Bombshell: The Meta Data
How dark money took over the anti-trafficking and child exploitation fight to advance influence operations, technofascism, and organized crime
BLUF:
At absolute best, a number of supposed “anti-exploitation” organizations are reputation laundering the lobbying activities of tech giant Meta, which possesses a massive tech-facilitated human trafficking footprint. Yet depending on the source of the funds (and as I will demonstrate, there is ample reason to believe these funds are proceeds of not just crime but of organized crime – literally billions of dollars worth of proceeds) these organizations may be involved in money laundering enterprises as well.
Background and Context
Before we begin, let’s introduce two concepts: that of reputation laundering and money laundering.
Reputation laundering is an action in which an individual or organization performs highly visible, seemingly positive actions designed to enhance their public image and conceal their negative history. The most common example of this is hiring a PR firm to address a scandal. You’re not actually doing anything to fix the problem you’ve caused, in fact you’re able to keep doing business as usual, but you no longer get the negative publicity from your harmful actions. Reputation laundering isn’t necessarily illegal, but it is icky.
Money laundering, on the other hand, is always illegal. Money laundering is the act of obscuring the criminal origins of some proceeds and disguising it as legitimate. Let’s say I steal a bike, and then sell the bike. The money that I have from the sale of the bike are proceeds of a crime. If I were to add that money into, say, a cash register full of the proceeds of an otherwise legitimate business, that would constitute money laundering. Indeed, even depositing the proceeds into a bank account is enough to qualify as an act of laundering in the United States.
Now that we understand the technical terms, let’s continue.
The following material concerns the tech giant Meta. In 2021 I and a team that I led documented the prevalence of child trafficking on their platforms, and I presented our findings at a conference in South Africa in 2022. My team documented not only child sex trafficking, but also the recruitment of child soldiers across Meta’s platforms by the Jalisco New Generation Cartel (CNJG). Such activity is another form of human trafficking that often gets overlooked in the media’s focus on sex trafficking.
Furthermore, we showed that Meta knew all about this — and did diddly squat about it. Which tracks, given what we now know.
Before we continue much further, I want to strongly encourage those reading this to read through the aforementioned PowerPoint presentation (apparently what the kids now call a “slide deck”) that I have converted to PNG format and included below. This will help you to understand the true scope of what Meta has willingly allowed to take place on their platforms and to understand the necessary context of what we’ll be discussing here — and how Meta generated literally billions of dollars in profit by allowing it to continue.
TL;DR: simply put, big tech has helped human trafficking explode across the globe in ways it otherwise wouldn’t have, only to now present a solution that not only doesn’t fix the problem, but that actually extends their control over our data — all while appearing as though they’re trying to solve the problem. Here’s the kicker:
They’re doing it by using the very anti-trafficking and “child safety” industry that supposedly exists to help people — and they quite possibly have been doing that all along.
Obviously, there’s a huge problem with the technology-facilitated trafficking of people across the globe, especially trafficking of children. As a result, Meta has a serious PR and liability issue, not to mention the resources to actually address the problem instead of simply lobbying to bury it. The anti-trafficking and child safety industries, meanwhile, have a revenue problem. They need money to do their charitable work.
This problem was further compounded in 2025 when the Trump administration pulled all funding from these child safety organizations, including the National Center for Missing and Exploited Children, NCMEC. This sent many survivors of exploitation into panic as services and lifelines were suddenly cut, and organizations rapidly scaled back, becoming ever more dependent on private donations to even keep the most basic operations online.
One should also be aware of the alliance between the Trump junta and the big tech powers seeking to bring about technofascism. However, that is not the point I am trying to make here. What I am trying to highlight is that the potential in this environment — with increased dependency on private funds — for corruption and money laundering is enormous.
There’s a reason why I listed the 990 tax forms of many so-called “anti-trafficking” organizations, including NCOSE, in the appendices of Jörmungandr, and you’re about to see why. Many of these organizations functioned more as organized crime slush funds for influence and PSYOP operations than as traditional non-profit organizations long before the Trump regime took power, and the problem is worse now than it ever was in the past. Even otherwise well-meaning organizations and activists may turn to less-than-reputable grant sources in such an environment — sources that, at best, come with strings attached. I know of several former close colleagues who have made such deals with the devil.
Thus, I strongly encourage researchers to consult those appendices as well as Chapters 10 and 11 of the book to find additional connections — there is a strong tie to what follows and what I wrote about there and in the rest of the tome. (In particular, attention must be paid to Joe Lonsdale of Palantir fame who sits on the board of THORN, an alleged anti-sex trafficking organization that wants to “leverage” big data in the “fight against sex trafficking” — THORN is also Ashton Kutcher’s organization, which… well, eww. I’ll just leave it at that.)
The book, again, is free on the Internet Archive and wherever ebooks are sold (FYI, if you buy a paper copy off of Amazon, I still don’t make any money, but Bezos sure does).
As I also documented in Jörmungandr, these organizations also have a tendency to spend loads of money while doing absolutely nothing to address the problem they claim to care so much about, if not actively making the problem even worse. If one recalls Chapter 10 in Jörmungandr, I myself experienced this to be the case when the organization I was working in underwent “restructuring” — a long period of doing absolutely nothing, only to find out on October 8, 2023 that we, an organization concerned with forced labor and sexual exploitation, were for some reason tracking Hamas and turning them over to Mossad. Genocide, and my swift resignation, soon followed.
I also documented in Jörmungandr the right-wing agenda, if not an explicitly patriarchal White Christian supremacist agenda, that has hijacked anti-trafficking issues and concerns over “child safety” since at least the year 2000. It’s the same reason that QAnon was such an effective conspiracy theory/influence operation — the “movement,” as it was, had already been primed with the right bias, supremacist thought, savior complexes, and religious language concerned with “saving” and “rescuing” victims of trafficking.
Again, one can consider how resources supposedly dedicated to identifying and recovering victims of sex trafficking have been repurposed to “standing with Israel,” the “groomer” DARVO panic that has victimized the very population literally most susceptible to being trafficked in the first place (see Chapters 9 and 10; actually, see Chapter 11 and the post-script, given recent developments, as this is all connected), as well as the push for online age verification measures, all supposedly to “protect the children.” One begins to see that a pattern has emerged. It is this last agenda item, that of internet age verification, that we are about to discuss.
Conservatives’ top priority should be “protecting minor children from the transgender [sic] in this culture and that influence.”
- Sen. Marsha Blackburn, R-TN, Co-Author of 2023 Kids Online Safety Act (KOSA)
Given this, a brief note about NCOSE, or the National Center on Sexual Exploitation, is in order. At about the same time that one could purchase an indigenous child for a “donation” of $10 at a Catholic mission a few states away, three clergymen, predominantly also Catholic, from New York found themselves outraged by the pornography and “salacious magazines” of the day. These clergymen created the organization Operation Yorkville in 1962. The group quickly became a part of the Religious Right, which touts the founding myth of organizing around opposition to abortion, but which as I’ve previously documented has historically organized around opposition to desegregation.
Operation Yorkville rebranded itself as Morality in Media in 1968. Once Morality in Media became affiliated with the Christian Coalition, the organization stated that it would, “strongly upholds traditional family values and Judeo-Christian precepts.” By “traditional family values and Judeo-Christian precepts,” the organization obviously meant opposing same-sex partner recognitions and even anti-discrimination laws protecting LGBT+ persons.
On Evil: Epstein, Satan, and Selling Babies
“This is what our ruling class has decided will be normal.” - SrA. Aaron Bushnell
Following the 2009 mass shooting in Binghamton, Morality in Media — and I must emphasize that I am not making this up — blamed the shooting on the “driving force behind the push for ‘gay marriage’” in a report titled Connecting the Dots: The Line Between Gay Marriage and Mass Murders.
The following year, the organization advocated against sex toys of all things, which the organization likened to, and again I must note that I’m not making this up, “a cancer, a slow-moving cancer,” complaining that law enforcement was “ignoring” the problem, and calling for government intervention against the sex toy industry.
In addition to waging holy war against dildos and anti-discrimination laws, Morality in Media has long advocated against comprehensive sex education programs — you know, the only form of sex education shown to reduce sexual violence and teen birth rates, and to increase favorable outcomes — as “indecent” in favor of abstinence-only narratives.
In 2015, the organization once again rebranded as the National Center on Sexual Exploitation (NCOSE) to take advantage of the renewed interest in sexual exploitation and due to declining interest among the anti-obscenity cause, with one former president of NCOSE declaring, “the war is over and we have lost.” That same year, the organization once again declared victory as they compelled Walmart to pull issues of Cosmopolitan magazine from their check-out aisles because… umm… bad fashion tips, I guess?
While I’m once again confused as hell, this is the sort of thing the organization has long been concerned about instead of, you know, actual coercion and sex trafficking.
Again, one can see the problem that’s obvious with the anti-trafficking and “child safety” industries: they spend loads of money simply to not do anything to address the issue they claim to be against. Yet as we’ll see, this is merely the window dressing — this is what Meta’s control of the internet is being laundered as.
What’s more is that these are the so-called “experts” that I am forced to share space with. No wonder slavery is becoming more commonplace in the world despite more people than ever being aware of the problem (see chapter 4).
In fact, as I pointed out in Jörmungandr, it seems that there’s a lot of money to keep the problem from even being addressed.
Instead of addressing issues of kids mining cobalt in the Congo or entire fleets of enslaved people being forced to harvest seafood lest they be thrown overboard, these pampered do-gooders are worried about sex toys and the idea that gay people might be happy for once.
And Cosmo, for some reason.
I feel I should also note that I also have spoken with numerous survivors whose experiences and works NCOSE has used, promising payment, only to never follow through — thereby retrafficking the survivors.
As one can see, in this current risk environment, the foxes are guarding the chicken coops — much like in the environment that gave rise to Epstein. Again, everyone knows the kind of exploitation that Meta is responsible for facilitating, especially in the anti-exploitation space.
But these organizations took Meta’s money anyway.
For the record, I’m giving this background for a very specific reason: as you’ll read, we need to see if Meta (and other big tech conglomerates) had a hand in shaping SESTA/FOSTA or other legislation by laundering their lobbying efforts through similar or the exact same useful idiots.
Especially considering who their CEOs and execs dined with.
Here’s why I say that: NCOSE was one of the primary proponents of the absolutely disastrous SESTA/FOSTA legislation that has been described as “de facto hate policy” in the peer-reviewed literature. NCOSE similarly pushed the passage of the 2023 version of the Kids Online Safety Act (KOSA) co-authored by Sen. Marsha Blackburn (R-TN).
Numerous digital rights and LGBT+ advocacy organizations opposed the move, fearing for LGBT+ youth, especially given the Senator’s previously cited comments. Given the concern, the bill’s text was amended by Senator Richard Blumenthal (D-CT), resulting in a number of LGBT+ advocacy organizations dropping their opposition to the bill. The bill was expected to pass in a rare moment of bipartisanship, sailing through the Senate with 60 supporting votes. However, Mike Johnson (R-LA) stalled it’s progress in the House after NCOSE threw what can only be described as an absolute conniption fit over the the Senate’s changes to the bill.
NCOSE’s concern was over the changes to the “duty of care” provision in the bill. As per one aforecited source,
“Under the new bill text, the duty of care is clarified to focus specifically on the product design features and components that are used to keep kids hooked on their platforms, often to the detriment of the mental health and wellbeing of kids,” a spokesperson for Blumenthal’s office told the Washington Blade.
This applies to “the business model and practices of social media companies, rather than the content that is hosted on their platforms,” they said, covering “features like personalized recommendation systems, nudges, and appearance altering filters” that have been shown to harm young people.
Right there is the tell: the changes to the duty of care provision placed responsibility back upon Meta, the donor to the Digital Childhood Alliance (DCA) which has extensive organizational and leadership overlap with NCOSE, and so the bill was killed — for the children, of course. And for an extra Orwellian twist, if one notes the language carefully, one sees that those involved in killing the bill following the changes to the duty of care provision are blaming “big tech” for “gutting and co-opting” the bill — even though big tech’s lobbyists are the ones who called for it not to be passed in it’s “gutted” form.
The Money Trail
Fast forward to March 13, 2026, and a user by the name of Ok_Lingonberry3296 posted a detailed and sourced article titled, “I traced $2 billion in nonprofit grants and 45 states of lobbying records to figure out who’s behind the age verification bills. The answer involves a company that profits from your data writing laws that collect more of it” on the r/Linux Reddit subreddit. I noticed several familiar names displaying prominently in their research. Regrettably, the mods of that forum removed the post for what now remain unknown reasons.
Fortunately, as something of a whistleblower myself, already privy to firsthand experience of Reddit censorship and mod shenanigans, I kept a text copy of the post (and also backed it up to the Internet Archive), then subsequently contacted the researcher behind the Ok_Lingonberry3296 account, and got permission to reprint their findings here, unchanged (sans minor formatting issues — I’m a spy, Jim, not a programmer).
Please note that I am otherwise unafilliated with this author, and the findings that follow are not my own, and I take no credit for them. The entire research project of the author is available at https://tboteproject.com/, with all sources and evidence now available at https://tboteproject.com/git/hekate/attestation-findings.
What follows is a FININT/OSINT investigation that I would be proud to have been involved with. Enjoy, and just wait until you find out what I have on Google!
I traced $2 billion in nonprofit grants and 45 states of lobbying records to figure out who’s behind the age verification bills. The answer involves a company that profits from your data writing laws that collect more of it.
I’ve been pulling public records on the wave of “age verification” bills moving through US state legislatures. IRS 990 filings, Senate lobbying disclosures, state ethics databases, campaign finance records, corporate registries, WHOIS lookups, Wayback Machine archives. What started as curiosity about who was pushing these bills turned into documenting a coordinated influence operation that, from a privacy standpoint, is building surveillance infrastructure at the operating system level while the company behind it faces zero new requirements for its own platforms.
I want to be clear about what this is and isn’t. I am not the author of the earlier r/linux post by aaronsb and I’m not affiliated with them. I titled this to draw attention on this subreddit because the privacy implications go well beyond Linux. Every source cited here is a public record.
What the bills actually require you to hand over
Most reporting on these bills says something vague like “age checks at device setup.” The statutory language is more specific and more invasive than that.
California AB-1043, signed October 2025 and effective January 1, 2027, defines “Operating system provider” under Section 1798.500(g) as “a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.”
Every OS provider must then: provide an interface at account setup collecting a birth date or age, and expose a real-time API that broadcasts the user’s age bracket (under 13, 13 to 15, 16 to 17, 18+) to any application running on the system.
Read that again. Every app on your device gets to query a system-level API that returns your age bracket in real time. This isn’t age verification at the point of accessing restricted content. This is a persistent age-broadcasting service baked into the operating system itself, queryable by every installed application.
Colorado SB26-051 (passed the Senate 28-7, now in the House) copies the same definitions in the same order, same penalty structure ($2,500 per child for negligent violations, $7,500 for intentional ones), same exemptions. The template is the ICMEC “Digital Age Assurance Act,” and it’s been introduced or is pending in Illinois (three separate bills), New York, Kansas, South Carolina, Ohio, Georgia, Florida, and at the federal level.
New York’s S8102A goes further. It requires device manufacturers to perform “commercially reasonable and technically feasible age assurance” at device activation and explicitly bans self-reporting. The AG picks the approved methods. That means biometric age estimation or government ID verification before you can use a device you purchased.
Exemptions in all of these bills cover broadband ISPs, telecom services, and physical products. None contain any exemption for open-source software, non-commercial projects, or privacy-preserving verification methods.
The status right now:
The privacy architecture these bills create
Here’s what concerns me most from a privacy perspective. These bills don’t just verify age once. They create a persistent identity layer inside the operating system that applications can query at will.
The commercial age verification vendors who would provide this infrastructure (Yoti, Veriff, Jumio) charge $0.10 to $2.00 per check, require proprietary SDKs, demand API keys tied to commercial accounts, and operate cloud-only with no self-hosted option. Your age verification data goes to a third-party cloud service. Every time.
Compare this to what the EU built. The EU Digital Identity Wallet under eIDAS 2.0 is open-source, self-hostable, and uses zero-knowledge proofs. You can prove you’re over 18 without revealing your birth date, your name, or anything else. No per-check fees, no proprietary SDKs, no data going to a vendor’s cloud. The EU’s Digital Services Act puts age verification obligations on Very Large Online Platforms (45M+ monthly users), not on operating systems. FOSS projects that don’t act as intermediary services are explicitly outside scope. Micro and small enterprises get additional exemptions.
The US bills assume every operating system is built by a corporation with the infrastructure and revenue to absorb these costs. The EU started from the opposite assumption and built accordingly.
Who wrote the legislation
This is where it gets interesting. Rep. Kim Carver (R-Bossier City), the sponsor of Louisiana’s HB-570, publicly confirmed that a Meta lobbyist brought the legislative language directly to her. The bill as drafted required only app stores (Apple, Google) to verify user ages. It did not require social media platforms to do anything.
Meta deployed 12 lobbyists across 9 confirmed firms for this single bill, paying at least $324,992 (described as a “very conservative estimate”). The confirmed firms include Pelican State Partners (who also lobby for Roblox, letting Meta frame this as “broad industry support” rather than one company’s project), Adams and Reese LLP (the #1 ranked Louisiana government affairs firm), and State Capitol Solutions.
Nicole Lopez, Meta’s Director of Global Litigation Strategy for Youth, testified at the House Commerce Committee in support. She also testified in South Dakota for a similar bill. She’s Meta’s national point person for these laws.
HB-570 passed unanimously at every stage: House 99-0, Senate 39-0. So why did Meta need 12 lobbyists? Because the votes were never the concern. The lobbyists were there to control the text and block amendments.
The key amendment battle came from Senator Jay Morris, who expanded the bill to include app developers alongside app stores after Google’s senior director of government affairs publicly questioned why “Mark Zuckerberg is so keen on passing these bills.” When Morris introduced his amendment, Meta went silent. The conference committee compromise maintained dual responsibility but kept the primary burden on app stores, which is what Meta wanted from the start.
At that same Senate hearing, Morris directly questioned DCA Executive Director Casey Stefanski about who funds her organization. She reportedly deflected, said she “wasn’t comfortable answering,” then under continued pressure admitted tech companies provide funding but refused to name them.
The advocacy group that doesn’t legally exist
The Digital Childhood Alliance presents itself as a coalition of 50+ conservative child safety organizations (later inflated to 140+, though only six have ever been publicly named). It has been testifying in favor of these bills across states. Here is what public records show about its legal status:
I searched all four regional extracts of the IRS Exempt Organizations Business Master File (eo1 through eo4.csv), which cover every tax-exempt organization registered in the United States. DCA is not there. No EIN exists for this organization.
I also searched for incorporation records in Colorado, DC, Delaware, and Virginia, plus OpenCorporates (200M+ companies), ProPublica Nonprofit Explorer, GuideStar, and Charity Navigator. No incorporation record exists in any of them.
DCA’s domain was registered December 18, 2024 through GoDaddy with privacy protection and a four-year registration. The website was live and fully formed one day later: professional design, statistics, testimonials from Heritage Foundation and NCOSE staff, ASAA talking points already loaded. This is not a grassroots launch. This is a staging deployment of a pre-built site. 77 days later, Utah SB-142 became the first ASAA law signed in the country.
DCA processes donations through For Good (formerly Network for Good, EIN 68-0480736), which is a Donor Advised Fund. For Good explicitly states in its documentation that it serves “501(c)(3) nonprofit organizations.” DCA claims 501(c)(4) status. DCA is classified as a “Project” (ID 258136) in the For Good system, not as a standalone nonprofit. I searched all 59,736 For Good grant recipients across five years, roughly $1.73 billion in disbursements. Zero grants to DCA, DCI, NCOSE, or any related entity. The donation page appears to be cosmetic.
Bloomberg reporters exposed Meta as a DCA funder in July 2025. The Deseret News detailed the arrangement in December 2025. No version of the website, across 100+ Wayback Machine snapshots, has ever disclosed funding sources. Every blog post and testimony targets Apple and Google. Meta is never mentioned or criticized.
DCA’s leadership traces directly to NCOSE (National Center on Sexual Exploitation):
Casey Stefanski, Executive Director, spent 10 years at NCOSE as Senior Director of Global Partnerships. Unusually, she never appears on any NCOSE 990 filing as an officer, key employee, or among the five highest-compensated staff. A senior director title at a $5.4M organization for a decade with no 990 appearance suggests either below-threshold compensation, an inflated title, or something else about the arrangement.
Dawn Hawkins, DCA’s Chair, simultaneously serves as CEO of NCOSE.
John Read, DCA’s Senior Policy Advisor, spent 30 years at the DOJ Antitrust Division investigating app stores and Big Tech.
NCOSE’s own 501(c)(4) structure turns out to be complicated. Tracing Schedule R filings across four years reveals that NCOSE created “NCOSE Action” (EIN 86-2458921) as a c4 in 2021, reclassified it from c4 to c3 in 2022, then created an entirely new c4 called “Institute for Public Policy” (EIN 88-1180705) in 2023 with the same address and the same principal officer (Marcel van der Watt). By 2024 the original entity had disappeared from Schedule R entirely.
Despite NCOSE’s website describing NCOSEAction as “created by NCOSE,” and Schedule R listing the Institute as a “controlled organization,” all 19 transaction indicators between NCOSE and the Institute are marked “No.” No grants, no shared employees, no shared facilities, no reimbursements. Zero reported transactions between a parent and its own controlled c4 while staff move freely between them. Concurrently, NCOSE’s lobbying spending tripled from $78,000 to $204,000, coinciding with DCA’s launch and the ASAA legislative push.
$70M+ in super PACs, deliberately fragmented
Meta poured over $70 million into state-level super PACs and structured every one to avoid the FEC’s centralized, searchable database:
By registering every PAC at the state level rather than federally, Meta scatters filings across dozens of state ethics commission databases with different formats, different disclosure timelines, and no centralized search. Each filing is technically public. Aggregating them into a coherent picture requires manually querying each state. This is structural opacity by fragmentation.
Forge the Future’s stated policy priorities include: “Empowering parents with oversight of children’s online activities across devices and digital environments.” That is functionally identical to the ASAA framing.
Of 20 Meta-backed candidates across Texas and North Carolina primaries, 19 won (Washington Post, March 12, 2026).
The firm that bridges both tracks
This is the finding that connects two things I’d been tracking separately.
Hilltop Public Solutions, a Democratic consulting firm, shows up in three distinct contexts:
Co-leads ATEP, Meta’s $45M bipartisan super PAC
Involved in DCA’s messaging coordination, per investigative reporting
Connected to Forge the Future, the downstream Texas PAC with ASAA-aligned policy priorities
This makes Hilltop the first confirmed entity bridging Meta’s political spending operation and the DCA advocacy campaign. The firm helping Meta elect “tech-friendly” state legislators also coordinates messaging for the nominally independent grassroots organization pushing those legislators to pass ASAA.
The dark money network
Meta’s Colorado lobbying runs through Headwaters Strategies, paid $338,500 since 2019, with monthly payments jumping from roughly $5K/month to $14K-$30K/month starting July 2023 as state-level age verification bills accelerated.
Headwaters co-founder Adam Eichberg simultaneously serves as a registered Meta lobbyist in Colorado, as Chair of the Board of the New Venture Fund (the flagship entity of the Arabella Advisors network, $669M revenue), and as founding board member of the Windward Fund (another Arabella entity, $311M revenue). The Arabella network operates four entities from the same building at 1828 L Street NW, Washington DC, with combined annual revenue exceeding $1.3 billion. NVF transfers $121.3M per year to the Sixteen Thirty Fund, a 501(c)(4) with no donor disclosure requirements.
I parsed the IRS Form 990 Schedule I filings across all five Arabella entities. That’s 4,433 grants totaling approximately $2.0 billion. I searched for every child safety, age verification, and tech policy organization I could identify. Zero matches. The Schedule I grant pathway is definitively ruled out. If Meta money flows through this network, it would have to travel via fiscal sponsorship, consulting fees, or non-grant payments, which are inherently less transparent.
The Eichberg connection matters not because it proves a pipeline, but because the person receiving Meta’s lobbying payments chairs the governance structure of the largest anonymous-donor-funded advocacy network in US politics. That structural overlap is documented regardless of whether money moves through it.
The company that benefits
Meta’s own Horizon OS (powering Quest VR headsets) already has Meta Account age verification, a Get Age Category API, Family Center parental controls, Quest Store age ratings, and default minor account protections. I scored Horizon OS at 83% compliance readiness with these mandates.
Meta is not opposing these bills. In Colorado, I pulled lobbying records from the Secretary of State’s SODA API and found Meta’s four registered lobbyists on SB26-051 listed in a “Monitoring” position. Not amending, not opposing. Watching.
On every social media regulation bill in Colorado, Meta takes an “Amending” position, actively fighting changes. Across 117 lobbying records on 22 bills:
Bills regulating social media: Meta position is “Amending” (fighting)
The one bill putting the burden on OS providers: Meta position is “Monitoring” (watching)
Meta fights bills that regulate Meta. Meta watches bills that regulate everyone else.
In California, Meta spent over $1 million on state lobbying in the first three quarters of 2025 and publicly supported AB-1043, breaking ranks with its own trade associations (TechNet and Chamber of Progress both opposed it). Meta supported a bill that creates surveillance infrastructure at the OS level while leaving social media platforms untouched.
Meta’s LD-2 filings with the Senate explicitly list H.R. 3149/S. 1586, the App Store Accountability Act, as a lobbied bill. The filing narrative includes “protecting children, bullying prevention and online safety; youth safety and federal parental approval; youth restrictions on social media.” In the same filing, Meta also lobbies on KOSA and COPPA 2.0, which would regulate Meta directly. Meta supports the bill that burdens its competitors and lobbies to weaken the bills that burden itself. Both positions appear in the same quarterly disclosure.
The privacy questions
I’ve tried to present findings here, not conclusions. But from a privacy standpoint:
Why does the company that profits from collecting user data draft legislation requiring every operating system to collect age data and broadcast it to every installed application via a system-level API?
Why do these bills mandate commercial age verification vendors (Yoti, Veriff, Jumio) whose business model is collecting biometric data, while the EU’s equivalent uses open-source zero-knowledge proofs that reveal nothing beyond “over 18”?
Why is there no data minimization requirement in any of these bills for the age verification data itself? AB-1043 creates a persistent age signal API. Who governs what happens to the data flowing through it?
Why does Meta fund an advocacy group with no legal existence in the IRS system to push legislation that creates new data collection infrastructure at a layer below Meta’s own products, while Meta faces zero new requirements?
Why does the company whose lobbyist drafted one of these bills write it to specifically exclude social media platforms from the age verification mandate?
If the goal is child safety, why regulate the operating system, which has no direct contact with children, instead of the social media platforms where the documented harm occurs?
What you can do
If you’re in CO, IL, or NY, these bills are still in committee. Comment on the record. System76’s CEO met with the Colorado bill’s sponsor on March 9 and the sponsor suggested excluding open-source software. The conversation is happening now.
Contact the EFF, FSF, and Software Freedom Conservancy with the specific statutory language and compliance gap numbers. They need to know these definitions cover volunteer-maintained software with no exemption.
Read the actual bill text. CA AB-1043 is searchable on leginfo.legislature.ca.gov. CO SB26-051 is on leg.colorado.gov. The definitions are what matter, not the news summaries.
If you maintain software that could be classified as an “operating system provider” under these definitions, start thinking about your response now. CA AB-1043 takes effect January 1, 2027. Louisiana HB-570 takes effect July 1, 2026.
Sources (all public records)
Bill text: CA AB-1043 (Chapter 675, leginfo.legislature.ca.gov), CO SB26-051 (leg.colorado.gov), LA HB-570 Act 481 of 2025 (legis.la.gov), NY S8102A (nysenate.gov), TX SB-2420, UT SB-142 (le.utah.gov)
Federal lobbying: OpenSecrets Meta profile (opensecrets.org, client ID D000033563), Senate LDA filing UUID b73445ed-15e5-42e7-a1e8-aeb224755267
Colorado lobbying: CO Secretary of State SODA API (data.colorado.gov, datasets vp65-spyn, dxfk-9ifj, df5p-p6jt)
Louisiana lobbying: LA Board of Ethics, F Minus database (fminus.org/clients/pelican-state-partners-llc/, fminus.org/clients/meta-platforms-inc/)
California lobbying: CalAccess (cal-access.sos.ca.gov), Bloomberg Government
Super PACs: Forge the Future (texasforgefuturepac.com), Texas Ethics Commission, Illinois State Board of Elections, Politico (Feb 2, 2026), Washington Post (Mar 12, 2026)
DCA records: WHOIS/RDAP (rdap.org), Wayback Machine CDX API (100+ snapshots), IRS EO BMF (eo1-eo4.csv), OpenCorporates, ProPublica, GuideStar
NCOSE: IRS Form 990 FY2020-FY2024 including Schedule R; NCOSEAction/Institute for Public Policy (EIN 88-1180705); original NCOSE Action (EIN 86-2458921) via Schedule R history
For Good/Network for Good: forgood.org, DCA donation page source (targetable_type=Project, targetable_id=258136), For Good 990s via ProPublica (EIN 68-0480736, 59,736 recipients searched)
IRS 990 filings: ProPublica Nonprofit Explorer: NVF (EIN 20-5806345), STF 2024 (sixteenthirtyfund.org), DCI (EIN 39-3684798), Windward, Hopewell, North Fund, NCOSE (EIN 13-2608326), ConnectSafely (EIN 47-3168168)
Campaign finance: CO TRACER bulk data (tracer.sos.colorado.gov), FollowTheMoney.org, FEC API (Meta PAC C00502906)
Reporting: Bloomberg (July 2025), Deseret News (Dec 2025), The Center Square, ACT | The App Association, Dome Politics, Pluribus News, Nola.com, Privacy Daily
EU framework: EUR-Lex (Digital Services Act, eIDAS 2.0 Regulation), EUDIW GitHub repository, T-Scy consortium
Technical: freedesktop.org, GNOME/KDE documentation, Meta developer docs (developer.meta.com/horizon)
Full dataset, OSINT tasklist, and all processed findings are published with sources embedded in each file:
github.com/upper-up/meta-lobbying-and-other-findings
This is an ongoing investigation. Pending: Texas Ethics Commission records for Forge the Future expenditure recipients, NCOSEAction’s first 990 filing, IRS Form 8872 for ATEP, and FOIA responses from Colorado and Louisiana. If you have access to lobbying data from states I haven’t covered (IL, NY, UT, GA), I’d appreciate a heads up.
I am not claiming Meta wrote every one of these bills. Louisiana is confirmed by the sponsor; the others use a shared ICMEC template. I am not claiming there is a direct Arabella-to-DCA funding pipeline; I checked $2 billion in grants and found no evidence. I am not claiming child safety isn’t a legitimate concern. What I am documenting is: the company whose lobbyist drafted HB-570 wrote it to exclude its own platforms; the advocacy group pushing these bills nationally has no legal existence and is confirmed funded by Meta; the same consulting firm bridges Meta’s super PAC and DCA’s messaging; none of these bills exempt open-source or non-commercial software while the EU equivalent does; and the mandatory age-signal API creates persistent surveillance infrastructure at the OS level with no data minimization requirements. The records are above. Draw your own conclusions.
This section documents what happened when this investigation was posted to Reddit, and provides context on Meta’s documented history of using astroturfing, coordinated reporting, and platform manipulation to suppress unfavorable content.
What happened
The original version of this investigation was posted to r/linux, where it was mass reported and pulled down pending moderator review (150 upvotes, roughly 15k views before being pulled down some 40 minutes after being posted)
The content that was suppressed names Meta lobbying firms, traces documented payments, cites Senate LD-2 filings, and links to IRS records. It identifies Hilltop Public Solutions as the first confirmed entity bridging Meta’s $45M super PAC and the DCA astroturf campaign. This is the kind of content that a well-resourced actor would have reason to suppress.
I cannot prove the mass reports were coordinated rather than organic. That is the point of the tactic: Reddit’s infrastructure makes it impossible to distinguish genuine community objections from manufactured ones, and it rewards the behavior either way by automatically removing the content.
Meta has done this before
In March 2022, the Washington Post reported that Meta hired Targeted Victory, one of the largest Republican consulting firms in the country, to run a nationwide astroturfing campaign against TikTok. Internal emails obtained by the Post showed the campaign:
Placed op-eds and letters to the editor in regional news outlets across the country, none of which disclosed the connection to Meta or Targeted Victory
Promoted stories about dangerous TikTok “trends” that had actually originated on Facebook
Pushed local politicians and political reporters to frame TikTok as a threat to children
In an internal email, a campaign director wrote that the “dream would be to get stories with headlines like ‘From dances to danger: how TikTok has become the most harmful social media space for kids’”
Meta’s spokesman defended the campaign by saying “all platforms should face a level of scrutiny consistent with their growing success.” Meta did not deny hiring the firm or directing the campaign. The story was confirmed by the Washington Post, Fortune, Variety, CBS News, Engadget, Tortoise Media, the Boston Globe, and Techdirt, among others.
This is not speculation about what Meta might do. This is what Meta has been publicly documented doing: hiring firms to plant stories, manufacture public concern about competitors using child safety as the framing, and conceal the corporate origin of the messaging. The Targeted Victory campaign and the DCA campaign use the same playbook: fund an outside entity to push messaging that serves Meta’s commercial interests while hiding Meta’s involvement.
Reddit’s bot and astroturfing problem is structural
Research published in Nature (Scientific Reports) documented coordinated political astroturfing patterns across platforms including Reddit. A separate study found that at least 15% of content in surveyed subreddits was posted by corporate trolls or bot accounts designed to manipulate public opinion.
Since June 2025, bot networks have been systematically exploiting Reddit and Meta’s own moderation systems through mass reporting. Thousands of legitimate Facebook groups were deleted after coordinated bot reports triggered automated enforcement. The same mass-reporting tactic works on Reddit: a small number of accounts can file reports, trigger automated removal, and flag the poster’s account for site-wide spam filtering, all without engaging with the content.
Venture-backed firms like Doublespeed now offer astroturfing-as-a-service across Reddit, TikTok, and Instagram, operating physical phone farms to bypass platform detection. The infrastructure for suppressing content through coordinated inauthentic behavior is commercially available.
What this means for this investigation
Meta spent $26.3 million on federal lobbying in 2025 and deployed 86+ lobbyists across 45 states. It funded a nationally active advocacy group (DCA) with no legal existence in the IRS system. It hired Hilltop Public Solutions to simultaneously run its $45M super PAC and coordinate DCA’s messaging. It previously hired Targeted Victory to run a covert astroturfing campaign against TikTok using child safety as the narrative frame.
This investigation documents all of that with primary sources. A post containing those findings was mass reported on Reddit within hours and suppressed site-wide by automated systems. Whether the reports were organic or coordinated, the outcome is the same: the content was removed from the platform where Meta has both the motive and the documented capability to suppress it.
The research is published in a git repository with every source embedded. It does not depend on Reddit’s infrastructure to survive.
Sources
Washington Post, “Facebook paid Republican strategy firm to malign TikTok” (March 30, 2022): https://www.washingtonpost.com/technology/2022/03/30/facebook-tiktok-targeted-victory/
Fortune, “Meta paid a Republican consulting firm to turn the public against TikTok” (March 31, 2022): https://fortune.com/2022/03/31/facebook-meta-paid-republican-consulting-firm-targeted-victory-turn-public-opinion-against-tiktok/
Variety, “Facebook Parent Company Defends Its PR Campaign to Portray TikTok as Threat to American Children” (March 31, 2022): https://variety.com/2022/digital/news/meta-facebook-tiktok-pr-campaign-1235218866/
Techdirt, “Facebook-Hired PR Firm Coordinated Anti-TikTok Campaign To Spread Bogus Moral Panics” (March 31, 2022): https://www.techdirt.com/2022/03/31/facebook-hired-pr-firm-coordinated-anti-tiktok-campaign-to-spread-bogus-moral-panics/
Tortoise Media, “Meta ‘astroturfed’ TikTok” (April 5, 2022): https://www.tortoisemedia.com/2022/04/05/meta-astroturfed-tiktok
CBS News, “Report: Facebook Hired PR Firm To Smear TikTok”: https://www.cbsnews.com/sanfrancisco/news/report-facebook-hired-pr-firm-to-smear-tiktok/
Engadget, “Meta reportedly paid political consultants to smear TikTok”: https://www.engadget.com/meta-targeted-victory-tiktok-smear-campaign-133139892.html
Boston Globe, “Facebook paid GOP firm to malign TikTok, internal e-mails reveal” (March 30, 2022): https://www.bostonglobe.com/2022/03/30/business/facebook-paid-gop-firm-malign-tiktok-internal-e-mails-reveal/
Georgetown Free Speech Project, “Facebook hires GOP consulting firm to smear rival TikTok”: https://freespeechproject.georgetown.edu/tracker-entries/facebook-hires-gop-consulting-firm-in-dc-area-to-smear-rival-tiktok/
Nature Scientific Reports, “Coordination patterns reveal online political astroturfing across the world” (2022): https://www.nature.com/articles/s41598-022-08404-9
Medium/HR News, “Study: At Least 15% of All Reddit Content is Corporate Trolls”: https://medium.com/@hrnews1/study-at-least-15-of-all-reddit-content-is-corporate-trolls-trying-to-manipulate-public-opinion-49cb302c26a5
TechCrunch, “Facebook Group admins complain of mass bans” (June 24, 2025): https://techcrunch.com/2025/06/24/facebook-group-admins-complain-of-mass-bans-meta-says-its-fixing-the-problem/
YNet News, “Public opinion for sale: The new startup causing a storm” (Doublespeed): https://www.ynetnews.com/tech-and-digital/article/hyraenbmzx
Meta Transparency Center, “Inauthentic Behavior” policy: https://transparency.meta.com/policies/community-standards/inauthentic-behavior/
The Hacker News, “Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan” (May 2025): https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html
Following this post, the author posted an update early in the morning of March 14, 2026 in the same subreddit. It was visible for awhile, but is now “awaiting moderator approval,” and has been since then. The Internet Archive backup is here. The full text follows.
[UPDATE] I pulled IRS filings for the org that wrote Meta's model legislation, queried Brazil's congressional API, and cross-referenced lobbying firms across two continents. Meta's operation is global. Also: all findings are now public at tboteproject.com
TL;DR: Four new findings. (1) ICMEC, the nonprofit that authored Meta's preferred age verification model bill, is $2.28 million in debt and kept alive by board member loans totaling $1.1M, yet produced a full legislative toolkit aligned with Meta's lobbying position. Meta is a confirmed $25K+ donor. (2) ConnectSafely's $100K/year UK wire most likely goes to Childnet International, a co-member of Meta's Safety Advisory Board since 2009. The UK Charity Commission is currently investigating Childnet for censoring young ambassadors who criticized a funder. (3) Meta sent a named representative to two Brazilian congressional hearings on the Digital ECA, invited directly by the bill's rapporteur. (4) Three of Meta's EU lobbying firms also operate in the US, but Meta keeps its child safety lobbying completely compartmentalized from its international operations. The full investigation, all source documents, and the research repository are now public at
Everything is at https://tboteproject.com
The repository can be found at https://tboteproject.com/git/hekate/attestation-findings
What I Did
Follow-up to my previous posts about Meta's $26.3M federal lobbying operation, the DCA exposure, ConnectSafely's 9-year donor concealment, and the Heritage Foundation pipeline. This round focused on international connections: who funds the organizations writing the model legislation, where ConnectSafely's UK money goes, and whether Meta's US influence playbook extends to Brazil and Europe.
1. ICMEC Is Nearly Insolvent and Meta Funds It
ICMEC (International Centre for Missing & Exploited Children, EIN 22-3630133) authored the Digital Age Assurance Act (DAAA), the model bill that shifts age verification from social media platforms to device and OS manufacturers. Meta is a confirmed $25K+ donor.
I pulled three years of ICMEC's 990 XML filings (2022-2024).
Financial picture:
Negative net assets every year, getting worse. Revenue down 24% year over year. Headcount dropped from 21 to 13.
Their 2024 audit flagged "substantial doubts regarding the organization's ability to meet financial obligations."
Board members are personally loaning money to keep it running:
With $1.1M in board loans and negative $2.28M net assets, ICMEC still managed to produce model legislation, a constitutional analysis, a technical whitepaper, FAQs, a dedicated website (ageverificationpolicy.org), Virginia General Assembly testimony, and co-sponsorship of California AB-1043. All in 2024-2025.
Their largest expense category: "Other professional fees" at $952K. That money paid for the DAAA policy work.
No external grants anywhere in the filings. No Schedule I filed in any year. The only outgoing money goes to ICMEC's own Singapore subsidiary ($170-206K/year).
ICMEC Australia Ltd holds $13.9M in assets. The parent holds $1.05M. ICMEC loaned $868K to the Australian subsidiary in 2023. The filings do not explain why the subsidiary has 13x the parent's assets.
Sources: ProPublica Nonprofit Explorer (990 XML object IDs: 202513219349317586, 202433209349302068, 202303179349304730), ICMEC supporters page, ageverificationpolicy.org
2. ConnectSafely's $100K UK Wire Goes to a Meta Safety Advisory Board Partner
In the last post I reported that ConnectSafely wires $100,000/year to an unnamed UK organization. IRS Schedule F Part II does not require naming foreign grant recipients.
The most likely recipient is Childnet International (UK Charity 1080173).
Facebook created a Safety Advisory Board in December 2009 with five founding members. ConnectSafely and Childnet were two of them. Seventeen years on the same board. Both serve as national Safer Internet Day coordinators in their respective countries. Their CEOs (Larry Magid and Will Gardner) have a direct working relationship. The 990 describes the grant purpose as supporting "an international organization with similar goals." Childnet's mission matches ConnectSafely's almost word for word.
Childnet's total income is GBP 738K. A GBP 80K grant covers about 11% of their revenue.
FOSI UK (Charity 1095268), the third Safety Advisory Board member with UK operations, is a secondary candidate. FOSI dissolved in February 2024, ruling it out for the 2024 grant but not the earlier two.
The Pershing Square Foundation gave ConnectSafely exactly $100,000 in 2023 for "General Support of Image-Based Abuse Work." $100K in from Pershing Square. $100K out to the UK.
Sources: ProPublica Nonprofit Explorer (ConnectSafely 990 XML, 2017-2024), UK Charity Commission Register, Companies House
3. Childnet Is Under Investigation
If ConnectSafely sends $100K/year to Childnet, what does Childnet advocate?
Childnet has never taken a public position on device-level vs. platform-level age verification. They sit on both Meta's Safety Advisory Council and the UK Council for Internet Safety, and they have said nothing on the central policy question Meta spends millions to influence.
In January 2026, Childnet signed a joint statement (42 signatories) opposing under-16 social media bans. That statement calls for "a requirement on **platforms** to use highly effective age assurance." Platform-level verification runs opposite to Meta's position.
The Charity Commission is currently assessing concerns about Childnet. In 2024, Childnet censored young ambassadors' critical comments about Snapchat (a Childnet funder) at Safer Internet Day. The line they cut: "Social media companies are in bed with the very same psychology used to exploit gambling victims." Baroness Spielman, Baroness Jenkin, and Neil O'Brien MP signed an open letter calling for an investigation and suspension of Safer Internet Day.
Meta is also listed as a Tier 2 supporter on Childnet's website, separate from whatever arrives through ConnectSafely.
Two funding channels from Meta to the same UK charity. Childnet's public positions do not match Meta's preferred policy. The value to Meta appears to be maintaining a seat at the UK child safety table, not directing specific advocacy.
Sources: Childnet International annual accounts (year ending March 2025), UK Charity Commission, childnet.com, joint statement on social media age bans (January 2026)
4. Meta's Representative Appeared at Brazilian Congressional Hearings
Brazil's Digital ECA (PL 2628/2022, enacted as Lei 15.325/2025) takes effect **March 17, 2026**. Compliance burden falls on platforms directly. Self-declaration banned for age verification. Parental consent required for minors under 16. Fines up to 10% of Brazilian revenue.
I queried the Brazilian Chamber of Deputies open data API (dadosabertos.camara.leg.br).
Five public hearings across the Senate and Chamber. **Tais Niffinegger**, Meta's "Manager of Public Policy for Safety and Well-being," appeared at two:
The Chamber hearing where Meta appeared was framed as "digital education, parental controls and inclusion." Softest framing of the five. The bill's rapporteur, **Dep. Jadyel Alencar**, personally invited Niffinegger (REQ 9/2025). Deputies Marangoni and Cleber Verde filed requests to add Google and the Entertainment Software Association; their justification language mirrors industry talking points.
The bill passed. Industry lobbying stripped the loot box ban from the Chamber version. The Senate put it back in the final text.
Hearing 3: "Digital Education, Parental Controls and Inclusion" - June 11, 2025
Event ID: 76693 Time: 3:30 PM - 8:08 PM Location: Anexo II, Plenário 11 Request: REQ 9/2025 CCOM (by Dep. Jadyel Alencar) Video: https://web.archive.org/web/20260314074025/
Invited Speakers (10 confirmed):
* Roberta Rios - Manager of Public Policy, GOOGLE
* Taís Niffinegger - Manager of Public Policy, META
* Others listed in repository files
Sources: Brazilian Chamber of Deputies API (dadosabertos.camara.leg.br/api/v2), event IDs and REQ documents from API responses
5. Meta Keeps International and US Child Safety Lobbying Completely Separate
I cross-referenced Meta's 18 EU retained lobbying firms against US lobbying registrations.
Three firms confirmed operating for Meta in both jurisdictions:
None of these firms touch child safety or age verification for Meta. The child safety lobbying runs through entirely separate state-level firms: Headwaters in Colorado, Pelican State Partners in Louisiana. None of Meta's US federal lobbying firms (Avoq, Mindset, Blue Mountain) have EU operations.
International regulatory work (AI Act, DSA, DMA) goes through global firms. Age verification lobbying goes through state-level specialists with no international footprint. Two separate networks, no overlap.
Sources: EU Transparency Register via LobbyFacts.eu, OpenSecrets, Senate LDA filings, firm websites
The Global Picture
30+ jurisdictions introduced age verification legislation within 18 months (October 2024 to March 2026). Meta spends EUR 10 million per year on EU lobbying. 30 lobbyists. 18+ consulting firms. 277 European Commission meetings over a decade, including meetings specifically on "Children on internet protection" and "Minor protection online."
RSF (Reporters Without Borders) documented **2,977 lobbying actions** by Meta and Google across 10+ countries. Same playbook everywhere: astroturfing, revolving door hiring, front groups, disinformation. In Brazil, former President Michel Temer acted as an intermediary for big tech. Meta ran paid ads falsely claiming regulation would "ban the Bible."
Meta failed to shift the compliance burden outside the US. The ASAA puts verification on app stores and devices. In Brazil, the EU, UK, and Australia, the burden falls on platforms directly. The ASAA playbook worked in four US states. It worked nowhere else.
Sources: Corporate Europe Observatory, LobbyFacts.eu, RSF/Agencia Publica cross-country investigation, HRW, IAPP, EFF
All Findings Are Now Public and Off Big-Tech Platforms
Everything is at
The repository can be found at https://tboteproject.com/git/hekate/attestation-findings
The research repository contains all source documents, IRS 990 analyses, state lobbying data, API query results, and disclosure PDFs. Every finding sourced from public records: IRS filings, state lobbying disclosures, PAC filings, campaign finance databases, corporate registries, congressional APIs, EU transparency registers, UK charity filings, and archived websites.
You are free to fork, clone, or otherwise share these files. I encourage you to email your favorite YouTubers or forward it to trust worthy media.
What’s Next
* March 16, 2026: February monthly disclosures due in Colorado, the first filings covering SB26-051 activity
* March 17, 2026: Brazil's Digital ECA takes effect
* CORA and FOIA responses pending from Colorado SOS, Colorado AG, and Louisiana Ethics Board
* Still needed: DCA fiscal sponsor confirmation, Casey Stefanski's NCOSE "Global Partnerships" role, bill text comparison across jurisdictions
Sources (all public records)
* IRS 990 filings: ProPublica Nonprofit Explorer (ICMEC 2022-2024, ConnectSafely 2017-2024)
* UK Charity Commission: Childnet International (1080173), FOSI UK (1095268)
* Brazil: Chamber of Deputies API (dadosabertos.camara.leg.br)
* EU lobbying: LobbyFacts.eu, Corporate Europe Observatory, EU Transparency Register
* Cross-country investigation: RSF, Agencia Publica, CLIP
* US lobbying: OpenSecrets, Senate LDA filings, Colorado SOS, Texas Ethics Commission
* Reporting: Bloomberg, HRW, IAPP, EFF, Biometric Update
* All other sources can be found on the repository