In this edition of AdGuard’s digest: EU users get a chance to kick social media addiction, Twitter’s appetite for personal information is growing, WhatsApp will make your device ID harder to track, major news outlets declare war on OpenAI, privacy-hostile porn verification law won’t be enforced, for now.

EU users offered a choice to escape the social media trap

Snap, Facebook, Instagram, TikTok — to name just a few — have already confirmed that they will allow users in the EU to opt out of content personalization on their platforms in order to comply with the EU's Digital Services Act (DSA). The DSA came into effect at the end of August, and it stipulates hefty fines for VLOPs (very large online platforms) if they do not give users in the EU the opportunity to free themselves from the algorithmic yoke. The changes may seem too technical at first glance, but their importance for users in Europe and beyond cannot be overstated.

Now Europeans have a choice: they can either keep consuming the content fed to them by social media algorithms or they can see generic recommendations, e.g. “locally relevant” and “globally popular videos” in the case of TikTok. Users will also have an opportunity to switch to a news feed populated by posts exclusively from the people they follow in chronological order. This feels almost like returning to simpler times, back when social media was the means to stay in touch with friends, and not to track you and serve you ads. The question is, though, how many users, groomed by the tech giants for years, would be willing to break free from their social media addiction and switch to perhaps a less exciting and less diverse feed option?

In any case, it's great to see the efforts of EU regulators to rein in social media bearing fruit. If such actions help even a portion of social media users wean themselves off it, then they can pat themselves on the back. Social algorithms are known to have negative effects on users, especially teens, and sometimes even seen as predatory and toxic, so while your feed might become boring without them, give the new look (if it’s available to you) a chance.

X (formerly Twitter) to collect biometric and job data from users

The insatiable appetite for user data has long been a feature of traditional social media, and while one might expect this to decrease in light of EU and California privacy laws, the opposite is rather true.

The updated X (formerly Twitter) privacy policy states that the platform may now "collect and use your biometric information for safety, security, and identification purposes." X explained that biometric data would be collected for paid users and could be derived from the government IDs or images they upload for verification purposes. Moreover, X said it would also collect information about users’ education and their employment history to target them with more relevant ads, among other things.

X presents the addition of these new data collection categories as a good thing, which should prevent impersonation attacks and better connect job seekers to employers. However, it also raises risks for users’ security and privacy. The more data X has at its disposal, the more damaging a potential leak. Not to mention that X itself may abuse the data: back in 2021 the company (back when it was called Twitter) was fined for using personal information which it claimed to gather for 2FA to serve targeted ads.

WhatsApp’s new feature to make calling more private

A new, yet unreleased WhatsApp feature promises to make calling more secure. According to a report by XDA-Developers, WhatsApp may soon add a new toggle called “Protect IP address in calls” to the Settings. If you enable it, WhatsApp will route your call through its servers. This will make it harder for the person you talk to to track your IP address and location.

However, as XDA-Developers point out, this new feature may have a downside. Since your call would need to go through several servers to obscure your IP address, the connection quality may suffer. It’s also worth noting that while the “Protect IP address in calls” feature will hide your IP address from the other party, it will not hide it from WhatsApp itself. This is why it’s probably best to use a VPN to mask your device’s IP address: this way, not even WhatsApp will know it.

While WhatsApp’s new feature, which is still in development, will provide an extra layer of privacy for users, it should not be relied on as the only privacy-protection tool. A VPN can offer more security and anonymity for your online activity, including your calls. In terms of trusting WhatsApp or not, one should keep in mind that WhatsApp is owned by Meta, which has a history of privacy scandals and controversies. It’s not a secret that WhatsApp can still share your IP address with its parent company along with other metadata. So you might want to think twice before entrusting your security to them.

Major news outlets tell OpenAI to stay away from their sites

With AI threatening to make journalists redundant, a long list of news media organizations have blocked OpenAI, a company behind ChatGPT, from scraping their content.

The New York Times, CNN, Reuters, ABC News, ESPN, Bloomberg, The Washington Post, Insider, Axios and many others have inserted code in their website telling OpenAI’s web crawler, called GPTBot, to stay away from their content. They did so quietly by adding the GPTBot to their sites’ robots.txt files, which tell web crawlers what they are allowed to see. While most news media have shunned OpenAI, The Associated Press (AP) has embraced it by signing a licensing deal with it. The New York Times also tried to strike a deal with OpenAI, but has failed to reach an agreement so far. Now the newspaper is considering suing OpenAI for copyright infringement.

OpenAI says it scrapes content for “research purposes” only, but many are skeptical. We’ve already seen lawsuits by book authors, illustrators and others against generative AI tools, such as ChatGPT and Midjorney. The legal battles between OpenAI and the news media will be settled in court, but they also raise the need for a fair solution that respects the rights of both content creators and AI researchers. A good start would be to let content creators choose whether they want to allow their content to be scraped by AI tools or not.

Judge blocks Texas from enforcing controversial porn law

A Texas law that would force porn sites to check the age and identity of their visitors has been blocked by a judge. The judge said that protecting children is not an excuse to violate free speech rights. The block is temporary, and the law may still come into effect later pending further litigation.

Privacy advocates have long argued that the law would endanger visitors’ privacy and security, because it would make sites or their partners collect personal information about them. And even though they are not supposed to keep it, they might retain it for further use or sell it anyway. This could expose porn viewers to blackmail, if their secrets are leaked and fall into the wrong hands. By deciding against the law, the judge in Texas has gone against the grain. Similar laws have been passed and have already been enforced in Louisiana, where porn viewers have to log into PornHub with a government ID, and in Mississippi, Virginia and Utah, where Pornhub went dark to protest the law. “While safety and compliance are at the forefront of our mission, giving your ID card every time you want to visit an adult platform is not the most effective solution for protecting our users, and in fact, will put children and your privacy at risk,” this message now greets PornHub users in these states.

We have spoken out against age verification laws before, calling them a privacy nightmare. And while protecting children is important, we believe it should rather be done by parents through parental controls, not by imposing ID checks on all adults. For tips, how to access PornHub and similar sites, see our guide.