SecureMac, Inc.

Checklist 424: Take It Down or Else

May 23, 2025

Apple patch fix, 23andMe data goes to Regeneron, and a new takedown law stirs privacy vs. free speech debate—here’s what you need to know.

Take It Down or Else

Checklist 424: Take It Down or Else

Congress Passes Controversial “Take It Down Act” Amid Free Speech Concerns

 In a rare bipartisan move, Congress has passed and the White House has signed into law the Take It Down Act, a sweeping new regulation that targets nonconsensual intimate imagery, including revenge porn and AI-generated deepfakes. While hailed as a step forward for digital privacy rights, critics warn it may come with severe unintended consequences for online speech.

Aimed at Protecting Privacy, Modeled on the DMCA

The law, set to take effect within a year, compels online platforms to remove intimate visual content posted without consent within 48 hours of a takedown request. Noncompliance could result in $50,000 fines per violation, according to Wired.

The Take It Down Act is modeled after the Digital Millennium Copyright Act (DMCA), which has long allowed for swift takedown of infringing content. However, the DMCA has also been frequently abused by bad actors seeking to silence critics or harm competitors under false pretenses. The concern, free speech advocates say, is that this new law lacks even the minimal safeguards that exist under the DMCA.

“Fraudsters have abused the DMCA takedown process to get content censored for reasons that have nothing to do with copyright infringements,” Wired reports.

Missing Guardrails and the Risk of Abuse

One of the most glaring issues with the Take It Down Act, experts say, is the absence of penalties for bad-faith requests. Unlike the DMCA, which contains consequences for fraudulent claims, this new law only requires that takedown requestors act in “good faith,” with no meaningful deterrents or verification requirements.

Even more troubling to critics: there is no formal appeals process for content creators or alleged perpetrators to contest erroneous removals. Nor does the law carve out exemptions for content deemed in the public interest, further fueling concerns of overreach.

The Clock is Ticking — Literally

The 48-hour window for takedown places immense pressure on tech companies, many of which are already overwhelmed by volume and short on verification capacity. Google, for example, processes millions of DMCA takedown requests annually and has admitted in court that it “often must rely” on the statements of claimants due to time constraints.

Free speech groups warn that the new law may lead to preemptive censorship, as companies err on the side of caution to avoid liability. This “better safe than sorry” mindset could result in the unjust removal of legitimate cbontent, repeating the same cycle of DMCA abuse but with higher stakes and less recourse.

A Well-Intentioned Law With Real Risks

Proponents of the law emphasize its urgency and necessity, particularly in protecting victims—many of them minors—whose trauma was a catalyst for legislative action. The hope, lawmakers say, is that it will enable victims to reclaim privacy swiftly and decisively.

Yet, the Wired report and critics alike suggest that in its current form, the Take It Down Act is a powerful but blunt instrument, one that risks being misused in ways that undermine digital expression and due process.

As one commentator put it, “It’s hard to blame free speech people for being worried about leaving keys in the ignition of a bulldozer.”

Regeneron Buys 23andMe After Data Breach Fallout: What It Means for Your DNA

 Biotech giant Regeneron has emerged as the winning bidder in the bankruptcy auction of troubled genetic testing firm 23andMe, setting the stage for a $256 million acquisition expected to finalize in Q3 of 2025. The deal comes in the wake of a massive data breach, plummeting user trust, and a slew of lawsuits that forced the once-celebrated DNA analysis company to file for bankruptcy in March.

The Breach That Broke 23andMe

According to a ZDNet report, 23andMe’s troubles began with a late-2023 breach that affected around 14,000 user accounts through a method known as credenbtial stuffing—but the fallout reached much further. The attackers gained access to the DNA Relative profiles of 5.5 million users, exposing deeply personal information including:

  • Display names
  • Relationships and family trees
  • Birth years and ancestor locations
  • DNA match percentages

Though the company initially blamed customers for reusing passwords, the breach reportedly impacted even those with unique credentials and two-factor authentication, thanks to how relational data was structured.

The Lawsuits and the $30 Million Settlement

The breach triggered multiple class action lawsuits, which proved successful. Affected customers can now file claims for a share of a $30 million settlement—a payout some have criticized as meager given the sensitivity and scope of the exposed data.

The financial and reputational damage from the lawsuits, combined with declining sales, led to 23andMe’s bankruptcy filing in March 2025. The situation raised enough concern that the California Attorney General urged customers to delete their genetic data, warning of the unknown implications of an impending acquisition.

Regeneron Steps In

Founded in 1988 and based in Tarrytown, NY, Regeneron is a pharmaceutical heavyweight known for developing drugs in areas such as ophthalmology, immunology, and infectious diseases. In its statement following the auction, Regeneron emphasized its intent to respect 23andMe’s consumer privacy policies and adhere to applicable laws. Notably, the company pledged transparency and oversight:

“[We] are prepared to detail the intended use of customer data and the privacy programs and security controls in place for review by a court-appointed, independent Customer Privacy Ombudsman and other interested parties.” – Regeneron press release

A company executive also touted Regeneron’s experience with large-scale, deidentified genomic data, emphasizing the potential for medical breakthroughs while asserting a commitment to user privacy.

A Second Chance or More of the Same?

Despite the promises, skepticism remains high. Critics point out that 23andMe itself once pledged to safeguard its users’ data—until it didn’t. The company will remain operational under Regeneron’s ownership, now with mandatory two-factor authentication, though password hygiene remains a user responsibility.

For users concerned about their genetic data privacy, the option to delete their information still exists. Checklist episode 417 contains step-by-step instructions on how to do so.

For those staying on board, Regeneron’s track record in biomedical research offers a potentially promising new chapter—but the risks associated with centralized genetic data persist.

Apple Quietly Replaces Problematic iPadOS 17.7.7 with New Update After Login Issues

Just days after an unexpected software snafu disrupted users across the iPad ecosystem, Apple has issued iPadOS 17.7.8, a quiet but crucial update aimed at resolving issues introduced by its short-lived predecessor, iPadOS 17.7.7.

The Mystery of iPadOS 17.7.7

Apple initially released iPadOS 17.7.7 last week, billing it as a security-focused update. However, users quickly reported a cascade of problems, notably trouble logging into apps and services after installing the update. With little warning or explanation, Apple pulled the update from distribution just a day later—an unusually abrupt move for the company.

The Silent Fix: iPadOS 17.7.8

Now, Apple has pushed iPadOS 17.7.8 to users, replacing the faulty release. According to a report from iDownloadBlog, the new version offers the same vague assurance as its predecessor: it “provides important security fixes and is recommended for all users.”

Conspicuously absent from the release notes is any acknowledgment of the app login issues that plagued users after the previous version. While Apple has not commented publicly on what exactly went wrong, early signs suggest that iPadOS 17.7.8 may have quietly resolved the problem.

Apple’s Ongoing Silence on Software Glitches

The incident reflects a pattern in Apple’s software management strategy, where transparent communication around bugs and fixes is often lacking. Despite the impact on users, Apple’s documentation remained minimal, leaving tech reporters and users alike to speculate on what really happened.

So far, no major issues have been reported with iPadOS 17.7.8, leading many to cautiously hope the problem is now behind them—fingers crossed.

Filed under Security News, The Checklist Podcast by SecureMac

Latest Security News

Get the latest security news and deals