Feed aggregator

Google has weighed in on a court case that will decide the future of a powerful but contentious tool for law enforcement. The company submitted an opinion to the US Supreme Court arguing that geofence warrants are unconstitutional.

A geofence warrant is a form of “reverse warrant” that turns a regular warrant on its head. Police get a regular warrant when they want to target a particular person. With a reverse warrant, police don’t know exactly who they’re looking for. Instead, they ask someone (typically a technology company) for a broad data set about a group of unknown people based on some common behavior. Then they analyze that data set for potential suspects.

With a geofence warrant, that data set is defined by a location and a time window. Law enforcement officials obtain a list of phones that were in that area during that period. Every device that was inside the circle comes back in the results, even if nobody on that list has been suspected of anything. Proximity is the only criterion.

That’s how Okello Chatrie was charged with armed bank robbery in Virginia in 2019: His phone showed up in a geofence warrant covering 17.5 acres (larger than three football fields). He argued that this kind of search isn’t constitutional and shouldn’t have been used as evidence.

In 2024, the Fifth Circuit Court of Appeals agreed with him, overturning a Fourth Circuit ruling. Now prosecutors have taken the case to the Supreme Court, with parties due to make oral arguments on April 27.

The case has seen a flurry of amicus curiae briefs, which are opinions from interested expert parties that have no direct involvement in the case. One of these is from Google, which on Monday urged the justices to consider the geofence warrants unconstitutional because of their broad scope. It has objected to more than 3,000 of them on constitutional grounds in recent months.

Google’s brief stated:

“Many of these overbroad warrants swept in hundreds, sometimes even thousands, of innocent people. State and federal courts have repeatedly granted Google’s motions to quash these overbroad warrants.”

How the database gets built

Although Google is just one of many organizations that filed amicus briefs, its position is especially notable because it has historically collected so much location data. Its Timeline feature (formerly Location History) logs device position via GPS, Wi-Fi networks, Bluetooth, and mobile signals, including when Google apps aren’t being used, according to its policy page.

At the time of the Chatrie warrant, it was recording position as frequently as every two minutes. All of that fed a centralised internal database which held 592 million individual accounts. So responding to any geofence request required Google to search essentially the entire store before producing a single name, according to an analysis by privacy advocacy group EPIC, which also regularly submits amicus briefs on privacy cases.

Google moved Timeline storage from its own servers onto users’ devices in July 2025, closing the door to fresh cloud-based requests against its own systems. But the constitutional question survives for historical data and for any company that has not followed suit.

The warrant that grew and grew

A geofence warrant does not stay fenced, according to a separate brief that the Center for Democracy and Technology (CDT) filed in the case last week. It said Google’s standard response to warrants had three steps. First it would deliver an anonymized list of devices inside the geofence. Then, police could ask for movement data on chosen “devices of interest,” which could track them outside the geographic boundary and beyond the original time window. Finally, again without any further judicial approval, police could ask for subscriber-identifying information for whichever devices police chose to unmask.

In the Chatrie case, positioning data was imprecise enough that, as the district court found, the warrant may have included devices outside the intended area. According to the CDT brief:

“The Geofence Warrant could have captured the location of someone who was hundreds of feet outside the geofence.”

The CDT argues in its brief that this can expose the privacy of people going about their everyday lives, engaging in legal activities that they might not want others to know about. The warrant that scooped up Chatrie included a hotel and a restaurant.

Some of these requests are far broader. Google successfully challenged a warrant asking for the location history of anyone in large portions of San Francisco for two and a half days, it said. Google complained in its brief:

“No court would authorize a physical search of hundreds of people or places, yet geofence warrants sometimes do so by design.”

What can you do to stop yourself getting swept up in a geofencing search?

If your phone stores detailed location history with Google, that data may be included in geofence warrant responses. Limiting what gets saved can reduce how much location information exists in the first place.

There are two Google settings that matter: Timeline (Location History) and Web & App Activity. Turning off one does not automatically disable the other.

Timeline stores a detailed record of where your device has been, although it’s off by default. Web & App Activity can also log location signals when you use Google services like Search, Maps, or other apps.

Google provides instructions on how to review and disable these settings in its support documentation:

• How to turn Location History / Timeline on or off
• How to manage Web & App Activity

Google has previously settled lawsuits accusing it of misleading users about how location data is stored across these settings, so reviewing both controls is important.

Reverse warrants may not stop at location data

The implications of the case extend well past maps, though. The CDT brief warns that if courts endorse the logic behind geofence warrants, then law enforcement may try to apply the same approach to other large datasets held by technology companies, such as AI chatbot data. That’s a step the DHS has already taken, issuing what has been reported as the first known warrant for ChatGPT user data.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

The stolen credential marketplace had been active since 2021 and in late 2025 it counted 142,000 users. 

The post LeakBase Cybercrime Forum Shut Down, Suspects Arrested appeared first on SecurityWeek.

Prominent scandal victim given leave to appeal High Court decision in his legal action against the Post Office and Fujitsu

A high court judge has ruled that police do not have to give reasons to lawyer, who acts for Hamas, why they seized his mobile phone data

Hacktivist activity surrounding the Iran war is sky-high but Iran’s state-backed cyber espionage actors have yet to show their hands, giving security teams a valuable window of time to shore up their defences

Article URL: https://polsia.com

Comments URL: https://news.ycombinator.com/item?id=47260016

Points: 1

# Comments: 0

Article URL: https://read.technically.dev/p/whats-an-api

Comments URL: https://news.ycombinator.com/item?id=47260005

Points: 1

# Comments: 0

Based on testing done by our sleep experts and headphone expert, these are the best headphones and earbuds for sleep.

Article URL: https://github.com/war851/AI-Governance-Architecture

Comments URL: https://news.ycombinator.com/item?id=47259987

Points: 1

# Comments: 1

Don't need to light things on fire? The phone still has a massive battery, bright spotlight and big speaker to suit your campsite.

Article URL: https://paloha.fr/fr

Comments URL: https://news.ycombinator.com/item?id=47259981

Points: 1

# Comments: 1

I’m curious how engineering and security teams are handling governance around AI usage inside companies.

As more teams integrate APIs from providers like OpenAI, Anthropic, and other LLM services, it seems possible for sensitive data to accidentally end up in prompts.

Some questions I’m trying to understand:

• Do companies route AI API traffic through some internal gateway or proxy? • How do you prevent sensitive information (customer data, credentials, internal documents) from being sent to external models? • Is AI usage across teams actually tracked anywhere? • If an auditor asked how AI systems are governed in your company, would you have a clear answer?

I’d be interested to hear how teams are currently handling this in practice.

Comments URL: https://news.ycombinator.com/item?id=47259975

Points: 1

# Comments: 0

Hi HN,

I’m experiencing a destructive and seemingly erratic behavior from Fly.io's automated systems that resulted in a total loss of data across multiple organizations.

I have been using Fly.io since July 2023 with two distinct organizations:

Org A: Used for some Selenium-based automation experiments in late 2025 and other unrelated private projects through the years.

Org B: A long-standing production environment with a Postgres database, active since 2023 with a consistent billing history.

The Incident Recently, I discovered that everything across all my organizations has been nuked. Apps, databases, and even the volume snapshots (backups) have vanished. The dashboard for my database volume now simply says "deleted 16 days ago."

The contradiction in their system is staggering:

In both organizations, I see a semi-transparent banner: "Your account was flagged by our fraud protection system. Learn more" (the "Learn more" is not even a link).

However, the "Billing" page for Org B still claims the account status is in "Good Standing."

To make it even more surreal, I recently received an automated email from billing@fly.io stating: "Your organization Org B got 100% discount this month!" while my data was already gone.

The critical issue: The database in Org B contains irreplaceable data. While I have older backups, the recent records are unique and cannot be reconstructed. Recovery is my absolute priority.

The Shadow-Lock Loop My account is NOT banned—I can still log in—but I am stuck in a programmatic "shadow-lock" loop:

Support Tickets: My emails to billing@fly.io (including specific Machine and Volume IDs) have gone unanswered for almost 3 days.

Paid Plan Upgrade: I tried to upgrade to the $29/mo Launch plan to access prioritized support, but the dashboard throws a "Failed to Get Current Plan" error every time I try to add a payment method.

Community Forum: I can't even post there; I get a "Validation Error" when trying to set a username.

Red Flags for the Community

Zero Notification: No email, no warning, and no notification of any violation before the wipe.

Instant Snapshot Deletion: Deleting persistent volumes AND their snapshots simultaneously without a grace period is a terrifying prospect for any PaaS user.

Cross-Org Contamination: A flag on an experimental organization (Org A) led to the silent destruction of a completely separate, clean production organization (Org B).

I have all the technical IDs ready. Although the dashboard says the volume was deleted 16 days ago, I am desperately hoping that a human engineer can still locate a backup or snapshot in their storage before the data is scrubbed forever.

Be careful: On Fly.io, an automated flag on one organization can apparently lead to the total destruction of everything you've built across your entire account over the last 2.5 years.

Comments URL: https://news.ycombinator.com/item?id=47259962

Points: 1

# Comments: 0

Article URL: https://thecloudlet.github.io/blog/project/emacs-02/

Comments URL: https://news.ycombinator.com/item?id=47259961

Points: 1

# Comments: 0

Article URL: https://deno.com/deploy/sandbox

Comments URL: https://news.ycombinator.com/item?id=47259948

Points: 1

# Comments: 0

Article URL: https://blog.perfectdatasolutions.com/ost-to-pst-converter-software-2/

Comments URL: https://news.ycombinator.com/item?id=47259934

Points: 1

# Comments: 1

Article URL: https://encore.dev/blog/stop-writing-instrumentation-code

Comments URL: https://news.ycombinator.com/item?id=47259921

Points: 2

# Comments: 0

Article URL: https://openclawagent.net

Comments URL: https://news.ycombinator.com/item?id=47259916

Points: 3

# Comments: 1

Article URL: https://github.com/auxten/clickmem

Comments URL: https://news.ycombinator.com/item?id=47259913

Points: 1

# Comments: 0