Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.

The attacker relies on social engineering to gain the employee’s trust by first flooding their inbox with spam and then contacting them over Teams, pretending to be the company’s IT staff, offering assistance with the unwanted messages.

To obtain access to the target machine, the threat actor instructs the user to start a Quick Assist remote session, which is used to deploy a malicious toolset that includes digitally signed MSI installers hosted in a personal Microsoft cloud storage account.

According to researchers at cybersecurity company BlueVoyant, the malicious MSI files masquerade as Microsoft Teams components and the CrossDeviceService, a legitimate Windows tool used by the Phone Link app.

Using the DLL sideloading technique with legitimate Microsoft binaries, the attacker deploys a malicious library (hostfxr.dll) that contains compressed or encrypted data. Once loaded in memory, the library decrypts the data into shellcode and transfers execution to it.

The researchers say that the malicious library also uses the CreateThread function to prevent analysis. BlueVoyant explains that the excessive thread creation could cause a debugger to crash, but it does not have a significant impact under normal execution.

The shellcode performs sandbox detection and then generates a SHA-256-derived key, which it uses to extract the A0Backdoor, which is encrypted using the AES algorithm.

The malware relocates itself into a new memory region, decrypts its core routines, and relies on Windows API calls (e.g., DeviceIoControl, GetUserNameExW, and GetComputerNameW) to collect information about the host and fingerprint it.

Communication with the command-and-control (C2) is hidden in DNS traffic, with the malware sending DNS MX queries with encoded metadata in high-entropy subdomains to public recursive resolvers. The DNS servers respond with MX records containing encoded command data.

“The malware extracts and decodes the leftmost label to recover command/configuration data, then proceeds accordingly,” explains BlueVoyant.

“Using DNS MX records helps the traffic blend in and can evade controls tuned to detect TXT-based DNS tunneling, which may be more commonly monitored.”

BlueVoyant states that two of the targets of this campaign are a financial institution in Canada and a global healthcare organization.

The researchers assess with moderate-to-high confidence that the campaign is an evolution of tactics, techniques and procedures associated with the BlackBasta ransomware gang, which has dissolved after the internal chat logs of the operation were leaked.

While there are plenty of overlaps, BlueVoyant notes that the use of signed MSIs and malicious DLLs, the A0Backdoor payload, and using DNS MX-based C2 communication are new elements.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Advertisement

Download The Report

For good reason, Dr. Robby (Noah Wyle) is on the verge of quitting again in The Pitt season 2. He’s already due to go on a three-month sabbatical when this hellish Fourth of July shift ends, but now that’s starting to feel like a permanent leave of absence.

In his defence, I don’t blame him. The ER is currently under digital lockdown to prevent a cyber attack, meaning no computer records can be accessed, the number of patients practically doubles every five seconds, and replacement Dr. Al-Hashimi (Sepideh Moafi) isn’t making life easier for anyone.

The organisation is aiming to tap into the growing demand for autonomous agents.

Tech giant Microsoft has announced plans to launch Copilot Cowork, which is a tool based on Anthropic’s popular Claude Cowork. Reportedly, it is part of a larger initiative to take advantage of the growing demand for autonomous agents.

The news comes two months after Anthropic launched its Cowork model, which it described as a “simpler version of Claude Code”. This prompted concerns among those heavily invested in ‘traditional’ software companies resulting in a strong sell-off in US and European software. According to Reuters, Microsoft’s own shares fell nearly 9pc in February.

Currently, ​Copilot Cowork is in the testing phase and will be ​available to early-access ⁠users in later March. The organisation has not disclosed the pricing structure, but has revealed that some usage would be included ​in its $30-per-user, per-month M365 Copilot offering for enterprises.

Jared Spataro, the chief marketing officer of AI at Work at Microsoft said: “Frontier transformation starts with a simple idea: AI must do more than optimise what already exists. It must unlock new levels of creativity, innovation, and growth. And it must show up inside real work, grounded in real context and solve real problems for people and organisations. 

“We’ve found that to do this, the two most important elements are intelligence and trust. Intelligence ensures AI is contextual, relevant and grounded. Trust ensures AI can scale safely, securely and responsibly. Our announcements today (9 March) show how intelligence and trust together turn AI from experimentation into durable, enterprise-wide value.”

Following the reveal of Microsoft’s Copilot Cowork, Forrester vice-president and principal analyst JP Gownder said: “Microsoft’s launch of Copilot Cowork signals a strategic shift in its AI approach, showing the company moving Copilot away from reliance on OpenAI alone and toward a multi-model architecture that includes partners such as Anthropic. 

“The move also highlights the current limitations of Microsoft’s existing Copilot agents: while the company has talked extensively about autonomous ‘agents’, they have so far struggled to take meaningful action compared with newer agentic systems such as Anthropic’s. 

“At the same time, Copilot Cowork clearly taps into the growing hype around Anthropic’s Claude Cowork concept, but significantly extends it by embedding the capability across Microsoft 365 applications rather than keeping it as a desktop-centric tool.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

People can block the xAI’s Grok chatbot from creating modifications of their uploaded images on social network X. Neither X or xAI, both Elon Musk-owned businesses, have made a public announcement about this feature, which users began noticing on the iOS app within the image/video upload menu over the past few days.

This option is likely a response to Grok’s latest scandal, which began at the start of 2026 when the addition of image generation tools to the chatbot saw about 3 million sexualized or nudified images created. An estimated 23,000 of the images made in that 11-day period contained sexualized images of children, according to the Center for Countering Digital Hate. Grok is now facing two separate investigations by regulators in the EU over the issue.

The positive side of the recent feature addition is that X and xAI have taken a step toward limiting inappropriate uses of Grok. This block is a simple toggle and it hasn’t been buried in the UI. So that’s nice.

The negative side, however, is that this token gesture that doesn’t amount to any serious improvement to how Grok works or can be used. It’s great that the chatbot won’t alter the file uploaded by one person, but as reported by The Verge, the block only limits tagging Grok in a reply to create an image edit. There are plenty of workarounds for those dedicated individuals who insist on being able to use generative AI to undress people without their consent or knowledge.

Hopefully xAI has more powerful protective tools in the works. The limitations Grok on putting real people in scanty clothing that X announced in January seem to have had only partial success at best. If this additional and narrow use case is all the company offers, then the claims of being a zero-tolerance space for nonconsensual nudity are going to ring hollow. Especially since, as we noted at the time, xAI could stop allowing image generation at all until the issue is properly and thoroughly fixed.

More than half a century after astronauts last left footprints on the lunar surface, humanity is preparing to return to the moon. The excitement surrounding NASA’s Apollo program once captivated the world, and now NASA hopes to rekindle that same sense of wonder with its modern lunar effort, the Artemis program.

NASA’s Artemis II launch is scheduled for the first week of April. It’ll be the first human mission to the moon since 1972, and it should be quite the achievement for the Artemis program. Now, NASA has released a new tool that lets the public track Artemis II in real time.

The Artemis program is NASA’s long-term effort to return humans to the moon and establish a sustained presence there for the first time since the Apollo program. The program aims to land astronauts near the lunar south pole, develop new technologies for long-term exploration and use the moon as a stepping stone for future missions to Mars.

The Artemis Real-time Orbit Website, dubbed AROW, is already available to the public, although there isn’t much to see since the launch is still a few weeks away. It’s also available directly from the NASA app if you’re using a mobile device. The site lets the public visualize data collected by sensors on Orion and sent to the Mission Control Center at NASA’s Johnson Space Center in Houston.

The website is simple to navigate. You’ll see a visual representation of Artemis II’s progress, including its speed, distance from Earth and distance to the moon. Mobile app users get all of the above, along with an extra augmented reality tracker that lets you point your phone at the sky and see where Artemis II is relative to your position on Earth. It works much like Google Star Map and other stargazing apps that use similar technology. 

According to NASA, tracking will be available once the Orion capsule separates from the rocket’s upper stage, which is expected about 3 hours after the upcoming April launch. The site will then update its information in real time for the entire 10-day mission.

NASA is also making flight data available for download so that people interested in creating their own content, such as visualizations or tracking apps, can do so. The data will include all sorts of things, including state vectors, which are data that “describe precisely where Orion is located and how it moves.” That same data will be used by NASA to study Orion and make improvements for future Artemis missions. 

An exact launch date for Artemis II hasn’t been set, but the agency plans on launching the mission no earlier than April 1. The launch was originally scheduled for February, but it was delayed multiple times due to a hydrogen leak and a helium flow issue. NASA says it has since fixed both issues.

from the such-a-waste-of-time dept

On Wednesday of last week, I wrote a post about how the Trump administration had quietly given up defending its unconstitutional executive orders targeting law firms. The DOJ was dropping its appeals, the firms that fought had won, and the firms that capitulated—led by Paul Weiss and their nearly $1 billion in groveling pro bono commitments—were left holding a very expensive bag.

What I did not realize, because this administration launches new absurdities faster than any human being can reasonably track them, was that the day before I published that piece (but about the time I was writing it), the DOJ had already filed a motion to take back its voluntary dismissal. And then, by Friday, the DOJ had filed a full appellate brief seeking to overturn all four district court rulings that struck down the executive orders.

So, to recap the timeline here: On Monday, the DOJ told the DC Circuit it was voluntarily dropping its appeals. All four law firms agreed. Done deal. On Tuesday, the DOJ filed a motion to withdraw its own voluntary dismissal. On Wednesday, I published an article mocking the administration for giving up. On Friday, the DOJ filed a 97-page opening brief arguing that the executive orders were “well within the Presidential prerogative.”

My only defense for coming in a day late is that covering this administration in anything close to real time is effectively impossible.

Let’s start with the procedural absurdity before we get to the substance—because the procedural absurdity is really something.

The motion to withdraw the voluntary dismissal is a remarkable document, mostly for how little it says. The entire operative section is barely over a hundred words. After all parties had agreed to the dismissal, the DOJ simply asked to take it back, offering no explanation whatsoever. The law firms’ collective response, included in the filing itself, was about as polite as you’d expect:

“Plaintiffs-Appellees oppose the government’s unexplained request to withdraw yesterday’s voluntary dismissal, to which all parties had agreed. Under no circumstances should the government’s unexplained about-face provide a basis for an extension of its brief.”

“Unexplained.” That word does a lot of heavy lifting. The DOJ’s motion doesn’t even try to explain why it changed course. There’s no “upon further reflection” or “new developments have arisen.” Just: forget what we agreed to yesterday, the court hasn’t formally granted the dismissal yet, so we’d like to un-dismiss please.

As of this writing, the court hasn’t ruled on that motion. But the DOJ apparently decided not to wait around and went ahead and filed its full appellate brief on Friday anyway.

The opening paragraph of the DOJ’s appellate brief is genuinely one of the more audacious things I’ve read in a legal filing, and I say that as someone who reads a lot of legal filings:

Courts cannot tell the President what to say. Courts cannot tell the President what not to say. They cannot tell the President how to handle national security clearances. And they cannot interfere with Presidential directives instructing agencies to investigate racial discrimination that violates federal civil rights laws.

Let’s focus on those first two sentences, because they reveal something important about how the administration is framing this case—and how badly they’re getting the First Amendment backwards.

“Courts cannot tell the President what to say. Courts cannot tell the President what not to say.”

Well, sure. In the most general sense, that’s true. The president can stand at a podium and say whatever he wants. He can say mean things about law firms. He can call them names on social media. He can go on television and express his displeasure with their client choices. That’s all government speech, and it’s all fine.

But that’s… not what happened here. What happened here is that the president issued executive orders imposing concrete sanctions on specific law firms—revoking security clearances, directing the termination of government contracts, restricting access to federal buildings, banning the hiring of their employees—because those firms represented clients the president didn’t like and employed lawyers who had been involved in investigations the president found personally disagreeable.

The brief tries to frame the courts’ injunctions as an attempt to “silence” the president. But nobody is trying to silence the president. The president can talk about these law firms every day from now until the world ends. What the courts said—four separate times—is that the president cannot use the machinery of government to punish law firms for their constitutionally protected legal advocacy. There’s a rather fundamental difference between speech and sanctions, and pretending not to understand that difference is doing a lot of work in this brief.

This gets at something we talk about regularly here at Techdirt: the First Amendment is a restraint on government power. It prevents the government from using its authority to suppress or punish private speech. When the DOJ frames this as courts trying to control the president’s speech, they’ve got the vector of the First Amendment claim pointing in exactly the wrong direction. The law firms aren’t saying the president can’t talk. They’re saying the president can’t retaliate against them for their own protected speech and advocacy. Those are two wildly different things.

The brief actually cites NRA v. Vullo, the 2024 Supreme Court case that we’ve written about a few times. For those unfamiliar, that case involved New York’s former superintendent of financial services, who was accused of using her regulatory power to coerce financial institutions into cutting ties with the NRA because she disagreed with the NRA’s advocacy. The Supreme Court held—unanimously—that government officials using their regulatory authority to punish or suppress disfavored private speech can violate the First Amendment, even if the official frames their actions in terms of legitimate regulatory interests.

The DOJ cites Vullo in the context of arguing that the district courts went too far in enjoining “future actions” based on Section 1 of the executive orders, quoting the district court’s ruling in favor of one of the law firms (Jenner & Block) favorably:

Significantly, even the district court in Jenner recognized this. That court declined to “enjoin future actions taken pursuant to Section 1,” because “Section 1 does not direct any action.” JA2205–06. But “shorn of its enforcement mechanisms, Section 1 is nothing more than the Executive Branch ‘saying what it wishes.’” Id. (quoting Nat’l Rifle Ass’n of Am. v. Vullo, 602 U.S. 175, 187 (2024)). “Jenner has no more right to silence the Executive Branch than the Executive Branch has to silence Jenner.” Id. That is because Section 1 is “government speech.” Id. Despite Jenner’s repeated request to enjoin Section 1 in the abstract, the district court correctly recognized that “[n]either standing doctrine nor equity generally permits such judicial prophylaxis.” JA2207. Thus, “[w]hether best viewed as a shortcoming of standing, ripeness, or” the lack of any basis in equity, “the guesswork entailed in enjoining all future uses of the sentiments expressed in Section 1 would exceed the Court’s proper role.”

The problem is that Vullo actually undercuts their entire argument. The point of the Vullo framework is that when government speech is coupled with government action designed to punish disfavored private expression, the combination can be unconstitutional coercion. The administration wants to unbundle its speech from its sanctions and defend each in isolation—”Section 1 is just government speech.” That’s precisely the move Vullo says you can’t get away with.

Meanwhile, I have to call out that the same people who argued in the Murthy v. Missouri case that any government speech criticizing private companies constituted a de facto First Amendment violation are now arguing “well, this paragraph was just speech, not retaliatory, so leave it alone.”

The brief also contains a line that should make Paul Weiss and others in the capitulation crowd feel especially great about their choices:

In recognition of those problems, many law firms agreed to address their practices and commit to providing pro bono work in the public interest.

The brief then helpfully lists them in a footnote in case anyone forgot which capitulating law firms to shun:

Allen Overy Shearman Sterling, Cadwalader, Kirkland & Ellis, Latham & Watkins, Milbank, Paul Weiss, Simpson Thacher, Skadden, and Wilkie Farr & Gallagher.

The DOJ is literally using the capitulation of those firms as evidence that the executive orders were reasonable and justified. “See? These firms agreed with us!” The firms that folded bought themselves a supporting role in the government’s brief arguing for the constitutionality of retaliating against law firms. Congratulations! Great job lawyering, guys.

Meanwhile, the four firms named in the brief who fought—Perkins Coie, Jenner & Block, WilmerHale, and Susman Godfrey—are named as parties who “instead filed suit.” See? Capitulating is the only proper move to this DOJ. Standing up for your own constitutional rights deserves punishment.

The heart of the filing is that opening framing. “Courts cannot tell the President what to say.” And the response to that is simple: nobody’s trying to. What courts can do—what they’re required to do under the First Amendment—is tell the president he cannot use executive power to punish private parties for their constitutionally protected advocacy. The fact that the DOJ appears unable or unwilling to understand this distinction tells you everything about the strength of their legal position.

As I noted last week, the administration’s decision to initially drop these appeals suggested that even a DOJ willing to argue almost anything looked at these cases and concluded it couldn’t win. The un-dropping and subsequent brief don’t change that calculus. While the DOJ offered no explanation for its reversal, the timing strongly suggests someone higher up didn’t like the press coverage of them folding and decided the political upside of continuing to threaten the legal profession outweighed the legal downside of losing again. Which, if you think about it, proves exactly what the law firms argued from the start: this was always about intimidation, never about law.

The firms that folded will keep being cited in government briefs as proof that the intimidation campaign was justified.

That’s the tax you pay for cowardice: your surrender becomes someone else’s evidence.

Filed Under: 1st amendment, doj, free speech, law firms, vullo

Companies: jenner and block, kirkland & ellis, latham and watkins, milbank, paul weiss, perkins coie, skadden, susman godfrey, wilkie farr, wilmerhale

Spend about ten minutes walking the floor at CanJam NYC 2026 and something becomes painfully obvious: wired IEMs are not quietly fading away into the Bluetooth sunset. If anything, they’re staging a very loud comeback. That only their users can hear but you understand where I’m going with this.

We counted roughly three dozen IEM brands showing new models this year and not just niche boutique outfits either. Meze Audio, Campfire Audio, Noble, 64 Audio, Astell&Kern, FiiO, Melody, Final DUNU, and a handful of smaller boutique builders were all pushing new wired designs that ranged from “somewhat affordable” to “this probably requires a second mortgage.”

This is happening at the exact same moment society has fully embraced streaming and wireless convenience. Walk down any street, get on the subway, or sit in a coffee shop and you’ll see the same thing: people glued to their phones with AirPods, Sony, or Bose wireless earbuds jammed in their ears while Spotify algorithmically decides what they should listen to next. Convenience won that war years ago.

But here’s the part that makes the CanJam floor so interesting. Despite the dominance of wireless listening, there appears to be a growing group of listeners who still care about sound quality enough to deal with the dreaded cable. And unlike full size headphones, wired IEMs solve a problem that a lot of audiophile gear doesn’t: they’re small, portable, and actually practical to carry around.

Pair them with one of the many dongle DACs or portable DAC/amps that have flooded the market over the past few years from companies like FiiO, Questyle, iFi, and Astell&Kern, and suddenly you have something that delivers far better sound than most wireless earbuds while still fitting in your pocket.

So yes, the rest of the world may be happily living in a wireless ecosystem fueled by streaming and convenience. But if the crowds around the IEM tables at CanJam NYC 2026 were any indication, there are still plenty of people willing to deal with a cable if it means their music actually sounds better.

And based on the sheer number of new wired IEMs launching right now, manufacturers seem to think that number is growing — not shrinking.

Which raises an uncomfortable question for the wireless everything crowd:

What if wired IEMs never actually went away? They just waited for everyone to remember what better sound actually feels like.

A Wall of IEMs: More Choice Than Ever for Listeners

I’ve never been the world’s biggest IEM fan. The whole “shove this into your ear canal and enjoy” concept never really worked for me. Some people swear by it. I usually spend the first five minutes wondering why my ears feel like they’re being fitted for dental molds.

The over-ear cable loop was always the least offensive part of the experience. It kept things relatively secure and avoided that lovely moment when someone brushes past you on a train platform or airport concourse and suddenly your headphones are being violently introduced to Newton’s laws of motion. Anyone who owned early fixed-cable IEMs knows the feeling: one snag, one sharp tug, and that cable is done.

So a sincere thank you to whoever finally realized detachable cables were not a luxury feature but basic survival equipment. The pro audio world figured that out decades ago. You can’t exactly be onstage in front of 90,000 people and have your monitor connection disappear because someone stepped on a cable. Robust connectors and replaceable cables were inevitable — and long overdue.

Yes, wireless will replace most of this eventually. Convenience tends to win those battles. But what makes IEMs fascinating in 2026 isn’t the cable debate — it’s the sheer level of innovation packed into something smaller than a pinky ring. Balanced armatures, planar drivers, electrostatic elements, hybrid designs mixing multiple technologies, and configurations that stack five, eight, ten drivers or more inside a headshell that looks like it belongs on a piece of jewelry.

It’s absurd engineering in miniature. And judging by what we saw at CanJam NYC 2026, the people building these things are just getting started.

One of the reasons we brought columnist Aaron Sigal back to cover wired and wireless IEMs is simple: the traffic is there. The demand is there. Our recent reviews of the Campfire Audio Andromeda 10, DUNU DN142, Apos x Community Rock Lobster, SIVGA Nightingale Pro, and Beyerdynamic DT 7x IE Series have all pulled in highly focused readership. Not casual drive by traffic either. The kind of readers who actually care about what driver configuration is inside the shell and whether the tuning leans reference or warm.

Is a lot of that coming from the Head-Fi crowd? Maybe. They can circle the wagons and argue endlessly about tips, cables, and impedance curves like it’s a graduate seminar in ear canal acoustics. But the interest is real, and the traffic numbers back that up.

Walking the floor at CanJam NYC 2026 made that even harder to ignore. There were so many tables dedicated to wired IEMs that it almost discouraged me from trying to cover them all. Full size headphones are still where my personal interest leans, and frankly that’s where a lot of our readers tend to focus as well. But the reality on the show floor told a different story.

The IEM tables were packed. Constantly.

Yes, the entire show was a sea of people moving from booth to booth, but the crowds hovering over those tiny display trays full of in ear monitors never really thinned out. People waiting for a chance to listen. Swapping tips. Plugging into portable DACs. Comparing notes.

Based on what we saw, it’s hard to imagine that the companies building wired IEMs didn’t have a very good weekend in New York. There’s just no way those tables were that busy if nobody was buying.

So here’s the question for readers.

Do you actually use wired IEMs? And if you do, why?

Is it about sound quality? Portability? Isolation on planes and trains? Or are you pairing them with a dongle DAC or portable player because you simply refuse to let Bluetooth compression have the final say in how your music sounds?

And let’s address the elephant sitting in the display case: price. The number of wired IEMs that now cost well into the thousands of dollars is…kind of insane. Universal or custom, it doesn’t seem to matter anymore. Some of these models cost as much as a very good stereo system or a pair of flagship headphones.

Does that discourage you? Or do you see them as the most practical way to get reference level sound in a portable format?

We’re genuinely curious where people land on this.

Related Reading:

Data brokers are more active than ever, and it’s not stopping anytime soon. On the contrary, as the digitalization of our lives proceeds, they have more information to collect from public records, marketing databases, scraped web content, or different third-party sources. Then, they can sell it for advertising, profiling, and background checks, among other purposes. Not to mention fraud and identity theft.

The best way to approach this issue is by working with a professional data removal service. And in this space, two names often come up – Incogni and Optery. If you’re comparing, you’re likely asking: Does it really work? Is it legitimate? And which one is better?

The comparison below will walk you through differences without hype, just structure and substance.

Incogni vs Optery at a Glance

Removal Model

The structural difference is pretty clear: Incogni focuses on continuous suppression, while Optery centers on visible exposure management with plan-dependent automation depth.

Broker Coverage

Broker count alone is, of course, essential, but it doesn’t tell the full story; the type of brokers matters as well, if not more.

Incogni reports outreach to more than 420 brokers, including both public people-search websites and private databases involved in marketing, recruitment, background checks, and profiling. Many private brokers operate behind the scenes, don’t provide searchable listings, and are hard to reach for an individual. But addressing these entities targets the backend of the data trading environment directly.

Optery advertises coverage of up to 640+ brokers. However, maximum coverage requires higher-tier plans. Its tools are especially effective with public-facing sites, where listings can be easily identified and tracked. There’s not much Optery does with private brokers.

So, even though Optery may seem to have broader coverage, Incogni’s inclusion of private databases suggests deeper suppression.

Long-Term Performance

A removal service is only as strong as its follow-up system.

The problem of data reappearance is very common in the industry. Databases refresh regularly, and deleting your personal information once doesn’t guarantee that it won’t come back.

Incogni’s requests rely on applicable privacy laws and regulations where possible, and then the service follows up on non-responsive brokers and continuously monitors the web for your data. The whole process was independently assessed by Deloitte, which confirmed it works as promised.

Optery’s effectiveness is evident in public listing removals. In this case, users can easily confirm deletion and monitor progress through the dashboard. Ongoing protection and monitoring are available but depend on the subscription tier. If your concern is mainly with the public visibility of your data, Optery will be fine. 

However, for users seeking long-term, diverse protection, Incogni will bring better effects.

Pricing

Pricing Breakdown: Incogni (2026)

Incogni keeps its pricing structure clear and simple, focusing on automation and comprehensive removal.

Incogni doesn’t fragment its access across tiers – its base plan already includes its entire broker coverage as well as the recurring removal system. No free options are available, but there is a 30-day money-back guarantee for risk-free testing. Family plans expand coverage to more people in a bundle.

For American users, Incogni also offers the Protect plan, which combines its services with NordProtect – it costs $41.48/month or $20.74/month when billed annually.

Additionally, you will find Incogni in the Surfshark One+ bundle, with prices starting at $4.19/month when billed biannually.

Pricing Breakdown: Optery (2026)

Though the number of plans is similar, Optery’s pricing structure is more tiered and modular.

Optery offers a free option that includes an exposure report with dashboard access, links, and screenshots, but no automated removals. The next plan, Core, adds automated removals for a limited set of brokers. The Extended tier expands coverage and adds recurring reports with screenshots. With the top tier, Ultimate, you can reach the highest number of sites – 640+ or 400+ without enabling Expand Reach. You also get unlimited custom removals and quarterly detailed reporting.

Transparency and Reporting

Both services provide their users with dashboards, but the focus differs significantly.

Incogni tracks removal requests, responses, and status updates. As a lot of private brokers don’t publish their listings, screenshot-style confirmation isn’t always possible. Transparency centers on process reporting and tracking.

Optery highlights exposure visibility. You will see the discovered public listings, often with links or screenshots that provide clear confirmation. This approach is especially (and only) useful in the case of public-facing data.

Reputation

Incogni underwent Deloitte’s limited assurance assessment, which confirmed that its processes all work as described. This type of third-party verification is extremely unusual in this industry. Moreover, its Editors’ Choice awards from PCMag and PCWorld, alongside reviews from authorities like TechRadar and Cybernews, make it a strong contender in the privacy protection space.

Optery, on the other hand, doesn’t have any independent verification, but it has been reviewed by industry authorities like PCMag and TechRadar that praise its visibility-focused approach. 

Final Words: Incogni For the Win in 2026

Both Incogni and Optery can be valid data broker removal service choices in 2026. It all depends on what you need.

Optery is strong if you want insight into publicly visible listings and seek visual confirmation of removals.

However, in this 2026 comparison, Incogni ranks as the stronger overall data removal service. This is particularly because of its sustained backend suppression and verified operational processes that were also recognized by industry authorities. 

FAQ