Tea

• We are investigating how TikTok uses 13–17-year-olds' personal information to make recommendations to them
• We also announce we are investigating how Reddit and Imgur assess the age of their child UK users
• Investigations are part of our wider interventions into how social media and video sharing platforms use children's data

It’s been a long time coming, but the trust in Firefox and its mother organization, Mozilla, seems to be mostly gone, after a recent commit on the source code removed the “we don’t sell your data” promise, along with a change of Privacy notice and Terms of Use.

Back during January Steam on Linux dropped by 0.23% to a 2.06% marketshare while overnight the numbers were published for February 2025...

The February numbers show a staggering 0.61% drop to Linux use, putting the overall Linux gaming marketshare at just 1.45%. This is a significant drop and haven't seen Linux numbers this low in quite some time.

For people who pirate HBO service products, no changes, your lifetime subscription to piracy is still valid.

Before the Oscars are handed out early March, the Motion Picture Association (MPA) has announced its own annual awards. Wicked director Jon Chu is a proud recipient, but the bulk of the accolades go to lawmakers and the U.S. Government's IPR Center, who helped to combat online piracy. Perhaps not coincidentally, those lawmakers could help to push a pirate site blocking bill over the line.

WTF!

Mozilla has just deleted the following:

“Does Firefox sell your personal data?”

“Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. "

Source: Lundke journal.

A sustained campaign by U.S. authorities has led to the seizure of a growing number of pirate sports streaming domains. The IPR Center is now listed as the owner of dozens of .DEV domains, which were signed over as part of the seizure operation. Previously, close to a hundred .APP domains linked to piracy suffered the same fate.

It may seem like AI chatbots are taking over every digital application, whether we like it or not. You might have noticed more AI note-taking bots in online conferencing platforms, some of which offer end-to-end encryption (E2EE). Then Apple Intelligence plans were announced, promising application redesigns to offer AI features across its phone and laptop operating systems. The latest changes have come from Meta AI’s integration in WhatsApp, replete with “bots nobody wants.”

Any time new features are added to an E2EE messaging app, it raises concerns about privacy and security. So, what concerns are raised by the addition of AI bots? How can we evaluate those concerns? As AI becomes more embedded into encrypted services, is it possible to resolve the tension between the privacy users expect from E2EE and the data access needed for AI functionality? With our colleagues at Cornell and NYU, we set out to answer these questions.

We uncovered several facets of this question from both a technical and legal perspective and published a paper laying practical recommendations for E2EE messaging platforms and regulators. It’s also important that we outline the practical solutions and recommendations for the public. You can read the full preprint paper here.

• Cisco Talos discovered multiple cyber espionage campaigns that target government, manufacturing, telecommunications and media, delivering Sagerunex and other hacking tools for post-compromise activities.
• Talos attributes these attacks to the threat actor known as Lotus Blossom. Lotus Blossom has actively conducted cyber espionage operations since at least 2012 and continues to operate today.
• Based on our examination of the tactics, techniques, and procedures (TTPs) utilized in these campaigns, alongside the deployment of Sagerunex, a backdoor family used exclusively by Lotus Blossom, we attribute these campaigns to the Lotus Blossom group with high confidence.
• We also observed Lotus Blossom gain persistence using specific commands to install their Sagerunex backdoor within the system registry and configuring it to run as a service on infected endpoints.
• Lotus Blossom has also developed new variants of Sagerunex that not only use traditional command and control (C2) servers but also use legitimate, third-party cloud services such as Dropbox, Twitter, and the Zimbra open-source webmail as C2 tunnels.

A renewed attempt to introduce site blocking in the U.S. emerged in late January when U.S. Rep. Zoe Lofgren (D) introduced the Foreign Anti-Digital Piracy Act. The FADPA bill received the MPA's full support, and it now transpires that similar legislation is being prepared by U.S. Rep. Darrell Issa (R). A recent meeting to discuss the 'American Copyright Protection Act' was attended by Disney, Paramount, and Amazon, plus Google, YouTube, and Verizon.

The Russian influence operations Doppelganger and Operation Undercut utilized several tactics to spread content on X, TikTok, 9gag, and Americas Best Pics and Videos

The Russian disinformation operations known as Doppelganger and Operation Undercut promoted content attacking Ukraine, Europe, and the United States using nine different languages and four platforms. On X, thousands of accounts were created to post pro-Kremlin content in addition to promoting redirect links to fake media websites. The network relied on trending hashtags and bot-like accounts to share the content to reach wider audiences. On TikTok, at least twenty-four accounts posted hundreds of videos that garnered millions of views, often relying on AI-generated narration and content masking to evade detection. Identical video content also appeared on online platforms 9gag and Americas Best Pics and Videos.

Operation Doppelganger is a Russian malign information operation known for impersonating reputable media outlets, targeting users with fake articles that promote Russia’s narratives. The DFRLab, other organizations, tech companies, and governments previously covered the operation’s multiple and ongoing iterations targeting various countries on different platforms since August 2022. Operation Undercut runs in parallel to Doppelganger, prompting similar narratives using AI-edited videos and images, along with screenshots from legitimate media outlets taken out of context to undermine Ukraine. The operation has been attributed to at least three Russian companies under sanctions, including the Social Design Agency, Structura and ANO “Dialog”, allegedly with support from cybercriminal syndicates like the AEZA group.

We collected data from X between December 12, 2024, to February 12, 2025, and observed Doppelganger activity primarily in French, German, Polish, English, and Hebrew. We also found some content in Turkish, Polish, Ukrainian, and Russian. We observed three main types of Doppelganger posts: posts with four captioned images, posts with one video or infographic, and posts with links that redirect to Doppelganger websites. As of February 21, 2025, 95 percent of accounts associated with the four captioned images posts and 73 percent of accounts associated with the single video/image posts in our sample had been suspended by X.