Every CMP I have looked at in fifteen years sets a cookie before the user has consented to anything. That is a direct breach of Article 5(3) of the ePrivacy Directive, restated by the CJEU in Planet49 (C-673/17), and reinforced by the Belgian decision against the IAB TCF. This piece explains, step by step, what a lawful consent flow actually looks like and why every cookie banner you have ever seen is wrong.
Google Chrome is downloading a 4 GB Gemini Nano model onto users' machines without consent, with no opt-in, no opt-out short of enterprise tooling, and an automatic re-download every time the user deletes it. The pattern is identical to the Anthropic Claude Desktop case I wrote about last month, but the scale is between two and three orders of magnitude larger. This article does the legal analysis and, for the first time, the environmental analysis. The numbers are not small.
Anthropic ignored the Claude Desktop spyware findings. A formal Cease and Desist has now been issued, with 72 hours before criminal and civil complaints follow.
Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.
A forensic reference to every client-side privacy vulnerability in Google Chrome — fingerprinting, storage tracking, header leaks — and how to detect each.
EU and businesses are abandoning US tech giants for open source and self-hosted alternatives. Why data sovereignty matters now more than ever.
Introducing the That Privacy Guy! blog — expert insights on privacy, data protection, GDPR, AI governance, and cyber security from Alexander Hanff.
Psychographic profiling and surveillance capitalism erode our autonomy. Why privacy is fundamental to self-determination, free thought, and democracy.
