Claude Source Code Leak, Influencers' Kids Can Request Deletion, LinkedIn Scrapes Your Browser Extensions, and More!
Our top stories this week:
- Entire Claude Code CLI source code leaks thanks to exposed map file
- California bill would require parent bloggers to delete content of minors on social media
- ONLYOFFICE suspends Nextcloud partnership for forking its project without permission
- LinkedIn Is Illegally Searching Your Computer
- A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’
TWIP Live 🔴
Updates from the Team
Early Access: Encrypted Email Video
We have a new video out about encrypted email! This video covers why mainstream providers aren't secure enough, which providers we recommend, and all you need to know to get started. Members get early access now, and the public will get access in about a week, as usual. You can become a member on YouTube (linked below) or get a membership at privacyguides.org/donate (also linked in the next announcement).
Show Notes
If you're a member on our forums, you may have already noticed that we've started posting the scripts in advance in the members-only section. Many people have asked if we can share the stories in advance. We can't always accommodate this due to the nature of collecting news throughout the week, so instead we're trying the next best thing, which is sharing access to our script. This gets updated periodically throughout the week, and we add any stories we're considering covering. On Fridays we narrow it down the handful you see here, so it's not an exact final product but it will also give you an idea of what's on our radar each week.
Podcast Appearance: Firewalls Don't Stop Dragons
This week, Jonah and Nate got to go on Firewalls Don't Stop Dragons and talk more about Privacy Guides, how we try to educate others on privacy, where we turn to for advice, and more.
Carey Parker
News Briefs
This week Fria and Nate wrote articles about Walmart's incoming digital price labels, systemd's age verification field (which we also discussed last week), the arrival of E2EE RCS in iOS 26.5 Beta, a grandmother who was wrongfully jailed due to facial recognition tech, and macOS 26.4 bringing new terminal security features to stop malicious copy/paste. You can find all those and more at privacyguides.org/news.
Jonah Aragon
Sources
Entire Claude Code CLI source code leaks thanks to exposed map file
This week saw a major news story: Claude Caude's source code got leaked thanks to human error. While there's nothing particularly shocking here in terms of privacy or security, it's an important moment to talk about the role of humans in cybersecurity, AI, and the knock-on effects of this leak.
Samuel Axon
Bill Toulas
California bill would require parent bloggers to delete content of minors on social media
California is proposing a new law that would make influencers liable to remove content of their kids online if requested by the child after the child has grown up. Under the proposal, social media platforms must create a system for adults to easily request removal of content that features them as children, and the platforms will then pass the removal request on to the parent. Parents have 10 days to remove content or else face fines.
Contact
ONLYOFFICE suspends Nextcloud partnership for forking its project without permission
Recently, Nextcloud, IONOS, and several other European tech companies announced a new tool called Euro-Office, an open-source ""sovereign replacement for Microsoft Office." ONLYOFFICE has responded by suspending their partnership with Nextcloud, saying that Euro-Office was forked from their code and does not respect the license requiring attribution.
LinkedIn Is Illegally Searching Your Computer
A European advocacy group is alleging that LinkedIn uses JavaScript to scan what plugins you have installed in your browser, information that could be used to fingerprint you or identify other personal information. This could be a result of LinkedIn's scanning tools to fight automation and bots, but of course could be weaponized for other uses like this.
A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’
TeleGuard - who's name has popped up in our forum once or twice over the years - has just been revealed to be extremely insecure, doing things that no secure messenger should ever do such as uploading private keys to the server, making it easy for attackers to decrypt messages simply by knowing your public ID, and storing metadata in plaintext.
Joseph Cox
Forum Updates
