24 April 2026

Welcome

For 15-odd years, perhaps longer, I’ve been writing about how the digital revolution — such a quaint phrase! — is changing the world.

“Knowledge is power, right? So what we’re doing here is completely rewiring the way the human species handles information and knowledge for everyone on the planet. So that’s going to change power relationships at every level of society,” I said in 2012.

I gave the now-dated example of social media and the Arab Spring of the early 2010s, but I did mean at every level.

“It’s also power relationships between businesses and their customers, between criminals and their victims — which is not quite the same thing — between police and criminals, citizens and their governments, parents and their children, everyone everywhere.”

This week’s story about rental platform 2Apply illustrates that.

Australia is suffering a housing affordability crisis. Property owners already have much more power than renters. That’s bad enough, but renters have also been facing increasing demands to prove their worthiness to property owners, and increasing demands to hand over more and more information, or risk never finding somewhere to live.

With all this data at their fingertips, property owners can freely exercise their petty prejudices: no students, no migrants, no people moving from the western suburbs, no single blokes sharing a flat, no gays, whatever.

This week the privacy commissioner said that’s not on.

The decision related to one company, 2Apply, but it’s a message for the real estate industry. Your humble writer hopes it’s a message for businesses more widely.

RentTech 2Apply’s data collection is “excessive”

Rental platform 2Apply over-collected personal information on millions of Australians, and did so by “unfair means”, according to a determination (PDF) by privacy commissioner Carly Kind.

2Apply has been ordered to “cease collecting a range of personal information, such as prospective renters’ gender, student status, citizenship status, and visa expiry, and details of previous living history,” Kind said in a media release.

“Renters often lack real choice when making rental applications. Either they hand over personal and private information, including ID documents and payslips, or risk housing precarity or even loss,” she said.

Real estate agents, property managers, and landlords have been put on notice.

The commissioner also criticised 2Apply for so-called bundled consent, which involves “requesting consent for the user for their personal information to be used for multiple purposes in a single request), which unfairly pressures individuals into making choices that are otherwise misaligned with their preferences or that they would normally voluntarily make”.

As an aside, I enjoyed the term “confirmshaming”, which the commissioner describes as “the use of emotive language to make a user feel guilty or embarrassed for not taking an action that is beneficial to the information-collecting entity”.

The real estate industry has valuable data

Hackers claim to have stolen 441 gigabytes of data from NSW-based strata management company Strata Republic.

Ransomware group Kairos has posted data including “what appears to be a letter of reprimand to a Strata Republic employee, a strata plan balance sheet, an income tax report (including Tax File Number), and the driver’s licence of an employee,” reports Cyber Daily.

“In addition, the hackers published what looks to be a photograph from a Christmas party, featuring several men standing around a topless woman.”

LATEST PODCAST: If you read this newsletter, and it appears that you do, then may I suggest listening to The 9pm Cornucopia of Tech Policy Pleasures with Johanna Weaver and Zoe Jay Hawkins from the Tech Policy Design Institute in Canberra? In this episode we talk about how Australia as a middle power can participate in global tech policy. We chat about AI slop, the battle between Anthropic and the Pentagon, the digital duty of care, and of course the social media age restrictions. Just look for The 9pm Edict in your podcast app.

Also in the news

• The government announced a new agreement on AI collaboration with Microsoft, with the company to invest $25 billion over the next four years to “strengthen Australia’s AI-enabled economy and train three million Australian workers”. Here’s the full Memorandum of Understanding.

• Plans are being hatched for a Australia’s biggest AI data centre in the Kimberley region of Western Australia.

• Australia’s financial regulators, the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) are both going to be keeping a close eye on Mythos, Anthropic’s AI tool for discovering cybersecurity vulnerabilities. Why? Because banks are worried. See below for three more stories about Mythos.

• The ACCC has been granted leave by the Federal Court to intervene in the Epic Games, Inc v Apple Inc proceedings. The court found last year that Apple misused its market power by restricting the use of alternative app distribution and in-app payment methods on Apple devices.

• From The Mandarin, news that the Digital Transformation Agency’s Lucy Poole has voiced an urgent need for public servants to scrutinise their new tools, calling out “low‑effort” AI.

• The Reserve Bank of Australia (RBA) 2025 Consumer Payments Survey (PDF) shows that cash use has stabilised in recent years. “In 2025, around 15% of payments were made in cash and around half of Australians used cash in a typical week. People from all demographic groups regularly used cash, but older Australians and lower income households tended to use cash somewhat more often than others,” the RBA writes. Click through for some informative graphs.

• Using AI large language models (LLMs) for content moderation may be prone to subtle biases that undermine their neutrality, according to new research from the University of Queensland.

• Nurses claim that some Royal Darwin Hospital staff use ChatGPT to calculate medication doses, which I’m sure is just fine.

• The eSafety Commissioner is now asking the gaming giants what they are doing to prevent grooming and radicalisation, giving legally enforceable transparency notices to Roblox, Minecraft, Fortnite, and Steam.

• Telstra, Optus, and TPG all say the government’s new universal obligation for mobile operators (UOMO) is built on unrealistic expectations of the satellite-to-mobile technology it would need to work.

• The Office of the Australian Information Commissioner (OAIC) and the eSafety Commissioner have reached an agreement on sharing information when conducting their investigations.

• Apparently it’s time to upgrade Australia’s research supercomputers.

PLEASE SUPPORT THIS NEWSLETTER: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip, or just forwarded it to others who might be interested. Thank you to those of you who’ve already done so.

Elsewhere

• UK representatives from Meta, Roblox, and TikTok have told a parliamentary inquiry that their platforms are not “addictive by nature”, and that a teen social media ban would be unenforceable.

• So last week we wrote about the EU’s new age assurance app. Well, this week we can report that it can be hacked in two minutes. Oops.

• A Dutch navy frigate’s location could be followed after mailing it a €5 Bluetooth tracker. Oops.

• Data analysis company Palantir has posted a manifesto which Countercurrents describes as an “explicit manifesto of digital fascism”.

• Anthropic’s super-SEKRIT hacking AI Mythos has seen a “handful” of people allegedly gain unauthorised access. The company says the attackers deployed “methods used by cybersecurity researchers”, which is an interesting new euphemism for “we were hacked”. It’s a wonder they didn't say that the methods were “sophisticated”. The attackers say they started by guessing where the AI model was hosted based on Anthropic’s naming conventions for their systems.

• Microsoft will be integrating Mythos into its security development program.

• Meanwhile The Register reckons that Mythos is a bit of a nothingburger.

• US prosecutors are investigating whether ChatGPT aided or abetted in a fatal shooting at Florida State University last year in which two people were killed and another six injured.

• A former FBI official has called for ransomware groups that target hospitals and critical infrastructure to be designated as terrorists.

• A US federal court has ruled that the Trump administration violated the First Amendment by pressuring Facebook and Apple to remove ICE-tracking apps.

• The Observer takes a look at Elon Musk’s Tesla Diner in Los Angeles. Grim.

• At The Verge, reporter Elizabeth Lopatto argues that Silicon Valley has forgotten what normal people want (gift link).

• For example, what even is this? Gudtrip is “not just a vape. A connected earning device. Gudtrip combines premium cannabis, blockchain rewards, and AI-powered asset tools in one product.” Here’s their website.

Inquiries of note

• Treasury has released an exposure draft of the Cash Distribution Framework Bill 2026, which “gives regulators new powers to help ensure people can continue to access cash across the country”. Submissions close 13 May.

What’s next?

Parliament is on break until Tuesday 12 May, when it’s Budget Night. That’s 18 days away, but I’ll be watching out for public hearings for the various inquiries under way. And for relevant Budget leaks.

DOES SOMETHING IN THE EMAIL LOOK WRONG? Let me know. If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.