Consumer protection

Ubisoft under fire for forcing online connection in offline games

French video game publisher Ubisoft is facing a formal privacy complaint from European advocacy group noyb for requiring players to stay online even when enjoying single-player games.

The complaint, lodged with Austria’s data protection authority, accuses Ubisoft of violating EU privacy laws by collecting personal data without consent.

Noyb argues that Ubisoft makes players connect to the internet and log into a Ubisoft account unnecessarily, even when they are not interacting with other users.

Instead of limiting data collection to essential functions, noyb claims the company contacts external servers, including Google and Amazon, over 150 times during gameplay. This, they say, reveals a broader surveillance practice hidden beneath the surface.

Ubisoft, known for blockbuster titles like Assassin’s Creed and Far Cry, has not yet explained why such data collection is needed for offline play.

The complainant who examined the traffic found that Ubisoft gathers login and browsing data and uses third-party tools, practices that, under GDPR rules, require explicit user permission. Instead of offering transparency, Ubisoft reportedly failed to justify these invasive practices.

Noyb is calling on regulators to demand deletion of all data collected without a clear legal basis and to fine Ubisoft €92 million. They argue that consumers, who already pay steep prices for video games, should not have to sacrifice their privacy in the process.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware decline masks growing threat

A recent drop in reported ransomware attacks might seem encouraging, yet experts warn this is likely misleading. Figures from the NCC Group show a 32% decline in March 2025 compared to the previous month, totalling 600 incidents.

However, this dip is attributed to unusually large-scale attacks in earlier months, rather than an actual reduction in cybercrime. In fact, incidents were up 46% compared with March last year, highlighting the continued escalation in threat activity.

Rather than fading, ransomware groups are becoming more sophisticated. Babuk 2.0 emerged as the most active group in March, though doubts surround its legitimacy. Security researchers believe it may be recycling leaked data from previous breaches, aiming to trick victims instead of launching new attacks.

A tactic like this mirrors behaviours seen after law enforcement disrupted other major ransomware networks, such as LockBit in 2024.

Industrials were the hardest hit, followed by consumer-focused sectors, while North America bore the brunt of geographic targeting.

With nearly half of all recorded attacks occurring in the region, analysts expect North America, especially Canada, to remain a prime target amid rising political tensions and cyber vulnerability.

Meanwhile, cybercriminals are turning to malvertising, malicious code hidden in online advertisements, as a stealthier route of attack. This tactic has gained traction through the misuse of trusted platforms like GitHub and Dropbox, and is increasingly being enhanced with generative AI tools.

Instead of relying solely on technical expertise, attackers now use AI to craft more convincing and complex threats. As these strategies grow more advanced, experts urge organisations to stay alert and prioritise threat intelligence and collaboration to navigate this volatile cyber landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump threatens new tariffs within weeks

President Trump has signalled a potential early end to the current 90-day pause on tariffs for countries and companies not actively seeking trade agreements with the US.

While markets initially reacted positively to signs of easing tension with China, that optimism was short-lived as the administration quickly shifted direction.

Instead of waiting out the full pause period, Trump now suggests new tariffs could be imposed within two to three weeks, with rates possibly rising from 10% to as high as 50%.

The lack of clarity over which nations or firms are targeted adds further uncertainty. Although officials initially claimed around 90 countries were engaged in trade talks, that number reportedly dropped to just 15.

A vagueness like this, combined with the unpredictable nature of US tariff policy, has unsettled international markets and raised alarm across global supply chains.

Apple, among others, has managed to avoid immediate price hikes thanks to temporary exemptions and strategic stock management. However, those exemptions are due to expire shortly, leaving the company vulnerable to rising costs.

Instead of facing only Chinese tariffs, Apple may now contend with broader duties on semiconductors and products manufactured outside China.

If tariff relief fails to materialise soon, consumers could see higher prices on future Apple products, including the upcoming iPhone 17.

Without a clearer and more consistent trade strategy from the White House, global firms may struggle to adapt, and the fragile economic recovery could face renewed strain.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom investigates data breach after cyberattack

South Korean telecom leader SK Telecom has confirmed a cyberattack that compromised customer data following a malware infection.

The breach was detected on 19 April, prompting an immediate internal investigation and response. Authorities, including the Korea Internet Security Agency, have been alerted.

Personal information of South Korean customers was accessed during the attack, although the extent of the breach remains under review. In response, SK Telecom is offering a complimentary SIM protection service, hinting at potential SIM swapping risks linked to the leaked data.

The infected systems were quickly isolated and the malware removed. While no group has claimed responsibility, concerns remain over possible state-sponsored involvement, as telecom providers are frequent targets for cyberespionage.

It is currently unknown whether ransomware played a role in the incident. Investigations are ongoing as officials continue to assess the scope and origin of the breach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Baidu rolls out new AI agent Xinxiang for Android

Chinese tech giant Baidu has launched a new AI agent, Xinxiang, aimed at enhancing user productivity by assisting with tasks such as information analysis and travel planning.

The tool is currently available on Android devices, with an iOS version still under review by Apple.

According to Baidu, Xinxiang represents a shift from traditional chatbot interactions towards a more task-focused AI experience, providing streamlined assistance tailored to practical needs.

The move reflects growing competition in China’s rapidly evolving AI market.

However, the launch highlights Baidu’s ambition to stay ahead in AI innovation and offer tools that integrate seamlessly into everyday digital life.

As regulatory reviews continue, the success of Xinxiang may depend on user adoption and the speed at which it becomes available across platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

The EU Commission hits Apple and Meta with draconian fines

The European Commission has fined tech giants Apple and Meta a combined €700 million, marking the first penalties under the EU’s Digital Markets Act (DMA)

The act, designed to rein in the dominance of the world’s largest online platforms, targets practices that the EU considers harmful to consumer choice and digital competition.

Apple case

Apple received a €500 million fine for its App Store’s restrictive ‘steering terms,’ which the Commission found fail to allow users to discover better offers on other marketplaces. 

Apple defended its position, calling the EU’s decision an unfair attack on its business model and pledging to appeal.

Meta case

Meta was fined €200 million for its controversial ‘pay or consent’ model introduced on Facebook and Instagram in the EU in late 2023

The Commission argued that Meta’s practice of forcing users to accept the combination of their data for targeted advertising breaches privacy rights under the DMA

Meta responded sharply, accusing the EU of targeting successful American firms while giving a pass to their European and Chinese counterparts.

Larger context:

The fines come when transatlantic tensions over trade and regulation escalate. 

Although the European Commission insists the sanctions are unrelated to US-EU trade disputes, the White House has previously warned that such actions would face scrutiny and could prompt retaliatory tariffs. 

Both Apple and Meta now have 60 days to comply with the rulings or face additional penalty payments.

Despite the regulatory significance of the decision, the announcement was delivered via press release, with key EU officials overseeing the DMA absent. 

Their absence sparked questions about political coordination and timing, especially given recent US visits by EU leaders and ongoing diplomatic friction over digital regulation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New hiring platform tries to puts personality before paperwork

Two brothers and USC students, Raihan and Azam Dadabhoy, have launched an AI-powered job marketplace called Sensiply to foster more human-centred hiring.

They developed a platform where job seekers can introduce themselves via video, showcasing personality alongside experience.

Users upload personal and professional details before recording a ‘Sensipitch’ a video pitch that the AI analyses for traits like ambition or communication skills.

The tool then matches candidates with roles based on qualifications and inferred personality, helping employers connect with talent beyond a CV.

Despite concerns about algorithmic bias, the brothers designed the platform to delay access to demographic data until after a match is made.

While the service remains free for applicants, Sensiply plans to introduce a subscription model for employers.

The founders, driven by real-world struggles and over 100 research calls, hope their innovation makes hiring more equitable and personal.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google spoofed in sophisticated phishing attack

A sophisticated phishing attack recently targeted Google users, exploiting a well-known email authentication method to bypass security measures.

The attackers sent emails appearing to be from Google’s legitimate address, no-reply@accounts.google.com, and claimed the recipient needed to comply with a subpoena.

The emails contained a link to a Google Sites page, prompting users to log in and revealing a fake legal support page.

What made this phishing attempt particularly dangerous was that it successfully passed both DMARC and DKIM email authentication checks, making it appear entirely genuine to recipients.

In another cyber-related development, Microsoft issued a warning regarding the use of Node.js in distributing malware. Attackers have been using the JavaScript runtime environment to deploy malware through scripts and executables, particularly targeting cryptocurrency traders via malvertising campaigns.

The new technique involves executing JavaScript directly from the command line, making it harder to detect by traditional security tools.

Meanwhile, the US has witnessed a significant change in its disinformation-fighting efforts.

The State Department has closed its Counter Foreign Information Manipulation and Interference group, previously known as the Global Engagement Center, after accusations that it was overreaching in its censorship activities.

The closure, led by Secretary of State Marco Rubio, has sparked criticism, with some seeing it as a victory for foreign powers like Russia and China.

Finally, gig workers face new challenges as the Tech Transparency Project revealed that Facebook groups are being used to trade fake gig worker accounts for platforms like Uber and Lyft.

Sellers offer access to verified accounts, bypassing safety checks, and putting passengers and customers at risk. Despite reports to Meta, many of these groups remain active, with the social media giant’s automated systems failing to curb the activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

ChatGPT search grows rapidly in Europe

ChatGPT search, the web-accessing feature within OpenAI’s chatbot, has seen rapid growth across Europe, attracting an average of 41.3 million monthly active users in the six months leading up to March 31.

It marks a sharp rise from 11.2 million in the previous six-month period, according to a regulatory filing by OpenAI Ireland Limited.

Instead of operating unnoticed, the service must now report this data under the EU’s Digital Services Act (DSA), which defines monthly recipients as users who actively view or interact with the platform.

Should usage cross 45 million, ChatGPT search could be classified as a ‘very large’ online platform and face stricter rules, including transparency obligations, user opt-outs from personalised recommendations, and regular audits.

Failure to follow DSA regulations could lead to serious penalties, up to 6% of OpenAI’s global revenue, or even a temporary ban in the EU for ongoing violations. The law aims to ensure online platforms operate more responsibly and with better oversight in the digital space.

Despite gaining ground, ChatGPT search still lags far behind Google, which handles hundreds of times more queries.

Studies have also raised concerns about the accuracy of AI search tools, with ChatGPT found to misidentify a majority of news articles and occasionally misrepresent licensed content from publishers.

Instead of fully replacing traditional search, these AI tools may still need improvement to become reliable alternatives.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta uses AI to spot teens lying about age

Meta has announced it is ramping up efforts to protect teenagers on Instagram by deploying AI to detect users who may have lied about their age. The technology will automatically place suspected underage users into Teen Accounts, even if their profiles state they are adults.

These special accounts come with stricter safety settings designed for users under 16. Those who believe they’ve been misclassified will have the option to adjust their settings manually.

Instead of relying solely on self-reported birthdates, Meta is using its AI to analyse behaviour and signals that suggest a user might be younger than claimed.

While the company has used this technology to estimate age ranges before, it is now applying it more aggressively to catch teens who attempt to bypass the platform’s safeguards. The tech giant insists it’s working to ensure the accuracy of these classifications to prevent mistakes.

Alongside this new AI tool, Meta will also begin sending notifications to parents about their children’s Instagram settings.

These alerts, which are sent only to parents who have Instagram accounts of their own, aim to encourage open conversations at home about the importance of honest age representation online.

Teen Accounts were first introduced last year and are designed to limit access to harmful content, reduce contact from strangers, and promote healthier screen time habits.

Instead of granting unrestricted access, these accounts are private by default, block unsolicited messages, and remind teens to take breaks after prolonged scrolling.

Meta says the goal is to adapt to the digital age and partner with parents to make Instagram a safer space for young users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!