Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.

Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers’ exposure to government surveillance and the likelihood of being caught up in police investigations.

A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of “connected cars,” with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement’s knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies—not the law—determine driver privacy.

“Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera,” one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. “If the vehicle has an active subscription,” they add, “it does create more data.”

The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data—revealing its location—roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead.

Charlotte McCoy, a GM spokesperson, tells WIRED the company now requires a court order before handing over location data to law enforcement. “We review each request individually to assess the circumstances and the nature of the request before providing any information,” they say. “Connectivity offers many benefits—including navigation, communication, safety, and maintenance—and customers can mask their location or turn off connectivity at any time.”

Other car manufacturers listed in the CHP presentation, including Ford, did not respond to a request for comment.

“There's definitely a role being played by the companies in deciding what kind of standard they're going to insist on,” says Andrew Crocker, the surveillance litigation director at the Electronic Frontier Foundation. “And this is a dynamic we've seen in other areas of tech. Google and Facebook and Apple all played a role in saying, ‘We'll only provide this data in response to a warrant; other data we'll provide in response to a subpoena.’”

When police are investigating a specific suspect, they will often use a technique known as a “ping” to geographically locate a specific device known to belong to that individual. But when canvassing near a crime scene for an unknown perpetrator, authorities commonly rely on a procedure known as a “tower dump,” requesting that ISPs cast a wider net and identify virtually any devices that have connected to a specific cell tower during a certain window of time. Police analysts can then comb through this data and attempt to identify a culprit, often using surveillance footage or witness testimony about a vehicle’s color, make, or model.

Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car’s systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

In an August 2022 email, one detective noted: “In some vehicles, again \[it\] depends on manufacturer, the vehicle is still doing this despite the lack of an active subscription, and just sending the data back to the mother ship. This could be due to collecting user data for what the manufacturer sells it for, to providing this data to try to sell you on renewing your \[subscription\] package that lapsed.”

The “tower dump” technique is becoming increasingly unpopular in US courts following the US Supreme Court’s acknowledgement in 2018 that location data raises significant Fourth Amendment concerns. While the Supreme Court specifically avoided addressing tower dumps in its landmark _US v. Carpenter_ decision, a Fifth Circuit ruling last year placed the capability in great jeopardy, concluding that a warrant to “geofence” an area and collect evidence from a wide variety of individuals is inherently unconstitutional.

On the back of that decision, a federal magistrate in Mississippi ruled two months ago that tower dumps are likewise unconstitutional. While a “tower dump” and a “geofence” are not precisely the same—the latter relying on GPS coordinates obtained from internet companies such as Google, as opposed to a cell tower—the results are more or less identical: offering police a dragnet with which to accumulate vast amounts of location data on individuals, many if not most of whom are not suspected of committing a crime.

In response to the rapid changes in case law surrounding location data, Google—historically a frequent target of geofence warrants—announced technical changes to its software last year, making it effectively impossible to respond to these types of warrants.

“Location data is some of the most sensitive, revealing information that is generated by our devices, including our cars,” the EFF’s Crocker says. “It's extremely revealing of obviously where you go and where you've been, but also all the people you associate with and all the things you're doing. You can paint a very clear picture of someone's life with just a list of all the places they've been in their car. The Supreme Court has made that very clear.”

The police documents reviewed by WIRED alone demonstrate the arbitrary nature of vehicle surveillance upon this shifting legal landscape, with police noting, for instance, that while Verizon will refuse to allow police to define their own radius when requesting cell tower data, its competitors impose no such limitations. Another document notes that while AT&T will conduct “pings,” locating a device in real time, it will only do so for “voice devices.”

What is also clear from the documents is that US police are aware of the control corporations have over their ability to acquire vehicle location data, expressing fears that they could abruptly decide to kill off certain capabilities at any time.

In a letter sent in April 2024 to the Federal Trade Commission, US senators Ron Wyden and Edward Markey—Democrats from Oregon and Massachusetts, respectively—noted that a range of automakers, from Toyota, Nissan, and Subaru, among others, are willing to disclose location data to the government in response to a subpoena without a court order. Volkswagen, meanwhile, had its own arbitrary rules, limiting subpoenas to fewer than seven days’ worth of data. The senators noted that these policies stood in contrast to public pledges previously made by some automakers to require a warrant or court order before surrendering a customer’s location data.

Automakers “differ significantly on the important issue of whether customers are ever told they were spied on,” the senators wrote. At the time of the letter, only Tesla had a policy, they said, of informing customers about legal demands. “The other car companies do not tell their customers about government demands for their data, even if they are allowed to do so.”

“We respect our customers’ privacy and take our responsibility to protect their personal information seriously,” Bennet Ladyman, a T-Mobile spokesperson, says.

AT&T spokesperson Jim Kimberly says: “Like all companies, we are required by law to provide information to law enforcement and other government entities by complying with court orders, subpoenas, and other lawful discovery requests. In all cases, we review requests to determine whether they are valid. We require a search warrant based on the probable-cause standard for all government demands for real-time or historical location information, except in emergency situations. For government demands for cell tower searches, we require a probable-cause search warrant or a court order, except in emergency situations.”

Verizon did not respond to a request for comment.

“Especially now, with American civil liberties eroding rapidly, people should exercise great caution in granting new surveillance powers to law enforcement,” says Ryan Shapiro, executive director of Property of the People.

Jay Stanley, a senior policy analyst at the American Civil Liberties Union, notes that the police documents reviewed by WIRED contained substantial detail about car surveillance that appear to be publicly unavailable, suggesting that corporations are being far more open with law enforcement than they are with their own customers.

“It's an ongoing scandal that this kind of surveillance is taking place without people being aware of it, let alone giving permission for it,” Stanley says. “If they're carrying out surveillance on the public, the public should know. They should have meaningful knowledge and give meaningful consent before any kind of surveillance is activated, which clearly is not the case.”

Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show

Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.

Entering the United States has become more precarious since the start of the second Trump administration in January. There has been an apparent surge in both foreign visitors and US visa holders being detained, questioned, and even deported at the border. As the situation evolves, demand for flights from Canada and Europe has plummeted as people reevaluate their travel plans.

Many people, though, can’t avoid border crossings, whether they are returning home after traveling for work or visiting friends and family abroad. Regardless of the reason for travel, US Customs and Border Protection (CBP) officials have the authority to search people’s phones and other devices as they determine who is allowed to enter the country. Multiple travelers have reported being questioned or turned away at the US border in recent weeks in relation to content on their phones.

While not unique to the US border—other nations also have powers to inspect phones—the increasingly volatile nature of the Trump administration’s border policies is causing people to rethink the risks of carrying devices packed with personal information to and from the US. Canadian authorities have updated travel guidance to warn of phone searches and seizures, some corporate executives are reconsidering the devices they carry, some officials in Europe continue to receive burner phones for certain trips to the US, and the Committee to Protect Journalists has warned foreign reporters about device searches at the US border.

With this in mind, here’s the WIRED guide to planning for bringing a smartphone across the border. You should also use WIRED’s guide to entering the US with your digital privacy intact to get a broader view of how to minimize data and take precautions. But start here for everything smartphone.

**What Can CBP Access?**

Do CBP officials have the authority to search your phone at the border? The short answer is yes. Searches are either manual, with a border official looking through the device, or more advanced, involving forensic tools to extract data en masse. To get into your phone, border officials can ask for your PIN or biometric to unlock the phone. However, your legal status and right to enter the US will make a difference in what a search might look like at the border.

Generally, border zones—which includes US international airports—fall outside of Fourth Amendment protections that require a warrant for a device to be searched (though one federal court has ruled otherwise). As such, CBP has the power to search any traveler’s phone or other electronic devices, such as computers and cameras, when they’re entering the country. US citizens and green card holders can refuse a device search without being denied entry, but they may face additional questioning or temporary device seizure. And as the Trump administration pushes the norms of acceptable government conduct, it is possible that, in practice, green card holders could face new repercussions for declining a device search. US visa holders and foreign visitors can face detention and deportation for refusing a device search.

“Not everybody has the same risk profile,” says Molly Rose Freeman Cyr, a member of Amnesty International’s Security Lab. “A person’s legal status, the social media accounts that they use, the messaging apps that they use, and the contents of their chats” should all factor into their risk calculus and the decisions they make about border crossings, Cyr says.

If you feel safe refusing a search, make sure to disable biometrics used to unlock your device, like face or fingerprint scanners, which CBP officers can use to access your device. Instead, use only a PIN or an alphanumeric code (if available on your device). Make sure to keep your phone’s operating system up to date, which can make it hard to crack with forensic tools.

You should also consider factors like nationality, citizenship, profession, and geopolitical views in assessing whether you or someone you’re traveling with could be at higher risk of scrutiny during border crossings.

In short, you need to make some decisions before you travel about whether you would be prepared to refuse a device search and whether you want to make changes to your devices before your trips.

Keep in mind that there are simple steps anyone can take to keep your devices out of sight and, hopefully, out of mind during border crossings. It’s always a good idea to obtain a printed boarding pass or prepare other paper documents for review and then turn your phone off and store it in your bag before you approach a CBP agent.

**Traveling With an Alternate Phone**

There are two ways to approach device privacy for border crossings. One is to start with a clean slate, purchasing a phone for the purpose of traveling or wiping and repurposing your old phone—if it still receives software updates.

The device doesn’t need to be a true “burner” phone, in the sense that you will be carrying it with you as if nothing is out of the ordinary, so you don’t need to purchase it with cash or take other steps to ensure that it can’t be connected to you. The idea, though, is to build a sanitized version of your digital life on the travel phone, ideally with separate communication and social media accounts created specifically for travel. This way, if your device is searched, it won’t have the back catalog of data—old text messages, years of photos, forgotten apps, and access to many or all of your digital accounts—that exists on your primary phone and could reveal details of your political views, your associations, or your movements over time.

Starting with a clean slate makes it easy to practice “data minimization,” or reducing the data available to another person: Simply put the things you’ll need for a trip on the phone without anything you won’t need. You might make a travel email address, some alternate social media accounts, and a separate account for end-to-end encrypted communications using an app like Signal or WhatsApp. Ideally you would totally silo your real digital life from this travel life. But you can also include some of your regular personal apps, building back from the ground up while determining on a selective basis whether you have existing accounts that you feel comfortable potentially exposing. Perhaps, for example, you think that showing a connection to your employer or a community organization could be advantageous in a fraught situation.

Privacy and digital rights advocates largely prefer the approach of building a travel device from scratch, but they caution that a phone that is too squeaky clean, too much like a burner phone, can arouse suspicion.

“You have to ‘seed’ the device. Use the phone for a day or even for a few hours. It just can't be _clean_ clean. That’s weird,” says Matt Mitchell, founder of CryptoHarlem, a security and privacy training and advocacy nonprofit. “My recommendation is to make a finsta for travel, because if they ask you what your profile is, how are you gonna say ‘I don't use any social media’? Many people have a few accounts anyway. One ratchet, one wholesome—add one travel.”

Cyr, from Amnesty International, also points out that a true burner phone would be a “dumb” phone, which wouldn’t be able to run apps for encrypted communications. “The advantage that we all have with smartphones is that you can communicate in an encrypted way,” Cyr says. “People should be conscious that any nonencrypted communication is less secure than a phone call or a message on an application like Signal.”

While a travel device doesn’t need to use a prepaid SIM card bought with cash, it should not share your normal phone number, since this number is likely linked to most if not all of your key digital accounts. Buy a SIM card for your trip or only use the device on Wi-Fi.

**Traveling With Your Primary Phone**

The other approach you can take to protecting your device during border crossings is to modify your primary smartphone before travel. This involves removing old photos and messages and storing them somewhere else, cleaning out nonessential apps, and either removing some apps altogether or logging out of them with your main accounts and logging back in with travel accounts.

Mohammed Al-Maskati, digital security helpline director at the rights group Access Now, says that people should consider this type of clean-out before they travel. “I will look at my device and see what apps I need,” he says. “If I don't need the app, I just remove it.”

Al-Maskati adds that he suggests people particularly remember to remove dating apps and anything related to LGBTQI communities, especially if they consider themselves to be at higher risk of facing a device search. And generally, this approach is only safe if you are particularly diligent about removing every app that might expose you to risk.

You could use your own phone as a travel phone by backing it up, wiping it, building a travel device with only the apps you really need while traveling, going on your trip, and then restoring from the backup when you get home. This approach is doable but time consuming, and it creates more opportunities for operational security mistakes or what are known as “opsec fails.” If you try to delete all of your old, unwanted apps, but miss one, you could end up exposing an old social media account or other historic service that has forgotten data in it. Messaging apps can have easily searchable archives going back years and can automatically save photos and files without you realizing it. And if you back up all of your data to the cloud and take it off your device, but are still logged into the cloud account underpinning other services (like your main Google or Apple account), you could be asked to produce the data from the cloud for inspection.

Still, if you assess that you are at low risk of facing scrutiny during a border crossing or you don’t have access to an additional device for travel, modifying your main smartphone is a good option. Just be careful.

**What To Do, If Nothing Else**

Given all of this, you may be hyped up and ready to throw your phone in the ocean. Or you may be thinking there’s no way in hell that you’re ever going to take the time to deal with any of this. For those in the latter camp, you’ve come this far, so don’t click away just yet. If you don’t want to take the time to make a bunch of changes, and you don’t think you’re at particular risk during border crossings (though keep in mind that it’s possible your risk is higher than you realize), there are still a few easy things you can do to protect your digital privacy that are better than nothing.

First, as mentioned above, print a paper boarding pass and any other documents you might need. Even if you don’t turn your phone off and stow it in a bag for your entire entry or exit process, you can put it in your pocket and have your paper ticket and other documents ready while actually interacting with agents. And taking basic digital hygiene steps, like updating your phone and removing apps and data you no longer need, can go a long way.

“We all need to be recognizing that authorities may scrutinize your online presence, including social media activity and posts you’ve published,” says Danacea Vo, founder of Cyberlixir, a cybersecurity provider for nonprofits and vulnerable communities. “Since people have gotten more vocal on social media, they’re very worried about this. Some have even decided not to risk traveling to or from the US this year.”

How to Protect Yourself From Phone Searches at the US Border

Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.

The Israeli spyware maker NSO Group has been on the US Department of Commerce “blacklist” since 2021 over its business of selling targeted hacking tools. But a WIRED investigation has found that the company now appears to be working to stage a comeback in Trump's America, hiring a lobbying firm with the ties to the administration to make its case.

As the White House continues its massive gutting of the United States federal government, remote and hybrid workers have been forced back to the office in a poorly coordinated effort that has left critical employees without necessary resources—even reliable Wi-Fi. And Elon Musk’s so-called Department of Government Efficiency (DOGE) held a “hackathon” in Washington, DC, this week to work on developing a “mega API” that could act as a bridge between software systems for accessing and sharing IRS data more easily.

Meanwhile, new research this week indicates that misconfigured sexual fantasy-focused AI chatbots are leaking users' chats on the open internet—revealing explicit prompts and conversations that in some cases include descriptions of child sexual abuse.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

In a secret December meeting between the US and China, Beijing officials claimed credit for a broad hacking campaign that has compromised US infrastructure and alarmed American officials, according to Wall Street Journal sources. Tensions between the two countries have escalated sharply in recent weeks, because of President Donald Trump's trade war.

In public and private meetings, Chinese officials are typically firm in their denials about any and all accusations of offensive hacking. This makes it all the more unusual that the Chinese delegation specifically confirmed that years of attacks on US water utilities, ports, and other targets are the result of the US's policy support of Taiwan. Security researchers refer to the collective activity as having been perpetrated by the actor “Volt Typhoon.”

Meanwhile, the National Counterintelligence and Security Center, along with the FBI and Pentagon’s counterintelligence service, issued an alert this week that China’s intelligence services have been working to recruit current and former US federal employees by posing as private organizations like consulting firms and think tanks to establish connections.

**DHS Is Now Monitoring Immigrants’ Social Media for Antisemitism**

US Citizenship and Immigration Services said on Wednesday that it is starting to monitor immigrants' social media activity for signs of antisemitic activity and “physical harassment of Jewish individuals.” The agency, which operates under the Department of Homeland Security, said that such behavior would be grounds for “denying immigration benefit requests.” The new policy applies to people applying for permanent residence in the US as well as students and other affiliates of “educational institutions linked to antisemitic activity.” The move comes as Immigration and Customs Enforcement has made controversial arrests of pro-Palestinian student activists, including Mahmoud Khalil of Columbia University and Rumeysa Ozturk of Tufts University, over alleged antisemitic activity. Their lawyers deny the allegations.

**Trump Revokes Security Clearance, Orders Investigation of Ex-CISA Director**

President Trump this week ordered a federal investigation into former US Cybersecurity and Infrastructure Security Agency director Chris Krebs. An executive order on Wednesday revoked Krebs’ security clearance and also directed the Department of Homeland Security and the US attorney general to conduct the review. Krebs was fired by Trump in November 2020 during his first term after Krebs publicly refuted Trump’s claims of election fraud during that year's presidential election. The executive order alleges that by debunking false claims about the election while in office, Krebs violated the First Amendment's prohibition on government interference in freedom of expression.

In addition to removing Krebs' clearance, the order also revokes the clearances of anyone who works at Krebs' current employer, the security firm SentinelOne. The company said this week in a statement that it “will actively cooperate in any review of security clearances held by any of our personnel” and emphasized that the order will not result in significant operational disruption, because the company only has a handful of employees with clearances.

**NSA, Cyber Command Officials Cancel RSA Security Conference Appearances**

NSA Cybersecurity Division Director Dave Luber and Cyber Command Executive Director Morgan Adamski will no longer speak at the prominent RSA security conference, scheduled to begin on April 28 in San Francisco. Both appeared at the conference last year. A source told Nextgov/FCW that the cancellations were the result of agency restrictions on nonessential travel. RSA typically features top US national security and cybersecurity officials alongside industry players and researchers. President Trump recently fired General Timothy Haugh, who led both the NSA and US Cyber Command.

China Secretly (and Weirdly) Admits It Hacked US Infrastructure

Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software…

Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software and proper cybersecurity knowledge wherever you work.

Running a business today often means working from anywhere: airports, coffee shops, hotel rooms, or even the back of a van. But while mobility offers freedom and flexibility, it also introduces serious cybersecurity challenges.

Devices are exposed, networks are untrusted, and sensitive data becomes more vulnerable with every mile. To keep your business safe while on the move, you need a proactive strategy that protects both your physical and digital assets. Here’s how to stay one step ahead.

****Start with Reliable Hardware Protection****

The first layer of defense for mobile professionals is the hardware they carry. Laptops, tablets, and phones are high-value targets not just for their price tags but for the sensitive information they store.

Use devices that support biometric authentication, such as fingerprint or facial recognition, to ensure only you can access them. Enable full-disk encryption and make sure every device requires a strong password or passcode.

If you’re regularly working in places with limited access to outlets, carry a portable power station. This allows you to stay connected without relying on public charging ports, which can be vulnerable to juice jacking malicious attacks that install malware or steal data while you charge.

A good-quality laptop sleeve and an RFID-blocking backpack can also go a long way in protecting your physical gear from theft and unauthorized scanning.

****Secure Your Connection Every Time****

One of the biggest risks for mobile workers is using public Wi-Fi networks. These open connections are convenient but notoriously insecure, making it easy for hackers to intercept data.

Always use a virtual private network (VPN) when you connect to public Wi-Fi in a café, airport, or hotel. A VPN will encrypt your traffic, which makes it a lot harder for anyone to steal sensitive information. Stick to VPNs from reputable providers that don’t log your browsing activity.

Avoid accessing financial accounts or sharing sensitive business information over unsecured networks. When possible, tether your laptop to your phone’s mobile hotspot instead. It’s a more secure option and gives you greater control over your data connection.

****Keep Your Software and Systems Updated****

Outdated software is one of the easiest ways for attackers to exploit your system. Hackers often target known vulnerabilities in older versions of apps, operating systems, and browsers.

Always update your devices so security patches are applied as soon as they’re released. Make a habit of checking your antivirus, browser extensions, and firewalls to ensure they’re functioning properly and up to date.

Regularly back up your data to encrypted cloud storage or an external drive you keep with you. That way, if your device is lost, stolen, or compromised, your business-critical information isn’t gone forever.

****Be Mindful of Your Surroundings****

Not all security threats are digital. When working in public, physical awareness matters just as much as software protection.

Avoid displaying sensitive information on your screen when others are nearby. Use a privacy screen if you’re often working in busy locations like trains or lounges. Never leave your devices unattended, even for a quick coffee run.

If you’re taking business calls in public, be conscious of what you’re saying and who might be listening. Sensitive details should be saved for private, secure environments.

****Stay Alert, Stay Safe****

Security isn’t something you handle once and forget. It requires ongoing awareness, regular updates, and a willingness to adapt to new threats as they emerge.

Keep an eye on industry news, attend cybersecurity webinars, or follow trusted security blogs to stay informed. Knowing what’s out there can help you act fast when something feels off.

And always trust your instincts. If a network looks suspicious, if a message seems strange, or if your system behaves unexpectedly, don’t ignore it; act on it.

****Working Smart Means Working Secure****

Mobility is a major advantage for modern businesses, but it should never come at the cost of security. The tools, habits, and awareness you build now will protect your data, your team, and your reputation for years to come.

Your office might be wherever you are, but your security should be with you, too, every step of the way.

Top/Featured Image via Unsplash!

Protecting Your Business on the Move: A Modern Cybersecurity Guide

Our privacy is most at risk from companies, governments, and AI models, according to a new public survey from Malwarebytes.

Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers.

That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are concerned about wrongful data access from nearly every corner of their lives. For example, 89% of people “agreed” or “strongly agreed” that they are “concerned about my personal data being used inappropriately by corporations,” and another 72% agreed or strongly agreed that they are “concerned about my personal data being accessed and used inappropriately by the government.”

The anxieties are easy to trace.

In just the first three months of 2025, the UK government asked Apple for access to encrypted cloud storage for users across the _globe_, the US government exposed active Social Security Numbers in releasing files related to the assassination of former President John F. Kennedy, and the announced bankruptcy of genetic testing company 23andMe prompted many customers to delete their data.

Against this backdrop, many users are taking privacy into their own hands. More than 40% of people have stopped using either TikTok, Instagram, or X (formerly Twitter), and 26% stopped using a fertility or period tracking app. A robust 75% said they “opt out of data collection, as possible,” and 23% have gone a step further, using a data removal service to help clean up any personal information that is easily found online.

These findings come from a pulse survey that Malwarebytes conducted of its newsletter readers in March via the Alchemer Survey Platform.

Broadly, Malwarebytes found that:

*   89% of people are “concerned about my data being used by AI tools without my consent.”
*   70% of people “feel resigned that my personal data is already out there, and I can’t get it back.”
*   77% of people said that “many online transactions today, from purchases to downloads to creating new accounts, feel like ploys to take my data.”
*   While 87% of people “support national laws regulating how companies can collect, store, share, or use our personal data,” 60% feel that “we will never have simple, meaningful ways to protect our data.”
*   To protect their personal information and that of their family, at least 40% of people have stopped using Instagram, TikTok, and X (formerly Twitter).
*   26% of people stopped using a fertility app or period tracking app.

****Institutional distrust****

The public believe that the biggest threats to their privacy right now are AI models, companies, governments, and, well, pretty much every single interaction they have with the internet at large.

Aside from the 89% of people concerned about their data being “accessed and used inappropriately by the government,” another 50% said they were concerned about wrongful government access of their “private conversations.”

Elsewhere, an astounding 89% of people said that they are “concerned about my data being used by AI tools without my consent.” It is unclear exactly where these fears lie. People may be concerned that AI tools are scraping public websites for their information—like the facial recognition company ClearView AI does by scouring articles, mugshot websites, and publicly listed social media profiles—or they may fear that tools like ChatGPT and Google’s Gemini are recording “conversations” or questions for future use.

Exacerbating these concerns is, likely, the current murkiness around AI technology and what it requires to function. The New York Times is currently suing OpenAI for allegations that its large language model wrongfully ingested the outlet’s copyrighted articles as training data, human contractors that helped train the AI recognition systems for Roomba vacuums mistakenly leaked sensitive photos on Facebook, and a national mental health support chatline siphoned off some of its users’ conversations to train an AI-powered customer support chatbot in an effort to boost funding.

But it isn’t just AI that the public distrust, it’s also the many ways they’re forced to engage with the internet, overall, as 77% agreed or strongly agreed that “many online transactions today, from purchases to downloads to creating new accounts, feel like ploys to take my data.”

They may have a point. Downloading a mobile game can reveal your location data to countless ad companies, searching for airline tickets on a Mac device can force you into paying higher prices, and buying a car can subject your sex life—seriously—to data collection. And these are the largely _legal_ consequences of everyday life! Real-deal cybercriminal campaigns like “malvertising,” that abuse Google search results to direct victims to malicious websites, only make matters worse.

Amidst this landscape, the public broadly agreed that they wanted privacy protections that, unfortunately, they feel no one is going to grant them.

A full 87% of people “support national laws regulating how companies can collect, store, share, or use our personal data,” while 70% also believe “we will never have simple, meaningful ways to protect our data.”

So, in the absence of legal or corporate protections, the public are taking matters into their own hands.

****Individual action****

The dire privacy concerns shared by many respondents have, for the most part, not resulted in privacy nihilism. In fact, a heartening 60% of respondents did _not_ agree that they have “become less vigilant about my data privacy and security because there is little I can do these days.”

Instead, as Malwarebytes found, many people have started disengaging from major online platforms and adding privacy-conscious tools and habits to their daily regimen.

For instance, to protect their and their family’s personal information, 47% of people said they “stopped using TikTok,” 45% said they “stopped using X” (formerly Twitter), 44% said they “stopped using Instagram,” and 37% said they “stopped using Facebook.” Another 26% said they “stopped using a fertility/period tracking app.”

Elsewhere, 69% of people said they “use an ad blocker for online browsing,” and 75% of people “opt out of data collection, as possible.” Another 42% said they use a VPN, which can provide an extra level of comfort by encrypting all web traffic when connecting to public or unknown Wi-Fi networks.

Malwarebytes also found that 69% of respondents said they use “multifactor authentication,” or MFA. MFA is one of the strongest security protections against account takeovers and hacking, requiring that login attempts aren’t approved with _just_ a username and password, but with a separate piece of information, like a one-time passcode that is texted to a user’s device. Though understood as a cybersecurity best practice, MFA also strengthens a user’s privacy. After all, thieves don’t hack into accounts just for fun—they hack into accounts to sometimes steal any sensitive information stored within.

Finally, a smaller percentage of people said they use identity theft protection solutions (43%) and personal data removal services (23%). These are critical tools for catching and stopping identity theft, and for making it harder for scammers to find and target victims.

Malwarebytes understand that privacy isn’t “easy” right now—it never necessarily has been—but that doesn’t mean it’s time to give up. Thankfully, many people responded that, despite their serious concerns, they aren’t about to take corporate and government privacy invasions willingly. That’s the type of attitude that the public needs more than ever, and we’re grateful to see it.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 72% of people are worried their data is being misused by the government, and that&#8217;s not all&#8230; 

Crypto software wallets are invincible in the micro range. If you own multiple crypto assets, you need safe and reliable wallets, too.

Crypto wallets offer an extra layer of security against **malicious attacks** targeting everyday users. It’s not always easy to open your online crypto account every time you want to make a payment, and many merchants still don’t support direct crypto transactions. That’s where digital wallets step in. They make payments easier, but in 2025, the biggest concern around crypto wallets is safety.

That’s why it makes sense to focus on wallets that are both cost-effective and secure. Before choosing one, it’s important to understand how its security system works. At the same time, the wallet should be flexible enough to let you buy, sell, or stake crypto without hassle.

There are over a hundred crypto wallets available this year, but we’re going to focus on 10 that stand out as some of the safest options.

****1: Zengo****

The wallet has more than 380 coins. As you can do frequent transactions, we would categorize it as a hot wallet. Meanwhile, it is not a hardware-compatible wallet. The cost of maintaining the wallet is 19.99 every month. However, the annual subscription is only $129. 

They claim that they have been providing services to over 1.5 million customers and “0 wallets” have been hacked.

****Special features** **

It is the best wallet for security-conscious users. The strong and integrated security design can stop any kind of phishing crimes or bad entry gates. 

The company says that there are 1.5 billion customers who have had zero wallet attacks to date. 

****Benefits** **

Firstly, you get a secure infrastructure with this wallet. Moreover, you will get weekly software updates. You can easily buy or sell Crypto from the wallet. Therefore, it is a good option to keep your fiat currency in it. 

****Limitations** **

The price of the wallet is slightly on the higher side. Moreover, no hardware devices are compatible with it. Lastly, it allows only third-party access for withdrawals. 

Understandably, this measure is important from a security point of view. But it is stunted from the utility point of view. 

****2: Coinbase** **

This wallet can support more than 5500 cryptocurrencies. It is a hot wallet for sure. Like the previous one, it has no hardware wallet compatibility. But the best part is that it is a free wallet. This is the reason why it is more popular among users. Moreover, Coinbase has over **90 govt crypto assets** too. 

****Why should beginners use it?****

Beginners can use it for practice. It has easy navigation. You can use it on the website as well. Meanwhile, you can easily download it from various platforms and start using it without any concern. But it is the best option for the low-cost beginners. 

The company charges 0 network fees either. Plus, you can customize and minimize the wallet anytime. If you check the **BTC heatmap, you’ll see that Bitcoin has most of the investors’ shares**. Hence, you need a free wallet source for Bitcoin investors. 

****Benefits** **

It is the best option for beginners. Moreover, it is a low-cost platform with various amenities. You can trade more than 5500 coins over it. 

****Limitations** **

The wallet code is not an open-source code. You cannot generateay new address for every single transaction. It is not comfortable with the hardware assets. However, you can connect your ledger wallet to transfer assets. 

****3: Exodus****

The coin supports more than 281 currencies. It is a hot wallet for sure. However, the best part is that it is hardware-compatible. It is free of cost, too. 

****Why choose it?****

You can choose it as it makes slots to manage individual digital currencies on your mobile platform itself. The fiat payment methods are also separate. You can find them easily in your wallet. 

Lastly, you can use it to purchase or sell your coins. At the same time, you can swap or stake the coins easily. But the best part is that you can do all of these directly from your mobile phone. 

****Benefits** **

The platform offers intuitive integration across mobile and desktop. It also offers the same to and from any browser platform. The software wallet is compatible with hardware wallets like Trezor.

So, it is an exceptional quality which premium wallets also don’t offer often. 

****Limitations** **

Customer support is very limited. It is available through email only. There is no in-house exchange policy with this wallet. Lastly, it is not an open-source option.

****4: Electrum****

It is a bitcoin-only wallet. On that note, it is one of the major downsides of this wallet. However, you can treat it as a hot as well as a cold wallet. Moreover, it is hardware-compatible. But the best part is that it is free of cost.

****Why Should You Choose It?****

You should choose a wallet that’s tailored to secure your Bitcoin. And that’s Electrum for you. Moreover, the Electrum app is available over a range of platforms. 

****Benefits****

Firstly, it is a free and downloadable wallet option. At the same time, it is well compatible with all the hardware wallets. Lastly, its source code is auditable. You may also peer review the codes and send suggestions. 

****Limitations** **

The biggest drawback of the platform is that it does not have the best trading features. So, buying, selling, and staking are not options you can pursue on this platform. You may simply keep your Bitcoin safe here. 

Moreover, there are no customer support options here. You will get community support at best. Lastly, you need genuine technical expertise to develop your wallet. 

This wallet is widely used for managing Ethereum and ERC-20 tokens. It is a hot wallet and works as a browser extension or mobile app. While it doesn’t support hardware wallet integration by default, it can be connected to devices like Ledger. One major reason for its popularity is its simple interface and easy access to decentralized apps.

****Why Should You Choose It?****

If you’re working mostly with Ethereum and related tokens, MetaMask is a smart choice. It’s user-friendly, supports quick access to decentralized apps, and works smoothly across both mobile and browser platforms.

****Benefits****

MetaMask is free to use and easy to install on both desktop and mobile devices. It offers seamless access to Ethereum-based dApps, supports custom tokens, and can be connected to hardware wallets like Ledger for added security. It’s also open-source, so developers can review and contribute to its code.

****Limitations****

MetaMask is limited to Ethereum and ERC-20 tokens, so it’s not ideal if you deal with a wide range of cryptocurrencies. It doesn’t offer built-in options for staking or advanced trading. Customer support is minimal, and new users might find the interface a bit technical at first.

****6: Trust Wallet****

The wallet supports more than 10,000 cryptocurrencies, including all major tokens and coins. It is a hot wallet designed for frequent on-the-go transactions. Trust Wallet is not tied to any specific hardware wallet by default, but it does support hardware integration through third-party connections. The wallet is free to download and use, with no monthly subscription costs.

It’s owned by Binance, which adds a layer of credibility. The wallet has been downloaded over 60 million times and has maintained a strong track record with no major security breaches reported.

****Special features****

Trust Wallet is known for its built-in Web3 browser that lets users interact with decentralized apps (dApps) directly from within the wallet. It also supports staking of various coins and offers a secure backup feature using a single recovery phrase.

The wallet runs with a strong emphasis on user privacy. No personal data or KYC is needed to set up or use it.

****Benefits****

Trust Wallet is a beginner-friendly wallet that supports a huge range of assets. It includes built-in staking, token swapping, and direct access to dApps. It’s available on both Android and iOS platforms, and it also supports NFTs across multiple blockchains.

Since it’s backed by Binance, there’s strong ongoing development, regular security updates, and integration with popular tools.

****Limitations****

The wallet doesn’t come with its own in-house customer support; users rely on community forums or Binance channels for help. Although it can connect with Ledger, it’s not fully optimized for hardware wallet security. Also, as a mobile-only wallet, it may not suit users looking for a full desktop experience.

Lastly, being owned by Binance may raise concerns for users looking for more decentralized control.

The Crypto.com DeFi Wallet supports over 1000 cryptocurrencies and is designed as a hot wallet, allowing users to make frequent transactions with ease. It’s non-custodial, meaning users have full control over their private keys. While it isn’t tied directly to a hardware wallet, it can integrate with Ledger devices for added security. The wallet is completely free to use with no subscription or maintenance costs.

The wallet is part of the broader Crypto.com ecosystem, which has tens of millions of users globally. It is separate from the centralized Crypto.com app, giving users the option to keep their assets fully decentralized.

****Special features****

One of the standout features is the ability to stake and earn rewards on various assets directly from the wallet. It also includes token swapping, DeFi access, and NFT storage. Users get full control over their keys, with backup options via a recovery phrase.

The wallet is also open-source, which means its code is publicly auditable, a major plus for transparency and community trust.

****Benefits****

The wallet provides access to decentralized finance without sacrificing usability. You can connect it easily with the Crypto.com exchange or app for seamless transfers. There’s a built-in swap function that supports multiple chains, and the app is available on both iOS and Android.

Another benefit is the ability to stake coins directly from the wallet and earn passive income. The user interface is clean and intuitive, especially for users already familiar with Crypto.com’s services.

****Limitations****

Although the wallet offers Ledger integration, it’s not natively built for hardware security, so users must go through extra steps to sync. There’s no desktop version of the wallet; it’s mobile only, which might not suit all users.

Also, as with most DeFi wallets, there’s no way to recover your funds if you lose your recovery phrase. And while support exists, it may not be as responsive as that of fully centralized platforms.

****8: BitBox02****

BitBox02 is a hardware wallet that supports major cryptocurrencies like Bitcoin, Ethereum, and Litecoin, along with ERC-20 tokens. It’s a cold wallet, which means it stores your assets offline for maximum protection. Unlike hot wallets, it’s not meant for frequent daily transactions. It is a paid device, with a one-time cost of around $129, depending on where you buy it.

Developed by Shift Crypto, a Swiss company, BitBox02 is known for its strong focus on privacy, security, and open-source principles. It’s available in two versions: Bitcoin-only and multi-coin, giving users the option to choose based on their needs.

****Special features****

BitBox02 comes with a built-in screen and touch sensors for transaction confirmation, and it uses a microSD card for backup instead of the traditional 12 or 24-word recovery phrase. This makes backup and restoration more straightforward and secure for some users.

The wallet’s firmware and companion app are open-source, which allows for public audits and community contributions, a solid trust factor for security-focused users.

****Benefits****

As a cold wallet, BitBox02 offers high-end security. Your private keys never touch an internet-connected device. The use of a microSD card for encrypted backups is a unique feature that enhances safety and user convenience.

The device is lightweight, portable, and works with Windows, macOS, and Linux. It also supports Tor for added privacy, and users can verify all addresses on the device screen before sending transactions.

****Limitations****

BitBox02 isn’t ideal for those looking for a wallet for everyday use; it’s designed for long-term holding and security, not frequent trading. The supported coins list is more limited compared to some multi-coin software wallets.

It also doesn’t support mobile use; it must be connected to a computer. Finally, while the microSD backup system is secure, it’s a less familiar method that could confuse users accustomed to seed phrases.

****9: SafePal S1****

The SafePal S1 is a hardware wallet supporting over 10,000 cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Binance Coin (BNB), and various ERC-20 tokens. As a cold storage device, it keeps assets offline, enhancing security. The wallet operates independently without direct integration with other hardware wallets. Priced at $49.99, it offers a cost-effective solution for secure crypto storage.

****Special Features****

The SafePal S1 employs a 100% air-gapped signing mechanism, ensuring complete offline operation without Bluetooth, Wi-Fi, NFC, or USB connections. It features an EAL 5+ independent secure element, a true random number generator, multiple layers of security sensors, and an anti-tampering self-destruct mechanism. Additionally, its compact design, comparable to a credit card, enhances portability.

****Benefits****

Users benefit from managing unlimited tokens within a single device, with support for over 100 blockchains and continuous additions. The wallet integrates seamlessly with the SafePal App, providing access to decentralized applications (DApps) and facilitating cross-chain swaps and trades. Its user-friendly interface supports 15 languages, catering to a global audience.

****Limitations****

While the SafePal S1 offers robust security features, it lacks direct USB connectivity, relying solely on QR code scanning for transactions, which may be less convenient for some users. Additionally, as a hardware wallet, it requires physical possession for access, which might not suit users who prefer software-based solutions. Furthermore, being a relatively newer entrant in the hardware wallet market, it may not have the same extensive track record as some established competitors.

****10: Ledger Nano X****

The Ledger Nano X is a hardware wallet that supports over 5,500 cryptocurrencies, including major assets like Bitcoin (BTC), Ethereum (ETH), and Binance Coin (BNB). As a cold storage device, it keeps your private keys offline, providing enhanced security. The Nano X is compatible with both desktop and mobile devices via Bluetooth connectivity. Priced at $149, it offers a comprehensive solution for managing a diverse crypto portfolio.

****Special Features****

The Nano X features Bluetooth Low Energy (BLE) connectivity, allowing users to manage their crypto assets on the go through the Ledger Live app on smartphones. It incorporates a Secure Element (SE) chip, ensuring that private keys remain isolated and protected from potential threats. The device can install up to 100 apps simultaneously, accommodating a wide range of cryptocurrencies.

****Benefits****

The Ledger Nano X offers extensive support for a vast array of cryptocurrencies, making it suitable for users with diverse portfolios. Its Bluetooth functionality enhances user experience by enabling wireless management of assets via mobile devices. The integration with the Ledger Live app provides a unified platform for buying, selling, swapping, and staking various cryptocurrencies. Additionally, the device’s robust security features, including the Secure Element chip and custom operating system, offer peace of mind to users.

****Limitations****

While Bluetooth connectivity adds convenience, some users may have concerns about potential security risks associated with wireless connections. However, Ledger emphasizes that only non-sensitive data is transmitted via Bluetooth, and private keys never leave the device. The device’s price point of $149 may be considered high compared to other hardware wallets. Additionally, the battery is not replaceable, which could affect the device’s longevity.

Top Crypto Wallets of 2025: Balancing Security and Convenience

Worried parents tracking their children with T-Mobile SyncUP devices suddenly found that they were looking at the location of random other children. And could not locate their own.

Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. And could not locate their own.

T-Mobile sells a small GPS tracker called SyncUP, which can be used to track, among others, the locations of young children who don’t have cell phones yet. SyncUP uses a combination of GPS technology, Wi-Fi, and T-Mobile’s LTE nationwide network to locate registered devices and comes in the form of a small tag, a car tracker or a kids watch.

According to our friends at 404 Media, several users reported receiving information that came from another tracker, not their own. And from some of the statements it’s very clear that the disclosed locations belonged to other children because of the names and pictures associated with the accounts.

One woman who spoke to 404 Media could see the location address where the random children were, as well as their name and the last time the location was updated. In many cases, the time said “just now” or “one minute ago.”

> “I was probably shown more than eight children. I would log in and I couldn’t see my children but I could see a kid in California. I refreshed and then I had no trackers, and then I refreshed again and would see a different child.” 

Car owners using SyncUP Drive, the car tracking device, reported similar problems.

Here are some of the potential issues that this mix up could bring up:

*   A big concern about tracking devices is their vulnerability to hacking, potentially exposing personal data. No hacking was needed here. Every time some of the users tried they would get the location of a different tracker.
*   Without consent, tracking devices can infringe on individuals’ privacy rights. While you may say this is mainly about tracking without consent, nobody consented to strangers tracking their children.
*   GPS tracking must comply with privacy laws like the Electronic Communications Privacy Act (ECPA) and the Driver’s Privacy Protection Act (DPPA) to prevent unauthorized surveillance. Did T-Mobile fail to comply, even if only for a short time?
*   Inaccurate tracking, or not being able to track, can compromise personal safety if devices are used for emergency services or monitoring vulnerable individuals.
*   Repeated problems can erode the trust in the underlying GPS tracking technology.

This raises the question for parents to ask themselves: What’s worse, not knowing where your child is exactly or running the risk of exposing their location to other people?

Privacy concerns surrounding tracking devices are multifaceted. On one hand, these devices are designed to give users a sense of safety and security by providing accurate location information. However, they also pose risks if not properly secured.

We have reported multiple times about stalkerware users getting exposed by security flaws in the apps they used. While SyncUP may be more secure than some of the stalkerware apps we wrote about, this incident shows it’s not watertight either.

T-Mobile did not disclose the exact problem, but told 404 Media the incident is now resolved:

> “Yesterday we fully resolved a temporary system issue with our SyncUP products that resulted from a planned technology update. We are in the process of understanding potential impacts to a small number of customers and will reach out to any as needed. We apologize for any inconvenience.”

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Location, name, and photos of random kids shown to parents in child tracker mix up 

Accidentally deleted some photos from your iPhone? You’re definitely not alone; most iPhone users have done it at…

Accidentally deleted some photos from your iPhone? You’re definitely not alone; most iPhone users have done it at some point. The good news is that it’s often not the end of the road. In this guide, we’ll walk you through several straightforward ways to recover those deleted pictures, with clear steps anyone can follow.

****Can You Get Deleted Photos Back on iPhone?****

In short? Yes, most of the time, you can. Apple knows people accidentally delete stuff all the time. Maybe you tapped the wrong photo while half-asleep or thought you had a backup when you didn’t. Whatever the reason, iPhones aren’t unforgiving. There are built-in options that can help you get those photos back.

First up is the Recently Deleted album – Apple’s built-in “Are you sure about that?” folder. Deleted photos usually stick around there for 30 days before they’re permanently removed.

But if it’s been more than 30 days, or you have already emptied that folder, don’t give up just yet. There’s still hope. Between iCloud backups, Finder or iTunes backups, and specialized recovery software, there are still ways to bring those photos back even if they seem long gone.

The key is knowing where to look and acting quickly before the data gets overwritten.

****How to Get Deleted Photos from iPhone in the Photos App****

Alright, let’s start with the easiest way – the _Recently Deleted_ folder. It’s the first thing anyone, including Apple’s official guide, will tell you to check. And honestly, they’re right. This little folder has saved us more times than we’d like to admit.

How to get deleted photos back using the Recently Deleted folder:

1.  Open the **Photos** app on your iPhone.
2.  Scroll down and find the **Recently Deleted** folder under _Utilities_.
3.  Open it – you’ll see photos and videos that were deleted in the last 30 days.
4.  All you have to do is tap **Select**, choose the photo (or photos) you want back, hit **Recover** or **Recover All**, and they jump right back into your photo library like nothing ever happened. It’s almost too easy, which is maybe why some people forget it’s even there.  
    

Now, if you don’t see the photos you’re looking for, it’s probably because it’s already been more than 30 days, or maybe you cleared this folder out yourself. But don’t stop here – this is always step one, sure, but it’s definitely not the only one.

If the _Recently Deleted_ folder came up empty, there’s still a classic option: backups.

A lot of iPhone users don’t realize they might already have copies of their deleted photos tucked away in an iCloud backup or on their computer from the last time they synced using Finder or iTunes. The catch? Getting those photos back usually means restoring your iPhone to an earlier state, rewinding your entire device to how it was at the time of the backup.

But here’s something important to check before you even start digging through backups: if you had iCloud Photos turned on, your photos weren’t part of your iPhone backup at all. They were syncing separately with iCloud. So, in that case, restoring a backup won’t help because the photos were never included in the backup to begin with.

This part trips up a lot of people, and it comes up all the time on Apple’s official discussion forums – Many users don’t realize until it’s too late that iCloud Photos and iCloud Backups don’t work together the way they assumed.

Now, if you _didn’t_ have iCloud Photos turned on, you’re still in the game. Let’s break down the two main types of backups you can check.

****1\. Use Finder or iTunes Backup****

If you’ve ever plugged your iPhone into your computer and made a backup, even if you don’t remember when, there’s a chance your photos are still in there. To check, connect your iPhone to your Mac. If you’re using Windows, you’ll be using iTunes instead.

*   On a Mac, open up **Finder** like you normally would. On Windows, fire up **iTunes** if you still have it installed. From there, your iPhone should pop up in the sidebar.
*   Select your iPhone.

*   In the _General_ or _Summary_ tab, click Restore Backup.
*   Choose a backup from before you lost the photos.
*   Click **Restore** and wait – it might take a while, depending on the size of your backup.

Once it’s done, your iPhone will look the way it did when you made that backup, photos included.

Quick heads up: Restoring a backup will replace everything on your iPhone with whatever was saved at that time. So anything added after that, like messages, apps, or photos, could be lost unless it’s backed up somewhere else.

****2\. Use iCloud Backup****

If you don’t use a computer for backups, no worries – iCloud might still have your back. But fair warning, this method is a bit more involved because you’ll need to reset your iPhone before you can load an older backup.

Here’s how it works:

*   First, check if you even have a usable backup. Go to **Settings** > **Apple ID** (your name at the top) > **iCloud** > **iCloud** **Backup**.

*   Tap on your device name and look at the date of the latest backup. If the backup was made _before_ you deleted the photos, you’re in business.

*   Next, go back to **Settings** > **General** > **Transfer or Reset iPhone** > **Erase All Content and Settings**.

*   Your iPhone will reset and bring you to the setup screen. Follow the prompts until you reach the **Apps & Data** screen.

*   Choose **Restore from iCloud Backup** and sign in to your Apple ID.

*   Select the backup you just checked and let the restore run its course.

Once it finishes, your iPhone will be back to how it looked on the day of that backup – photos, messages, and all.

Quick reminder: if iCloud Photos was turned on, your photos weren’t included in your iPhone backup. They live in your iCloud Photos library, separate from the backup itself.

If that’s the case, check your other synced devices or log into iCloud.com from any browser. There’s always a small chance that the sync didn’t complete. Maybe your iPhone was in low power mode or the Wi-Fi wasn’t cooperating, and your deleted photos are still sitting safely in the cloud.

****How to Retrieve Permanently Deleted Photos from an iPhone with Software****

If you had no success with any of the previous steps, it might be worth it to try data recovery tools. This kind of software can recover deleted photos, videos, messages, contacts, and much more, even when they are not included in recent iPhone backups.

The good news is that there are plenty of options out there, and some of the best data recovery software tools in 2025 make the process way less intimidating than it sounds. One such popular one is **Disk Drill**, which we’ll use as an example here.

It works on both Mac and Windows and is pretty straightforward. Disk Drill can scan your iPhone directly for recoverable photos or dig into your Finder/iTunes backups and pull out individual files – which means you won’t even need to erase your entire phone to get those photos back.

Here’s how to recover deleted photos from your iPhone with this tool:

*   Download Disk Drill from the official www.cleverfiles.com website and install it on your Mac like you would any regular app.

*   Once it’s installed, open it up and look for the **iPhones & iPads** section in the sidebar.

*   Select your iPhone if you want to try scanning the device directly for deleted photos. Or, if you’re hoping to pull photos from an older backup, you can select an available Finder or iTunes backup right inside Disk Drill.

*   Next, click the **Search for lost data** button to kick off the scan.

*   Your iPhone will ask you for your device password – go ahead and enter it directly on the phone. If you’re dealing with an encrypted backup instead, Disk Drill will pop up a password prompt – you’ll need to enter your backup password to continue.

*   Now, sit tight and let Disk Drill do its thing. Scans can take a while depending on how much data you have.

*   Once the scan finishes, head over to the **Photos** section in the results. You’ll see previews of the photos Disk Drill found. _Pro tip_: hit the spacebar to bring up a quick preview.

*   When you’re ready, select the photos you want back, click **Recover**, and choose a spot on your Mac to save them.

A couple of things to keep in mind:

*   Disk Drill needs free space – about double the used space on your iPhone – to run the scan properly.

*   The free version lets you preview all recoverable photos, but if you want to actually recover them, you’ll need to upgrade to Disk Drill Pro.

****Video Guide****

****The Bottom Line****

There are a few ways you can try to recover deleted photos on an iPhone. Start with the _Recently Deleted_ folder, then check any backups, and if that doesn’t work, you can try using recovery software for photos that were permanently deleted.

But let’s be honest: if the photos are truly gone, what are your chances? It’s complicated. iPhones keep photos in secure databases, and when something is deleted, it’s not wiped right away. It’s just marked as deleted. Recovery tools don’t dig directly into the phone. Instead, they create a backup through Finder or iTunes and look in that backup for traces of those photos that haven’t been fully erased yet.

Here’s the most important thing to know: As soon as you realize something was deleted and there’s no backup, put your iPhone in Airplane Mode and stop using it for anything else. The more it’s used, the more likely it is that the deleted data will be overwritten.

Acting quickly gives you the best shot at getting your photos back.

How to Recover Deleted Photos from an iPhone

Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.

After senior Trump administration members mistakenly included The Atlantic editor Jeffrey Goldberg in a secret group chat about bombing Houthi targets in Yemen, encrypted messaging app Signal found itself at the center of a storm this week. Some commentators criticized the app, going as far to blame it for the scandal.

But the whole affair that’s dubiously been dubbed “SignalGate” isn’t about Signal at all: Experts say officials shouldn’t invite untrusted contacts into sensitive chats and should only use authorized devices, platforms, and procedures when discussing top-secret military operations. In other words, the people who set up the chat made numerous mistakes, and they had nothing to do with how secure Signal is. In fact, Signal has seen its biggest-ever spike in US downloads as a result of the news.

In other news linked to _that_ Houthi group chat, national security adviser Mike Waltz—an account with the name “Michael Waltz” originally invited Goldberg to the group—left his Venmo account open to public view. As WIRED reported, a “Michael Waltz” Venmo account displayed the names of the adviser’s colleagues and friends, revealing people in Waltz’s wider social network. After WIRED reached out to the White House, the Waltz account hid its friends list. There’s more though: WIRED also discovered other Venmo accounts linked to officials in the Signal chat. Information about who officials associate with could be highly lucrative for foreign spies and hackers.

Elsewhere, we reported on all the ways the White House adopting Elon Musk’s Starlink as an alternative Wi-Fi network could be bad news for network security. There are also early signs in Europe that some companies are going cold on cloud services from Google, Amazon, and Microsoft, as they reassess the risks of dealing with the volatile second Trump administration. And, as crossing the United States border becomes more perilous—for both citizens and visa holders—we updated our guide to keeping your digital privacy intact when you are entering the US.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

**Top US Security Officials’ Passwords and Personal Phone Numbers Discovered Online**

On top of SignalGate and Venmo accounts being left exposed, German news outlet Der Spiegel reported that sensitive personal information linked to several senior Trump administration security officials is easily discoverable online. Reporters from the publication found that mobile phone numbers, email addresses, and “some” passwords for top officials could be found on the internet.

Using people-search engines and information contained in public data breaches, Der Spiegel discovered personal information belonging to Waltz, director of national intelligence Tulsi Gabbard, and Pete Hegseth, the secretary of defense. “Most of these numbers and email addresses are apparently still in use, with some of them linked to profiles on social media platforms like Instagram and LinkedIn,” the news organization reported. The details were also linked to Dropbox, Microsoft Teams, Signal, and WhatsApp accounts used by the officials.

While millions of people have been caught up in online data breaches and use inadequate privacy settings on their online accounts, high-level government security officials are exposed to a broader and more severe range of online threats, particularly from nation-state hackers, than most people. Officials told the news organization that many of the accounts and personal details were no longer used or had been updated. However, messages Der Spiegel sent to WhatsApp and Signal accounts belonging to Waltz and Gabbard were delivered, the publication reported. Only after they approached the government for comment were some of the accounts restricted.

**Internet Restrictions May Hide Initial Toll of Myanmar Earthquake Damage**

On Friday, a huge 7.7-magnitude earthquake and aftershock hit Myanmar, with widespread damage being reported hundreds of miles away in Thailand. At the time of writing, at least 144 people have been confirmed dead with hundreds of others injured in Myanmar. As the first impacts of the devastating quake started to emerge, The New York Times reported that long-standing and widespread internet restrictions in worn-torn Myanmar were likely making it harder for news of the damage to be understood. Since the country’s military junta took power in 2021, connectivity within Myanmar has been widely disrupted or blocked. For instance in 2023, 13 out of Myanmar’s 14 states faced internet disruptions.

In the wake of the earthquake, more video footage and news could be seen immediately emerging from neighbouring Thailand, experts told the Times. “Compare the coverage of the earthquake in Thailand, where tremors and damage have been extensively reported, posted and documented, to Myanmar, where we still don’t have a clear picture of the extent of the damage and loss and may not for some time,” Joe Freeman from Amnesty International said. The lack of connectivity may also make the recovery and humanitarian efforts harder to coordinate, once again highlighting the vital need for people to have reliable and open access to the internet.

**Alleged Snowflake Hacker Connor Moucka Agrees to US Extradition**

Last summer’s Snowflake hacking spree, where customers of the cloud storage company had their accounts targeted, was likely one of the largest mass data exfiltrations that’s publicly known. Toward the end of 2024, Canadian authorities arrested Alexander “Connor” Moucka, 26, who allegedly used online handles such as “Waifu” and “Judische,” in connection to the hacking activity. This week, Moucka consented to be extradited to the United States to face the alleged charges. According to Cyberscoop, Moucka faces 20 federal charges, including those linked to computer fraud, wire fraud, and aggravated identity theft. Moucka is not the only person allegedly behind the Snowflake hacking, with John Binns and Cameron Wagenius being named in indictments. It is unclear when Moucka’s extradition will take place.

**London Is Getting Its First Permanent Face Recognition Cameras**

Police forces across the UK have massively increased their use of live face recognition cameras in recent years. Use of the controversial technology has historically been temporary: mounting cameras on top of police vehicles and deploying them for specific events and set periods of time. That’s now set to change with the first permanent face recognition cameras being rolled out in London. The city’s Metropolitan Police are in the process of installing fixed cameras in Croydon, in the south of the city.

“This will mean our use of LFR technology will be far more embedded as a ‘business as usual’ approach rather than relying on the availability of the LFR vans that are in high demand across London,” a police official wrote in a letter seen by The Times of London. Reportedly, the cameras will not be used continuously, only when officers are nearby to monitor potential alerts. However, privacy campaigners fear the move could be further rolled out across the city, leading to a network of permanent face recognition cameras unlike those seen in any other democratic countries.

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns out, some pretty innocent-looking devices can also be used as sneaky vectors for malicious software. Here are five surprising gadgets that could become malware delivery systems, and how to protect yourself.

****1\. Headphones and Speakers****

Yes, you read that right! Your trusty headphones or speakers could spread malware. This isn’t about plugging them into an infected device but rather using them to transmit data through sound waves. Researchers have demonstrated how malware can convert audio output devices into ultrasonic transmitters.

In one proof-of-concept attack called “AirHopper,” headphones were used to leak data from air-gapped computers by sending high-frequency audio signals that could be picked up by a nearby compromised device with a microphone.

While this kind of attack is rare and highly sophisticated, it shows that even your headphones can be weaponized. To minimize risk, always update your audio drivers and keep your system security tight.

****2\. Smart Light Bulbs****

Your fancy smart lighting system could be more than just mood lighting — it could also be a way for hackers to infiltrate your network. Researchers have shown that some smart bulbs can be infected with malware, which then spreads to other connected devices.

A notable example is the “Philips Hue” vulnerability discovered in 2020. Hackers could exploit flaws to jump from the smart bulb to the home network. Once inside, they could potentially access sensitive data or take control of other smart gadgets.

To stay safe, always update your smart devices’ firmware and keep them on a separate network from your primary devices.

****3\. Barcode Scanners****

Believe it or not, barcode scanners can become vectors for malware, too. In one case known as “Zombie Zero,” attackers embedded malware into the firmware of barcode scanners before they even left the factory.

Once these compromised scanners were used in warehouses, they infected connected systems, allowing hackers to spy on corporate networks and steal data. This is a prime example of a supply chain attack where infected hardware is shipped directly from the manufacturer.

Always check for firmware updates and run security scans even on seemingly simple devices like scanners.

****4\. Smart Coffee Maker****

Who knew your morning coffee could be a security risk? Some high-tech coffee makers come with Wi-Fi connectivity and smartphone control, making them vulnerable to attacks. Researchers have shown that smart coffee machines can be hacked to not only disrupt their functions but also act as a gateway into your home network.

One security researcher demonstrated how they could make the coffee maker constantly boil water or refuse to brew until a ransom was paid; a quirky but serious take on ransomware. However, a real-world cyber attack on a coffee machine has already happened. It happened in July 2017 when a coffee machine was compromised to infect computer devices at a factory company that has multiple petrochemical factories making chemicals in Europe.

****5\. Traffic Lights****

Smart traffic lights, essential for managing city traffic, are vulnerable to cyberattacks. Hackers can exploit weak security protocols or outdated software to manipulate signals, causing chaos on the roads. In some cases, malware can alter light patterns or disable systems entirely, leading to accidents or gridlock. Researchers have demonstrated how vulnerabilities in communication protocols allow control over signals.

****How to Stay Safe****

*   **Keep Firmware Updated:** No matter how harmless a device seems, make sure its software is up to date.

*   **Segment Your Network:** Keep IoT devices on a separate network from your primary devices.

*   **Use Strong Passwords:** Set unique, complex passwords for each device.

*   **Monitor Network Activity:** Regularly check which devices are connected to your network.

It’s crazy to think that everyday gadgets, from headphones to coffee makers, can become cybersecurity nightmares. However, that’s just how the world of cybersecurity works – make security part of your daily routine.

Tag

#wifi