Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.

After senior Trump administration members mistakenly included The Atlantic editor Jeffrey Goldberg in a secret group chat about bombing Houthi targets in Yemen, encrypted messaging app Signal found itself at the center of a storm this week. Some commentators criticized the app, going as far to blame it for the scandal.

But the whole affair that’s dubiously been dubbed “SignalGate” isn’t about Signal at all: Experts say officials shouldn’t invite untrusted contacts into sensitive chats and should only use authorized devices, platforms, and procedures when discussing top-secret military operations. In other words, the people who set up the chat made numerous mistakes, and they had nothing to do with how secure Signal is. In fact, Signal has seen its biggest-ever spike in US downloads as a result of the news.

In other news linked to _that_ Houthi group chat, national security adviser Mike Waltz—an account with the name “Michael Waltz” originally invited Goldberg to the group—left his Venmo account open to public view. As WIRED reported, a “Michael Waltz” Venmo account displayed the names of the adviser’s colleagues and friends, revealing people in Waltz’s wider social network. After WIRED reached out to the White House, the Waltz account hid its friends list. There’s more though: WIRED also discovered other Venmo accounts linked to officials in the Signal chat. Information about who officials associate with could be highly lucrative for foreign spies and hackers.

Elsewhere, we reported on all the ways the White House adopting Elon Musk’s Starlink as an alternative Wi-Fi network could be bad news for network security. There are also early signs in Europe that some companies are going cold on cloud services from Google, Amazon, and Microsoft, as they reassess the risks of dealing with the volatile second Trump administration. And, as crossing the United States border becomes more perilous—for both citizens and visa holders—we updated our guide to keeping your digital privacy intact when you are entering the US.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

**Top US Security Officials’ Passwords and Personal Phone Numbers Discovered Online**

On top of SignalGate and Venmo accounts being left exposed, German news outlet Der Spiegel reported that sensitive personal information linked to several senior Trump administration security officials is easily discoverable online. Reporters from the publication found that mobile phone numbers, email addresses, and “some” passwords for top officials could be found on the internet.

Using people-search engines and information contained in public data breaches, Der Spiegel discovered personal information belonging to Waltz, director of national intelligence Tulsi Gabbard, and Pete Hegseth, the secretary of defense. “Most of these numbers and email addresses are apparently still in use, with some of them linked to profiles on social media platforms like Instagram and LinkedIn,” the news organization reported. The details were also linked to Dropbox, Microsoft Teams, Signal, and WhatsApp accounts used by the officials.

While millions of people have been caught up in online data breaches and use inadequate privacy settings on their online accounts, high-level government security officials are exposed to a broader and more severe range of online threats, particularly from nation-state hackers, than most people. Officials told the news organization that many of the accounts and personal details were no longer used or had been updated. However, messages Der Spiegel sent to WhatsApp and Signal accounts belonging to Waltz and Gabbard were delivered, the publication reported. Only after they approached the government for comment were some of the accounts restricted.

**Internet Restrictions May Hide Initial Toll of Myanmar Earthquake Damage**

On Friday, a huge 7.7-magnitude earthquake and aftershock hit Myanmar, with widespread damage being reported hundreds of miles away in Thailand. At the time of writing, at least 144 people have been confirmed dead with hundreds of others injured in Myanmar. As the first impacts of the devastating quake started to emerge, The New York Times reported that long-standing and widespread internet restrictions in worn-torn Myanmar were likely making it harder for news of the damage to be understood. Since the country’s military junta took power in 2021, connectivity within Myanmar has been widely disrupted or blocked. For instance in 2023, 13 out of Myanmar’s 14 states faced internet disruptions.

In the wake of the earthquake, more video footage and news could be seen immediately emerging from neighbouring Thailand, experts told the Times. “Compare the coverage of the earthquake in Thailand, where tremors and damage have been extensively reported, posted and documented, to Myanmar, where we still don’t have a clear picture of the extent of the damage and loss and may not for some time,” Joe Freeman from Amnesty International said. The lack of connectivity may also make the recovery and humanitarian efforts harder to coordinate, once again highlighting the vital need for people to have reliable and open access to the internet.

**Alleged Snowflake Hacker Connor Moucka Agrees to US Extradition**

Last summer’s Snowflake hacking spree, where customers of the cloud storage company had their accounts targeted, was likely one of the largest mass data exfiltrations that’s publicly known. Toward the end of 2024, Canadian authorities arrested Alexander “Connor” Moucka, 26, who allegedly used online handles such as “Waifu” and “Judische,” in connection to the hacking activity. This week, Moucka consented to be extradited to the United States to face the alleged charges. According to Cyberscoop, Moucka faces 20 federal charges, including those linked to computer fraud, wire fraud, and aggravated identity theft. Moucka is not the only person allegedly behind the Snowflake hacking, with John Binns and Cameron Wagenius being named in indictments. It is unclear when Moucka’s extradition will take place.

**London Is Getting Its First Permanent Face Recognition Cameras**

Police forces across the UK have massively increased their use of live face recognition cameras in recent years. Use of the controversial technology has historically been temporary: mounting cameras on top of police vehicles and deploying them for specific events and set periods of time. That’s now set to change with the first permanent face recognition cameras being rolled out in London. The city’s Metropolitan Police are in the process of installing fixed cameras in Croydon, in the south of the city.

“This will mean our use of LFR technology will be far more embedded as a ‘business as usual’ approach rather than relying on the availability of the LFR vans that are in high demand across London,” a police official wrote in a letter seen by The Times of London. Reportedly, the cameras will not be used continuously, only when officers are nearby to monitor potential alerts. However, privacy campaigners fear the move could be further rolled out across the city, leading to a network of permanent face recognition cameras unlike those seen in any other democratic countries.

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online

Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”

SignalGate, as it's come to be called, may be the biggest scandal to hit the Trump administration in its first months in power. But it's been great for Signal.

Since the news broke on Monday that senior Trump administration cabinet members accidentally included the editor in chief of The Atlantic in a group chat on the Signal encrypted messaging platform where the officials were making secret plans to bomb Yemen, the ensuing news cycle and the constant mentions of Signal have led to the encrypted messaging platform doubling its usual rate of new downloads, the nonprofit organization that runs Signal tells WIRED. Given that 2025 has already been a “banner year” for Signal's growth, according to Signal's leadership, that makes this week the single biggest bump in US adoption of the app in Signal's nearly 11 years of existence.

“In Signal’s history, this is the largest US-growth moment by a massive margin,” says Jun Harada, Signal's head of growth and partnerships. “It’s mind-blowing, even on our side.”

Harada declined to give absolute numbers for Signal's user growth beyond saying that its total downloads are in the “hundreds of millions,” which has been the case for several years. But he said that the week’s rate of adoption has been twice that of a typical week for 2025, which in turn was twice that of a typical week the same time last year. “It happened immediately” after The Atlantic broke the story of Signal's use in the Yemeni bombing, Harada says. “And it’s been sustained. We’ve been maintaining that rate every day.”

In Signal's history, the only comparable spike in adoption occurred when WhatsApp changed its privacy policy in 2021, Harada says, leading to millions of users abandoning that communications app. But that incident mostly brought non-Americans to Signal, unlike the current, US-focused SignalGate bump.

Numbers from the market intelligence firm Sensor Tower largely align with Signal's own analysis of that growth: The company says that Signal downloads in the US increased 105 percent compared to the prior week—and 150 percent compared to an average week in 2024. Outside of the US, Sensor Tower saw only a 21 percent increase in Signal downloads compared to the prior week.

The Atlantic's revelation on Monday that secretary of defense Pete Hegseth, director of national intelligence Tulsi Gabbard, national security adviser Michael Waltz, vice president JD Vance, and other Trump administration officials used a Signal group chat to plan an air strike against Houthi rebels in Yemen—and that Waltz accidentally added Atlantic editor Jeffrey Goldberg to that group in a shocking breach of confidentiality—has raised serious questions about the security practices of the Trump administration that are still resonating days later.

The scandal has called into question whether the executive branch officials were planning the air strike using vulnerable non-approved or even personal devices rather than the secure machines intended for classified conversations. Screenshots of the group chat published by The Atlantic on Wednesday indicate that the officials were using Signal's disappearing messages feature to delete their communications, potentially in violation of US record retention laws.

The incident has raised sometimes-misguided questions, too, about whether Signal itself is to blame for the breach—including from President Trump, who suggested in comments on Wednesday that Signal might be “defective"—despite many cybersecurity and encryption experts' recommendation of Signal as the best end-to-end encrypted messaging tool freely available to the public. “You use Signal, we use Signal, everyone uses Signal,” Trump told reporters, “but it could be a defective platform.”

Signal's Harada declined to respond to Trump's “defective” comment and pointed to Signal's previous statements that it has yet to see any evidence of any vulnerability in the app, much less one that has anything to do with Jeffrey Goldberg being accidentally added to a White House group chat.

But Harada noted that the overall attention to Signal—even the president himself saying that “everyone uses Signal” in the Oval Office—is an example of the kind of visibility it has never had before. “All awareness for Signal is a net positive. The interest in Signal continues to be at an all-time high,” Harada says.

“I don’t think my phone has ever buzzed this much, from people from every walk of life. People are learning about Signal who maybe have never even heard about or considered encrypted messaging before.” Harada also pointed to a report that Google searches for “Signal” were up more than 1,000 percent.

Harada says that Signal was already seeing a significant uptick in adoption in the first few months of 2025. He attributes that growth partly to increasing general interest in privacy among consumers and partly to the breach of nine US telecoms by China's Salt Typhoon hacker group, which led to the hackers accessing some targets' real-time calls and texts. Federal officials at the FBI and the Cybersecurity and Infrastructure Security Agency responded to those breaches by publicly recommending that Americans use encrypted messaging and calling applications.

But all of that has been dwarfed by the attention and interest Signal has received this week. As messy as SignalGate may be, Harada says, it has made Signal a household name like never before. “To have this kind of mainstream moment is massive,” he says. “I believe it’s a sea change for private encrypted messaging for the US and the world.”

SignalGate Is Driving the Most US Downloads of Signal Ever

Is moving from WhatApp to Signal a good idea? We look at the pros and cons, and which settings can make Signal even more private.

This week we learned that the US Government uses Signal for communication, after a journalist was accidentally added to a Signal chat.

Accidental additions of people aside, the news has got regular folks asking if they should, too, be using Signal for private communications.

Probably the largest alternative to Signal, WhatsApp is owned by Meta, and has faced criticism for its data-sharing practices. But is switching to Signal truly an improvement? Let’s explore the differences between these apps and whether the move would be justified.

Both WhatsApp and Signal offer end-to-end encryption, ensuring that only the sender and recipient can read messages. But the difference is that Signal employs “Sealed Sender,” a feature that hides metadata even from itself, whereas WhatsApp collects metadata such as phone numbers, IP addresses, and device information, which it shares with Meta and third parties.

As president of Signal Meredith Whittaker said in a statement to Dutch website Security.nl:

> “WhatsApp collects and shares, when required, large amounts of private information that is not encrypted, like your profile picture, your location, your contacts, when you send a message, when you stop, who’s in your group chats, and so on.”

Signal collects minimal data, but it’s run by the non-profit Signal Foundation, which operates free from commercial interests. Signal’s open-source code allows for public scrutiny of its security claims, which is a transparency WhatsApp lacks.

Where Signal adds privacy-focused features such as call relay (to hide IP addresses), self-destructing messages, and customizable notification settings, WhatsApp provides more social features like status updates.

Switching to Signal is justified if privacy is your top priority. Its minimal data collection, transparency, and advanced security features make it superior to WhatsApp in protecting user information. However, for those who rely on WhatsApp’s massive user base or social features, the transition might be less convenient.

There is no inter-compatibility, so all participants in a conversation need to use the same app. Meaning that one of the few things holding many users back from switching from WhatsApp to Signal is leaving contacts behind that are not willing to move over.

Obviously, the decision is yours and depends on your personal priorities: privacy versus convenience.

To fully benefit from Signal’s privacy capabilities, users should enable the following features:

*   **Disappearing messages**:
    *   Open a chat in Signal.
    *   Tap the three dots or profile icon to enter chat settings.
    *   Select “Disappearing Messages” and set a timer (e.g., five minutes or one week). This ensures messages are automatically deleted after the specified time.
*   **Screen lock**:
    *   Go to Signal settings by tapping your profile avatar.
    *   Navigate to “Privacy.”
    *   Enable “Screen Lock” to require biometric authentication or a PIN to access the app.
*   **Relay calls**:
    *   Under “Privacy” settings, activate “Always Relay Calls.” This routes calls through Signal servers to hide your IP address from contacts.
*   **Incognito keyboard** (Android only):
    *   In “Privacy” settings, enable “Incognito Keyboard” to prevent your keyboard from sending typing data to third-party servers.
*   **Screen security**:
    *   For Android: Enable “Screen Security” to block screenshots within the app.
    *   For iPhone: Turn on “Enable Screen Security” to prevent app previews in multitasking mode.
*   **Registration lock**:
    *   Activate this feature in “Privacy” settings to require a PIN for re-registering your account on new devices.

By enabling these features, users can ensure their conversations remain private and secure.

Another important tip is to check **Group chat members**. Before you send messages to a group, check who can read them: Open your group chat and tap on the group name to view chat settings. Scroll to the Members list and tap “View all members” to see the full list of group members.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Moving from WhatsApp to Signal: A good idea? 

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

The eye-popping scandal surrounding the Trump cabinet’s accidental invitation to The Atlantic’s editor in chief to join a text-message group secretly planning a bombing in Yemen has rolled into its third day, and that controversy now has a name: SignalGate, a reference to the fact that the conversation took place on the end-to-end encrypted free messaging tool Signal.

As that name becomes a shorthand for the biggest public blunder of the second Trump administration to date, however, security and privacy experts who have promoted Signal as the best encrypted messaging tool available to the public want to be clear about one thing: SignalGate is not about Signal.

Since The Atlantic’s editor, Jeffrey Goldberg, revealed Monday that he was mistakenly included in a Signal group chat earlier this month created to plan US airstrikes against the Houthi rebels in Yemen, the reaction from the Trump cabinet’s critics and even the administration itself has in some cases seemed to cast blame on Signal for the security breach. Some commentators have pointed to reports last month of Signal-targeted phishing by Russian spies. National security adviser Michael Waltz, who reportedly invited Goldberg to the Signal group chat, has even suggested that Goldberg may have hacked into it.

On Wednesday afternoon, even President Donald Trump suggested Signal was somehow responsible for the group chat fiasco. “I don't know that Signal works,” Trump told reporters at the White House. “I think Signal could be defective, to be honest with you.”

The real lesson is much simpler, says Kenn White, a security and cryptography researcher who has conducted audits on widely used encryption tools in the past as the director of the Open Crypto Audit Project: Don’t invite untrusted contacts into your Signal group chat. And if you’re a government official working with highly sensitive or classified information, use the encrypted communication tools that run on restricted, often air-gapped devices intended for a top-secret setting rather than the unauthorized devices that can run publicly available apps like Signal.

“Unequivocally, no blame in this falls on Signal,” says White. “Signal is a communication tool designed for confidential conversations. If someone's brought into a conversation who’s not meant to be part of it, that's not a technology problem. That's an operator issue.”

Cryptographer Matt Green, a professor of computer science at Johns Hopkins University, puts it more simply. “Signal is a tool. If you misuse a tool, bad things are going to happen,” says Green. “If you hit yourself in the face with a hammer, it’s not the hammer’s fault. It’s really on you to make sure you know who you’re talking to.”

The only sense in which SignalGate _is_ a Signal-related scandal, White adds, is that the use of Signal suggests that the cabinet-level officials involved in the Houthi bombing plans, including secretary of defense Pete Hegseth and director of national intelligence Tulsi Gabbard, were conducting the conversation on internet-connected devices—possibly even including personal ones—since Signal wouldn’t typically be allowed on the official, highly restricted machines intended for such conversations. “In past administrations, at least, that would be absolutely forbidden, especially for classified communications,” says White.

Indeed, using Signal on internet-connected commercial devices doesn’t just leave communications open to anyone who can somehow exploit a hackable vulnerability in Signal, but anyone who can hack the iOS, Android, Windows, or Mac devices that might be running the Signal mobile or desktop apps.

This is why US agencies in general, and the Department of Defense in particular, conduct business on specially managed federal devices that are specially provisioned to control what software is installed and which features are available. Whether the cabinet members had conducted the discussion on Signal or another consumer platform, the core issue was communicating about incredibly high-stakes, secret military operations using inappropriate devices or software.

One of the most straightforward reasons that communication apps like Signal and WhatsApp are not suitable for classified government work is that they offer “disappearing message” features—mechanisms to automatically delete messages after a preset amount of time—that are incompatible with federal record retention laws. This issue was on full display in the principals’ chat about the impending strike on Yemen, which was originally set for one-week auto-delete before the Michael Waltz account changed the timer to four-week auto-delete, according to screenshots of the chat published by The Atlantic on Wednesday. Had The Atlantic’s Goldberg not been mistakenly included in the chat, its contents might not have been preserved in accordance with long-standing government requirements.

In congressional testimony on Wednesday, US director of national intelligence Tulsi Gabbard said that Signal can come preinstalled on government devices. Multiple sources tell WIRED that this is not the norm, though, and noted specifically that downloading consumer apps like Signal to Defense Department devices is highly restricted and often banned. The fact that Hegseth, the defense secretary, participated in the chat indicates that he either obtained an extremely unusual waiver to install Signal on a department device, bypassed the standard process for seeking such a waiver, or was using a non-DOD device for the chat. According to political consultant and podcaster FP Wellman, DOD “political appointees” demanded that Signal be installed on their government devices last month.

Core to the Trump administration’s defense of the behavior is the claim that no classified material was discussed in the Signal chat. In particular, Gabbard and others have noted that Hegseth himself is the classification authority for the information. Multiple sources tell WIRED, though, that this authority does not make a consumer application the right forum for such a discussion.

“The way this was being communicated, the conversation had no formal designation like 'for official use only' or something. But whether it should have been classified or not, whatever it was, it was obviously sensitive operational information that no soldier or officer would be expected to release to the public—but they had added a member of the media into the chat,” says Andy Jabbour, a US Army veteran and founder of the domestic security risk-management firm Gate 15.

Jabbour adds that military personnel undergo annual information awareness and security training to reinforce operating procedures for handling all levels of nonpublic information. Multiple sources emphasize to WIRED that while the information in the Yemen strike chat appears to meet the standard for classification, even nonclassified material can be extremely sensitive and is typically carefully protected.

“Putting aside for a moment that classified information should never be discussed over an unclassified system, it’s also just mind-boggling to me that all of these senior folks who were on this line and nobody bothered to even check, security hygiene 101, who are all the names? Who are they?” US senator Mark Warner, a Virginia Democrat, said during Tuesday’s Senate Intelligence Committee hearing.

According to The Atlantic, 12 Trump administration officials were in the Signal group chat, including vice president JD Vance, secretary of state Marco Rubio, and Trump adviser Susie Wiles. Jabbour adds that even with ​​decisionmaking authorities present and participating in a communication, establishing an information designation or declassifying information happens through an established, proactive process. As he puts it, “If you spill milk on the floor, you can’t just say, ‘That’s actually not spilled milk, because I intended to spill it.’”

All of which is to say, SignalGate raises plenty of security, privacy, and legal issues. But the security of Signal itself is not one of them. Despite that, in the wake of The Atlantic’s story on Monday, some have sought tenuous connections between the Trump cabinet’s security breach and Signal vulnerabilities. On Tuesday, for example, a Pentagon adviser echoed a report from Google’s security researchers, who alerted Signal earlier this year to a phishing technique that Russian military intelligence used to target the app’s users in Ukraine. But Signal pushed out an update to make that tactic—which tricks users into adding a hacker as a secondary device on their account—far harder to pull off, and the same tactic also targeted some accounts on the messaging services WhatsApp and Telegram.

“Phishing attacks against people using popular applications and websites are a fact of life on the internet,” Signal spokesperson Jun Harada tells WIRED. “Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago."

In fact, says White, the cryptography researcher, if the Trump administration is going to put secret communications at risk by discussing war plans on unapproved commercial devices and freely available messaging apps, they could have done much worse than to choose Signal for those conversations, given its reputation and track record among security experts.

“Signal is the consensus recommendation for highly at-risk communities—human rights activists, attorneys, and confidential sources for journalists,” says White. Just not, as this week has made clear, executive branch officials planning airstrikes.

_Updated at 5:50 pm ET, March 25, 2025: Added remarks about Signal by President Trump._

SignalGate Isn’t About Signal

Google has admitted it accidentally deleted some Maps Timeline user data after what it calls a "technical issue".

Google has admitted it accidentally deleted some users’ Google Maps Timeline data after a “technical issue”.

As reported by Forbes on March 11, users started noticing that their Google Maps Timelines had completely disappeared. At the time, we didn’t know anything about the cause of this issue.

However, now we do, after some of the impacted users received a email from Google on March 21. Not with an apology, mind you, but with an explanation.

Google wrote that it had:

> “Briefly experienced a technical issue that caused the deletion of Timeline data for some people. If you have encrypted backups enabled, you may be able to restore your data.”

If you’re among those affected and you did have backups enabled, here’s how you can attempt to restore your data:

*   Make sure you have the latest version of the Google Maps app installed on your device.
*   Open Google Maps, tap on your profile picture in the top right corner, and select **Your Timeline**.
*   Look for a cloud icon at the top of the Timeline screen and tap it. Choose a backup to import your data.

This doesn’t seem to work for everyone though, with some users commenting that this method didn’t work for them.

If you didn’t have backups enabled, it might not be possible to recover your lost Timeline data.

**Planned deletion**

For those interested in keeping their Timeline, bear in mind that if you don’t take action soon, your visits and routes might be erased, and your Timeline settings disabled. Earlier this month, Google announced that it will begin deleting the last three months of Timeline data unless you take action to back it up, as part of a roll out of significant changes to Maps Timeline.

After you receive the notification from Google, you have about six months to save or transfer your Timeline data before deletion takes place. The sender of the email is “Google Location History,” with the subject line: “Keep your Timeline? Decide by \[date\].”

When you get the prompt, follow the instructions on how to adjust your settings on your device. If you don’t, your visits and routes will be erased, and your Timeline settings will be disabled.

**How to back up your Google Maps Timeline data**

Here’s how back up your Timeline data to prevent any future losses, and help preserve your data during the planned deletion:

*   Open the Google Maps app.
*   Tap your profile picture, then **Your Timeline**.
*   At the top right, tap the cloud icon.
*   If auto-delete is turned on, turn it off.
*   On the Backup screen, turn on **Backup**.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Oops! Google accidentally deletes some users&#8217; Maps Timeline data 

Learn the easiest way to delete duplicate photos on your iPhone device with our simple, step-by-step guide.

Having multiple identical or nearly identical copies of the same photo serves no purpose, and they just take up unnecessary space on your iPhone. In the past, the only way to remove duplicates was to manually search for and delete them. But luckily, starting with iOS 16, iPhones now have a built-in tool that makes it much easier. This feature automatically detects duplicates, groups them into a separate album, and lets you “merge” them – keeping one copy and deleting the rest. However, it does have limitations, it only works with exact duplicates, so near-duplicates won’t be detected.

But what about those photos that have at least minimal differences? In this case, you can either manually search and delete them or use a third-party app with more advanced detection algorithms from the App Store.

Sounds complicated? Relax and continue reading. We’ll lay everything out clearly, providing exact steps to follow for deleting both duplicates and similar photos. By the end, your photo gallery will be more organized, and you’ll gain some free space in your iPhone storage.

While different sources offer various ways to clear duplicate and similar photos on an iPhone, we will show you only the simplest methods, the iOS utility, and third-party applications. In this way, you do not waste extra effort and time. It seems logical to us to start with the utility, as it serves as a standard and basic tool.

However, before we describe all the steps, we suggest you watch a video, in case you find video guides more comfortable than text ones.

****1\. Use the Native “Duplicates” Utility****

At the start of this article, we talked about some features of the built-in iOS “Duplicates” utility. But in case you missed it, here’s a quick reminder: it’s available on iOS 16 and later and only detects exact duplicate images. That said, it’s not always 100% reliable. Sometimes, it fails to recognize duplicates, even when you know they exist.

Many iPhone users on Reddit have reported the same issue, so if the tool doesn’t show duplicates for you, you’re not alone. Despite its limitations, you cannot ignore this handy tool. Here is how you can see and delete duplicate photos on your iPhone using this method:

1\. Open the Photos app on your iPhone.

2\. Scroll down to the Utilities section and tap on Duplicates. This will show you a list of grouped duplicate photos.

3\. To merge a group of duplicates, select a group by tapping on it. You will see the details of the duplicate photos in that group.

4\. Tap Merge. The system will keep the best quality photo, according to its criteria, and move the others to the Recently Deleted album.

If you prefer not to handle each group of duplicates individually, there is a quicker method available. In the upper right corner of the Duplicates album, tap “Select.” Then, choose “Select All” at the top of the screen. Finally, at the bottom of the screen, tap “Merge (X).”

_📝_ **_Note:_** Don’t let the “Merge” button fool you, it doesn’t actually combine duplicate photos into a single image. Instead, iOS selects the best version based on its assessment and moves the rest to the Recently Deleted album. This makes it easy to clear out duplicates and free up storage on your device.

But how can you find similar photos on your iPhone using this utility? You can’t. Since iOS’s built-in tool only detects exact duplicates, it won’t help with near-duplicates. But don’t worry, we’ve got you covered. In the next section, we’ll show you the best way to find and remove similar photos.

****2\. Use Specialized Apps to Delete Duplicate and Similar Photos on iPhone****

To find and clean up similar photos on your iPhone without manually scrolling through them, you’ll need a specialized app. Because of iOS restrictions, these apps mainly focus on duplicates and near-duplicates, using advanced algorithms to detect photos that aren’t exact copies but have slight differences, like changes in angle, lighting, or object position.

Clever Cleaner is a free app that removes duplicate and similar photos. It automatically scans your gallery, groups duplicate and similar photos together displays the results in a tile format, and selects the best photo from each group. You then have the option to delete all unselected copies with one click by using the “Smart Cleanup” feature, or you can choose to delete more selectively.

1\. First, download Clever Cleaner for your iPhone from the App Store.

2\. Launch the app and grant it access to your photo library. Once you provide access, wait for the app to complete the initial scan of your photos.

3\. The ‘Smart Cleanup’ tool instantly clears duplicate and similar photos in one go.

4\. To remove duplicates more selectively, tap on any grouped photos. Check the boxes for the images you wish to delete and select ‘Move to Trash.’

5\. The selected photos will move to the app’s trash bin. You can review these photos and, if necessary, restore them before final deletion. To delete them, slide the ‘Slide to Delete’ control. All marked copies will then move to the ‘Recently Deleted’ album on your iPhone.

In addition to removing duplicates and similar photos, Clever Cleaner also offers features to delete old screenshots, find and delete large video files, and convert Live Photos to regular images, subsequently deleting the originals. While these functions stray from the main topic of this article, they can help free up even more storage on your iPhone. Therefore, if your primary goal is to clean up your device, it’s worth checking them out.

****Empty the Recently Deleted Album to Finalize Duplicate Cleaning****

You’ve probably noticed that each method ends with a mention of the “Recently Deleted” album. If you’re not familiar with it, here’s a quick explanation. When removing an image or video in the Photos app it does not disappear completely. It moves to a place called “Recently Deleted“, where it remains for 30 days. This gives a chance to bring it back if needed.

This album exists because once a file is permanently deleted, without a system backup, it can’t be recovered. However, as long as something stays in that folder, it still occupies storage. To immediately create space, clearing out this folder can be done manually instead of waiting for the 30-day period to end.

1\. Open the Photos app on your iPhone and scroll to the Recently Deleted album.

2\. Tap to open the album. You might need to enter your app ID or password to access this album.

3\. Once inside, tap Select in the upper right corner of the screen.

4\. Choose Delete All to remove all items from the album or select specific photos you wish to delete permanently.

5\. Confirm your choice to delete the items. This action will free up space immediately and remove the files from your device permanently.

****Final Words****

Now that you know how to remove duplicates and similar photos from your iPhone, you’ve already taken a big step toward freeing up storage. While manually deleting duplicates works, using a dedicated cleaner app or similar tool can make the process faster and more efficient, as they often catch both exact duplicates and photos that are just slightly different.

If you’re still low on storage after tackling duplicates, consider deleting other unnecessary files that tend to pile up. Screenshots you no longer need, accidental live photos, and burst photos are good places to start. For videos, check out cinematic or time-lapse clips that may have lost their relevance.

Don’t stop at just the Photos app. To maximize storage, go through your apps, downloads, and other files to remove anything you no longer use. Set aside a bit of time, stay patient, and your iPhone will be noticeably more spacious. You’ve got this!

How to Delete Duplicate Photos on iPhone to Save Storage

Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.

Law enforcement requests for user data from Apple, Google, and Meta mean that these companies can decide whether government authorities have access to your personal information, including location data. This means the companies with the most insight into our lives, movements, and communications are frontline arbiters of our constitutional rights and the rights of non-US citizens—a fact some are likely feeling more acutely now than ever.

Collaboration between Big Tech and the Trump administration began before Donald Trump’s swearing-in on January 20. Amazon, Meta, Google, Microsoft, and Uber each gave $1 million to Trump’s inauguration. Separately, in personal donations, so did Meta CEO Mark Zuckerberg and Apple’s Tim Cook.

Americans concerned about the Trump administration and Silicon Valley’s embrace of it, may consider becoming a “digital expat”—moving your digital life off of US-based systems. Meanwhile, Europeans are starting to see US data services as “no longer safe” for businesses, governments, and societies.

Here’s a brief rundown of the privacy, security, and civil liberties issues related to the use of US-based digital services that suddenly feel more urgent—and what to do about it.

**Cozying Up**

In anticipation of Trump’s inauguration, Meta-owned Facebook, Instagram, and Threads made drastic policy changes citing alignment with Trump administration values, to permit hate speech and abuse “on topics like immigration and gender.” Meta also signaled its allegiance by ditching its fact-checkers—a frequent target of MAGA world ire. Two days after the inauguration, Meta quietly rolled out pro-life moderation actions through post suppression and account suspensions. Zuckerberg explained the company’s new direction to staff, saying: “We now have an opportunity to have a productive partnership with the United States government.”

Meta did not immediately respond to our request for comment regarding its partnership, data sharing, or policy changes.

Google followed suit. The company changed its Maps and Search results to rename part of the world—the Gulf of Mexico—following a Trump executive order renaming it the Gulf of America, despite the the US claiming control of less than 50 percent of the Gulf. Apple and Microsoft also followed Trump’s order.

Google’s consumer products also received a swath of updates in line with the new administration, including further changes to Maps, Calendar, and Search. Next, Google removed the new administration’s “banned” terms from its Google Health product. Then it did an about-face on its public promise not to build weaponized AI tools, such as Project Dragonfly, which was discovered in 2018 to be tailoring Google’s entire platform to enable China’s aggressive crackdown on its citizens. When reached for comment, Google did not immediately respond.

Big Tech aligning with the Trump administration matters because its business models rely on surveillance and amassing our personal data. Meta, Google, Apple and other large tech firms are among the gatekeepers standing between privacy and government requests for user data. Even when tech firms must comply by law, they’re often still free to decide how much information they collect about people and how long they store the data.

**Government Hand-Outs**

Current US laws around tech, privacy, and government requests have been guided by bulwarks like the Fourth and Fifth Amendments, US court rulings, and tech companies’ willingness to question the federal government’s opinion that it is entitled to access our personal information and location data. Apple, Google, and Meta each have language about law enforcement data requests that make it seem like they have our backs when it comes to overreach. Now, with companies shaping certain policies, tools, and practices in pursuit of “partnership” with the Trump administration, these companies’ powers over our data takes on new focus.

Generally, law enforcement can compel US companies to hand over user data using a subpoena, court order, search warrant—or, in rarer cases, a National Security Letter (NSL). As Google explains, an NSL is “one of the authorities granted under the Foreign Intelligence Surveillance Act (FISA).” Google adds, “FISA orders and authorizations can be used to compel electronic surveillance and the disclosure of stored data, including content from services like Gmail, Drive, and Photos.” How companies respond to these demands can vary in consequential ways.

A nearly decade-old battle over encrypted communication provides a clear example of the push and pull over user data between tech companies and federal law enforcement. In 2016, the FBI tried to compel Apple to backdoor an iPhone so law enforcement could access its encrypted contents. Apple refused to break its iOS security to do so. Then-candidate Trump said the company should be made to comply or be punished. “We should force them to do it,” he stated. Backdoors for law enforcement data access became a pet project in Trump’s first term; his DOJ appointee Rod Rosenstein launched a 2017 campaign to rebrand encrypted communications (and locked phones) as “law-free zones.” By 2019, Trump officials were brainstorming laws and bans against “unbreakable” consumer security measures, like end-to-end encryption.

The second Trump administration’s stance on encryption is less clear. Prior to Trump’s new term, in December 2024, FBI officials urged Americans to use encrypted messaging apps in the wake of cyberattacks on telecom companies attributed to the Salt Typhoon hacking campaign. (Since then, Trump’s team disbanded the DHS board investigating Salt Typhoon.) When reached for comment regarding the administration's current stance on companies using forms of encryption law enforcement can't break, a While House official told WIRED via email: “The White House looks forward to working with industry leaders to unlock the Golden Age of digital literacy.”

Apple did not immediately respond to WIRED”s request for comment.

Big Tech’s MAGA pivot is pointedly problematic for countries that rely on services like Meta platforms for government communications, official emergency response coordination, social tools like Marketplace, news, public health messaging, and small business services. Officials in one New Zealand district are exploring Facebook and Instagram exit strategies "until such time as we can be assured of the safety of our whole community and the integrity of democracy on these platforms."

It's a global concern. This week, an annual report on the global state of democracy, the Varieties of Democracy project (V-Dem), told reporters, "the United States will not score as a democracy when we release \[next year's\] data." V-Dem’s principal investigator, Staffan Lindberg, added: "If it continues like this, democracy \[in the US\] will not last another six months." With an expected downgrade to the status of electoral autocracy, the US will share its label with Turkey, Hungary, Iraq, India, and Russia.

This makes Big Tech's data collection, storage, control over, or any use of that data an even more urgent issue around the world. This is particularly true for countries the US government has in its sights for territorial expansion, extracting resources, or MAGA grievance politics.

Of course, saying, “just quit Facebook” is one thing—it’s not that simple. Ditching Messenger and WhatsApp for Signal is pretty straightforward, though. Trading X for Bluesky is easier. Keep in mind that both are currently based in the US and that these are merely _safer_ alternatives. In other words, editing your digital footprint is an act of risk and harm reduction, where you identify threats and take the appropriate steps for your situation to reduce potential harms to yourself and those you care about.

**Cutting Ties**

If you’re thinking it might be handy to know about secure non-US options for your digital footprint, good news: There are a variety of well-established services worth checking out—ones that are increasing in popularity as fears of a DOGE\-Facebook partnership seem less far-fetched by the day..

In the wake of deletions and alterations in the Trump administration’s war on science, accurate health information, inclusion, and equity, an archived copy of the CDC’s pre-Trump website is hosted in Europe due to concerns about US jurisdiction. Similarly, the Internet Archive has a full, live copy of itself preserved outside the US (Internet Archive Canada), also using decentralized Filecoin storage for the 2024/2025 EOT Web Archive “as an added layer of preservation.”

It’s no coincidence that a majority of jurisdictionally-aware US data preservation efforts are listing ProtonMail accounts as their contact info. Proton is a Swiss company offering services comparable to Gmail, Google Drive and Docs, as well as having an end-to-end encrypted platform, a password manager, backup storage, photos, and a VPN. Proton explains in a March 2023 blog post that Swiss law and encryption protects Proton’s users from abortion-related data requests, and details the difference between data requests they receive and those sent to Facebook and Google.

For people who prefer globally accurate maps free of Trump Sharpie defacements, and the Gulf of Mexico keeping its name, check out MagicEarth, TomTom AmiGO, HERE WeGo (all Netherlands-based) or OpenStreetMap (global contributors). Check out Vivaldi (Norway) for browsing, and Qwant (France) or Startpage (Netherlands) for a search engine. IONOS (Germany) is a Squarespace/Wix alternative, Pixelfed (Canada) can stand in for Instagram. StoryGraph (UK) for Goodreads. Affinity (UK/AU) or Canva (AU) can replace Adobe products, and Kobo (Canada/Japan) for an ebook reader.

Check out Plex or Jellyfin for music and video, Nextcloud for file storage and syncing, LibreOffice for an office suite, Affinity Suite to replace Adobe, SearXNG for search—all based outside the US. Codeberg (EU) is basically an open source, privacy-forward, community-run Github; one user has a handy Linux-Is-Best/Outside\_Us\_Jurisdiction listing for digital service providers. If you’re looking for a non-U.S. Starlink alternative, Eutelsat may have you covered.

To find other services that suit your needs, take a look through this sprawling, collectively curated Non-US Alternatives List of everything from email to antivirus programs, e-commerce and social media options, and more. European Alternatives also has a growing collection of categories listing services from web analytics and cloud platforms to password managers, web browsers, calendars, and even a few music streaming services.

Concerns prompting people to jettison US digital services isn’t new, but it’s only getting more popular as the lines between Trump’s White House and Big Tech grow less distinct by the day. There are over a quarter million members in the r/degoogle subreddit, where members share tips, tricks, and reviews on everything they’re using to replace Google products or ditch US products altogether.

“Cancelled all my US streamers and moved to a Crave/GEM combo,” one member explained. “Spent 2 weeks moving to Proton and deleted/cancelled everything US during that process. Bye PayPal, bye Amazon, goodbye American everything.”

How to Avoid US-Based Digital Services—and Why You Might Want To

Citizen Lab's investigation reveals sophisticated spyware attacks exploiting WhatsApp vulnerabilities, implicating Paragon Solutions. Learn how their research exposed these threats and the implications for digital privacy.

Cybersecurity researchers at the Citizen Lab at the University of Toronto have exposed the use of sophisticated spyware named **Graphite**, developed by the Israeli firm Paragon Solutions, to target high-profile individuals through WhatsApp.

Their **investigation** reveals that a previously unknown zero-day vulnerability in WhatsApp’s software allowed the spyware to be installed on devices through a zero-click exploit, allowing adversaries to gain unauthorized access to targeted phones.

For your information **zero-click exploits** mean that a device can be compromised without the user clicking a link, opening a file, or performing any other action.

Attack flow explained (Source: The Citizen Lab)

****Graphite Spyware Servers Worldwide****

Paragon Solutions, established in 2019 by figures including former Israeli Prime Minister Ehud Barak, claims to differentiate itself by adhering to ethical standards, unlike other spyware vendors like the **NSO Group**.

However, Citizen Lab’s researchers mapped out servers attributed to Graphite, and identified suspected deployments against journalists, human rights activists, and government critics across multiple countries. This includes:

*   Italy
*   Israel
*   Canada
*   Cyprus
*   Denmark
*   Australia
*   Singapore

WhatsApp’s parent company, Meta, has confirmed that approximately 90 users in 24 countries were targeted. However, since the researchers are based in Canada; a significant aspect of the investigation focused on a Canadian client, the Ontario Provincial Police (OPP). The analysis uncovered links between Paragon and the OPP, revealing a systematic use of spyware capabilities among Ontario-based police services.

The Italian connection proved to be a focal point of the investigation. Forensic analysis of Android devices belonging to individuals notified by WhatsApp, including journalist Francesco Cancellato and Mediterranea Saving Humans founders Luca Casarini and Dr. Giuseppe Caccia, revealed clear indications of Graphite spyware.

Researchers identified a unique Android forensic artifact, BIGPRETZEL, which confirmed the presence of Paragon’s spyware on these devices. The Italian government initially **denied** any involvement but later **acknowledged** having contracts with Paragon.

Furthermore, the investigation extended to an iPhone belonging to David Yambio, a close associate of the confirmed Paragon targets. Apple threat notifications received by Yambio, coupled with forensic analysis, revealed an attempted infection with novel spyware, subsequently patched by Apple in iOS 18.

In response to Citizen Lab’s findings, Meta, along with Apple and Google, collaborated to address the security vulnerability. WhatsApp implemented a server-side fix, eliminating the need for users to update their apps. Apple also released a patch for its iOS operating system to protect iPhone users.

WhatsApp subsequently **notified** the targeted users. “If we believe that your device has come under threat, we may notify you about it directly via a WhatsApp chat,” the notification read.

****WhatsApp Attacks Persist Despite NSO Group Lawsuit Win****

Hackread.com earlier **reported** that the infamous Israeli spyware company, NSO Group, was held legally liable for compromising hundreds of WhatsApp accounts. Court found NSO Group responsible for breaching WhatsApp’s terms of service and exploiting a vulnerability to install its powerful Pegasus spyware on at least 1,400 devices, targeting journalists, human rights activists, political dissidents, and government officials.

Interestingly, CyberScoop **reported** in November 2024 that NSO Group continued to develop new malware based on WhatsApp exploits, even after Meta filed a lawsuit against them and that when WhatsApp disabled the Eden exploit, NSO Group created the Erised vector to target users until May 2020.

Now, the Citizen Lab’s findings indicate that Israeli spyware firms are continually focusing on exploiting WhatsApp vulnerabilities for spyware deployment and aggressively using them against journalists and activists.  

These cases show the never-ending struggle between technology companies and malicious actors seeking to compromise user privacy and the critical need for continuous caution, stricter security measures, and legal accountability within the spyware industry to protect digital privacy and **human rights**.

Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit

Experts are warning about the proliferating market for targeted spyware and espionage. Why should we be concerned?

Experts are again warning about the proliferating market for targeted spyware and espionage.

Before we dive into the world of targeted spyware, it’s worth looking at a few of the main players that are active in and against this industry.

**Paragon Solutions** is an Israeli company which sells high-end surveillance technology primarily to government clients, positioning its products as essential for combating crime and national security. The name of Paragon’s spyware is Graphite.

However, a lot of controversy arose when it faced allegations over the targeting of specific WhatsApp users, including journalists and civil society members, leading to a cease-and-desist notice from WhatsApp. Following these allegations, Paragon Solutions ended its contract with Italy after Italian citizens were found to have been targeted.

The **NSO group** creates the high-level spyware known as Pegasus, and has also been caught spying on WhatsApp users. The NSO Group justifies the use of Pegasus by saying it’s a beneficial tool for investigating and preventing terrorist attacks and maintaining the safety of the public.

On the opposite side of the fence, **CitizenLab** is an interdisciplinary laboratory based in Toronto, Canada. CitizenLab focuses on studying information controls that impact the openness and security of the internet and pose threats to human rights.

The work done by CitizenLab has led to greater understanding of the global digital surveillance landscape and its implications for human rights.

Often, we will see newly found vulnerabilities in iOS, WhatsApp and other software credited to CitizenLab or one of its associates. They often find these vulnerabilities by analyzing devices of individuals infected with high-level spyware.

In an interview with TheRecord, founder Ronald Deibert said CitizenLab routinely checks people’s phones for spyware. Over time, the researchers at CitizenLab have honed their forensic skills to the level that they can pinpoint the moment of infection for the device right down to the second.

In a recent article, CitizenLab explained in great detail how it cooperated with Meta on uncovering a WhatsApp zero-day vulnerability and how it traced it back to Paragon and the Italian government.

While most of us will, hopefully, never have to deal or worry about getting infected with high-level spyware, we may end up falling victim to the vulnerabilities that are used to infect targets.

Both Paragon and the NSO group have brought many zero-day vulnerabilities to light in browsers and other online applications by using them to compromise mobile devices.

Zero-day vulnerabilities are hard to come by and therefore expensive. But once they are used against victims, there is a good chance that at some point they will be discovered and patched.

But small-time criminals will pick them up and try to use them against people who haven’t had a chance or the time to update their device yet.

Which is why we, on this blog, and through Malwarebytes’ Trusted Advisor, always urge people to keep their devices up-to-date.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Targeted spyware and why it&#8217;s a concern to us 

Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats.

Cybersecurity researchers at Bitdefender have discovered a malicious ad fraud campaign that has successfully deployed over 300 applications within the Google Play Store. These malicious apps have collectively been downloaded over 60 million times, exposing users to invasive ads and phishing attempts.

****Malicious Apps on the Google Play Store****

The Google Play Store, a popular platform for Android applications, has become a target for cybercriminals. Despite Google’s efforts to maintain a safe environment by removing malicious apps, attackers continuously adapt new methods to slip them one way or another.

According to Bitdefender’s report shared with Hackread.com ahead of publishing on Tuesday,  its researchers along with IAS Threat Lab traced this campaign back to at least 331 malicious apps, 15 of which were still available on Google Play at the time of their investigation. These apps pose as harmless utilities, such as QR scanners, expense trackers, health apps, and wallpaper apps.

2 malicious apps out of 300+ both with more than 1 million download each (Screenshot: Bitdefender)

Many of these apps initially appeared harmless but were later updated to include malicious codes. The fraud campaign, active since Q3 2024, shows no signs of slowing down, with new malicious apps still appearing on the store as recently as March 2025. The top 5 counties impacted by this campaign include:

1.  Brazil
2.  United States
3.  Mexico
4.  Turkiye
5.  South Africa

****Hidden Icons**, **Pushing Ads and Phishing:****

One of the techniques involve hiding the app icon from the user’s launcher. This method, restricted in newer Android versions, suggests that attackers have either found a flaw or are exploiting an API vulnerability. Some apps even change their names to mimic legitimate services like Google Voice, further complicating their removal.

These apps are designed to display full-screen ads without user consent, even when another app is in use. Worse, they can initiate phishing attacks, tricking users into exposing sensitive information such as login credentials and credit card details.

Researchers have also revealed technical strategies used by these malicious apps to evade detection on infected devices. One such technique is Content Provider Abuse, where apps declare a contact content provider that is automatically queried by the system after installation, enabling execution without user interaction.

Another tactic involves activity launching through methods like DisplayManager.createVirtualDisplay and other API calls, allowing the apps to start activities without requiring user permission. This technique is often used to display intrusive ads or launch phishing attempts.

To maintain persistence, these apps rely on services and dummy receivers, ensuring they remain active even on newer Android versions that block certain background activities.

****Protect Your Devices****

Usually, it’s best to download apps only from official stores like Google Play and Apple’s App Store. However, in this case, it’s advised to avoid downloading unnecessary apps from both official and third-party stores.

Make sure to keep your device updated so security patches are installed automatically. Run regular malware scans and watch for suspicious activity, such as an app’s icon suddenly disappearing, its name changing, your device slowing down, or excessive battery drain. If you notice anything unusual, delete the app immediately.

Tag

#sap