r/vpnet

▲ 1.0k r/vpnet+2 crossposts

Four cities voted to remove Flock license plate cameras after questions about who can search the data

The trend continues: 4 more cities made moves to get the Flock out.

  1. Framingham, MA: the cameras went off June 30 after months of resident pressure.
  2. Fort Collins, CO: City Council voted 6-1 to cancel its Flock contract after months of resident pressure.
  3. Woodburn, OR: the Flock contract was cancelled after discovering that DHS and ICE had been searching their data.
  4. Appleton, WI: the cameras will come down by the end of July while the city writes a real surveillance policy with more oversight and guardrails.

This is a growing trend - every week new cities are turning off their Flock cameras, often due to pressure from city residents. So, GET LOUD! Attend your city council meetings and let them know you do not support Flock surveillance in your community!

Full write-up and our list of sources: https://s.vp.net/31NDp

u/Ellogar — 3 days ago
▲ 75 r/vpnet+1 crossposts

New report: federal spending on ICE surveillance tools spiked to $513 million this year, with Palantir called the backbone

A report from Mijente, Just Futures Law, and the Surveillance Resistance Lab tracked DHS contracts with 11 surveillance vendors and found the spending curve bending sharply upward.

Some highlights:

  • Funding to these firms more than doubled from 2024 to 2025, past $310 million, then spiked again to $513 million this year.
  • Palantir is called the backbone of ICE data surveillance, with more than $1.8 billion in government money since the start of this administration.
  • Anduril takes another large share through border towers and drones.
  • Data brokers like LexisNexis sell information on millions of people to ICE, which the report frames as the workaround for reaching into sanctuary jurisdictions.
  • DHS does not just buy these tools. The report says it runs a billion dollar incubator that grows these firms into the vendors it then buys from.

Full write-up and the sources: https://s.vp.net/ImSax

u/V3R1F13D0NLY — 4 days ago
▲ 2 r/vpnet

Every VPN swears it doesn't log you. Only vp.net lets you check for yourself. Choose wisely.

Every VPN swears it doesn't log you.

Only vp.net lets you check for yourself.

Choose wisely.

vp.net - the only verifiable zero-knowledge VPN

u/V3R1F13D0NLY — 6 days ago
▲ 1.3k r/vpnet+3 crossposts

Cleveland council committee votes 3-1 against renewing $250,000 Flock license plate camera contract after police can't produce data showing it works

Cleveland City Council voted 3 to 1 to end their contract with Flock Safety after the police were unable to show any evidence that the system actually works. They couldn't say how many stolen cars were recovered or even the affect it had on the overall crime rate.

The police wanted approval of a $250,000 / year contract for 100 ALPR cameras that they search over 12,000 times per month, but had no idea if it was even effective 🤦‍♂️

Full write-up and our source list: https://s.vp.net/a1N9k

u/OldGermanBeer — 11 days ago
▲ 24 r/vpnet

Federal judge blocks Nebraska's LB 383 social media age-verification law two days before it took effect

A federal judge blocked Nebraska's LB 383 on Saturday, just a few days before it was set to take effect on July 1st. The law would have forced an age check on every social media user in the state.

What the law would have required:

  • Every social media service had to verify the age of every user creating an account
  • Anyone under 18 needed verified parental consent, with the parent's age checked too
  • Platforms had to build tools letting parents monitor a minor's posts and messages
  • The state could fine violators $2,500 apiece

Unfortunately, this is just a preliminary injunction, so it is not permanent and the state can appeal, so the fight is far from over.

Full write-up + source links: https://s.vp.net/pP1oF

u/V3R1F13D0NLY — 7 days ago
▲ 78 r/vpnet+1 crossposts

Texas Parks and Wildlife vendor breach exposed driver's license and passport data on more than 3 million license holders

The Texas Parks and Wildlife Department disclosed on June 18 that a breach at its third-party hunting and fishing license vendor exposed personal data on more than 3 million license holders. The state has not named the vendor.

What was exposed:

  • Driver's license information
  • passport numbers where people provided them
  • Email addresses
  • phone numbers
  • home addresses

Texas Cyber Command detected the breach, and the agency is offering a year of free credit monitoring aka "Sorry hackers got your data, but don't worry, we'll let you know after they steal your identity." 🤦‍♂️

While this isn't an age verification system, it works the same way, and now that age verification is being mandated all over, the frequency of breaches like this is going to rise quickly.

Full breakdown and source links: https://s.vp.net/5wVeZ

u/V3R1F13D0NLY — 10 days ago
▲ 86 r/vpnet+1 crossposts

SFPD audit found 299 searches of its Flock cameras by out-of-state and federal agencies California law does not allow

San Francisco ran an audit on its own license plate reader network and it failed. Over about one year, 299 searches came from out-of-state and federal agencies that California law does not permit access for. The chief of police has since suspended the access.

Full write-up and our source list: https://s.vp.net/SKGs1

u/V3R1F13D0NLY — 13 days ago
▲ 21 r/vpnet+1 crossposts

Daniel J. Bernstein built the cryptography behind Signal, WireGuard, and HTTPS.

Most people have never heard of Daniel J. Bernstein, known as djb, but they rely on his work constantly. He designed several of the core algorithms that secure the modern internet, and in the 1990s he won a First Amendment case that established source code as protected speech.

A few of the places his cryptography actually runs:

  • Curve25519 and Ed25519 for key exchange and signatures in OpenSSH, Signal, and countless others
  • ChaCha20 and Poly1305 for encryption in WireGuard and the HTTPS connections in your browser
  • The same primitives inside vp.net, bmail.ag, and Dissent

His 1990s court fight came about because US law then treated encryption as a munition, so publishing his own code could have made him an arms dealer in the government's eyes. He sued, and won. Today he is back in a different fight, over whether the next generation of encryption standards gets quietly weakened.

We are sitting down with him for a long interview this Saturday, June 27th at 10am Eastern, with a live Q&A where you can ask him questions directly. If you cannot make it, it stays up on YouTube afterward: https://www.youtube.com/live/qPhoJQtvgUo

Full write-up and sources: https://s.vp.net/zaqX3

u/V3R1F13D0NLY — 10 days ago
▲ 9 r/vpnet+2 crossposts

This week on Hide & Speak: Daniel J. Bernstein (djb) on the fight over post-quantum encryption standards

This Saturday on Hide & Speak we are sitting down with Daniel J. Bernstein, the legendary cryptographer known as djb, for a long conversation about the fight over post-quantum encryption standards at the IETF.

The short version: when you add post-quantum crypto to the protocols protecting your traffic, you can either keep the old elliptic-curve layer underneath as a backup, or drop it and trust the new algorithm alone. djb argues for keeping both, since post-quantum candidates have broken before. SIKE is the example he points to: it shipped to millions of connections, then collapsed. He also argues the NSA is pushing the weaker option through federal procurement, and that the standards body is bending its own process to sideline objectors.

Click through and set a reminder, live Saturday June 27 at 10am ET: https://www.youtube.com/live/qPhoJQtvgUo

youtube.com
u/V3R1F13D0NLY — 13 days ago
▲ 30 r/vpnet+1 crossposts

Palantir doesn't lose contracts over what its CEO says in public. The contracts are the part worth researching.

The argument in this clip from Hide & Speak featuring The Hated One, is that the outrage cycle around Palantir's CEO is mostly a distraction. When he says something unhinged in an interview, it trends, people react, and then nothing happens to the business. No contracts get pulled. That's because Palantir doesn't sell to citizens. It sells to the government. It does not need regular people to like it. It needs agencies to keep signing.

So the public statements are the least useful thing to focus on. The revealing part is the contracts themselves, who Palantir works with and what those deals actually enable. That's the story that could cause the company real problems, and it's the one that gets the least attention while everyone argues about the quote of the week.

Full episode: https://www.youtube.com/watch?v=u2iZuSsnJYk

Read the breakdown here: https://s.vp.net/s6TWw

u/V3R1F13D0NLY — 12 days ago
▲ 25 r/vpnet

DHS document describes a face-scanning app now in the hands of local police deputized by ICE

A Department of Homeland Security document, first reported by 404 Media, describes an app called the ICE Task Force Module that is already in use. An officer scans a person's face, and the app checks it against more than 250 million government records.

What the document lays out:

  • The records it queries include State Department visa data and the Traveler Verification Service the TSA uses to check identities on international flights.
  • Every photo captured is stored in a DHS system for 15 years.
  • The officers are not federal agents. They are local police deputized under ICE's 287(g) task force program, around 1,300 agencies, and the app launched last September.
  • Officers cannot know a person's citizenship before scanning, so US citizens get scanned and stored in the same database.
  • The ACLU has documented at least 14 wrongful arrests in the US tied to this technology, including a woman who spent six months in jail over a false match.

DHS says its methods are constitutional and respect privacy. The same document confirms the 15-year retention and that some of the stored faces will belong to citizens.

Full write-up and our source list: https://s.vp.net/6zrKW

u/V3R1F13D0NLY — 12 days ago
▲ 35 r/vpnet

Canada's Bill C-22 passed third reading after the government limited debate and sat the committee past midnight

On June 18th, Bill C-22, the Lawful Access Act, cleared third reading in the House of Commons. To get it there, the government moved to limit debate, which forced the National Security Committee to keep meeting past midnight and push the bill through without resolving dozens of outstanding amendments. The House then rose for summer a day early. One member said the amendments were rammed through without debate and called it patently wrong.

What the bill actually creates:

  • A metadata retention power letting the Minister of Public Safety secretly order an electronic service provider to keep records of who you talk to, when, and from where.
  • An access capability mandate that can compel that provider to build the technical means to hand the data over.
  • A definition of electronic service provider broad enough to pull in messaging apps, VPNs, and device makers, not just telecom carriers.
  • A retention cap trimmed from one year to six months in the amended version, which has satisfied none of the critics.

The EFF says it threatens encryption and increases surveillance, citing Citizen Lab and the CCLA. Signal and DuckDuckGo say they may limit service or leave Canada. Apple and Meta have urged amendments. The government dismissed the concerns as a tinfoil hat fantasy. It goes to the Senate next, likely in the fall.

Full write-up + source links: https://s.vp.net/Ck9LW

u/V3R1F13D0NLY — 14 days ago