Our weekly picks of digital trust-related articles

If you have an iOS device, now is a good time to make sure updates are applied automatically, and get the latest software version. Somebody posted an exploit on GitHub that gives hackers full control of any iOS device not updated since September 2025. Usually, these exploits are usually well-kept secrets, as they are very valuable, and used only on high value targets. In this case, just visiting a website is enough to get your iPhone infected. Now anybody can be targeted!

This case is groundbreaking because it's the first time a jury has held social media companies legally accountable for harm caused by their platform designs, not just user content.The verdict challenges the tech industry's traditional legal protections and directly links addictive platform features to mental health harm in young users. As a "bellwether" case, it will influence thousands of pending lawsuits and could force a global settlement requiring major changes to how social media platforms operate. It represents a potential turning point in holding tech companies responsible for their product designs, similar to how traditional manufacturers can be liable for defective products.

If you’ve ever looked to Google Maps for inspiration on where to eat and wondered why a restaurant that you know exists didn't show up, this video breaks it down for you. What resonates with me is the gap the journalist's investigation lays bare between what people value (food quality, customer service) and what Google's algorithms prioritize (digital presence). The fix is simple enough—restaurants add their info to Google Maps, customers review, digital presence grows. Restaurant choice may seem banal, but consider this: as we entrust more of our decision-making process to companies like Google, whose explanations aren’t always straightforward, we're letting market-driven algorithms override our own values. Are we okay with that?

I was pleasantly surprised to read this interesting article about SCION, Switzerland's approach to improved internet routing and security. What struck me was Prof. Perrig's preference for 'optionality' over 'sovereignty' — freedom to choose paths, trust roots or network. The solution works yet adoption stalls because organisations are 'numb' to known vulnerabilities and reluctant to replace functioning systems. It's a classic infrastructure paradox: security problems are well documented, yet legacy inertia prevails until catastrophic failure forces change.

While the future will tell whether smart glasses will catch on this time around, I use the occasion of its reappearance to take stock of the creeping loss of privacy both in private and public spaces over my lifetime and find it shocking. This guide gives good advice on the dos and don'ts when using such a technology to respect and protect the privacy of your fellow people.

The spread of deepfakes, erosion of trust in authentic images and hallucinating chatbots are today well-known issues. These phenomena are especially problematic in rapidly evolving situations, when people are looking for updates, but reliable information is not yet available. Add algorithmic content distribution to the mix, and you get a perfect storm of misinformation. While some (in)famous figures in Silicon Valley turn their nose up on 'legacy media', the state of today's information landscape shows that we need high-quality journalism more than ever.

Google startete schon 2010 ein 'Vulnerability Reward Program', ein Bug-Bounty für alle Services von Google, das Belohnungen auszahlt, allein 17 Millionen US-$ 2025. Dieser Betrag wurde an mehr als 700 Analysten verteilt, die Fehler in Android, der Google Cloud, aber auch in verbreiteten und häufig gebrauchten Open Source Programmen und Bibliotheken fanden. Auch wenn 17 Millionen nicht viel sind für Google, ist es doch schön, dass sie ein öffentliches Bug-Bounty Programm betreiben, an dem viele Analysten mitwirken. Seit 2026 gibt es auch die Kategorie 'Künstliche Intelligenz'...

Enjoy the 'enshittificator' video, then head to the Norwegian Consumer Council's report for solutions. What's heartening is the technical tools, know-how, and laws (in some jurisdictions) already exist to counter digital service deterioration. What's missing is the political will to deploy and enforce them. But that takes time. Look at Ralph Nader's 1960s auto safety campaign: seatbelts became mandatory within a year of the release of his book, Unsafe at Any Speed, but airbags and other standards took decades more. So it will also go with digital products and services.

The camera hacking issue is problematic because it weaponizes civilian devices without owners' consent, creating an accountability gap where victims can't control the security of cameras used against them. It democratizes military intelligence by replacing expensive satellites with cheap consumer cameras,and is nearly impossible to solve since millions of unpatched devices exist worldwide. Most fundamentally, it transforms ordinary citizens into unwitting participants in warfare simply by installing home security systems, raising serious questions about consent and liability when everyday technology becomes part of military operations.

This article fascinates me because it exposes Proton Mail's privacy limits under Swiss law. While Swiss law shields direct foreign access, Mutual Legal Assistance Treaties (MLAT) enables indirect cooperation—Swiss firms must disclose available metadata like payment data. This reveals limitations in what Switzerland's privacy protections can shield users from in cross-border investigations.

I like the idea behind this tool because it tackles a serious online societal problem. I'm curious if and how it will pass the test of time. The key challenge will be to link subjective criteria to objective metrics - a problem we've seen with privacy, which still lacks objective benchmarks despite substantial research. But unlike privacy, where platforms have hidden behind consent mechanisms to avoid accountability, hate speech tracking involves no such button for users - and no excuse for platforms.

This article caught my attention because it exposes the threat of de-anonymization that AI agents pose and its consequences for online privacy. The author writes that 'the implications stretch far beyond embarrassing social media reveals' and points out that whistleblowers who reveal corporate misconduct and government corruption, journalists who shield their informants, and political dissidents in repressive states all risk retaliation. It remains to be seen how platform companies, having built their communities partly on anonymity pledges, will address this challenge.

This analysis of India's technological dependence reveals patterns that are also applicable to Europe. Attracting foreign tech companies to invest locally ultimately results in profits being exported abroad, exemplifying a kind of digital colonialism. In my opinion, the solution lies in a demand-side strategy that favors local and open-source products over monopolies such as Microsoft Office and Windows. Although this approach would incur higher costs initially, it would stimulate local solutions and generate revenue through taxes, job creation and increased consumer spending. Implementation should begin now as a long-term initiative.

This article points out that the 'real digital sovereigns' are the tech companies, who control all 'vectors' of sovereignty, from infrastructure, to data, AI models, and services. Beyond the US and China (and North Korea), the only realistic strategy for countries to gain control over their digital sovereignty will be to work together, whether through joining or creating regional blocs or participating in international standards bodies, to coordinate on regulations, trade agreements, procurement rules, and other policy mechanisms. In other words, digital sovereignty for most countries is not a national project. It’s a regional project.

Sogar für eine Firma, die die Privatsphäre als Aushängeschild verwendet, ist es nicht immer einfach, ihre Benutzer zu beschützen: Obwohl die E-Mails selbst verschlüsselt sind, gibt es viele Metadaten. In diesem Fall war es die Zahlung mit einer VISA-Karte, die den Benutzer einer E-Mail-Adresse verriet. Ich finde es interessant, dass Proton laut einem eigenen Bericht von 2024 insgesamt in über 10.000 Fällen Nutzerdaten an die Behörden herausgab.

Je trouve cet article intéressant, car il apporte, par un professeur de droit reconnu, une clarification juridique précise sur le cloud en Suisse, distinguant clairement ce qui relève du droit de ce qui relève de la stratégie. Le Prof. Métille démontre qu'aucun obstacle juridique n'empêche l'utilisation de clouds américains certifiés DPF. Cette distinction est cruciale pour les décideurs informatiques : la conformité légale ne dispense pas d'évaluer la souveraineté numérique et les dépendances technologiques, qui restent des choix politiques et non des contraintes juridiques strictes.

As someone who is a passionate reader since first opening a book, I thoroughly enjoyed this article by an aspiring English teacher reflecting on how to pass on this passion to the next generation in the age of AI. I particularly liked its message on how technology in the classroom is not an end in itself but supposed to support teaching, and that why we are teaching something to young people might hold the key to how to use it to this end.

This article illustrates the brutal economics of modern conflict and the fragility of digital infrastructures. Relatively inexpensive drones can render billion-dollar data centers ineffective, calling into question their placement in supposedly "stable" regions. For me, a question remains: What explains the apparent lack of cyberattacks by Iran? Have the U.S. and Israel blocked such attempts directly in the digital realm, or have strikes on Iran's physical infrastructure prevented its ability to perpetrate them?

Unsurprisingly, the cyberspace reflects the geopolitical conflicts of the real world. We see western democracies criticising authoritarian regimes for cutting off their populations from the Internet for fear of external interference and fuelling demonstrations. Similarly, within the western democracies, the current US administration criticises the EU for its regulations and censorship of hate speeches, fake news etc. calling it censorship of free speech, and offering portals to bypass the censorship. Closing the loop, the same "free speech" is called "external interferences" when operated by authoritarian regimes during US elections. The disconnect between John Perry Barlow's 1996 Davos vision of government-free cyberspace and current reality is unambiguous. The trajectory and timeframe for resolving these geopolitical tensions in cyberspace, however, remain ambiguous.

En tant que supporteur des logiciels libres et de la souveraineté qui les accompagne, voici un sujet qui m’inquiète : Google veut fermer sa plate-forme Android à toute application qui n'est pas signée par un développeur agréé par Google. Le sujet fait débat surtout en Europe, où Apple a dû ouvrir ses iPhones aux applications étrangères. Maintenant c'est au tour de Google d'essayer de fermer son écosystème, ce qui enlèvera le peu de liberté qu'on avait avec Android.

Even 3 years into the current AI hype, it is still difficult to differentiate between its true capabilities and salestalk. Hopefully military leaders have a more clear-eyed view of the technology, as it is clearly not ready to be deployed in high-stakes decision-making processes.

I always liked Anthropic's stance of doing the right thing and setting standards with regards to security and ethics in LLMs. Unfortunately, they budged and will now only define 'goals that we will openly grade our progress towards'. These goals will be non-binding, and future LLMs from Anthropic will blaze ahead even if they get bad grades. At least they stuck by their rules of 'no AI controlled weapons' and 'no mass domestic surveillance', although this has gotten them declared a 'supply chain risk' by the Department of War.

I found this article interesting because it highlights the tension between protecting children online — not just on social media, but also on shopping, gambling and adult sites — and preserving privacy. The challenge of enforcing age laws without collecting sensitive data remains, regardless of whether the burden is placed on users or platforms. eID could be a solution, but only if it is truly privacy-preserving and only minimal data is shared and no logs are retained. How it is implemented by the authorities is crucial here.

This article is quite unnerving: a twenty‑minute hack shows how data‑poisoning can make LLMs tell tall tales, turning sci‑fi fears into real business risk. It’s a wake‑up call to demand provenance, adversarial robustness assessment and scepticism—because trusting chatbots without checking is like relying on a smooth-talking oracle with a hidden agenda. Critical thinking remains your best plugin.