Irish EU Council Presidency, Condé Nast Breach, Voluntary Location Tracking, and More!
Our top stories this week:
- Ireland will prioritize age verification and deanonymization as EU Council president in 2026
- France explores an Australia-style social media ban for teenagers
- Condé Nast suffers a data breach, leaking WIRED subscriber information
- A Texas man utilized location tracking to find his kidnapped daughter
- The White House has lifted sanctions on three targeted spyware-linked executives
TWIP Live 🔴
Updates from the Team
Goodbye 2025...Hello 2026!
Happy New Year! We are pumped to release the first TWIP podcast and newsletter of 2026.
Many of our team members are still on break until next week. Thankfully, Nate and Kevin are still on the clock to ensure that you receive your weekly dose of privacy and security news.
In the meantime, you can stay connected by subscribing to Privacy Shorts on YouTube (or PeerTube) and signing up for our email news alerts to get our latest articles delivered straight to your inbox. We have some incredible projects in the works.
Do you have any privacy or security resolutions for 2026? Share it on the forum thread below:
KevPham
Privacy Guides Newsroom
The Privacy Guides Newsroom is working constantly to deliver objective reporting straight to your inbox. Here are the latest news briefs we published this past week:
Nate Bartram
Fria Reyes
Fria Reyes
Sources
Simon Harris says Ireland to lead EU drive for ID-verified social media
Fine Gael Leader Simon Harris and incoming Tánaiste (Deputy Prime Minister) of Ireland hopes to amend the EU Digital Markets Act (DMA) to include provisions that limits anonymity of online user accounts. He specifically wants to target online "keyboard warriors" and disinformation spreaders, but this also will include a unified ID verification mandate across Europe.
Ireland already has its own digital age of consent of 16 that is not yet enforceable. They hope to enforce it across Europe in their upcoming Council of the European Union Presidency. You should be concerned since the outgoing Danish Presidency used their mandate to push for Chat Control.
Note that Ireland also hosts the European headquarters of several Big Tech companies. This enabled them to become the de-facto hub for FAANG in Europe due to their substantial tax breaks to these companies. Don't mind the fact that has appointed an Ex-Meta lobbyist to become its third Data Protection Commissioner.
John Lee
France targets Australia-style social media ban for children next year
A draft bill in the French Parliament will impose an Australia-style social media ban for children under the age of 15 in 2026. Those 15 to 18 are not allowed to use their phones in high school, following a pre-existing smartphone ban in primary and middle schools.
President Emmanuel Macron has publicly demonstrated that France must "swiftly follow" Australia after it implemented its own social media ban. The Guardian states:
Earlier this month, Macron confirmed at a public debate in Saint Malo that he wanted a social media ban for young teenagers. He said there was “consensus being shaped” on the issue after Australia introduced its ban. “The more screen time there is, the more school achievement drops … the more screen time there is, the more mental health problems go up,” he said.
Le Monde reports that the current iteration of the draft bill also cites the growing mental health concerns of cell phone usage, mentioning that it intends to "protect future generations" from anti-social behavior and encourages societal cohesion.
While we generally support voluntary technological minimalism, Privacy Guides does not support legislation that strips choice out of parents. Since this draft bill includes a broad social media ban, age verification may soon come to France. That will only lead to grave security implications.
Angelique Chrisafis
Hacker claims to leak WIRED database with 2.3 million records
A hacker posing as a white-hat security researchers has leaked and published the records of 2.3 million WIRED subscribers in a devastating data breach targeting Conde Nast, the parent company of WIRED and Ars Technica.
The leaked data reveals a substantial array of personally identifiable information according to a Bleeping Computer analysis:
The dataset contains 2,366,576 total records and 2,366,574 unique email addresses, with timestamps ranging from April 26, 1996, to September 9, 2025. Each record includes a subscriber's unique internal ID, an email address, and optional data, such as first and last name, phone number, physical address, gender, and birthday. Many of these fields are empty.
While many of the records fields are empty, some include additional personal details. Approximately 284,196 records (12.01%) include both a first and last name, 194,361 records (8.21%) include a physical address, 67,223 records (2.84%) include a birthday, and 32,438 records (1.37%) include a phone number.
A much smaller subset includes more complete profiles, with 1,529 records (0.06%) containing a full name, birthday, phone number, address, and gender.
Ars Technica claims that they are not impacted by the breach.
Lawrence Abrams
Texas father rescues kidnapped 15-year-old daughter after tracking her phone’s location
Location tracking is a controversial topic, especially among the online privacy community because of its potential exploitation. But for parents, it is something that is a non-negotiable to protect their safety. Is there a way to balance both perspectives together?
For one Texas man, he was able to use Apple's Find My feature to track down his daughter after she was kidnapped.
The Guardian reports:
"Her father subsequently located her phone through the device’s parental controls, the agency’s statement said. The phone was about 2 miles (3.2km) away from him in a secluded, partly wooded area in neighboring Harris county.
Deputies said the father headed to that spot and found his daughter as well as her dog inside a pickup truck with a partly nude man inside. She then managed to escape with a hand from her father, who called law enforcement officials, said the statement from the Montgomery sheriff’s office."
Our response to this question? Minimize your location sharing to only trusted loved ones or family members. As for friends, make use of temporary, one-time location sharing when you are going on longer trips. Consider securing the devices of your family members to protect them from being compromised.
Ramon Antonio Vargas
Trump Administration lifts sanctions on three spyware-linked executives
The U.S. Treasury Department has lifted sanctions on three former executives of Intellexa, a spyware software consortium that developed and commercialized Predator, a malware suite that targeted Greek journalists and even members of the U.S. Congress.
When pressed for a comment, a Treasury Department spokesperson declined to comment. However, Reuters obtained information from anonymous U.S. official that points to a more routine procedure.
A U.S. official, speaking on condition of anonymity, said that the removal “was done as part of the normal administrative process in response to a petition request for reconsideration.” The official added that each of the individuals had “demonstrated measures to separate themselves from the Intellexa Consortium.”
These individuals included Sara Hamou, who provided mangerial services to the Predator spyware, Andrea Gambazzi, whose company distributed the software, and Merom Harpaz, who was also instrumental in Predator's operations.
Reuters reported on several instances of Predator being weaponized against human rights defenders, political activists, and government officials.
The Intellexa consortium’s flagship “Predator” spyware is at the center of a scandal over the alleged surveillance of a journalist, a prominent opposition figure and dozens of others in Greece, while in 2023 a group of investigative news outlets reported that the Vietnamese government had tried to hack members of the U.S. Congress using Intellexa’s tools.
REUTERS
Forum Updates
KevPham
jordan