This Pride month, we’re calling on the dating app Grindr to prioritize LGBTQ+ user safety by making privacy the default across its platform. That means no more sharing personal data with advertisers or training AI on private information without users’ opt-in consent.

Grindr is a dating app for the LGBTQ+ community; and for queer people, privacy violations can have life-altering consequences. Information that reveals someone’s sexual orientation, gender identity, or HIV status can be used by employers, governments, family members, scammers, or bad actors to inflict harassment, discrimination, arrest, or violence. For example, data from Grindr and other gay dating apps was sold by data brokers and used to 'out' (the act of disclosing someone's sexual orientation without permission) a gay priest in 2021. 

Despite being the world's most popular gay dating app, Grindr has repeatedly mishandled users' sensitive data. Grindr has been caught sharing users' HIV status and precise location with advertisers without obtaining valid consent, resulting in reprimands and fines in several countries. Its former Chief Privacy Officer even sued, alleging the company fired him for raising concerns about Grindr prioritizing “profit over privacy."

Grindr ended several of its most egregious data sharing practices after they were exposed. But more changes are needed if Grindr wants to earn back trust and prove its commitment to users’ privacy and safety. This Pride month, we’re calling on Grindr to make privacy the default and ensure the immediate implementation of two changes to better protect its users:

Opt Users Out of Behavioral Advertising by Default

Grindr currently allows users to opt out of behavioral advertising, but that protection is not enabled automatically (except in some unspecified regions). As we’ve long warned, behavioral advertising relies on the collection and sharing of personal data across a vast network of advertisers, intermediaries, and data brokers. Once information enters this ecosystem, users have little control over where it goes or how it is used: people’s most private and intimate information can be aggregated, sold, and combined with information from other sources to create detailed personal profiles.

By default, Grindr appears to share data with numerous advertising and tracking companies. Using TrackerControl, an app developed by privacy researcher Konrad Kollnig, we recorded Grindr contacting 20 third-party tracking domains during 15 minutes of app activity (see Grindr_TrackerControl_06-23-2026.csv for exported results). TrackerControl observed Grindr contacting Big Tech companies and ad-tech intermediaries, many of which have faced significant legal scrutiny for privacy violations. Several of these companies auction off ad space through a process called “real-time bidding,” which can expose user data to hundreds of additional companies and be exploited by data brokers. 

The dangers of Grindr’s default settings exposing users’ personal data to this ecosystem are not hypothetical. Between approximately 2017 to 2020, a location data broker collected the precise movements of millions of Grindr users from digital advertising networks and made them available for sale. The commercially available data was allegedly so detailed that, in some cases, it could be used to infer romantic encounters between specific Grindr users. 

Although Grindr has stated that it no longer shares precise location data or profile information with advertisers, it acknowledges sharing other personal data, including mobile advertising identifiers (MAIDs)—unique, persistent device IDs that allow advertising companies and data brokers to connect data about the same individual across different sources. MAIDs are not anonymous, and an entire industry exists to link them to more directly identifying information, like emails and phone numbers. According to Grindr’s privacy policy, companies receiving users’ MAIDs “are aware that such data is being transmitted from Grindr,” which could expose a users’ sexuality to the advertising and data broker ecosystem.

Opt Users Out of AI Training on Personal Data by Default

Grindr should stop training its AI models on users’ personal data without opt-in consent. 

Grindr has been investing heavily in AI features as its CEO strives to make Grindr an “AI-first business.” New AI features include a wingman chatbot, profile recommendations based on users’ inferred “type”, summaries of previous interactions with other users, and AI-generated insights about other profiles (like responsiveness, typical online hours, and engagement patterns). By default, Grindr uses its users’ personal data to train the AI models behind these features.

Grindr claims to never use sensitive health information for AI training and requires users to opt-in to AI training on “special-category” data, which includes chat content and precise location. But Grindr automatically enrolls users in AI training on other private information, including profile photos, age, taps, and display names. Users must navigate several levels of Grindr settings to prevent these personal details from being used to train Grindr’s AI.

AI systems trained on personal data create new privacy risks, including the possibility that personal information may be retained, reproduced, or exposed in unexpected ways. For example, researchers have been able to extract training data from AI systems like ChatGPT.

Beyond AI training, Grindr enables AI-powered features by default and allows both “special-category” data and other personal information to be processed by those features. Even users without access to premium-subscription AI features could have their data automatically used to power those features for other users. “Behavior-based profile insights” (pictured below) could expose information that users would never choose to share publicly, like the types of people they interact with on Grindr, their typical online hours, and how often they initiate conversation with other users.

Image of the “Profile Insights” feature from a Grindr blogpost promoting its premium, AI-first subscription

Regardless of whether new AI features leak private information, users deserve meaningful control over how their personal data is used and by whom. Grindr notifies users that their personal information may be used to train AI and that they can opt out on a separate settings page, but this notice does not specify the type of data used (i.e. profile photos, taps) and it is unlikely that people carefully read or understand it. Closing the notice or clicking its only button (which is “Proceed”) maintains Grindr’s default of using personal information for AI training. To respect users’ autonomy, Grindr should require opt-in consent before training AI models on personal data.

Notice displayed in the Grindr app about the use of personal data for new AI features

Celebrate Pride by Demanding Better Privacy

Grindr must immediately stop prioritizing profits over users’ safety. The ability to opt-out is not an acceptable substitute for opt-in consent, especially given the added risks of data sharing for LGBTQ+ users. Defaults matter—studies show that most people cannot or do not change the default settings of technologies they use.

If Grindr wants to back up its claim that it “takes user privacy very seriously,” it should make privacy the default across its platform, rather than something users need to go through complicated processes to opt in to. 

This is not science fiction. It’s not premature. If towns, cities, states, or the federal government want to act to reign in the emergence of armed police drones and robots, we have precious little time. In the absence of substantial regulation around when and how domestic law enforcement in the United States can deploy force using drones, the companies that markets technology to law enforcement have been moving. It’s past time concerned people take notice. Cities should not procure weaponized drones or robots, and multi-purpose drones and robots should be restricted from causing harm. 

Since 2021, EFF has been advocating against the use of armed robots or drones by law enforcement. This call has become more urgent as companies are moving in to take advantage of the lax regulatory landscape.

This month, two disturbing developments raised concerns that we might be on the verge of a larger trend of drone militarization. The first is that the CEO of Skydio, one of the most prolific vendors of police drones in the United States, signaled that the company has a more permissive attitude toward arming their drones in some contexts than many people expected. When asked on a podcast about the public perception that the company had restrictions around letting the military arm their drones, CEO Adam Bry said, “This is an area where I’ve gotten some things wrong. We said some things previously that led folks externally and internally to believe that, for example, we would prevent the military from putting weapons on our drones […] It’s very easy to sit back in a Silicon Valley office and think that we’re very smart, that we know the technology, and the idea of using it for X, Y, or Z thing seems evil or bad, so we’re going to write a policy or ban people from doing it. I think that’s ultimately misguided.”

Simply put: he is signaling that Skydio will not implement restrictions on their customers’ use of their devices. 

Bry was specifically asked about the military arming drones but the question reveals a disturbing truth: whether police arm drones domestically is currently based more on the internal ethical commitments of companies than it is any laws created by elected officials. Combining Skydio’s huge amount of police contracts, including supplying entire fleets for Drone as First Responders (DFR) programs, and the tendency of military technologies like surveillance aerostats to get redeployed on U.S. soil, creates a real recipe for the emergence of armed police drones. 

The other piece on the chess board to keep our eye on is the introduction of weaponized drones as a tool of school safety. A company called Campus Guardian Angel will run pilot programs in schools in Georgia and Florida in Fall 2026 to introduce drones that are designed to swarm, distract, crash into, and even shoot irritants at potential school shooters. This comes just years after a large national backlash that got the large police tech company Axon to pause its development of drones armed with tasers as a solution to school shootings. 

Although it may be obvious to some people, it’s worth saying again: antagonizing an active shooter with a small drone is a dangerous idea. In chaotic situations, deploying physical harm via drone is likely to get bystanders or good samaritans hurt by accident. It is also unproven that this technology will work to distract or deter an actual school shooter–especially when the demonstrations we see online revolve around crashing drones into stationary mannequins in pristine, controlled conditions. Another important question: What would happen if a potential shooter shoots at the small moving drone and endangers the people fleeing behind it? After all, in the demonstrations we’ve seen it is unclear if these drones have the ability to see what is behind them.  This is an unproven and potentially dangerous method of combating the very serious problem of gun violence in schools, and it’s one that helps to normalize armed drones as a solution to other policing problems as well. 

These developments also mean It’s not enough to follow San Francisco’s lead, which became the first city to change its policy regarding how robots could be used in order to ban police from using deadly force via robots in 2022. A robust and effective policy must include both drones and robots (not one or the other), and it has to explicitly prevent drones and robots from deploying any body harm — including deadly force and less-lethal measures like kinetic strikes, pepper spray, rubber bullets, or tasers. In addition, cities and states should not procure weaponized drones and robots. 

Since 2021, EFF has been advocating against the use of armed robots or drones by law enforcement. This call has become more urgent as companies are moving in to take advantage of the lax regulatory landscape. We cannot continue to rely solely on the good will of companies that make their money selling technology to police departments to protect us from dangerous police technology. Lawmakers need to act now. 

Poke your head into just about any online social network—or any general conversations about internet culture—and you’ll likely find a boogieman: the algorithm. Since at least the moment Facebook introduced (and apologized for) its News Feed, “the algorithm” has been shorthand for the ways the tech giants control what we see and when we see it. In the age of enshittification, there is a push to reclaim our feeds and networks. Good news: there’s a tool that’s been around for decades that can help wrangle many of your feeds into something manageable: Really Simple Syndication, more commonly known as RSS.

What’s RSS and How Do I Use It?

RSS has been around since 1999, but its real publicity glow-up came from Google Reader, a newsreader service that Google offered between 2005 and 2013. Despite the alarm bells people rang at the time, the death of Google Reader wasn’t the death of RSS, and many replacements have come and gone over the years.

RSS may seem complicated, but it boils down to one general concept: when websites publish new content, like news articles, blog entries, webcomics, videos, or podcasts, that content gets added to an RSS feed, where your RSS reader (aka newsreader, feed reader, or aggregator) will show you that content in chronological order. If you’ve ever used a podcast player like Apple Podcasts or Spotify to follow different podcasts, you’ve used RSS. You can think of it like an internet-wide “follow” button, where you can track the contents of websites, users, and more.

People talk about RSS like it’s a power user’s secret trick to making the internet more usable, but the real secret is that it’s not that hard to set up and use. Here’s what you need to do:

• Find an RSS reader: RSS readers come in many forms. Feedly, NewsBlur, or The Old Reader, are web-based, but have their own apps (though they also support third-party apps). Others, like NetNewsWire, are app-based, and support either using a web-based RSS reader like Feedly, or a local file. Some live in browsers or web extensions. There’s an abundance of choice in RSS readers, and part of the fun is finding one that best accomplishes what you want to do. But don’t worry about finding the right RSS reader right away. One of the many magic tricks of RSS is that it is platform agnostic, and nearly every RSS reader—whether it's a website or an app, supports importing and exporting a list of the sites you subscribe to. This means you can change RSS readers in a couple minutes. If you need some help finding an RSS reader, Wired, The Verge, and Privacy Guides all have useful roundups. 
• Collect your feeds: As for adding websites to your feeds, the process is straightforward. Most RSS readers are designed to help find the feed for a site for you, so you don’t need to go hunting down a special link. Just drop the URL of what you want to follow in your reader, and if an RSS feed exists, it should be able to find it. If not, some sites, including ours (and our current podcast, EFFector as well as our last series, How to Fix the Internet), provide direct links to our RSS feeds.
• Sort, filter, and build your feed: Adding a bunch of new feeds can be overwhelming, particularly for news sites. RSS readers typically include folders, which let you group similar feeds together and can be great for lifting up low-traffic updates you don’t want to miss. Your reader may also have different filters, like the option to block any article that contains “sponsored post.” 

RSS Is the Best Way to Follow the News

It can be very difficult to follow the news, whether that means politics, tech policy, or your hobbies. Solutions like Google News or Apple News have tried to make this simpler, but many find that their algorithmic feeds are as often a source of frustration and annoyance as they are genuinely useful. And no matter how often you tap on news stories that matter to you from publications you respect, there may always be stories that refuse to bubble up.

RSS can make reading the news much easier, reliable, and more private. The vast majority of news sites have RSS feeds you can subscribe to, and many, including CNN, The New York Times, BBC, Wired, Politico, and many others, offer RSS for specific sections or special feeds that include the full text of articles for subscribers, so you aren’t just pummeled with a firehose of news all day long (we’ll get to a tip below in the next section that tackles this problem if they don’t have separate feeds, though). In many cases, you can read articles right in your RSS reader, never being forced to engage with wonky comments sections or poor design choices on websites.

Of course, the news isn’t just general news sites, it also includes hobbyist or more niche sites, local news offerings, and blogs. Most of these sorts of websites also offer RSS feeds, as do newsletter platforms like Substack or Ghost. 

RSS Offers One Way to Fix Some Social Feeds

Decentralized social media like Mastodon, Bluesky, and Threads, use RSS for user feeds, so you can follow your friend’s posts on Bluesky or Mastodon without actually having an account on either. This can be especially helpful for news sources, too—where you likely wouldn’t want to subscribe to a feed of everything a national news organization publishes because that would include dozens if not hundreds of stories a day, you can instead subscribe to their social media posts, which often get you the most breaking or important news.

The internet is more than just Facebook.

Some legacy social media works with RSS, too, including YouTube, Reddit (though that is currently at risk), and Tumblr. But others, like Facebook, LinkedIn, and Instagram, wall off posts behind account requirements that seem to pop up if you simply look at an account page for too long, let alone come in from an RSS feed. These walled gardens prevent information from getting out there, which ranges from annoying, like when your favorite local brewery only posts their food truck schedule on Instagram, to dangerous, like when local public services only post to a Facebook page.

The internet is more than just Facebook. It’s more than Mastodon or Bluesky, too. It’s a decentralized smorgasbord of websites, tools, feeds, newsletters, social profiles, and more, and treating it as such will help us wrangle the information we want and trust. 

Other Surprising Places You’ll Find RSS Feeds

When in doubt, try copying and pasting the URL for a site into your RSS reader of choice, you might be surprised to find a feed that proves useful to you. Many places on the internet may offer RSS feeds without you even realizing it. For example, if you want to keep an eye on an artist’s prints that you like, but they don’t have Instagram where they usually post, you might be able to subscribe to their webstore, as some shopping platforms, like Big Cartel, create an RSS feed automatically. And for something even more tweakable, even Google Alerts can be turned into RSS feeds.

RSS is one of the best examples we have of the open web, where we can design and customize how we experience the internet, not the other way around.

If you prefer to track policy over products, then you’ll be happy to know that government sites often support RSS, including most U.S. government sites, many of which break them into different sections like the U.S. Department of State’s various feeds. Many local governments or other public services, like fire departments may offer the same. Some universities (and university newspapers) also sometimes offer some RSS feeds. 

And even if a website doesn’t have an RSS feed, there are workarounds from tools like RSSHub, RSS-Bridge, and RSS.app that require varying levels of technical expertise or a willingness to pay subscription fees.

RSS is one of the best examples we have of the open web, where we can design and customize how we experience the internet, not the other way around. RSS has come in and out of fashion, been declared dead, and has come back, every time. Open systems are the best way forward to a free, equitable internet, and the resilience and continued reinvention of RSS has shown just how creative the web community can be with open protocols.

Ignoring EFF’s warnings about the dangers and impossibility of implementing a new mandate for 3D print surveillance software, the California State Assembly has signed off on legislation to do just that. In the process, legislators amended the bill to make it even more confusing, while failing to address the risks to privacy, speech, and consumer rights. We must renew our call on legislators to drop this bill as it heads to the state senate, and protect the tools of creators in the state.

Take action

Tell CA Senators to stand with creators

What’s changed about the bill?

Since we first wrote about AB  2047, a bill targeting 3D printers for the rare, impractical, and already outlawed practice of manufacturing firearms without a license, it has picked up several amendments. Some are welcome changes, but most have only highlighted the technocratic absurdity of the proposed scheme. Our core concerns—that this mandate censors lawful speech, builds out corporate surveillance, and criminalizes open source experimentation—have not been remedied. 

Removes criminalization of resale

Starting with one silver lining, the current bill includes a carveout for the private resale of devices. The original bill would have made it a criminal offense for an individual to resell 3D printers purchased before this mandated censorship and surveillance software. This is a clear win for the 3D-printing community, but it is unfortunately not enough.

Ineffective carveouts for open source

One of the most dangerous aspects of the bill is that it criminalizes individual users for common practices, like creating and using alternative open source programs with their 3D printer. New amendments provide a carveout for the use of an open source tool, but only if it includes compliant censorship software. The bill burdens open source developers with ambiguous and unrealistic standards for print blocking, and continues to create a chilling effect for open source users.

Removes any actual requirement to work

To reiterate—there is no world where the mandated technology actually works as intended. It will both block lawful use of 3D printers, and allow firearms to be printed by anyone determined to do so. There is no amendment that can change this reality.

Instead, the current bill simply drops the pretense that this mandate is expected to work. The performance standard of algorithms changed from “effectively prevent[ing] a technically skilled user from evading [the algorithm]” to “substantially reduce the likelihood of foreseeable circumvention attempts…” The bill will still require all prints to be surveilled, but instead of testing efficacy against a skilled user, it just plays whack-a-mole with the (literally) infinite number of circumventions that any user can employ. 

Further, the bill now leaves us with an unclear process that relies on non-governmental third parties to define standards, and now relies on manufacturers and resellers to self-police.

Hollywood gets a cut

The bill includes yet another carve out for commercial users. This time for the entertainment industry, which makes extensive use of 3D printers for props and costumes. 

That’s fine for big studios, but it leaves out indie filmmakers, cosplayers, and many other small creators. 

This is simply a defensive edit to limit corporate opposition. There isn’t a clear division in 3D-printing between consumer and commercial tools. These are general purpose tools which might be picked up by a prop department of a big studio, or an artist getting ready for Comic Con. Indeed consumer level products are not only used by amateur artists and engineers developing their skills. Commercial 3D printers, like their traditional 2D equivalents, are frequently used in workplaces, as well as by professionals honing their skills or just trying to get some work done at home. 

Commercial carveouts hands printer manufacturers the ability to sell a more expensive tier of printers, locking-in and up-charging their commercial customers. Some of those customers will choose to buy general retail versions, but that carries its own price: increased risk of IP theft as all printed files are surveilled the same way they are for hobbyists. That means a real risk of businesses leaking any prototypes or new designs to not only the printer manufacturer, but potentially snooping governments and/or the general public through data breaches.

Demand  your senator oppose AB 2047

This updated version of AB 2047 downgrades performance standards and removes oversight while still threatening privacy and choice for users of 3D printers. A printer surveillance system won’t work for its intended purpose, and will only harm law abiding users. 

Act now to demand your senators to vote no on this ineffective and invasive bill.

Take action

Tell CA Senators to stand with creators

Time and time again, researchers have found numerous compromised Android devices for sale at large online retailers like Amazon. When these devices get individually reported, we have seen some noted efforts to take them down. But this is a systemic problem and Amazon and other major online retailers must make a corresponding systemic and intentional effort to stop these devices from entering people’s homes and ultimately their networks.

As a refresher: Last year, Google wrote that one major campaign, deemed BADBOX, affected 10 million uncertified devices that were running Android’s open-source software (Android Open Source Project or AOSP). These devices span from TVs and streaming devices to digital picture frames. Even now, someone can go on Amazon and Walmart and buy one of these devices. Not all of them come from Amazon and Walmart, but it’s fair to assume since they have the lion’s share of the market.

Most well-known Android-based devices don’t come with just “stock Android.” The operating system is usually Android plus additional features that the manufacturer wanted. These custom versions of Android often come with pre-installed applications that range from useful to innocuous bloatware to actual malware. Many Android OEMs (original equipment manufacturers) pre-install apps that may not be visibly represented by an icon in your list of installed apps. This obscurity makes the issue particularly hard for users to identify any potential threats.

Since the initial BADBOX analysis, there have been more reports of large campaigns and clusters of different devices participating in malicious activities that utilize people’s home networks to engage in illegal activity. Task forces in the private sector have made an effort to take down these existing Command and Control structures, but these actors may pivot and evolve to flood the market with more devices. 

Online retailers can stop this cycle. A multi-billion dollar company like Amazon should offer more resources, like their anti-fraud efforts, given that these products may have facilitated conditions for large scale attacks and illegal activity. It would also be helpful if they communicated malware-related take downs in a more visible way to consumers who are seeking very similar devices with shared characteristics.

Identifying these devices can be tricky, but it’s not impossible because they tend to follow a pattern. For example, the FBI warned consumers this year to avoid TV streaming devices that claim to provide free sports, tv shows, and movies, a common tactic used by the makers of these malware-filled Android devices that leverages people’s exhaustion from spending money on countless streaming services. We detailed what sorts of indicators to look for on a device you’ve purchased.

But it’s not just the storefronts. There are other parts of this ecosystem that need to improve too, like increased engagement in firmware transparency and the actual manufacturers of the devices themselves being held accountable for these malware laced products.

On Prime Day, we urge retailers like Amazon to better empower users with information they need to make safe and smart decisions.

Seeking transparency and accountability in Paraguay’s use of facial recognition, EFF, the Association of Technology, Education, Development, Research, Communication (TEDIC), and the Centre for Justice and International Law (CEJIL) filed a complaint with the Inter-American Commission on Human Rights against the state for arbitrarily denying access to information about its implementation and use of the technology as a tool for mass surveillance that erodes people’s privacy rights. 

The case involves the Ministry of the Interior and National Police’s installation in 2019 of surveillance cameras with facial recognition technology in Asunción. Maricarmen Sequera, a lawyer and executive director of TEDIC, filed an information request with the ministry seeking details and protocols about the implementation and use of facial recognition systems and the personal data processing involved. 

The request sought information about, among other things, whether the state had conducted human rights or data protection impact assessments, as well as if it had developed measures and protocols for avoiding abuses, illicit uses of personal data, and other risks in the deployment of the facial recognition system.

The state denied most of the information requested, arguing that implementation details, protocols, and the processing of individuals' personal data were confidential security information. TEDIC contested the secrecy in courts, but the analyses lagged and ultimately sustained the denial of information. 

The petition filed last Friday (19) cites Inter-American standards upholding the public’s right to access information, particularly in relation to national security, that the Paraguayan authorities disregarded in denying TEDIC’s information request. The petition also argues that the refusal of information violated privacy and the right to informational self-determination.

The petition asks the Commission to recognize a violation of those rights and require the state to deliver the information requested. Further, the petition seeks an order compelling the state to adopt mandatory permanent mechanisms of active transparency regarding the acquisition, contracting, implementation, financing, functioning, and use of surveillance technologies by public bodies, especially those that incorporate processing of biometric data or artificial intelligence systems. 

It also asks the Commission to order the state to mandatory procedures for human rights impact assessments prior to acquiring and using surveillance technologies, particularly those that collect biometric data or use artificial intelligence.

The state’s lack of transparency in this case is not an isolated incident, both in Paraguay and in Latin America, where opacity in matters of security and surveillance is the unsettling rule. The situation gets worse with the increasing normalization of intrusive surveillance technologies by states in the region.

The Special Rapporteur for Freedom of Expression of the Inter-American Commission emphasized that states should disclose surveillance capabilities and contracts, and acknowledge state use of surveillance technologies at a meaningful level of detail, to facilitate essential public debate on the necessary limitations of surveillance in democratic societies and ensure compliance with international human rights law.

We hope that the Inter-American Commission upholds the robust safeguards in the Inter-American System and advances access to information and privacy rights in a case that can set a crucial precedent for the region.

This week marks four years since Dobbs v. Jackson Women’s Health Organization overturned Roe v. Wade’s constitutional protections for people seeking abortion care. Anniversaries are a moment to take stock, and over the last four years, EFF has seen firsthand how digital rights and reproductive rights have become increasingly intertwined. One major way this has happened: the fight over abortion has also become a fight over online speech and government censorship as a steady stream of proposed laws, cease-and-desist letters, lawsuits, and government investigations have targeted the websites and online resources that help people find and learn about reproductive healthcare.

This is an effort by anti-abortion government officials to mold the information ecosystem, restrict what people can read, and cut off the ways people communicate with one another. We’ve watched this build for years, and the encouraging news is that many of these efforts have failed. The worrying news is that they keep coming. And if they’re allowed to succeed, this could have repercussions for freedom of expression online beyond reproductive rights.

Targeting Sites That Just Share Information

The clearest tell that this is also a war on speech is that officials have aimed their efforts not just at abortion providers or the entities that prescribe and sell medication abortion, but also at websites that do nothing more than tell people what their options are, how to find a doctor, and where abortion remains legal.

Cease-and-Desists & Takedown Demands

State attorneys general have been hitting these online information hubs with cease-and-desist letters and takedown demands. Just this month, for example, Alabama Attorney General Steve Marshall sent cease-and-desist letters to multiple groups with abortion-related websites, including Plan C, a public health campaign that provides educational resources and research on abortion access. Plan C doesn’t sell or ship abortion pills. It simply provides information. Marshall’s office nonetheless claimed Plan C’s website “facilitates, aids, and abets” illegal abortion. The Arkansas attorney general similarly sent out cease-and-desists to several organizations regarding their websites, including Mayday Health, which, like Plan C, provides only information and does not directly prescribe or mail pills.

What’s especially concerning is that the state doesn’t have to win, or even file, a lawsuit to get what it wants.

In another example from earlier this year, North Dakota Attorney General Drew Wrigley threatened legal action and ordered the Prairie Abortion Fund to scrub information off of its website, not because the fund sold pills, but because its site linked to several outside informational resources. The Attorney General primarily focused on the fund’s link to Plan C, meaning the biggest alleged issue was a link to a website that links to other websites where pills can be accessed.

What’s especially concerning is that the state doesn’t have to win, or even file, a lawsuit to get what it wants. Especially for smaller organizations and funds, a letter threatening legal action can be enough to chill their speech, causing them to remove important content and go quiet.

Censorship Mandates

Legislators in multiple states have also attempted to make it illegal to share resources on how to obtain an abortion, including on purely informational websites with a national or global audience. South Dakota recently passed a law making it a felony to “advertise” anything “described in a manner calculated to lead another to use or apply it for producing an abortion.” Language this broad can easily apply to websites that simply engage in First Amendment-protected advocacy or provide educational resources. Mayday Health, which operates one such website, has since sued the state in federal court to block the law. The lawsuit argues the law could reach something as small as wearing a sweatshirt that carries Mayday’s web address.

Other state legislatures have made similar efforts. Last year, for example, Texas introduced a bill that would have made it illegal to “provide information” on how to obtain an abortion-inducing drug. If you exchanged emails, had an online chat, or created a website that shared information about legal abortion services in other states, you could have violated this bill. Luckily this particular bill did not pass, but Texas has attempted to pass similar laws for several years now.

Dressing Censorship Up as Consumer Protection

A major way anti-abortion officials are targeting online speech is by weaponizing consumer protection and deceptive advertising laws, claiming that providing information about abortion violates them. This tactic is a threat to free speech rights. The First Amendment protects publishing truthful information on a public issue, and the Supreme Court has expressly said that includes providing information about legal abortion in a state where it is illegal.

Yet states like South Dakota have continued to use deceptive advertising claims to go after abortion speech. Last year, South Dakota sent a cease-and-desist and then filed a lawsuit against Mayday Health for running ads that simply read: “Pregnant? Don’t want to be?” with a link to Mayday’s website. The state claimed the ads were “deceptive.” Mayday then counter-sued in federal court, challenging South Dakota’s actions under the First Amendment. Though the federal judge ultimately declined to step in while the parallel state case was pending, she made a point of saying she believed Mayday’s website constitutes “speech subject to protection under the First Amendment.”

Other states have attempted to run the same play. Missouri sued Planned Parenthood in 2025 under its consumer-protection statute, calling a webpage that says abortion pills are safe an “unfair and deceptive” trade practice. Florida went even further, invoking its RICO law—a law typically used for organized crime—over the same kind of statement. Florida leaned heavily on a single study funded by an anti-abortion think tank, even as major medical organizations and decades of research put the serious-complication rate below half a percent. States should not be able to cherry-pick studies in order to erase online speech.

Going After Intermediaries & Erasing Whole Websites

Some officials aren’t content to restrict only certain abortion-related content—they want the websites gone entirely.

Take, for example, the cease-and-desist letters sent by the Arkansas attorney general last year. Letters were sent directly to internet intermediaries (entities that facilitate use of the internet, such as internet service providers, web-hosting providers, or things like search engines and social media platforms). The letters demanded that both a domain registry company and a web host stop supporting a site that discusses abortion drugs. But as we know, if we cut off the host or the domain, the speech disappears for everyone—not just for people in Arkansas.

Likewise, Texas’s 2025 bill would have required intermediaries to take down abortion-related content. It’s worth remembering that the imposition of civil and criminal liability on intermediaries also conflicts with a federal law that protects online intermediaries’ ability to host user-generated speech, 47 U.S.C. § 230 (“Section 230”), including speech about abortion medication.

The push has gone federal, too. In March 2026, Senator Bill Cassidy and colleagues on the Senate Health, Education, Labor and Pensions Committee pressed the FDA to use every tool it has against online sellers, including leaning on the domain registrars that keep these sites online.

Why This Should Worry Everyone

It’s tempting to see this as limited to the fight over reproductive rights. That would be a mistake. For people seeking care, the immediate harm is obvious: the internet is often the only place to find accurate, potentially life-saving information, and every letter, lawsuit, and takedown threat makes that information harder to find and riskier to share.

But the damage doesn’t stop there. We’re witnessing a live experiment in how to use consumer-protection laws, criminal statutes, and pressure on intermediaries to suppress a disfavored viewpoint, pull information offline, and make websites disappear. To think these tactics can only be used against abortion speech would be naïve. 

We hope courts and legislatures will continue to protect free speech online. But the continued drumbeat of threatening letters, lawsuits, and investigations is its own kind of harm. Here at EFF, we’ll keep defending the right to share and read information online—about abortion, and about everything else.