#FactCheck - Old Video of Khamenei Manipulated With AI Voice, Viral Claim Misleading

Introduction
‍

In April 2026, a class action suit in a federal court in California rejuvenated one of the most basic assertions in digital communication: that private messages are private. The suit claims that Meta Platforms, its subsidiary WhatsApp, and third-party contractors such as Accenture could have accessed user messages even though it had long promised end-to-end encryption.

This case is not merely about a single company or a single platform. It poses more profound questions regarding the definition, communication and regulation of privacy in an age when digital infrastructure is becoming more and more incomprehensible or unprovable to regular users.
‍

What the Lawsuit Actually Says
‍

The suit was filed by plaintiffs Brian Y. Shirazi and Nida Samson, who alleged that WhatsApp, Meta and contractors had intercepted and shared private messages with third parties without their consent. The complaint states that the federal investigators were notified by the whistleblowers that employees of Meta and external contractors had access to the content of WhatsApp messages that were expected to be encrypted and inaccessible.

This directly puts into question the main privacy promise of WhatsApp. The platform has been promoting itself as an end-to-end encrypted service in which not even WhatsApp can read your messages. The case asserts that this assertion was deceptive in its application and that no one ever gave any consent prior to their messages being intercepted, stored, or read.

The plaintiffs are proposing to represent a nationwide class of users of WhatsApp who sent or received messages between April 5, 2016, and the current time and subclasses in California and Pennsylvania. The claims involve breach of contract, California laws on privacy and data violations, false advertising and the Pennsylvania Wiretapping and Electronic Surveillance Act.

It should be mentioned that they are allegations. Similar assertions have been refuted by Metacomet in the past, with the company asserting that its encryption frameworks ensure that the company cannot access the messages. The case is in progress, and no facts have been found.
‍

The Grey Area No One Talks About
‍

In order to see the significance of this lawsuit outside the court, it is useful to consider the way modern messaging platforms actually work. In principle, end-to-end encryption means that only the sender and receiver can decipher a message. Even the service provider should not be able to access the content.

However, there is a grey space that is seldom publicly discussed: content moderation. User reports, metadata analysis or restricted message review processes are common methods used by platforms to identify harmful content, like fraud, child exploitation, or spam. The complaint indicates that such moderation procedures might have opened avenues to the content of messages to human reviewers or automated systems more than users were made to think.

This is not the first time that privacy and safety are at odds. Many jurisdictions have also advocated access to encrypted communications through legal means in the name of national security or criminal investigations. What this suit does is put that tension into even more stark relief by asking whether platforms are really open with users about these trade-offs.
‍

The Consent Problem

‍

The emphasis on consent is one of the most significant implications of this case. The plaintiffs claim that the users were never warned that their messages would be accessed by the employees or third parties and were never provided with any meaningful option on the same.

This is where the case turns into a data governance issue, rather than a legal one. Most data protection models consider the legality of data processing to be based on whether the users know how their data is being processed or not. When the accusations are found to be true, then the matter is not technical. It would be a contractual and ethical failure, a disjuncture between what platforms promise and what they do.

The implications are huge to the billions of users who use WhatsApp to communicate, both personally and professionally, and even politically.

‍

What This Means Going Forward

‍

An effective attack on the encryption assertions of WhatsApp might have actual implications for the rest of the digital ecosystem. Users might start doubting that any platform can be really considered to guarantee privacy. The regulators can advocate more stringent disclosure policies and compulsory independent audits of encryption systems. Social networks might have to re-architect their moderation frameworks to make sure that safety features do not silently compromise privacy guarantees that they claim.

Meanwhile, there is a real policy dilemma in this case that cannot be disregarded. Complete privacy may preclude the capacity to identify abuse or hateful material. The manner in which that balance is achieved and, more to the point, the manner in which it is made transparent to users is an issue that has yet to be addressed by policymakers, civil society and the tech industry.

Other technical experts have also questioned the plausibility of the claims in the lawsuit at scale, noting that it would be an extraordinary undertaking to systematically bypass end-to-end encryption. This further supports the argument of independent verification mechanisms. The problem is that users should not be forced to decide what they should believe in more: corporate guarantees or legal charges. There must be rules that can be enforced which are above the two.

‍

Conclusion: Beyond One Lawsuit
‍

The WhatsApp class action is eventually concerning a structural issue within the digital economy. Users are expected to have faith in systems that they cannot observe, on the assertions that they cannot test themselves.

This case is a warning, regardless of whether the allegations are proved or not. Privacy cannot be based on marketing language. It needs legally binding norms, actual transparency in the treatment of data, and external control that will provide users with something more to hang on than a tagline.

‍

References
‍

• https://www.bitdefender.com/en-us/blog/hotforsecurity/lawsuit-claims-meta-can-access-whatsapp-messages-despite-end-to-end-encryption-2
• https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/
• https://www.bloomberg.com/news/articles/2026-01-25/lawsuit-claims-meta-can-see-whatsapp-chats-in-breach-of-privacy
• https://www.classaction.org/blog/despite-privacy-promises-meta-third-parties-read-and-store-whatsapp-messages-class-action-lawsuit-alleges

‍

Introduction

The hospitality industry is noted to be one of the industries most influenced by technology. Hotels, restaurants, and travel services are increasingly reliant on digital technologies to automate core operations and customer interactions. The shift to electronic modes of conducting business has made the industry a popular target for cyber threats. In light of increasing cyber threats, safeguarding personal and sensitive personal data on the part of the hospitality industry becomes significant not only from a customer standpoint but also from an organisational and legal perspective.

Role of cybersecurity in the hospitality industry

A hospitality industry-based entity (“HI entity”) deploys several technologies not only to automate operations but to also deliver excellent customer experiences. Technologies such as IoTs that enable smart controls in rooms, Point-of-Sale systems that manage reservations, Call Accounting Systems that track and record customer calls, keyless entry systems, and mobile apps that facilitate easy booking and service requests are popularly used in addition to operative technologies such as Property Management Systems, Hotel Accounting Systems, Local Area Networks (LAN).{1} These technologies collect vast volumes of data daily due to the nature of operations. Such data necessarily includes personal information such as names, addresses, phone numbers, email IDs etc. and sensitive information such as gender, bank account and payment details, health information pertaining to food allergens etc. Resultantly, the breach and loss of such critical data impacts customer trust and loyalty and in turn, their retention within the business. Lack of adequate cybersecurity measures also impacts the reputation and goodwill of an HI entity since customers are more likely to opt for establishments that prioritise the protection of their data. In 2022, cybercriminals syphoned 20GB of internal documents and customer data from Marriott Hotels, which included credit card information and staff information such as wage data, corporate card number and even a personnel assessment file. A much larger breach was seen in 2018, where 383 million booking records and 5.3 million unencrypted passport numbers were stolen from Marriott’s servers.{2}

Cybersecurity is also central to safeguarding trade secrets and key confidential trade information. An estimate of US $6 trillion per year on average amounts to losses generated from cybercrimes.{3} The figure, however, does not include the cost of breach, expenses related to incident response, legal fees, regulatory fines etc which may be significantly higher for a HI entity when loss of potential profits is factored in.

Cybersecurity is also central from a legal standpoint. Legal provisions in various jurisdictions mandate the protection of guest data. In India, the Digital Personal Data Protection Act 2023, imposes a penalty of up to Rs. 50 Crores on a breach in observing obligations to take reasonable security safeguards to prevent personal data breach.{4} Similarly, the General Data Protection Regulation (GDPR) of the European Union also has guidelines for protecting personal data. Several other industry-specific rules, such as those pertaining to consumer protection,  may also be applicable.

Breaches and Mitigation

There are several kinds of cyber security threats faced by an HI entity. “Fake Booking” is a popular method of cyber attack, whereby attackers build and design a website that is modelled exactly after the hotel’s legitimate website. Many customers end up using such malicious phishing websites thereby exposing their personal and sensitive personal data to threats. Additionally, the provision of free wifi within hotel premises, usually accessible freely to the public, implies that a malicious actor may introduce viruses and updates bearing malware. Other common cyber threats include denial of service (DoS) attacks, supply chain attacks, ransomware threats, SQL injection attacks (a type of attack where malicious code is inserted into a database to manipulate data and gain access to information), buffer overflow or buffer overrun (when the amount of data exceeds its storage capacity, implying that the excess data overflows into other memory locations and corrupt or overwrites data in those locations). 

One of the best ways to manage data breaches is to leverage newer technologies that operate on a “privacy by design” model. An HI entity must deploy web application firewalls (WAF) that differ from regular firewalls since they can filter the content of specific web applications and prevent cyber attacks. Another method to safeguard data is by deploying a digital certificate which binds a message/instruction to the owner/generator of the message. This is useful in preventing any false claims fraud by customers. Digital certificates may be deployed on distributed ledger technologies such as blockchain, that are noted for their immutability, transparency and security. Self-sovereign identities or Identifiers (SSI) are also a security use-concept of blockchain whereby individuals own and control their personal data, thereby eliminating reliance on central authorities.{5} In the hospitality industry, SSIs enhance cybersecurity by securely storing identity-related information on a decentralised network, thereby reducing the risk of data breaches. Users can selectively share their information, ensuring privacy and minimising data exposure. This approach not only protects guests' personal details but also streamlines authentication processes, making interactions safer and more efficient.

From a less technical standpoint, cybersecurity insurance may be opted for by a hotel to secure themselves and customer information against breach. Through such insurance, a hotel may cover the liability that arises from breaches caused by both first- and third-party actions.{6} Additionally, Payment Cards Industry Data Security Standards should be adhered to, since these standards ensure that businesses should apply best practices when processing credit card data through optimised security. Employee training and upskilling in basic, practical cybersecurity measures and good practices is also a critical component of a comprehensive cybersecurity strategy.

References:

• [1]  The Growing Importance of Cybersecurity in the Hospitality Industry”, Alfatec, 11 September 2023 https://www.alfatec.ai/academy/resource-library/the-growing-importance-of-cybersecurity-in-the-hospitality-industry
• [2]  Vigliarolo, Brandon, “Marriott Hotels admit to third data breach in 4 years”, 6 July 2022 https://www.theregister.com/2022/07/06/marriott_hotels_suffer_yet_another/#:~:text=In%20the%20case%20of%20the,of%20an%20individual%20organization%20ever. 

• [3] Shabani, Neda & Munir, Arslan. (2020). A Review of Cyber Security Issues in the Hospitality Industry. 10.1007/978-3-030-52243-8_35. https://www.researchgate.net/publication/342683038_A_Review_of_Cyber_Security_Issues_in_Hospitality_Industry/citation/download    
• [4] The Digital Personal Data Protection Act 2023 https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• [5]  “What is self-sovereign identity?”, Sovrin, 6 December 2018 https://sovrin.org/faq/what-is-self-sovereign-identity/ 
• [6] Yasar, Kinza, “Cyber Insurance”, Tech Target https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance 

Introduction

The Kumbh Mela is known worldwide as India's most significant pilgrimage and has earned a place on the UNESCO Intangible Cultural Heritage of Humanity list in 2017.  This year, the Maha Kumbh will be held in Prayagraj, Uttar Pradesh, with 40 crore devotees from all over the world expected to attend this momentous event from January 13th  to 26th February 2025. As the world embraces the blessings of digitalisation, people are increasingly relying on the Internet for arranging their travel, booking rooms, and securing accommodations for this grand spiritual journey. 

However, amidst this digital age, where the conveniences offered are manifold, there also lurks the shadow of deceit. Cybercriminals are finding innovative ways to entrap innocent individuals. Fraudulent activities are on the rise, with wrongdoers operating fake websites that promise secure bookings for cottages, tents, and other accommodations for the Mahakumbh event. Like the deceptive mirage that the desert traveller may mistakenly believe to be an oasis, these malicious sites lure pilgrims with the false hope of easy arrangements, only to exploit their trust and commit malicious cyber fraudulent activities. 

Policy and Preventive Measures Taken by Government

This year, the government has taken steps to utilise digitalisation services to enhance the experience of devotees, blending innovation with tradition. However, considering the rise in cyber scams, a dedicated cyber police station has also been established at Maha Kumbh 2025 to address threats such as the misuse of AI, the dark web, and social media platforms. This initiative aims to protect devotees from potential scams.

To strengthen safety measures, a special team of selected officers from across the state has been deployed in Mahakumbh Nagar, Prayagraj, to provide cybersecurity and ensure the safety of pilgrims. A dedicated cyber police station or digital police station will ensure round-the-clock monitoring of cyberspace.

‍

The cybersecurity team has already identified 44 suspicious websites and initiated action against them. To further safeguard devotees attending Maha Kumbh 2025, a large-scale awareness campaign is being conducted to educate users about potential cyber threats.

The Role of Digital Discipline in Navigating the Uncharted Waters of the Internet

As the Yajurveda (ancient Vedic scriptures of Hinduism) reminds us ‘सत्यं चानृतं च सत्यं अभवत्, यदेतत् तपसा तप्यताम्।’. This learning translates into English as "Truth and falsehood are both present, yet truth is purified through intense discipline”. The Mahakumbh is a confluence not just of rivers but of faith and humanity's eternal quest for truth (Satyam). In the digital age, this vigilance extends to protecting ourselves from cyber frauds and scams that exploit the sanctity of occasions like the Mahakumbh. Just as devotees seek purity through holy rituals, we must also embrace Digital Discipline to navigate the confluence of tradition and technology safely.

Here are some Digital Discipline best practices you must follow:

• Be cautious of fake websites, fraudulent travel agencies, and scam bookings. Always verify legitimacy before engaging in any  transactions.  
• Stay alert for fake donation requests and only contribute to verified organizations.
• Be aware of any mis/disinformation and implausible claims surrounding the Mahakumbh event and verify it from authenticated sources. The official website of Mahakumbh is https://kumbh.gov.in.
• To report any cybercrime or issue, you can report it on the National Cyber Crime Reporting Portal at https://cybercrime.gov.in/, equipped with a 24x7 helpline 1930 that serves as a powerful resource available to the victims of cybercrimes to report their cases.

Conclusion

Netizens worldwide must prioritise Digital Discipline to ensure they are safeguarded from the snares of these cyber miscreants, so that they may safely and joyfully embark on their journey to the Maha Kumbh and receive divine blessings and purity of purpose through the experience.

References

• https://www.deccanherald.com/india/uttar-pradesh/up-police-gets-on-its-toes-to-ensure-cyber-safe-maha-kumbh-3335911
• https://www.hindustantimes.com/cities/others/four-cyber-crooks-held-for-operating-fake-booking-websites-101735326388201.html
• https://www.indiatvnews.com/uttar-pradesh/maha-kumbh-2025-cyber-police-station-set-up-in-prayagraj-to-safeguard-devotees-from-online-frauds-in-city-preparation-security-other-details-2024-12-11-965745
• https://organiser.org/2024/12/12/268915/bharat/mahakumbh-2025-cyber-police-station-set-up-to-protect-devotees-from-ai-and-social-media-scammers/
• https://www.ptinews.com/story/national/maha-kumbh-56-cyber-warriors-deployed-to-safeguard-devotees-against-online-scams/2135062