Best of PrivacyMarch 2026

  1. 1
    Article
    Avatar of mozillaMozilla·10w

    Meet Kit, your companion for a new internet era

    Mozilla has introduced Kit, a new visual mascot and companion character for Firefox. Kit is a fox-like creature (drawing from both fox and red panda attributes) designed to appear in welcoming or encouraging moments within the browser, on Mozilla's website, blog, social media, and community events. Created by illustrator Marco Palmieri in partnership with agency JKR, Kit was deliberately hand-crafted — not AI-generated — with distinctive design choices like no mouth and an expressive tail. Kit is not an AI assistant or chatbot, but a brand character meant to make Firefox's user-first, privacy-respecting values feel more visible and approachable.

  2. 2
    Article
    Avatar of hackadayHackaday·11w

    California’s Problematic Attempt To Add Age-Verification To Software

    California's Digital Age Assurance Act (AB 1043), signed into law and taking effect January 1, 2027, requires OS providers to implement an age-verification API. The law mandates that users declare their age bracket at account setup, which apps and app stores must then use to gate access. Critics point out major flaws: the self-reported age system is no more reliable than old-school age-dropdown widgets, enforcement is vague, edge cases like shared family accounts are unaddressed, and FOSS developers face disproportionate legal risk. The governor himself expressed hope the bill would be amended. Requiring photo ID would give it real teeth but would conflict with the bill's own privacy-preserving provisions.

  3. 3
    Article
    Avatar of collectionsCollections·10w

    Age verification laws are putting Linux distros and Valve in a tough spot

    Several US states are passing age verification laws that require operating systems and app stores to verify user ages, creating compliance challenges for Linux distributions and platforms like Valve's Steam. Linux distros lack the centralized account systems these laws assume, leading to varied responses: Ubuntu and Fedora are exploring privacy-conscious local solutions, System76 is lobbying for open-source exemptions in Colorado, while some distros like MidnightBSD have taken extreme steps like license changes. Valve is fighting a New York AG demand for expanded age verification and data collection, arguing payment processors already handle this and additional data collection creates privacy risks. The core tension is that these child safety laws are designed for large commercial platforms and impose centralized data collection mandates that fit poorly with open-source software architecture and privacy-focused platforms.

  4. 4
    Video
    Avatar of mentaloutlawMental Outlaw·11w

    Online Age Checks Are Going Too Far

    California's AB 1043 and Colorado's SB26-051 would require operating system providers to implement age-bracket detection during setup, exposing user age data via a real-time API to installed apps. The laws apply retroactively to existing OS installations and carry fines up to $7,500 per affected child. While major OS vendors like Microsoft, Apple, and Google could absorb compliance costs, the Linux ecosystem faces unique challenges — especially hobbyist distros like Arch and Gentoo. Ubuntu has already raised questions about ambiguous scope (servers, VMs, adult users). The author argues this is a slippery slope toward full ID verification at the OS level, threatening online anonymity and the privacy advantages that drew users to Linux in the first place.

  5. 5
    Video
    Avatar of fireshipFireship·9w

    This new Linux distro is breaking the law, by design…

    A new California law called the Digital Age Assurance Act (AB1043), passed in October 2025, requires all general-purpose operating systems including Linux to collect user age data and expose an API for age verification by January 2027. A project called Ageless Linux responds by providing a script for Debian-based distros that installs a non-functional age verification API, effectively declaring non-compliance with the law. The post frames the law as a Trojan horse for mass surveillance, benefiting big tech companies like Meta (which lobbied for it) and Apple/Microsoft, while harming small developers and eroding internet anonymity.

  6. 6
    Article
    Avatar of braveBrave·11w

    Why Brave is opposing Google’s Android developer registry

    Brave has joined the EFF, Tor Project, and 40+ organizations opposing Google's plan to require all Android developers to register with government-issued ID starting September 2026, even those distributing apps outside the Play Store. The policy would create a centralized identity database of every Android developer, posing serious privacy risks especially for those building privacy tools, VPNs, and software for journalists and activists. Brave frames this as part of a broader pattern of Google leveraging platform control to insert itself into activities where users and developers didn't invite its involvement, alongside past moves like Manifest V2 deprecation, AMP, and Privacy Sandbox.

  7. 7
    Article
    Avatar of itsfossIt's Foss·9w

    Inside the Systemd Age Verification Debate: Developer Responds to Criticism

    Dylan M. Taylor, the developer who added an optional birthDate field to systemd's user database to help Linux distributions optionally comply with US age verification laws, shares his side of the controversy in an interview. He clarifies the change is not actual age verification — no ID checks or third-party validation are involved — and defends it as a lightweight, self-attested honor system similar to date pickers from the early 2000s. He also reveals the severe personal toll: death threats, doxxing, harassment, and having his personal information posted publicly. Dylan reflects on the broader tension between FOSS principles and legal compliance, predicting a future split between corporate-backed and independent Linux distributions on such issues, while affirming his commitment to open source despite the backlash.

  8. 8
    Article
    Avatar of tailsTails·9w

    Tails 7.6

    Tails 7.6 introduces automatic Tor bridge discovery directly from the Tor Connection assistant, allowing users in censored regions to request region-appropriate bridges via the Moat API using domain fronting. The release also replaces KeePassXC with GNOME Secrets as the default password manager, offering better GNOME integration and accessibility while maintaining compatibility with existing KeePassXC databases. Additional updates include Electrum 4.7.0, Tor Browser 15.0.8, Thunderbird 140.8.0, and updated firmware packages. Several bug fixes address translation issues and automated upgrade problems.

  9. 9
    Article
    Avatar of hnHacker News·10w

    The 49MB Web Page

    A detailed audit of modern news websites reveals how programmatic ad-tech, excessive tracking, and hostile UX patterns have degraded the reading experience. Using the New York Times as a primary example, the post documents 422 network requests and 49MB of data for a single article load, driven by real-time ad bidding, surveillance beacons, and cross-site identity stitching. The analysis covers anti-patterns like Z-index warfare (cookie banners, newsletter modals, notification prompts), inverted content-to-chrome ratios, cumulative layout shift from late-loading ads, autoplaying sticky videos, and deliberate fat-finger traps. The author argues publishers are caught in a CPM-driven death spiral that treats readers as adversaries, and offers concrete engineering fixes: serialized onboarding queues, reserved ad slot dimensions to prevent CLS, behavior-triggered overlays, and inline newsletter placements. Lightweight alternatives like text.npr.org and RSS feeds are highlighted as proof that audiences want no-frills content.

  10. 10
    Article
    Avatar of hnHacker News·10w

    Ageless Linux — Software for Humans of Indeterminate Age

    Ageless Linux is a satirical-but-real Debian-based Linux distribution created as deliberate civil disobedience against California's AB 1043 (Digital Age Assurance Act). The project argues the law is not a child safety measure but a compliance moat that benefits large tech companies (Apple, Google, Microsoft) while making it impossible for volunteer-run Linux distributions, small open-source projects, and hobbyist developers to legally distribute software. The author exploits the law's own definitions to become a technically regulated 'operating system provider' by simply modifying /etc/os-release, then intentionally refuses to implement age verification. The piece includes a detailed legal analysis of AB 1043's definitions, a critique of age-gating as pedagogically harmful (teaching children to lie to compliance systems), and a plan to physically distribute cheap RISC-V devices and Raspberry Pi Picos pre-loaded with Ageless Linux to children at school STEM fairs — inviting the California AG to levy a $7,500 fine for handing a child a $5 computer with a snake game.

See all Privacy archives