Ever had someone give you something and not want to give it back? Data brokers feel the same…

An investigation by The Markup found that 35 registered Californian data brokers have noindex code on opt-out & data deletion pages.

Why? To keep them off search engines.

1/6 That's not the only way that brokers create obstacles to user privacy.

An analysis of 750 US-based data broker groups revealed that 100s of brokers registered in one state but failed to register in another, despite the legal requirement.

Most of them operate nationally...

2/6

Perplexity’s $34B bid for Chrome is still not nearly as perplexing as what they’re planning to do with your browsing data.

Let’s take a look. 👇 🧵

1/7 For context, earlier this year, when Perplexity CEO @AravSrinivas confronted us, we asked him to vow that his company would never monetize user data.

He unfortunately never got back to us, and instead went on to create Comet, a privacy-invasive AI browser.

2/7

Europe outsourced its digital backbone for decades.

Today, that choice has become a strategic liability.

Our new study shows how deep that dependency runs — starting with email, the gateway to every company’s stack.

Let's unpack it 👇
1 / 8 Over 74% of all publicly listed European companies run their email, and therefore cloud, docs, AI workflows, on Google or Microsoft.

That puts strategy decks, budgets, daily ops, and sensitive client data on servers governed by foreign laws.

2 / 8

A popular dating safety app has recently spilled more than just the tea ☕

User data from Tea, a platform which claims to have upwards of 1.6 million users, has ended up on 4chan.

The app exists to share information between women about possible matches on dating platforms.

1/8 According to the attackers, data used to verify users, such as driver’s licenses and selfies, was publicly accessible without authentication.

Tea confirmed that 72k images had been exposed, including 13k selfies and photo identification submissions.

2/8

Proton has completed a SOC 2 Type II attestation.

It adds to our ISO 27001 certification and compliance with GDPR and the Swiss DPA.

What does that mean, and why should you care?

Let’s break it down 👇

🧵1/6 SOC 2 Type II is one of the most widely recognized standards for operational security.

It doesn’t just look at your policies, it audits how well you actually follow them over time.

🧵2/6

What are data brokers, and why should you care?

They collect your information from apps, websites, credit reports, and public records, selling it to whoever is willing to pay.

All without your knowledge.

Let's learn about a $270 billion industry...

1/8 👇🧵 Data brokers collect, process, and sell or share personal information about people.

They gather data from:

📁 public records
🌐 online activity
🛍️ retail and loyalty programs
📱 mobile apps and location data
💳 credit reporting
🏦 financial institutions

2/8

Looking to boost the security of your Android device?

Android 16 has a new feature that may be just what you need.

Advanced Protection offers enhanced security by enabling features that are not enabled by default.

Let's dig in... 🧵👇

1/6 Here's a roundup of what is turned on with Advanced Protection:

🔛 Theft detection
🔒 Forced HTTPS for Chrome
🛑 Scam and spam protection in Google Messages

These reduce the chances of interacting with insecure websites and unknown individuals.

2/6

Meta's creativity for developing ways to track you is truly limitless.

Android users, you'll want to hear this:

🧵👇

1/6 Millions of sites contain code that enables companies like Meta to build an advertising profile of users based on their web activity.

Conventionally, this data goes from computer to cloud.

Impersonating an Android device, a researcher discovered something different...

2/6

"Whatever you chat about with Meta AI, just picture Zuckerberg watching."

More and more people are turning to AI to provide answers, advice, and counselling.

Here are 5 essential things you MUST know about Meta's AI app before using it:

1/7 1⃣ Meta will keep a copy of everything you say by default.

Unsurprisingly, for a company that has been fined more times for privacy violations than you can count, Meta's AI builds a Memory file when you chat with it.

Getting rid of this information is not easy.

2/7

🧵 241 official German parliament member email addresses were found on the dark web -- that's 13% out of the 1,874 checked. Leaked via breaches of services like Dropbox, LinkedIn & even adult sites.
1/5

⬇️ We found that members of state parliament had more than just their email addresses leaked. There were also birthdates, addresses, passwords (153 in plaintext), and more, all for sale on the dark web.
2/5

⬇️

Today, we're sharing plans for the next 3-6 months — new features & improvements to give you more powerful tools to protect privacy, boost productivity, & take control.

We work for you and only you, so we selected these features based on your feedback & requests. 🧵

1/8 @ProtonVPN

Popular features will be available on more platforms.

Exclude apps & websites from your VPN with Split Tunneling on Mac & Linux.

Get the parental controls & filtering from 3rd-party DNS with Custom DNS on iPhone & Mac.

Explore more:

2/8protonvpn.com/blog/vpn-roadm…

Meta AI in WhatsApp is now near-inescapable, with the feature rolling out to more devices.

Even users based in one of the 41 European countries should soon see it if they are using the messaging app.

This AI is a less-powerful version of Meta AI's web app.

1/5 Users should see an AI button above the one used to create a new chat, and prompt shortcuts in the search bar.

This AI can be used to create stickers, but not to transcribe audio or summarize the contents of group chats. It can also share Bing links and generate text.

2/5

How we use the internet is largely shaped by a handful of US-based tech giants.

US gov't surveillance laws allow them to demand access to your data without your knowledge or a warrant.

Read the thread below for the list of European alternatives that put your privacy 1st.

1/16 We founded Proton in 2014 specifically to resist mass surveillance and abuses by Big Tech.

Google’s Gmail, Drive, Docs, Password Manager and Calendar can now be replaced with @ProtonMail, @ProtonDrive, Proton Docs, @Proton_Pass and Proton Calendar.

2/16

Think this is a fun trend? Think again.

While some don't have an issue sharing selfies on social media, the trend of creating a "Ghibli-style" image has seen many people feeding OpenAI photos of themselves and their families.

Here's why that's a problem:

1/4 Aside from the risks of data breaches, once you share personal photos with AI, you lose control over how they are used, since those photos are then used to train AI.

For instance, they could be used to generate content that may be defaming or used as harassment.

2/4

None of your business (noyb), a privacy non-profit based in Austria and Proton Lifetime Fundraiser beneficiary, is helping a Norwegian ChatGPT user in a complaint against OpenAI.

This complaint has come as a result of fake information being generated by their LLM.

1/6 The user tried to find out if OpenAI had information about him, and so asked it to tell him who he was, using his full name.

ChatGPT confidently made up a story where he was a convicted child murderer, citing the right city and correctly stating that he has three kids.

2/6

Mark Klein, a former AT&T technician and whistleblower, passed away on March 8 2025.

Although not as well-known as figures such as Edward Snowden, he was responsible for uncovering a web of expansive government surveillance, publicizing this through whistleblowing. 🧵

1/6 Mark Klein always had a strong moral compass and a commitment to privacy.

When he saw coverage in the New York Times about increased surveillance brought in by President George W. Bush after 9/11, he realized that he had been a part of building out this infrastructure.

2/6

This year, researchers from George Mason University published a paper on a way in which Apple's Find My network could be used to maliciously track Bluetooth devices without root access. This method works across multiple operating systems and device types.

1/6 When an AirTag goes missing, it sends out signals over Bluetooth Low Energy (BLE) to nearby iPhones. These in turn send the location of this AirTag back to Apple's cloud in order to help its owner find it again.

2/6

Une proposition de loi votée par le Sénat aujourd’hui suscite de sérieuses inquiétudes pour la sécurité numérique des citoyens et des entreprises en France. Cette loi forcerait les fournisseurs de services chiffrés, tels que Proton, à introduire des portes dérobées dans leurs applications, dans le but de lutter contre le narcotrafic.

Having a hard time picking what to watch? 🎬 Here are 5 films about privacy to watch this weekend 🧵

🔽 We Live In Public - A dot-com millionaire, Josh Harris, explores the impact of media and technology on personal identity through radical social experiments. His project "Quiet: We Live in Public" placed over 100 artists in a surveilled terrarium in NYC, where their every move was captured. Harris later, live streams his own life with his girlfriend.

🔽

Our research into cybersecurity practices of politicians around the world continues with Denmark, Luxembourg, and the Netherlands. We found more than just emails and passwords - DOB, addresses, & social media accounts were also linked to these politicians’ email addresses.
⬇️1/6 Denmark 🇩🇰
Despite a recent uptick in cyber security threat levels, 41% of Danish politicians had email addresses leaked. One in particular had their email exposed in 25 breaches. Overall, 93 passwords were exposed 69 of which were in plaintext.

⬇️2/6

Our research into the #cybersecurity practices of #politicians around the world continues with Italy and Spain. Working alongside Constella Intelligence, we’ve found out how they stack up against other European politicians.

⬇️1/5 Spain 🇪🇸
Spanish politicians outperformed all other countries researched, with just 6.3% of politicians having data exposed. This included 9 plaintext passwords and 39 emails identified in leaks.

⬇️2/5