#CandyCrush can bring #ICE agents to your door.

ICE has bought access to some surveillance tools developed by Penlink.

If you read the description of that company on their website you'll find an overdose of fluffy and probably AI-generated corporate jargon that doesn't mean anything:

Penlink is a global leader in digital intelligence solutions. Our compliant and certified solutions simplify complex data, empowering public safety and organizations to make informed decisions quickly and effectively. We believe in the power of data-driven intelligence to accelerate clarity in decision-making for global security, strategic operations, and the most critical missions.

In short: they make tools to spy on people. Through their mobile phones.

And it's not like they do any kind of rocket science. They have some boring location trackers injected in a bunch of crappy ads SDKs used by some crappy free apps on the Google and Apple stores.

Commercial location data collected through trackers voluntarily installed by people on their phones can be queried without a warrant. Or it can be sold to data brokers, who in turn can resell it to whoever they want.

The list of impacted apps found so far is publicly available here. 12,373 apps at the time of writing.

The list includes mostly games (some Candy Crush and Angry Birds releases, many card games and solitaires, gambling/casino games, sudokus, football simulators etc.).

But it also include photo editors, weather apps, pregnancy date calculators, network speed analyzers, many VPN apps, and many apps most likely used by foreigners (there are many local Arabic, Chinese, Spanish, Italian and Indian apps in the list).

Among those that caught my eye: Vinted, Flightradar24 and IlMeteo.

My two cents, especially if you are an American citizen:

1. Avoid apps installed through the Play/Apple stores unless you really know and trust their developers. Use #FDroid instead.

2. If you can, use #GrapheneOS, or an #Android ROM without Play Services, or that allows you to sandbox individual apps or the Play Services themselves.

3. It's even better if you can sandbox or deny the Nearby Devices permissions on the Play Services, if your ROM permits it. Nearby known Wi-Fi networks can also reveal a lot about your location.

4. If the urge of playing that random animal crossing game that someone was playing at your hairdresser's can be contained, then please contain it.

5. Remember that you can also install those apps on your computer at home through something like Waydroid or any Android emulator, in a sandboxed environment without much sensitive data. Without putting location trackers always with you in your pocket.

6. If Angry Birds asks to access your location, ask yourself why a game whose purpose is to throw chickens at pigs needs to know where you are.

7. Periodically review from your phone's settings which apps have access to your location, and when they tried to access it last time. An app that has no apparent reason to know where you are, and repeatedly tries to access your location while you're not using it, is usually a big red flag.

8. Always use Tor or a VPN that you trust (like Mullvad or Proton) to browse the Web. If you have the technical skills, try and go the extra mile. Set up your own VPN with a Pihole that blocks all trackers and forwards all external traffic through your trusted VPN, and wire your mobile devices to it too.

9. I'd be tempted to say "go around with a dumbphone if you think that you're at risk", but that may make things worse. Nowadays it's very uncommon for anyone to step out of their house without a smartphone. If ICE stops you and you show them your grandma's dumbphone they may actually harass you even more.

This part of the story where surveillance capitalism turns into plain boring totalitarian surveillance was so predictable.

#USPol

https://archive.ph/HYbBG

@suad@mastodon.scot @raphaellakay@mastodon.world @joynewacc@mastodon.social @aral@mastodon.ar.al the old campaign link has now been removed.

The archive is conservative when it comes to data retention, so if a valid campaign link is removed it won't remove the campaign, and manual intervention is required.

In general we prefer that campaigns are either on GFM or Chuffed because that makes donations transparent. If you don't manage to raise enough, you're likely to appear at the top of the campaigns page and people will see it. But of course PayPal makes sense as a backup if you experience issues - it's just that there's no way of tracking the donations there because they are private.

Many Palestinian accounts have indeed experienced issues with their campaigns on GFM recently, but my advice is to try and go through their verification process if you can.

They also suspended for verification a campaign that I manage, and after some back-and-forth we got it unlocked again.

They are not specifically targeting pro-Gaza campaigns, but there are two other issues at play:

1. There have recently been investigations (and even arrests) in Europe because some fundraisers on GFM actually funnelled funds to Hamas. So GFM needs to be extremely cautious with compliance now if they don't want to lose their banking license.

2. Unfortunately, they didn't think this throughout, and they don't seem to have a proper verification process. So different agents that handle different cases may ask different things, or things that don't make sense at all (like a physical address in Gaza).

My advice is to try and be collaborative within reasonable boundaries because:

1. Funds of suspended campaigns are otherwise lost.

2. Attempts to open copies of the same campaign without satisfying their verification requirements may be interpreted as attempts to evade their verification process - which is a big red flag that may also impact the risk score of the recipient's bank account.

If you experience any issues, please feel free to add me in cc (fabio@manganiello.email) to your email thread with them.

"If we don’t do it, #Russia or China will take over #Greenland. And we’re not going to have Russia or China as a neighbour."

Right. Having Russia as a neighbour would be so unprecedented.

Also, "hey I need to steal your lunchbox, otherwise that bully will steal it from you".

#USPol

https://www.theguardian.com/us-news/2026/jan/09/trump-greenland-threats-white-house

@stefan@stefanbohacek.online this seems to steer completely in the opposite direction of W3C recommendations like Webmentions, where replies and reactions are basically HTTP POSTs on a Webmention URL that can be made by anyone on the Internet (not even necessarily on Mastodon).