惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Palo Alto Networks Blog
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
GbyAI
GbyAI
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
量子位
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
Recent Announcements
Recent Announcements
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
NISL@THU
NISL@THU
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
F
Full Disclosure
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
D
Docker
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
Help Net Security
Help Net Security
V
Visual Studio Blog
小众软件
小众软件
B
Blog
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic

The Register - Security

Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO If malware via monitor cables is a matter of national security, this might be the gadget for you France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process NHS Scotland-linked domains push pr0n and illegal streams Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Don't glamorize cybercrims, roast them instead Trump wants to take a battle axe to CISA again and slash $707M from budget
Signal says UK plan to scan devices for nude images 'endangers us all'
Connor Jones · 2026-06-09 · via The Register - Security

Signal insists that plans to compel tech companies to scan devices for nude images of children announced by UK Prime Minister Keir Starmer on Monday at London Tech Week "will not keep children safe."

"It endangers us all," the encrypted messaging platform said, adding that the mechanism required to implement it would be "dangerous." And it wouldn't be a pro-privacy statement without calling it "dystopian."

Signal argues that the proposed technology could at some point be repurposed to enable state-sponsored surveillance of all citizens' comms, or used as a mass censorship tool.

"Forcing all UK residents to prove their age and/or have all their content scanned, simply to exercise their fundamental right to communicate, is a perilous proposition," Signal stated. 

"We know that mass surveillance and censorship capabilities, however sincere-sounding the promises of those who initiate them are, never remain narrowly scoped. Once created, they will be expanded, forming a dangerous tool that will be wielded both in the UK and abroad to censor and surveil whatever they might consider 'threats' or 'harmful content.'"

Similar accusations have been leveled against the UK government in response to its various attempts to improve online safety via legislation.

For example, the government has long presented the Investigatory Powers Act as a way to enshrine in law necessary powers available to law enforcement and UK intelligence to intercept communications for the sake of preventing terrorist attacks.

More recently, the Online Safety Act was introduced to impose new obligations on digital platforms to prevent children from accessing online harms.

However, privacy proponents have shunned both.

Rather than simply providing powers to prevent terror attacks, critics say the IPA enables public bodies to spy on people's calls or texts. It's colloquially known as "The Snooper's Charter."

Digital rights organizations have also claimed the OSA is more about online censorship than it is about restricting the types of content children are allowed to view on the web.

The PM's proposals are not law yet. Instead, Starmer's speech amounted to a three-month ultimatum to tech companies: make the changes the UK wants to see or the government will legislate.

Essentially, whichever way the likes of Apple, Google, Microsoft, and others want to play it, some form of device-level scanning appears likely to be pushed onto UK devices soon.

"When it comes to the safety of our children, standing by is not an option. Nobody gets a free pass. That is why I'm making sure Britain is the first country in the world to make it impossible for children to take, share or view nude images," Starmer said.

"And I expect tech firms to make that happen. This is not an impossible challenge – these are some of the most innovative companies in the world. But if they choose not to, then we will act and change the law."

The government's announcement was backed by a slew of campaigners and charities that argued child protection has not been as big a part of tech innovation as it should have been in recent years.

Roxy Longworth, author and founder of Behind Our Screens, said: "I told myself, back in 2021, that if I went public with what happened to me and it stopped one life from being ruined, then it was worth it, but the more I campaigned the angrier I became. 

"Every child needs to be protected from platforms who for far too long have been allowed to turn a blind eye to the damage being done to them. This announcement makes me hopeful that there won't be kids sat in their room feeling the same pressure and shame that consumed my teenage years."

Likewise, Chris Sherwood, chief exec at the NSPCC, said: "Every day these protections are not in place, more children will continue to face devastating harm in the online world. That's why we strongly support the government's decision to make it mandatory for these companies to block inappropriate material at device level. This marks a major step forward in our fight against online child sexual abuse."

The UK government singled out Apple and Google, saying that it demands both block nudity by default across their devices. That includes cameras, third-party apps, and messaging services, which would prevent children from taking, viewing, or sending nude images.

It proposed that the nude-block-by-default approach would keep children safe, while still allowing adults to remove the block by verifying their ages.

Client-side scanning remains a highly controversial technology, but supporters present it as striking a balance between privacy and safety.

Advocates argue it should appeal to the pro-privacy crowd by keeping all data on the device, rather than blurring nude images in transit, for example, which would involve sending that data to an intermediary.

However, in the case of Signal, an encrypted messenger, it breaks the private comms trust model, even if the message content is not sent to a third party.

Client-side scanning can involve checking content against a database of known objectionable material. In the context of child exploitation, image hashes would be checked against a database of other hashes associated with abuse material. If the hashes match, then the image would be blocked.

Some implementations scan using AI, rather than against a database.

So while the image in this scenario is not sent to a third party, it does mean that Signal could no longer say that message content stays between sender and receiver only.

Further, because the databases of objectionable material would need to be updated, this introduces additional problems. 

Updated databases or models would need to be pushed to devices, creating another trust and security dependency. The attack surface also widens, as it is conceivable that attackers could try to manipulate them.

As Signal points out, it would be technically possible for the same scanning mechanisms to be updated to block other things, like messages criticizing the government, to take one hypothetical example.

Authorities could also feasibly implement ways of seeing which device contains images or other content that has registered matches with its objectionable material database, potentially opening the door to surveillance.

The company's statement [PDF] called for public funds to be funneled into other areas to improve child safety, including education, social services, and guardrails on AI technologies and platforms, instead of drafting legislation to block children's nudes by default on devices.

"What the UK government wants instead is invisible surveillance infrastructure, switched on by default and potentially rushed into law under cynical pretexts," it said. "All of this with scant care for the actual needs of the children they claim to be protecting or the horrifying and far-ranging consequences that will ensue in practice."

Signal has not threatened to pull out of the UK, however, despite the government's promises to enact the plans, via legislation or the threat of it.

The company has previously mulled exiting Sweden over proposed encryption-busting laws, and more recently Canada, as it debates a bill that would compel platforms like Signal to gather its users' metadata, which could include their locations and who they are talking to. ®