CalyxOS Is (Almost) Back But Is It Any Better?
Our top stories this week:
- CalyxOS progress report - our test build with Android 16 is here
- Canvas login portals hacked in mass ShinyHunters extortion campaign
- Google Chrome has been silently pushing a 4GB AI model to your device without asking
- Microsoft Edge keeps all saved passwords unencrypted
TWIP Live 🔴
Updates from the Team
Data Protection Authority Directory
This week we released the next major tool in our Activism section: the Data Protection Authority Directory. The goal is to provide readers with a list of applicable privacy laws in your area and who to contact if you believe your rights have been violated. As you might expect, keeping this project up-to-date will be a massive undertaking. If you find any inaccuracies please let us know!
Early Access: Signal Proxy Tutorial
This week we released our latest tutorial video about how to run a Signal proxy. In an age of rising censorship it's important to keep communications open, and given Signal's large market share (compared to other encrypted messengers), this could be a vital tool for some. It's out now to members and will release for free to the general public next week.
News Briefs
A lot happened this week, but our news section has you covered! This week saw coverage of the new Copy Fail Linux vulnerability (plus the two new ones that just popped up the other day), end-to-end encrypted RCS coming to iOS 26.5, Proton Mail launching post-quantum encryption, and much more!
Jonah Aragon
Sources
CalyxOS progress report - our test build with Android 16 is here
Calyx OS - a popular Android ROM - went on hiatus in August 2025 after the departure of their founder and their tech lead. Details have been scant and progress has been slower than expected (they originally promised 4-6 months to complete this reorganization), but they assured users that there no signs of compromise or cause for concern. They have now emerged with a beta build based on Android 16.
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ransomware gang "ShinyHunters" has defaced the portal for Canvas, a popular "learning management system" in schools at all levels in the US that helps manage coursework, assignments, grading, and communications. Canvas has taken the platform down to deal with the damage, but this is coming right as schools are starting finals. Chaos has ensued.
Lawrence Abrams
Google Chrome has been silently pushing a 4GB AI model to your device without asking
It has come to light that Google has been quietly installing a local copy of Gemini Nano on user devices (only desktops, this article suggests) without alert users or gaining explicit consent. Attempts to delete the folders only cause it to come back later, and it must be deleted using Chrome flags.
https://www.techspot.com/news/112309-google-chrome-has-silently-pushing-4gb-ai-model.html
Microsoft Edge keeps all saved passwords unencrypted
New research has shown that Microsoft Edge accesses passwords stored in the browser in an incredibly insecure way. Normally when you use the browser's built-in password manager, password are only decrypted on a case-by-case basis as you need them. In Edge, all passwords are decrypted as soon as you unlock the browser's password manager and stay that way until you close the browser.
Elena Constantinescu
Forum Updates
passkeys
chr99