John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The Invisible Spy in Your Pocket: Why Carrier Privacy Just Failed
Think your phone is secure because it's in your pocket? Citizen Lab caught 'Phantom Operators' tracking users globally through cell signaling gaps that no app can fix.
Read More
Physical Failures: The Tile Tracker Leak and the Security Irony
A hacker breached the Tile/Life360 law enforcement portal using a former employee's stolen credentials. The tool built to help police find your kids became a stalker's dashboard.
Read More
The End of Optional Security: Snowflake and the Global ID Fallout
Snowflake is making MFA mandatory for all new users this May. It is a massive policy shift that marks the end of the choice to be insecure in a high-risk world.
Read More
Your Banking Session Just Phoned Temu. Your CSP Allowed It.
A Taboola pixel on authenticated banking pages was redirecting session data to Temu via a single 302. The CSP didn't catch it. It wasn't supposed to.
Read More
Iran Cut Off 90 Million People From the Internet. Its Own Spies Kept Working.
Iran's internet blackout hit 1,055 hours, the second-longest national shutdown on record. The detail that makes this a security story: Iranian intelligence services ran active cyber operations throughout, using foreign-hosted infrastructure the blackout doesn't touch.
Read More
The FBI Read Deleted Signal Messages Without Breaking Signal's Encryption
Signal's encryption held. Disappearing messages ran. The FBI still walked into court with Signal message content from a seized iPhone. Here's exactly how, and the one setting that closes the gap.
Read More
Your Ad Data Is a Federal Surveillance Tool. Meet Webloc.
Webloc ingests mobile ad data from 500 million devices and makes it searchable for ICE, the military, and local police. No warrant needed. You probably said yes to it when you tapped Allow on some app.
Read More
Your 'Security' Camera Has a Backdoor the Manufacturer Put There on Purpose
Researcher reveals VStarcam deliberately engineered password-leaking backdoors into camera firmware over four years.
Read More
LinkedIn's Been Scanning Your Chrome Extensions. All 6,000 of Them.
Research confirmed LinkedIn scans for 6,236 Chrome extensions and fingerprints your browser without telling you. Microsoft says it's for your protection. The extension list says otherwise.
Read More
The FTC Took on a Data Broker Tracking Abortion Clinic Visits. And Won.
The FTC's settlement with Kochava bans the company from selling sensitive location data and requires deletion of existing records, including data showing visits to abortion clinics, shelters, and rehab centers.
Read More
Your VPN Might Be Getting You Watched by the NSA Instead of Protected
Six US lawmakers want to know if VPN use can strip Americans of Fourth Amendment protections by making their traffic look foreign to intelligence agencies. Nobody has officially said it isn't happening.
Read More
Wikipedia Bans AI-Generated Text... and Has No Real Way to Enforce It
English Wikipedia's new WP:NEWLLM policy bans LLMs from generating article content. The principle is clear. The enforcement -- done entirely by volunteers with no reliable AI detection tools -- is another matter.
Read More
The FBI Is Buying Your Location Data. No Warrant Required.
FBI Director Kash Patel confirmed the FBI purchases bulk location data from commercial brokers with no warrant. The agency had previously said it stopped. It didn't.
Read More
Proton Mail Helped the FBI Identify an Anonymous Protestor. Here's What That Actually Means.
Proton Mail's encryption worked fine -- it was metadata that gave the anonymous Stop Cop City protestor away, and most users still don't understand the difference.
Read More
Privacy Is Now a $475 Million Business, and That's Kind of a Scandal
Cape raised $100M to protect phones from Stingrays and SS7 attacks; Cloaked raised $375M to hide your identity from data brokers -- together they're a $475 million indictment of the infrastructure that was supposed to protect you.
Read More
Meta Killed Instagram's Encryption and Hired Signal's Founder to Encrypt Its AI in the Same Week
Meta un-defaulted end-to-end encryption on Instagram DMs while partnering with Moxie Marlinspike to encrypt its AI chatbot, revealing exactly where Big Tech's privacy priorities actually land.
Read More
Sears' AI Chatbot Stored 3.7 Million of Your Conversations. Could Be Read Online.
Security researcher Jeremy Fowler found 3.7 million Sears chatbot conversations and 1.4 million audio files sitting wide open online -- including home addresses and appointment times. This one crosses into physical security territory.
Read More
Meta's AI Glasses Are a Privacy Disaster — And Now There's an App to Detect Them
Bruce Schneier called Meta's AI glasses 'a privacy disaster.' A developer built an Android app to detect them nearby. Together, they're the first signs of a consumer counter-response to ambient AI surveillance.
Read More
DOGE's Data Problem: Why America's Federal Privacy Crisis Is a Cybersecurity Story
DOGE personnel reportedly accessed federal systems holding tax returns, Social Security records, and benefits data without proper audit trails or legal authority. This isn't politics. It's a data governance failure affecting tens of millions of Americans.
Read More