I came across this article online recently:
Security software CEO warns: We could be facing the 'death of anonymity online' (https://www.thecooldown.com/green-business/age-verification-online-security-concerns/)
The specific article itself doesn't matter that much, but the general trend towards age verification for adult stuff is real. Similarly, there's the ongoing back and forth in the EU about Chat Control.
I'm curious if any of you have any thoughts or insight on possible less-or-no-anonymity-on-the-net scenarios and potential impacts.
It seems to me that the primary framing of the public discourse is around the following:
- It will allow us to keep children from accessing porn (and other stuff deemed harmful).
- It'll make loads of adults feel weird about accessing porn becuase it'll be linked to their actual identities somehow.
- It'll allow governments way too much insight into political speech and that's going to lead to bad places.
- Something about free speech.
But what are the other possible ramifications?
What's the possible impact on social media if anonymity is curtailed? Will it render large parts of the social media economy reliant on bot farms and the like inoperative? How much of an impact will it have on foreign (or domestic) online influence operations?
How big of a threat is it to the bottom lines of social media companies like Meta, Twitter, etc (and therefore, how much should we expect to see them oppose it)? Or is it not a threat?
To what degree will malicious (or simply profit seeking) actors be able to get personal data on individual people if there's no anonymity? And is it actually that different from what is available to Google, Meta, Microsoft et. al. now?
I'm curious if any of you have any insight or have read any compelling analysis on the topic?
I don't like the idea of destroying anonymity on the whole internet, but I do like the idea of having walled gardens of authenticated users corresponding to real people. Unfortunately every social media platform that has pushed for authenticating users benefits from blurring real and fake users either for advertising or boosting volume/engagement.
I think these pushes are resulting from the deteriorating quality of these supposed walled gardens that purposefully exploit the authenticated users for their own benefit, making the internet as a whole feel worse and more dangerous.
Quote from: Jacob on May 04, 2026, 04:01:09 PM- It'll allow governments way too much insight into political speech and that's going to lead to bad places.
I think it is naive to believe that (malicious?) governments are not already able to do this. Edward Snowdon was thirteen years ago and we know that data engineering and recently AI made gigantic progress since then in the private sector.
The path to the managed democracy of Super Earth, all in name of protecting 'the children'.
Quote from: Crazy_Ivan80 on May 04, 2026, 04:34:37 PMThe path to the managed democracy of Super Earth, all in name of protecting 'the children'.
Very good argument for removing anonymous posts from social media.
Quote from: crazy canuck on May 04, 2026, 04:39:38 PMQuote from: Crazy_Ivan80 on May 04, 2026, 04:34:37 PMThe path to the managed democracy of Super Earth, all in name of protecting 'the children'.
Very good argument for removing anonymous posts from social media.
didn't take you for an authoritarian. Seems I was mistaken.
Seems you're also unaware that a 'managed democracy' isn't a democracy at all. And that the argument 'think of the children' is often used to ram through measures that would otherwise never make it to the books.
Without anonymity the government will, inevitably, regulate what opinions are allowed. And it will be able to do so effectively. Your speech will get managed.
I will probably just stop talking on the internet should this happen.
Look I know the government probably has some record that "valmy" on Languish.org is me but they don't know they know it. And nobody is going to just screenshot stuff I say here to bust me.
But if I have to be my real name on places that would change how I act. Because some shit isn't anybody's business.
It's terrifying for a number of reasons, but one specific to trans people (and other minorities/at-risk groups) is that it would be *very* easy to make lists of us and track us if things keep going the way they are. :(
Quote from: Sophie Scholl on May 04, 2026, 06:21:16 PMIt's terrifying for a number of reasons, but one specific to trans people (and other minorities/at-risk groups) is that it would be *very* easy to make lists of us and track us if things keep going the way they are. :(
Yeah - I am very torn I think there are groups who have been able to find communities online and that has been enabled by anonymity. I don't think anonymity is the heart of the issue. I think part of the reason it keeps coming up as a solution is that it reflects the issues of being prominent on the internet - so whether that is Musk or any politician they will get hundreds and thousands of often unhinged anonymous comments from people. At the really bad end (and there's been several prosecutions over this in the UK) threats of violence. The obvious solution to that is to end anonymity because people with their real names known would not make those types of comments - but I'm not sure the issue that idea solves is part of the big problem wth the internet, I think it is, however, the problem people in power and influence are most exposed to.
I also think there are very real security risks around how it's done. It's an area where there are actually some very good private sector solutions that have developed really secure age verification tools that do not store a huge amount of personal information - but it's the wild west out there in terms of standards. I was struck by the UK Online Safety Act coming into force in the same week as a very major data breach in the US of a big online provider. The European Commission launched an age verification app to comply with various EU laws (in different stages of taking effect) a couple of weeks ago and urged rapid adoption. It took security experts less than two hours to hack it - and it was (even to a non-technical person like me) wildly insecure, for example lots of stuff just being held in plain text.
The flipside is there is a lot of content that should be age gated and would not be accessible to children in the real world. That includes porn, but is broader. I've said before that the Online Safety Act in the UK (and there is similar in Europe) is a bit of a grab-bag from very well meaning campaigns that I can only sympathise with - parents of children who killed themselves or died from an eating disorder and had been engaging in content that promoted self-harm, suicide and eating disorders. There are safeguarding issues in basically any area of the internet where children are (this is also a big part of the European drive to stop end to end encyrption which is causing a big fight with Meta and Apple especially).
But I think this has led to some incredibly ill-defined concepts in our laws like, in the UK, "lawful but harmful", in Europe quite broad powers to "authorities" which do not require a court order and I think some quite dangerous over-reach, particularly around encrypted messaging. I also think that the whole regulatory approach actually reinforces the big platforms - who I think are a major part of the problem - because whether it's age-gating or assessing potentially harmful content, that tends to reinforce their market and institutional power as gatekeepers. I don't think that's helpful as I think they are part of the problem. So to Jake's question around whether it harms them - I think it does the opposite. I think it embeds them as part of the core infrastructure of the internet.
Now having said all of that anonymity on the internet is largely a fiction at this point unless you put a lot of effort into it just by virtue of the way online advertising works. Your profile is being broadcast to thousands of counterparties in the ecosystem every time you're browsing online. It's not just cookies any more with cross-device, cross-browser tracking and general ID graphing of who is who and who is in a household. And there is an argument that a more age-gated internet might help reduce the issues around that - but again it entrenches the platforms.
My own view all told is probably very controversial :ph34r: I fully accept Sophie's point and I don't know that anonymity is the heart of the problem. But I think from a European perspective, China probably had the right model of developing and ensuring that the internet that is built in that country complies with its laws. Those laws in China are obviously authoritarian and not what I would want to replicate. But I think that approach has "worked" in allowing the development of an internet that is in line with local laws and to that extent arguably more "pro-social". I think in Europe we have the worst of all worlds. We have been open to the global internet which means we live on the American internet with all its pathologies and it does not always comply with our laws on speech or other issues. We have also imposed quite a high regulatory burden which is expensive to comply with and a really high bar to entry for European competitors. Which means we are relying on TikTok, Google, Meta etc to comply meaningfully with our regulations (which I'd argue is questionable at best) but also those same regulations present a barrier to creating and scaling European TikToks etc. I think a Great Atlantic Firewall, say, would have been the right approach and maybe it's not too late - removing anonymity may be part of it, it goes against the great cosmopolitan dream of the internet but I kind of think building localised internets that comply with our local legal requirements would be worth doing (because once you've blocked Meta or Google - they're not impossible to replace - see China, Russia etc) :ph34r:
Quote from: Crazy_Ivan80 on May 04, 2026, 05:28:56 PMQuote from: crazy canuck on May 04, 2026, 04:39:38 PMQuote from: Crazy_Ivan80 on May 04, 2026, 04:34:37 PMThe path to the managed democracy of Super Earth, all in name of protecting 'the children'.
Very good argument for removing anonymous posts from social media.
didn't take you for an authoritarian. Seems I was mistaken.
Seems you're also unaware that a 'managed democracy' isn't a democracy at all. And that the argument 'think of the children' is often used to ram through measures that would otherwise never make it to the books.
Without anonymity the government will, inevitably, regulate what opinions are allowed. And it will be able to do so effectively. Your speech will get managed.
You are missing the point. Social media has already done considerable damage to democracy.
Quote from: crazy canuck on May 04, 2026, 07:47:16 PMYou are missing the point. Social media has already done considerable damage to democracy.
I think it is more the nigh total marketization and focus on wringing every possible short-term cent out of social media that has led to the damage to both it and democracy. The internet, too. They were both once possible bastions of freedom and democracy and a way to move the world into a more open and progressive future. Alas, that is no longer the case. :(
Quote from: Sophie Scholl on May 04, 2026, 07:57:09 PMQuote from: crazy canuck on May 04, 2026, 07:47:16 PMYou are missing the point. Social media has already done considerable damage to democracy.
I think it is more the nigh total marketization and focus on wringing every possible short-term cent out of social media that has led to the damage to both it and democracy. The internet, too. They were both once possible bastions of freedom and democracy and a way to move the world into a more open and progressive future. Alas, that is no longer the case. :(
Agreed, once someone figured out how to monetize the internet, it was game over. Governments completely abdicated their responsibility and this is what we got.
The cries of freedom of speech in protest to attempts to regulate miss the point.
On the subject of anonymity/age restriction:
https://www.pcgamer.com/gaming-industry/us-may-force-operating-systems-to-have-mandatory-age-verification-share-info-with-third-parties/
QuoteUS may force operating systems to have mandatory age verification, share info with third parties
As reported by Gaming on Linux, a new bill brought before the US House would require operating systems like Windows, Linux, and MacOS to verify users' age for installation and, seemingly, regular use. The "Parents Decide Act" has been referred to the House Committee on Energy and Commerce, and is cosponsored by New Jersey Democrat Josh Gottheimer and New York Republican Elise Stefanik.
The bill would "require any user of the operating system" to enter their date of birth to both "set up an account on the operating system and use the operating system."
OS providers would also have to "develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer." In other words, any program on your PC would have access to the date you entered, which I don't like at all.
The method of age verification is probably the most critical information here in terms of privacy and data security, but that's being left to the Energy and Commerce Committee to decide after the bill has been passed
It's not exactly clear if the law would simply require us to enter a date—just like how we all say we were born on 1/1/1900 when we want to look at an M-rated game—or if an actual verification step will be required. Some of the language in the bill heavily implies the latter, and, worryingly, that detail is seemingly one of a few that would only be figured out after the bill is passed—if it is passed.
"Not later than 180 days" after enacting the Parents Decide Act, the committee would determine the following:
- "How an operating system provider can verify the date of birth of a parent or legal guardian"—or, unmentioned in this entry but implied later, an adult user acting on their own behalf.
- "Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user ... is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and is not stolen or breached."
- "Ensure an app developer can access information collected by the operating system provider to carry out this section ..., to verify the date of birth of a user of an app of the app developer."
Now I'm just a simple country games journalist, but this certainly sounds like a vaguely-worded privacy nightmare that would require OSes to not only store sensitive personal information, but share it with whoever—and you'll forgive me for not trusting some hastily drawn-up data protection scheme when these things always seem to fail, whether it's Discord immediately compromising IDs used in its own age verification, or some bush league people finder in Florida losing everyone's Social Security number.
That's not to mention that this bill seems to just assume that all operating systems are of corporate origin—how is an open-source fork of Linux supposed to securely process personal information at installation, startup, and, seemingly, every time it interacts with a third-party application?
The simple answer would seem to be that it's not, and this bill would blithely wipe out an entire mode of personal computing in order to project the appearance that Congress cares about children's wellbeing. A further wrinkle pointed out by PCG US editor-in-chief Tyler Wilde: Would this also require internet access just to use a computer?
OS-level age verification is the latest development in the generalized first world drive to wipe out what little remains of digital privacy in a panicked response to parents letting their children fry their brains on the internet. The government of California has already passed a similar law, and it's driving open source software developers to the brink.
Article about the law in California: https://www.pcgamer.com/software/operating-systems/a-new-california-law-says-all-operating-systems-including-linux-need-to-have-some-form-of-age-verification-at-account-setup/
QuoteA new California law says all operating systems, including Linux, need to have some form of age verification at account setup
The government of California is implementing a law that requires operating system providers to implement some form of age verification into their account setup procedures.
Assembly Bill No. 1043 was approved by California governor Gavin Newsom in October of last year, and becomes active on January 1, 2027 (via The Lunduke Journal). The bill states, among other factors, that "An operating system provider shall do all of the following:"
"(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user's age bracket to applications available in a covered application store.
"(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user."
The categories are broken into four sections: users under 13 years of age, over 13 years of age under 16, at least 16 years of age and under 18, and "at least 18 years of age."
In essence, while the bill doesn't seem to require the most egregious forms of age verification (face scans or similar), it does require OS providers to collect age verification of some form at the account/user creation stage—and to be able to pass a segmented version of that information to outside developers upon request.
That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure. However, the idea that all operating system providers need to comply (in California) has drawn a fair degree of ire from certain Linux communities.
"This is basically impossible for California to enforce" says CatoDomine on the Linuxmint subreddit. "Even if Linux Mint decides to add some kind of age verification, to comply with CA law, there's no reason anyone would choose that version."
"It's more likely they will put a disclaimer on their website: "not for use in California."
Looking at the wider picture, however, mandatory age verification appears to be a growing trend. The UK government's current implementation under the Online Safety Act has come under heavy fire for privacy concerns, while platforms like Discord have received similar critique for their face-scanning age verification efforts, not least because of associations with companies that may not be using the collected data for mere age-confirmation purposes.
And while this implementation is California-specific, it does speak to a wider desire from governments to enforce age verification on a legal level—even if in this case, it seems virtually impossible to effectively enact.
And it's bipartisan.
This is one reason why I don't think Democrats will ever stand up to the anti-democracy oligarchs. They're also all to willing to go along with authoritarianism if they get their paycheck.
Quote from: HisMajestyBOB on May 05, 2026, 08:34:41 AMAnd it's bipartisan.
This is one reason why I don't think Democrats will ever stand up to the anti-democracy oligarchs. They're also all to willing to go along with authoritarianism if they get their paycheck.
Nope. Not unless we make them.
How is legislation meant to curb the power the technology oligarchs supporting the technology oligarchs
The first thing that has to be fixed is the knee-jerk reaction of going to freedom of speech whenever there is a legislative attempt to regulate the dark corners of the Internet. Actually let me fix that it's no longer just the dark corners. It is the Internet.
The age verification bills are backed by Google, Meta and others:
https://www.politico.com/news/2025/09/13/california-advances-effort-to-check-kids-ages-online-amid-safety-concerns-00563005
And?
Imagine the reputational damage if they opposed it
Well for example, European regulations places a lot of obligations on the large platforms around "harmful content", unlawful content, age-gating. That entrenches their market dominance and deepens the walled gardens they've built, not least in their core business which is advertising. It also - and this is an issue you will hear on any European tech circles - makes it very, very difficult for European companies to even try and compete. Because those regulatory obligations can be burdensome (unclear if they're actually effective) and interact with monopoly or at least a dominant position in the market.
"Regulation" is meaningless it's just a buzzword. The real issues are how are we regulating, how is it enforced, what is the technical understanding of regulatory bodies etc.
This is a lesson Europe is learning - the Draghi report was very strong on this. Off the top of my head there are at least six really significant digital regulations working their way through the EU process (most broadly have an aligned ish UK equivalent) - they're a nightmare for European companies while the American (and Chinese) monopolies add another few hundred grand onto their compliance budget. I think some of the success of the GDPR led Europe to a slightly regulation happy phase digitally (heretically I actually think Californian privacy laws get the balance better) - and most of its subsequent digital regulations have been less imitated and I think less effective. But sort of passing regulations was the end in itself. This was sort of a point Thierry Breton who was the relevant Commissioner made about the the EU AI Act where he commented that people in Brussels were celebrating the world's first AI law, when the bigger issue was that there weren't any European companies that would be regulated by it. The EU AI Act has, incidentally, been suspended (less than two years after being passed) because it's not particularly effective, no one is copying its approach, it set the bar way too high and it's part of the Draghi recommendations. So again the effect was to entrench the already established market position of American and Chinese providers.
Regulation is not a buzz word. And you do a lot of damage by suggesting that it so. Not the first time and I really wish you would think more carefully about your broad generalizations.
You empower those who think regulation is evil. Much better to do what you did at the beginning of your post to critique the regulation and suggest ways in which it could be made more robust.
Quote from: HisMajestyBOB on May 05, 2026, 09:28:15 AMThe age verification bills are backed by Google, Meta and others:
https://www.politico.com/news/2025/09/13/california-advances-effort-to-check-kids-ages-online-amid-safety-concerns-00563005
Yeah they can afford it and also in the US especially this area and privacy have had a lot of state laws. The tech companies would absolutely love a federal regulation or to just adopt California's standard.
But you know it's like McDonalds backing nutritional information in restaurants - it's a small line item for them. For a smaller, growing chain or ones that want to change their menu (eg for seasonality) it's a pretty big cost. I'd add that the evidence from that policy intervention is that it barely changes consumer behaviour so is not particularly effective in achieving its goal - like everything based on nudge theory it's probably based on bullshit.
Quote from: HisMajestyBOB on May 05, 2026, 08:34:41 AMAnd it's bipartisan.
This is one reason why I don't think Democrats will ever stand up to the anti-democracy oligarchs. They're also all to willing to go along with authoritarianism if they get their paycheck.
Yup. They won't even stand up against the boondoggle of data centers proliferating across the country. Opposition to those are bipartisan and popular, but supporting them pays well. Heck, even Ron DeSantis is starting to speak out against them. If you can't get ahead of Ron on something, you're in trouble.
Quote from: crazy canuck on May 05, 2026, 09:32:19 AMAnd?
Imagine the reputational damage if they opposed it
They're the ones pushing for it in the first place. They came up with the copy-pasted bills that are being introduced all over the country. If they weren't pushing for it, there'd be nothing to oppose.
Quote from: HisMajestyBOB on May 05, 2026, 09:59:08 AMQuote from: crazy canuck on May 05, 2026, 09:32:19 AMAnd?
Imagine the reputational damage if they opposed it
They're the ones pushing for it in the first place. They came up with the copy-pasted bills that are being introduced all over the country. If they weren't pushing for it, there'd be nothing to oppose.
Again, I ask my question, and?
The go to play of industries that are lightly or non-regulated is to propose regulation when they see there is no longer a way to avoid it.
The problem isn't regulation, it is the attitude toward regulation in the US (and here) which makes it possible for weak regulatory provisions to be put in place.
The reaction to this should not be - "oh no, free speech" the reaction should be "oh no, this didn't go far enough".
Big tech is always more than happy to have more information and more control over us.
To my eyes, it seems to be regulating users, though. Not big tech. It gifts big tech (and presumably the government) lots of information and helps big tech cover themselves in case of lawsuits. It does nothing to benefit the public, though, only cost them privacy, time, and giving up even more data to more "partners".
Quote from: Sophie Scholl on May 05, 2026, 10:26:25 AMTo my eyes, it seems to be regulating users, though. Not big tech. It gifts big tech (and presumably the government) lots of information and helps big tech cover themselves in case of lawsuits. It does nothing to benefit the public, though, only cost them privacy, time, and giving up even more data to more "partners".
:yes:
In fact it's an attempt to avoid regulation. It's in response to the lawsuits that social media is harmful to minors and the companies haven't done anything about it. If the laws pass, Facebook etc. can wash their hands and say they're not at fault.
I'm reasonably sure that the government already has ways to do entity resolution to associate anonymous accounts with people, but enabling all vendors to do it by removing Internet anonymization would be really bad. ChatGPT already has a very good read on my personality, strengths and weaknesses. The idea that, for example, a sales agent can do an AI query on my personality before deciding on what buttons to push to make a sale feels dystopian.
We, as a society, need to end the monitezation of the user created (content) internet.
Meanwhile, in Utah.
https://www.cnet.com/tech/services-and-software/utah-will-ban-vpn-use-to-circumvent-age-verification/
QuoteUtah Will Ban VPN Use to Circumvent Age Verification
Experts warn that the legislation could lead to websites banning all VPN addresses due to technical limitations.
Utah is set to become the first state to prohibit the use of VPNs to avoid age-verification barriers after legislation goes into effect on Wednesday.
Senate Bill 73 will hold websites liable for people who mask their location while in Utah and will effectively treat anyone who connects to a Utah VPN as someone physically in Utah for age-verification purposes.
The legislation follows similar proposed bills from Wisconsin and Michigan and is seen as the first major US step toward regulating VPN use to avoid age verification.
However, privacy advocates warn that the legislation could lead to a blanket ban of all VPN addresses in a "technical whack-a-mole that likely no company can win". The Electronic Frontiers Federation wrote that "if a website cannot reliably detect a VPN user's true location and the law requires it to do so for all users in a particular state, then the legal risk could push the site to either ban all known VPN IPs, or to mandate age verification for every visitor globally."
In the past year, both Australia and the UK have enacted age-verification measures to restrict access to "harmful content." While Australia's legislation has been called an "unmitigated disaster" by Wikipedia founder Jimmy Wales, it's been reported that children in the UK have been drawing on mustaches to get past age barriers.
Representatives for the EFF and the Utah Senate didn't respond immediately to CNET's request for more information.
"Thinking of the children" to push through poorly thought out (or worse malicious) legislation is so cliche even the Simpsons were making fun of it 40 years ago. Sad that it still works on so many.
Quote from: crazy canuck on May 05, 2026, 09:43:08 AMRegulation is not a buzz word. And you do a lot of damage by suggesting that it so. Not the first time and I really wish you would think more carefully about your broad generalizations.
You empower those who think regulation is evil. Much better to do what you did at the beginning of your post to critique the regulation and suggest ways in which it could be made more robust.
I think I do zero damage by having trenchent views and expressing them here :P
But on the buzzword point I think part of this is a difference in perspective. I'm in Europe and I work in tech and digital law. Regulation absolutely s a buzzword here. There are sweeping regulations that have been brought on tech companies in the last 10 years (all following the justifiable and impressive success of GDPR) - I think the desire to regulate and say we have regulated has taken priority over questions of what the purpose, effectiveness and trade off of those regulations are. This is the point that Breton (and Draghi) have made. There were big celebrations within EU official circles and it was a big point that VDL made that Europe was the first to regulate AI (not really true but I'll leave that to one side).
The purpose of the regulation was to pass a regulation to say we're first. I think part of it is just the European self-image of the EU as a regulatory super-power - I've literally seen this in presentations from European civil servants that America is capitalist and leads the world in developing new technology quickly without regarde to risk, China leads the world in implementing it in support of political and very "national security" objectives and Europe leads the world in ethics and regulation. I'd add that factually I don't think that's true recently (lots of the world copied GDPR - no-one except the UK has copied the DSA, DMA, AI Act etc).
But also to Breton and Draghi's point why are we celebrating regulating the technologies of the future when we don't actually have any European champions to regulate? It is a chimera of tech sovereignty - and I'd question how meaningfully the Chinese and American tech companies we are relying on are meaningfully complying with those regulations. And as Draghi especially has flagged these regulations meaningfully increase the cost and difficulty for European competitors to emerge. Just within the last few years the EU has passed or started drafting the Data Act, the AI Act, the Cyber Resilience Act, the Digital Markets Act, the Digital Services Act, the EU Accessibility Act, the Digital Fairness Act - there's at least another one or two data and cyber security regulations that are coming but I can't remember. Relatively few businesses will be impacted by all of them - but even just assessing what does or doesn't apply is a lot of work and despite covering very, very similar concepts/issues they don't all fit together ("without regard to x Act/Regulation" does a lot of lifting in the drafting of these). But as I say, the regulation is the point. It is the end rather than the means (and this despite Draghi's recommendations).
Quote from: DGuller on May 05, 2026, 10:58:33 AMI'm reasonably sure that the government already has ways to do entity resolution to associate anonymous accounts with people, but enabling all vendors to do it by removing Internet anonymization would be really bad. ChatGPT already has a very good read on my personality, strengths and weaknesses. The idea that, for example, a sales agent can do an AI query on my personality before deciding on what buttons to push to make a sale feels dystopian.
Yeah. On the dystopian front I think the conversation around personalised advertising within AI is interesting for exactly those reasons and it is very much the next frontier in the online behavioural advertising world.
Quote from: Sophie Scholl on May 05, 2026, 10:26:25 AMTo my eyes, it seems to be regulating users, though. Not big tech. It gifts big tech (and presumably the government) lots of information and helps big tech cover themselves in case of lawsuits. It does nothing to benefit the public, though, only cost them privacy, time, and giving up even more data to more "partners".
I think this is how it entrenches their dominance because they way it's broadly been implemented is as "duties" on the big platforms. It is for them to determine and consider how much they really want to spend on fine grained judgements. It is strengthening their position as gatekeepers/walled gardens - which lets them capture more economic value, which lets them strengthen their dominance etc.
I'd add from a Euro-perspective tax helps but it's the reason OpenAI, Amazon, Meta, TikTok, Google etc all have their European headquarters in Dublin or Luxembourg because it means they interact with those regulators on the day-to-day. Even with the best will in the world and assuming there was no regulatory capture (and there 100% is) we're talking regulators of very small member states taking point dealing with some of the biggest, most technically advanced and well-funded companies in the world. In a way I also think the American model of regulation which you see through state AGs, but also the SEC, may be more effective - where regulation is effectively a form of law enforcement. They hire lots of lawyers who are basically prosecutors, they have warrant powers etc.
The UK regulator on data for example is the best funded in Europe, and I think broadly one of the most technologically sophisticated (the French are also excellent). I was at an event with the former Information Commissioner a few years ago and asked about this and she said the biggest shock was just how much they had to spend on litigation. Because European regulators are administrators - the investigation is led by a case worker with some rights to information, not a prosecutor and not quite as strong as warrant power (the UK regulators now actually have warrant power). There is a trend of European regulators going pretty gung-ho and then it getting overturned on appeal/as soon as judges get involved because they're kind of administrators who keep on fucking up procedurally rather than prosecutors building a case.
In part I think this also reflects the very, very broad remit of a lot of European tech law - so lots of focus is spent on, for example, public sector uses like hospitals and schools or providing guidance for charities or small businesses. All of which is really important but I think needs a slightly different skillset and mindset than the sharp-elbowed, aggressive approach needed with big tech.
Quote from: Sophie Scholl on May 05, 2026, 10:26:25 AMTo my eyes, it seems to be regulating users, though. Not big tech. It gifts big tech (and presumably the government) lots of information and helps big tech cover themselves in case of lawsuits. It does nothing to benefit the public, though, only cost them privacy, time, and giving up even more data to more "partners".
indeed.
Quote from: Jacob on May 04, 2026, 04:01:09 PMI came across this article online recently: Security software CEO warns: We could be facing the 'death of anonymity online' (https://www.thecooldown.com/green-business/age-verification-online-security-concerns/)
The specific article itself doesn't matter that much, but the general trend towards age verification for adult stuff is real. Similarly, there's the ongoing back and forth in the EU about Chat Control.
I'm curious if any of you have any thoughts or insight on possible less-or-no-anonymity-on-the-net scenarios and potential impacts.
It seems to me that the primary framing of the public discourse is around the following:
- It will allow us to keep children from accessing porn (and other stuff deemed harmful).
- It'll make loads of adults feel weird about accessing porn becuase it'll be linked to their actual identities somehow.
- It'll allow governments way too much insight into political speech and that's going to lead to bad places.
- Something about free speech.
But what are the other possible ramifications?
What's the possible impact on social media if anonymity is curtailed? Will it render large parts of the social media economy reliant on bot farms and the like inoperative? How much of an impact will it have on foreign (or domestic) online influence operations?
How big of a threat is it to the bottom lines of social media companies like Meta, Twitter, etc (and therefore, how much should we expect to see them oppose it)? Or is it not a threat?
To what degree will malicious (or simply profit seeking) actors be able to get personal data on individual people if there's no anonymity? And is it actually that different from what is available to Google, Meta, Microsoft et. al. now?
I'm curious if any of you have any insight or have read any compelling analysis on the topic?
This whole puritanical idea of keeping porn out of children hands is so stupid.
Our data keeps getting leaked by corporations and government who don't invest as much as they should in security, or use antiquated practices.
And we have seen the danger with authoritarian countries such as China, Russia and the US of allowing governments easy access to dissenter's speech.
ICE is requesting information on Reddit's Canadian users who criticized its agents. The US govt easily censored free speech on social media platforms and traditional media for general users, it's now going after private users.
The Canadian government is going to do the same at some point, don't kid yourself. It's not about porn or pedophilia.
Probably prudent to put a copy of TailsOS on a USB stick.
Quote from: HVC on May 05, 2026, 11:04:43 AM"Thinking of the children" to push through poorly thought out (or worse malicious) legislation is so cliche even the Simpsons were making fun of it 40 years ago. Sad that it still works on so many.
Framing regulation in that way is beyond cliché. It's just fucking lazy thinking.
Quote from: viper37 on May 05, 2026, 04:07:33 PMQuote from: Jacob on May 04, 2026, 04:01:09 PMI came across this article online recently: Security software CEO warns: We could be facing the 'death of anonymity online' (https://www.thecooldown.com/green-business/age-verification-online-security-concerns/)
The specific article itself doesn't matter that much, but the general trend towards age verification for adult stuff is real. Similarly, there's the ongoing back and forth in the EU about Chat Control.
I'm curious if any of you have any thoughts or insight on possible less-or-no-anonymity-on-the-net scenarios and potential impacts.
It seems to me that the primary framing of the public discourse is around the following:
- It will allow us to keep children from accessing porn (and other stuff deemed harmful).
- It'll make loads of adults feel weird about accessing porn becuase it'll be linked to their actual identities somehow.
- It'll allow governments way too much insight into political speech and that's going to lead to bad places.
- Something about free speech.
But what are the other possible ramifications?
What's the possible impact on social media if anonymity is curtailed? Will it render large parts of the social media economy reliant on bot farms and the like inoperative? How much of an impact will it have on foreign (or domestic) online influence operations?
How big of a threat is it to the bottom lines of social media companies like Meta, Twitter, etc (and therefore, how much should we expect to see them oppose it)? Or is it not a threat?
To what degree will malicious (or simply profit seeking) actors be able to get personal data on individual people if there's no anonymity? And is it actually that different from what is available to Google, Meta, Microsoft et. al. now?
I'm curious if any of you have any insight or have read any compelling analysis on the topic?
This whole puritanical idea of keeping porn out of children hands is so stupid.
Our data keeps getting leaked by corporations and government who don't invest as much as they should in security, or use antiquated practices.
And we have seen the danger with authoritarian countries such as China, Russia and the US of allowing governments easy access to dissenter's speech.
ICE is requesting information on Reddit's Canadian users who criticized its agents. The US govt easily censored free speech on social media platforms and traditional media for general users, it's now going after private users.
The Canadian government is going to do the same at some point, don't kid yourself. It's not about porn or pedophilia.
Oh, for fuck sakes, the stupidity of this is astounding.
People share so much fucking personal information online it's ridiculous. People post their personal views online all the time in a way that is easily traceable to them.
Are you really so naïve as to not understand that state actors can already obtain the information about who is posting information online.
Do yourself a favour and look up what a Norwich Order is. I can walk into court today and get an order, revealing the identity of anyone in the world who has allegedly defamed my client.
You guys are living in an infantile fantasy that never existed. Most of you wave around the principle of free speech without even understanding what it is you're talking about or the legal context in which it exists. And you guys are the smart ones in society.
Quote from: crazy canuck on May 06, 2026, 11:18:01 AMQuote from: viper37 on May 05, 2026, 04:07:33 PMQuote from: Jacob on May 04, 2026, 04:01:09 PMI came across this article online recently: Security software CEO warns: We could be facing the 'death of anonymity online' (https://www.thecooldown.com/green-business/age-verification-online-security-concerns/)
The specific article itself doesn't matter that much, but the general trend towards age verification for adult stuff is real. Similarly, there's the ongoing back and forth in the EU about Chat Control.
I'm curious if any of you have any thoughts or insight on possible less-or-no-anonymity-on-the-net scenarios and potential impacts.
It seems to me that the primary framing of the public discourse is around the following:
- It will allow us to keep children from accessing porn (and other stuff deemed harmful).
- It'll make loads of adults feel weird about accessing porn becuase it'll be linked to their actual identities somehow.
- It'll allow governments way too much insight into political speech and that's going to lead to bad places.
- Something about free speech.
But what are the other possible ramifications?
What's the possible impact on social media if anonymity is curtailed? Will it render large parts of the social media economy reliant on bot farms and the like inoperative? How much of an impact will it have on foreign (or domestic) online influence operations?
How big of a threat is it to the bottom lines of social media companies like Meta, Twitter, etc (and therefore, how much should we expect to see them oppose it)? Or is it not a threat?
To what degree will malicious (or simply profit seeking) actors be able to get personal data on individual people if there's no anonymity? And is it actually that different from what is available to Google, Meta, Microsoft et. al. now?
I'm curious if any of you have any insight or have read any compelling analysis on the topic?
This whole puritanical idea of keeping porn out of children hands is so stupid.
Our data keeps getting leaked by corporations and government who don't invest as much as they should in security, or use antiquated practices.
And we have seen the danger with authoritarian countries such as China, Russia and the US of allowing governments easy access to dissenter's speech.
ICE is requesting information on Reddit's Canadian users who criticized its agents. The US govt easily censored free speech on social media platforms and traditional media for general users, it's now going after private users.
The Canadian government is going to do the same at some point, don't kid yourself. It's not about porn or pedophilia.
Oh, for fuck sakes, the stupidity of this is astounding.
People share so much fucking personal information online it's ridiculous. People post their personal views online all the time in a way that is easily traceable to them.
Are you really so naïve as to not understand that state actors can already obtain the information about who is posting information online.
Do yourself a favour and look up what a Norwich Order is. I can walk into court today and get an order, revealing the identity of anyone in the world who has allegedly defamed my client.
You guys are living in an infantile fantasy that never existed. Most of you wave around the principle of free speech without even understanding what it is you're talking about or the legal context in which it exists. And you guys are the smart ones in society.
You can obtain a court order to know my real identity and where I live.
I did not post here publicly for everyone to see, inviting the highest bidder to get everything they need to impersonate me at my bank over the phone.
No one is supposed to have public access to my SSN, driver's license with picture, RAMQ id and so on.
I keep reasonable stepts to maintain a degree of privacy, I'll be taking some more later this summer/fall.
https://thedreydossier.substack.com/p/i-found-a-second-votegov-and-its
QuoteI found a second vote.gov — and it's registered to the White House
There is a moment in every investigation where the thing you have been looking for finds you instead. Mine found me on TrumpRx.
If you have not been to TrumpRx, it is a federal drug pricing website that looks like Wix and a Pinterest board threw up on each other. There is a gold three-dimensional eagle on the homepage clutching a ribbon in its talons that says TrumpRx. There are pills floating across the screen like a pharmaceutical screensaver. The tagline, and I am quoting directly from a website owned by the United States government, invites you to TrumpRx the price. It has the typography of a Brooklyn juice bar and the self-regard of someone who has never been told no. It is, in every conceivable aesthetic sense, a catastrophe. And while you are busy looking at the eagle, the website is busy looking at you. I wish I were being metaphorical.
In the footer of the page, beneath all of it, I found something I have never seen on a federal government website in my life. A byline. The government does not do this. The IRS does not sign its work. The FBI does not. Social Security does not. No federal agency that has ever built a website has felt the need to take credit for it. In plain bold text, sitting directly above the privacy policy, it said: Designed and Engineered in D.C. by National Design Studio. So I clicked through.
The National Design Studio was created by executive order in August 2025. Its job, officially, is to redesign how Americans experience their government. Its leader is Joe Gebbia, cofounder of Airbnb, which is to say he is a man who looked at the American home and saw an untapped revenue stream. If anyone understands how to improve public spaces, it is the company that took residential ones and made sure the public could never afford them again. He reports directly to White House Chief of Staff Susie Wiles, which is a strange place to house a website design agency. A technology office that builds federal websites should answer to the General Services Administration, or at minimum to the agencies whose websites it is building. Instead it answers to the person who controls access to the President. His position requires no Senate confirmation, which means he files no financial disclosures, which means the office he runs does not appear in any federal procurement database, which means as far as the official record is concerned, it barely exists.
Which, as I was about to find out, was entirely the point.
The structure of the National Design Studio will be familiar to anyone who has been paying attention. Staff are hired under a federal authority called Section 3161, written for temporary advisory bodies, which means most of them are part-time advisors or volunteers. They do not appear on the White House salary report. They answer to no inspector general, because the Executive Office of the President does not have one. If that sounds familiar, it should, because it is exactly how DOGE was run.
Gebbia spent six months at DOGE before taking his current role. The senior staff at the National Design Studio, when you pull the bylines from their blog posts and run the names against court filings, come back from the same place, DOGE, the same DOGE currently named as defendant in multiple federal lawsuits for letting engineers without proper security clearance access Social Security data and Department of Homeland Security data, and for sharing sensitive federal information with outside parties. The National Design Studio is not a successor to DOGE. It is DOGE with a better logo and a design philosophy.
Now, back to TrumpRx looking at you.
Every webpage you load is making phone calls. Not to people, but to servers around the internet, dozens per second, all invisible to you. When I opened TrumpRx, I right-clicked the page, opened the browser's built-in inspector, and started reading the list. Mixed in with the routine traffic was a name I recognized: PostHog. PostHog is a Silicon Valley analytics company whose entire business model is recording what visitors do on a website and reporting it back to whoever owns the site. Mouse movements, clicks, scrolls, keystrokes. I had not typed anything. I had not clicked anything. I had just opened the page, and it was already on the phone with PostHog telling them about me.
The recordings are not anonymized. IP addresses are not stripped. And the way it is configured, the data looks to your browser like it is going back to TrumpRx, but it is actually being forwarded behind the scenes to PostHog. That is a technique used to slip past ad blockers by disguising where the data is really going, and it is not something I expected to find on a federal health website. So I went and looked at the other sites the studio had built. Real Food, the federal food policy site. Trump Accounts, the children's savings program. The studio's own homepage, ndstudio.gov. All of them had the same vendor, the same setup, IP addresses not stripped, the same forwarding trick. And on ndstudio.gov alone, running alongside PostHog, was something someone had built entirely by hand. Five hundred and forty lines of custom JavaScript with a name embedded directly in the code: AutoMonitor. What it appears to do is rewire the part of the browser that handles how a page talks to the outside world, so that every conversation the page has with any server gets copied and forwarded to a private backend with no public presence. The studio has the structural ability to keep a copy of every recording as it passes through their infrastructure. I cannot prove they are keeping one. The pipe is built that way on purpose, and that is the part that matters.
When the federal government collects information about citizens, the law requires specific things first. Privacy disclosures. Notices in the Federal Register. Published contracts with outside vendors. I went looking for all of it across twelve National Design Studio programs and found none of it, not a single required document filed across any of the twelve. Every missing document is, by itself, a violation of federal law, and these are the laws Congress wrote after Watergate to make sure the federal government could not run secret surveillance programs on its own citizens. The only document they did publish is a privacy policy on TrumpRx, and it contradicts itself two paragraphs apart. The first paragraph says PostHog records the pages users visit and the medications they view. Two paragraphs later, it says they do not collect health or medical information. A federal health website is lying to the people using it and cannot even keep the lie consistent.
I wanted to know whether there were more sites the studio had not announced. Here is something almost nobody outside of security research knows. Every website with a padlock in the address bar has a certificate, and there is a rule that every certificate issued anywhere in the world must be logged in a public ledger the moment it is created, no exceptions. The side effect of that rule is that every new website on the internet, even ones nobody has announced and even ones hidden behind a login, leaves a public fingerprint the moment it is built. There is a free search engine called crt.sh where anyone can look up those logs. I typed in the studio's domain, and underneath the public sites I already knew about were roughly forty more, unannounced, with no links pointing to them from any public page. I started reading the names. Sites that looked like they belonged to the State Department. To NASA. To the Department of Homeland Security. And then two that stopped me cold: a working preview of vote.gov, and something called fbi-kirk-tipline. I checked the public ownership records for every subdomain, and every single one traced back to the same place, the Executive Office of the President. The National Design Studio had built pre-launch versions of websites belonging to other federal agencies and registered all of it to the White House.
(https://substackcdn.com/image/fetch/$s_!lYLT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F81e7e69c-001d-4876-9858-0eba0ccc380a_1706x1010.png)
All of it ran through the same private Cloudflare account. Using Cloudflare is not unusual for a federal agency. Running forty federal websites through one personal account is another matter. The login screen for the gated preview sites read: loveisaskill.cloudflareaccess.com. Love is a skill is a phrase Gebbia has used publicly to describe Airbnb's design philosophy. It is the kind of name you give an account when it belongs to you personally, not when it belongs to the federal government, and federal infrastructure is supposed to be owned by the agency, not the person running it.
The people running this office are worth knowing about. In 2025, a federal judge ordered everyone at DOGE blocked from accessing personnel records at the Office of Personnel Management. Three people were granted exceptions and allowed to keep their access anyway. Greg Hogan was one of them. The administration argued he was essential to ongoing system work, the judge accepted it, and Hogan kept his access to federal personnel records while every other DOGE staffer was locked out. He has since moved from DOGE into the National Design Studio, where he was recently promoted to run Login.gov, the federal government's sign-in system. If you have ever applied for a federal job, requested your Social Security records online, or filed for federal benefits, you have used it. It scans your biometrics. More than 150 million Americans have accounts. The man who survived the OPM injunction now runs the front door to your federal identity.
A second name from the original DOGE cohort, Akash Bobba, now serves as the official security contact for the US African Development Foundation, a small independent agency the administration tried to dissolve by executive order earlier this year. The dissolution got tied up in court, the agency technically survived, but most of its staff was cleared out. Bobba now holds the credentials controlling the agency's website, its email, and its security configuration, which means a White House staffer has full visibility into who applies for grants, who gets approved, and who inside that agency is talking to whom.
(https://substackcdn.com/image/fetch/$s_!GbC3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71e696eb-3f78-4e71-ac26-4885d5a0a173_2204x1498.png)
In October 2025, Bobba got on a recorded conference call with state election directors from across the country and presented a federal voter registration system the studio was building. Voters would register through a federal portal, their identities verified through Login.gov, their citizenship verified through DHS's SAVE database, their registrations transmitted to the states. A state election director asked him what data the federal government would retain. He said, on a recording, in an election year: I don't know what they retain and what they are logging. The person presenting a federal voter registration system to state election directors did not know what data his own system kept on American voters.
After Florida 2000, Congress passed a law creating the Election Assistance Commission specifically because both parties agreed that voter registration cannot live inside the White House of any sitting president. The sitting president should not have visibility into who is checking their registration in the weeks before an election that decides whether they keep their job. So Congress built a wall, and today vote.gov is registered to the Election Assistance Commission. As of this writing, that wall is still standing.
But in the certificate logs, underneath the studio's unannounced sites, was a working preview of vote.gov, built inside the studio's staging environment, behind the same Cloudflare login, isolated deliberately. The certificate appeared on April 10, 2026. Weeks before that certificate appeared, this administration signed an executive order requiring DHS, the Social Security Administration, and the SAVE program to construct a federal citizenship-verified voter list, with a deadline of ninety days from signing. That deadline is weeks away. When the order was challenged in federal court, the Department of Justice told the judge the agencies named had not yet begun preparation and were still in the deliberation phase.
(https://substackcdn.com/image/fetch/$s_!a7qJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11db6ef4-8910-49e1-9da2-89f790d5e253_1712x1756.png)
The certificate is dated April 10. DOJ told a federal court the infrastructure does not exist. Both of those cannot be true. Either DOJ lied to a federal judge, or the studio is building a replacement for the country's voter registration site without telling the agencies whose work it would replace. There is no third option.
While I was finishing this piece, I typed passports.gov directly into my browser, just to see what was there. A sign-in page came up: enter your email and we will send you a six-digit code. No State Department seal. No agency name. No privacy notice. Just a black button that says Send code. The owner of passports.gov is the Executive Office of the President, White House Office. The State Department does not own this domain. The security contact field is blank. The first certificate was issued May 5, three weeks ago. Based on what I can see in the staging environment, the next step will ask Americans to upload their passport photo through a White House-controlled website, on the same Cloudflare account, by the same people, with no privacy notice on file. A passport photo is biometric quality. Linked to your identity through Login.gov. Collected through infrastructure the White House owns, sealed from public view. They are building it this week.
Here is what the structure looks like from the outside. Section 3161 hides the staff so they do not appear on salary reports or file financial disclosures. The Executive Office of the President has no inspector general. There are zero required privacy disclosures filed across all twelve programs and no published contracts with any outside vendor. Forty federal websites run behind one personal Cloudflare account. And the Presidential Records Act seals everything for twelve years the day this administration ends, meaning until 2040, no one outside the White House can see who works there, what they collected, or where any of the data went.
What this office is doing is taking the parts of the federal government that touch you directly, your prescription, your voter registration, your passport, your federal login, out of the agencies that legally own them and rebuilding them on White House infrastructure. Vote.gov belongs to the Election Assistance Commission, and the studio built a copy. Passports belong to the State Department, and the studio is building a replacement this week. Login.gov belonged to GSA, and the studio's guy runs it now.
Trump has said publicly that this infrastructure is for other presidents, and he is right about that. It is the one thing in this story I take him at his word on. The infrastructure outlasts him. Whoever wins in 2028 inherits the websites, the vendors, the data, and the hardware, sealed and waiting.
There is a gold three-dimensional eagle on the homepage of TrumpRx, clutching a ribbon in its talons. You are looking at the eagle. Something is being built underneath the government you think you have, on infrastructure you cannot see, by people who answer to no one, collecting everything.
I wish, still, that I were being metaphorical.
SOURCES CITED
NDS Infrastructure Map — my live working github map of every National Design Studio subdomain I have found, filterable by status, registrant, and parent domain. If you want to retrace this investigation or watch new subdomains appear in real time, start here.
The Front Door: NDS and Its Sites
National Design Studio (ndstudio.gov) — the office's own homepage. The /work portfolio page lists every site they have built or are building, including TrumpRX, Real Food, Genesis Mission, Trump Accounts, Tech Force, Safe DC, Trump Card, and OPM Digital Retirements.
TrumpRx.gov — the federal drug pricing site. Footer links to ndstudio.gov via "National Design Studio."
RealFood.gov — MAHA nutrition site. Same NDS footer credit.
TrumpAccounts.gov — children's savings account program. Same NDS footer.
Genesis Mission (genesis.energy.gov) — the DOE/Oracle AI initiative. Oracle is listed as a partner on the homepage alongside NVIDIA, OpenAI for Government, IBM, Microsoft, AMD, AWS, and Google. Footer reads "DESIGNED IN D.C. BY THE NATIONAL DESIGN STUDIO."
Passports.gov — currently a sign-in wall with no public footer credit, but the certificate transparency log ties it to the same infrastructure pattern (see below).
Executive Orders and Founding Documents
Executive Order 14338 — establishing the National Design Studio (August 21, 2025) — the order that created NDS, named Joe Gebbia chief design officer reporting to Chief of Staff Susie Wiles, and granted it broad authority to "design and redesign" federal digital services.
Genesis Mission executive order (November 24, 2025) — the order directing DOE to build the federal AI platform with Oracle as integration partner.
Personnel and Hiring Authority
Joe Gebbia named NDS chief design officer (Reuters) — Reuters' reporting describing NDS as "a stripped-down successor to the controversial Department of Government Efficiency."
Section 3161 of Title 5, U.S. Code — temporary organizations — the federal statute NDS is using to hire staff as advisors to a "temporary organization," which bypasses normal civil service hiring, salary disclosure, and ethics review timelines.
Akash Bobba — DOGE engineer background (Wired) — original reporting on the DOGE engineering cohort, including Bobba.
dotgov-data registry (cisagov/dotgov-data on GitHub) — CISA's authoritative repository for every federal .gov domain. The current-federal.csv file at this raw URL shows ndstudio.gov, passports.gov, realfood.gov, and trumprx.gov all registered to the Executive Office of the President, White House Office. The same file shows usadf.gov (United States African Development Foundation) listing [email protected] as its official security contact — meaning an independent federal agency's cybersecurity point of contact is a personal-named mailbox at the White House design shop.
get.gov data page — the public landing page that links to the CISA registry files.
Certificate Transparency Logs
crt.sh search for %.ndstudio.gov — 979 certificates on file as of May 26, 2026. Includes subdomains for fbi-kirk-tipline.previews, vote-gov.previews and vote-gov-ndstudio.previews, trump-accounts-splashpage.previews, board-of-peace-assets, war.previews, and dozens of other staging environments that are not publicly announced.
(crt.sh crashes all the time, hence my github repo at the top ^ )
crt.sh search for passports.gov — 26 certificates showing the rollout timeline: original cert May 5, staging/auth/api subdomains spun up May 22, and nine new certs for photo.passports.gov and photos.passports.gov issued in a single hour on May 26.
Cloudflare Access login wall at loveisaskill.cloudflareaccess.com — the SSO portal that gates vote-gov.previews.ndstudio.gov. The URL resolves to a Cloudflare Access login wall and will request an email/authentication; you cannot bypass it without credentials, but its existence confirms the preview is hosted on White House-controlled infrastructure rather than the Election Assistance Commission's systems.
The AutoMonitor Script
The AutoMonitor source file (cdn.infra.ndstudio.gov) — the 539-line JavaScript file that defines class AutoMonitor, generates a session ID on line 7, and posts telemetry to analytics.infra.ndstudio.gov/metrics on line 8. Deployed on ndstudio.gov and confirmed on genesis.energy.gov.
PostHog analytics on TrumpRx — TrumpRx privacy policy — TrumpRx's own privacy policy confirms it uses PostHog for usage analytics while also stating it does not collect "health or medical information." PostHog by default records full session replays, including keystrokes and mouse movement, unless explicitly disabled.
PostHog session recording documentation — PostHog's own docs describing what session replay captures by default.
DOGE Lineage and Court Record
American Federation of Teachers v. Bessent — the lawsuit challenging DOGE access to Treasury Department systems, including IRS taxpayer data. Court filings document the specific systems DOGE personnel were granted read/write access to.
Court ruling on DOGE Privacy Act violations (CourtListener docket) — full docket including the preliminary injunction findings.
FBI Utah Valley shooting page (fbi.gov/utahvalleyshooting) — the FBI's official public intake page for Kirk shooting tips. Tips went through the existing 1-800-CALL-FBI line and tips.fbi.gov, generating over 11,000 tips in 48 hours.
Privacy Framework Documents That Should Exist And Do Not
E-Government Act of 2002 — Privacy Impact Assessment requirement — the law requiring federal agencies to publish a PIA before deploying any system that collects personally identifiable information.
OMB Circular A-130 — federal information policy — the binding policy requiring System of Records Notices (SORNs) for any federal system maintaining personally identifiable records.
Federal Register SORN search — search for "National Design Studio" returns zero published SORNs as of May 26, 2026.
Iron Mountain and the Retirement Pipeline
Iron Mountain limestone mine retirement processing (Washington Post) — the original "sinkhole of bureaucracy" reporting on OPM's paper-based retirement processing facility.
OPM Digital Retirements (retire.opm.gov) — the NDS-built replacement system listed in their portfolio. Linked from ndstudio.gov/work.
Is this something? Is this nothing? :unsure:
Authoritarians, you've got to love them...
<_< :glare: :ph34r: :shutup: