TL;DR:

  • $10,000 bounty offered to unplug Ring cameras from Amazon. The Fulu Foundation, founded by Louis Rossmann, wants someone to make Ring doorbells work without sending data to Amazon servers. Prize pool already over $11K.
  • Texas AG investigating Conduent breach: now 26 million affected. Ken Paxton sent Civil Investigative Demands to Conduent and Blue Cross Blue Shield of Texas. This is likely the largest data breach in US history.
  • ICE used Mobile Fortify facial recognition 100,000 times. The DHS app lets agents scan faces and pull up personal information in real time. No consent. No privacy assessment. 1.2 billion face photos in the database.
  • EFF warns Meta of $7 billion liability for facial recognition glasses. If Meta launches "Name Tag" on Ray-Ban smart glasses, they face class action exposure under Illinois and Texas biometric privacy laws.
  • Aflac breach confirmed at 22.6 million people. Scattered Spider stole names, SSNs, medical records, passport numbers. Class action lawsuit filed.
  • Figure fintech breach hits 967,000 accounts. Social engineering attack. Names, emails, phone numbers, addresses, dates of birth stolen.

$10,000 Bounty to Free Ring Cameras From Amazon's Data Pipeline

After Ring's Super Bowl ad revealed just how far its surveillance network reaches, someone decided to put up cash to break it.

The Fulu Foundation (the consumer advocacy group co-founded by right-to-repair YouTuber Louis Rossmann) is offering $10,000 to anyone who can make Ring doorbells work without Amazon. The prize pool has already grown past $11,000 from additional donations, with potential matching funds of up to $10,000 more.

The bounty requirements: Make a Ring doorbell from 2021 or later store footage locally on a PC or server. Cut off all data transmission to Amazon. Keep hardware features like motion detection and color night vision working. Do it with tools a "moderately technical user" could handle.

Here's the catch: The Digital Millennium Copyright Act makes distributing circumvention tools a copyright crime. Winners can choose whether to release their work publicly or keep it private to avoid legal exposure from Amazon.

This bounty exists because Ring makes it impossible to own a security camera without feeding Amazon's data machine. Every Ring records. Every Ring phones home. The company killed its Flock Safety partnership after public backlash last week, but the underlying surveillance architecture remains.

Ring's Super Bowl "Search Party" ad showed the company's network scanning neighborhoods for lost pets. Tech critics pointed out the obvious: that same infrastructure can scan for anything.

Sources: DNYUZ, WebProNews, Fight to Repair

Texas AG Investigating Conduent: Largest Data Breach in US History

Texas Attorney General Ken Paxton sent Civil Investigative Demands to both Conduent Business Services and Blue Cross Blue Shield of Texas on February 12. The breach now affects an estimated 25-26 million Americans.

Between October 21, 2024 and January 13, 2025, attackers accessed Conduent's systems and stole sensitive data including Social Security numbers, medical records, and Medicaid information. Texas alone has 4 million affected residents.

Paxton's investigation focuses on whether both companies complied with Texas data protection laws. The CIDs demand documents showing security measures, communications about the breach, and evidence of legal compliance.

At least 10 federal class action lawsuits have been filed against Conduent. The company says it will complete notifications by April 15, 2026, with a credit monitoring signup deadline of April 30.

Conduent provides Medicaid claims processing, child support services, and other government technology across multiple states. When a government contractor this size gets breached, the blast radius covers people who never chose to do business with them.

If you've received Medicaid benefits, child support payments, or government assistance processed through Conduent, assume your data was exposed. Freeze your credit. Watch for IRS identity theft.

Sources: Texas AG Press Release, HIPAA Journal, WRDW

ICE Has Scanned 100,000 Faces With Mobile Fortify: No Privacy Assessment

Immigration agents are walking around with smartphones loaded with facial recognition software, scanning faces of protesters, bystanders, and anyone they encounter. The app is called Mobile Fortify, and ICE has used it 100,000 times since launch.

Mobile Fortify connects to a DHS database containing 1.2 billion face photos. Agents point their phones at someone, snap a photo, and get back personal information in seconds. There's no opt-out. There's no notification. And according to DHS documents, "ICE does not provide the opportunity for individuals to decline or consent to the collection and use of biometric data."

The app was deployed without completing required privacy impact assessments. DHS is supposed to evaluate privacy risks before rolling out surveillance technology. They skipped that step.

Lawmakers have responded. Senator Ed Markey, Senator Jeff Merkley, Senator Ron Wyden, and Representative Pramila Jayapal introduced the ICE Out of Our Faces Act on February 5, 2026. The bill would ban ICE and CBP from acquiring or using facial recognition technology.

Meanwhile, ICE keeps using the app. On protesters. On people walking down the street. On anyone whose face passes in front of an agent's phone.

Sources: NBC News, WinBuzzer, Rep. Jayapal Press Release

EFF Warns Meta: Facial Recognition Glasses Could Cost You $7 Billion

The Electronic Frontier Foundation published a warning to Meta this week: launch facial recognition on your smart glasses and prepare to pay billions.

Meta's internal documents, reported by the New York Times on February 13, revealed plans for a feature called "Name Tag" on Ray-Ban Meta smart glasses. Point your glasses at someone's face, and Meta's AI identifies them and pulls up information about them.

The EFF's "Seven Billion Reasons" analysis lays out the legal exposure. Illinois' Biometric Information Privacy Act allows $1,000-$5,000 per violation. Texas biometric privacy law enables penalties up to $25,000 per violation. Meta already paid $650 million in 2021 and $1.4 billion in July 2024 over biometric privacy violations.

EPIC (Electronic Privacy Information Center) separately called on regulators to stop Meta from adding facial recognition to the glasses, citing "privacy and safety issues."

Meta's position: they're testing the technology but haven't announced public release. The internal documents suggest launch could happen this year.

If you're in Illinois or Texas, your face has legal protections. If Meta deploys Name Tag without consent, every scan could trigger statutory damages. That adds up fast when millions of people could be scanned daily.

Sources: EFF, TechCrunch, Fortune

Aflac Breach Hits 22.6 Million: Medical Records, SSNs, Passport Numbers Stolen

Aflac confirmed what security researchers suspected: the June 2025 breach was massive. The company is now notifying 22.6 million people that their data was stolen.

Stolen data includes names, addresses, dates of birth, Social Security numbers, government ID numbers (passports, driver's licenses), medical information, and health insurance details. Scattered Spider (the English-speaking hacking collective behind multiple major breaches) is believed responsible.

The attack vector: social engineering. Attackers compromised employee accounts and moved through Aflac's systems for hours before detection. Aflac says they contained the intrusion "within hours" on June 12, 2025, but the damage was done.

A class action lawsuit filed in Georgia federal court alleges Aflac failed to safeguard protected health information. The company is offering 24 months of credit monitoring, identity theft protection, and medical fraud protection.

If you've had Aflac insurance, your medical records may now be in criminal hands. Watch for phishing attempts referencing your health history.

Sources: TechCrunch, HIPAA Journal, Beasley Allen

Quick Hits

Figure fintech breach hits 967,000: A social engineering attack compromised employee access to Figure Technology's systems. Stolen data includes names, emails, phone numbers, physical addresses, and dates of birth. Figure provides home equity lines and blockchain services. [TechCrunch]

Microsoft ICE Azure data tripled to 1,400TB: Leaked documents show ICE expanded its Microsoft Azure storage from 400TB to nearly 1,400TB between July 2025 and January 2026. ICE is using Azure AI Video Indexer for facial recognition and emotion detection. Microsoft says no AI contracts are "tied specifically to enforcement activities." [WinBuzzer]

UK Lords vote for on-device surveillance: The House of Lords voted 207-159 on January 21 to ban VPNs for under-18s and mandate device-scanning software on all phones and tablets. VPN providers would need to verify ages using "highly effective" methods. Big Brother Watch called it a "draconian crackdown." [Reclaim The Net]

Mark Zuckerberg's team threatened with contempt for wearing Meta glasses in court: During the ongoing social media addiction trial in Los Angeles, Zuckerberg's entourage entered the no-recording courtroom wearing Ray-Ban Meta glasses. The judge was not amused and warned of contempt charges. [Fortune]

FISA 702 countdown, 56 days: Congress returns tomorrow, February 23. 56 days until Section 702 expires April 20. The SAFE Act is expected to be reintroduced. [Our explainer]

What to Watch

  • Ring bounty progress: If someone cracks Ring's Amazon dependency, it could create a template for liberating other locked-down smart home devices. Watch the Fulu Foundation for updates.
  • Conduent notification deadline: April 15 for notifications, April 30 for credit monitoring signup. If you've used government services processed by Conduent, watch your mail.
  • ICE Out of Our Faces Act: Will Congress act on mobile facial recognition before the technology becomes even more entrenched? The bill faces long odds but sets a marker.
  • Meta Name Tag decision: Meta hasn't announced a launch date for facial recognition on smart glasses. EFF's legal warning might give them pause. Watch for product announcements.
  • UK device surveillance bill: The Lords voted for it. Now it goes back to Commons. If passed, every phone and tablet in the UK would need to scan for illegal content on-device.

References

  1. DNYUZ - $10K Bounty for Ring Cameras
  2. Texas AG - Conduent Investigation
  3. NBC News - ICE Mobile Fortify
  4. EFF - Seven Billion Reasons
  5. TechCrunch - Aflac Breach
  6. TechCrunch - Figure Breach
  7. WinBuzzer - ICE Microsoft Azure
  8. Reclaim The Net - UK On-Device Surveillance
  9. Rep. Jayapal - ICE Out of Our Faces Act
  10. Fortune - Zuckerberg Meta Glasses Court