The End of Windows Local Accounts, EU Drops Chat Control, & More

The End of Windows Local Accounts?｜This Week in Privacy #22 (Oct 10, 2025)

0:00

/6351.864

Our top stories this week:

Microsoft blocks the ability to bypass online accounts on Windows 11
Germany confirms its opposition to Chat Control; the European Union withdraws the proposal due to insufficient support.
Hackers breach Discord support tickets, leaking 70,000 age verification documents
A group of American investors have acquired the NSO Group, giving a lifeline to the spyware firm after a series of crippling lawsuit decisions.

TWIP Live 🔴

Updates from the team

We are excited to announce our partnership with Bits of Freedom to help maintain FixJePrivacy.nl, a Dutch-language website providing critical privacy recommendations.

If you have not heard of Bits of Freedom yet, they are a digital rights advocacy organization based in the Netherlands. From suing Meta for their unethical feed recommendation practices to campaigning against Chat Control in the European Union, Bits of Freedom is truly awe-inspiring. We could not have picked a better organization to work with! 😅

As of September 2025, we have launched a massive update of their current website. We are not done yet though. Be on the lookout for future recommendations on AI usage and cloud storage!

Interested in learning more? Read our press release for the full details of our collaboration:

Sources

Microsoft makes online accounts mandatory in Windows 11

The latest Windows 11 update preview has removed existing methods for bypassing the online account requirement for Windows 11. This removes commands like ms-cxh:localonly that were discovered to allow for local account creation. Current Windows 11 users are not affected until this update is formalized in the coming months.

Microsoft states: "We are removing known mechanisms for creating a local account in the Windows Setup experience (OOBE). While these mechanisms were often used to bypass Microsoft account setup, they also inadvertently skip critical setup screens, potentially causing users to exit OOBE with a device that is not fully configured for use. Users will need to complete OOBE with internet and a Microsoft account, to ensure device is setup correctly."

Chat control is defeated (for now)

Patrick Breyer, a digital rights advocate and former German Pirate Party MEP, has proclaimed another defeat for Chat Control. This comes after the governing CDU/CSU coalition in Germany confirmed their opposition to the Danish Chat Control compromise proposal. Sources state that the European Union has postponed the scheduled Chat Control vote on October 14 due to limited support among member states.

For any EU regulation to pass, it must receive support from countries totaling to at least 65% of the population. German opposition makes this requirement impossible, leading to a minority veto.

Despite this victory, Chat Control is not yet defeated. Denmark has voiced their intention to create a new compromise text in a December ministerial meeting.

Discord leaks user ID photos of 70,000 users

Discord has experienced the first known data breach of age verification documents. Approximately 70,000 users had their photo ID images, support tickets, and payment information leaked from a third-party customer support vendor. The hackers threatened to release more customer data unless direct communication channels are opened by Discord, claiming that the company's statement downplayed the extent of the information that was compromised.

Given the worldwide trend of age verification laws, Discord won't be the last company to suffer a photo ID breach. Most platforms rely on third-party companies for age verification purposes, meaning that there is more attack surface for hackers to obtain your photo IDs.

Spyware maker NSO Group acquisition by US investors

A group of American investors led by former Hollywood producer Robert Simonds have acquired the NSO Group, an Israeli mercenary spyware firm infamous for developing Pegasus. The NSO Group remains under the supervision of the Israeli Ministry of Defense and are liable to existing Israeli regulations and export controls.

Over the past two years, the U.S. has become the largest investor in the targeted spyware industry. Having previously been the target of U.S sanctions, the NSO Group has made a shocking comeback. American law enforcement agencies, such as Immigration Customs Enforcement (ICE), are increasingly adopting these tools against suspected criminals. They have signed contracts with similar firms to deploy targeted spyware.

This deal has allowed the company to survive despite a series of financially-crippling lawsuit defeats by companies like WhatsApp and Apple.

Spyware maker NSO Group confirms acquisition by US investors | TechCrunch

NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.