#FactCheck- Viral Kapil Mishra Video on 50% Attendance Not Recent

Introduction

Snapchat's Snap Map redefined location sharing with an ultra-personalised feature that allows users to track where they and their friends are, discover hotspots, and even explore events worldwide. In November 2024, Snapchat introduced a new addition to its Family Center, aiming to bolster teen safety. This update enables parents to request and share live locations with their teens, set alerts for specific locations, and monitor who their child shares their location with.

While designed with keeping safety in mind, such tracking tools raise significant privacy concerns. Misusing these features could expose teens to potential harm, amplifying the debate around safeguarding children’s online privacy. This blog delves into the privacy and safety challenges Snap Map poses under existing data protection laws, highlighting critical gaps and potential risks.

Understanding Snapmap: How It Works and Why It’s Controversial

Snap Map, built on technology from Snap's acquisition of social mapping startup Zenly, revolutionises real-time location sharing by letting users track friends, send messages, and explore the world through an interactive map. With over 350 million active users by Q4 2023, and India leading with 202.51 million Snapchat users, Snap Map has become a global phenomenon.

This opt-in feature allows users to customise their location-sharing settings, offering modes like "Ghost Mode" for privacy, sharing with all friends, or selectively with specific contacts. However, location updates occur only when the app is in use, adding a layer of complexity to privacy management.

While empowering users to connect and share, Snap Map’s location-sharing capabilities raise serious concerns. Unintentional sharing or misuse of this tool could expose users—especially teens—to risks like stalking or predatory behaviour. As Snap Map becomes increasingly popular, ensuring its safe use and addressing its potential for harm remains a critical challenge for users and regulators.

The Policy Vacuum: Protecting Children’s Data Privacy

Given the potential misuse of location-sharing features, evaluating the existing regulatory frameworks for protecting children's geolocation privacy is important. Geolocation features remain under-regulated in many jurisdictions, creating opportunities for misuse, such as stalking or unauthorised surveillance. Presently, multiple international and national jurisdictions are in the process of creating and implementing privacy laws. The most notable examples are the COPPA in the US, GDPR in the EU and the DPDP Act which have made considerable progress in privacy for children and their online safety. COPPA and GDPR prioritise children’s online safety through strict data protections, consent requirements, and limits on profiling. India’s DPDP Act, 2023, prohibits behavioral tracking and targeted ads for children, enhancing privacy. However, it lacks safeguards against geolocation tracking, leaving a critical gap in protecting children from risks posed by location-based features.

Balancing Innovation and Privacy: The Role of Social Media Platforms

Privacy is an essential element that needs to be safeguarded and this is specifically important for children as they are vulnerable to harm they cannot always foresee. Social media companies must uphold their responsibility to create platforms that do not become a breeding ground for offences against children. Some of the challenges that platforms face in implementing a safe online environment are robust parental control and consent mechanisms to ensure parents are informed about their children’s online presence and options to opt out of services that they feel are not safe for their children. Platforms need to maintain a level of privacy that allows users to know what data is collected by the platform, sharing and retention data policies. 

Policy Recommendations: Addressing the Gaps

Some of the recommendations for addressing the gaps in the safety of minors are as follows:

• Enhancing privacy and safety for minors by taking measures such as mandatory geolocation restrictions for underage users.
• Integrating clear consent guidelines for data protection for users. 
• Collaboration between stakeholders such as government, social media platforms, and civil society is necessary to create awareness about location-sharing risks among parents and children. 

Conclusion

Safeguarding privacy, especially of children, with the introduction of real-time geolocation tools like Snap Map, is critical. While these features offer safety benefits, they also present the danger of misuse, potentially harming vulnerable teens. Policymakers must urgently update data protection laws and incorporate child-specific safeguards, particularly around geolocation tracking. Strengthening regulations and enhancing parental controls are essential to protect young users. However, this must be done without stifling technological innovation. A balanced approach is needed, where safety is prioritised, but innovation can still thrive. Through collaboration between governments, social media platforms, and civil society, we can create a digital environment that ensures safety and progress.

References

• https://indianexpress.com/article/technology/tech-news-technology/snapchat-family-center-real-time-location-sharing-travel-notifications-9669270/
• https://economictimes.indiatimes.com/tech/technology/snapchat-unveils-location-sharing-features-to-safeguard-teen-users/articleshow/115297065.cms?from=mdr
• https://www.thehindu.com/sci-tech/technology/snapchat-adds-more-location-safety-features-for-teens/article68871301.ece 
• https://www.moneycontrol.com/technology/snapchat-expands-parental-control-with-location-tracking-to-make-it-easier-for-parents-to-track-their-kids-article-12868336.html ‍
• https://www.statista.com/statistics/545967/snapchat-app-dau/

Introduction

Web applications are essential in various sectors, including online shopping, social networks, banking, and healthcare systems. However, they also pose numerous security threats, including Cross-Site Scripting (XSS), a client-side code injection vulnerability. XSS attacks exploit the trust relationship between users and websites, allowing them to change web content, steal private information, hijack sessions, and gain full control of user accounts without breaking into the core server. This vulnerability is part of the OWASP Top 10 Web Application Security Risks.

‍

What is Cross-Site Scripting (XSS)?

An XSS attack occurs when an attacker injects client-side scripts into web pages viewed by other users. When users visit the affected pages, their browsers naively execute the inserted scripts. The exploit takes advantage of web applications that allow users to submit content without properly sanitising inputs or encoding outputs. These scripts can cause a wide range of damage, including but not limited to stealing session cookies for session hijacking, redirecting users to malicious sites, logging keystrokes to capture credentials, and altering the DOM to display fake or phishing content.

‍

How Does XSS Work?

1. Injection: A malicious user submits code through a website input, like a comment or form.
2. Execution: The submitted code runs automatically in the browsers of other users who view the page.
3. Exploitation:The attacker can steal session information, capture credentials, redirect users, or modify the page content.

The fundamental cause behind the XSS vulnerabilities is the application of:

• Accepting trusted input from the users.  
• After users' input, web pages have the strings embedded without any sanitisation.  
• Not abiding by security policies like Content Security Policy (CSP).  

With such vulnerabilities, attackers can generate malicious payloads like:  <script>alert('XSS');</script>  

‍

This code might seem simple, but its execution provides the attacker with the possibility to do the following:  

• Copy session tokens through hidden HTTP requests.  
• From attacker-controlled domains, load attacker scripts.  
• Change the DOM structure to show fake login forms for phishing.

‍

Types of XSS Attacks: XSS (Cross-Site Scripting) attacks can occur in three main variations: 

1. Stored XSS: This type of attack occurs when an attacker injects an administered payload into the database or a message board. The script then runs whenever a user visits the affected board.
2. Reflected XSS: In this attack, the danger lies in a parameter of the URL. Its social engineering techniques are attacks, in which it requires tricking people to click on a specially designed link. For example:
3. DOM-Based XSS: This technique injects anything harmful without the need for server-side scripts, in contrast to other approaches. It targets JavaScript client-side scripts such as `document.write` and `innerHTML`. Without carrying out any safety checks, these scripts will alter the page's look (DOM stands for Document Object Model). If the hash is given a malicious string, it is run directly within the browser.

‍

What Makes XSS a Threat?  

‍

A Cross-Site Scripting attack is only a primary attack vector, and can lead to significant damage that includes the following: 

• Statement Hijacking. This uses scripts to steal cookies, which are then used to pose as authorized users.  
• Theft of Credentials. Users’ passwords and usernames are wrenched from keystroke trackers.  
• Phishing. Users are prompted with deceitful login forms that are used to capture sensitive details.  
• Website Vandalism. Modified website material lowers the esteem of the brand.  
• Monetary and Legal Consequences. There are compounding effects to GDPR and DPDP Act compliance in case of Data breaches, which incur penalties and fines.  ‍

‍

Incidents in the Real World  

In 2021, an XSS Stored attack occurred on a famous e-commerce platform eBay, through their product review system. The malicious JavaScript code was set to trigger every time an infected product page was accessed by customers. This caused a lot of problems, including account takeovers, unauthorised purchases, and damage to the company’s reputation. This example further worsens the fact that even reputed platforms can be targeted by XSS attacks.

‍‍

How to Prevent XSS?

Addressing XSS vulnerabilities demands attention to detail and coordinated efforts across functions, as illustrated in the steps below:

 Input Validation and Output Encoding:

• Ensure input validation is in place on the client and server.
• Perform output encoding relative to context: HTML: <, >, &.
• JavaScript: Escape quotes and slashes

Content Security Policy (CSP): CSP allows scripts to be executed only from the verified sources, which helps diminish the odds of harmful scripts running on your website. For example, the Header in the code could look to some degree like this: Content-Security-Policy: script-src 'self';

Unsafe APIs should be dodged: Avoid the use of document.write(), innerHTML, and eval(), and make sure to use:

• TextContent for inserting text.
• CreateElement() and other DOM creation methods for structured content.

Secure Cookies: Apply the HttpOnly and Secure cookie flags to block JavaScript access. 

Framework Protections: Use the protective features in frameworks such as:

• React, which escapes data embedded in JSX automatically.
• Angular, which uses context-aware sanitisation.

Periodic Security Assessment:

• Use DAST tools to test the security posture of an application.
• Perform thorough penetration testing and security-oriented code reviews.

‍

‍Best Practices for Developers: Assume a Secure Development Lifecycle (SDLC) integrating XSS stoppage at each point.

• Educate developers on OWASP secure coding guidelines.
• Automate scanning for vulnerabilities in CI/CD pipelines.

‍

‍Conclusion:

To reduce the potential danger of XSS, both developers and companies must be diligent in their safety initiatives, ranging from using Content Security Policies (CSP) to verifying user input. Web applications can shield consumers and the company from the subtle but long-lasting threat of Cross-Site Scripting if security controls are implemented during the web application development stage and regular vulnerability scans are conducted.

‍

References

• https://owasp.org/www-community/attacks/xss/
• https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting
• https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting
• https://www.cloudflare.com/learning/security/threats/cross-site-scripting/

‍

‍

Executive Summary:

Amid the ongoing conflict between the United States, Israel, and Iran, a video circulating widely on social media claims to show American soldiers kneeling and surrendering to Iranian forces. In the clip, several soldiers appear to be sitting on their knees in front of armed personnel, creating the impression that they have been captured on the battlefield.

The video is being shared with the claim that the Iranian military has taken US soldiers prisoner during the war.

However, an research by the CyberPeace found that the claim is false. The viral clip is not authentic and has been generated using artificial intelligence. There is no credible evidence to support the claim that American soldiers have been captured by Iranian forces.

‍

Claim

‍

A Facebook user named “News Tick” shared the video on March 12, 2026, claiming that Iran had released footage of captured US soldiers. In the clip, the soldiers can be seen kneeling while armed personnel stand around them, giving the scene a highly dramatic appearance.

• https://www.facebook.com/reel/1619184822538210 

‍

‍

Fact Check

‍

To verify the claim, we first searched the internet using relevant keywords. We found no credible reports from reputable news organizations confirming that US soldiers had been captured by Iran during the conflict. A closer examination of the video revealed several visual inconsistencies. The weapons carried by the soldiers appear unclear and oddly shaped. Additionally, the background looks unusually blurred and overly dramatic. The lighting and textures in the footage also appear artificial—common indicators of AI-generated visuals.

To confirm this suspicion, we analyzed the clip using multiple AI detection tools. The tool Hive Moderation indicated a 99% probability that the video was created using artificial intelligence.

‍

‍

‍

Further analysis using Sightengine also suggested that the video was likely AI-generated, estimating an 80% probability of AI creation.

‍

‍

Conclusion

‍

Our research shows that the viral video claiming to depict American soldiers surrendering and being captured by Iranian forces is fake. The footage has been generated using AI and does not represent a real incident.

‍