Surveillance

LinkedIn loads JavaScript that probes for installed browser extensions — thousands of them, including competitors’ sales tools, grammar checkers, and religious or political plugins. LinkedIn acknowledges this, but frames it as anti-scraping and abuse prevention. The question is not whether extension detection happens. It is how the results are used and stored? So the situation is not “hidden conspiracy script discovered”, it is “known technique used aggressively enough that it has triggered class actions”. ...

In 2025, the financial sector continues its courtship with generative AI, hoping it will finally make compliance less of a bureaucratic slog. According to Global Relay’s State of AI in Surveillance Report 2025, attitudes are thawing: there’s been a 19% drop in firms reluctant to implement AI. Apparently, nothing eases doubts like the promise of automated paperwork and plausible deniability. Still, not all is rosy. Explainability remains elusive, regulators are breathing down necks, and integration often resembles a Frankensteinian patchwork. Innovation, it seems, comes with a compliance hangover. ...

In Governmental Ghost Stories, the chills don’t come from creaking doors or sudden screams, but from the slow, clammy realisation that your digital life has more uninvited guests than a haunted manor on All Hallows’ Eve. It’s less The Conjuring and more Yes, Minister meets Dr. Strangelove in a dimly lit GCHQ break room. The UK Investigatory Powers Act (IPA): Or, How I learned to stop worrying and love the snooper’s charter ...

Once upon a FOIA, a group of researchers got their hands on 2,000 pages of bureaucratic bedtime reading from Serbia’s data protection overseers. Their aim? To expose the country’s surveillance architecture. Spoiler: it’s less Big Brother, more “nosy landlord with a master key to every flat”. Here’s what they found: Metadata mania: Every call, text, and pixel of mobile data generates metadata – and Serbia’s telcos are required to store it all for 12 months. That’s every call you’ve made, every base station you’ve connected to, and even what phone model you’re using (yes, they know your burner’s a Nokia 3310). Who’s watching?: The police, civil spies, military spies – all lining up at the metadata buffet. Some go through official channels (paperwork, court orders), while others are gifted magical software logins with unlimited access to the nation’s digital exhaust pipe. Who needs due process when you’ve got root access? Slightly illegal hobbies: In a fun twist, one carrier just hands over everyone’s metadata to the intelligence agency daily. Another gave the same spooks a direct line into their data centre. Both activities have the same legal standing as Monopoly money – i.e., none – and violate both Serbian and international law. And what is law if no one enforces it? Wiretapping 2.0: Classic phone tapping’s had a glow-up. Now it’s called “interception of electronic communications” and comes with a healthy dose of legalese and plausible deniability. Telcos are even required by law to buy spy gear and hand it to the intelligence agency. Then they get to pay for the maintenance, too. Talk about state-sponsored gaslighting. Geo-stalking as a service: Thanks to cell towers and triangulation, your phone’s location can be pinpointed in real-time. This info is happily made available to state organs, complete with bespoke tracking devices and BIA’s sole discretion. If you thought you were off-grid, surprise – you’re on three grids at once. Conclusion In Serbia, surveillance isn’t just a tool – it’s an entire shadow industry, built into the very bones of mobile infrastructure. The lines between legal oversight and unchecked spying are not so much blurred as enthusiastically redacted. And while mass surveillance is technically illegal, all the loopholes are working overtime. ...

You might think the internet is a swirling cloud of decentralised freedom. Bless. In reality, it’s a tangled mess of invisible choke points, centralised bottlenecks, and nosy gatekeepers. The SHARE Foundation decided to trace where data from Serbia actually goes, and surprise! It’s not very far before it ends up in the hands of a small handful of companies, countries, and, let’s be honest, potential eavesdroppers. One router to rule them all Start with a simple web visit. Your request doesn’t just zip off to its destination, it checks in at the SBB TelePark in Belgrade, where all local traffic passes through a single router. That’s right. If you wanted to spy on everything Serbians do online (purely theoretically, of course), you’d only need to sit at one choke point. And funnily enough, ISPs are legally obliged to do just that. Because what’s a little metadata hoarding between friends? ...

Welcome to Serbia’s digital political theatre, where every heroic rescue is staged, every dissenting meme vanishes mysteriously, and every comment section is a gladiator arena for astroturfed loyalists. It starts with a snowstorm, a suspiciously well-timed TV crew, and a future prime minister trying out for the role of Balkan Superman. The internet responds with mockery. The government responds with takedowns. Thus begins the SHARE Foundation’s journey documenting over 300 cases of digital shenanigans, think DDoS attacks, creepy surveillance, and disappearing videos, courtesy of state-sanctioned (or suspiciously adjacent) actors. ...

The UKUSA Agreement alias the Five Eyes (FVEY), because nothing says “trustworthy global surveillance” like a name ripped from a bad spy thriller. Born in 1946 as a cosy little signals intelligence pact between Britain and America, it soon expanded like an overeager book club, roping in Canada (1948), Australia, and New Zealand (1956) for good measure. Of course, it was all top secret until 1999, when Australia, bless its honest little heart, accidentally let slip that, oops, the Anglosphere had been running the world’s most invasive eavesdropping operation for half a century. ...

The GDPR, Europe’s flagship privacy reform, drafted by people who appear to believe consent forms are the pinnacle of human interaction. Born from the 1995 Data Protection Directive (which was about as fit for the digital age as a fax machine), it was billed as a way to “strengthen privacy rights” and “boost Europe’s digital economy”. What it produced was pop-up hell, a quiet corporate scramble, and a cottage industry of “GDPR consultants” who appear never to have met a compliance checkbox they didn’t adore. ...