Privacy tools are usually locked behind a monthly subscription, but Mozilla is changing that by baking protection directly into the browsing experience. With the latest update, Firefox has added an integrated VPN that allows you to hide your digital tracks without needing a separate app or a credit card. It’s a major shift for the browser, moving a feature that used to be a paid extra into the hands of every user by default.

Keep in mind that free VPNs can be dangerous. If they’re not from a trusted provider, they can put your data at risk or include vulnerabilities you wouldn’t find in some of the more popular paid VPN services. 

In its post about the Firefox 149 updates, Mozilla notes, “Free VPNs can sometimes mean sketchy arrangements that end up compromising your privacy, but ours is built from our data principles and commitment to be the world’s most trusted browser.” 

In CNET’s tests, among VPN services that offer a free tier, the best free plan on the market is Proton VPN’s free service. (It’s the only free VPN CNET currently recommends.) But the free Proton VPN service is missing some features found in the company’s premium plan, such as the ability to choose a server manually or connect multiple devices at the same time. 

For limited or casual use

Mozilla’s overall VPN technology has undergone independent audits from Cure53, has resolved security issues over its history and uses WireGuard, which gives it a good security foundation. 

The browser-based free version may give the impression that it offers the same level of overall protection as a stand-alone VPN. However, it only protects web traffic viewed through the Firefox browser.

“The fundamental limitation is scope,” said Jacob Kalvo, a cybersecurity expert and CEO of Live Proxies, which provides technical services to businesses and individuals. “[The free Firefox VPN] only protects browser traffic, not apps, system processes or other network activity. That creates a false sense of ‘full protection’ for less technical users.”

That could make it a useful feature for casual use while browsing the web for those who don’t already have a VPN service. And Kalvo says the 50GB data limit is generous for a browser-based VPN.

But, he said, for anything involving “sensitive data, competitive intelligence, or large-scale operations,” he doesn’t recommend it.

“This is a controlled, limited-use product rather than a full privacy solution,” Kalvo said.

On Tuesday, the nonprofit Consumer Federation of America filed a lawsuit against Meta, alleging that the way the social networking giant handles scammers on its platforms violates Washington, DC’s consumer protection laws.

While many online scams involve direct outreach to victims by scammers (who are often themselves human trafficking victims trapped in scam compounds), CFA’s lawsuit focuses on fraudulent advertising that CFA alleges Meta profited from and allowed to “proliferate on its platforms,” despite publicly promising that it takes cracking down on fraud and scams seriously.

In its complaint, CFA points to ads found in Meta’s ads library that CFA claims are types of well-known scams, including several that appear to target people by their birth year and tout $1,400 checks, as well as others that advertise free government iPhones.

Speaking with WIRED, Ben Winters, CFA’s director of AI and data privacy, says others can find more dubious ads just by searching Meta’s ad library using key words like “free phone” and “stimulus check.” WIRED’s quick perusal of the ads library on Monday shows more live ads for “secret tax checks” that lead to a website that promises to reveal “Wall Street’s recession-proof investing strategy.”

Meta did not immediately respond to a request for comment.

CFA is seeking to recover damages and what it says are illegal profits from Meta, in addition to business reforms. Winters says that there’s more to be done to take down repeat violators and scrutinize ads that promise things like free government programs that don’t exist before they’re put in front of consumers.

Meta has faced particular scrutiny because Facebook, Instagram, and WhatsApp—which are all owned by Meta—are among the most widely used online platforms by Americans, according to a recent Pew Research Center report. In late 2025, Reuters reported on a set of internal Meta documents that detailed how the company dealt with fraudulent and prohibited user activity, including a May 2025 presentation that estimated that its platforms were involved with a third of all successful scams in the US. Another presentation cited by Reuters alleged that an internal Meta review found it “is easier to advertise scams on Meta platforms than Google.”

One Meta document from 2024 that Reuters cited estimated that the company would earn 10.1 percent of its revenue that year—around $16 billion—from ads that were actually scams or other types of prohibited content. To put that figure in perspective, the FBI estimated that in 2024, Americans lost $16 billion from all internet crimes. At the time, a Meta spokesperson called the estimate “rough and overly inclusive” and said that the set of documents Reuters reported on “distorts Meta’s approach to fraud and scams” and that the actual revenue was lower, but declined to tell Reuters by how much.

In June 2025, a bipartisan coalition of state attorneys general urged Meta to crack down on Facebook ads that led consumers to WhatsApp groups that were used for carrying out investment scams. The letter, which was signed by New York AG Letiticia James, said that Meta’s solutions were not working and that investigators in New York kept seeing scam advertisements months after submitting reports to Meta.

Since then, the US Virgin Islands attorney general’s office filed a lawsuit against Meta that, among other things, alleged that the company not only failed to crack down on scam advertising but charged advertisers higher rates to run ads flagged as likely to be fraudulent. That lawsuit is ongoing.

Though the federal government and many states have similar consumer protection laws as the DC law that CFA alleges Meta violated, Winters says he’s not holding his breath for the federal government to take action, and while he appreciates the work of state attorneys general, he believes consumers need relief now.

“We appreciate their work and think it’s absolutely critical, but we can’t wait for them to act when we haven’t seen them able to act as quickly as we need to,” Winters says. “This is why nonprofits and civil society exist in the idealized world, right? To fill in gaps where there are gaps.”

After its recent launch, Honor of Kings is now doubling down on the market with a two-pronged strategy. First, build a creator ecosystem, then strengthen its esports pathway. For this, the game has announced the rollout of HOK Studio, alongside the King’s Arise India: KWC at EWC26 Qualifier. Here’s everything you need to know.

HOK Studio to Boost Creator Ecosystem

At the center of this push is HOK Studio, the game’s official creator platform designed to support content creators across formats. This includes short videos, livestreams, tutorials, esports coverage, and more. As part of its initial phase in India, HOK Studio will introduce a Content Creator Incentive Program with rewards exceeding ₹1 crore (₹10 million). Creators can also get access to in-game tokens, exclusive rewards, official promotional support, and even early access to new content.

Dean Huang, the game’s producer, said:

India is a key market for Honor of Kings, and our focus is on building a strong, localised ecosystem that goes beyond gameplay. With HOK Studio, we are committed to developing a program worth an initial ₹10 million, to empower creators who play a critical role in shaping how the game is experienced and shared. At the same time, through initiatives like the KWC at EWC26 Qualifier, we are creating opportunities for Indian players to compete at the highest global level. Together, these efforts reflect our long-term commitment to growing both the creator and competitive ecosystems in India.

EWC Qualifier

Alongside creators, the game is also focusing heavily on competitive play. The King’s Arise India: KWC at EWC26 Qualifier will act as a structured pathway for Indian teams to reach the global stage. Registration for the tournament will run from April 19 to April 26, followed by open qualifiers, playoffs, and offline finals on May 17. The tournament features a prize pool of ₹5 lakh and will eventually select two teams to represent India at the global KWC event, where the total prize pool stands at $3 million.

The competition will follow global formats like Global Ban & Pick, which prevents teams from reusing heroes across matches, and a Bo7 Grand Final with an “Ultimate Battle” tiebreaker. These formats are designed to test strategy, adaptability, and team coordination at the highest level.

Google announced today that it is upgrading the Gemini for Home service with a “continued conversations” feature. Continued conversation allows a user to have a natural discussion with the Gemini platform without prefacing every follow-up request with the “Hey Google” prompt. The microphone will remain active on a smart device for a few seconds after the Gemini AI assistant provides its reply. During that window, the lights on the hardware will pulse or glow, indicating that you can keep chatting normally with the chatbot without needing a wake word. Gemini should retain the context as the conversation progresses, which should allow it to provide the desired information faster without the need for a user to repeat key details.

The feature is rolling out today for all Gemini for Home voice assistant languages and in all supported regions. Continued conversations have to be manually enabled in the Google Home app through the settings menu under “Gemini for Home voice assistant.” Google said that Gemini should be able to distinguish between follow-up questions addressed to the chatbot and other conversations happening in a room, but it should be interesting to track how successful that is given the past history of voice assistants unintentionally eavesdropping.

Continued conversation was an option under the Google Assistant platform, but it had more limited availability. Google has been preparing Gemini for Home as a replacement for Google Assistant platform since the fall.

Fraud prevention and user experience have long been treated as opposing forces: tighten security, and you risk alienating legitimate customers; loosen it, and you open the door to account takeovers, synthetic identities, and payment fraud. But modern threat intelligence platforms are dismantling that false choice.

Today’s most effective fraud prevention strategies operate silently in the background, combining dozens of risk signals in real time to block bad actors before they cause damage, without ever asking a legitimate user to jump through an extra hoop.

Security friction is not a neutral tax. Every unnecessary CAPTCHA, every step-up authentication prompt served to a legitimate user, and every false positive that blocks a good customer from completing a transaction carries a measurable cost. Cart abandonment rates spike when checkout flows become cumbersome.

New user registrations drop when signup forms are burdened with verification delays. And customer service costs rise when account recovery processes are opaque or slow.

At the same time, the cost of under-detection is catastrophic. The Association of Certified Fraud Examiners estimates that organizations lose approximately 5% of annual revenue to fraud each year.

Payment fraud, account takeover, promo abuse, and synthetic identity fraud are not edge cases – they are persistent, organized, and increasingly automated. Fraudsters are running bots, rotating proxies, and leveraging credential stuffing toolkits that would make any IT professional’s hair stand on end.

Fraud at Signup: The Battle for Clean Accounts

Signup is the highest-leverage intervention point in the fraud lifecycle. Stop a fraudster from creating an account, and you prevent every downstream attack that account would have enabled — account takeovers, payment fraud, promo abuse, referral fraud, and synthetic identity monetization.

The challenge is that signup is also the highest-volume, highest-visibility touchpoint for legitimate new users, making false positives especially damaging to business growth.

At signup, the signals available to a fraud team are rich but must be evaluated with speed. Email address analysis should go far beyond simple syntax validation.

Is the domain newly registered? Is the mailbox active and deliverable? Has this address appeared in breach databases? Is it associated with a pattern of fraudulent registrations?

Similarly, phone number intelligence should evaluate carrier type (VOIP vs. mobile), line activity, porting history, and whether the number has been flagged across fraud networks.

Fraud at Login: Defending the Account Layer

Login fraud – primarily account takeover (ATO) – represents one of the most damaging attack vectors in digital fraud. Credential stuffing attacks can compromise even accounts with strong original passwords if those credentials have been reused.

The scale of these attacks is staggering: automated toolkits can test hundreds of thousands of credential pairs per hour against a single target, and residential proxy networks make them difficult to block with traditional rate-limiting or IP filtering.

Frictionless ATO prevention requires detecting the anomaly without punishing the legitimate user. Legitimate logins follow recognizable patterns: familiar devices, typical geographic locations, consistent time-of-day windows, normal session velocities.

Deviations from these patterns, even subtle ones, can be powerful risk signals when combined with network and identity intelligence.

Fraud at Checkout: Protecting Revenue at the Finish Line

Checkout fraud sits at the intersection of identity fraud, payment fraud, and social engineering. At checkout, the convergence of identity and transaction signals is most powerful.

The email and phone attached to a new order should be evaluated for consistency with the claimed billing identity. The IP address should be checked not just for proxy use but for geographic consistency with the shipping address.

Device signals should be compared against the account’s login history. Payment instrument intelligence, including velocity across merchants, prior chargeback rates, and card BIN data, adds a financial risk dimension that purely identity-based approaches cannot provide.

How IPQS Operationalizes Frictionless Intelligence

IPQS represents the class of platform-level fraud intelligence tools that operationalize the multi-signal, layered approach described above.

While offering discrete point solutions for IP reputation, email validation, or phone verification, IPQS operates as a unified intelligence platform that evaluates all of these signals through a shared data model and returns composite risk scores optimized for real-time decision-making.

A tiered response strategy maps risk score ranges to response types that are proportional to both the likelihood and severity of fraud at each threshold.

High-risk sessions can be challenged with targeted, lightweight verification, a single tap push notification to a registered device, for example, rather than a full OTP flow. Only the highest-risk sessions, where the composite evidence strongly suggests fraud, should result in hard blocks or declines.

For the vast majority of legitimate users, who will score in the low-risk tier, the experience is entirely seamless. For the small cohort of genuinely high-risk sessions, the additional friction is proportional, defensible, and targeted at exactly the sessions that warrant it.

IPQS provides unparalleled fraud prevention by producing the freshest and richest data available.

We offer real-time fraud prevention solutions with unmatched accuracy through our cyberthreat honeypot network, covering IP, device, email, phone number, and URL scanning worldwide. Our suite of tools provides tight security with customizable scoring settings and a simple fraud score for easy detection.

Book a free fraud consultation with one of our specialists today!

Sponsored and written by IPQS.

In short: Samsung SmartThings and IKEA announced that 25 new IKEA Matter-over-Thread devices can now connect directly to a SmartThings hub without requiring IKEA’s own DIRIGERA hub, with smart bulbs starting at $5.99 that undercut competitors by half. The integration leverages Thread border routers already embedded in Samsung TVs, soundbars, and appliances since 2022, meaning millions of Samsung hardware owners have the infrastructure for Matter devices without knowing it, as the smart home market heads toward 800 million Matter-compatible devices by year end and a projected $537 billion market by 2030.

Samsung SmartThings and IKEA announced on Monday that 25 of IKEA’s new smart home devices can now connect directly to a SmartThings hub using Matter over Thread, eliminating the need for IKEA’s own DIRIGERA hub as an intermediary. The change sounds incremental. It is not. It means a $6 IKEA smart bulb can now join the same system that controls a Samsung television, refrigerator, and washing machine, all communicating locally without cloud dependency, through a protocol that also works with Apple HomeKit, Google Home, and Amazon Alexa. The smart home has spent a decade promising interoperability. This is what it looks like when the promise starts to work at a price point that does not require justification.

The 25 devices span IKEA’s new Matter-over-Thread lineup: KAJPLATS smart bulbs in 11 variants starting at $5.99, GRILLPLATS smart plugs, scroll wheel remotes, smart buttons, a MYGGSPRAY motion sensor at $9.99, a MYGGBETT door and window sensor at $7.99, a KLIPPBOK water leak detector at $9.99, and an ALPSTUGA air quality sensor at $29.99 that measures CO2 and PM2.5 at roughly a quarter of the price competitors charge. The bulbs, plugs, and remotes connect directly to a SmartThings hub through Matter. The sensors require a hub, either IKEA’s DIRIGERA or a third-party alternative. Blind and shade control will be added later this year.

Why this matters technically

The previous integration required both an IKEA DIRIGERA hub and a SmartThings hub, with DIRIGERA acting as a Matter bridge between IKEA’s Zigbee devices and the SmartThings ecosystem. The new devices use Matter natively over Thread, a low-power IPv6 mesh networking protocol that allows devices to communicate directly with any Matter-compatible controller. Samsung and IKEA conducted multiple rounds of validation to ensure connectivity stability and built a dedicated user experience within the SmartThings app for IKEA device management.

The technical significance is in the protocol stack. Matter is the application layer, defining how devices describe themselves, receive commands, and report state. Thread is the networking layer, creating a self-healing mesh where devices act as routers for each other. SmartThings was the first platform to adopt Thread 1.4, which enables cross-brand network unification: a SmartThings hub can join an existing Thread network from another ecosystem, or allow a third-party border router to join its own. The result is that all Thread border routers in a home, regardless of manufacturer, operate as a single unified mesh.

Samsung has been quietly building Thread border routers into an expanding range of hardware. Every Samsung smart TV from 2022 onward, including QLED, Neo QLED, OLED, and Lifestyle models, contains one. So do Samsung soundbars, refrigerators, and washing machines. Millions of Samsung TV owners already have the infrastructure for Matter-over-Thread devices in their homes without having purchased anything specifically for smart home use. IKEA’s $6 bulbs give those TV owners something cheap enough to try.

IKEA’s pricing as strategy

IKEA’s pricing is the most consequential element of the announcement. A KAJPLATS smart bulb at $5.99 undercuts Philips Hue Essential at $15, Nanoleaf Essentials at $12, and Aqara T2 at $15 by half or more. The ALPSTUGA air quality sensor at $29.99 competes with devices from Awair and IQAir that cost more than $100. IKEA has stated that its goal is to make smart home technology “easy to use, easy to understand, and within reach for the many,” and the pricing reflects that ambition with unusual directness.

The strategy is a full-range revamp. IKEA announced 21 new Matter-compatible products in November 2025 and has committed to making Matter and Thread its default smart home protocols going forward. The DIRIGERA hub has evolved from a Zigbee controller to a Matter bridge in September 2024 to a full Matter controller in mid-2025, capable of onboarding devices from other manufacturers. IKEA is not just adding Matter support. It is rebuilding its entire smart home lineup around it.

Jaeyeon Jung, executive vice president of SmartThings at Samsung, framed the partnership explicitly in terms of accessibility: “By connecting IKEA devices to SmartThings, even first-time smart home users can enjoy a familiar and easy connectivity experience without financial burden.”

The state of Matter

Matter launched in October 2022 to considerable enthusiasm and a slow initial rollout. Early devices had reliability and setup issues that undermined the standard’s promise of seamless interoperability. Three and a half years later, the standard has matured. More than 1,000 devices have been certified across Matter 1.0 through 1.2. Matter 1.5, ratified in November 2025, added support for cameras, soil moisture sensors, and energy management. The Connectivity Standards Alliance projects 800 million Matter-compatible devices in use by the end of this year, which it calls the fastest adoption of any home technology standard in history.

The practical effect is that a Matter-certified device now works across Apple, Google, Amazon, and Samsung ecosystems simultaneously without additional configuration. The competition among platforms has shifted from device compatibility, which Matter has made universal, to software quality, AI integration, and user experience. SmartThings, with 430 million users as of January and on track to cross 500 million by year end, 4,700 connected device types, and 390 partners, is positioned as the platform with the broadest hardware integration, given that Samsung embeds SmartThings into televisions, appliances, and wearables.

Apple is expected to make its own significant push into the smart home this year with a touchscreen hub, a HomeKit camera, and smart glasses that function as ambient input devices. Google Home and Amazon Alexa continue to expand their own Matter support. The convergence means users are increasingly choosing platforms for their software and AI capabilities rather than for which devices they can control, because Matter ensures all platforms can control the same hardware.

What it means for the market

The smart home market was valued at $127.8 billion in 2024 and is projected to reach $537 billion by 2030, growing at 27% annually. The primary barrier to adoption has been fragmentation: incompatible protocols, multiple hubs, and the constant risk that a device purchased today will not work with a system purchased tomorrow. Matter addresses the protocol problem. IKEA addresses the price problem. Samsung addresses the infrastructure problem by embedding Thread border routers into products that people buy for reasons that have nothing to do with smart home automation.

The combination of a $6 smart bulb, a universal protocol, and a television that already contains the networking hardware to support it is closer to mass-market smart home adoption than anything the industry has produced in the decade it has spent talking about it. The technology is no longer the constraint. The constraint has been making it cheap enough and simple enough that the average household does not need to understand what Matter, Thread, or a border router is in order to benefit from them. IKEA and Samsung, between them, appear to have solved both problems at once.

from the lying-liars-and-the-lies-they-tell dept

Talk about pathetic.

CBS has announced that the now-Larry Ellison owned network will be hosting a lavish dinner this week praising Donald Trump and his (nonexistent) dedication to the First Amendment. The dinner will be hosted at the United States Institute of Peace in Washington, which the State Department claimed in December 2025 was being renamed “The Donald J. Trump Institute of Peace.”

Truly banana republic type shit.

Oliver Darcy got a hold of the original invite for the dinner, and it’s everything you might expect:

Trump is, as regular Techdirt readers may recall, arguably the worst president in a century when it comes to trampling press freedom, free speech, and the First Amendment. When the administration isn’t trying to destroy comedians for telling jokes about the president, it’s busy crushing whatever was left of public media in the U.S., or threatening the broadcast licenses of networks that do basic journalism.

CBS management doesn’t care about any of that, of course, because it’s owned by billionaire right wing Trump ally, Larry Ellison. And Larry and David Ellison are desperate to have the government sign off on their job-destroying merger between Paramount and Warner Brothers. The Warner Brothers board is voting to approve the deal on the same day as the dinner.

Despite some pretense that the Trump DOJ is doing its due diligence to review the deal, there’s little real doubt that the feds will rubber stamp the transaction. The real question mark rests with a likely antitrust lawsuit from a coalition of state attorneys general to block the transaction.

It’s worth noting that Larry Ellison’s son David couldn’t attend a hearing last week on the massive problems with the Paramount Warner merger due to a purported death in the family (nobody seems able to determine who died), but he was able to make an appearance at Cinemacon a day earlier to make all sorts of empty promises about how wonderful the merger will be:

“David Ellison…made a unexpected appearance at CinemaCon, the annual gathering of theater owners. He took the stage to reassure exhibitors they have nothing to fear, whether it be the new regime at Paramount, or his pending acquisition of Warner Bros.”

They of course have everything to fear. The massive $108 billion in debt from the Warner Brothers deal will inevitably result in mass layoffs, price hikes, and sagging product quality due to the need to cut corners to service the debt. This is before we even talk about the layoffs already happening at CBS.

It’s simply not up for debate: this happens absolutely every single time folks like the Ellisons delude themselves into thinking mass consolidation does anything useful outside of generate tax breaks, drive short-lived stock boosts, and let guys like David Ellison pretend they’re “savvy dealmakers.”

Pre-merger promises about release windows (or anything else) are absolutely meaningless. But with just a handful of people at the top financially disincentivized from learning anything from history (including the three previous disastrous Warner Brothers mergers), the dysfunction just repeats itself indefinitely. We’ve seen merger dysfunction and chaos before, but this one has the potential to outdo them all.

Filed Under: consolidation, corruption, david ellison, dinner, donald trump, first amendment, free speech, journalism, larry ellision, media, mergers, regulators

Companies: cbs, paramount, warner bros. discovery

Motorola has a busy week ahead. The Edge 70 Pro is set to launch in India on April 22, but it looks like that’s not the only device worth watching. Prolific leaker Evan Blass has shared high-resolution render images of the Motorola Edge 70 Pro+, giving you an early look at the more premium sibling, the Edge 70 Pro+ in the lineup.

What colors and finishes is the Motorola Edge 70 Pro+ coming in?

The renders reveal five color options for the Edge 70 Pro+. You’re looking at white, dark blue, light blue (turquoise), brown, and maroon color, along with a curved display and slim bezel. While these aren’t the official names, what makes this more interesting than a standard color drop is the variety of finishes on offer.

The blue and turquoise versions feature a fabric back, the white version gets a marble surface, and the brown variant sports a wood-inspired look. Motorola is clearly focusing more on materials and finishes than on a total redesign in 2026.

The overall design won’t surprise you if you’ve seen other recent Motorola devices, as it closely follows the same aesthetic as the Edge 70 Fusion+ and Moto X70 Air Pro.

What to expect from the Motorola Edge 70 Pro+

The complete specs, price, or launch date for the Motorola Edge 70 Pro+ are still under wraps. Going by the naming, it’s likely positioned as a more powerful version of the Edge 70 Pro. The difference will probably come down to a faster processor and possibly better cameras.

Advertisement

The Edge 70 Pro gives you a solid baseline in the meantime as the phone packs a 6.8-inch 1.5K AMOLED display with a 144Hz refresh rate, a 6,500mAh silicon-carbon battery with 90W charging, and a MediaTek Dimensity 8500 Extreme chip. It also carries IP68 and IP69 certifications.

Both the Edge 70 Pro and Pro+ have appeared on the HDR10+ certification website, confirming richer contrast and better detail in bright and dark scenes. The Pro+ is expected to step things up with a faster processor and improved cameras.

The UK’s online safety regulator has opened a formal investigation into Telegram under the Online Safety Act, examining whether the messaging platform has complied with its duties to protect UK users from child sexual abuse material. It is Ofcom’s most significant enforcement action against a major messaging platform to date.

The UK’s online safety regulator Ofcom has opened a formal investigation into Telegram under the Online Safety Act 2023, examining whether the messaging platform has met its legal duties to protect UK users from child sexual abuse material (CSAM).

The investigation, reported by Reuters, marks a significant escalation in Ofcom’s enforcement of the Act against one of the world’s most widely used messaging services, and a platform that has long drawn scrutiny for its approach to illegal content.

The investigation follows Ofcom’s established enforcement template under the Online Safety Act, which requires user-to-user and search services to assess and mitigate risks of UK users encountering illegal content, including CSAM, and to take it down swiftly when identified.

Ofcom has the power to fine companies the greater of £18 million or 10% of qualifying worldwide revenue for non-compliance, and in cases of serious ongoing non-compliance can apply to a court for business disruption measures, which could include requiring internet service providers to block a platform in the UK.

The opening of a formal investigation does not in itself constitute a finding of wrongdoing. Under the Act’s process, Ofcom first gathers and analyses evidence to determine whether a breach has occurred. If it concludes a compliance failure has taken place, it issues a provisional decision to the company, which then has the opportunity to respond in full before any final decision is made.

The process typically takes several months. The same framework is currently being applied in Ofcom’s ongoing investigation into X, opened in January 2026 following reports that its Grok AI chatbot was being used to generate and distribute sexually explicit images of children.

Telegram’s relationship with UK regulators has been evolving. As recently as December 2024, the platform joined the Internet Watch Foundation (IWF), a UK-based organisation that identifies and removes CSAM, and committed to deploying IWF’s detection tools across public parts of the platform, including hash-matching technology to identify known CSAM and tools to block AI-generated abuse content.

Ofcom’s March 2026 annual review acknowledged that Telegram, alongside X, Discord, and Reddit, had introduced age controls in response to the Online Safety Act.

The new investigation therefore represents a shift: Ofcom, despite that prior progress, has concluded there are sufficient grounds to open a formal probe into whether Telegram’s compliance with the specific CSAM-related duties under the Act has been adequate.

The tension at the heart of the Telegram case is one that has defined debates about the platform for years. Telegram’s architecture is divided: public channels and groups are more accessible to outside detection tools, but the platform’s encrypted private messaging, the feature that has made it popular with activists, journalists, and dissidents in authoritarian states, creates a structural limit on what content moderation is possible.

The NSPCC, in responding to Telegram’s IWF partnership in December 2024, noted the distinction directly: welcoming the step on public content while arguing that “there should be no part of the service where perpetrators can act without detection.”

The Online Safety Act’s provisions on end-to-end encrypted messaging remain the most contested part of the regime, with Signal having previously warned it would withdraw from the UK if forced to scan private messages.

Ofcom has signalled it is not currently minded to mandate client-side scanning.

The investigation comes in a period of sustained regulatory pressure on messaging and social media platforms across the UK.

Ofcom has now opened investigations into nearly 100 services since the Online Safety Act came into force in 2025, issued nearly a dozen fines, and in March 2026 wrote directly to six of the largest platforms, Facebook, Instagram, Roblox, Snapchat, TikTok, and YouTube, demanding evidence of further child safety improvements by 30 April.

The Telegram probe adds a major messaging platform to an enforcement list that, to date, has concentrated more heavily on pornography sites and niche image boards.

Telegram did not immediately respond to a request for comment at the time of the Reuters report. Ofcom has said it will provide updates on the investigation as soon as possible.