milar move in 2020. But they can also be more banal. Access Now documented
countries disabling parts of the internet during student exam periods at least
16 times in 2024, including Algeria, Iraq, Jordan, Kenya, and India.

Iran's shutdowns in 2022 and June of this year are good examples of a highly
sophisticated effort, with layers of shutdowns that end up forcing people off
the global internet and onto Iran's surveilled, censored national intranet.
India, meanwhile, has been the world shutdown leader for many years, with 855
distinct incidents. Myanmar is second with 149, followed by Pakistan and then
Iran. All of this information is available on Access Now's digital dashboard,
where you can see breakdowns by region, country, type, geographic extent, and
time.

There was a slight decline in shutdowns during the early years of the pandemic,
but they have increased sharply since then. The reasons are varied, but a lot
can be attributed to the rise in protest movements related to economic hardship
and corruption, and general democratic backsliding and instability. In many
countries today, shutdowns are a knee-jerk response to any form of unrest or
protest, no matter how small.

A country's ability to shut down the internet depends a lot on its
infrastructure. In the US, for example, shutdowns would be hard to enforce. As
we saw when discussions about a potential TikTok ban ramped up two years ago,
the complex and multifaceted nature of our internet makes it very difficult to
achieve. However, as we've seen with total nationwide shutdowns around the
world, the ripple effects in all aspects of life are immense. (Remember the
effects of just a small outage -- CrowdStrike in 2024 -- which crippled 8.5
million computers and cancelled 2,200 flights in the US alone?)

The more centralized the internet infrastructure, the easier it is to implement
a shutdown. If a country has just one cellphone provider, or only two fiber
optic cables connecting the nation to the rest of the world, shutting them down
is easy.

Shutdowns are not only more common, but they've also become more harmful. Unlike
in years past, when the internet was a nice option to have, or perhaps when
internet penetration rates were significantly lower across the Global South,
today the internet is an essential piece of societal infrastructure for the
majority of the world's population.

Access Now has long maintained that denying people access to the internet is a
human rights violation, and has collected harrowing stories from places like
Tigray in Ethiopia, Uganda, Annobon in Equatorial Guinea, and Iran. The internet
is an essential tool for a spectrum of rights, including freedom of expression
and assembly. Shutdowns make documenting ongoing human rights abuses and
atrocities more difficult or impossible. They are also impactful on people's
daily lives, business, healthcare, education, finances, security, and safety,
depending on the context. Shutdowns in conflict zones are particularly damaging,
as they impact the ability of humanitarian actors to deliver aid and make it
harder for people to find safe evacuation routes and civilian corridors.

Defenses on the ground are slim. Depending on the country and the type of
shutdown, there can be workarounds. Everything, from VPNs to mesh networks to
Starlink terminals to foreign SIM cards near borders, has been used with varying
degrees of success. The tech-savvy sometimes have other options. But for most
everyone in society, no internet means no internet -- and all the effects of
that loss.

The international community plays an important role in shaping how internet
shutdowns are understood and addressed. World bodies have recognized that
reliable internet access is an essential service, and could put more pressure on
governments to keep the internet on in conflict-affected areas. But while
international condemnation has worked in some cases (Mauritius and South Sudan
are two recent examples), countries seem to be learning from each other,
resulting in both more shutdowns and new countries perpetrating them.

There's still time to reverse the trend, if that's what we want to do.
Ultimately, the question comes down to whether or not governments will enshrine
both a right to access information and freedom of expression in law and in
practice. Keeping the internet on is a norm, but the trajectory from a single
internet shutdown in 2011 to 2,000 blackouts 15 years later demonstrates how
embedded the practice has become. The implications of that shift are still
unfolding, but they reach far beyond the moment the screen goes dark.

This essay was written with Zach Rosson, and originally appeared in Gizmodo.

** *** ***** ******* *********** *************

Someone Boarded a Plane at Heathrow Without a Ticket or Passport

[2025.12.18] I'm sure there's a story here:

Sources say the man had tailgated his way through to security screening and
passed security, meaning he was not detected carrying any banned items.

The man deceived the BA check-in agent by posing as a family member who had
their passports and boarding passes inspected in the usual way.

** *** ***** ******* *********** *************

AI Advertising Company Hacked

[2025.12.19] At least some of this is coming to light:

Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone
farm to manage at least hundreds of AI-generated social media accounts and
promote products has been hacked. The hack reveals what products the
AI-generated accounts are promoting, often without the required disclosure that
these are advertisements, and allowed the hacker to take control of more than
1,000 smartphones that power the company.

The hacker, who asked for anonymity because he feared retaliation from the
company, said he reported the vulnerability to Doublespeed on October 31. At the
time of writing, the hacker said he still has access to the company's backend,
including the phone farm itself.

Slashdot thread.

** *** ***** ******* *********** *************

Microsoft Is Finally Killing RC4

[2025.12.22] After twenty-six years, Microsoft is finally upgrading the last
remaining instance of the encryption algorithm RC4 in Windows.

One of the most visible holdouts in supporting RC4 has been Microsoft.
Eventually, Microsoft upgraded Active Directory to support the much more secure
AES encryption standard. But by default, Windows servers have continued to
respond to RC4-based authentication requests and return an RC4-based response.
The RC4 fallback has been a favorite weakness hackers have exploited to
compromise enterprise networks. Use of RC4 played a key role in last year's
breach of health giant Ascension. The breach caused life-threatening disruptions
at 140 hospitals and put the medical records of 5.6 million patients into the
hands of the attackers. US Senator Ron Wyden (D-Ore.) in September called on the
Federal Trade Commission to investigate Microsoft for "gross cybersecurity
negligence," citing the continued default support for RC4.

Last week, Microsoft said it was finally deprecating RC4 and cited its
susceptibility to Kerberoasting, the form of attack, known 
--- FMail-lnx 2.3.2.6-B20251227
 * Origin: TCOB1 A Mail Only System (618:500/1)