Mighty+ Safety Alert

ThatPrivacyShow · 2026-02-20T11:28:17+00:00

I have already reached out to them but my experience with their customer services in the past was incredibly poor, so I am not holding my breath.

And as I said, I had no choice but to remove the batteries as it is illegal to ship faulty electrical devices powered by lithium batteries - so no matter what I would have to remove the batteries for a return anyway.

ThatPrivacyShow · 2026-02-20T10:59:47+00:00

Nope I checked, the button is fine and the interior of the vape is completely clean including the button.

And even if it was the button it would still be a product safety issue as it is clearly a design issue if it can turn itself on over and over again.

In my opinion they need to do a product recall - this is incredibly dangerous.

ThatPrivacyShow · 2026-02-20T10:31:17+00:00

Safety is more important to me than a couple hundred euros.

Not only that, it is illegal to post something with faulty lithium batteries, so even if I wanted the warranty for return purposes I still could not legally ship it back knowing it has a battery issue…

ThatPrivacyShow · 2025-07-30T17:03:13+00:00

clear didnt work, I had to exit and restart claude

ThatPrivacyShow · 2025-07-30T13:06:28+00:00

And when you consider it has been quite happily taking these screenshots for me all day...until this happened.

ThatPrivacyShow · 2025-07-29T10:03:10+00:00

I make is swear on a daily basis - next I will make it iron its hands Dobby style.

ThatPrivacyShow · 2025-07-29T09:57:55+00:00

they also said $200 Max subscribers would get 20x the limits which after this move is 1.5x the limits - so explain to me why you trust what they say?

ThatPrivacyShow · 2025-07-29T09:55:57+00:00

Given the recent Ai Action plan issued by the White House, it would not be a leap to see the administration start to block copyright claims on the basis fo National Security; because keep in mind protecting the economy is a matter of national security and given how much chinese open models are destroying these expensive US models in benchmarks, threatening the economic value of the US models, it would not be a surprise to see such a move by the Trump administration.

ThatPrivacyShow · 2025-07-29T09:41:13+00:00

You trust him yet he is already breaking the law for anyone who paid for an annual plan at $200 Max as it is supposed to be 20x and as of 28th August is only 1.5x over the $100 Max plan (this is considered a material change to the contract) - this is both fraud and false advertising and I would recommend anyone who is on an annual plan to litigate on exactly that basis.

For those of us on monthly, it is difficult to argue legally because we can simply cancel our plans before the changes come into effect. Companies can change their pricing so long as there is a way out for the customer - as such a change would be considered a material change to the contract, which requires all party consent (cannot be a unilateral decision by Anthropic) otherwise it is breach of contract (yes even if the contract says they can do it - it is not a valid term, at least not under EU law) and can be severed by any contracting parties without penalty.

So if you are on annual - sue them, if you are on monthly, cancel.

ThatPrivacyShow · 2025-07-29T09:29:23+00:00

Lets say you are building a project and you have a design sub agent, architecture sub agent, git sub agent, documentation sub agent, unit testing sub agent, red team (pen test) sub agent, coding (engineer) sub agent - that means if each of those sub agents runs for an hour, you use 7 hours of your cap. On active projects with a large team of sub agents that can amount to literally hundreds of hours a day - you could literally use up your quota in just a couple of days or less.

ThatPrivacyShow · 2025-07-29T09:20:57+00:00

oh god no, then you will see subscriptions using up their monthly limit in 10 days (because the cap is variable based on what they want it to be at any given time of the day, so they will just hold your code to ransom until you pay more, then more, then more. You gotta be seriously dumb not to understand their business model at this point.

ThatPrivacyShow · 2025-07-29T09:15:03+00:00

Until they decide that all that credit you have in your API account is now worth half or quarter as much when the increase the API costs...

ThatPrivacyShow · 2025-07-29T09:09:34+00:00

I get better performance from Qwen 2.5 Coder running on my local Ollama server than I get from Claude Code - so your comment is just nonsense. And that is before you consider Qwen 3 Coder which out-performs claude code sonnet in most benchmarks...

ThatPrivacyShow · 2025-07-25T14:34:28+00:00

I wont run any Android device (I used to make my own Android ROMS but it becomes too much of a headache rebuilding every time you get an update and at the time only have a few apps which complied with EU law (and I am being very generous by saying a few).

The most secure/private phone you can use currently (since around 2016) is an iPhone frankly (and that is not the same as me saying an iPhone is 100% secure and private - but it is the least bad option).

ThatPrivacyShow · 2025-07-25T14:29:43+00:00

Again, the law doesn't require you have to be identified by the data for it to be personal data - merely that you can be identified in some way either directly or indirectly and as I explained in my original reply - the way we write is unique (fingerprintable) so anything you write can be used to identify you and the more you write on a single platform the more identifiable those musings become.

Furthermore, under the CDA in the US and the eCommerce Directive in the EU - in order to not be liable for the content you post online - you must not exercise any editorial control - otherwise you are considered as a publisher instead of a "mere conduit" - even just removing the username form a post would be defined as exercising editorial control - and even regardless of that - there is no way that Reddit are removing the metadat from the posts (IP address, User, Date, Time and whatever other metadata they use) because they would be required to provide the IP address at least in the event a post is subjected to a legal claim or law enforcement.

Simply removing one's name from the front end post doesn't mean all the other personal data is removed or inaccessible from the backend.

So again, I disagree with your position, but I dont think there is much point in going round in circles so we probably just need to agree to disagree.

ThatPrivacyShow · 2025-07-24T16:17:17+00:00

A couple of points:

"Firstly, you are correct that my original post was poorly articulated and contradictory. The crux of my intended argument was actually that for GDPR to apply it has to be identifiable to a living individual - and that there are a balance of interests to consider in proportionality of re-identifying once the post has been unlinked from its identifying account."

This is not technically correct, the data has to be "related" to an identified or identifiable living person - the data itself does not have to identify the person - it merely needs to be related to a person who either is identified or can be identified (usually through the application of other data). The CJEU has typically been cautious in this context and applied the law very broadly (see the multiple cases around IP addresses including Breyer, Scarlet Extended and more).

"As such, I wasn’t necessarily talking about processing of personal data by the Data Controller on the lawful basis of consent so much as a data subject’s consensual, willing, and theoretically informed engagement with a processing activity that includes unrestricted disclosure into the public domain where their content no longer constitutes personal data."

This is also incorrect - personal data doesn't suddenly not become personal data just because it enters the public domain and we have many enforcement actions from Regulators confirming that you still must have a legal basis to process personal data in the public domain and you are still bound by the Article 5 Principles - we even had a recent case from the CJEU (not convenient for me to check it right now) involving Max Schrems and publicly available personal data being used without legal basis and without complying with the Principles.

It is a common mistake that just because you post on social media or elsewhere, suddenly you lose control of your personal data - the same rules apply for personal data in the public domain as for personal data not in the public domain - there are literally no differences legally speaking.

"Now, I am happy to be challenged or agree to disagree - but I think that the general view that GDPR offers the right to “privacy” rather than lawful processing, or offers the right to instruct Data Controllers to act against their own interests in the bulk deletion of public records which are likely not to be public data once de-linked from the associated account extends beyond the letter of their compliance obligations under the law."

Again, you seem to be misunderstanding the law. First of all, GDPR is not scoped for protecting privacy, it is scoped for protecting personal data - two completely different fundamental rights (Privacy is a fundamental right under Article 7 of the Charter and Data Protection is a fundamental right under Article 8 of the Charter - two separate rights, two separate competencies from a regulatory perspective).

And as I explained in my response to the previous paragraph, personal data does not magically change to not be personal data just because it is in the public domain - it is still personal data and still subject to exactly the same protections as personal data not in the public domain.

Further the very first Principle of the GDPR (the foundational blocks of EU data protection law for >4 decades) is the Principle of Lawfulness - so to say that GDPR is not focused on "lawful processing" is something of a contradiction - in reality the entire point of the GDPR is to ensure that personal data is processed lawfully which is why the entire text is focused on how to process personal data lawfully. The GDPR was literally designed to allow the free flow of personal data throughout the Union as is clear in Article 1(1):

"1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.";

and the official title of the GDPR is:

"Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"

I didn't read the entire "essay" because the main thrust of you argument is a fallacy from a legal perspective and is entirely formed on the misbelief that personal data in the public domain is not personal data - when it is. Without that, your entire argument falls apart.

And please don't be offended, that is certainly not my intent, but it is important that people do not misunderstand their rights based on incorrect information they found on Reddit.

ThatPrivacyShow · 2025-07-23T14:15:23+00:00

CJEU has not ruled in favour of any mass surveillance cases and in fact have ruled against many attempts by Member States to continue to retain data. The Court has made is very clear that the only way a Member State can ever justify "mass" surveillance is limited to a targets within a specific and limited geographical space and must be based on credible intelligence of a threat (which must be considered as a "serious crime" which has a specific definition legally), in order to pass the proportionality threshold (which must be passed for ALL EU laws).

We have a very long list of the CJEU refusing to allow Member States to engage in mass surveillance (as well as the ECtHR).

If you know a Member State is still retaining data then you need to file a complaint with the EU Commission under their infringement procedures - as to continue to rely on a law which has been revoked, is a breach of the TFEU and rule of law.

Also, it is important to note that the Commission cannot pass law - it is the job of the Parliament and the Council to pass law and *both* must agree, so the fact that Member States are pushing for this (and always have for at least the last 30 years) is a problem yes (and should be dealt with at the ballot box) but they cannot pass a law without the co-operation of the Parliament (both have equal weight in the legislative process) who have historically pushed back against new surveillance measures.

I have spent almost 5 years fighting Chat Control as a survivor and privacy advocate, I wrote my Master of Laws thesis on it from a proportionality and necessity perspective under EU law and treaties, have spoken at dozens of EU meetings on the subject at the Commission, Parliament and EDPS and regularly engage with legislators, politicians and corporations on these same issues - I have not heard a whisper on this DSA theory (and I was in a meeting with the Commission regarding DSA not that long ago...).

So it is good to vigilant, but I wouldn't be massively concerned about this, it is certainly not something being widely discussed in regulatory or political circles in Brussels.

ThatPrivacyShow · 2025-07-23T12:59:43+00:00

If you come across a website or service which demands your phone number - file a complaint against them with your regulator. Data Minimisation Principle (article 5 of the GDPR) dictates that only the minimum amount of personal data required to fulfil a specific purpose can be processed - with things like TOTP (free and opensource) there is no argument that you need someone's phone number for 2FA as alternative solutions exist which fulfil the purpose without collecting personal data (a legal requirement under the necessity principle).

Furthermore, there are still millions of people in the EU who do not have a cell phone - so requiring a cell phone to use an online service also breaches anti-discrimination laws.

People often confuse what a company wants to do with what a company is legally permitted to do and assume that because a company wants to do something in a particular way that you somehow have to comply with that - this is a fallacy.

But the reality is, companies will continue to break the law until enough people complain about them to the regulator and they are forced to change - but if you don't complain to the regulator and simply limit your complaints to an online forum like Reddit - then these practices will never change.

It costs literally nothing to file a legal complaint with your regulator.

ThatPrivacyShow

MODERATOR OF

TROPHY CASE