EPISODE · Oct 30, 2025 · 17 MIN
EP 264.5 deep dive Maps, Taps, and facial slaps. The IT Privacy and Security Weekly Update for October 28th 2025
from The AI, Privacy, and Security Weekly Update · host R. Prescott Stearns Jr.
Technology, once a neutral servant, now increasingly operates according to hidden incentives-shaped by corporate interests, data extraction, and algorithmic autonomy-often against the user’s best interests. Across several examples, systems built for convenience expose deeper trends of control, deception, and surveillance that challenge the meaning of ownership and privacy.A vivid instance comes from an iLife A11 smart vacuum whose owner blocked its telemetry data from being sent to foreign servers. In response, the manufacturer issued a remote “kill command,” disabling the device entirely. This was no bug-it was a deliberate assertion of corporate dominance over a purchased product. The episode reveals how “ownership” in the Internet of Things era is often conditional: users buy hardware but rent functionality subject to corporate approval.Another case, the “Universe Browser,” illustrates how malicious actors co-opt privacy rhetoric. Marketed as a secure, privacy-first browser, it was in fact malware harvesting user data, logging keystrokes, and overriding protections. This inversion-using the language of security to enable surveillance-underscores the growing difficulty of distinguishing genuine tools from predatory ones.Even legitimate corporations are not immune from enabling exploitation. A campaign called “CoPhish” weaponized Microsoft’s Copilot Studio, hosting phishing bots on genuine Microsoft domains. Users who trusted the “safe” Microsoft URL unknowingly interacted with malicious agents designed to steal personal data. This tactic erodes the basic cybersecurity habit of domain verification: when trusted infrastructure itself becomes compromised, safety heuristics fail.Surveillance also seeps into professional spaces. Microsoft Teams recently added a feature allowing employers to detect and display an employee’s physical location whenever connected to company Wi-Fi. Marketed as a productivity feature, it effectively enables silent location tracking. While technically optional, it normalizes pervasive workplace monitoring and blurs the line between employee presence and personal autonomy.Finally, generative AI is undermining the ethos of open-source software. Trained on public repositories, AI models often reproduce code without attribution or license-a phenomenon known as “license amnesia.” This strips creators of recognition and breaks the reciprocal cycle that sustains open-source collaboration. If left unchecked, AI-generated “laundered” code risks transforming a shared innovation commons into an extractive, one-way pipeline that benefits corporations without replenishing the community.
What this episode covers
Technology, once a neutral servant, now increasingly operates according to hidden incentives-shaped by corporate interests, data extraction, and algorithmic autonomy-often against the user’s best interests. Across several examples, systems built for convenience expose deeper trends of control, deception, and surveillance that challenge the meaning of ownership and privacy.A vivid instance comes from an iLife A11 smart vacuum whose owner blocked its telemetry data from being sent to foreign servers. In response, the manufacturer issued a remote “kill command,” disabling the device entirely. This was no bug-it was a deliberate assertion of corporate dominance over a purchased product. The episode reveals how “ownership” in the Internet of Things era is often conditional: users buy hardware but rent functionality subject to corporate approval.Another case, the “Universe Browser,” illustrates how malicious actors co-opt privacy rhetoric. Marketed as a secure, privacy-first browser, it was in fact malware harvesting user data, logging keystrokes, and overriding protections. This inversion-using the language of security to enable surveillance-underscores the growing difficulty of distinguishing genuine tools from predatory ones.Even legitimate corporations are not immune from enabling exploitation. A campaign called “CoPhish” weaponized Microsoft’s Copilot Studio, hosting phishing bots on genuine Microsoft domains. Users who trusted the “safe” Microsoft URL unknowingly interacted with malicious agents designed to steal personal data. This tactic erodes the basic cybersecurity habit of domain verification: when trusted infrastructure itself becomes compromised, safety heuristics fail.Surveillance also seeps into professional spaces. Microsoft Teams recently added a feature allowing employers to detect and display an employee’s physical location whenever connected to company Wi-Fi. Marketed as a productivity feature, it effectively enables silent location tracking. While technically optional, it normalizes pervasive workplace monitoring and blurs the line between employee presence and personal autonomy.Finally, generative AI is undermining the ethos of open-source software. Trained on public repositories, AI models often reproduce code without attribution or license-a phenomenon known as “license amnesia.” This strips creators of recognition and breaks the reciprocal cycle that sustains open-source collaboration. If left unchecked, AI-generated “laundered” code risks transforming a shared innovation commons into an extractive, one-way pipeline that benefits corporations without replenishing the community.
NOW PLAYING
EP 264.5 deep dive Maps, Taps, and facial slaps. The IT Privacy and Security Weekly Update for October 28th 2025
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m