President Trump’s highly politicized appointment of an entirely unqualified acting Director of National Intelligence (DNI) underscores why the government’s warrantless mass spying power must be reformed.
Congress now faces a deadline of Friday, June 12 to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, an unconstitutional program rife with problems, loopholes, and compliance issues. Section 702 allows the National Security Agency to collect communications from targets overseas – including communications with Americans in the U.S. – and stores them in massive databases. The NSA then allows other agencies, including the Federal Bureau of Investigation, to access untold amounts of that information.
Under current practice, the FBI can query and even read the U.S. side of that communication without a warrant. What’s more, victims won’t even know and have very few ways of finding out that their communications have been surveilled. EFF and other civil liberties advocates have been trying for years to know how data collected through Section 702 is used in domestic investigations and prosecutions.
Our advocacy to reform Section 702 has been consistent across administrations, including when the federal Intelligence Community was run by people with experience in the relevant agencies. In fact, the 2004 law creating the position of DNI – which coordinates America’s 18 spy agencies – requires those who hold it to have “extensive national security expertise.”
“William has deep experience managing the most sensitive matters in America, the safety and soundness of the Markets, and over 10 Trillion Dollars at Fannie Mae/Freddie Mac, a substantial increase from where it was just 12 months ago,” Trump wrote on his Truth Social platform.
Pulte isn’t a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes.
Because Trump named him acting DNI, Pulte isn’t subject to Senate confirmation. And under the Vacancies Act, Pulte could remain in the role for about seven months.
This is particularly concerning because of Pulte’s history of using private information held by the government as a political weapon. In his FHFA role, he has accused several of the President’s political foes and targets – including New York State Attorney General Letitia James, U.S. Sen. Adam Schiff, D-Calif., and Federal Reserve governor Lisa Cook – of mortgage fraud based on private data held by his agency.
All these targets and others have denied wrongdoing. A federal criminal complaint filed against James in Virginia imploded after a judge found prosecutor Lindsey Halligan had been unlawfully appointed, and prosecutors twice failed to convince a grand jury to indict James. Pulte’s accusations against Schiff, Cook, and others have not led to criminal charges.
Pulte isn’t a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes. As acting DNI, Pulte would have access to every scrap of classified information the Intelligence Community holds, and under Section 702, that includes massive amounts of information about Americans.
Even lawmakers who are typically friendly to the intelligence community acknowledge that this is a disaster in the making. U.S. Sen. Mark Warner, D-Va., who is the Senate Intelligence Committee’s ranking Democrat, told NPR that Pulte has “no experience in the military, no experience in Congress, no experience in the intel community or law enforcement” and was chosen because he is “100% loyal to doing anything and everything President Trump demands.”
And Senate Majority Leader John Thune, R-S.D., told reporters “we don’t need a weaponized” national intelligence director. Asked about fears that Pulte might pursue Trump’s political opponents, Thune said: “We need professionals there.”
Congress already has had trouble reauthorizing Section 702 as Freedom Caucus Republicans and many Democrats joined forces to demand reforms including the common-sense requirement that federal agencies get a probable cause warrant from a judge before searching any data involving Americans. Pulte’s appointment exemplifies why no administration should have the power granted by Section 702 without the independent judicial review required in seeking a warrant.
Governments must not adopt emerging and powerful AI technologies without also adopting strong and clear safeguards to protect Constitutional rights, EFF Senior Policy Analyst Dr. Matthew Guariglia testified today to the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
During the hearing on “The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience,” he explained that he use of generative AI for the purposes of mass government surveillance would supercharges unconstitutional violations of civil liberties. He also highlighted how government secrecy, in addition to the black box of for-profit proprietary technology, prevents the public and lawmakers from knowing when AI models make mistakes, including errors that seriously impact the cybersecurity of critical infrastructure and the lives of individuals.
“AI also has a track record of getting things wrong—from false citations on legal briefs to a major AI mistake that sentDHS recruits to the field without proper training. There are likely more consequential examples that we do not even know about because of classification that would prevent a more thorough accounting,” he said in his opening remarks.
“At this level the question is not how do we rein in AI, it’s how do we rein in the agencies that would unleash AI on the American public,” Matthew said in response to a question by Subcommittee Ranking Member Delia Ramirez, D-Ill.
Meta has deployed facial recognition code to millions of their always-on surveillance glasses, according to new reporting by Wired. EFF’s Threat Lab was able to confirm that the facial recognition code is present through static analysis of the application.
This dangerous new Meta functionality stores faceprints as a series of 2,048 numbers uniquely representing the positioning of a person’s facial features. When this feature is activated, it will convert every new face in the sightlines of the surveillance glasses into a series of numbers, and compare it to all the existing faceprints in the user’s database.
Wired and EFF confirmed that the code is present and active, though not yet exposed to consumers. Another researcher confirmed that when they manually added a face to the app database by connecting the phone to a computer in debug mode and issuing a few commands, the glasses would subsequently detect that face when it came into view.
Meta has already paid $650 million to settle a BIPA lawsuit challenging mass facial recognition of every photo posted to its platform, a feature which it has since shut down.
Despite the billions of reasons not to, Meta seems to have created the capacity to turn their customers into a distributed surveillance machine. This is just one more reason to think twice before buying or using Meta’s surveillance glasses.
Considering that Meta previously wrote in an internal document that they want to launch facial recognition “during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns,” this invasive new feature doesn’t come as a surprise. But Meta’s surveillance plans won’t escape public scrutiny that easily, and we’ll be watching if this feature is rolled out to the public.
In early 2025, in a move that was “likely unconstitutional,” the Trump administration, via Elon Musk’s Department of Government Efficiency (DOGE), dismantled the U.S. Agency for International Development. As a result, over 80 percent of USAID programs—around $60 billion overall—were eliminated. According to the United Nations, the United States was the single largest aid donor in the world and supplied more than 40 percent of the global aid that the agency tracked in 2024. Almost overnight, the bulk of it went away—and now, as news of worsening Ebola outbreaks continues to come out of central Africa, we are beginning to see the consequences.
Just days before the kickoff of the 2026 World Cup, cybersecurity experts are raising the alarm over a massive, highly sophisticated surge in digital fraud targeting soccer fans worldwide, offering them fake tickets, nonexistent travel packages, counterfeit merchandise, suspicious betting apps on websites impersonating FIFA.
The tournament, which has drawn unprecedented global interest, has become the “perfect bait” for opportunistic hackers and criminal syndicates, according to David Gonzalez Cuautle, the awareness and research manager at the cybersecurity firm ESET.
“Cybercriminals tend to operate in seasons and with specific themes,” Gonzalez Cuautle said in an interview with OCCRP, adding that the World Cup presents a uniquely lucrative opportunity for bad actors to cast a wide net.
The scope of the threat is vast. Experts warn that fans are navigating a digital minefield that includes fake tickets and nonexistent VIP travel packages, counterfeit merchandise sold through spoofed vendor portals, suspicious betting applications designed to harvest financial data as well as fraudulent streaming apps that install spyware or malicious code onto devices or imposter websites meticulously designed to mirror official FIFA platforms.
The scale of the digital counterfeiting is staggering. By 2025, specialized cybersecurity firms had already detected roughly 4,300 fake domains tied to the tournament. The threat reached such a critical level that in late May, the Federal Bureau of Investigation issued a formal alert warning the public that “cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in advance of the 2026 FIFA World Cup.”
To lure unsuspecting fans, scammers are registering domains that incorporate words associated with FIFA, paired with seemingly legitimate extensions like .online, .shop, .store, or .football.
The tactics are also becoming increasingly localized.
“Now we are seeing that different languages are also starting to gain ground on these websites, which suggests that it could be done regionally,” Gonzalez Cuautle noted. While local cyber police forces are tasked with analyzing and tracing these pages, the perpetrators often remain steps ahead.
“It’s important to understand what the scammers do,” he explained. “Sometimes they use pseudonyms or disposable email addresses, so they can generate a temporary email and use that to register the website. That email is difficult to trace.”
The financial toll of purchasing a nonexistent ticket is only the beginning. For many victims, the true cost of the fraud is the permanent compromise of their digital identities.
In a recent exercise, ESET researchers analyzed a sample of fake World Cup websites and discovered that at least ten of the reported portals were not merely momentary cash grabs. Instead, they functioned as sophisticated data-harvesting operations, quietly siphoning banking credentials and valuable personal information from the user.
Mobile users face similar perils. Fraudulent applications masquerading as sports broadcast portals or betting platforms often request excessive device permissions, allowing them to install malicious code or actively spy on the user.
Perhaps most alarmingly for consumers, standard markers of internet safety are no longer reliable. Gonzalez Cuautle warned that the familiar security padlock icon in web browsers—traditionally a guarantee that a site’s communication is encrypted and its identity certified—is no longer enough to determine whether a page is legitimate.
Readers may notice that there is an unusually heavy amount of animal-related art and writing in this magazine compared to many others. From our famous “Smoking Cat” cover to our extensive coverage of factory farming, this is a publication overflowing with animals. I’d like to briefly explain why.
Indonesia’s anti-graft agency detained Deputy Minister of Immigration and Correctional Affairs Silmy Karim and seven other officials on Thursday over allegations of extortion and accepting illicit gratuities.
According to the national news agency Antara, Karim was held after more than 10 hours of questioning in Jakarta regarding his tenure as immigration director-general from January 2023 to October 2024. Investigators allege he extorted foreign nationals seeking residence permits during that period. All eight suspects will face an initial 20-day detention as the investigation proceeds.
“In the age of misinformation, the line between fact and fiction is blurrier than ever.”
“For those of us working in video news, verification isn’t a nice-to-have. It’s a necessity. It is how we protect the stories we help shape and how we earn and maintain trust in an increasingly chaotic information ecosystem,” Abu Dhabi-registered video news agency Viory posted on LinkedIn on April 9, 2026, offering training to help newsrooms and journalists sort fact from fiction.
The self-described “video news agency of the Global South” has delivered journalism training to multiple national press agencies across Africa, Asia and the Middle East.
However, when it comes to Viory itself, the line between fact and fiction is very blurry indeed.
Bellingcat has found multiple links between the digital infrastructure of Viory and Ruptly news agency, a branch of sanctioned Russian propaganda outlet Russia Today, including shared IP addresses, a Viory-linked site using a digital security certificate registered to Ruptly, and Ruptly sending site performance data to Viory. While there have been previousreports on suspected links between the two outlets, our investigation adds new evidence about Viory’s ties to Ruptly media.
When contacted for comment, both Viory and Ruptly denied any connection with each other.
Composite Image created by Bellingcat.
‘Video News Agency of the Global South’
Viory’s main offering is raw video footage of news events provided via subscription. According to Viory, its clients include “major international news outlets, local media organisations, and independent creatives in more than 170 countries”.
If its own figures are to be believed, Viory was strikingly well established at its launch in November 2023, by which time it claimed to have a “pre-assembled team of over 150 full-time staff, and an established network of over 3,000 video journalists across the world”.
The name “Viory” is a trade name. The company’s legal name is Darpo Vision FZ LLC, according to its website, which also states that it is registered in Abu Dhabi. In August 2024, Darpo Vision FZ LLC filed for a trademark in the US for the name Viory, which was approved in December of 2025.
As of May 2026, Bellingcat found press releases and news reports referencing at least 30 agreements between Viory and partners in more than 22 countries, as well as cooperation agreements with government agencies, training agreements with universities and regional journalism bodies.
Ruptly is a video news agency formerly based in Berlin and ultimately controlled by Russia Today (RT), which is owned by Russian state media company ANO TV-Novosti. ANO TV-Novosti has been on the EU sanctions list since December 2022 for spreading “pro-Kremlin propaganda and disinformation” and supporting Russia’s war against Ukraine.
RT launched Ruptly, which operated in Berlin via a German-registered subsidiary in 2013, with the goal of “becom[ing] the go-to alternative resource in a highly concentrated market of professional news video footage, and to deliver coverage of stories that other agencies miss.”
Sanctions imposed on RT following Russia’s 2022 invasion of Ukraine choked off Ruptly’s source of funds in Germany, leading the German company to begin insolvency proceedings in October 2024. Ruptly continues to operate from Moscow as of 2026.
As with Viory, Ruptly’s main offering is providing raw news footage to subscribers around the world. It relies on a large network of international freelancers and stringers. In 2016 RT claimed that Ruptly had “surpassed” newswire services AFP and Reuters on YouTube, and was serving more than 600 media organisations in 45 countries.
Felix Huesmann of the German outlet RedaktionsNetzwerk Deutschland (RND),was the first to outline links between Ruptly and Viory while covering the insolvency proceedings of Ruptly. He found that Darpo Vision’s original details on the Abu Dhabi Creative Media Authority’s site included an email address d.toktosunova@gmail.com. It has not been confirmed who this email address belongs to; however, the username matches the first name initial and surname of Dinara Toktosunova, the managing director of Ruptly. When asked about this email address by Huesmann in 2024, Ruptly “explained that Toktosunova is focused on securing the future of the Ruptly team [in Moscow] and is not working anywhere else as a managing director.”The activist group, OSINT For Ukraine, also outlined links between Ruptly and Viory, including the movement of multiple key staff between the two organisations and strong similarities between the two organisations’ platforms and content.
Darpo Vision’s Security Certificate
The legal entity behind Viory, Darpo Vision, was set up in one of Abu Dhabi’s free zones – special economic areas that have business-friendly incentives such as tax exemptions and that allow 100 percent foreign ownership. The free zones also offer what some describe as high levels of “corporate privacy,” which others assert has created a haven for shell companies and opaque corporate structures.
Darpo Vision initially had its own web domain, darpo.vision. The site has since been removed. Whois records show that the domain was registered by Darpo Vision FZ LLC in December 2022 to a PO Box in Abu Dhabi, using a Russian domain name registrar and a Moscow phone number.
Initially, Darpo.vision had its own Secure Sockets Layer (SSL) certificate – a digital certificate that authenticates a website’s identity, allowing it to secure and encrypt data. However, VirusTotal data shows that as of at least June 2024, darpo.vision was using a wildcard SSL certificate registered to ruptly.video. A Wildcard SSL certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure a single domain and multiple subdomains. You can see historical SSL certificates for darpo.vision.
James Wilson, a software and networking engineer with 20 years of experience and currently Enterprise Technology editor at Risky Business Media, told Bellingcat that to prevent unauthorised use or forgery of SSL certificates, a private key is needed to create and use a wildcard certificate across multiple domains.
“The fact that darpo.vision was using a wildcard SSL certificate for ruptly.video indicates that whoever was running darpo.vision also had access to the private key for ruptly.video’s SSL certificate. Normally, only the people operating Ruptly’s web hosting infrastructure would be likely to have access to that,” Wilson explained.
When asked by Bellingcat about whether there were alternative possible explanations, Wilson suggested that it was theoretically possible that someone may have hacked Ruptly and stolen their private SSL key.
“However, using that wildcard SSL certificate on a domain that didn’t match the wildcard in the certificate defies explanation as the browser would alert the user to the certificate error,” he added.
Shared IP Addresses
Bellingcat also identified multiple shared IP addresses which appeared to be concurrently in use by both Ruptly and Viory between May 2025 and May 2026.
From 2025 onwards, the Russian IP address 158.160.132.25 has been used concurrently by viory.video, ruptly.video, ruptly.agency and ruptly.tv, according to VirusTotal. Similarly, since the beginning of 2026, IP address 84.252.135.88 has been used concurrently by viory.video, viory.team, ruptly.video, ruptly.agency and ruptly.tv, according to VirusTotal.
VirusTotal data shows that from 2025 onwards, IP address 158.160.166.22 has been used by ruptly.video and viory.video while from 2026 onwards, IP address 158.160.226.68 has been used by viory.video and ruptly.tv. The VirusTotal data appearsto show these IP addresses being used exclusively by Ruptly and Viory as of 2025 and 2026. However, VirusTotal does not necessarily capture all domains which resolve to an IP, and other domains may also have resolved to these IP addresses, which were not observed by VirusTotal’s passive DNS replication service. It is also important to note that in some cases, unrelated domains use the same IP addresses.
Ruptly Sends Site Performance Data to Viory
Viory’s and Ruptly’s site infrastructure was also linked through data sent via Sentry, an internal error tracking and performance monitoring platform.
An API scan of Ruptly’s main client login page, ruptly.agency, on March 26, 2026, shows that the page was sending data to a subdomain of viory.team. This domain appears to be used by Viory primarily for backend purposes, based on subdomains which appear to refer to common developer and site management tools such as Traefik and ArgoCD, in addition to Sentry.io. Notably, two subdomains also appear to refer to Ruptly.
The purpose of one domain sending data to another domain’s Sentry project is generally to consolidate all of the relevant performance and error data in one place for in-house developers to monitor.
The ruptly.agency page’s request to viory.team also includes an authentication key for Viory’s Sentry project. Ruptly.agency is not the only Ruptly domain sending Sentry data to viory.team. As of May 9, 2026 the login page for ruptly.video’s own Sentry project, sentry.ops.ruptly.video, automatically redirects to sentry.ops.ruptly.video/auth/login/viory/. Ruptly Video’s Sentry login page also features “Viory” as the title.
The ruptly.video Sentry login page is also sending data to the viory.team Sentry project, the ruptly.agency homepage and using a favicon hosted on viory.team.
A third Ruptly domain, ruptly.tv, also sends performance data to viory.team’s Sentry project via cms.dev.ruptly.tv.
James Wilson noted that in each case, the Ruptly domains sending data to Viory appeared to be using a different Sentry key.
“If you look at each of these snippets sending telemetry data [from the Ruptly domains], the specific Sentry keys for sentry.ops.viory.team are different for each. I presume that someone with access to Viory’s Sentry keys has generated and included fresh Sentry keys in each of these instances in order to differentiate between the telemetry from this site versus others using the same Sentry instance,” Wilson said.
“This cuts against the idea that this is, for example, a case of someone just lazily copy-pasting code on Ruptly’s domains. It suggests that each of these snippets was likely to have been deliberately included. The alternative explanation of changing these API keys to some arbitrary value seems much less plausible given the lack of diligence in ensuring other aspects of the content didn’t cross-reference the domains.”
‘Ruptly’ Page Title on Viory Test Page
Finally, Bellingcat found a page at frontend.dev.viory.video/en that appears likely to be a developer test page for the front page of Viory’s main domain viory.video.
Notably, however, the page title reads “Stream trending news | Ruptly.” The page description included in the source code also refers to Ruptly:
“Follow breaking world news in real-time and stream the latest developments in politics, sports, finance, science, tech, and more from one of the top online news sites. Download and share international news today with award-winning news agency Ruptl” [sic].
Screenshot of frontend.dev.viory.video/en page, captured May 10th 2026. Archived source.
Wilson said that the use of the Ruply page title and text on the Viory test page “looks like a case of lazy copy and pasting”.
“That could potentially be done by someone outside of Ruptly, although it would be strange.”
While this particular piece lies on the lower end of the spectrum of proof, Wilson said that together with the other stronger pieces of evidence, including multiple Ruptly domains appearing to send data to Viory using different API keys, and Ruptly’s wildcard SSL certificate on Darpo Vision’s site, the weight of evidence for a connection between Ruptly and Viory adds up.
“None of the pieces of evidence are watertight on their own, but when you add them together it’s difficult to think of other plausible explanations for all of them being true at the same time,” he added.
“None of the pieces of evidence are watertight on their own, but when you add them together it’s difficult to think of other plausible explanations for all of them being true at the same time,”
-James Wilson
Bellingcat also found that Ruptly appears to have connections to a company in Hong Kong. Company records from July 2022 indicate that this company was originally named Ruptly Limited, but in September of that year, the company’s name was changed to Lotus Production Limited.
The Hong Kong company remains registered as active and filed annual reports in September 2025.
Russian Slant in the ‘Global South’
Anna Hiller, a Bangkok-based Consultant Research Analyst for the Institute for Strategic Dialogue told Bellingcat that the resources provided by Viory can be an attractive pool of source material for smaller media outlets, governments and academic institutions with small budgets.
She told Bellingcat that Viory’s editorial choices are clear when looking at the site’s videos.
“When accessing Viory, the prominence of pro-Russian and pro-China content is immediately noticeable, including numerous articles focused on Vladimir Putin, Russia-China cooperation, and broader China-related narratives.”
Bellingcat contacted Viory, Darpo Vision and Lotus Production Limited to ask about the connections we found between the Viory website and Ruptly and between Lotus Production Limited and Ruptly.
Viory said that it had no connection with Ruptly. “Viory has no connection with Ruptly; any suggestion otherwise based on ordinary use of similar digital platforms, tools or cloud providers is poorly founded and inaccurate; Viory is a UAE-based, privately held, self-funded and 100% privately owned organisation, and receives no funding, direction or instructions from any state media,” the company said in an email response.
Ruptly also said it was not connected to Viory. It declined to respond to Bellingcat’s questions, including about specific findings such as Ruptly’s domains sending technical performance and error data to Viory, calling these questions “irrelevant”.
Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.
What began as a geopolitical crisis in the Middle East nearly 100 days ago is increasingly becoming a food security crisis elsewhere, with UN agencies warning of rising hunger in Africa and malnourished children being turned away from medical clinics in Afghanistan.
The UN and its partners are continuing efforts to contain Ebola outbreaks in both the Democratic Republic of the Congo (DRC) and Uganda, while warning that insecurity and misinformation remain major obstacles to the response.
