’s also likely that some minors will want to flout the rules and access content that the government doesn’t want them to, especially given the wide scope of the law. Both these reasons are likely why VPN activity has soared since the law kicked in.

When you browse the internet directly, your computer uses an IP address that your internet service provider gives you. The site you’re browsing can use that to determine what country you’re in. A VPN is a program that connects your internet browsing device to the VPN company’s computer. That computer then serves as your jumping-off point to the internet.

Because VPN providers have networks of these computers around the world, you can pretend to be in another country of your choosing when using a VPN, meaning people often use them to bypass censorship laws. As more countries have been restricting access to adult content, they have also become a tool for internet users to dodge age protection laws.

UK Science Secretary Peter Kyle downplayed the use of VPNs in a Guardian interview yesterday, arguing that “very few children” were seeking harmful content online. Yet according to OFCOM, 8% of children between eight and 14 in the UK access online porn every month. That figure increases to almost one in five boys in that age bracket.

Kyle insisted that the government had solved up to 90% of the problem. “That 10% that’s remaining, or whatever that percentage is? We’ll go figuring it out as we move forward,” he said.

Per Wired, the Proton VPN service tweeted that its UK signups surged over 1,400%. “Unlike previous surges, this one is sustained, and is significantly higher than when France lost access to adult content,” it added.

VPN service Windscribe also tweeted a graph showing what appeared to be a massive spike in daily sign-ups on July 25.

And AdGuard also reported a spike in traffic, “Website traffic from UK users has surged by more than 60%, with visits from Android devices more than doubling and iOS traffic up by nearly 100%,” it said. “VPN installs in the UK have also grown by 2.5 times, and we’re seeing a clear increase in traffic from keyword searches—a significant share of which is related to adult content.”

Kyle told the Guardian that he was not going to ban VPNs, but that he would be looking “very closely” at how they are being used.

 VPN use rises following Online Safety Act’s age verification controls 

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.

In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps.

The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

To check if you’re using the latest software version, go to Settings > General > Software Update. You want to be on iOS 18.6 or iPadOS 18.6, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

update now

Apple has also released updates for macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, watchOS 11.6, and tvOS 18.6.

**Technical details**

Here we will discuss some of the vulnerabilities that Apple patched in this update.

CVE-2025-31229: A logic issue might disclose your passcode by the VoiceOver reading it aloud. VoiceOver is a gesture-based screen reader which allows people to use an iPhone even if they can’t see the screen.

CVE-2025-43217: Devices may fail to display the privacy indicators when apps access the microphone or camera, which could prevent users from being notified about this usage.

CVE-2025-43227: Visiting a specially crafted malicious website can expose your sensitive information; while Apple has not specified the exact types, data handled by the browser (for example, cookies, authentication tokens, browsing history, and other personal information), could be at risk.

CVE-2025-43228: Visiting a malicious website may lead to address bar spoofing. “Address bar spoofing” is when a website tricks your web browser into showing a fake or misleading website address (URL) in the address bar, at the top of your browser window, instead of the website you’re actually visiting. This means what you see in the address bar looks like a trustworthy site (for example, your bank or a popular service), but in reality, you’re on a different, potentially dangerous site controlled by an attacker.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple patches multiple vulnerabilities in iOS and iPadOS. Update now! 

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.

If you thought using a public phone charger was safe, it’s time to think again. Despite years of updates aimed at protecting smartphones from “juice jacking” attacks, cybersecurity researchers have identified a new threat that sidesteps those very safeguards.

A new study now outlines how attackers are now using a method called Choicejacking to exploit smartphones into granting unauthorised access, often without the user realising anything happened.

****From Juice Jacking to Choicejacking****

Juice jacking first made headlines over a decade ago, when hackers used infected charging stations to either steal data or inject malware into connected phones. In response, smartphone operating systems began requiring users to approve any data transfer when a device is plugged into an unknown port. That change gave users the option to choose “charge only” or allow file access.

But researchers from Graz University of Technology in Austria have found a way (PDF) to sidestep those security prompts altogether. The technique tricks phones into thinking the user has allowed data transfer, even when they haven’t touched the screen.

****How Choicejacking Works****

Instead of relying on traditional malware, this attack spoofs USB or Bluetooth input devices to fake user actions. A malicious charging station could simulate keyboard inputs, overflow input buffers, or abuse device communication protocols to quietly switch your phone into data-transfer or debug mode.

The entire process takes less than 133 milliseconds. That’s faster than you can blink, meaning the phone reacts before you even have a chance to notice.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said the danger lies in the illusion of control. “Choicejacking is particularly dangerous because it manipulates a device into making decisions users never intended, all without them realising it,” he explained.

Once access is granted, the attacker can quietly browse photos, read messages, or plant malicious software.

Attack flow (Image via Graz University of Technology)

****Public Ports Aren’t Worth the Risk****

The rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.

Warmenhoven adds, “With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.”

That warning applies to both Android and iOS users. While some platforms offer more visible prompts or charge-only settings, the underlying vulnerabilities still exist, and attackers are always looking for ways to get around them.

While the Choicejacking technique was detailed in a research paper, it has been accepted for presentation at the 34th USENIX Security Symposium, taking place in August 2025.

****What You Can Do to Stay Safe****

Nevertheless, researchers suggest keeping your phone’s software updated and avoiding unfamiliar charging ports whenever you can. It also helps to be prepared. Carrying a portable power bank is one of the easiest ways to stay in control while you’re out. If you do need to plug in, try to use a wall outlet with your own cable and adapter instead of a public USB port, especially ones that look suspicious or overly complicated.

Some devices let you select “charge only” mode, which prevents any data from being transferred. Turn that on if it’s available. While attackers keep finding new tricks, staying cautious and informed can still keep you a step ahead.

New Choicejacking Attack Steals Data from Phones via Public Chargers

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.
The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.
"This extensive campaign involved

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads—and has experts worried about the future of free expression online.

After the United Kingdom’s Online Safety Act went into effect on Friday, requiring porn platforms and other adult content sites to implement user age verification mechanisms, use of virtual private networks (VPNs) and other circumvention tools spiked in the UK over the weekend.

Experts had expected the surge, given that similar trends have been visible in other countries that have implemented age check laws. But as a new wave of age check regulations debuts, open internet advocates warn that the uptick in use of circumvention tools in the UK is the latest example of how an escalating cat-and-mouse game can develop between people looking to anonymously access services online and governments seeking to enforce content restrictions.

The Online Safety Act requires that websites hosting porn, self-harm, suicide, and eating disorder content implement “highly effective” age checks for visitors from the UK. These checks can include uploading an ID document and selfie for validation and analysis. And along with increased demand for services like VPNs—which allow users to mask basic indicators of their physical location online—people have also been playing around with other creative workarounds. In some cases, reportedly, you can even use the video game _Death Stranding_’s photo mode to take a selfie of character Sam Porter Bridges and submit it to access age-gated forum content.

For proponents of the law, there is progress to point to as well. The UK’s communications regulator Ofcom says that more than 6,600 porn websites have introduced age checks so far. And major social platforms like Reddit, X, and Bluesky have also added age verification for content that is now restricted in the UK or are in the process of doing so. Microsoft has even started rolling out voluntary age checks for Xbox users in the UK. But even if this movement is satisfactory for now, digital rights advocates point out that normalizing such mechanisms creates the possibility that they will be enforced more aggressively in the future.

“I think people just want to show that we can make some progress on this without thinking about what the consequences of the progress will be,” says Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union. “We do know that there are some things that you can do to help kids have a better relationship with digital tools. And that involves having an adequate social support network; it involves listening when kids run into problems and making sure that they have functioning emotional relationships with adults who can respond to them. But instead what we’re looking for is a quick technological fix, and those technological fixes have consequences.”

Seema Shah, VP of research and insights at the market intelligence firm Sensor Tower, says five VPN apps have experienced particularly “explosive growth” and reached the top 10 free apps on Apple’s UK App Store by Monday.

“According to Sensor Tower estimates, iOS devices have seen a greater spike in VPN downloads in the UK, as downloads across the selected VPN apps are up an average of 100 percent day-over-day over the past four days on iOS versus a 5 percent day-over-day increase for Android devices,” Shah says.

Multiple VPN makers have also reported spikes in visitors and sign-ups in recent days. In a post on X on Friday, Proton VPN claimed that “just a few minutes after the Online Safety Act went into effect last night, Proton VPN sign-ups originating in the UK surged by more than 1,400%.” David Peterson, general manager of Proton VPN, told WIRED that since then there has been a sustained 1,800 percent increase in daily sign-ups.

Also on Friday, the Windscribe VPN service posted a screenshot on X claiming to show a spike in new subscribers. The makers of the AdGuard VPN claimed that they have seen a 2.5X increase in install rates from the UK since Friday.

Nord Security, the company behind the NordVPN app, says it has seen a “1,000 percent increase in purchases” of subscriptions from the UK since the day before the new laws went into effect. “Such spikes in demand for VPNs are not unusual,” Laura Tyrylyte, Nord Security’s head of public relations, tells WIRED. She adds in a statement that “whenever a government announces an increase in surveillance, internet restrictions, or other types of constraints, people turn to privacy tools.”

People living under repressive governments that impose extensive internet censorship—like China, Russia, and Iran—have long relied on circumvention tools like VPNs and other technologies to maintain anonymity and access blocked content. But as countries that have long claimed to champion the open internet and access to information, like the United States, begin considering or adopting age verification laws meant to protect children, the boundaries for protecting digital rights online quickly become extremely murky.

“There will be a large number of people who are using circumvention tech for a range of reasons” to get around age verification laws, the ACLU’s Kahn Gillmor says. “So then as a government you’re in a situation where either you’re obliging the websites to do this on everyone globally, that way legal jurisdiction isn’t what matters, or you’re encouraging people to use workarounds—which then ultimately puts you in the position of being opposed to censorship-circumvention tools.”

Tag

#android